summaryrefslogtreecommitdiffstats
path: root/drivers/char/tpm
Commit message (Collapse)AuthorAgeFilesLines
* TPM: Retry SaveState command in suspend pathDuncan Laurie2013-04-172-4/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the TPM has already been sent a SaveState command before the driver is loaded it may have problems sending that same command again later. This issue is seen with the Chromebook Pixel due to a firmware bug in the legacy mode boot path which is sending the SaveState command before booting the kernel. More information is available at http://crbug.com/203524 This change introduces a retry of the SaveState command in the suspend path in order to work around this issue. A future firmware update should fix this but this is also a trivial workaround in the driver that has no effect on systems that do not show this problem. When this does happen the TPM responds with a non-fatal TPM_RETRY code that is defined in the specification: The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time. The TPM MAY return TPM_RETRY for any command at any time. It can take several seconds before the TPM will respond again. I measured a typical time between 3 and 4 seconds and the timeout is set at a safe 5 seconds. It is also possible to reproduce this with commands via /dev/tpm0. The bug linked above has a python script attached which can be used to test for this problem. I tested a variety of TPMs from Infineon, Nuvoton, Atmel, and STMicro but was only able to reproduce this with LPC and I2C TPMs from Infineon. The TPM specification only loosely defines this behavior: TPM Main Level 2 Part 3 v1.2 r116, section 3.3. TPM_SaveState: The TPM MAY declare all preserved values invalid in response to any command other than TPM_Init. TCG PC Client BIOS Spec 1.21 section 8.3.1. After issuing a TPM_SaveState command, the OS SHOULD NOT issue TPM commands before transitioning to S3 without issuing another TPM_SaveState command. TCG PC Client TIS 1.21, section 4. Power Management: The TPM_SaveState command allows a Static OS to indicate to the TPM that the platform may enter a low power state where the TPM will be required to enter into the D3 power state. The use of the term "may" is significant in that there is no requirement for the platform to actually enter the low power state after sending the TPM_SaveState command. The software may, in fact, send subsequent commands after sending the TPM_SaveState command. Change-Id: I52b41e826412688e5b6c8ddd3bb16409939704e9 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm/tpm_i2c_infineon: Add small comment about return value of __i2c_transferPeter Huewe2013-04-121-0/+9
| | | | | | | | Kent Yoder indicated that the code might be a bit clearer with a comment here, so this patch adds a small explanation of the code. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm/tpm_i2c_infineon.c: Add OF attributes type and name to the of_device_id ↵Peter Huewe2013-04-121-3/+18
| | | | | | | | | | table entries As the subject says. It's probably a good idea to have these fields populated. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm_i2c_stm_st33: Remove duplicate inclusion of header filesSachin Kamat2013-04-121-2/+0
| | | | | | | module.h and sched.h were included twice. Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: Add support for new Infineon I2C TPM (SLB 9645 TT 1.2 I2C)Peter Huewe2013-04-121-40/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This driver adds support for Infineon's new SLB 9645 TT 1.2 I2C TPMs, which supports clockstretching, combined reads and a bus speed of up to 400khz. The device also has a new device id. The driver works now also fine with device trees, so you can instantiate your device by adding: + tpm { + compatible = "infineon,slb9645tt"; + reg = <0x20>; + }; for SLB 9645 devices or + tpm { + compatible = "infineon,slb9635tt"; + reg = <0x20>; + }; for SLB 9635 devices to your device tree. tpm_i2c_infineon is also retained as a compatible id as a fallback to slb9635 protocol. The driver was tested on Beaglebone. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: Convert struct i2c_msg initialization to C99 formatShubhrajyoti Datta2013-04-121-3/+16
| | | | | | | | | | | | | Convert the struct i2c_msg initialization to C99 format. This makes maintaining and editing the code simpler. Also helps once other fields like transferred are added in future. Thanks to Julia Lawall for automating the conversion. Signed-off-by: Shubhrajyoti D <shubhrajyoti@ti.com> Acked-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* drivers/char/tpm/tpm_ppi: use strlcpy instead of strncpyChen Gang2013-04-121-7/+7
