[deliverable/linux.git] / drivers / char / tpm / tpm.c

/*
 * Copyright (C) 2004 IBM Corporation
 *
 * Authors:
 * Leendert van Doorn <leendert@watson.ibm.com>
 * Dave Safford <safford@watson.ibm.com>
 * Reiner Sailer <sailer@watson.ibm.com>
 * Kylene Hall <kjhall@us.ibm.com>
 *
 * Maintained by: <tpmdd_devel@lists.sourceforge.net>
 *
 * Device driver for TCG/TCPA TPM (trusted platform module).
 * Specifications at www.trustedcomputinggroup.org	 
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 * 
 * Note, the TPM chip is not interrupt driven (only polling)
 * and can have very long timeouts (minutes!). Hence the unusual
 * calls to msleep.
 *
 */

#include <linux/sched.h>
#include <linux/poll.h>
#include <linux/spinlock.h>
#include "tpm.h"

#define	TPM_MINOR			224	/* officially assigned */

#define	TPM_BUFSIZE			2048

/* PCI configuration addresses */
#define	PCI_GEN_PMCON_1			0xA0
#define	PCI_GEN1_DEC			0xE4
#define	PCI_LPC_EN			0xE6
#define	PCI_GEN2_DEC			0xEC

static LIST_HEAD(tpm_chip_list);
static DEFINE_SPINLOCK(driver_lock);
static int dev_mask[32];

static void user_reader_timeout(unsigned long ptr)
{
	struct tpm_chip *chip = (struct tpm_chip *) ptr;

	down(&chip->buffer_mutex);
	atomic_set(&chip->data_pending, 0);
	memset(chip->data_buffer, 0, TPM_BUFSIZE);
	up(&chip->buffer_mutex);
}

/*
 * Initialize the LPC bus and enable the TPM ports
 */
int tpm_lpc_bus_init(struct pci_dev *pci_dev, u16 base)
{
	u32 lpcenable, tmp;
	int is_lpcm = 0;

	switch (pci_dev->vendor) {
	case PCI_VENDOR_ID_INTEL:
		switch (pci_dev->device) {
		case PCI_DEVICE_ID_INTEL_82801CA_12:
		case PCI_DEVICE_ID_INTEL_82801DB_12:
			is_lpcm = 1;
			break;
		}
		/* init ICH (enable LPC) */
		pci_read_config_dword(pci_dev, PCI_GEN1_DEC, &lpcenable);
		lpcenable |= 0x20000000;
		pci_write_config_dword(pci_dev, PCI_GEN1_DEC, lpcenable);

		if (is_lpcm) {
			pci_read_config_dword(pci_dev, PCI_GEN1_DEC,
					      &lpcenable);
			if ((lpcenable & 0x20000000) == 0) {
				dev_err(&pci_dev->dev,
					"cannot enable LPC\n");
				return -ENODEV;
			}
		}

		/* initialize TPM registers */
		pci_read_config_dword(pci_dev, PCI_GEN2_DEC, &tmp);

		if (!is_lpcm)
			tmp = (tmp & 0xFFFF0000) | (base & 0xFFF0);
		else
			tmp =
			    (tmp & 0xFFFF0000) | (base & 0xFFF0) |
			    0x00000001;

		pci_write_config_dword(pci_dev, PCI_GEN2_DEC, tmp);

		if (is_lpcm) {
			pci_read_config_dword(pci_dev, PCI_GEN_PMCON_1,
					      &tmp);
			tmp |= 0x00000004;	/* enable CLKRUN */
			pci_write_config_dword(pci_dev, PCI_GEN_PMCON_1,
					       tmp);
		}
		tpm_write_index(0x0D, 0x55);	/* unlock 4F */
		tpm_write_index(0x0A, 0x00);	/* int disable */
		tpm_write_index(0x08, base);	/* base addr lo */
		tpm_write_index(0x09, (base & 0xFF00) >> 8);	/* base addr hi */
		tpm_write_index(0x0D, 0xAA);	/* lock 4F */
		break;
	case PCI_VENDOR_ID_AMD:
		/* nothing yet */
		break;
	}

	return 0;
}

EXPORT_SYMBOL_GPL(tpm_lpc_bus_init);

/*
 * Internal kernel interface to transmit TPM commands
 */
static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
			    size_t bufsiz)
{
	ssize_t len;
	u32 count;
	__be32 *native_size;
	unsigned long stop;

	native_size = (__force __be32 *) (buf + 2);
	count = be32_to_cpu(*native_size);

	if (count == 0)
		return -ENODATA;
	if (count > bufsiz) {
		dev_err(&chip->pci_dev->dev,
			"invalid count value %x %zx \n", count, bufsiz);
		return -E2BIG;
	}

	down(&chip->tpm_mutex);

	if ((len = chip->vendor->send(chip, (u8 *) buf, count)) < 0) {
		dev_err(&chip->pci_dev->dev,
			"tpm_transmit: tpm_send: error %zd\n", len);
		return len;
	}

	stop = jiffies + 2 * 60 * HZ;
	do {
		u8 status = inb(chip->vendor->base + 1);
		if ((status & chip->vendor->req_complete_mask) ==
		    chip->vendor->req_complete_val) {
			goto out_recv;
		}
		msleep(TPM_TIMEOUT); /* CHECK */
		rmb();
	} while (time_before(jiffies, stop));


	chip->vendor->cancel(chip);
	dev_err(&chip->pci_dev->dev, "Time expired\n");
	up(&chip->tpm_mutex);
	return -EIO;

out_recv:
	len = chip->vendor->recv(chip, (u8 *) buf, bufsiz);
	if (len < 0)
		dev_err(&chip->pci_dev->dev,
			"tpm_transmit: tpm_recv: error %zd\n", len);
	up(&chip->tpm_mutex);
	return len;
}

