summaryrefslogtreecommitdiffstats
path: root/drivers/char/tpm/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* tpm: Add tpm_tis_i2c backend for tpm_tis_coreAlexander Steffen2022-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the TCG I2C Interface driver, as specified in the TCG PC Client Platform TPM Profile (PTP) specification for TPM 2.0 v1.04 revision 14, section 8, I2C Interface Definition. This driver supports Guard Times. That is, if required by the TPM, the driver has to wait by a vendor-specific time after each I2C read/write. The specific time is read from the TPM_I2C_INTERFACE_CAPABILITY register. Unfortunately, the TCG specified almost but not quite compatible register addresses. Therefore, the TIS register addresses need to be mapped to I2C ones. The locality is stripped because for now, only locality 0 is supported. Add a sanity check to I2C reads of e.g. TPM_ACCESS and TPM_STS. This is to detect communication errors and issues due to non-standard behaviour (E.g. the clock stretching quirk in the BCM2835, see 4dbfb5f4401f). In case the sanity check fails, attempt a retry. Co-developed-by: Johannes Holland <johannes.holland@infineon.com> Signed-off-by: Johannes Holland <johannes.holland@infineon.com> Co-developed-by: Amir Mizinski <amirmizi6@gmail.com> Signed-off-by: Amir Mizinski <amirmizi6@gmail.com> Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
* char: tpm: add i2c driver for cr50Duncan Laurie2021-02-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Add TPM 2.0 compatible I2C interface for chips with cr50 firmware. The firmware running on the currently supported H1 MCU requires a special driver to handle its specific protocol, and this makes it unsuitable to use tpm_tis_core_* and instead it must implement the underlying TPM protocol similar to the other I2C TPM drivers. - All 4 bytes of status register must be read/written at once. - FIFO and burst count is limited to 63 and must be drained by AP. - Provides an interrupt to indicate when read response data is ready and when the TPM is finished processing write data. This driver is based on the existing infineon I2C TPM driver, which most closely matches the cr50 i2c protocol behavior. Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Signed-off-by: Stephen Boyd <swboyd@chromium.org> Signed-off-by: Fabien Lahoudere <fabien.lahoudere@collabora.com> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Tested-by: Adrian Ratiu <adrian.ratiu@collabora.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
* tpm: tis: add support for MMIO TPM on SynQuacerMasahisa Kojima2020-10-021-0/+1
| | | | | | | | | | | | | When fitted, the SynQuacer platform exposes its SPI TPM via a MMIO window that is backed by the SPI command sequencer in the SPI bus controller. This arrangement has the limitation that only byte size accesses are supported, and so we'll need to provide a separate module that take this into account. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: Revert tpm_tis_spi_mod.ko to tpm_tis_spi.ko.Jarkko Sakkinen2020-02-171-3/+5
| | | | | | | | | | | | | | | | Revert tpm_tis_spi_mod.ko back to tpm_tis_spi.ko as the rename could break user space scripts. This can be achieved by renaming tpm_tis_spi.c as tpm_tis_spi_main.c. Then tpm_tis_spi-y can be used inside the makefile. Cc: Andrey Pronin <apronin@chromium.org> Cc: Stephen Boyd <swboyd@chromium.org> Cc: stable@vger.kernel.org # 5.5.x Fixes: 797c0113c9a4 ("tpm: tpm_tis_spi: Support cr50 devices") Reported-by: Alexander Steffen <Alexander.Steffen@infineon.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: tpm_tis_spi: Support cr50 devicesAndrey Pronin2019-11-121-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add TPM2.0 PTP FIFO compatible SPI interface for chips with Cr50 firmware. The firmware running on the currently supported H1 Secure Microcontroller requires a special driver to handle its specifics: - need to ensure a certain delay between SPI transactions, or else the chip may miss some part of the next transaction - if there is no SPI activity for some time, it may go to sleep, and needs to be waken up before sending further commands - access to vendor-specific registers Cr50 firmware has a requirement to wait for the TPM to wakeup before sending commands over the SPI bus. Otherwise, the firmware could be in deep sleep and not respond. The method to wait for the device to wakeup is slightly different than the usual flow control mechanism described in the TCG SPI spec. Add a completion to tpm_tis_spi_transfer() before we start a SPI transfer so we can keep track of the last time the TPM driver accessed the SPI bus to support the flow control mechanism. Split the cr50 logic off into a different file to keep it out of the normal code flow of the existing SPI driver while making it all part of the same module when the code is optionally compiled into the same module. Export a new function, tpm_tis_spi_init(), and the