| | | | | | | | Ensure that the 'version' string includes a NULL terminator after its copied out of the acpi table. Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm/tpm_i2c_stm_st33: formatting and white space changesPeter Huewe2013-04-121-31/+31
| | | | | Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm/ibmvtpm: build only when IBM pseries is configuredKent Yoder2013-02-141-1/+1
| | | | Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm_tis: check pnp_acpi_device return codeKent Yoder2013-02-051-0/+3
| | | | | | Reported-by: Peter Hüwe <peterhuewe@gmx.de> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm/tpm_i2c_stm_st33: drop temporary variable for return valuePeter Huewe2013-02-051-3/+1
| | | | | | | | We don't need a temporary variable just to store the return value which gets return in the next statement. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probePeter Huewe2013-02-051-2/+0
| | | | | | | | | Err is never read before it is assigned again -> remove the dead assigment. Found with clang static analyzer Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm/tpm_i2c_stm_st33: Remove __devexit attributePeter Huewe2013-02-051-1/+1
| | | | | | | With the HOTPLUG changes 3.8 this attribute is going away. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignmentPeter Huewe2013-02-051-4/+2
| | | | | | | | | We don't need to call memcpy for one byte, but assign it directly. And to make the offset clearer we use the array syntax on the subsequent call to memset to make the relationship clearer. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm_i2c_stm_st33: removed unused variables/codeKent Yoder2013-02-051-17/+1
| | | | | | Reported-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startupJason Gunthorpe2013-02-051-0/+21
| | | | | | | | | | | | | | | | | | | | | | The TIS specification (pg 47) says the valid bit must be set, but the TPM will not set it until it has completed its internal startup. The driver checks that the valid bit is set during request_locality, but it issues a TPM_ACCESS_REQUEST_USE without validating the valid bit is set. Some TPMs will ignore the TPM_ACCESS_REQUEST_USE, until valid is set which causes the request_locality to timeout, which breaks the driver attach. Wait one timeout unit for valid to assert. If valid does not assert then assume -ENODEV. Seen on embedded with a: 1.2 TPM (device-id 0x3204, rev-id 64) Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: Fix cancellation of TPM commands (interrupt mode)Stefan Berger2013-02-053-12/+31
| | | | | | | | Support cancellation of TPM commands when driver is used in interrupt mode. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: Fix cancellation of TPM commands (polling mode)Stefan Berger2013-02-058-8/+48
| | | | | | | | | | | | | | | | On one of my machines the cancellation of TPM commands does not work. The reason is that by writing into sysfs 'cancel' the tpm_tis_ready call causes the status flag TPM_STS_VALID to be set in the statusregister. However, the TIS driver seems to wait for TPM_STS_COMMAND_READY. Once a 2nd time sysfs 'cancel' is written to, the TPM_STS_COMMAND_READY flag also gets set, resulting in TPM_STS_VALID|TPM_STS_COMMAND_READY to be read from the status register. This patch now converts req_canceled into a function to enable more complex comparisons against possible cancellation status codes. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: Store TPM vendor IDStefan Berger2013-02-052-0/+3
| | | | | | | Store the TPM vendor ID for later use. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: Work around buggy TPMs that block during continue self testJason Gunthorpe2013-02-051-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We've been testing an alternative TPM for our embedded products and found random kernel boot failures due to time outs after the continue self test command. This was happening randomly, and has been *very* hard to track down, but it looks like with this chip there is some kind of race with the tpm_tis_status() check of TPM_STS_COMMAND_READY. If things get there 'too fast' then it sees the chip is ready, or tpm_tis_ready() works. Otherwise it takes somewhere over 400ms before the chip will return TPM_STS_COMMAND_READY. Adding some delay after tpm_continue_selftest() makes things reliably hit the failure path, otherwise it is a crapshot. The spec says it should be returning TPM_WARN_DOING_SELFTEST, not holding off on ready.. Boot log during this event looks like this: tpm_tis 70030000.tpm_tis: 1.2 TPM (device-id 0x3204, rev-id 64) tpm_tis 70030000.tpm_tis: Issuing TPM_STARTUP tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test tpm_tis 70030000.tpm_tis: tpm_transmit: tpm_send: error -62 tpm_tis 70030000.tpm_tis: [Hardware Error]: TPM command timed out during continue self test The other TPM vendor we use doesn't show this wonky behaviour: tpm_tis 70030000.tpm_tis: 1.2 TPM (device-id 0xFE, rev-id 70) Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm_i2c_stm_st33: fix oops when i2c client is unavailableKent Yoder2013-02-052-6/+11