#define TPM_DIGEST_SIZE 20
#define CAP_PCR_RESULT_SIZE 18
static u8 cap_pcr[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 22,		/* length */
	0, 0, 0, 101,		/* TPM_ORD_GetCapability */
	0, 0, 0, 5,
	0, 0, 0, 4,
	0, 0, 1, 1
};

#define READ_PCR_RESULT_SIZE 30
static u8 pcrread[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 14,		/* length */
	0, 0, 0, 21,		/* TPM_ORD_PcrRead */
	0, 0, 0, 0		/* PCR index */
};

static ssize_t show_pcrs(struct device *dev, struct device_attribute *attr, char *buf)
{
	u8 data[READ_PCR_RESULT_SIZE];
	ssize_t len;
	int i, j, index, num_pcrs;
	char *str = buf;

	struct tpm_chip *chip =
	    pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	if (chip == NULL)
		return -ENODEV;

	memcpy(data, cap_pcr, sizeof(cap_pcr));
	if ((len = tpm_transmit(chip, data, sizeof(data)))
	    < CAP_PCR_RESULT_SIZE)
		return len;

	num_pcrs = be32_to_cpu(*((__force __be32 *) (data + 14)));

	for (i = 0; i < num_pcrs; i++) {
		memcpy(data, pcrread, sizeof(pcrread));
		index = cpu_to_be32(i);
		memcpy(data + 10, &index, 4);
		if ((len = tpm_transmit(chip, data, sizeof(data)))
		    < READ_PCR_RESULT_SIZE)
			return len;
		str += sprintf(str, "PCR-%02d: ", i);
		for (j = 0; j < TPM_DIGEST_SIZE; j++)
			str += sprintf(str, "%02X ", *(data + 10 + j));
		str += sprintf(str, "\n");
	}
	return str - buf;
}

static DEVICE_ATTR(pcrs, S_IRUGO, show_pcrs, NULL);

#define  READ_PUBEK_RESULT_SIZE 314
static u8 readpubek[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 30,		/* length */
	0, 0, 0, 124,		/* TPM_ORD_ReadPubek */
};

static ssize_t show_pubek(struct device *dev, struct device_attribute *attr, char *buf)
{
	u8 data[READ_PUBEK_RESULT_SIZE];
	ssize_t len;
	__be32 *native_val;
	int i;
	char *str = buf;

	struct tpm_chip *chip =
	    pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	if (chip == NULL)
		return -ENODEV;

	memcpy(data, readpubek, sizeof(readpubek));
	memset(data + sizeof(readpubek), 0, 20);	/* zero nonce */

	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	    READ_PUBEK_RESULT_SIZE)
		return len;

	/* 
	   ignore header 10 bytes
	   algorithm 32 bits (1 == RSA )
	   encscheme 16 bits
	   sigscheme 16 bits
	   parameters (RSA 12->bytes: keybit, #primes, expbit)  
	   keylenbytes 32 bits
	   256 byte modulus
	   ignore checksum 20 bytes
	 */

	native_val = (__force __be32 *) (data + 34);

	str +=
	    sprintf(str,
		    "Algorithm: %02X %02X %02X %02X\nEncscheme: %02X %02X\n"
		    "Sigscheme: %02X %02X\nParameters: %02X %02X %02X %02X"
		    " %02X %02X %02X %02X %02X %02X %02X %02X\n"
		    "Modulus length: %d\nModulus: \n",
		    data[10], data[11], data[12], data[13], data[14],
		    data[15], data[16], data[17], data[22], data[23],
		    data[24], data[25], data[26], data[27], data[28],
		    data[29], data[30], data[31], data[32], data[33],
		    be32_to_cpu(*native_val)
	    );

	for (i = 0; i < 256; i++) {
		str += sprintf(str, "%02X ", data[i + 39]);
		if ((i + 1) % 16 == 0)
			str += sprintf(str, "\n");
	}
	return str - buf;
}

static DEVICE_ATTR(pubek, S_IRUGO, show_pubek, NULL);

#define CAP_VER_RESULT_SIZE 18
static u8 cap_version[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 18,		/* length */
	0, 0, 0, 101,		/* TPM_ORD_GetCapability */
	0, 0, 0, 6,
	0, 0, 0, 0
};

#define CAP_MANUFACTURER_RESULT_SIZE 18
static u8 cap_manufacturer[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 22,		/* length */
	0, 0, 0, 101,		/* TPM_ORD_GetCapability */
	0, 0, 0, 5,
	0, 0, 0, 4,
	0, 0, 1, 3
};

static ssize_t show_caps(struct device *dev, struct device_attribute *attr, char *buf)
{
	u8 data[READ_PUBEK_RESULT_SIZE];
	ssize_t len;
	char *str = buf;

	struct tpm_chip *chip =
	    pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	if (chip == NULL)
		return -ENODEV;

	memcpy(data, cap_manufacturer, sizeof(cap_manufacturer));

	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	    CAP_MANUFACTURER_RESULT_SIZE)
		return len;

	str += sprintf(str, "Manufacturer: 0x%x\n",
		       be32_to_cpu(*(data + 14)));

	memcpy(data, cap_version, sizeof(cap_version));

	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	    CAP_VER_RESULT_SIZE)
		return len;

	str +=
	    sprintf(str, "TCG version: %d.%d\nFirmware version: %d.%d\n",
		    (int) data[14], (int) data[15], (int) data[16],
		    (int) data[17]);

	return str - buf;
}

static DEVICE_ATTR(caps, S_IRUGO, show_caps, NULL);

