Merge tag 'tpmdd-next-20191112' of git://git.infradead.org/users/jjs/linux-tpmdd

* H1 Secure Microcontroller with Cr50 Firmware on SPI Bus.

H1 Secure Microcontroller running Cr50 firmware provides several

functions, including TPM-like functionality. It communicates over

SPI using the FIFO protocol described in the PTP Spec, section 6.

Required properties:

- compatible: Should be "google,cr50".

- spi-max-frequency: Maximum SPI frequency.

Example:

&spi0 {

	tpm@0 {

		compatible = "google,cr50";

		reg = <0>;

		spi-max-frequency = <800000>;

	};

};

#include <crypto/sha.h>

#include <asm/unaligned.h>

#include <keys/asymmetric-subtype.h>

#include <keys/trusted.h>

#include <keys/trusted_tpm.h>

#include <crypto/asym_tpm_subtype.h>

#include <crypto/public_key.h>

#define TPM_ORD_LOADKEY2	65

#define TPM_ORD_UNBIND		30

#define TPM_ORD_SIGN		60

#define TPM_LOADKEY2_SIZE		59

#define TPM_FLUSHSPECIFIC_SIZE		18

#define TPM_UNBIND_SIZE			63

#define TPM_SIGN_SIZE			63

#define TPM_RT_KEY                      0x00000001

		return ret;

	/* build the request buffer */

	INIT_BUF(tb);

	store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);

	store32(tb, TPM_LOADKEY2_SIZE + keybloblen);

	store32(tb, TPM_ORD_LOADKEY2);

	store32(tb, keyhandle);

	storebytes(tb, keyblob, keybloblen);

	store32(tb, authhandle);

	storebytes(tb, nonceodd, TPM_NONCE_SIZE);

	store8(tb, cont);

	storebytes(tb, authdata, SHA1_DIGEST_SIZE);

	tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_LOADKEY2);

	tpm_buf_append_u32(tb, keyhandle);

	tpm_buf_append(tb, keyblob, keybloblen);

	tpm_buf_append_u32(tb, authhandle);

	tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);

	tpm_buf_append_u8(tb, cont);

	tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);

	ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);

	if (ret < 0) {

 */

static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)

{

	INIT_BUF(tb);

	store16(tb, TPM_TAG_RQU_COMMAND);

	store32(tb, TPM_FLUSHSPECIFIC_SIZE);

	store32(tb, TPM_ORD_FLUSHSPECIFIC);

	store32(tb, handle);

	store32(tb, TPM_RT_KEY);

	tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_FLUSHSPECIFIC);

	tpm_buf_append_u32(tb, handle);

	tpm_buf_append_u32(tb, TPM_RT_KEY);

	return trusted_tpm_send(tb->data, MAX_BUF_SIZE);

}

		return ret;

	/* build the request buffer */

	INIT_BUF(tb);

	store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);

	store32(tb, TPM_UNBIND_SIZE + bloblen);

	store32(tb, TPM_ORD_UNBIND);

	store32(tb, keyhandle);

	store32(tb, bloblen);

	storebytes(tb, blob, bloblen);

	store32(tb, authhandle);

	storebytes(tb, nonceodd, TPM_NONCE_SIZE);

	store8(tb, cont);

	storebytes(tb, authdata, SHA1_DIGEST_SIZE);

	tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_UNBIND);

	tpm_buf_append_u32(tb, keyhandle);

	tpm_buf_append_u32(tb, bloblen);

	tpm_buf_append(tb, blob, bloblen);

	tpm_buf_append_u32(tb, authhandle);

	tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);

	tpm_buf_append_u8(tb, cont);

	tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);

	ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);

	if (ret < 0) {

		return ret;