| | | | | | | | | | | | | When no i2c bus exists, user-space can cause an oops by triggering a device probe through a message sent to an i2c "new_device" sysfs entry. Adding a check for a NULL i2c client structure in the probe function closes the hole. This patch also fixes accessing the NULL client struct in the print function call reporting the error. Reported-by: Peter Hüwe <PeterHuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: Use struct dev_pm_ops for power managementPeter Huewe2013-02-051-16/+12
| | | | | | | | This patch converts the suspend and resume functions for tpm_i2c_stm_st33 to the new dev_pm_ops. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: STMicroelectronics ST33 I2C BUILD STUFFMathias Leblanc2013-02-052-0/+11
| | | | | | | | | | | | | | | | | | | | * STMicroelectronics version 1.2.0, Copyright (C) 2010 * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. * This is free software, and you are welcome to redistribute it * under certain conditions. This is the driver for TPM chip from ST Microelectronics. If you have a TPM security chip from STMicroelectronics working with an I2C, in menuconfig or .config choose the tpm driver on device --> tpm and activate the protocol of your choice before compiling the kernel. The driver will be accessible from within Linux. Tested on linux x86/x64, beagleboard REV B & XM REV C and CHROMIUM OS Signed-off-by: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: rename STM driver to match other i2c driversKent Yoder2013-02-052-1/+1
| | | | Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: STM i2c driver fixesKent Yoder2013-02-052-89/+69
| | | | | | | | | | Store the i2c_client struct in the vendor private pointer. Get rid of the unnecessary include/linux/i2c/ header. Moved include files into the driver c file. Fix smatch warnings. Make use of module_i2c_driver(). Removed unused code from the tpm_stm_st33_i2c.h file. Fix return variable signedness in tpm_stm_i2c_send() and tpm_st33_i2c_probe(). Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* tpm: rename vendor data to priv and provide an accessorKent Yoder2013-02-052-5/+7
| | | | | | | | "data" was too generic a name for what's being used as a generic private pointer by vendor-specific code. Rename it to "priv" and provide a #define for users. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: STMicroelectronics ST33 I2C KERNEL 3.xMathias Leblanc2013-02-052-0/+984
| | | | | | | | | | | | | | | | | | | | * STMicroelectronics version 1.2.0, Copyright (C) 2010 * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. * This is free software, and you are welcome to redistribute it * under certain conditions. This is the driver for TPM chip from ST Microelectronics. If you have a TPM security chip from STMicroelectronics working with an I2C, in menuconfig or .config choose the tpm driver on device --> tpm and activate the protocol of your choice before compiling the kernel. The driver will be accessible from within Linux. Tested on linux x86/x64 on kernel 3.x Signed-off-by: Mathias Leblanc <mathias.leblanc@st.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: Use true and false for boolsPeter Huewe2013-02-051-6/+6
| | | | | | | | | | | | | | | Bool initializations should use true and false. Bool tests don't need comparisons. Based on contributions from Joe Perches, Rusty Russell and Bruce W Allan. The semantic patch that makes this output is available in scripts/coccinelle/misc/boolinit.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/ Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: Switch to __packed instead of __attribute__((packed))Jason Gunthorpe2013-02-052-21/+21
| | | | | | | | This seems to be preferred these days. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* TPM: Issue TPM_STARTUP at driver load if the TPM has not been startedJason Gunthorpe2013-02-052-4/+46