associated read/write/transfer APIs so that we can do this. Make the cr50 code wrap the tpm_tis_spi_phy struct with its own struct to override the behavior of tpm_tis_spi_transfer() by supplying a custom flow control hook. This shares the most code between the core driver and the cr50 support without combining everything into the core driver or exporting module symbols. Signed-off-by: Andrey Pronin <apronin@chromium.org> Cc: Andrey Pronin <apronin@chromium.org> Cc: Duncan Laurie <dlaurie@chromium.org> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Guenter Roeck <groeck@chromium.org> Cc: Alexander Steffen <Alexander.Steffen@infineon.com> Cc: Heiko Stuebner <heiko@sntech.de> [swboyd@chromium.org: Replace boilerplate with SPDX tag, drop suspended bit and remove ifdef checks in cr50.h, migrate to functions exported in tpm_tis_spi.h, combine into one module instead of two] Signed-off-by: Stephen Boyd <swboyd@chromium.org> Tested-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEESasha Levin2019-09-021-0/+1
| | | | | | | | | | | | | | | | | | Add a driver for a firmware TPM running inside TEE. Documentation of the firmware TPM: https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/ . Implementation of the firmware TPM: https://github.com/Microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Thirupathaiah Annapureddy <thiruan@microsoft.com> Signed-off-by: Thirupathaiah Annapureddy <thiruan@microsoft.com> Co-authored-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: factor out tpm 1.x duration calculation to tpm1-cmd.cTomas Winkler2018-11-131-0/+1
| | | | | | | | | | | Factor out TPM 1.x commands calculation into tpm1-cmd.c file. and change the prefix from tpm_ to tpm1_. No functional change is done here. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: sort objects in the MakefileTomas Winkler2018-11-131-3/+12
| | | | | | | | | | Make the tpm Makefile a bit more in order by putting objects in one column. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: Move shared eventlog functions to common.cThiebaud Weksteen2018-05-091-2/+2
| | | | | | | | | | Functions and structures specific to TPM1 are renamed from tpm* to tpm1*. Signed-off-by: Thiebaud Weksteen <tweek@google.com> Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: Move eventlog files to a subdirectoryThiebaud Weksteen2018-05-091-4/+4
| | | | | | | | Signed-off-by: Thiebaud Weksteen <tweek@google.com> Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: parse TPM event logs based on EFI tableThiebaud Weksteen2018-01-081-0/+1
| | | | | | | | | | | | | | | If we are not able to retrieve the TPM event logs from the ACPI table, check the EFI configuration table (Linux-specific GUID). The format version of the log is now returned by the provider function. Signed-off-by: Thiebaud Weksteen <tweek@google.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> Tested-by: Javier Martinez Canillas <javierm@redhat.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: rename event log provider filesThiebaud Weksteen2018-01-081-2/+2
| | | | | | | | | | | | | Rename the current TPM Event Log provider files (ACPI and OF) for clarity. Signed-off-by: Thiebaud Weksteen <tweek@google.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> Tested-by: Javier Martinez Canillas <javierm@redhat.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* License cleanup: add SPDX GPL-2.0 license identifier to files with no licenseGreg Kroah-Hartman2017-11-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* tpm: expose spaces via a device link /dev/tpmrm<n>James Bottomley2017-04-031-1/+2
| | | | | | | | | | | | | | | | Currently the tpm spaces are not exposed to userspace. Make this exposure via a separate device, which can now be opened multiple times because each read/write transaction goes separately via the space. Concurrency is protected by the chip->tpm_mutex for each read/write transaction separately. The TPM is cleared of all transient objects by the time the mutex is dropped, so there should be no interference between the kernel and userspace. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.cJames Bottomley2017-04-031-1/+1
| | | | | | | Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: infrastructure for TPM spacesJarkko Sakkinen2017-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Added an ability to virtualize TPM commands into an isolated context that we call a TPM space because the word context is already heavily used in the TPM specification. Both the handle areas and bodies (where necessary) are virtualized. The mechanism works by adding a new parameter struct tpm_space to the tpm_transmit() function. This new structure contains the list of virtual handles and a buffer of page size (currently) for backing storage. When tpm_transmit() is called with a struct tpm_space instance it will execute the following sequence: 1. Take locks. 2. Load transient objects from the backing storage by using ContextLoad and map virtual handles to physical handles. 3. Perform the transaction. 4. Save transient objects to backing storage by using ContextSave and map resulting physical handle to virtual handle if there is such. This commit does not implement virtualization support for hmac and policy sessions. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* tpm: add securityfs support for TPM 2.0 firmware event logNayna Jain2017-02-031-1/+1
