[PATCH 0/4] Reorganize TPM public headers

[PATCH 0/4] Reorganize TPM public headers

[Alec Brown]

This patch series reorganizes various TPM definitions into tpm_command.h and
groups them corresponding to the TCG specification for TPM1 and TPM2. The
purpose in reorganizing these definitions is to assist the TPM driver usability
in pre-boot environments. This series is related to Jarkko Sakkinen's work
streamlining TPM2 HMAC sessions but can be applied independently of his
patches.

Ross Philipson (4):
      tpm: Initial step to reorganize TPM public headers
      tpm: Move TPM1 specific definitions to the command header
      tpm: Move TPM2 specific definitions to the command header
      tpm: Move TPM common base definitions to the command header

 drivers/char/tpm/tpm-buf.c                |   1 -
 drivers/char/tpm/tpm.h                    | 179 ----------
 drivers/char/tpm/tpm1-cmd.c               |  19 +-
 drivers/char/tpm/tpm2-cmd.c               |  30 --
 drivers/char/tpm/tpm2-space.c             |  13 -
 include/keys/trusted_tpm.h                |   1 -
 include/linux/tpm.h                       | 195 +----------
 include/linux/tpm_command.h               | 520 +++++++++++++++++++++++++++++-
 security/keys/trusted-keys/trusted_tpm1.c |   1 -
 security/keys/trusted-keys/trusted_tpm2.c |   1 -
 10 files changed, 510 insertions(+), 450 deletions(-)

[PATCH 1/4] tpm: Initial step to reorganize TPM public headers

[Alec Brown]

From: Ross Philipson <ross.philipson@oracle.com>

From: Ross Philipson <ross.philipson@oracle.com>

Consolidate TPM1 constants in tpm_command.h and remove duplicate
constants from tpm1-cmd.c.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
 drivers/char/tpm/tpm-buf.c                |  1 -
 drivers/char/tpm/tpm1-cmd.c               | 14 +-------
 include/keys/trusted_tpm.h                |  1 -
 include/linux/tpm.h                       |  2 ++
 include/linux/tpm_command.h               | 43 ++++++++++++++++-------
 security/keys/trusted-keys/trusted_tpm1.c |  1 -
 security/keys/trusted-keys/trusted_tpm2.c |  1 -
 7 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
index dc882fc9fa9e..4c4f450630df 100644
--- a/drivers/char/tpm/tpm-buf.c
+++ b/drivers/char/tpm/tpm-buf.c
@@ -3,7 +3,6 @@
  * Handling of TPM command and other buffers.
  */
 
-#include <linux/tpm_command.h>
 #include <linux/module.h>
 #include <linux/tpm.h>
 
diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
index b49a790f1bd5..664ca1fff2e8 100644
--- a/drivers/char/tpm/tpm1-cmd.c
+++ b/drivers/char/tpm/tpm1-cmd.c
@@ -22,8 +22,6 @@
 
 #include "tpm.h"
 
-#define TPM_MAX_ORDINAL 243
-
 /*
  * Array with one entry per ordinal defining the maximum amount
  * of time the chip could take to return the result.  The ordinal
@@ -308,9 +306,6 @@ unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
 		return duration;
 }
 
-#define TPM_ORD_STARTUP 153
-#define TPM_ST_CLEAR 1
-
 /**
  * tpm1_startup() - turn on the TPM
  * @chip: TPM chip to use
@@ -459,7 +454,6 @@ int tpm1_get_timeouts(struct tpm_chip *chip)
 	return 0;
 }
 
-#define TPM_ORD_PCR_EXTEND 20
 int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
 		    const char *log_msg)
 {
@@ -478,7 +472,6 @@ int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
 	return rc;
 }
 
-#define TPM_ORD_GET_CAP 101
 ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
 		    const char *desc, size_t min_cap_length)
 {
@@ -511,7 +504,6 @@ ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
 }
 EXPORT_SYMBOL_GPL(tpm1_getcap);
 
-#define TPM_ORD_GET_RANDOM 70
 struct tpm1_get_random_out {
 	__be32 rng_data_len;
 	u8 rng_data[TPM_MAX_RNG_DATA];
@@ -580,13 +572,12 @@ int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
 	return rc;
 }
 
-#define TPM_ORD_PCRREAD 21
 int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
 {
 	struct tpm_buf buf;
 	int rc;
 
-	rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
+	rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_READ);
 	if (rc)
 		return rc;
 
@@ -609,7 +600,6 @@ int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
 	return rc;
 }
 
-#define TPM_ORD_CONTINUE_SELFTEST 83
 /**
  * tpm1_continue_selftest() - run TPM's selftest
  * @chip: TPM chip to use
@@ -726,8 +716,6 @@ int tpm1_auto_startup(struct tpm_chip *chip)
 	return rc;
 }
 
-#define TPM_ORD_SAVESTATE 152
-
 /**
  * tpm1_pm_suspend() - pm suspend handler
  * @chip: TPM chip to use.
diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h
index 0fadc6a4f166..3a0fa3bc8454 100644
--- a/include/keys/trusted_tpm.h
+++ b/include/keys/trusted_tpm.h
@@ -3,7 +3,6 @@
 #define __TRUSTED_TPM_H
 
 #include <keys/trusted-type.h>
-#include <linux/tpm_command.h>
 
 extern struct trusted_key_ops trusted_key_tpm_ops;
 
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 202da079d500..18dcf0ef46f6 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -25,6 +25,8 @@
 #include <crypto/hash_info.h>
 #include <crypto/aes.h>
 
+#include "tpm_command.h"
+
 #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
 
 #define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
index f5c03e9c3913..9a8991b8801d 100644
--- a/include/linux/tpm_command.h
+++ b/include/linux/tpm_command.h
@@ -2,28 +2,45 @@
 #ifndef __LINUX_TPM_COMMAND_H__
 #define __LINUX_TPM_COMMAND_H__
 
+/************************************************/
+/* TPM 1 Family Chips                           */
+/************************************************/
+
 /*
- * TPM Command constants from specifications at
- * http://www.trustedcomputinggroup.org
+ * TPM 1.2 Main Specification
+ * https://trustedcomputinggroup.org/resource/tpm-main-specification/
  */
 
