328 lines
11 KiB
Diff
328 lines
11 KiB
Diff
From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001
|
|
From: Shuicheng Lin <shuicheng.lin@intel.com>
|
|
Date: Sat, 29 Dec 2018 02:51:39 +0800
|
|
Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6
|
|
3.10.0-957.1.3 kernel
|
|
|
|
[commit aad887f6641145fec2a801da2ce4ed36cf99c6a5 from Upstream linux-tpmdd repo]
|
|
|
|
"
|
|
From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001
|
|
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Date: Sun, 5 Nov 2017 13:16:26 +0200
|
|
Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get()
|
|
|
|
Device number (the character device index) is not a stable identifier
|
|
for a TPM chip. That is the reason why every call site passes
|
|
TPM_ANY_NUM to tpm_chip_find_get().
|
|
|
|
This commit changes the API in a way that instead a struct tpm_chip
|
|
instance is given and NULL means the default chip. In addition, this
|
|
commit refines the documentation to be up to date with the
|
|
implementation.
|
|
|
|
Suggested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> (@chip_num -> @chip part)
|
|
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Reviewed-by: Jason Gunthorpe <jgg@ziepe.ca>
|
|
Tested-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
|
|
"
|
|
|
|
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
|
|
---
|
|
tpm-chip.c | 15 +++----
|
|
tpm-interface.c | 133 +++++++++++++++++++++++++++++---------------------------
|
|
tpm.h | 2 +-
|
|
3 files changed, 76 insertions(+), 74 deletions(-)
|
|
|
|
diff --git a/tpm-chip.c b/tpm-chip.c
|
|
index a321bd5..84710e0 100644
|
|
--- a/tpm-chip.c
|
|
+++ b/tpm-chip.c
|
|
@@ -80,21 +80,21 @@ void tpm_put_ops(struct tpm_chip *chip)
|
|
EXPORT_SYMBOL_GPL(tpm_put_ops);
|
|
|
|
/**
|
|
- * tpm_chip_find_get() - return tpm_chip for a given chip number
|
|
- * @chip_num: id to find
|
|
+ * tpm_chip_find_get() - find and reserve a TPM chip
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
*
|
|
* The return'd chip has been tpm_try_get_ops'd and must be released via
|
|
* tpm_put_ops
|
|
*/
|
|
-struct tpm_chip *tpm_chip_find_get(int chip_num)
|
|
+struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip)
|
|
{
|
|
- struct tpm_chip *chip, *res = NULL;
|
|
+ struct tpm_chip *res = NULL;
|
|
+ int chip_num = 0;
|
|
int chip_prev;
|
|
|
|
mutex_lock(&idr_lock);
|
|
|
|
- if (chip_num == TPM_ANY_NUM) {
|
|
- chip_num = 0;
|
|
+ if (!chip) {
|
|
do {
|
|
chip_prev = chip_num;
|
|
chip = idr_get_next(&dev_nums_idr, &chip_num);
|
|
@@ -104,8 +104,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num)
|
|
}
|
|
} while (chip_prev != chip_num);
|
|
} else {
|
|
- chip = idr_find(&dev_nums_idr, chip_num);
|
|
- if (chip && !tpm_try_get_ops(chip))
|
|
+ if (!tpm_try_get_ops(chip))
|
|
res = chip;
|
|
}
|
|
|
|
diff --git a/tpm-interface.c b/tpm-interface.c
|
|
index 69041ec..036c6b6 100644
|
|
--- a/tpm-interface.c
|
|
+++ b/tpm-interface.c
|
|
@@ -787,19 +787,18 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
|
|
}
|
|
|
|
/**
|
|
- * tpm_is_tpm2 - is the chip a TPM2 chip?
|
|
- * @chip_num: tpm idx # or ANY
|
|
+ * tpm_is_tpm2 - do we a have a TPM2 chip?
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
*
|
|
* Returns < 0 on error, and 1 or 0 on success depending whether the chip
|
|
* is a TPM2 chip.
|
|
*/
|
|
-int tpm_is_tpm2(u32 chip_num)
|
|
+int tpm_is_tpm2(struct tpm_chip *chip)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
int rc;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL)
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip)
|
|
return -ENODEV;
|
|
|
|
rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
|
|
@@ -811,23 +810,18 @@ int tpm_is_tpm2(u32 chip_num)
|
|
EXPORT_SYMBOL_GPL(tpm_is_tpm2);
|
|
|
|
/**
|
|
- * tpm_pcr_read - read a pcr value
|
|
- * @chip_num: tpm idx # or ANY
|
|
- * @pcr_idx: pcr idx to retrieve
|
|
- * @res_buf: TPM_PCR value
|
|
- * size of res_buf is 20 bytes (or NULL if you don't care)
|
|
- *
|
|
- * The TPM driver should be built-in, but for whatever reason it
|
|
- * isn't, protect against the chip disappearing, by incrementing
|
|
- * the module usage count.
|
|
+ * tpm_pcr_read - read a PCR value from SHA1 bank
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @pcr_idx: the PCR to be retrieved
|
|
+ * @res_buf: the value of the PCR
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
*/
|
|
-int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
|
|
+int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
int rc;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL)
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip)
|
|
return -ENODEV;
|
|
if (chip->flags & TPM_CHIP_FLAG_TPM2)
|
|
rc = tpm2_pcr_read(chip, pcr_idx, res_buf);
|
|
@@ -848,26 +842,27 @@ static const struct tpm_input_header pcrextend_header = {
|
|
};
|
|
|
|
/**
|
|
- * tpm_pcr_extend - extend pcr value with hash
|
|
- * @chip_num: tpm idx # or AN&
|
|
- * @pcr_idx: pcr idx to extend
|
|
- * @hash: hash value used to extend pcr value
|
|
+ * tpm_pcr_extend - extend a PCR value in SHA1 bank.