| | | | | | | | | | | | | | | | | | Unlike the device driver support for TPM 1.2, the TPM 2.0 does not support the securityfs pseudo files for displaying the firmware event log. This patch enables support for providing the TPM 2.0 event log in binary form. TPM 2.0 event log supports a crypto agile format that records multiple digests, which is different from TPM 1.2. This patch enables the tpm_bios_log_setup for TPM 2.0 and adds the event log parser which understand the TPM 2.0 crypto agile format. Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: redefine read_log() to handle ACPI/OF at runtimeNayna Jain2016-11-281-10/+4
| | | | | | | | | | | | | | | | | | | | Currently, read_log() has two implementations: one for ACPI platforms and the other for device tree(OF) based platforms. The proper one is selected at compile time using Kconfig and #ifdef in the Makefile, which is not the recommended approach. This patch removes the #ifdef in the Makefile by defining a single read_log() method, which checks for ACPI/OF event log properties at runtime. [jarkko.sakkinen@linux.intel.com: added tpm_ prefix to read_log*] Suggested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm/tpm_tis_spi: Add support for spi phyChristophe Ricard2016-06-251-0/+1
| | | | | | | | | | | | | | | | | | | | | Spi protocol standardized by the TCG is now supported by most of TPM vendors. It supports SPI Bit Protocol as describe in the TCG PTP specification (chapter 6.4.6 SPI Bit Protocol). Irq mode is not supported. This commit is based on the initial work by Peter Huewe. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm/tpm_tis: Split tpm_tis driver into a core and TCG TIS compliant phyChristophe Ricard2016-06-251-0/+1
| | | | | | | | | | | | | | | | | | | | | To avoid code duplication between the old tpm_tis and the new and future native tcg tis driver(ie: spi, i2c...), the tpm_tis driver was reworked, so that all common logic is extracted and can be reused from all drivers. The core methods can also be used from other TIS like drivers. itpm workaround is now managed with a specific tis flag TPM_TIS_ITPM_POSSIBLE. This commit is based on the initial work by Peter Huewe. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm: Proxy driver for supporting multiple emulated TPMsStefan Berger2016-06-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch implements a proxy driver for supporting multiple emulated TPMs in a system. The driver implements a device /dev/vtpmx that is used to created a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side that is accessed using a file descriptor returned by an ioctl. The device /dev/tpmX is the usual TPM device created by the core TPM driver. Applications or kernel subsystems can send TPM commands to it and the corresponding server-side file descriptor receives these commands and delivers them to an emulated TPM. The driver retrievs the TPM 1.2 durations and timeouts. Since this requires the startup of the TPM, we send a startup for TPM 1.2 as well as TPM 2. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> CC: linux-kernel@vger.kernel.org CC: linux-doc@vger.kernel.org CC: linux-api@vger.kernel.org Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
* tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)Christophe Ricard2015-03-181-1/+1
| | | | | | | | | | | | | | | tpm_i2c_stm_st33 is a TIS 1.2 TPM with a core interface which can be used by different phy such as i2c or spi. The core part is called st33zp24 which is also the main part reference. include/linux/platform_data/tpm_stm_st33.h is renamed consequently. The driver is also split into an i2c phy in charge of sending/receiving data as well as managing platform data or dts configuration. Acked-by: Jarkko Sakkinen <jarkko.sakknen@linux.intel.com> Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: TPM 2.0 CRB InterfaceJarkko Sakkinen2015-01-171-0/+1