/*
 * Device file system interface to the TPM
 */
int tpm_open(struct inode *inode, struct file *file)
{
	int rc = 0, minor = iminor(inode);
	struct tpm_chip *chip = NULL, *pos;

	spin_lock(&driver_lock);

	list_for_each_entry(pos, &tpm_chip_list, list) {
		if (pos->vendor->miscdev.minor == minor) {
			chip = pos;
			break;
		}
	}

	if (chip == NULL) {
		rc = -ENODEV;
		goto err_out;
	}

	if (chip->num_opens) {
		dev_dbg(&chip->pci_dev->dev,
			"Another process owns this TPM\n");
		rc = -EBUSY;
		goto err_out;
	}

	chip->num_opens++;
	pci_dev_get(chip->pci_dev);

	spin_unlock(&driver_lock);

	chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL);
	if (chip->data_buffer == NULL) {
		chip->num_opens--;
		pci_dev_put(chip->pci_dev);
		return -ENOMEM;
	}

	atomic_set(&chip->data_pending, 0);

	file->private_data = chip;
	return 0;

err_out:
	spin_unlock(&driver_lock);
	return rc;
}

EXPORT_SYMBOL_GPL(tpm_open);

int tpm_release(struct inode *inode, struct file *file)
{
	struct tpm_chip *chip = file->private_data;
	
	file->private_data = NULL;

	spin_lock(&driver_lock);
	chip->num_opens--;
	spin_unlock(&driver_lock);

	down(&chip->timer_manipulation_mutex);
	if (timer_pending(&chip->user_read_timer))
		del_singleshot_timer_sync(&chip->user_read_timer);
	else if (timer_pending(&chip->device_timer))
		del_singleshot_timer_sync(&chip->device_timer);
	up(&chip->timer_manipulation_mutex);

	kfree(chip->data_buffer);
	atomic_set(&chip->data_pending, 0);

	pci_dev_put(chip->pci_dev);
	return 0;
}

EXPORT_SYMBOL_GPL(tpm_release);

ssize_t tpm_write(struct file * file, const char __user * buf,
		  size_t size, loff_t * off)
{
	struct tpm_chip *chip = file->private_data;
	int in_size = size, out_size;

	/* cannot perform a write until the read has cleared
	   either via tpm_read or a user_read_timer timeout */
	while (atomic_read(&chip->data_pending) != 0)
		msleep(TPM_TIMEOUT);

	down(&chip->buffer_mutex);

	if (in_size > TPM_BUFSIZE)
		in_size = TPM_BUFSIZE;

	if (copy_from_user
	    (chip->data_buffer, (void __user *) buf, in_size)) {
		up(&chip->buffer_mutex);
		return -EFAULT;
	}

	/* atomic tpm command send and result receive */
	out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);

	atomic_set(&chip->data_pending, out_size);
	up(&chip->buffer_mutex);

	/* Set a timeout by which the reader must come claim the result */
	down(&chip->timer_manipulation_mutex);
	init_timer(&chip->user_read_timer);
	chip->user_read_timer.function = user_reader_timeout;
	chip->user_read_timer.data = (unsigned long) chip;
	chip->user_read_timer.expires = jiffies + (60 * HZ);
	add_timer(&chip->user_read_timer);
	up(&chip->timer_manipulation_mutex);

	return in_size;
}

EXPORT_SYMBOL_GPL(tpm_write);

ssize_t tpm_read(struct file * file, char __user * buf,
		 size_t size, loff_t * off)
{
	struct tpm_chip *chip = file->private_data;
	int ret_size = -ENODATA;

	if (atomic_read(&chip->data_pending) != 0) {	/* Result available */
		down(&chip->timer_manipulation_mutex);
		del_singleshot_timer_sync(&chip->user_read_timer);
		up(&chip->timer_manipulation_mutex);

		down(&chip->buffer_mutex);

		ret_size = atomic_read(&chip->data_pending);
		atomic_set(&chip->data_pending, 0);

		if (ret_size == 0)	/* timeout just occurred */
			ret_size = -ETIME;
		else if (ret_size > 0) {	/* relay data */
			if (size < ret_size)
				ret_size = size;

			if (copy_to_user((void __user *) buf,
					 chip->data_buffer, ret_size)) {
				ret_size = -EFAULT;
			}
		}
		up(&chip->buffer_mutex);
	}

	return ret_size;
}

EXPORT_SYMBOL_GPL(tpm_read);

void __devexit tpm_remove(struct pci_dev *pci_dev)
{
	struct tpm_chip *chip = pci_get_drvdata(pci_dev);

	if (chip == NULL) {
		dev_err(&pci_dev->dev, "No device data found\n");
		return;
	}

	spin_lock(&driver_lock);

	list_del(&chip->list);

	spin_unlock(&driver_lock);

	pci_set_drvdata(pci_dev, NULL);
	misc_deregister(&chip->vendor->miscdev);

	device_remove_file(&pci_dev->dev, &dev_attr_pubek);
	device_remove_file(&pci_dev->dev, &dev_attr_pcrs);
	device_remove_file(&pci_dev->dev, &dev_attr_caps);

	pci_disable_device(pci_dev);

	dev_mask[chip->dev_num / 32] &= !(1 << (chip->dev_num % 32));

	kfree(chip);

	pci_dev_put(pci_dev);
}

EXPORT_SYMBOL_GPL(tpm_remove);

static u8 savestate[] = {
	0, 193,			/* TPM_TAG_RQU_COMMAND */
	0, 0, 0, 10,		/* blob length (in bytes) */
	0, 0, 0, 152		/* TPM_ORD_SaveState */
};

/*
 * We are about to suspend. Save the TPM state
 * so that it can be restored.
 */
int tpm_pm_suspend(struct pci_dev *pci_dev, pm_message_t pm_state)
{
	struct tpm_chip *chip = pci_get_drvdata(pci_dev);
	if (chip == NULL)
		return -ENODEV;

	tpm_transmit(chip, savestate, sizeof(savestate));
	return 0;
}

EXPORT_SYMBOL_GPL(tpm_pm_suspend);

/*
 * Resume from a power safe. The BIOS already restored
 * the TPM state.
 */
int tpm_pm_resume(struct pci_dev *pci_dev)
{
	struct tpm_chip *chip = pci_get_drvdata(pci_dev);

	if (chip == NULL)
		return -ENODEV;

	spin_lock(&driver_lock);
	tpm_lpc_bus_init(pci_dev, chip->vendor->base);
	spin_unlock(&driver_lock);

	return 0;
}

EXPORT_SYMBOL_GPL(tpm_pm_resume);

/*
 * Called from tpm_<specific>.c probe function only for devices 
 * the driver has determined it should claim.  Prior to calling
 * this function the specific probe function has called pci_enable_device
 * upon errant exit from this function specific probe function should call
 * pci_disable_device
 */
int tpm_register_hardware(struct pci_dev *pci_dev,
			  struct tpm_vendor_specific *entry)
{
	char devname[7];
	struct tpm_chip *chip;
	int i, j;

	/* Driver specific per-device data */
	chip = kmalloc(sizeof(*chip), GFP_KERNEL);
	if (chip == NULL)
		return -ENOMEM;

	memset(chip, 0, sizeof(struct tpm_chip));

	init_MUTEX(&chip->buffer_mutex);
	init_MUTEX(&chip->tpm_mutex);
	init_MUTEX(&chip->timer_manipulation_mutex);
	INIT_LIST_HEAD(&chip->list);

	chip->vendor = entry;

	chip->dev_num = -1;

	for (i = 0; i < 32; i++)
		for (j = 0; j < 8; j++)
			if ((dev_mask[i] & (1 << j)) == 0) {
				chip->dev_num = i * 32 + j;
				dev_mask[i] |= 1 << j;
				goto dev_num_search_complete;
			}

dev_num_search_complete:
	if (chip->dev_num < 0) {
		dev_err(&pci_dev->dev,
			"No available tpm device numbers\n");
		kfree(chip);
		return -ENODEV;
	} else if (chip->dev_num == 0)
		chip->vendor->miscdev.minor = TPM_MINOR;
	else
		chip->vendor->miscdev.minor = MISC_DYNAMIC_MINOR;

	snprintf(devname, sizeof(devname), "%s%d", "tpm", chip->dev_num);
	chip->vendor->miscdev.name = devname;

	chip->vendor->miscdev.dev = &(pci_dev->dev);
	chip->pci_dev = pci_dev_get(pci_dev);

	if (misc_register(&chip->vendor->miscdev)) {
		dev_err(&chip->pci_dev->dev,
			"unable to misc_register %s, minor %d\n",
			chip->vendor->miscdev.name,
			chip->vendor->miscdev.minor);
		pci_dev_put(pci_dev);
		kfree(chip);
		dev_mask[i] &= !(1 << j);
		return -ENODEV;
	}

	pci_set_drvdata(pci_dev, chip);

	list_add(&chip->list, &tpm_chip_list);

	device_create_file(&pci_dev->dev, &dev_attr_pubek);
	device_create_file(&pci_dev->dev, &dev_attr_pcrs);
	device_create_file(&pci_dev->dev, &dev_attr_caps);

	return 0;
}

EXPORT_SYMBOL_GPL(tpm_register_hardware);

static int __init init_tpm(void)
{
	return 0;
}

static void __exit cleanup_tpm(void)
{

}

module_init(init_tpm);
module_exit(cleanup_tpm);

MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
MODULE_DESCRIPTION("TPM Driver");
MODULE_VERSION("2.0");
MODULE_LICENSE("GPL");
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Copyright (C) 2004 IBM Corporation
	3	*
	4	* Authors:
	5	* Leendert van Doorn <leendert@watson.ibm.com>
	6	* Dave Safford <safford@watson.ibm.com>
	7	* Reiner Sailer <sailer@watson.ibm.com>
	8	* Kylene Hall <kjhall@us.ibm.com>
	9	*
	10	* Maintained by: <tpmdd_devel@lists.sourceforge.net>
	11	*
	12	* Device driver for TCG/TCPA TPM (trusted platform module).
	13	* Specifications at www.trustedcomputinggroup.org
	14	*
	15	* This program is free software; you can redistribute it and/or
	16	* modify it under the terms of the GNU General Public License as
	17	* published by the Free Software Foundation, version 2 of the
	18	* License.
	19	*
	20	* Note, the TPM chip is not interrupt driven (only polling)
	21	* and can have very long timeouts (minutes!). Hence the unusual
700d8bdc	22	* calls to msleep.
1da177e4 LT	23	*
	24	*/
	25
	26	#include <linux/sched.h>
	27	#include <linux/poll.h>
	28	#include <linux/spinlock.h>
	29	#include "tpm.h"
	30
	31	#define TPM_MINOR 224 /* officially assigned */
	32
	33	#define TPM_BUFSIZE 2048
	34
	35	/* PCI configuration addresses */
	36	#define PCI_GEN_PMCON_1 0xA0
	37	#define PCI_GEN1_DEC 0xE4
	38	#define PCI_LPC_EN 0xE6
	39	#define PCI_GEN2_DEC 0xEC
	40
	41	static LIST_HEAD(tpm_chip_list);
	42	static DEFINE_SPINLOCK(driver_lock);
	43	static int dev_mask[32];
	44
	45	static void user_reader_timeout(unsigned long ptr)
	46	{
	47	struct tpm_chip chip = (struct tpm_chip ) ptr;
	48
	49	down(&chip->buffer_mutex);
	50	atomic_set(&chip->data_pending, 0);
	51	memset(chip->data_buffer, 0, TPM_BUFSIZE);
	52	up(&chip->buffer_mutex);
	53	}
	54
1da177e4 LT	55	/*
	56	* Initialize the LPC bus and enable the TPM ports
	57	*/
	58	int tpm_lpc_bus_init(struct pci_dev *pci_dev, u16 base)
	59	{
	60	u32 lpcenable, tmp;
	61	int is_lpcm = 0;
	62
	63	switch (pci_dev->vendor) {
	64	case PCI_VENDOR_ID_INTEL:
	65	switch (pci_dev->device) {
	66	case PCI_DEVICE_ID_INTEL_82801CA_12:
	67	case PCI_DEVICE_ID_INTEL_82801DB_12:
	68	is_lpcm = 1;
	69	break;
	70	}
	71	/* init ICH (enable LPC) */
	72	pci_read_config_dword(pci_dev, PCI_GEN1_DEC, &lpcenable);
	73	lpcenable \|= 0x20000000;
	74	pci_write_config_dword(pci_dev, PCI_GEN1_DEC, lpcenable);
	75
	76	if (is_lpcm) {
	77	pci_read_config_dword(pci_dev, PCI_GEN1_DEC,
	78	&lpcenable);
	79	if ((lpcenable & 0x20000000) == 0) {
	80	dev_err(&pci_dev->dev,
	81	"cannot enable LPC\n");
	82	return -ENODEV;
	83	}
	84	}
	85
	86	/* initialize TPM registers */
	87	pci_read_config_dword(pci_dev, PCI_GEN2_DEC, &tmp);
	88
	89	if (!is_lpcm)
	90	tmp = (tmp & 0xFFFF0000) \| (base & 0xFFF0);
	91	else
	92	tmp =
	93	(tmp & 0xFFFF0000) \| (base & 0xFFF0) \|
	94	0x00000001;
	95
	96	pci_write_config_dword(pci_dev, PCI_GEN2_DEC, tmp);
	97
	98	if (is_lpcm) {
	99	pci_read_config_dword(pci_dev, PCI_GEN_PMCON_1,
	100	&tmp);
	101	tmp \|= 0x00000004; /* enable CLKRUN */
	102	pci_write_config_dword(pci_dev, PCI_GEN_PMCON_1,
	103	tmp);
	104	}
	105	tpm_write_index(0x0D, 0x55); /* unlock 4F */
	106	tpm_write_index(0x0A, 0x00); /* int disable */
	107	tpm_write_index(0x08, base); /* base addr lo */
	108	tpm_write_index(0x09, (base & 0xFF00) >> 8); /* base addr hi */
	109	tpm_write_index(0x0D, 0xAA); /* lock 4F */
	110	break;
	111	case PCI_VENDOR_ID_AMD:
	112	/* nothing yet */
	113	break;
	114	}
	115
	116	return 0;
	117	}
	118
119	EXPORT_SYMBOL_GPL(tpm_lpc_bus_init);
120
121	/*
122	* Internal kernel interface to transmit TPM commands
123	*/
124	static ssize_t tpm_transmit(struct tpm_chip chip, const char buf,
125	size_t bufsiz)
126	{
127	ssize_t len;
128	u32 count;
129	__be32 *native_size;
700d8bdc	130	unsigned long stop;
1da177e4 LT	131
	132	native_size = (__force __be32 *) (buf + 2);
	133	count = be32_to_cpu(*native_size);
	134
	135	if (count == 0)
	136	return -ENODATA;
	137	if (count > bufsiz) {
	138	dev_err(&chip->pci_dev->dev,
b76be681	139	"invalid count value %x %zx \n", count, bufsiz);
1da177e4 LT	140	return -E2BIG;
	141	}
	142
	143	down(&chip->tpm_mutex);
	144
	145	if ((len = chip->vendor->send(chip, (u8 *) buf, count)) < 0) {
	146	dev_err(&chip->pci_dev->dev,
b76be681	147	"tpm_transmit: tpm_send: error %zd\n", len);
1da177e4 LT	148	return len;
	149	}
	150
700d8bdc	151	stop = jiffies + 2 * 60 * HZ;
1da177e4 LT	152	do {
	153	u8 status = inb(chip->vendor->base + 1);
	154	if ((status & chip->vendor->req_complete_mask) ==
	155	chip->vendor->req_complete_val) {
1da177e4 LT	156	goto out_recv;
1da177e4 LT	157	}
700d8bdc	158	msleep(TPM_TIMEOUT); /* CHECK */
1da177e4	159	rmb();