	/* build the request buffer */

	INIT_BUF(tb);

	store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);

	store32(tb, TPM_SIGN_SIZE + bloblen);

	store32(tb, TPM_ORD_SIGN);

	store32(tb, keyhandle);

	store32(tb, bloblen);

	storebytes(tb, blob, bloblen);

	store32(tb, authhandle);

	storebytes(tb, nonceodd, TPM_NONCE_SIZE);

	store8(tb, cont);

	storebytes(tb, authdata, SHA1_DIGEST_SIZE);

	tpm_buf_reset(tb, TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_SIGN);

	tpm_buf_append_u32(tb, keyhandle);

	tpm_buf_append_u32(tb, bloblen);

	tpm_buf_append(tb, blob, bloblen);

	tpm_buf_append_u32(tb, authhandle);

	tpm_buf_append(tb, nonceodd, TPM_NONCE_SIZE);

	tpm_buf_append_u8(tb, cont);

	tpm_buf_append(tb, authdata, SHA1_DIGEST_SIZE);

	ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);

	if (ret < 0) {

			   struct kernel_pkey_params *params,

			   const void *in, void *out)

{

	struct tpm_buf *tb;

	struct tpm_buf tb;

	uint32_t keyhandle;

	uint8_t srkauth[SHA1_DIGEST_SIZE];

	uint8_t keyauth[SHA1_DIGEST_SIZE];

	if (strcmp(params->encoding, "pkcs1"))

		return -ENOPKG;

	tb = kzalloc(sizeof(*tb), GFP_KERNEL);

	if (!tb)

		return -ENOMEM;

	r = tpm_buf_init(&tb, 0, 0);

	if (r)

		return r;

	/* TODO: Handle a non-all zero SRK authorization */

	memset(srkauth, 0, sizeof(srkauth));

	r = tpm_loadkey2(tb, SRKHANDLE, srkauth,

	r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,

				tk->blob, tk->blob_len, &keyhandle);

	if (r < 0) {

		pr_devel("loadkey2 failed (%d)\n", r);

	/* TODO: Handle a non-all zero key authorization */

	memset(keyauth, 0, sizeof(keyauth));

	r = tpm_unbind(tb, keyhandle, keyauth,

	r = tpm_unbind(&tb, keyhandle, keyauth,

		       in, params->in_len, out, params->out_len);

	if (r < 0)

		pr_devel("tpm_unbind failed (%d)\n", r);

	if (tpm_flushspecific(tb, keyhandle) < 0)

	if (tpm_flushspecific(&tb, keyhandle) < 0)

		pr_devel("flushspecific failed (%d)\n", r);

error:

	kzfree(tb);

	tpm_buf_destroy(&tb);

	pr_devel("<==%s() = %d\n", __func__, r);

	return r;

}

			struct kernel_pkey_params *params,

			const void *in, void *out)

{

	struct tpm_buf *tb;

	struct tpm_buf tb;

	uint32_t keyhandle;

	uint8_t srkauth[SHA1_DIGEST_SIZE];

	uint8_t keyauth[SHA1_DIGEST_SIZE];

		goto error_free_asn1_wrapped;

	}

	r = -ENOMEM;

	tb = kzalloc(sizeof(*tb), GFP_KERNEL);

	if (!tb)

	r = tpm_buf_init(&tb, 0, 0);

	if (r)

		goto error_free_asn1_wrapped;

	/* TODO: Handle a non-all zero SRK authorization */

	memset(srkauth, 0, sizeof(srkauth));

	r = tpm_loadkey2(tb, SRKHANDLE, srkauth,

	r = tpm_loadkey2(&tb, SRKHANDLE, srkauth,

			 tk->blob, tk->blob_len, &keyhandle);

	if (r < 0) {

		pr_devel("loadkey2 failed (%d)\n", r);