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @pcr_idx: the PCR to be retrieved
|
|
+ * @hash: the hash value used to extend the PCR value
|
|
*
|
|
- * The TPM driver should be built-in, but for whatever reason it
|
|
- * isn't, protect against the chip disappearing, by incrementing
|
|
- * the module usage count.
|
|
+ * Note: with TPM 2.0 extends also those banks with a known digest size to the
|
|
+ * cryto subsystem in order to prevent malicious use of those PCR banks. In the
|
|
+ * future we should dynamically determine digest sizes.
|
|
+ *
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
*/
|
|
-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
|
|
+int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
|
|
{
|
|
struct tpm_cmd_t cmd;
|
|
int rc;
|
|
- struct tpm_chip *chip;
|
|
struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)];
|
|
u32 count = 0;
|
|
int i;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL)
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip)
|
|
return -ENODEV;
|
|
|
|
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
|
|
@@ -984,17 +979,24 @@ out:
|
|
return rc;
|
|
}
|
|
|
|
-int tpm_send(u32 chip_num, void *cmd, size_t buflen)
|
|
+/**
|
|
+ * tpm_send - send a TPM command
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @cmd: a TPM command buffer
|
|
+ * @buflen: the length of the TPM command buffer
|
|
+ *
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
+ */
|
|
+int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
int rc;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL)
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip)
|
|
return -ENODEV;
|
|
|
|
rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0,
|
|
- "attempting tpm_cmd");
|
|
+ "attempting to a send a command");
|
|
tpm_put_ops(chip);
|
|
return rc;
|
|
}
|
|
@@ -1164,16 +1166,15 @@ static const struct tpm_input_header tpm_getrandom_header = {
|
|
};
|
|
|
|
/**
|
|
- * tpm_get_random() - Get random bytes from the tpm's RNG
|
|
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
|
|
- * @out: destination buffer for the random bytes
|
|
- * @max: the max number of bytes to write to @out
|
|
+ * tpm_get_random() - get random bytes from the TPM's RNG
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @out: destination buffer for the random bytes
|
|
+ * @max: the max number of bytes to write to @out
|
|
*
|
|
- * Returns < 0 on error and the number of bytes read on success
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
*/
|
|
-int tpm_get_random(u32 chip_num, u8 *out, size_t max)
|
|
+int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
struct tpm_cmd_t tpm_cmd;
|
|
u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength;
|
|
int err, total = 0, retries = 5;
|
|
@@ -1182,8 +1183,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
|
|
if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
|
|
return -EINVAL;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL)
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip)
|
|
return -ENODEV;
|
|
|
|
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
|
|
@@ -1225,22 +1226,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
|
|
EXPORT_SYMBOL_GPL(tpm_get_random);
|
|
|
|
/**
|
|
- * tpm_seal_trusted() - seal a trusted key
|
|
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
|
|
- * @options: authentication values and other options
|
|
- * @payload: the key data in clear and encrypted form
|
|
+ * tpm_seal_trusted() - seal a trusted key payload
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @options: authentication values and other options
|
|
+ * @payload: the key data in clear and encrypted form
|
|
+ *
|
|
+ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
|
|
+ * the keyring subsystem.
|
|
*
|
|
- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
|
|
- * are supported.
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
*/
|
|
-int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
|
|
+int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,
|
|
struct trusted_key_options *options)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
int rc;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
|
|
return -ENODEV;
|
|
|
|
rc = tpm2_seal_trusted(chip, payload, options);
|
|
@@ -1251,22 +1253,23 @@ int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
|
|
EXPORT_SYMBOL_GPL(tpm_seal_trusted);
|
|
|
|
/**
|
|
- * tpm_unseal_trusted() - unseal a trusted key
|
|
- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
|
|
- * @options: authentication values and other options
|
|
- * @payload: the key data in clear and encrypted form
|
|
+ * @chip: a &struct tpm_chip instance, %NULL for the default chip
|
|
+ * @options: authentication values and other options
|
|
+ * @payload: the key data in clear and encrypted form
|
|
+ *
|
|
+ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
|
|
+ * the keyring subsystem.
|
|
*
|
|
- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
|
|
- * are supported.
|
|
+ * Return: same as with tpm_transmit_cmd()
|
|
*/
|
|
-int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload,
|
|
- struct trusted_key_options *options)
|
|
+int tpm_unseal_trusted(struct tpm_chip *chip,
|
|
+ struct trusted_key_payload *payload,
|
|
+ struct trusted_key_options *options)
|
|
{
|
|
- struct tpm_chip *chip;
|
|
int rc;
|
|
|
|
- chip = tpm_chip_find_get(chip_num);
|
|
- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
|
|
+ chip = tpm_chip_find_get(chip);
|
|
+ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
|
|
return -ENODEV;
|
|
|
|
rc = tpm2_unseal_trusted(chip, payload, options);
|
|
diff --git a/tpm.h b/tpm.h
|
|
index e2c9f06..6d847a2 100644
|
|
--- a/tpm.h
|
|
+++ b/tpm.h
|
|
@@ -557,7 +557,7 @@ static inline void tpm_msleep(unsigned int delay_msec)
|
|
delay_msec * 1000);
|
|
};
|
|
|
|
-struct tpm_chip *tpm_chip_find_get(int chip_num);
|
|
+struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip);
|
|
__must_check int tpm_try_get_ops(struct tpm_chip *chip);
|
|
void tpm_put_ops(struct tpm_chip *chip);
|
|
|
|
--
|
|
2.7.4
|
|
|