700d8bdc	160	} while (time_before(jiffies, stop));
1da177e4 LT	161
	162
	163	chip->vendor->cancel(chip);
	164	dev_err(&chip->pci_dev->dev, "Time expired\n");
	165	up(&chip->tpm_mutex);
	166	return -EIO;
	167
	168	out_recv:
	169	len = chip->vendor->recv(chip, (u8 *) buf, bufsiz);
	170	if (len < 0)
	171	dev_err(&chip->pci_dev->dev,
b76be681	172	"tpm_transmit: tpm_recv: error %zd\n", len);
1da177e4 LT	173	up(&chip->tpm_mutex);
	174	return len;
	175	}
	176
	177	#define TPM_DIGEST_SIZE 20
	178	#define CAP_PCR_RESULT_SIZE 18
	179	static u8 cap_pcr[] = {
	180	0, 193, /* TPM_TAG_RQU_COMMAND */
	181	0, 0, 0, 22, /* length */
	182	0, 0, 0, 101, /* TPM_ORD_GetCapability */
	183	0, 0, 0, 5,
	184	0, 0, 0, 4,
	185	0, 0, 1, 1
	186	};
	187
	188	#define READ_PCR_RESULT_SIZE 30
	189	static u8 pcrread[] = {
	190	0, 193, /* TPM_TAG_RQU_COMMAND */
	191	0, 0, 0, 14, /* length */
	192	0, 0, 0, 21, /* TPM_ORD_PcrRead */
	193	0, 0, 0, 0 /* PCR index */
	194	};
	195
74880c06	196	static ssize_t show_pcrs(struct device dev, struct device_attribute attr, char *buf)
1da177e4 LT	197	{
	198	u8 data[READ_PCR_RESULT_SIZE];
	199	ssize_t len;
	200	int i, j, index, num_pcrs;
	201	char *str = buf;
	202
	203	struct tpm_chip *chip =
	204	pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	205	if (chip == NULL)
	206	return -ENODEV;
	207
	208	memcpy(data, cap_pcr, sizeof(cap_pcr));
	209	if ((len = tpm_transmit(chip, data, sizeof(data)))
	210	< CAP_PCR_RESULT_SIZE)
	211	return len;
	212
	213	num_pcrs = be32_to_cpu(((__force __be32 ) (data + 14)));
	214
	215	for (i = 0; i < num_pcrs; i++) {
	216	memcpy(data, pcrread, sizeof(pcrread));
	217	index = cpu_to_be32(i);
	218	memcpy(data + 10, &index, 4);
	219	if ((len = tpm_transmit(chip, data, sizeof(data)))
	220	< READ_PCR_RESULT_SIZE)
	221	return len;
	222	str += sprintf(str, "PCR-%02d: ", i);
	223	for (j = 0; j < TPM_DIGEST_SIZE; j++)
	224	str += sprintf(str, "%02X ", *(data + 10 + j));
	225	str += sprintf(str, "\n");
	226	}
	227	return str - buf;
	228	}
	229
	230	static DEVICE_ATTR(pcrs, S_IRUGO, show_pcrs, NULL);
	231
	232	#define READ_PUBEK_RESULT_SIZE 314
	233	static u8 readpubek[] = {
	234	0, 193, /* TPM_TAG_RQU_COMMAND */
	235	0, 0, 0, 30, /* length */
	236	0, 0, 0, 124, /* TPM_ORD_ReadPubek */
	237	};
	238
74880c06	239	static ssize_t show_pubek(struct device dev, struct device_attribute attr, char *buf)
1da177e4 LT	240	{
	241	u8 data[READ_PUBEK_RESULT_SIZE];
	242	ssize_t len;
	243	__be32 *native_val;
	244	int i;
	245	char *str = buf;
	246
	247	struct tpm_chip *chip =
	248	pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	249	if (chip == NULL)
	250	return -ENODEV;
	251
	252	memcpy(data, readpubek, sizeof(readpubek));
	253	memset(data + sizeof(readpubek), 0, 20); /* zero nonce */
	254
	255	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	256	READ_PUBEK_RESULT_SIZE)
	257	return len;
	258
	259	/*
	260	ignore header 10 bytes
	261	algorithm 32 bits (1 == RSA )
	262	encscheme 16 bits
	263	sigscheme 16 bits
	264	parameters (RSA 12->bytes: keybit, #primes, expbit)
	265	keylenbytes 32 bits
	266	256 byte modulus
	267	ignore checksum 20 bytes
	268	*/
	269
	270	native_val = (__force __be32 *) (data + 34);
	271
	272	str +=
	273	sprintf(str,
	274	"Algorithm: %02X %02X %02X %02X\nEncscheme: %02X %02X\n"
	275	"Sigscheme: %02X %02X\nParameters: %02X %02X %02X %02X"
	276	" %02X %02X %02X %02X %02X %02X %02X %02X\n"
	277	"Modulus length: %d\nModulus: \n",
	278	data[10], data[11], data[12], data[13], data[14],
	279	data[15], data[16], data[17], data[22], data[23],
	280	data[24], data[25], data[26], data[27], data[28],
	281	data[29], data[30], data[31], data[32], data[33],
	282	be32_to_cpu(*native_val)
	283	);
	284
	285	for (i = 0; i < 256; i++) {
	286	str += sprintf(str, "%02X ", data[i + 39]);
	287	if ((i + 1) % 16 == 0)
	288	str += sprintf(str, "\n");
	289	}
	290	return str - buf;
	291	}
	292
	293	static DEVICE_ATTR(pubek, S_IRUGO, show_pubek, NULL);
	294
	295	#define CAP_VER_RESULT_SIZE 18
	296	static u8 cap_version[] = {
	297	0, 193, /* TPM_TAG_RQU_COMMAND */
	298	0, 0, 0, 18, /* length */
	299	0, 0, 0, 101, /* TPM_ORD_GetCapability */
	300	0, 0, 0, 6,
	301	0, 0, 0, 0
	302	};
	303
304	#define CAP_MANUFACTURER_RESULT_SIZE 18
305	static u8 cap_manufacturer[] = {
306	0, 193, /* TPM_TAG_RQU_COMMAND */
307	0, 0, 0, 22, /* length */
308	0, 0, 0, 101, /* TPM_ORD_GetCapability */
309	0, 0, 0, 5,
310	0, 0, 0, 4,
311	0, 0, 1, 3
312	};
313
74880c06	314	static ssize_t show_caps(struct device dev, struct device_attribute attr, char *buf)
1da177e4 LT	315	{
	316	u8 data[READ_PUBEK_RESULT_SIZE];
	317	ssize_t len;
	318	char *str = buf;
	319
	320	struct tpm_chip *chip =
	321	pci_get_drvdata(container_of(dev, struct pci_dev, dev));
	322	if (chip == NULL)
	323	return -ENODEV;
	324
	325	memcpy(data, cap_manufacturer, sizeof(cap_manufacturer));
	326
	327	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	328	CAP_MANUFACTURER_RESULT_SIZE)
	329	return len;
	330
	331	str += sprintf(str, "Manufacturer: 0x%x\n",
	332	be32_to_cpu(*(data + 14)));
	333
	334	memcpy(data, cap_version, sizeof(cap_version));
	335
	336	if ((len = tpm_transmit(chip, data, sizeof(data))) <
	337	CAP_VER_RESULT_SIZE)
	338	return len;
	339
	340	str +=
	341	sprintf(str, "TCG version: %d.%d\nFirmware version: %d.%d\n",
	342	(int) data[14], (int) data[15], (int) data[16],
	343	(int) data[17]);
	344
	345	return str - buf;
	346	}
	347
	348	static DEVICE_ATTR(caps, S_IRUGO, show_caps, NULL);
	349
	350	/*
	351	* Device file system interface to the TPM
	352	*/
	353	int tpm_open(struct inode inode, struct file file)
	354	{
	355	int rc = 0, minor = iminor(inode);
	356	struct tpm_chip chip = NULL, pos;
	357
	358	spin_lock(&driver_lock);
	359
	360	list_for_each_entry(pos, &tpm_chip_list, list) {
	361	if (pos->vendor->miscdev.minor == minor) {
	362	chip = pos;
	363	break;
	364	}
	365	}
	366
	367	if (chip == NULL) {
	368	rc = -ENODEV;
	369	goto err_out;
	370	}
	371
	372	if (chip->num_opens) {
	373	dev_dbg(&chip->pci_dev->dev,
	374	"Another process owns this TPM\n");
	375	rc = -EBUSY;
	376	goto err_out;
	377	}
	378
379	chip->num_opens++;
380	pci_dev_get(chip->pci_dev);
381
382	spin_unlock(&driver_lock);
383
384	chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL);
385	if (chip->data_buffer == NULL) {
386	chip->num_opens--;
387	pci_dev_put(chip->pci_dev);
388	return -ENOMEM;
389	}
390
391	atomic_set(&chip->data_pending, 0);
392
393	file->private_data = chip;
394	return 0;
395
396	err_out:
397	spin_unlock(&driver_lock);
398	return rc;
399	}
400
401	EXPORT_SYMBOL_GPL(tpm_open);
402
403	int tpm_release(struct inode inode, struct file file)
404	{
405	struct tpm_chip *chip = file->private_data;
406
407	file->private_data = NULL;
408
409	spin_lock(&driver_lock);
410	chip->num_opens--;
411	spin_unlock(&driver_lock);
412
413	down(&chip->timer_manipulation_mutex);
414	if (timer_pending(&chip->user_read_timer))
415	del_singleshot_timer_sync(&chip->user_read_timer);
416	else if (timer_pending(&chip->device_timer))
417	del_singleshot_timer_sync(&chip->device_timer);
418	up(&chip->timer_manipulation_mutex);
419
420	kfree(chip->data_buffer);
421	atomic_set(&chip->data_pending, 0);
422
423	pci_dev_put(chip->pci_dev);
424	return 0;
425	}
426
427	EXPORT_SYMBOL_GPL(tpm_release);
428
429	ssize_t tpm_write(struct file * file, const char __user * buf,
430	size_t size, loff_t * off)
431	{
432	struct tpm_chip *chip = file->private_data;
433	int in_size = size, out_size;
434
435	/* cannot perform a write until the read has cleared
436	either via tpm_read or a user_read_timer timeout */
700d8bdc NA	437	while (atomic_read(&chip->data_pending) != 0)
700d8bdc NA	438	msleep(TPM_TIMEOUT);
1da177e4 LT	439
	440	down(&chip->buffer_mutex);
	441
	442	if (in_size > TPM_BUFSIZE)
	443	in_size = TPM_BUFSIZE;
	444
	445	if (copy_from_user
	446	(chip->data_buffer, (void __user *) buf, in_size)) {
	447	up(&chip->buffer_mutex);
	448	return -EFAULT;
	449	}
	450
	451	/* atomic tpm command send and result receive */
	452	out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
	453
	454	atomic_set(&chip->data_pending, out_size);
	455	up(&chip->buffer_mutex);
	456
	457	/* Set a timeout by which the reader must come claim the result */
	458	down(&chip->timer_manipulation_mutex);
	459	init_timer(&chip->user_read_timer);
	460	chip->user_read_timer.function = user_reader_timeout;
	461	chip->user_read_timer.data = (unsigned long) chip;
	462	chip->user_read_timer.expires = jiffies + (60 * HZ);
	463	add_timer(&chip->user_read_timer);
	464	up(&chip->timer_manipulation_mutex);
	465
	466	return in_size;
	467	}
	468
	469	EXPORT_SYMBOL_GPL(tpm_write);
	470
	471	ssize_t tpm_read(struct file * file, char __user * buf,
	472	size_t size, loff_t * off)
	473	{
	474	struct tpm_chip *chip = file->private_data;
	475	int ret_size = -ENODATA;
	476
	477	if (atomic_read(&chip->data_pending) != 0) { /* Result available */
	478	down(&chip->timer_manipulation_mutex);
	479	del_singleshot_timer_sync(&chip->user_read_timer);
	480	up(&chip->timer_manipulation_mutex);
	481
	482	down(&chip->buffer_mutex);
	483
	484	ret_size = atomic_read(&chip->data_pending);
	485	atomic_set(&chip->data_pending, 0);
	486
	487	if (ret_size == 0) /* timeout just occurred */
	488	ret_size = -ETIME;
	489	else if (ret_size > 0) { /* relay data */
	490	if (size < ret_size)
	491	ret_size = size;
	492