| | | | | | | | | | | | | | The TPM will respond to TPM_GET_CAP with TPM_ERR_INVALID_POSTINIT if TPM_STARTUP has not been issued. Detect this and automatically issue TPM_STARTUP. This is for embedded applications where the kernel is the first thing to touch the TPM. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Peter Huewe <peter.huewe@infineon.com> Reviewed-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: simplify duration calculation and eliminate smatch warning.Peter Huewe2013-02-051-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch changes the semantics of the duration calculation for an ordinal, by masking out the higher bits of a tpm command, which specify whether it's an TPM_PROTECTED_COMMAND, TPM_UNPROTECTED_COMMAND, TPM_CONNECTION_COMMAND, TPM_CONNECTION_COMMAND, TPM_VENDOR_COMMAND. (See TPM Main Spec Part 2 Section 17 for details). For all TPM_PROTECTED and TPM_CONNECTION commands the results are unchanged. The TPM_UNPROTECTED commands are TSS commands and thus irrelevant as they are not sent to the tpm. For vendor commands the semantics change for ordinals 10 and 11 but they were probably wrong anyway. For everything else which has the ordinal set to 10 or 11 the semantics change as it now uses TPM_UNDEFINED instead of TPM_SHORT which was probably wrong anyway (but irrelevant as not defined by the standard). This patch also gets rid of the (false positive) smatch warning: drivers/char/tpm/tpm.c:360 tpm_calc_ordinal_duration() error: buffer overflow 'tpm_protected_ordinal_duration' 12 <= 243 Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* char/tpm: Remove duplicated lookup tablePeter Huewe2013-02-051-17/+1
| | | | | | | | | | | The entries in tpm_protected_ordinal_duration are exactly the same as the first 12 in tpm_ordinal_duration, so we can simply remove this one, and save some bytes. This does not change the behavior of the driver. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* Merge branch 'for-linus' of ↵Linus Torvalds2012-12-162-56/+30
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "A quiet cycle for the security subsystem with just a few maintenance updates." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: create a sysfs mount point for smackfs Smack: use select not depends in Kconfig Yama: remove locking from delete path Yama: add RCU to drop read locking drivers/char/tpm: remove tasklet and cleanup KEYS: Use keyring_alloc() to create special keyrings KEYS: Reduce initial permissions on keys KEYS: Make the session and process keyrings per-thread seccomp: Make syscall skipping and nr changes more consistent key: Fix resource leak keys: Fix unreachable code KEYS: Add payload preparsing opportunity prior to key instantiate or update
| * drivers/char/tpm: remove tasklet and cleanupAshley Lai2012-11-012-56/+30
| | | | | | | | | | | | | | | | This patch removed the tasklet and moved the wait queue into the private structure. It also cleaned up the response CRQ path. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* | Merge tag 'char-misc-3.8-rc1' of ↵Linus Torvalds2012-12-114-6/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull Char/Misc driver merge from Greg Kroah-Hartman: "Here is the "big" char/misc driver patches for 3.8-rc1. I'm starting to put random driver subsystems that I had previously sent you through the driver-core tree in this tree, as it makes more sense to do so. Nothing major here, the various __dev* removals, some mei driver updates, and other random driver-specific things from the different maintainers and developers. Note, some MFD drivers got added through this tree, and they are also coming in through the "real" MFD tree as well, due to some major mis-communication between me and the different developers. If you have any merge conflicts, take the ones from the MFD tree, not these ones, sorry about that. All of this has been in linux-next for a while. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>" Fix up trivial conflict in drivers/mmc/host/Kconfig due to new drivers having been added (both at the end, as usual..) * tag 'char-misc-3.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (84 commits) MAINTAINERS: remove drivers/staging/hv/ misc/st_kim: Free resources in the error path of probe() drivers/char: for hpet, add count checking, and ~0UL instead of -1 w1-gpio: Simplify & get rid of defines w1-gpio: Pinctrl-fy extcon: remove use of __devexit_p extcon: remove use of __devinit extcon: remove use of __devexit drivers: uio: Only allocate new private data when probing device tree node drivers: uio_dmem_genirq: Allow partial success when opening device drivers: uio_dmem_genirq: Don't use DMA_ERROR_CODE to indicate unmapped regions drivers: uio_dmem_genirq: Don't mix address spaces for dynamic region vaddr uio: remove use of __devexit uio: remove use of __devinitdata uio: remove use of __devinit uio: remove use of __devexit_p char: remove use of __devexit char: remove use of __devinitconst char: remove use of __devinitdata char: remove use of __devinit ...