| | | | | | | | | | | | | | | | | | tpm_crb is a driver for TPM 2.0 Command Response Buffer (CRB) Interface as defined in PC Client Platform TPM Profile (PTP) Specification. Only polling and single locality is supported as these are the limitations of the available hardware, Platform Trust Techonlogy (PTT) in Haswell CPUs. The driver always applies CRB with ACPI start because PTT reports using only ACPI start as start method but as a result of my testing it requires also CRB start. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: TPM 2.0 baseline supportJarkko Sakkinen2015-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TPM 2.0 devices are separated by adding a field 'flags' to struct tpm_chip and defining a flag TPM_CHIP_FLAG_TPM2 for tagging them. This patch adds the following internal functions: - tpm2_get_random() - tpm2_get_tpm_pt() - tpm2_pcr_extend() - tpm2_pcr_read() - tpm2_startup() Additionally, the following exported functions are implemented for implementing TPM 2.0 device drivers: - tpm2_do_selftest() - tpm2_calc_ordinal_durations() - tpm2_gen_interrupt() The existing functions that are exported for the use for existing subsystems have been changed to check the flags field in struct tpm_chip and use appropriate TPM 2.0 counterpart if TPM_CHIP_FLAG_TPM2 is est. The code for tpm2_calc_ordinal_duration() and tpm2_startup() were originally written by Will Arthur. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Will Arthur <will.c.arthur@intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Tested-by: Peter Huewe <peterhuewe@gmx.de> [phuewe: Fixed copy paste error * 2] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: two-phase chip management functionsJarkko Sakkinen2015-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | tpm_register_hardware() and tpm_remove_hardware() are called often before initializing the device. The problem is that the device might not be fully initialized when it comes visible to the user space. This patch resolves the issue by diving initialization into two parts: - tpmm_chip_alloc() creates struct tpm_chip. - tpm_chip_register() sets up the character device and sysfs attributes. The framework takes care of freeing struct tpm_chip by using the devres API. The broken release callback has been wiped. ACPI drivers do not ever get this callback. Regards to Jason Gunthorpe for carefully reviewing this part of the code. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Scot Doyle <lkml14@scotdoyle.com> Tested-by: Peter Huewe <peterhuewe@gmx.de> [phuewe: update to upstream changes] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar ↵Christophe Ricard2015-01-171-1/+1
| | | | | | | | | | | | | | product STMicroelectronics i2c tpm is the only one to have a different tristate label. Rename it "TPM Interface Specification 1.2 Interface (I2C - STMicroelectronics)" Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> [phuewe: corrected module name in the helptext] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: Move sysfs functions from tpm-interface to tpm-sysfsJason Gunthorpe2014-01-061-1/+1
| | | | | | | | | | | | | CLASS-sysfs.c is a common idiom for linux subsystems. This is the first step to pulling all the sysfs support code from the drivers into tpm-sysfs. This is a plain text copy from tpm-interface with support changes to make it compile. _tpm_pcr_read is made non-static and is called tpm_pcr_read_dev. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: Pull everything related to /dev/tpmX into tpm-dev.cJason Gunthorpe2014-01-061-1/+1
| | | | | | | | | | | | | | | | | CLASS-dev.c is a common idiom for Linux subsystems This pulls all the code related to the miscdev into tpm-dev.c and makes it static. The identical file_operation structs in the drivers are purged and the tpm common code unconditionally creates the miscdev. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com> Reviewed-by: Ashley Lai <adlai@linux.vnet.ibm.com> [phuewe: tpm_dev_release is now used only in this file, thus the EXPORT_SYMBOL can be dropped and the function be marked as static. It has no other in-kernel users] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: Add support for Atmel I2C TPMsJason Gunthorpe2013-10-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is based on the work of Teddy Reed <teddy@prosauce.org> published on GitHub: https://github.com/theopolis/tpm-i2c-atmel.git 34894b988b67e0ae55088d6388e77b0dbf10c07d That driver was never merged, I have taken it as a starting port, forward ported, tested and revised the driver: - Make it broadly textually similar to the Infineon and Nuvoton I2C driver - Place everything in a format suitable for mainline inclusion - Use high level I2C functions i2c_master_send and i2c_master_recv for data xfer - Use the timeout system from the core code, by faking out a status register - Only I2C transfer the number of bytes in the reply, not a fixed message size. - checkpatch cleanups - Testing on ARM Kirkwood, with this device tree, using a AT97SC3204T-X1A180 tpm@29 { compatible = "atmel,at97sc3204t"; reg = <0x29>; }; Signed-off-by: Teddy Reed <teddy@prosauce.org> [jgg: revised and tested] Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: Add support for the Nuvoton NPCT501 I2C TPMJason Gunthorpe2013-10-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This chip is/was also branded as a Winbond WPCT301. Originally written by Dan Morav <dmorav@nuvoton.com> and posted to LKML: https://lkml.org/lkml/2011/9/7/206 The original posting was not merged, I have taken it as a starting