2 * Copyright (c) 2018 Stormshield.
3 * Copyright (c) 2018 Semihalf.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #include <sys/random.h>
35 #define TPM_HARVEST_SIZE 16
37 * Perform a harvest every 10 seconds.
38 * Since discrete TPMs are painfully slow
39 * we don't want to execute this too often
40 * as the chip is likely to be used by others too.
42 #define TPM_HARVEST_INTERVAL 10000000
44 MALLOC_DEFINE(M_TPM20, "tpm_buffer", "buffer for tpm 2.0 driver");
46 static void tpm20_discard_buffer(void *arg);
48 static void tpm20_harvest(void *arg);
50 static int tpm20_save_state(device_t dev, bool suspend);
52 static d_open_t tpm20_open;
53 static d_close_t tpm20_close;
54 static d_read_t tpm20_read;
55 static d_write_t tpm20_write;
56 static d_ioctl_t tpm20_ioctl;
58 static struct cdevsw tpm20_cdevsw = {
59 .d_version = D_VERSION,
61 .d_close = tpm20_close,
63 .d_write = tpm20_write,
64 .d_ioctl = tpm20_ioctl,
69 tpm20_read(struct cdev *dev, struct uio *uio, int flags)
72 size_t bytes_to_transfer;
75 sc = (struct tpm_sc *)dev->si_drv1;
77 callout_stop(&sc->discard_buffer_callout);
78 sx_xlock(&sc->dev_lock);
79 if (sc->owner_tid != uio->uio_td->td_tid) {
80 sx_xunlock(&sc->dev_lock);
84 bytes_to_transfer = MIN(sc->pending_data_length, uio->uio_resid);
85 if (bytes_to_transfer > 0) {
86 result = uiomove((caddr_t) sc->buf, bytes_to_transfer, uio);
87 memset(sc->buf, 0, TPM_BUFSIZE);
88 sc->pending_data_length = 0;
89 cv_signal(&sc->buf_cv);
94 sx_xunlock(&sc->dev_lock);
100 tpm20_write(struct cdev *dev, struct uio *uio, int flags)
106 sc = (struct tpm_sc *)dev->si_drv1;
108 byte_count = uio->uio_resid;
109 if (byte_count < TPM_HEADER_SIZE) {
110 device_printf(sc->dev,
111 "Requested transfer is too small\n");
115 if (byte_count > TPM_BUFSIZE) {
116 device_printf(sc->dev,
117 "Requested transfer is too large\n");
121 sx_xlock(&sc->dev_lock);
123 while (sc->pending_data_length != 0)
124 cv_wait(&sc->buf_cv, &sc->dev_lock);
126 result = uiomove(sc->buf, byte_count, uio);
128 sx_xunlock(&sc->dev_lock);
132 result = sc->transmit(sc, byte_count);
135 callout_reset(&sc->discard_buffer_callout,
136 TPM_READ_TIMEOUT / tick, tpm20_discard_buffer, sc);
137 sc->owner_tid = uio->uio_td->td_tid;
140 sx_xunlock(&sc->dev_lock);
145 tpm20_discard_buffer(void *arg)
149 sc = (struct tpm_sc *)arg;
150 if (callout_pending(&sc->discard_buffer_callout))
153 sx_xlock(&sc->dev_lock);
155 memset(sc->buf, 0, TPM_BUFSIZE);
156 sc->pending_data_length = 0;
158 cv_signal(&sc->buf_cv);
159 sx_xunlock(&sc->dev_lock);
161 device_printf(sc->dev,
162 "User failed to read buffer in time\n");
166 tpm20_open(struct cdev *dev, int flag, int mode, struct thread *td)
173 tpm20_close(struct cdev *dev, int flag, int mode, struct thread *td)
180 tpm20_ioctl(struct cdev *dev, u_long cmd, caddr_t data,
181 int flags, struct thread *td)
188 tpm20_init(struct tpm_sc *sc)
190 struct make_dev_args args;
193 cv_init(&sc->buf_cv, "TPM buffer cv");
194 callout_init(&sc->discard_buffer_callout, 1);
196 sc->harvest_ticks = TPM_HARVEST_INTERVAL / tick;
197 callout_init(&sc->harvest_callout, 1);
198 callout_reset(&sc->harvest_callout, 0, tpm20_harvest, sc);
200 sc->pending_data_length = 0;
202 make_dev_args_init(&args);
203 args.mda_devsw = &tpm20_cdevsw;
204 args.mda_uid = UID_ROOT;
205 args.mda_gid = GID_WHEEL;
206 args.mda_mode = TPM_CDEV_PERM_FLAG;
207 args.mda_si_drv1 = sc;
208 result = make_dev_s(&args, &sc->sc_cdev, TPM_CDEV_NAME);
217 tpm20_release(struct tpm_sc *sc)
221 callout_drain(&sc->harvest_callout);
225 free(sc->buf, M_TPM20);
227 sx_destroy(&sc->dev_lock);
228 cv_destroy(&sc->buf_cv);
229 if (sc->sc_cdev != NULL)
230 destroy_dev(sc->sc_cdev);
234 tpm20_suspend(device_t dev)
236 return (tpm20_save_state(dev, true));
240 tpm20_shutdown(device_t dev)
242 return (tpm20_save_state(dev, false));
248 * Get TPM_HARVEST_SIZE random bytes and add them
249 * into system entropy pool.