| * | char: remove use of __devexitBill Pemberton2012-11-214-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONFIG_HOTPLUG is going away as an option so __devexit is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: David Airlie <airlied@linux.ie> Cc: Olof Johansson <olof@lixom.net> Cc: Mattia Dongili <malattia@linux.it> Cc: Kent Yoder <key@linux.vnet.ibm.com> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-arm-kernel@lists.infradead.org Cc: openipmi-developer@lists.sourceforge.net Cc: platform-driver-x86@vger.kernel.org Cc: tpmdd-devel@lists.sourceforge.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * | char: remove use of __devinitdataBill Pemberton2012-11-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONFIG_HOTPLUG is going away as an option so __devinitdata is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: David Airlie <airlied@linux.ie> Cc: Kent Yoder <key@linux.vnet.ibm.com> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Cc: openipmi-developer@lists.sourceforge.net Cc: tpmdd-devel@lists.sourceforge.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | | tpm_infineon: remove use of __devexit_pBill Pemberton2012-11-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONFIG_HOTPLUG is going away as an option so __devexit_p is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Acked-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | | tpm: remove use of __devinitBill Pemberton2012-11-284-5/+5
|/ / | | | | | | | | | | | | | | | | | | | | | | CONFIG_HOTPLUG is going away as an option so __devinit is no longer needed. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Cc: Rajiv Andrade <mail@srajiv.net> Cc: Marcel Selhorst <tpmdd@selhorst.net> Cc: Sirrix AG <tpmdd@sirrix.com> Acked-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | Merge branch 'tpmdd-next-v3.6' of git://github.com/shpedoikal/linux into ↵James Morris2012-10-111-7/+14
|\ \ | | | | | | | | | for-linus
| * | tpm: Propagate error from tpm_transmit to fix a timeout hangPeter Huewe2012-10-101-7/+14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tpm_write calls tpm_transmit without checking the return value and assigns the return value unconditionally to chip->pending_data, even if it's an error value. This causes three bugs. So if we write to /dev/tpm0 with a tpm_param_size bigger than TPM_BUFSIZE=0x1000 (e.g. 0x100a) and a bufsize also bigger than TPM_BUFSIZE (e.g. 0x100a) tpm_transmit returns -E2BIG which is assigned to chip->pending_data as -7, but tpm_write returns that TPM_BUFSIZE bytes have been successfully been written to the TPM, altough this is not true (bug #1). As we did write more than than TPM_BUFSIZE bytes but tpm_write reports that only TPM_BUFSIZE bytes have been written the vfs tries to write the remaining bytes (in this case 10 bytes) to the tpm device driver via tpm_write which then blocks at /* cannot perform a write until the read has cleared either via tpm_read or a user_read_timer timeout */ while (atomic_read(&chip->data_pending) != 0) msleep(TPM_TIMEOUT); for 60 seconds, since data_pending is -7 and nobody is able to read it (since tpm_read luckily checks if data_pending is greater than 0) (#bug 2). After that the remaining bytes are written to the TPM which are interpreted by the tpm as a normal command. (bug #3) So if the last bytes of the command stream happen to be a e.g. tpm_force_clear this gets accidentally sent to the TPM. This patch fixes all three bugs, by propagating the error code of tpm_write and returning -E2BIG if the input buffer is too big, since the response from the tpm for a truncated value is bogus anyway. Moreover it returns -EBUSY to userspace if there is a response ready to be read. Signed-off-by: Peter Huewe <peter.huewe@infineon.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* | driver/char/tpm: fix regression causesd by ppiGang Wei2012-10-103-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch try to fix the S3 regression https://lkml.org/lkml/2012/10/5/433, which includes below line: [ 1554.684638] sysfs: cannot create duplicate filename '/devices/pnp0/00:0c/ppi' The root cause is that ppi sysfs teardown code is MIA, so while S3 resume, the ppi kobject will be created again upon existing one. To make the tear down code simple, change the ppi subfolder creation from using kobject_create_and_add to just using a named ppi attribute_group. Then ppi sysfs teardown could be done with a simple sysfs_remove_group call. Adjusted the name & return type for ppi sysfs init function. Reported-by: Ben Guthro <ben@guthro.net> Signed-off-by: Gang Wei <gang.wei@intel.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
* | Merge branch 'next' of ↵Linus Torvalds2012-10-0213-160/+2376
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "Highlights: - Integrity: add local fs integrity verification to detect offline attacks - Integrity: add digital signature verification - Simple stacking of Yama with other LSMs (per LSS discussions) - IBM vTPM support on ppc64 - Add new driver for Infineon I2C TIS TPM - Smack: add rule revocation for subject labels" Fixed conflicts with the user namespace support in kernel/auditsc.c and security/integrity/ima/ima_policy.c. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits) Documentation: Update git repository URL for Smack userland tools ima: change flags container data type Smack: setprocattr memory leak fix Smack: implement revoking all rules for a subject label Smack: remove task_wait() hook. ima: audit log hashes ima: generic IMA action flag handling ima: rename ima_must_appraise_or_measure audit: export audit_log_task_info tpm: fix tpm_acpi sparse warning on different address spaces samples/seccomp: fix 31 bit build on s390 ima: digital signature verification support ima: add support for different security.ima data types ima: add ima_inode_setxattr/removexattr function and calls ima: add inode_post_setattr call ima: replace iint spinblock with rwlock/read_lock ima: allocating iint improvements ima: add appraise action keywords and default rules ima: integrity appraisal extension vfs: move ima_file_free before releasing the file ...
