On 02/17/2017 12:55 AM, Jarkko Sakkinen wrote: > Added an ability to virtualize TPM commands into an isolated context > that we call a TPM space because the word context is already heavily > used in the TPM specification. Both the handle areas and bodies (where > necessary) are virtualized. > > The mechanism works by adding a new parameter struct tpm_space to the > tpm_transmit() function. This new structure contains the list of virtual > handles and a buffer of page size (currently) for backing storage. > > When tpm_transmit() is called with a struct tpm_space instance it will > execute the following sequence: > > 1. Take locks. > 2. Load transient objects from the backing storage by using ContextLoad > and map virtual handles to physical handles. > 3. Perform the transaction. > 4. Save transient objects to backing storage by using ContextSave and > map resulting physical handle to virtual handle if there is such. > > This commit does not implement virtualization support for hmac and > policy sessions. >
If I have understood discussions correctly, I assume, that kernel TPM operations will also be routed via RM. And I think that is not happening now with these patches. Am I missing something ? Thanks & Regards, - Nayna > Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> > --- > drivers/char/tpm/Makefile | 2 +- > drivers/char/tpm/tpm-chip.c | 7 + > drivers/char/tpm/tpm-dev.c | 2 +- > drivers/char/tpm/tpm-interface.c | 68 +++--- > drivers/char/tpm/tpm-sysfs.c | 2 +- > drivers/char/tpm/tpm.h | 26 ++- > drivers/char/tpm/tpm2-cmd.c | 33 +-- > drivers/char/tpm/tpm2-space.c | 431 > +++++++++++++++++++++++++++++++++++++++ > 8 files changed, 520 insertions(+), 51 deletions(-) > create mode 100644 drivers/char/tpm/tpm2-space.c > > diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile > index 3d386a8..8f07fcf 100644 > --- a/drivers/char/tpm/Makefile > +++ b/drivers/char/tpm/Makefile > @@ -3,7 +3,7 @@ > # > obj-$(CONFIG_TCG_TPM) += tpm.o > tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \ > - tpm1_eventlog.o tpm2_eventlog.o > + tpm1_eventlog.o tpm2_eventlog.o tpm2-space.o > tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o > tpm-$(CONFIG_OF) += tpm_of.o > obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o > diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c > index c406343..993b9ae 100644 > --- a/drivers/char/tpm/tpm-chip.c > +++ b/drivers/char/tpm/tpm-chip.c > @@ -128,6 +128,7 @@ static void tpm_dev_release(struct device *dev) > mutex_unlock(&idr_lock); > > kfree(chip->log.bios_event_log); > + kfree(chip->work_space.context_buf); > kfree(chip); > } > > @@ -189,6 +190,12 @@ struct tpm_chip *tpm_chip_alloc(struct device *pdev, > chip->cdev.owner = THIS_MODULE; > chip->cdev.kobj.parent = &chip->dev.kobj; > > + chip->work_space.context_buf = kzalloc(PAGE_SIZE, GFP_KERNEL); > + if (!chip->work_space.context_buf) { > + rc = -ENOMEM; > + goto out; > + } > + > return chip; > > out: > diff --git a/drivers/char/tpm/tpm-dev.c b/drivers/char/tpm/tpm-dev.c > index 02a8850..414553b 100644 > --- a/drivers/char/tpm/tpm-dev.c > +++ b/drivers/char/tpm/tpm-dev.c > @@ -147,7 +147,7 @@ static ssize_t tpm_write(struct file *file, const char > __user *buf, > mutex_unlock(&priv->buffer_mutex); > return -EPIPE; > } > - out_size = tpm_transmit(priv->chip, priv->data_buffer, > + out_size = tpm_transmit(priv->chip, NULL, priv->data_buffer, > sizeof(priv->data_buffer), 0); > > tpm_put_ops(priv->chip); > diff --git a/drivers/char/tpm/tpm-interface.c > b/drivers/char/tpm/tpm-interface.c > index 20b1fe3..db5ffe9 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -376,11 +376,12 @@ static bool tpm_validate_command(struct tpm_chip *chip, > const u8 *cmd, > * 0 when the operation is successful. > * A negative number for system errors (errno). > */ > -ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, size_t bufsiz, > - unsigned int flags) > +ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, > + u8 *buf, size_t bufsiz, unsigned int flags) > { > - const struct tpm_output_header *header = (void *)buf; > - ssize_t rc; > + struct tpm_output_header *header = (void *)buf; > + int rc; > + ssize_t len = 0; > u32 count, ordinal; > unsigned long stop; > > @@ -406,10 +407,14 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 > *buf, size_t bufsiz, > if (chip->dev.parent) > pm_runtime_get_sync(chip->dev.parent); > > + rc = tpm2_prepare_space(chip, space, ordinal, buf); > + if (rc) > + goto out; > + > rc = chip->ops->send(chip, (u8 *) buf, count); > if (rc < 0) { > dev_err(&chip->dev, > - "tpm_transmit: tpm_send: error %zd\n", rc); > + "tpm_transmit: tpm_send: error %d\n", rc); > goto out; > } > > @@ -442,18 +447,23 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 > *buf, size_t bufsiz, > goto out; > > out_recv: > - rc = chip->ops->recv(chip, (u8 *) buf, bufsiz); > - if (rc < 0) { > + len = chip->ops->recv(chip, (u8 *) buf, bufsiz); > + if (len < 0) { > dev_err(&chip->dev, > - "tpm_transmit: tpm_recv: error %zd\n", rc); > + "tpm_transmit: tpm_recv: error %d\n", rc); > + rc = len; > goto out; > - } else if (rc < TPM_HEADER_SIZE) { > + } else if (len < TPM_HEADER_SIZE) { > rc = -EFAULT; > goto out; > } > > - if (rc != be32_to_cpu(header->length)) > + if (len != be32_to_cpu(header->length)) { > + rc = -EFAULT; > goto out; > + } > + > + rc = tpm2_commit_space(chip, space, ordinal, buf, &len); > > out: > if (chip->dev.parent) > @@ -461,7 +471,7 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 > *buf, size_t bufsiz, > > if (!(flags & TPM_TRANSMIT_UNLOCKED)) > mutex_unlock(&chip->tpm_mutex); > - return rc; > + return rc ? rc : len; > } > > /** > @@ -480,15 +490,16 @@ ssize_t tpm_transmit(struct tpm_chip *chip, const u8 > *buf, size_t bufsiz, > * A negative number for system errors (errno). > * A positive number for a TPM error. > */ > -ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *buf, > - size_t bufsiz, size_t min_rsp_body_length, > - unsigned int flags, const char *desc) > +ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, > + const void *buf, size_t bufsiz, > + size_t min_rsp_body_length, unsigned int flags, > + const char *desc) > { > const struct tpm_output_header *header = buf; > int err; > ssize_t len; > > - len = tpm_transmit(chip, (const u8 *)buf, bufsiz, flags); > + len = tpm_transmit(chip, space, (u8 *)buf, bufsiz, flags); > if (len < 0) > return len; > > @@ -541,7 +552,7 @@ ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, > cap_t *cap, > tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); > tpm_cmd.params.getcap_in.subcap = cpu_to_be32(subcap_id); > } > - rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, > + rc = tpm_transmit_cmd(chip, NULL, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, > min_cap_length, 0, desc); > if (!rc) > *cap = tpm_cmd.params.getcap_out.cap; > @@ -565,7 +576,8 @@ static int tpm_startup(struct tpm_chip *chip, __be16 > startup_type) > start_cmd.header.in = tpm_startup_header; > > start_cmd.params.startup_in.startup_type = startup_type; > - return tpm_transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE, 0, > + return tpm_transmit_cmd(chip, NULL, &start_cmd, > + TPM_INTERNAL_RESULT_SIZE, 0, > 0, "attempting to start the TPM"); > } > > @@ -722,8 +734,8 @@ static int tpm_continue_selftest(struct tpm_chip *chip) > struct tpm_cmd_t cmd; > > cmd.header.in = continue_selftest_header; > - rc = tpm_transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 0, 0, > - "continue selftest"); > + rc = tpm_transmit_cmd(chip, NULL, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, > + 0, 0, "continue selftest"); > return rc; > } > > @@ -743,7 +755,7 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, > u8 *res_buf) > > cmd.header.in = pcrread_header; > cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); > - rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, > + rc = tpm_transmit_cmd(chip, NULL, &cmd, READ_PCR_RESULT_SIZE, > READ_PCR_RESULT_BODY_SIZE, 0, > "attempting to read a pcr value"); > > @@ -855,7 +867,7 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 > *hash) > cmd.header.in = pcrextend_header; > cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); > memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE); > - rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, > + rc = tpm_transmit_cmd(chip, NULL, &cmd, EXTEND_PCR_RESULT_SIZE, > EXTEND_PCR_RESULT_BODY_SIZE, 0, > "attempting extend a PCR value"); > > @@ -960,8 +972,8 @@ int tpm_send(u32 chip_num, void *cmd, size_t buflen) > if (chip == NULL) > return -ENODEV; > > - rc = tpm_transmit_cmd(chip, cmd, buflen, 0, 0, "attempting tpm_cmd"); > - > + rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, > + "attempting tpm_cmd"); > tpm_put_ops(chip); > return rc; > } > @@ -1062,16 +1074,16 @@ int tpm_pm_suspend(struct device *dev) > cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); > memcpy(cmd.params.pcrextend_in.hash, dummy_hash, > TPM_DIGEST_SIZE); > - rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, > - EXTEND_PCR_RESULT_BODY_SIZE, 0, > + rc = tpm_transmit_cmd(chip, NULL, &cmd, EXTEND_PCR_RESULT_SIZE, > + EXTEND_PCR_RESULT_BODY_SIZE, 0, > "extending dummy pcr before suspend"); > } > > /* now do the actual savestate */ > for (try = 0; try < TPM_RETRY; try++) { > cmd.header.in = savestate_header; > - rc = tpm_transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, 0, > - 0, NULL); > + rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE, > + 0, 0, NULL); > > /* > * If the TPM indicates that it is too busy to respond to > @@ -1154,7 +1166,7 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max) > tpm_cmd.header.in = tpm_getrandom_header; > tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); > > - err = tpm_transmit_cmd(chip, &tpm_cmd, > + err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, > TPM_GETRANDOM_RESULT_SIZE + num_bytes, > offsetof(struct tpm_getrandom_out, > rng_data), > diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c > index 2f596d7..55405db 100644 > --- a/drivers/char/tpm/tpm-sysfs.c > +++ b/drivers/char/tpm/tpm-sysfs.c > @@ -40,7 +40,7 @@ static ssize_t pubek_show(struct device *dev, struct > device_attribute *attr, > struct tpm_chip *chip = to_tpm_chip(dev); > > tpm_cmd.header.in = tpm_readpubek_header; > - err = tpm_transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, > + err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, READ_PUBEK_RESULT_SIZE, > READ_PUBEK_RESULT_MIN_BODY_SIZE, 0, > "attempting to read the PUBEK"); > if (err) > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > index 0ec1cf0..97e48a4 100644 > --- a/drivers/char/tpm/tpm.h > +++ b/drivers/char/tpm/tpm.h > @@ -89,10 +89,13 @@ enum tpm2_structures { > }; > > enum tpm2_return_codes { > + TPM2_RC_SUCCESS = 0x0000, > TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ > + TPM2_RC_HANDLE = 0x008B, > TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ > TPM2_RC_DISABLED = 0x0120, > TPM2_RC_TESTING = 0x090A, /* RC_WARN */ > + TPM2_RC_REFERENCE_H0 = 0x0910, > }; > > enum tpm2_algorithms { > @@ -114,6 +117,7 @@ enum tpm2_command_codes { > TPM2_CC_CREATE = 0x0153, > TPM2_CC_LOAD = 0x0157, > TPM2_CC_UNSEAL = 0x015E, > + TPM2_CC_CONTEXT_LOAD = 0x0161, > TPM2_CC_CONTEXT_SAVE = 0x0162, > TPM2_CC_FLUSH_CONTEXT = 0x0165, > TPM2_CC_GET_CAPABILITY = 0x017A, > @@ -128,6 +132,7 @@ enum tpm2_permanent_handles { > }; > > enum tpm2_capabilities { > + TPM2_CAP_HANDLES = 1, > TPM2_CAP_COMMANDS = 2, > TPM2_CAP_PCRS = 5, > TPM2_CAP_TPM_PROPERTIES = 6, > @@ -153,6 +158,11 @@ enum tpm2_cc_attrs { > > #define TPM_PPI_VERSION_LEN 3 > > +struct tpm_space { > + u32 context_tbl[3]; > + u8 *context_buf; > +}; > + > enum tpm_chip_flags { > TPM_CHIP_FLAG_TPM2 = BIT(1), > TPM_CHIP_FLAG_IRQ = BIT(2), > @@ -211,6 +221,7 @@ struct tpm_chip { > char ppi_version[TPM_PPI_VERSION_LEN + 1]; > #endif /* CONFIG_ACPI */ > > + struct tpm_space work_space; > u32 nr_commands; > u32 *cc_attrs_tbl; > }; > @@ -507,10 +518,11 @@ enum tpm_transmit_flags { > TPM_TRANSMIT_UNLOCKED = BIT(0), > }; > > -ssize_t tpm_transmit(struct tpm_chip *chip, const u8 *buf, size_t bufsiz, > - unsigned int flags); > -ssize_t tpm_transmit_cmd(struct tpm_chip *chip, const void *buf, size_t > bufsiz, > - size_t min_rsp_body_len, unsigned int flags, > +ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, > + u8 *buf, size_t bufsiz, unsigned int flags); > +ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, > + const void *buf, size_t bufsiz, > + size_t min_rsp_body_length, unsigned int flags, > const char *desc); > ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, > const char *desc, size_t min_cap_length); > @@ -572,4 +584,10 @@ unsigned long tpm2_calc_ordinal_duration(struct tpm_chip > *chip, u32 ordinal); > int tpm2_probe(struct tpm_chip *chip); > ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip); > int tpm2_find_cc(struct tpm_chip *chip, u32 cc); > +int tpm2_init_space(struct tpm_space *space); > +void tpm2_del_space(struct tpm_space *space); > +int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 > cc, > + u8 *cmd); > +int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, > + u32 cc, u8 *buf, size_t *bufsiz); > #endif > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c > index 897902a..96121b3 100644 > --- a/drivers/char/tpm/tpm2-cmd.c > +++ b/drivers/char/tpm/tpm2-cmd.c > @@ -266,7 +266,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 > *res_buf) > sizeof(cmd.params.pcrread_in.pcr_select)); > cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); > > - rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), > + rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), > TPM2_PCR_READ_RESP_BODY_SIZE, > 0, "attempting to read a pcr value"); > if (rc == 0) { > @@ -333,7 +333,7 @@ int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, > u32 count, > } > } > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, 0, > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, > "attempting extend a PCR value"); > > tpm_buf_destroy(&buf); > @@ -382,7 +382,7 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *out, > size_t max) > cmd.header.in = tpm2_getrandom_header; > cmd.params.getrandom_in.size = cpu_to_be16(num_bytes); > > - err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), > + err = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), > offsetof(struct tpm2_get_random_out, > buffer), > 0, "attempting get random"); > @@ -441,7 +441,7 @@ void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 > handle, > > tpm_buf_append_u32(&buf, handle); > > - (void) tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, flags, > + (void) tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, flags, > "flushing context"); > > tpm_buf_destroy(&buf); > @@ -557,7 +557,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip, > goto out; > } > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 4, 0, > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, 0, > "sealing data"); > if (rc) > goto out; > @@ -641,7 +641,7 @@ static int tpm2_load_cmd(struct tpm_chip *chip, > goto out; > } > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 4, flags, > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, flags, > "loading blob"); > if (!rc) > *blob_handle = be32_to_cpup( > @@ -693,7 +693,7 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, > options->blobauth /* hmac */, > TPM_DIGEST_SIZE); > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 6, flags, > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 6, flags, > "unsealing"); > if (rc > 0) > rc = -EPERM; > @@ -770,7 +770,7 @@ ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 > property_id, u32 *value, > cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id); > cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); > > - rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), > + rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), > TPM2_GET_TPM_PT_OUT_BODY_SIZE, 0, desc); > if (!rc) > *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value); > @@ -805,7 +805,7 @@ static int tpm2_startup(struct tpm_chip *chip, u16 > startup_type) > cmd.header.in = tpm2_startup_header; > > cmd.params.startup_in.startup_type = cpu_to_be16(startup_type); > - return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, > + return tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, > "attempting to start the TPM"); > } > > @@ -834,7 +834,7 @@ void tpm2_shutdown(struct tpm_chip *chip, u16 > shutdown_type) > cmd.header.in = tpm2_shutdown_header; > cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); > > - rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, > + rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, > "stopping the TPM"); > > /* In places where shutdown command is sent there's no much we can do > @@ -898,7 +898,7 @@ static int tpm2_start_selftest(struct tpm_chip *chip, > bool full) > cmd.header.in = tpm2_selftest_header; > cmd.params.selftest_in.full_test = full; > > - rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 0, 0, > + rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE, 0, 0, > "continue selftest"); > > /* At least some prototype chips seem to give RC_TESTING error > @@ -949,7 +949,8 @@ static int tpm2_do_selftest(struct tpm_chip *chip) > cmd.params.pcrread_in.pcr_select[1] = 0x00; > cmd.params.pcrread_in.pcr_select[2] = 0x00; > > - rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, NULL); > + rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, > + NULL); > if (rc < 0) > break; > > @@ -982,7 +983,7 @@ int tpm2_probe(struct tpm_chip *chip) > cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100); > cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); > > - rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, NULL); > + rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, NULL); > if (rc < 0) > return rc; > > @@ -1022,8 +1023,8 @@ static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) > tpm_buf_append_u32(&buf, TPM2_CC_FIRST); > tpm_buf_append_u32(&buf, nr_commands); > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9 + 4 * nr_commands, > - 0, NULL); > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, > + 9 + 4 * nr_commands, 0, NULL); > if (rc) { > tpm_buf_destroy(&buf); > goto out; > @@ -1136,7 +1137,7 @@ ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) > tpm_buf_append_u32(&buf, 0); > tpm_buf_append_u32(&buf, 1); > > - rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9, 0, > + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 9, 0, > "get tpm pcr allocation"); > if (rc) > goto out; > diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c > new file mode 100644 > index 0000000..e955548 > --- /dev/null > +++ b/drivers/char/tpm/tpm2-space.c > @@ -0,0 +1,431 @@ > +/* > + * Copyright (C) 2016 Intel Corporation > + * > + * Authors: > + * Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> > + * > + * Maintained by: <tpmdd-devel@lists.sourceforge.net> > + * > + * This file contains TPM2 protocol implementations of the commands > + * used by the kernel internally. > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of the GNU General Public License > + * as published by the Free Software Foundation; version 2 > + * of the License. > + */ > + > +#include <linux/gfp.h> > +#include <asm/unaligned.h> > +#include "tpm.h" > + > +enum tpm2_handle_types { > + TPM2_HT_HMAC_SESSION = 0x02000000, > + TPM2_HT_POLICY_SESSION = 0x03000000, > + TPM2_HT_TRANSIENT = 0x80000000, > +}; > + > +struct tpm2_context { > + __be64 sequence; > + __be32 saved_handle; > + __be32 hierarchy; > + __be16 blob_size; > +} __packed; > + > +int tpm2_init_space(struct tpm_space *space) > +{ > + space->context_buf = kzalloc(PAGE_SIZE, GFP_KERNEL); > + if (!space->context_buf) > + return -ENOMEM; > + > + return 0; > +} > + > +void tpm2_del_space(struct tpm_space *space) > +{ > + kfree(space->context_buf); > +} > + > +static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, > + unsigned int *offset, u32 *handle) > +{ > + struct tpm_buf tbuf; > + struct tpm2_context *ctx; > + unsigned int body_size; > + int rc; > + > + rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD); > + if (rc) > + return rc; > + > + ctx = (struct tpm2_context *)&buf[*offset]; > + body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size); > + tpm_buf_append(&tbuf, &buf[*offset], body_size); > + > + rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, > + TPM_TRANSMIT_UNLOCKED, NULL); > + if (rc < 0) { > + dev_warn(&chip->dev, "%s: failed with a system error %d\n", > + __func__, rc); > + tpm_buf_destroy(&tbuf); > + return -EFAULT; > + } else if (rc > 0) { > + dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", > + __func__, rc); > + tpm_buf_destroy(&tbuf); > + return -EFAULT; > + } > + > + *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]); > + *offset += body_size; > + > + tpm_buf_destroy(&tbuf); > + return 0; > +} > + > +static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, > + unsigned int buf_size, unsigned int *offset) > +{ > + struct tpm_buf tbuf; > + unsigned int body_size; > + int rc; > + > + rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_SAVE); > + if (rc) > + return rc; > + > + tpm_buf_append_u32(&tbuf, handle); > + > + rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, > + TPM_TRANSMIT_UNLOCKED, NULL); > + if (rc < 0) { > + dev_warn(&chip->dev, "%s: failed with a system error %d\n", > + __func__, rc); > + tpm_buf_destroy(&tbuf); > + return -EFAULT; > + } else if (tpm2_rc_value(rc) == TPM2_RC_REFERENCE_H0) { > + tpm_buf_destroy(&tbuf); > + return -ENOENT; > + } else if (rc) { > + dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n", > + __func__, rc); > + tpm_buf_destroy(&tbuf); > + return -EFAULT; > + } > + > + body_size = tpm_buf_length(&tbuf) - TPM_HEADER_SIZE; > + if ((*offset + body_size) > buf_size) { > + dev_warn(&chip->dev, "%s: out of backing storage\n", __func__); > + tpm_buf_destroy(&tbuf); > + return -ENOMEM; > + } > + > + memcpy(&buf[*offset], &tbuf.data[TPM_HEADER_SIZE], body_size); > + tpm2_flush_context_cmd(chip, handle, TPM_TRANSMIT_UNLOCKED); > + *offset += body_size; > + tpm_buf_destroy(&tbuf); > + return 0; > +} > + > +static void tpm2_flush_space(struct tpm_chip *chip) > +{ > + struct tpm_space *space = &chip->work_space; > + int i; > + > + for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) > + if (space->context_tbl[i] && ~space->context_tbl[i]) > + tpm2_flush_context_cmd(chip, space->context_tbl[i], > + TPM_TRANSMIT_UNLOCKED); > +} > + > +static int tpm2_load_space(struct tpm_chip *chip) > +{ > + struct tpm_space *space = &chip->work_space; > + unsigned int offset; > + int i; > + int rc; > + > + for (i = 0, offset = 0; i < ARRAY_SIZE(space->context_tbl); i++) { > + if (!space->context_tbl[i]) > + continue; > + > + /* sanity check, should never happen */ > + if (~space->context_tbl[i]) { > + dev_err(&chip->dev, "context table is inconsistent"); > + return -EFAULT; > + } > + > + rc = tpm2_load_context(chip, space->context_buf, &offset, > + &space->context_tbl[i]); > + if (rc) > + return rc; > + } > + > + return 0; > +} > + > +static bool tpm2_map_to_phandle(struct tpm_space *space, void *handle) > +{ > + u32 vhandle = be32_to_cpup((__be32 *)handle); > + u32 phandle; > + int i; > + > + i = 0xFFFFFF - (vhandle & 0xFFFFFF); > + if (i > ARRAY_SIZE(space->context_tbl) || !space->context_tbl[i]) > + return false; > + > + phandle = space->context_tbl[i]; > + *((__be32 *)handle) = cpu_to_be32(phandle); > + return true; > +} > + > +static int tpm2_map_command(struct tpm_chip *chip, u32 cc, u8 *cmd) > +{ > + struct tpm_space *space = &chip->work_space; > + unsigned int nr_handles; > + u32 attrs; > + u32 *handle; > + int i; > + > + i = tpm2_find_cc(chip, cc); > + if (i < 0) > + return -EINVAL; > + > + attrs = chip->cc_attrs_tbl[i]; > + nr_handles = (attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0); > + > + handle = (u32 *)&cmd[TPM_HEADER_SIZE]; > + for (i = 0; i < nr_handles; i++, handle++) { > + if ((be32_to_cpu(*handle) & 0xFF000000) == TPM2_HT_TRANSIENT) { > + if (!tpm2_map_to_phandle(space, handle)) > + return -EINVAL; > + } > + } > + > + return 0; > +} > + > +int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 > cc, > + u8 *cmd) > +{ > + int rc; > + > + if (!space) > + return 0; > + > + memcpy(&chip->work_space.context_tbl, &space->context_tbl, > + sizeof(space->context_tbl)); > + memcpy(chip->work_space.context_buf, space->context_buf, PAGE_SIZE); > + > + rc = tpm2_load_space(chip); > + if (rc) { > + tpm2_flush_space(chip); > + return rc; > + } > + > + rc = tpm2_map_command(chip, cc, cmd); > + if (rc) { > + tpm2_flush_space(chip); > + return rc; > + } > + > + return 0; > +} > + > +static u32 tpm2_map_to_vhandle(struct tpm_space *space, u32 phandle, bool > alloc) > +{ > + int i; > + > + for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) { > + if (alloc) { > + if (!space->context_tbl[i]) { > + space->context_tbl[i] = phandle; > + break; > + } > + } else if (space->context_tbl[i] == phandle) > + break; > + } > + > + if (i == ARRAY_SIZE(space->context_tbl)) > + return 0; > + > + return TPM2_HT_TRANSIENT | (0xFFFFFF - i); > +} > + > +static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, > + size_t len) > +{ > + struct tpm_space *space = &chip->work_space; > + struct tpm_output_header *header = (void *)rsp; > + u32 phandle; > + u32 phandle_type; > + u32 vhandle; > + u32 attrs; > + int i; > + > + if (be32_to_cpu(header->return_code) != TPM2_RC_SUCCESS) > + return 0; > + > + i = tpm2_find_cc(chip, cc); > + /* sanity check, should never happen */ > + if (i < 0) > + return -EFAULT; > + > + attrs = chip->cc_attrs_tbl[i]; > + if (!