From: Jarkko Sakkinen <jarkko@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
Andreas.Fuchs@infineon.com, James Prestwood <prestwoj@gmail.com>,
David Woodhouse <dwmw2@infradead.org>,
Eric Biggers <ebiggers@kernel.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org (open list:CRYPTO API),
linux-kernel@vger.kernel.org (open list),
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Stefan Berger <stefanb@linux.ibm.com>,
Ard Biesheuvel <ardb@kernel.org>,
Mario Limonciello <mario.limonciello@amd.com>
Subject: [PATCH v2 3/6] tpm: Export tpm2_load_context()
Date: Tue, 21 May 2024 06:16:28 +0300 [thread overview]
Message-ID: <20240521031645.17008-4-jarkko@kernel.org> (raw)
In-Reply-To: <20240521031645.17008-1-jarkko@kernel.org>
Export tpm2_load_context() so that the null key can be loaded as the
parent of a asymmetric TPM2 key.
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
drivers/char/tpm/tpm.h | 2 -
drivers/char/tpm/tpm2-cmd.c | 77 +++++++++++++++++++++++++++++++++++
drivers/char/tpm/tpm2-space.c | 61 ---------------------------
include/linux/tpm.h | 2 +
4 files changed, 79 insertions(+), 63 deletions(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 6b8b9956ba69..c9c67fe84f33 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -314,8 +314,6 @@ int tpm_devs_add(struct tpm_chip *chip);
void tpm_devs_remove(struct tpm_chip *chip);
int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
unsigned int buf_size, unsigned int *offset);
-int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
- unsigned int *offset, u32 *handle);
void tpm_bios_log_setup(struct tpm_chip *chip);
void tpm_bios_log_teardown(struct tpm_chip *chip);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 0cdf892ec2a7..eb07a109e2ba 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -370,6 +370,83 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
}
EXPORT_SYMBOL_GPL(tpm2_flush_context);
+struct tpm2_context {
+ __be64 sequence;
+ __be32 saved_handle;
+ __be32 hierarchy;
+ __be16 blob_size;
+} __packed;
+
+/**
+ * tpm2_load_context() - Load TPM2 object to the TPM memory
+ * @chip: TPM chip to use
+ * @buf: Blob containing TPM2 object.
+ * @offset: Output variable for the offset in @buf reached.
+ * @handle: Output variable for the handle of the object in TPM memory.
+ *
+ * Load a blob encrypted with TPM from the memory to the TPM chip.
+ *
+ * Return:
+ * - 0 when the blob is successfully loaded to the TPM.
+ * - -EFAULT if the TPM chip itself fails.
+ * - -ENOENT if the TPM object is replayed.
+ * - -EINVAL if the TPM object is corrupted.
+ */
+int tpm2_load_context(struct tpm_chip *chip, const u8 *buf,
+ unsigned int *offset, u32 *handle)
+{
+ struct tpm_buf tbuf;
+ struct tpm2_context *ctx;
+ unsigned int body_size;
+ int rc;
+
+ rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD);
+ if (rc)
+ return rc;
+
+ ctx = (struct tpm2_context *)&buf[*offset];
+ body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size);
+ tpm_buf_append(&tbuf, &buf[*offset], body_size);
+
+ rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL);
+ if (rc < 0) {
+ dev_warn(&chip->dev, "%s: failed with a system error %d\n",
+ __func__, rc);
+ tpm_buf_destroy(&tbuf);
+ return -EFAULT;
+ } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE ||
+ rc == TPM2_RC_REFERENCE_H0) {
+ /*
+ * TPM_RC_HANDLE means that the session context can't
+ * be loaded because of an internal counter mismatch
+ * that makes the TPM think there might have been a
+ * replay. This might happen if the context was saved
+ * and loaded outside the space.
+ *
+ * TPM_RC_REFERENCE_H0 means the session has been
+ * flushed outside the space
+ */
+ *handle = 0;
+ tpm_buf_destroy(&tbuf);
+ return -ENOENT;
+ } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) {
+ tpm_buf_destroy(&tbuf);
+ return -EINVAL;
+ } else if (rc > 0) {
+ dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n",
+ __func__, rc);
+ tpm_buf_destroy(&tbuf);
+ return -EFAULT;
+ }
+
+ *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]);
+ *offset += body_size;
+
+ tpm_buf_destroy(&tbuf);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(tpm2_load_context);
+
struct tpm2_get_cap_out {
u8 more_data;
__be32 subcap_id;
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 4892d491da8d..708c6e4d64cd 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -21,13 +21,6 @@ enum tpm2_handle_types {
TPM2_HT_TRANSIENT = 0x80000000,
};
-struct tpm2_context {
- __be64 sequence;
- __be32 saved_handle;
- __be32 hierarchy;
- __be16 blob_size;
-} __packed;
-
static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space)
{
int i;
@@ -68,60 +61,6 @@ void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
kfree(space->session_buf);
}
-int tpm2_load_context(struct tpm_chip *chip, u8 *buf,
- unsigned int *offset, u32 *handle)
-{
- struct tpm_buf tbuf;
- struct tpm2_context *ctx;
- unsigned int body_size;
- int rc;
-
- rc = tpm_buf_init(&tbuf, TPM2_ST_NO_SESSIONS, TPM2_CC_CONTEXT_LOAD);
- if (rc)
- return rc;
-
- ctx = (struct tpm2_context *)&buf[*offset];
- body_size = sizeof(*ctx) + be16_to_cpu(ctx->blob_size);
- tpm_buf_append(&tbuf, &buf[*offset], body_size);
-
- rc = tpm_transmit_cmd(chip, &tbuf, 4, NULL);
- if (rc < 0) {
- dev_warn(&chip->dev, "%s: failed with a system error %d\n",
- __func__, rc);
- tpm_buf_destroy(&tbuf);
- return -EFAULT;
- } else if (tpm2_rc_value(rc) == TPM2_RC_HANDLE ||
- rc == TPM2_RC_REFERENCE_H0) {
- /*
- * TPM_RC_HANDLE means that the session context can't
- * be loaded because of an internal counter mismatch
- * that makes the TPM think there might have been a
- * replay. This might happen if the context was saved
- * and loaded outside the space.
- *
- * TPM_RC_REFERENCE_H0 means the session has been
- * flushed outside the space
- */
- *handle = 0;
- tpm_buf_destroy(&tbuf);
- return -ENOENT;
- } else if (tpm2_rc_value(rc) == TPM2_RC_INTEGRITY) {
- tpm_buf_destroy(&tbuf);
- return -EINVAL;
- } else if (rc > 0) {
- dev_warn(&chip->dev, "%s: failed with a TPM error 0x%04X\n",
- __func__, rc);
- tpm_buf_destroy(&tbuf);
- return -EFAULT;
- }
-
- *handle = be32_to_cpup((__be32 *)&tbuf.data[TPM_HEADER_SIZE]);
- *offset += body_size;
-
- tpm_buf_destroy(&tbuf);
- return 0;
-}
-
int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
unsigned int buf_size, unsigned int *offset)
{
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index c17e4efbb2e5..2f25ca07127b 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -466,6 +466,8 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
extern struct tpm_chip *tpm_default_chip(void);
void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
+int tpm2_load_context(struct tpm_chip *chip, const u8 *buf,
+ unsigned int *offset, u32 *handle);
static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle)
{
--
2.45.1
next prev parent reply other threads:[~2024-05-21 3:17 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-21 3:16 [PATCH v2 0/6] KEYS: asymmetric: tpm2_key_rsa Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 1/6] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 2/6] lib: Expand asn1_encode_integer() to variable size integers Jarkko Sakkinen
2024-05-21 5:36 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB5314CFBD18B011F292809EBFE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 6:21 ` Jarkko Sakkinen
2024-05-21 3:16 ` Jarkko Sakkinen [this message]
2024-05-21 3:16 ` [PATCH v2 4/6] KEYS: trusted: Move tpm2_key_decode() to the TPM driver Jarkko Sakkinen
2024-05-21 18:18 ` James Bottomley
2024-05-21 21:17 ` Jarkko Sakkinen
2024-05-21 21:44 ` David Howells
2024-05-21 21:59 ` James Bottomley
2024-05-21 22:45 ` Jarkko Sakkinen
2024-05-21 22:59 ` Jarkko Sakkinen
2024-05-21 22:42 ` Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 5/6] tpm: tpm2_key: Extend parser to TPM_LoadableKey Jarkko Sakkinen
2024-05-21 5:47 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB53140F4341BC441C1C11586EE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 7:13 ` Jarkko Sakkinen
2024-05-21 3:16 ` [PATCH v2 6/6] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
2024-05-21 7:25 ` [EXTERNAL] " Bharat Bhushan
[not found] ` < <SN7PR18MB531494159D3996799475209DE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com>
2024-05-21 7:38 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240521031645.17008-4-jarkko@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=peterhuewe@gmx.de \
--cc=prestwoj@gmail.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.