point, forward ported, tested and revised the driver: - Rework interrupt handling to work properly with level triggered interrupts. The old version just locked up. - Synchronize various items with Peter Huewe's Infineon driver: * Add durations/timeouts sysfs calls * Remove I2C device auto-detection * Don't fiddle with chip->release * Call tpm_dev_vendor_release in the probe error path * Use MODULE_DEVICE_TABLE for the I2C ids * Provide OF compatible strings for DT support * Use SIMPLE_DEV_PM_OPS * Use module_i2c_driver - checkpatch cleanups - Testing on ARM Kirkwood with GPIO interrupts, with this device tree: tpm@57 { compatible = "nuvoton,npct501"; reg = <0x57>; interrupt-parent = <&gpio1>; interrupts = <6 IRQ_TYPE_LEVEL_LOW>; }; Signed-off-by: Dan Morav <dmorav@nuvoton.com> [jgg: revised and tested] Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> [phuewe: minor whitespace changes, fixed module name in kconfig] Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
* tpm: Merge the tpm-bios module with tpm.oJason Gunthorpe2013-10-221-4/+3
| | | | | | | | | | | | | | | | | | | Now that we can have multiple .c files in the tpm module there is no reason for tpm-bios. tpm-bios exported several functions: tpm_bios_log_setup, tpm_bios_log_teardown, tpm_add_ppi, and tpm_remove_ppi. They are only used by tpm, and if tpm-bios is built then tpm will unconditionally require them. Further, tpm-bios does nothing on its own, it has no module_init function. Thus we remove the exports and merge the modules to simplify things. The Makefile conditions are changed slightly to match the code, tpm_ppi is always required if CONFIG_ACPI is set. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
* tpm: Rename tpm.c to tpm-interface.cJason Gunthorpe2013-10-221-0/+2
| | | | | | | | | | | | This is preparation for making the tpm module multi-file. kbuild does not like having a .c file with the same name as a module. We wish to keep the tpm module name so that userspace doesn't see this change. tpm-interface.c is chosen because the next several commits in the series migrate items into tpm-sysfs.c, tpm-dev.c and tpm-class.c. All that will be left is tpm command processing and interfacing code. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
* drivers/tpm: add xen tpmfront interfaceDaniel De Graaf2013-08-091-0/+1
| | | | | | | | | | | | | | This is a complete rewrite of the Xen TPM frontend driver, taking advantage of a simplified frontend/backend interface and adding support for cancellation and timeouts. The backend for this driver is provided by a vTPM stub domain using the interface in Xen 4.3. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Peter Huewe <peterhuewe@gmx.de> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
* TPM: STMicroelectronics ST33 I2C BUILD STUFFMathias Leblanc2013-02-051-0/+1
| | | | | | | | | | | | | | | | | | | | * STMicroelectronics version 1.2.0, Copyright (C) 2010 * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. * This is free software, and you are welcome to redistribute it * under certain conditions. This is the driver for TPM chip from ST Microelectronics. If you have a TPM security chip from STMicroelectronics working with an I2C, in menuconfig or .config choose the tpm driver on device --> tpm and activate the protocol of your choice before compiling the kernel. The driver will be accessible from within Linux. Tested on linux x86/x64, beagleboard REV B & XM REV C and CHROMIUM OS Signed-off-by: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* driver: add PPI support in tpm driverXiaoyan Zhang2012-08-221-1/+1
| | | | | | | | | | | | | | | | The Physical Presence Interface enables the OS and the BIOS to cooperate and provides a simple and straightforward platform user experience for administering the TPM without sacrificing security. V2: separate the patch out in a separate source file, add #ifdef CONFIG_ACPI so it compiles out on ppc, use standard error instead of ACPI error as return code of show/store fns. V3: move #ifdef CONFIG_ACPI from .c file to .h file. V4: move tpm_ppi code from tpm module to tpm_bios module. V5: modify sys_add_ppi() so that ppi_attr_grp doesn't need to be exported Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* drivers/char/tpm: Add securityfs support for event logAshley Lai2012-08-221-0/+5
| | | | | | | | | This patch retrieves the event log data from the device tree during file open. The event log data will then displayed through securityfs. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* drivers/char/tpm: Add new device driver to support IBM vTPMAshley Lai2012-08-221-0/+1
| | | | | | | | | | | | | | | This patch adds a new device driver to support IBM virtual TPM (vTPM) for PPC64. IBM vTPM is supported through the adjunct partition with firmware release 740 or higher. With vTPM support, each lpar is able to have its own vTPM without the physical TPM hardware. This driver provides TPM functionalities by communicating with the vTPM adjunct partition through Hypervisor calls (Hcalls) and Command/Response Queue (CRQ) commands. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: modularize event log collectionKent Yoder2012-08-221-0/+1