((attrs >> TPM2_CC_ATTR_RHANDLE) & 1)) > + return 0; > + > + phandle = be32_to_cpup((__be32 *)&rsp[TPM_HEADER_SIZE]); > + phandle_type = phandle & 0xFF000000; > + > + switch (phandle_type) { > + case TPM2_HT_TRANSIENT: > + vhandle = tpm2_map_to_vhandle(space, phandle, true); > + if (!vhandle) > + goto out_no_slots; > + > + *(__be32 *)&rsp[TPM_HEADER_SIZE] = cpu_to_be32(vhandle); > + break; > + case TPM2_HT_HMAC_SESSION: > + case TPM2_HT_POLICY_SESSION: > + break; > + default: > + dev_err(&chip->dev, "%s: unknown handle 0x%08X\n", > + __func__, phandle); > + break; > + }; > + > + return 0; > +out_no_slots: > + tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); > + dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, > + phandle); > + return -ENOMEM; > +} > + > +struct tpm2_cap_handles { > + u8 more_data; > + __be32 capability; > + __be32 count; > + __be32 handles[]; > +} __packed; > + > +static int tpm2_map_response_body(struct tpm_chip *chip, u32 cc, u8 *rsp, > + size_t len) > +{ > + struct tpm_space *space = &chip->work_space; > + struct tpm_output_header *header = (void *)rsp; > + struct tpm2_cap_handles *data; > + u32 phandle; > + u32 phandle_type; > + u32 vhandle; > + int i; > + int j; > + > + if (cc != TPM2_CC_GET_CAPABILITY || > + be32_to_cpu(header->return_code) != TPM2_RC_SUCCESS) { > + return 0; > + } > + > + if (len < TPM_HEADER_SIZE + 9) > + return -EFAULT; > + > + data = (void *)&rsp[TPM_HEADER_SIZE]; > + if (be32_to_cpu(data->capability) != TPM2_CAP_HANDLES) > + return 0; > + > + if (len != TPM_HEADER_SIZE + 9 + 4 * be32_to_cpu(data->count)) > + return -EFAULT; > + > + for (i = 0, j = 0; i < be32_to_cpu(data->count); i++) { > + phandle = be32_to_cpup((__be32 *)&data->handles[i]); > + phandle_type = phandle & 0xFF000000; > + > + switch (phandle_type) { > + case TPM2_HT_TRANSIENT: > + vhandle = tpm2_map_to_vhandle(space, phandle, false); > + if (!vhandle) > + break; > + > + data->handles[j] = cpu_to_be32(vhandle); > + j++; > + break; > + case TPM2_HT_HMAC_SESSION: > + case TPM2_HT_POLICY_SESSION: > + data->handles[j] = cpu_to_be32(phandle); > + j++; > + break; > + default: > + dev_err(&chip->dev, "%s: unknown handle 0x%08X\n", > + __func__, phandle); > + break; > + } > + > + } > + > + header->length = cpu_to_be32(TPM_HEADER_SIZE + 9 + 4 * j); > + data->count = cpu_to_be32(j); > + return 0; > +} > + > +static int tpm2_save_space(struct tpm_chip *chip) > +{ > + struct tpm_space *space = &chip->work_space; > + unsigned int offset; > + int i; > + int rc; > + > + for (i = 0, offset = 0; i < ARRAY_SIZE(space->context_tbl); i++) { > + if (!(space->context_tbl[i] && ~space->context_tbl[i])) > + continue; > + > + rc = tpm2_save_context(chip, space->context_tbl[i], > + space->context_buf, PAGE_SIZE, > + &offset); > + if (rc == -ENOENT) { > + space->context_tbl[i] = 0; > + continue; > + } else if (rc) > + return rc; > + > + space->context_tbl[i] = ~0; > + } > + > + return 0; > +} > + > +int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, > + u32 cc, u8 *buf, size_t *bufsiz) > +{ > + struct tpm_output_header *header = (void *)buf; > + int rc; > + > + if (!space) > + return 0; > + > + rc = tpm2_map_response_header(chip, cc, buf, *bufsiz); > + if (rc) { > + tpm2_flush_space(chip); > + return rc; > + } > + > + rc = tpm2_map_response_body(chip, cc, buf, *bufsiz); > + if (rc) { > + tpm2_flush_space(chip); > + return rc; > + } > + > + rc = tpm2_save_space(chip); > + if (rc) { > + tpm2_flush_space(chip); > + return rc; > + } > + > + *bufsiz = be32_to_cpu(header->length); > + > + memcpy(&space->context_tbl, &chip->work_space.context_tbl, > + sizeof(space->context_tbl)); > + memcpy(space->context_buf, chip->work_space.context_buf, PAGE_SIZE); > + > + return 0; > +} > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel