diff options
Diffstat (limited to 'drivers/char/tpm')
-rw-r--r-- | drivers/char/tpm/Kconfig | 14 | ||||
-rw-r--r-- | drivers/char/tpm/tpm.c | 47 | ||||
-rw-r--r-- | drivers/char/tpm/tpm_tis.c | 40 |
3 files changed, 72 insertions, 29 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index f5fc64f..bfc2c26 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -17,20 +17,28 @@ menuconfig TCG_TPM obtained at: <http://sourceforge.net/projects/trousers>. To compile this driver as a module, choose M here; the module will be called tpm. If unsure, say N. - Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI - and CONFIG_PNPACPI. + Note: For more TPM drivers and BIOS LOG access enable + CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. if TCG_TPM config TCG_TIS tristate "TPM Interface Specification 1.2 Interface" - depends on PNP ---help--- If you have a TPM security chip that is compliant with the TCG TIS 1.2 TPM specification say Yes and it will be accessible from within Linux. To compile this driver as a module, choose M here; the module will be called tpm_tis. +config TCG_BIOS_LOG + bool "TPM bios mesurement log" + depends on X86 + select ACPI + ---help--- + ACPI is required for access to bios measurements lists and therefore + to validate the PCR[0] value. So say Yes in case you want this + feature and, consequently, ACPI will be enabled. + config TCG_NSC tristate "National Semiconductor TPM Interface" ---help--- diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index 068c816..05ad4a1 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -1068,6 +1068,27 @@ void tpm_remove_hardware(struct device *dev) } EXPORT_SYMBOL_GPL(tpm_remove_hardware); +#define TPM_ORD_SAVESTATE cpu_to_be32(152) +#define SAVESTATE_RESULT_SIZE 10 + +static struct tpm_input_header savestate_header = { + .tag = TPM_TAG_RQU_COMMAND, + .length = cpu_to_be32(10), + .ordinal = TPM_ORD_SAVESTATE +}; + +/* Bug workaround - some TPM's don't flush the most + * recently changed pcr on suspend, so force the flush + * with an extend to the selected _unused_ non-volatile pcr. + */ +static int tpm_suspend_pcr; +static int __init tpm_suspend_setup(char *str) +{ + get_option(&str, &tpm_suspend_pcr); + return 1; +} +__setup("tpm_suspend_pcr=", tpm_suspend_setup); + /* * We are about to suspend. Save the TPM state * so that it can be restored. @@ -1075,17 +1096,29 @@ EXPORT_SYMBOL_GPL(tpm_remove_hardware); int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) { struct tpm_chip *chip = dev_get_drvdata(dev); - u8 savestate[] = { - 0, 193, /* TPM_TAG_RQU_COMMAND */ - 0, 0, 0, 10, /* blob length (in bytes) */ - 0, 0, 0, 152 /* TPM_ORD_SaveState */ - }; + struct tpm_cmd_t cmd; + int rc; + + u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; if (chip == NULL) return -ENODEV; - tpm_transmit(chip, savestate, sizeof(savestate)); - return 0; + /* for buggy tpm, flush pcrs with extend to selected dummy */ + if (tpm_suspend_pcr) { + cmd.header.in = pcrextend_header; + cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); + memcpy(cmd.params.pcrextend_in.hash, dummy_hash, + TPM_DIGEST_SIZE); + rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, + "extending dummy pcr before suspend"); + } + + /* now do the actual savestate */ + cmd.header.in = savestate_header; + rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, + "sending savestate before suspend"); + return rc; } EXPORT_SYMBOL_GPL(tpm_pm_suspend); diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 9434599..24314a9 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -598,7 +598,7 @@ out_err: tpm_remove_hardware(chip->dev); return rc; } - +#ifdef CONFIG_PNP static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev, const struct pnp_device_id *pnp_id) { @@ -663,7 +663,7 @@ static struct pnp_driver tis_pnp_driver = { module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id, sizeof(tpm_pnp_tbl[TIS_HID_USR_IDX].id), 0444); MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe"); - +#endif static int tpm_tis_suspend(struct platform_device *dev, pm_message_t msg) { return tpm_pm_suspend(&dev->dev, msg); @@ -690,21 +690,21 @@ MODULE_PARM_DESC(force, "Force device probe rather than using ACPI entry"); static int __init init_tis(void) { int rc; +#ifdef CONFIG_PNP + if (!force) + return pnp_register_driver(&tis_pnp_driver); +#endif - if (force) { - rc = platform_driver_register(&tis_drv); - if (rc < 0) - return rc; - if (IS_ERR(pdev=platform_device_register_simple("tpm_tis", -1, NULL, 0))) - return PTR_ERR(pdev); - if((rc=tpm_tis_init(&pdev->dev, TIS_MEM_BASE, TIS_MEM_LEN, 0)) != 0) { - platform_device_unregister(pdev); - platform_driver_unregister(&tis_drv); - } + rc = platform_driver_register(&tis_drv); + if (rc < 0) return rc; + if (IS_ERR(pdev=platform_device_register_simple("tpm_tis", -1, NULL, 0))) + return PTR_ERR(pdev); + if((rc=tpm_tis_init(&pdev->dev, TIS_MEM_BASE, TIS_MEM_LEN, 0)) != 0) { + platform_device_unregister(pdev); + platform_driver_unregister(&tis_drv); } - - return pnp_register_driver(&tis_pnp_driver); + return rc; } static void __exit cleanup_tis(void) @@ -728,12 +728,14 @@ static void __exit cleanup_tis(void) list_del(&i->list); } spin_unlock(&tis_lock); - - if (force) { - platform_device_unregister(pdev); - platform_driver_unregister(&tis_drv); - } else +#ifdef CONFIG_PNP + if (!force) { pnp_unregister_driver(&tis_pnp_driver); + return; + } +#endif + platform_device_unregister(pdev); + platform_driver_unregister(&tis_drv); } module_init(init_tis); |