	493	if (copy_to_user((void __user *) buf,
	494	chip->data_buffer, ret_size)) {
	495	ret_size = -EFAULT;
	496	}
	497	}
	498	up(&chip->buffer_mutex);
	499	}
	500
	501	return ret_size;
	502	}
503
504	EXPORT_SYMBOL_GPL(tpm_read);
505
506	void __devexit tpm_remove(struct pci_dev *pci_dev)
507	{
508	struct tpm_chip *chip = pci_get_drvdata(pci_dev);
509
510	if (chip == NULL) {
511	dev_err(&pci_dev->dev, "No device data found\n");
512	return;
513	}
514
515	spin_lock(&driver_lock);
516
517	list_del(&chip->list);
518
519	spin_unlock(&driver_lock);
520
521	pci_set_drvdata(pci_dev, NULL);
522	misc_deregister(&chip->vendor->miscdev);
523
524	device_remove_file(&pci_dev->dev, &dev_attr_pubek);
525	device_remove_file(&pci_dev->dev, &dev_attr_pcrs);
526	device_remove_file(&pci_dev->dev, &dev_attr_caps);
527
528	pci_disable_device(pci_dev);
529
530	dev_mask[chip->dev_num / 32] &= !(1 << (chip->dev_num % 32));
531
532	kfree(chip);
533
534	pci_dev_put(pci_dev);
535	}
536
537	EXPORT_SYMBOL_GPL(tpm_remove);
538
539	static u8 savestate[] = {
540	0, 193, /* TPM_TAG_RQU_COMMAND */
541	0, 0, 0, 10, /* blob length (in bytes) */
542	0, 0, 0, 152 /* TPM_ORD_SaveState */
543	};
544
545	/*
546	* We are about to suspend. Save the TPM state
547	* so that it can be restored.
548	*/
4fd416c1	549	int tpm_pm_suspend(struct pci_dev *pci_dev, pm_message_t pm_state)
1da177e4 LT	550	{
	551	struct tpm_chip *chip = pci_get_drvdata(pci_dev);
	552	if (chip == NULL)
	553	return -ENODEV;
	554
	555	tpm_transmit(chip, savestate, sizeof(savestate));
	556	return 0;
	557	}
	558
	559	EXPORT_SYMBOL_GPL(tpm_pm_suspend);
	560
	561	/*
	562	* Resume from a power safe. The BIOS already restored
	563	* the TPM state.
	564	*/
	565	int tpm_pm_resume(struct pci_dev *pci_dev)
	566	{
	567	struct tpm_chip *chip = pci_get_drvdata(pci_dev);
	568
	569	if (chip == NULL)
	570	return -ENODEV;
	571
	572	spin_lock(&driver_lock);
	573	tpm_lpc_bus_init(pci_dev, chip->vendor->base);
	574	spin_unlock(&driver_lock);
	575
	576	return 0;
	577	}
	578
	579	EXPORT_SYMBOL_GPL(tpm_pm_resume);
	580
	581	/*
	582	* Called from tpm_<specific>.c probe function only for devices
	583	* the driver has determined it should claim. Prior to calling
	584	* this function the specific probe function has called pci_enable_device
	585	* upon errant exit from this function specific probe function should call
	586	* pci_disable_device
	587	*/
	588	int tpm_register_hardware(struct pci_dev *pci_dev,
	589	struct tpm_vendor_specific *entry)
	590	{
	591	char devname[7];
	592	struct tpm_chip *chip;
	593	int i, j;
	594
	595	/* Driver specific per-device data */
	596	chip = kmalloc(sizeof(*chip), GFP_KERNEL);
	597	if (chip == NULL)
	598	return -ENOMEM;
	599
	600	memset(chip, 0, sizeof(struct tpm_chip));
	601
	602	init_MUTEX(&chip->buffer_mutex);
	603	init_MUTEX(&chip->tpm_mutex);
	604	init_MUTEX(&chip->timer_manipulation_mutex);
	605	INIT_LIST_HEAD(&chip->list);
	606
	607	chip->vendor = entry;
	608
	609	chip->dev_num = -1;
	610
	611	for (i = 0; i < 32; i++)
	612	for (j = 0; j < 8; j++)
	613	if ((dev_mask[i] & (1 << j)) == 0) {
614	chip->dev_num = i * 32 + j;
615	dev_mask[i] \|= 1 << j;
616	goto dev_num_search_complete;
617	}
618
619	dev_num_search_complete:
620	if (chip->dev_num < 0) {
621	dev_err(&pci_dev->dev,
622	"No available tpm device numbers\n");
623	kfree(chip);
624	return -ENODEV;
625	} else if (chip->dev_num == 0)
626	chip->vendor->miscdev.minor = TPM_MINOR;
627	else
628	chip->vendor->miscdev.minor = MISC_DYNAMIC_MINOR;
629
630	snprintf(devname, sizeof(devname), "%s%d", "tpm", chip->dev_num);
631	chip->vendor->miscdev.name = devname;
632
633	chip->vendor->miscdev.dev = &(pci_dev->dev);
634	chip->pci_dev = pci_dev_get(pci_dev);
635
636	if (misc_register(&chip->vendor->miscdev)) {
637	dev_err(&chip->pci_dev->dev,
638	"unable to misc_register %s, minor %d\n",
639	chip->vendor->miscdev.name,
640	chip->vendor->miscdev.minor);
641	pci_dev_put(pci_dev);
642	kfree(chip);
643	dev_mask[i] &= !(1 << j);
644	return -ENODEV;
645	}
646
647	pci_set_drvdata(pci_dev, chip);
648
649	list_add(&chip->list, &tpm_chip_list);
650
651	device_create_file(&pci_dev->dev, &dev_attr_pubek);
652	device_create_file(&pci_dev->dev, &dev_attr_pcrs);
653	device_create_file(&pci_dev->dev, &dev_attr_caps);
654
655	return 0;
656	}
657
658	EXPORT_SYMBOL_GPL(tpm_register_hardware);
659
660	static int __init init_tpm(void)
661	{
662	return 0;
663	}
664
665	static void __exit cleanup_tpm(void)
666	{
667
668	}
669
670	module_init(init_tpm);
671	module_exit(cleanup_tpm);
672
673	MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
674	MODULE_DESCRIPTION("TPM Driver");
675	MODULE_VERSION("2.0");
676	MODULE_LICENSE("GPL");