| * tpm: fix tpm_acpi sparse warning on different address spacesKent Yoder2012-09-121-2/+2
| | | | | | | | | | | | | | | | | | acpi_os_map_memory expects its return value to be in the __iomem address space. Tag the variable we're using as such and use memcpy_fromio to avoid further sparse warnings. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
| * driver/char/tpm: declare internal symbols as staticXiaoyan Zhang2012-09-042-20/+21
| | | | | | | | | | | | | | | | | | | | This patch declares the internal struct and functions as static to provide more security. Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Reviewed-by: Kent Yoder <key@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
| * driver: add PPI support in tpm driverXiaoyan Zhang2012-08-224-1/+475
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Physical Presence Interface enables the OS and the BIOS to cooperate and provides a simple and straightforward platform user experience for administering the TPM without sacrificing security. V2: separate the patch out in a separate source file, add #ifdef CONFIG_ACPI so it compiles out on ppc, use standard error instead of ACPI error as return code of show/store fns. V3: move #ifdef CONFIG_ACPI from .c file to .h file. V4: move tpm_ppi code from tpm module to tpm_bios module. V5: modify sys_add_ppi() so that ppi_attr_grp doesn't need to be exported Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang@intel.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
| * tpm: Do not dereference NULL pointer if acpi_os_map_memory() fails.Jesper Juhl2012-08-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In drivers/char/tpm/tpm_acpi.c::read_log() we call acpi_os_map_memory(). That call may fail for a number of reasons (invalid address, out of memory etc). If the call fails it returns NULL and we just pass that to memcpy() unconditionally, which will go bad when it tries to dereference the pointer. Unfortunately we just get NULL back, so we can't really tell the user exactely what went wrong, but we can at least avoid crashing and return an error (-EIO seemed more generic and more suitable here than -ENOMEM or something else, so I picked that). Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
| * drivers/char/tpm: Add securityfs support for event logAshley Lai2012-08-224-12/+93
| | | | | | | | | | | | | | | | | | This patch retrieves the event log data from the device tree during file open. The event log data will then displayed through securityfs. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
| * drivers/char/tpm: Add new device driver to support IBM vTPMAshley Lai2012-08-225-0/+836
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a new device driver to support IBM virtual TPM (vTPM) for PPC64. IBM vTPM is supported through the adjunct partition with firmware release 740 or higher. With vTPM support, each lpar is able to have its own vTPM without the physical TPM hardware. This driver provides TPM functionalities by communicating with the vTPM adjunct partition through Hypervisor calls (Hcalls) and Command/Response Queue (CRQ) commands. Signed-off-by: Ashley Lai <adlai@us.ibm.com> Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
| * tpm: compile out unused code in the PNP and PM casesKent Yoder2012-08-221-1/+2
| | | | | | | | | | | | | | | | The tpm_tis driver doesn't use tpm_tis_resume except when PM is configured and doesn't make use of tpm_tis_reenable_interrupts except when PM or PNP is configured. Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>