252 tpm20_harvest(void *arg)
255 unsigned char entropy[TPM_HARVEST_SIZE];
256 uint16_t entropy_size;
259 0x80, 0x01, /* TPM_ST_NO_SESSIONS tag*/
260 0x00, 0x00, 0x00, 0x0c, /* cmd length */
261 0x00, 0x00, 0x01, 0x7b, /* cmd TPM_CC_GetRandom */
262 0x00, TPM_HARVEST_SIZE /* number of bytes requested */
266 sx_xlock(&sc->dev_lock);
267 while (sc->pending_data_length != 0)
268 cv_wait(&sc->buf_cv, &sc->dev_lock);
270 memcpy(sc->buf, cmd, sizeof(cmd));
271 result = sc->transmit(sc, sizeof(cmd));
273 sx_xunlock(&sc->dev_lock);
277 /* Ignore response size */
278 sc->pending_data_length = 0;
280 /* The number of random bytes we got is placed right after the header */
281 entropy_size = (uint16_t) sc->buf[TPM_HEADER_SIZE + 1];
282 if (entropy_size > 0) {
283 entropy_size = MIN(entropy_size, TPM_HARVEST_SIZE);
285 sc->buf + TPM_HEADER_SIZE + sizeof(uint16_t),
289 sx_xunlock(&sc->dev_lock);
290 if (entropy_size > 0)
291 random_harvest_queue(entropy, entropy_size, RANDOM_PURE_TPM);
293 callout_reset(&sc->harvest_callout, sc->harvest_ticks, tpm20_harvest, sc);
295 #endif /* TPM_HARVEST */
298 tpm20_save_state(device_t dev, bool suspend)
301 uint8_t save_cmd[] = {
302 0x80, 0x01, /* TPM_ST_NO_SESSIONS tag*/
303 0x00, 0x00, 0x00, 0x0C, /* cmd length */
304 0x00, 0x00, 0x01, 0x45, /* cmd TPM_CC_Shutdown */
305 0x00, 0x00 /* TPM_SU_STATE */
308 sc = device_get_softc(dev);
311 * Inform the TPM whether we are going to suspend or reboot/shutdown.
314 save_cmd[11] = 1; /* TPM_SU_STATE */
316 if (sc == NULL || sc->buf == NULL)
319 sx_xlock(&sc->dev_lock);
321 memcpy(sc->buf, save_cmd, sizeof(save_cmd));
322 sc->transmit(sc, sizeof(save_cmd));
324 sx_xunlock(&sc->dev_lock);
330 tpm20_get_timeout(uint32_t command)
335 case TPM_CC_CreatePrimary:
337 case TPM_CC_CreateLoaded:
338 timeout = TPM_TIMEOUT_LONG;
340 case TPM_CC_SequenceComplete:
342 case TPM_CC_SequenceUpdate:
343 case TPM_CC_GetCapability:
344 case TPM_CC_PCR_Extend:
345 case TPM_CC_EventSequenceComplete:
346 case TPM_CC_HashSequenceStart:
347 timeout = TPM_TIMEOUT_C;
350 timeout = TPM_TIMEOUT_B;