+#define TPM_MAX_ORDINAL	243
+
 /* Command TAGS */
-#define TPM_TAG_RQU_COMMAND             193
-#define TPM_TAG_RQU_AUTH1_COMMAND       194
-#define TPM_TAG_RQU_AUTH2_COMMAND       195
-#define TPM_TAG_RSP_COMMAND             196
-#define TPM_TAG_RSP_AUTH1_COMMAND       197
-#define TPM_TAG_RSP_AUTH2_COMMAND       198
+enum tpm_command_tags {
+	TPM_TAG_RQU_COMMAND		= 193,
+	TPM_TAG_RQU_AUTH1_COMMAND	= 194,
+	TPM_TAG_RQU_AUTH2_COMMAND	= 195,
+	TPM_TAG_RSP_COMMAND		= 196,
+	TPM_TAG_RSP_AUTH1_COMMAND	= 197,
+	TPM_TAG_RSP_AUTH2_COMMAND	= 198,
+};
 
 /* Command Ordinals */
-#define TPM_ORD_GETRANDOM               70
-#define TPM_ORD_OSAP                    11
-#define TPM_ORD_OIAP                    10
-#define TPM_ORD_SEAL                    23
-#define TPM_ORD_UNSEAL                  24
+enum tpm_command_ordinals {
+	TPM_ORD_CONTINUE_SELFTEST	= 83,
+	TPM_ORD_GET_CAP			= 101,
+	TPM_ORD_GET_RANDOM		= 70,
+	TPM_ORD_PCR_EXTEND		= 20,
+	TPM_ORD_PCR_READ		= 21,
+	TPM_ORD_OSAP			= 11,
+	TPM_ORD_OIAP			= 10,
+	TPM_ORD_SAVESTATE		= 152,
+	TPM_ORD_SEAL			= 23,
+	TPM_ORD_STARTUP			= 153,
+	TPM_ORD_UNSEAL			= 24,
+};
 
 /* Other constants */
 #define SRKHANDLE                       0x40000000
 #define TPM_NONCE_SIZE                  20
+#define TPM_ST_CLEAR			1
 
 #endif
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 636acb66a4f6..10f79a8c2d35 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -17,7 +17,6 @@
 #include <keys/trusted-type.h>
 #include <linux/key-type.h>
 #include <linux/tpm.h>
-#include <linux/tpm_command.h>
 
 #include <keys/trusted_tpm.h>
 
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index a7ea4a1c3bed..56eb8e20780a 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -9,7 +9,6 @@
 #include <linux/string.h>
 #include <linux/err.h>
 #include <linux/tpm.h>
-#include <linux/tpm_command.h>
 
 #include <keys/trusted-type.h>
 #include <keys/trusted_tpm.h>
-- 
2.47.3

[PATCH 2/4] tpm: Move TPM1 specific definitions to the command header

[Alec Brown]

From: Ross Philipson <ross.philipson@oracle.com>

From: Ross Philipson <ross.philipson@oracle.com>

Gather all the TPM1 definitions and structures in the internal header
file drivers/char/tpm/tpm.h into the command header. In addition, bring
in the single RNG structure from tpm-interface.c.

The definitions moved to these files correspond to the TCG specification
for TPM 1 family:

TPM 1.2 Main Specification
 -  https://trustedcomputinggroup.org/resource/tpm-main-specification/

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
 drivers/char/tpm/tpm.h      | 102 --------------------------------
 drivers/char/tpm/tpm1-cmd.c |   5 --
 include/linux/tpm_command.h | 115 ++++++++++++++++++++++++++++++++++++
 3 files changed, 115 insertions(+), 107 deletions(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 02c07fef41ba..1a9a46a921fe 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -51,105 +51,9 @@ enum tpm_addr {
 	TPM_ADDR = 0x4E,
 };
 
-#define TPM_WARN_RETRY          0x800
-#define TPM_WARN_DOING_SELFTEST 0x802
-#define TPM_ERR_DEACTIVATED     0x6
-#define TPM_ERR_DISABLED        0x7
-#define TPM_ERR_FAILEDSELFTEST  0x1C
-#define TPM_ERR_INVALID_POSTINIT 38
-
-#define TPM_TAG_RQU_COMMAND 193
-
 /* TPM2 specific constants. */
 #define TPM2_SPACE_BUFFER_SIZE		16384 /* 16 kB */
 
-struct	stclear_flags_t {
-	__be16	tag;
-	u8	deactivated;
-	u8	disableForceClear;
-	u8	physicalPresence;
-	u8	physicalPresenceLock;
-	u8	bGlobalLock;
-} __packed;
-
-struct tpm1_version {
-	u8 major;
-	u8 minor;
-	u8 rev_major;
-	u8 rev_minor;
-} __packed;
-
-struct tpm1_version2 {
-	__be16 tag;
-	struct tpm1_version version;
-} __packed;
-
-struct	timeout_t {
-	__be32	a;
-	__be32	b;
-	__be32	c;
-	__be32	d;
-} __packed;
-
-struct duration_t {
-	__be32	tpm_short;
-	__be32	tpm_medium;
-	__be32	tpm_long;
-} __packed;
-
-struct permanent_flags_t {
-	__be16	tag;
-	u8	disable;
-	u8	ownership;
-	u8	deactivated;
-	u8	readPubek;
-	u8	disableOwnerClear;
-	u8	allowMaintenance;
-	u8	physicalPresenceLifetimeLock;
-	u8	physicalPresenceHWEnable;
-	u8	physicalPresenceCMDEnable;
-	u8	CEKPUsed;
-	u8	TPMpost;
-	u8	TPMpostLock;
-	u8	FIPS;
-	u8	operator;
-	u8	enableRevokeEK;
-	u8	nvLocked;
-	u8	readSRKPub;
-	u8	tpmEstablished;
-	u8	maintenanceDone;
-	u8	disableFullDALogicInfo;
-} __packed;
-
-typedef union {
-	struct	permanent_flags_t perm_flags;
-	struct	stclear_flags_t	stclear_flags;
-	__u8	owned;
-	__be32	num_pcrs;
-	struct tpm1_version version1;
-	struct tpm1_version2 version2;
-	__be32	manufacturer_id;
-	struct timeout_t  timeout;
-	struct duration_t duration;
-} cap_t;
-
-enum tpm_capabilities {
-	TPM_CAP_FLAG = 4,
-	TPM_CAP_PROP = 5,
-	TPM_CAP_VERSION_1_1 = 0x06,
-	TPM_CAP_VERSION_1_2 = 0x1A,
-};
-
-enum tpm_sub_capabilities {
-	TPM_CAP_PROP_PCR = 0x101,
-	TPM_CAP_PROP_MANUFACTURER = 0x103,
-	TPM_CAP_FLAG_PERM = 0x108,
-	TPM_CAP_FLAG_VOL = 0x109,
-	TPM_CAP_PROP_OWNER = 0x111,
-	TPM_CAP_PROP_TIS_TIMEOUT = 0x115,
-	TPM_CAP_PROP_TIS_DURATION = 0x120,
-};
-
 enum tpm2_pt_props {
 	TPM2_PT_NONE = 0x00000000,
 	TPM2_PT_GROUP = 0x00000100,
@@ -224,12 +128,6 @@ enum tpm2_pt_props {
 	TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
 };
 
-/* 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18
- * bytes, but 128 is still a relatively large number of random bytes and
- * anything much bigger causes users of struct tpm_cmd_t to start getting
- * compiler warnings about stack frame size. */
-#define TPM_MAX_RNG_DATA	128
-
 extern const struct class tpm_class;
 extern const struct class tpmrm_class;
 extern dev_t tpm_devt;
diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
index 664ca1fff2e8..96f189b5fd6f 100644
--- a/drivers/char/tpm/tpm1-cmd.c
+++ b/drivers/char/tpm/tpm1-cmd.c
@@ -504,11 +504,6 @@ ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
 }
 EXPORT_SYMBOL_GPL(tpm1_getcap);
 
-struct tpm1_get_random_out {
-	__be32 rng_data_len;
-	u8 rng_data[TPM_MAX_RNG_DATA];
-} __packed;
-
 /**
  * tpm1_get_random() - get random bytes from the TPM's RNG
  * @chip:	a &struct tpm_chip instance
diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
index 9a8991b8801d..20b634591fb1 100644
--- a/include/linux/tpm_command.h
+++ b/include/linux/tpm_command.h
@@ -38,6 +38,121 @@ enum tpm_command_ordinals {
 	TPM_ORD_UNSEAL			= 24,
 };
 
+enum tpm_capabilities {
+	TPM_CAP_FLAG		= 4,
+	TPM_CAP_PROP		= 5,
+	TPM_CAP_VERSION_1_1	= 0x06,
+	TPM_CAP_VERSION_1_2	= 0x1A,
+};
+
+enum tpm_sub_capabilities {
+	TPM_CAP_PROP_PCR		= 0x101,
+	TPM_CAP_PROP_MANUFACTURER	= 0x103,
+	TPM_CAP_FLAG_PERM		= 0x108,
+	TPM_CAP_FLAG_VOL		= 0x109,
+	TPM_CAP_PROP_OWNER		= 0x111,
+	TPM_CAP_PROP_TIS_TIMEOUT	= 0x115,
+	TPM_CAP_PROP_TIS_DURATION	= 0x120,
+};
+
+/* Return Codes */
+enum tpm_return_codes {
+	TPM_BASE_MASK			= 0,
+	TPM_NON_FATAL_MASK		= 0x00000800,
+	TPM_SUCCESS			= TPM_BASE_MASK + 0,
+	TPM_ERR_DEACTIVATED		= TPM_BASE_MASK + 6,
+	TPM_ERR_DISABLED		= TPM_BASE_MASK + 7,
+	TPM_ERR_FAIL			= TPM_BASE_MASK + 9,
+	TPM_ERR_FAILEDSELFTEST		= TPM_BASE_MASK + 28,
+	TPM_ERR_INVALID_POSTINIT	= TPM_BASE_MASK + 38,
+	TPM_ERR_INVALID_FAMILY		= TPM_BASE_MASK + 55,
+	TPM_WARN_RETRY			= TPM_BASE_MASK + TPM_NON_FATAL_MASK + 0,
+	TPM_WARN_DOING_SELFTEST		= TPM_BASE_MASK + TPM_NON_FATAL_MASK + 2,
+};
+
+struct	stclear_flags_t {
+	__be16 tag;
+	u8 deactivated;
+	u8 disableForceClear;
+	u8 physicalPresence;
+	u8 physicalPresenceLock;
+	u8 bGlobalLock;
+} __packed;
+
+struct tpm1_version {
+	u8 major;
+	u8 minor;
+	u8 rev_major;
+	u8 rev_minor;
+} __packed;
+
+struct tpm1_version2 {
+	__be16 tag;
+	struct tpm1_version version;
+} __packed;
+
+struct	timeout_t {
+	__be32 a;
+	__be32 b;
+	__be32 c;
+	__be32 d;
+} __packed;
+
+struct duration_t {
+	__be32 tpm_short;
+	__be32 tpm_medium;
+	__be32 tpm_long;
+} __packed;
+
+struct permanent_flags_t {
+	__be16 tag;
+	u8 disable;
+	u8 ownership;
+	u8 deactivated;
+	u8 readPubek;
+	u8 disableOwnerClear;
+	u8 allowMaintenance;
+	u8 physicalPresenceLifetimeLock;
+	u8 physicalPresenceHWEnable;
+	u8 physicalPresenceCMDEnable;
+	u8 CEKPUsed;
+	u8 TPMpost;
+	u8 TPMpostLock;
+	u8 FIPS;
+	u8 operator;
+	u8 enableRevokeEK;
+	u8 nvLocked;
+	u8 readSRKPub;
+	u8 tpmEstablished;
+	u8 maintenanceDone;
+	u8 disableFullDALogicInfo;
+} __packed;
+
+typedef union {
+	struct permanent_flags_t perm_flags;
+	struct stclear_flags_t stclear_flags;
+	__u8 owned;
+	__be32 num_pcrs;
+	struct tpm1_version version1;
+	struct tpm1_version2 version2;
+	__be32 manufacturer_id;
+	struct timeout_t timeout;
+	struct duration_t duration;
+} cap_t;
+
+/*
+ * 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18
+ * bytes, but 128 is still a relatively large number of random bytes and
+ * anything much bigger causes users of struct tpm_cmd_t to start getting
+ * compiler warnings about stack frame size.
+ */
+#define TPM_MAX_RNG_DATA		128
+
+struct tpm1_get_random_out {
+	__be32 rng_data_len;
+	u8 rng_data[TPM_MAX_RNG_DATA];
+} __packed;
+
 /* Other constants */
 #define SRKHANDLE                       0x40000000
 #define TPM_NONCE_SIZE                  20
-- 
2.47.3

[PATCH 3/4] tpm: Move TPM2 specific definitions to the command header

[Alec Brown]

From: Ross Philipson <ross.philipson@oracle.com>

From: Ross Philipson <ross.philipson@oracle.com>

Gather all the TPM2 definitions and structures in the internal header
file drivers/char/tpm/tpm.h into the command header, including:
 - Command codes, return codes and definitions from the public and
internal tpm.h files.
 - Structures defined in numerous TPM driver C modules.

The definitions moved to these files correspond to the TCG specification
for TPM 2 family:

TPM 2.0 Library
 - https://trustedcomputinggroup.org/resource/tpm-library-specification/

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
 drivers/char/tpm/tpm.h        |  77 ----------
 drivers/char/tpm/tpm2-cmd.c   |  30 ----
 drivers/char/tpm/tpm2-space.c |  13 --
 include/linux/tpm.h           | 145 ------------------
 include/linux/tpm_command.h   | 273 ++++++++++++++++++++++++++++++++++
 5 files changed, 273 insertions(+), 265 deletions(-)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1a9a46a921fe..147e57c0e7bb 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -51,83 +51,6 @@ enum tpm_addr {
 	TPM_ADDR = 0x4E,
 };
 
-/* TPM2 specific constants. */
-#define TPM2_SPACE_BUFFER_SIZE		16384 /* 16 kB */
-
-enum tpm2_pt_props {
-	TPM2_PT_NONE = 0x00000000,
-	TPM2_PT_GROUP = 0x00000100,
-	TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
-	TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
-	TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
-	TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
-	TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
-	TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
-	TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
-	TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
-	TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
-	TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
-	TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
-	TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
-	TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
-	TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
-	TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
-	TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
-	TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
-	TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
-	TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
-	TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
-	TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
-	TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
-	TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
-	TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
-	TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
-	TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
-	TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
-	TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
-	TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
-	TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
-	TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
-	TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
-	TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
-	TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
-	TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
-	TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
-	TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
-	TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
-	TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
-	TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
-	TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
-	TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
-	TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
-	TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
-	TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
-	TPM2_PT_MODES = TPM2_PT_FIXED + 45,
-	TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
-	TPM2_PT_VAR = TPM2_PT_GROUP * 2,
-	TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
-	TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
-	TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
-	TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
-	TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
-	TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
-	TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
-	TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
-	TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
-	TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
-	TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
-	TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
-	TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
-	TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
-	TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
-	TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
-	TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
-	TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
-	TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
-	TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
-	TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
-};
-
 extern const struct class tpm_class;
 extern const struct class tpmrm_class;
 extern dev_t tpm_devt;
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 3a77be7ebf4a..1fa3e8a43c79 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -94,17 +94,6 @@ unsigned long tpm2_calc_ordinal_duration(u32 ordinal)
 	return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
 }
 
-struct tpm2_pcr_read_out {
-	__be32	update_cnt;
-	__be32	pcr_selects_cnt;
-	__be16	hash_alg;
-	u8	pcr_select_size;
-	u8	pcr_select[TPM2_PCR_SELECT_MIN];
-	__be32	digests_cnt;
-	__be16	digest_size;
-	u8	digest[];
-} __packed;
-
 /**
  * tpm2_pcr_read() - read a PCR value
  * @chip:	TPM chip to use.
@@ -238,11 +227,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
 	return rc;
 }
 
-struct tpm2_get_random_out {
-	__be16 size;
-	u8 buffer[TPM_MAX_RNG_DATA];
-} __packed;
-
 /**
  * tpm2_get_random() - get random bytes from the TPM RNG
  *
@@ -366,14 +350,6 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
 }
 EXPORT_SYMBOL_GPL(tpm2_flush_context);
 
-struct tpm2_get_cap_out {
-	u8 more_data;
-	__be32 subcap_id;
-	__be32 property_cnt;
-	__be32 property_id;
-	__be32 value;
-} __packed;
-
 /**
  * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
  * @chip:		a &tpm_chip instance
@@ -541,12 +517,6 @@ static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
 	return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
 }
 
-struct tpm2_pcr_selection {
-	__be16  hash_alg;
-	u8  size_of_select;
-	u8  pcr_select[3];
-} __packed;
-
 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
 {
 	struct tpm2_pcr_selection pcr_selection;
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 60354cd53b5c..7c1c0a174a2b 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -15,19 +15,6 @@
 #include <linux/unaligned.h>
 #include "tpm.h"
 
-enum tpm2_handle_types {
-	TPM2_HT_HMAC_SESSION	= 0x02000000,
-	TPM2_HT_POLICY_SESSION	= 0x03000000,
-	TPM2_HT_TRANSIENT	= 0x80000000,
-};
-
-struct tpm2_context {
-	__be64 sequence;
-	__be32 saved_handle;
-	__be32 hierarchy;
-	__be16 blob_size;
-} __packed;
-
 static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space)
 {
 	int i;
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 18dcf0ef46f6..92957452f7a7 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -38,12 +38,6 @@ struct trusted_key_options;
 /* opaque structure, holds auth session parameters like the session key */
 struct tpm2_auth;
 
-enum tpm2_session_types {
-	TPM2_SE_HMAC	= 0x00,
-	TPM2_SE_POLICY	= 0x01,
-	TPM2_SE_TRIAL	= 0x02,
-};
-
 /* if you add a new hash to this, increment TPM_MAX_HASHES below */
 enum tpm_algorithms {
 	TPM_ALG_ERROR		= 0x0000,
@@ -65,11 +59,6 @@ enum tpm_algorithms {
  */
 #define TPM_MAX_HASHES	5
 
-enum tpm2_curves {
-	TPM2_ECC_NONE		= 0x0000,
-	TPM2_ECC_NIST_P256	= 0x0003,
-};
-
 struct tpm_digest {
 	u16 alg_id;
 	u8 digest[TPM2_MAX_DIGEST_SIZE];
@@ -222,122 +211,11 @@ struct tpm_chip {
 
 #define TPM_HEADER_SIZE		10
 
-enum tpm2_const {
-	TPM2_PLATFORM_PCR       =     24,
-	TPM2_PCR_SELECT_MIN     = ((TPM2_PLATFORM_PCR + 7) / 8),
-};
-
-enum tpm2_timeouts {
-	TPM2_TIMEOUT_A          =    750,
-	TPM2_TIMEOUT_B          =   4000,
-	TPM2_TIMEOUT_C          =    200,
-	TPM2_TIMEOUT_D          =     30,
-};
-
-enum tpm2_durations {
-	TPM2_DURATION_SHORT     =     20,
-	TPM2_DURATION_LONG      =   2000,
-	TPM2_DURATION_DEFAULT   = 120000,
-};
-
-enum tpm2_structures {
-	TPM2_ST_NO_SESSIONS	= 0x8001,
-	TPM2_ST_SESSIONS	= 0x8002,
-	TPM2_ST_CREATION	= 0x8021,
-};
-
-/* Indicates from what layer of the software stack the error comes from */
-#define TSS2_RC_LAYER_SHIFT	 16
-#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
-
-enum tpm2_return_codes {
-	TPM2_RC_SUCCESS		= 0x0000,
-	TPM2_RC_HASH		= 0x0083, /* RC_FMT1 */
-	TPM2_RC_HANDLE		= 0x008B,
-	TPM2_RC_INTEGRITY	= 0x009F,
-	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */
-	TPM2_RC_FAILURE		= 0x0101,
-	TPM2_RC_DISABLED	= 0x0120,
-	TPM2_RC_UPGRADE		= 0x012D,
-	TPM2_RC_COMMAND_CODE    = 0x0143,
-	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
-	TPM2_RC_REFERENCE_H0	= 0x0910,
-	TPM2_RC_RETRY		= 0x0922,
-	TPM2_RC_SESSION_MEMORY	= 0x0903,
-};
-
-enum tpm2_command_codes {
-	TPM2_CC_FIRST		        = 0x011F,
-	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
-	TPM2_CC_HIERARCHY_CHANGE_AUTH   = 0x0129,
-	TPM2_CC_CREATE_PRIMARY          = 0x0131,
-	TPM2_CC_SEQUENCE_COMPLETE       = 0x013E,
-	TPM2_CC_SELF_TEST	        = 0x0143,
-	TPM2_CC_STARTUP		        = 0x0144,
-	TPM2_CC_SHUTDOWN	        = 0x0145,
-	TPM2_CC_NV_READ                 = 0x014E,
-	TPM2_CC_CREATE		        = 0x0153,
-	TPM2_CC_LOAD		        = 0x0157,
-	TPM2_CC_SEQUENCE_UPDATE         = 0x015C,
-	TPM2_CC_UNSEAL		        = 0x015E,
-	TPM2_CC_CONTEXT_LOAD	        = 0x0161,
-	TPM2_CC_CONTEXT_SAVE	        = 0x0162,
-	TPM2_CC_FLUSH_CONTEXT	        = 0x0165,
-	TPM2_CC_READ_PUBLIC		= 0x0173,
-	TPM2_CC_START_AUTH_SESS		= 0x0176,
-	TPM2_CC_VERIFY_SIGNATURE        = 0x0177,
-	TPM2_CC_GET_CAPABILITY	        = 0x017A,
-	TPM2_CC_GET_RANDOM	        = 0x017B,
-	TPM2_CC_PCR_READ	        = 0x017E,
-	TPM2_CC_PCR_EXTEND	        = 0x0182,
-	TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
-	TPM2_CC_HASH_SEQUENCE_START     = 0x0186,
-	TPM2_CC_CREATE_LOADED           = 0x0191,
-	TPM2_CC_LAST		        = 0x0193, /* Spec 1.36 */
-};
-
-enum tpm2_permanent_handles {
-	TPM2_RH_NULL		= 0x40000007,
-	TPM2_RS_PW		= 0x40000009,
-};
-
-/* Most Significant Octet for key types  */
-enum tpm2_mso_type {
-	TPM2_MSO_NVRAM		= 0x01,
-	TPM2_MSO_SESSION	= 0x02,
-	TPM2_MSO_POLICY		= 0x03,
-	TPM2_MSO_PERMANENT	= 0x40,
-	TPM2_MSO_VOLATILE	= 0x80,
-	TPM2_MSO_PERSISTENT	= 0x81,
-};
-
 static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
 {
 	return handle >> 24;
 }
 
-enum tpm2_capabilities {
-	TPM2_CAP_HANDLES	= 1,
-	TPM2_CAP_COMMANDS	= 2,
-	TPM2_CAP_PCRS		= 5,
-	TPM2_CAP_TPM_PROPERTIES = 6,
-};
-
-enum tpm2_properties {
-	TPM_PT_TOTAL_COMMANDS	= 0x0129,
-};
-
-enum tpm2_startup_types {
-	TPM2_SU_CLEAR	= 0x0000,
-	TPM2_SU_STATE	= 0x0001,
-};
-
-enum tpm2_cc_attrs {
-	TPM2_CC_ATTR_CHANDLES	= 25,
-	TPM2_CC_ATTR_RHANDLE	= 28,
-	TPM2_CC_ATTR_VENDOR	= 29,
-};
-
 #define TPM_VID_INTEL    0x8086
 #define TPM_VID_WINBOND  0x1050
 #define TPM_VID_STM      0x104A
@@ -389,29 +267,6 @@ struct tpm_buf {
 	u8 handles;
 };
 
-enum tpm2_object_attributes {
-	TPM2_OA_FIXED_TPM		= BIT(1),
-	TPM2_OA_ST_CLEAR		= BIT(2),
-	TPM2_OA_FIXED_PARENT		= BIT(4),
-	TPM2_OA_SENSITIVE_DATA_ORIGIN	= BIT(5),
-	TPM2_OA_USER_WITH_AUTH		= BIT(6),
-	TPM2_OA_ADMIN_WITH_POLICY	= BIT(7),
-	TPM2_OA_NO_DA			= BIT(10),
-	TPM2_OA_ENCRYPTED_DUPLICATION	= BIT(11),
-	TPM2_OA_RESTRICTED		= BIT(16),
-	TPM2_OA_DECRYPT			= BIT(17),
-	TPM2_OA_SIGN			= BIT(18),
-};
-
-enum tpm2_session_attributes {
-	TPM2_SA_CONTINUE_SESSION	= BIT(0),
-	TPM2_SA_AUDIT_EXCLUSIVE		= BIT(1),
-	TPM2_SA_AUDIT_RESET		= BIT(3),
-	TPM2_SA_DECRYPT			= BIT(5),
-	TPM2_SA_ENCRYPT			= BIT(6),
-	TPM2_SA_AUDIT			= BIT(7),
-};
-
 struct tpm2_hash {
 	unsigned int crypto_id;
 	unsigned int tpm_id;
diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
index 20b634591fb1..ee76fcd5ecef 100644
--- a/include/linux/tpm_command.h
+++ b/include/linux/tpm_command.h
@@ -158,4 +158,277 @@ struct tpm1_get_random_out {
 #define TPM_NONCE_SIZE                  20
 #define TPM_ST_CLEAR			1
 
+/************************************************/
+/* TPM 2 Family Chips                           */
+/************************************************/
+
+/*
+ * TPM 2.0 Library
+ * https://trustedcomputinggroup.org/resource/tpm-library-specification/
+ */
+
+/* TPM2 specific constants. */
+#define TPM2_SPACE_BUFFER_SIZE		16384 /* 16 kB */
+
+enum tpm2_session_types {
+	TPM2_SE_HMAC	= 0x00,
+	TPM2_SE_POLICY	= 0x01,
+	TPM2_SE_TRIAL	= 0x02,
+};
+
+enum tpm2_timeouts {
+	TPM2_TIMEOUT_A		= 750,
+	TPM2_TIMEOUT_B		= 4000,
+	TPM2_TIMEOUT_C		= 200,
+	TPM2_TIMEOUT_D		= 30,
+	TPM2_DURATION_SHORT	= 20,
+	TPM2_DURATION_MEDIUM	= 750,
+	TPM2_DURATION_LONG	= 2000,
+	TPM2_DURATION_LONG_LONG	= 300000,
+	TPM2_DURATION_DEFAULT	= 120000,
+};
+
+enum tpm2_structures {
+	TPM2_ST_NO_SESSIONS	= 0x8001,
+	TPM2_ST_SESSIONS	= 0x8002,
+	TPM2_ST_CREATION	= 0x8021,
+};
+
+/* Indicates from what layer of the software stack the error comes from */
+#define TSS2_RC_LAYER_SHIFT	 16
+#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
+
+enum tpm2_return_codes {
+	TPM2_RC_SUCCESS		= 0x0000,
+	TPM2_RC_HASH		= 0x0083, /* RC_FMT1 */
+	TPM2_RC_HANDLE		= 0x008B,
+	TPM2_RC_INTEGRITY	= 0x009F,
+	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */
+	TPM2_RC_FAILURE		= 0x0101,
+	TPM2_RC_DISABLED	= 0x0120,
+	TPM2_RC_UPGRADE		= 0x012D,
+	TPM2_RC_COMMAND_CODE	= 0x0143,
+	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
+	TPM2_RC_REFERENCE_H0	= 0x0910,
+	TPM2_RC_RETRY		= 0x0922,
+	TPM2_RC_SESSION_MEMORY	= 0x0903,
+};
+
+enum tpm2_command_codes {
+	TPM2_CC_FIRST			= 0x011F,
+	TPM2_CC_HIERARCHY_CONTROL	= 0x0121,
+	TPM2_CC_HIERARCHY_CHANGE_AUTH	= 0x0129,
+	TPM2_CC_CREATE_PRIMARY		= 0x0131,
+	TPM2_CC_SEQUENCE_COMPLETE	= 0x013E,
+	TPM2_CC_SELF_TEST		= 0x0143,
+	TPM2_CC_STARTUP			= 0x0144,
+	TPM2_CC_SHUTDOWN		= 0x0145,
+	TPM2_CC_NV_READ			= 0x014E,
+	TPM2_CC_CREATE			= 0x0153,
+	TPM2_CC_LOAD			= 0x0157,
+	TPM2_CC_SEQUENCE_UPDATE		= 0x015C,
+	TPM2_CC_UNSEAL			= 0x015E,
+	TPM2_CC_CONTEXT_LOAD		= 0x0161,
+	TPM2_CC_CONTEXT_SAVE		= 0x0162,
+	TPM2_CC_FLUSH_CONTEXT		= 0x0165,
+	TPM2_CC_READ_PUBLIC		= 0x0173,
+	TPM2_CC_START_AUTH_SESS		= 0x0176,
+	TPM2_CC_VERIFY_SIGNATURE	= 0x0177,
+	TPM2_CC_GET_CAPABILITY		= 0x017A,
+	TPM2_CC_GET_RANDOM		= 0x017B,
+	TPM2_CC_PCR_READ		= 0x017E,
+	TPM2_CC_PCR_EXTEND		= 0x0182,
+	TPM2_CC_EVENT_SEQUENCE_COMPLETE	= 0x0185,
+	TPM2_CC_HASH_SEQUENCE_START	= 0x0186,
+	TPM2_CC_CREATE_LOADED		= 0x0191,
+	TPM2_CC_LAST			= 0x0193, /* Spec 1.36 */
+};
+
+enum tpm2_capabilities {
+	TPM2_CAP_HANDLES	= 1,
+	TPM2_CAP_COMMANDS	= 2,
+	TPM2_CAP_PCRS		= 5,
+	TPM2_CAP_TPM_PROPERTIES = 6,
+};
+
+enum tpm2_properties {
+	TPM_PT_TOTAL_COMMANDS	= 0x0129,
+};
+
+enum tpm2_startup_types {
+	TPM2_SU_CLEAR		= 0x0000,
+	TPM2_SU_STATE		= 0x0001,
+};
+
+enum tpm2_cc_attrs {
+	TPM2_CC_ATTR_CHANDLES	= 25,
+	TPM2_CC_ATTR_RHANDLE	= 28,
+	TPM2_CC_ATTR_VENDOR	= 29,
+};
+
+enum tpm2_permanent_handles {
+	TPM2_RH_NULL		= 0x40000007,
+	TPM2_RS_PW		= 0x40000009,
+};
+
+/* Most Significant Octet for key types  */
+enum tpm2_mso_type {
+	TPM2_MSO_NVRAM		= 0x01,
+	TPM2_MSO_SESSION	= 0x02,
+	TPM2_MSO_POLICY		= 0x03,
+	TPM2_MSO_PERMANENT	= 0x40,
+	TPM2_MSO_VOLATILE	= 0x80,
+	TPM2_MSO_PERSISTENT	= 0x81,
+};
+
+enum tpm2_curves {
+	TPM2_ECC_NONE		= 0x0000,
+	TPM2_ECC_NIST_P256	= 0x0003,
+};
+
+enum tpm2_object_attributes {
+	TPM2_OA_FIXED_TPM		= BIT(1),
+	TPM2_OA_ST_CLEAR		= BIT(2),
+	TPM2_OA_FIXED_PARENT		= BIT(4),
+	TPM2_OA_SENSITIVE_DATA_ORIGIN	= BIT(5),
+	TPM2_OA_USER_WITH_AUTH		= BIT(6),
+	TPM2_OA_ADMIN_WITH_POLICY	= BIT(7),
+	TPM2_OA_NO_DA			= BIT(10),
+	TPM2_OA_ENCRYPTED_DUPLICATION	= BIT(11),
+	TPM2_OA_RESTRICTED		= BIT(16),
+	TPM2_OA_DECRYPT			= BIT(17),
+	TPM2_OA_SIGN			= BIT(18),
+};
+
+enum tpm2_session_attributes {
+	TPM2_SA_CONTINUE_SESSION	= BIT(0),
+	TPM2_SA_AUDIT_EXCLUSIVE		= BIT(1),
+	TPM2_SA_AUDIT_RESET		= BIT(3),
+	TPM2_SA_DECRYPT			= BIT(5),
+	TPM2_SA_ENCRYPT			= BIT(6),
+	TPM2_SA_AUDIT			= BIT(7),
+};
+
+enum tpm2_pcr_select {
+	TPM2_PLATFORM_PCR	= 24,
+	TPM2_PCR_SELECT_MIN	= ((TPM2_PLATFORM_PCR + 7) / 8),
+};
+
+enum tpm2_handle_types {
+	TPM2_HT_HMAC_SESSION	= 0x02000000,
+	TPM2_HT_POLICY_SESSION	= 0x03000000,
+	TPM2_HT_TRANSIENT	= 0x80000000,
+};
+
+enum tpm2_pt_props {
+	TPM2_PT_NONE			= 0x00000000,
+	TPM2_PT_GROUP			= 0x00000100,
+	TPM2_PT_FIXED			= TPM2_PT_GROUP * 1,
+	TPM2_PT_FAMILY_INDICATOR	= TPM2_PT_FIXED + 0,
+	TPM2_PT_LEVEL		= TPM2_PT_FIXED + 1,
+	TPM2_PT_REVISION	= TPM2_PT_FIXED + 2,
+	TPM2_PT_DAY_OF_YEAR	= TPM2_PT_FIXED + 3,
+	TPM2_PT_YEAR		= TPM2_PT_FIXED + 4,
+	TPM2_PT_MANUFACTURER	= TPM2_PT_FIXED + 5,
+	TPM2_PT_VENDOR_STRING_1	= TPM2_PT_FIXED + 6,
+	TPM2_PT_VENDOR_STRING_2	= TPM2_PT_FIXED + 7,
+	TPM2_PT_VENDOR_STRING_3	= TPM2_PT_FIXED + 8,
+	TPM2_PT_VENDOR_STRING_4	= TPM2_PT_FIXED + 9,
+	TPM2_PT_VENDOR_TPM_TYPE	= TPM2_PT_FIXED + 10,
+	TPM2_PT_FIRMWARE_VERSION_1	= TPM2_PT_FIXED + 11,
+	TPM2_PT_FIRMWARE_VERSION_2	= TPM2_PT_FIXED + 12,
+	TPM2_PT_INPUT_BUFFER		= TPM2_PT_FIXED + 13,
+	TPM2_PT_HR_TRANSIENT_MIN	= TPM2_PT_FIXED + 14,
+	TPM2_PT_HR_PERSISTENT_MIN	= TPM2_PT_FIXED + 15,
+	TPM2_PT_HR_LOADED_MIN		= TPM2_PT_FIXED + 16,
+	TPM2_PT_ACTIVE_SESSIONS_MAX	= TPM2_PT_FIXED + 17,
+	TPM2_PT_PCR_COUNT	= TPM2_PT_FIXED + 18,
+	TPM2_PT_PCR_SELECT_MIN	= TPM2_PT_FIXED + 19,
+	TPM2_PT_CONTEXT_GAP_MAX	= TPM2_PT_FIXED + 20,
+	TPM2_PT_NV_COUNTERS_MAX	= TPM2_PT_FIXED + 22,
+	TPM2_PT_NV_INDEX_MAX	= TPM2_PT_FIXED + 23,
+	TPM2_PT_MEMORY		= TPM2_PT_FIXED + 24,
+	TPM2_PT_CLOCK_UPDATE	= TPM2_PT_FIXED + 25,
+	TPM2_PT_CONTEXT_HASH	= TPM2_PT_FIXED + 26,
+	TPM2_PT_CONTEXT_SYM	= TPM2_PT_FIXED + 27,
+	TPM2_PT_CONTEXT_SYM_SIZE	= TPM2_PT_FIXED + 28,
+	TPM2_PT_ORDERLY_COUNT		= TPM2_PT_FIXED + 29,
+	TPM2_PT_MAX_COMMAND_SIZE	= TPM2_PT_FIXED + 30,
+	TPM2_PT_MAX_RESPONSE_SIZE	= TPM2_PT_FIXED + 31,
+	TPM2_PT_MAX_DIGEST		= TPM2_PT_FIXED + 32,
+	TPM2_PT_MAX_OBJECT_CONTEXT	= TPM2_PT_FIXED + 33,
+	TPM2_PT_MAX_SESSION_CONTEXT	= TPM2_PT_FIXED + 34,
+	TPM2_PT_PS_FAMILY_INDICATOR	= TPM2_PT_FIXED + 35,
+	TPM2_PT_PS_LEVEL	= TPM2_PT_FIXED + 36,
+	TPM2_PT_PS_REVISION	= TPM2_PT_FIXED + 37,
+	TPM2_PT_PS_DAY_OF_YEAR	= TPM2_PT_FIXED + 38,
+	TPM2_PT_PS_YEAR		= TPM2_PT_FIXED + 39,
+	TPM2_PT_SPLIT_MAX	= TPM2_PT_FIXED + 40,
+	TPM2_PT_TOTAL_COMMANDS	= TPM2_PT_FIXED + 41,
+	TPM2_PT_LIBRARY_COMMANDS	= TPM2_PT_FIXED + 42,
+	TPM2_PT_VENDOR_COMMANDS		= TPM2_PT_FIXED + 43,
+	TPM2_PT_NV_BUFFER_MAX		= TPM2_PT_FIXED + 44,
+	TPM2_PT_MODES			= TPM2_PT_FIXED + 45,
+	TPM2_PT_MAX_CAP_BUFFER		= TPM2_PT_FIXED + 46,
+	TPM2_PT_VAR		= TPM2_PT_GROUP * 2,
+	TPM2_PT_PERMANENT	= TPM2_PT_VAR + 0,
+	TPM2_PT_STARTUP_CLEAR	= TPM2_PT_VAR + 1,
+	TPM2_PT_HR_NV_INDEX	= TPM2_PT_VAR + 2,
+	TPM2_PT_HR_LOADED	= TPM2_PT_VAR + 3,
+	TPM2_PT_HR_LOADED_AVAIL	= TPM2_PT_VAR + 4,
+	TPM2_PT_HR_ACTIVE	= TPM2_PT_VAR + 5,
+	TPM2_PT_HR_ACTIVE_AVAIL	= TPM2_PT_VAR + 6,
+	TPM2_PT_HR_TRANSIENT_AVAIL	= TPM2_PT_VAR + 7,
+	TPM2_PT_HR_PERSISTENT		= TPM2_PT_VAR + 8,
+	TPM2_PT_HR_PERSISTENT_AVAIL	= TPM2_PT_VAR + 9,
+	TPM2_PT_NV_COUNTERS		= TPM2_PT_VAR + 10,
+	TPM2_PT_NV_COUNTERS_AVAIL	= TPM2_PT_VAR + 11,
+	TPM2_PT_ALGORITHM_SET		= TPM2_PT_VAR + 12,
+	TPM2_PT_LOADED_CURVES		= TPM2_PT_VAR + 13,
+	TPM2_PT_LOCKOUT_COUNTER		= TPM2_PT_VAR + 14,
+	TPM2_PT_MAX_AUTH_FAIL		= TPM2_PT_VAR + 15,
+	TPM2_PT_LOCKOUT_INTERVAL	= TPM2_PT_VAR + 16,
+	TPM2_PT_LOCKOUT_RECOVERY	= TPM2_PT_VAR + 17,
+	TPM2_PT_NV_WRITE_RECOVERY	= TPM2_PT_VAR + 18,
+	TPM2_PT_AUDIT_COUNTER_0	= TPM2_PT_VAR + 19,
+	TPM2_PT_AUDIT_COUNTER_1	= TPM2_PT_VAR + 20,
+};
+
+struct tpm2_pcr_read_out {
+	__be32 update_cnt;
+	__be32 pcr_selects_cnt;
+	__be16 hash_alg;
+	u8 pcr_select_size;
+	u8 pcr_select[TPM2_PCR_SELECT_MIN];
+	__be32 digests_cnt;
+	__be16 digest_size;
+	u8 digest[];
+} __packed;
+
+struct tpm2_get_random_out {
+	__be16 size;
+	u8 buffer[TPM_MAX_RNG_DATA];
+} __packed;
+
+struct tpm2_get_cap_out {
+	u8 more_data;
+	__be32 subcap_id;
+	__be32 property_cnt;
+	__be32 property_id;
+	__be32 value;
+} __packed;
+
+struct tpm2_pcr_selection {
+	__be16 hash_alg;
+	u8 size_of_select;
+	u8 pcr_select[3];
+} __packed;
+
+struct tpm2_context {
+	__be64 sequence;
+	__be32 saved_handle;
+	__be32 hierarchy;
+	__be16 blob_size;
+} __packed;
+
 #endif
-- 
2.47.3