| | | | | | | | | Break ACPI-specific pieces of the event log handling into their own file and create tpm_eventlog.[ch] to store common event log handling code. This will be required to integrate future event log sources on platforms without ACPI tables. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: Add new driver for Infineon I2C TIS TPMPeter Huewe2012-08-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a driver to support Infineon's SLB 9635 TT 1.2 Soft I2C TPMs which follow the TGC TIS 1.2 TPM specification[1] and Infineon's I2C Protocol Stack Specification 0.20. The I2C Protocol Stack Specification is a simple adaption of the LPC TIS Protocol to the I2C Bus. The I2C TPMs can be used when LPC Bus is not available (i.e. non x86 architectures like ARM). The driver is based on the tpm_tis.c driver by Leendert van Dorn and Kyleen Hall and has quite similar functionality. Tested on Nvidia ARM Tegra2 Development Platform and Beagleboard (ARM OMAP) Tested with the Trousers[2] TSS API Testsuite v 0.3 [3] Compile-tested on x86 (32/64-bit) Updates since version 2.1.4: - included "Lock the I2C adapter for a sequence of requests", by Bryan Freed - use __i2c_transfer instead of own implementation of unlocked i2c_transfer - use struct dev_pm_ops for power management via SIMPLE_DEV_PM_OPS Updates since version 2.1.3: - use proper probing mechanism * either add the tpm using I2C_BOARD_INFO to your board file or probe it * during runtime e.g on BeagleBoard using : * "echo tpm_i2c_infineon 0x20 > /sys/bus/i2c/devices/i2c-2/new_device" - fix possible endless loop if hardware misbehaves - improved return codes - consistent spelling i2c/tpm -> I2C/TPM - remove hardcoded sleep values and msleep usage - removed debug statements - added check for I2C functionality - renaming to tpm_i2c_infineon Updates since version 2.1.2: - added sysfs entries for duration and timeouts - updated to new tpm_do_selftest Updates since version 2.1.0: - improved error handling - implemented workarounds needed by the tpm - fixed typos References: [1] http://www.trustedcomputinggroup.org/resources/pc_client_work_group_pc_client_ specific_tpm_interface_specification_tis_version_12/ [2] http://trousers.sourceforge.net/ [3] http://sourceforge.net/projects/trousers/files/TSS%20API%20test%20suite/0.3/ Reviewed-by: Andi Shyti <andi.shyti@gmail.com> Acked-by: Marcel Selhorst <tpmdd@selhorst.net> Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Bryan Freed <bfreed@chromium.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* [PATCH] tpm: driver for next generation TPM chipsLeendert van Doorn2006-04-221-0/+1
| | | | | | | | | | | | | The driver for the next generation of TPM chips version 1.2 including support for interrupts. The Trusted Computing Group has written the TPM Interface Specification (TIS) which defines a common interface for all manufacturer's 1.2 TPM's thus the name tpm_tis. Signed-off-by: Leendert van Doorn <leendert@watson.ibm.com> Signed-off-by: Kylene Hall <kjhall@us.ibm.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] tpm: add bios measurement logKylene Jo Hall2006-01-081-0/+3
| | | | | | | | | | | | | | According to the TCG specifications measurements or hashes of the BIOS code and data are extended into TPM PCRS and a log is kept in an ACPI table of these extensions for later validation if desired. This patch exports the values in the ACPI table through a security-fs seq_file. Signed-off-by: Seiji Munetoh <munetoh@jp.ibm.com> Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Reiner Sailer <sailer@us.ibm.com> Signed-off-by: Kylene Hall <kjhall@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] tpm: Support for Infineon TPMMarcel Selhorst2005-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch provides a new device driver for the Infineon SLD 9630 TT Trusted Platform Module (TPM 1.1b) [1] which is embedded on Intel- mainboards or in HP/ Fujitsu-Siemens / Toshiba-Notebooks. A nearly complete list where this module is integrated in can be found in [2]. This kernel module acts as a communication gateway between the linux kernel and the hardware chip and fits the TPM-specific interfaces created by IBM in drivers/char/tpm/tpm.h Further information about this module and a list of succesfully tested and therefore supported hardware can be found at our project page [3]. [1] http://www.infineon.com/cgi/ecrm.dll/ecrm/scripts/public_download.jsp?oid=114135&parent_oid=29049 [2] http://www.tonymcfadden.net/tpmvendors.htm [3] http://www.prosec.rub.de/tpm Signed-off-by: Marcel Selhorst <selhorst@crypto.rub.de> Acked-by: Kylene Jo Hall <kjhall@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+7
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!