	/* TODO: Handle a non-all zero key authorization */

	memset(keyauth, 0, sizeof(keyauth));

	r = tpm_sign(tb, keyhandle, keyauth, in, in_len, out, params->out_len);

	r = tpm_sign(&tb, keyhandle, keyauth, in, in_len, out, params->out_len);

	if (r < 0)

		pr_devel("tpm_sign failed (%d)\n", r);

	if (tpm_flushspecific(tb, keyhandle) < 0)

	if (tpm_flushspecific(&tb, keyhandle) < 0)

		pr_devel("flushspecific failed (%d)\n", r);

error_free_tb:

	kzfree(tb);

	tpm_buf_destroy(&tb);

error_free_asn1_wrapped:

	kfree(asn1_wrapped);

	pr_devel("<==%s() = %d\n", __func__, r);

	  within Linux. To compile this driver as a module, choose  M here;

	  the module will be called tpm_tis_spi.

config TCG_TIS_SPI_CR50

	bool "Cr50 SPI Interface"

	depends on TCG_TIS_SPI

	help

	  If you have a H1 secure module running Cr50 firmware on SPI bus,

	  say Yes and it will be accessible from within Linux.

config TCG_TIS_I2C_ATMEL

	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"

	depends on I2C

tpm-$(CONFIG_OF) += eventlog/of.o

obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o

obj-$(CONFIG_TCG_TIS) += tpm_tis.o

obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o

obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi_mod.o

tpm_tis_spi_mod-y := tpm_tis_spi.o

tpm_tis_spi_mod-$(CONFIG_TCG_TIS_SPI_CR50) += tpm_tis_spi_cr50.o

obj-$(CONFIG_TCG_TIS_I2C_ATMEL) += tpm_i2c_atmel.o

obj-$(CONFIG_TCG_TIS_I2C_INFINEON) += tpm_i2c_infineon.o

obj-$(CONFIG_TCG_TIS_I2C_NUVOTON) += tpm_i2c_nuvoton.o

#include <linux/slab.h>

#include <linux/mutex.h>

#include <linux/spinlock.h>

#include <linux/suspend.h>

#include <linux/freezer.h>

#include <linux/tpm_eventlog.h>

		return -ENODEV;

	if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)

		return 0;

		goto suspended;

	if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) &&

	    !pm_suspend_via_firmware())

		goto suspended;

	if (!tpm_chip_start(chip)) {

		if (chip->flags & TPM_CHIP_FLAG_TPM2)

		tpm_chip_stop(chip);

	}

suspended:

	return rc;

}

EXPORT_SYMBOL_GPL(tpm_pm_suspend);

}

EXPORT_SYMBOL_GPL(tpm_get_random);

/**

 * tpm_seal_trusted() - seal a trusted key payload

 * @chip:	a &struct tpm_chip instance, %NULL for the default chip

 * @options:	authentication values and other options

 * @payload:	the key data in clear and encrypted form

 *

 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in

 * the keyring subsystem.

 *

 * Return: same as with tpm_transmit_cmd()

 */

int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,

		     struct trusted_key_options *options)

{

	int rc;

	chip = tpm_find_get_ops(chip);

	if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))

		return -ENODEV;

	rc = tpm2_seal_trusted(chip, payload, options);

	tpm_put_ops(chip);

	return rc;

}

EXPORT_SYMBOL_GPL(tpm_seal_trusted);

/**

 * tpm_unseal_trusted() - unseal a trusted key

 * @chip:	a &struct tpm_chip instance, %NULL for the default chip

 * @options:	authentication values and other options

 * @payload:	the key data in clear and encrypted form

 *

 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in

 * the keyring subsystem.

 *

 * Return: same as with tpm_transmit_cmd()

 */

int tpm_unseal_trusted(struct tpm_chip *chip,

		       struct trusted_key_payload *payload,

		       struct trusted_key_options *options)

{

	int rc;

	chip = tpm_find_get_ops(chip);

	if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))

		return -ENODEV;

	rc = tpm2_unseal_trusted(chip, payload, options);

	tpm_put_ops(chip);

	return rc;

}

EXPORT_SYMBOL_GPL(tpm_unseal_trusted);

static int __init tpm_init(void)

{

	int rc;