[PATCH 4/4] tpm: Move TPM common base definitions to the command header

[Alec Brown]

From: Ross Philipson <ross.philipson@oracle.com>

From: Ross Philipson <ross.philipson@oracle.com>

These are top level definitions shared by both TPM 1 and 2
family chips. This includes core definitions like TPM localities,
common crypto algorithm IDs, and the base TPM command header.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
 include/linux/tpm.h         | 50 +--------------------
 include/linux/tpm_command.h | 89 +++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 49 deletions(-)

diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 92957452f7a7..a282b7045a24 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -27,49 +27,12 @@
 
 #include "tpm_command.h"
 
-#define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
-
-#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
-#define TPM2_MAX_PCR_BANKS	8
-
 struct tpm_chip;
 struct trusted_key_payload;
 struct trusted_key_options;
 /* opaque structure, holds auth session parameters like the session key */
 struct tpm2_auth;
 
-/* if you add a new hash to this, increment TPM_MAX_HASHES below */
-enum tpm_algorithms {
-	TPM_ALG_ERROR		= 0x0000,
-	TPM_ALG_SHA1		= 0x0004,
-	TPM_ALG_AES		= 0x0006,
-	TPM_ALG_KEYEDHASH	= 0x0008,
-	TPM_ALG_SHA256		= 0x000B,
-	TPM_ALG_SHA384		= 0x000C,
-	TPM_ALG_SHA512		= 0x000D,
-	TPM_ALG_NULL		= 0x0010,
-	TPM_ALG_SM3_256		= 0x0012,
-	TPM_ALG_ECC		= 0x0023,
-	TPM_ALG_CFB		= 0x0043,
-};
-
-/*
- * maximum number of hashing algorithms a TPM can have.  This is
- * basically a count of every hash in tpm_algorithms above
- */
-#define TPM_MAX_HASHES	5
-
-struct tpm_digest {
-	u16 alg_id;
-	u8 digest[TPM2_MAX_DIGEST_SIZE];
-} __packed;
-
-struct tpm_bank_info {
-	u16 alg_id;
-	u16 digest_size;
-	u16 crypto_id;
-};
-
 enum TPM_OPS_FLAGS {
 	TPM_OPS_AUTO_STARTUP = BIT(0),
 };
@@ -127,7 +90,7 @@ struct tpm_chip_seqops {
 	const struct seq_operations *seqops;
 };
 
-/* fixed define for the curve we use which is NIST_P256 */
+/* Fixed define for the curve we use which is NIST_P256 */
 #define EC_PT_SZ	32
 
 /*
@@ -209,8 +172,6 @@ struct tpm_chip {
 #endif
 };
 
-#define TPM_HEADER_SIZE		10
-
 static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
 {
 	return handle >> 24;
@@ -239,15 +200,6 @@ enum tpm_chip_flags {
 
 #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
 
-struct tpm_header {
-	__be16 tag;
-	__be32 length;
-	union {
-		__be32 ordinal;
-		__be32 return_code;
-	};
-} __packed;
-
 enum tpm_buf_flags {
 	/* the capacity exceeded: */
 	TPM_BUF_OVERFLOW	= BIT(0),
diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
index ee76fcd5ecef..25a247254140 100644
--- a/include/linux/tpm_command.h
+++ b/include/linux/tpm_command.h
@@ -431,4 +431,93 @@ struct tpm2_context {
 	__be16 blob_size;
 } __packed;
 
+/************************************************/
+/* TPM Common Defs                              */
+/************************************************/
+
+#define TPM_DIGEST_SIZE		20	/* Max TPM v1.2 PCR size */
+#define TPM_BUFSIZE		4096
+
+/*
+ * SHA-512 is, as of today, the largest digest in the TCG algorithm repository.
+ */
+#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
+
+/*
+ * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the
+ * name algorithm and hash of TPMT_PUBLIC.
+ */
+#define TPM2_MAX_NAME_SIZE	(TPM2_MAX_DIGEST_SIZE + 2)
+
+/*
+ * Fixed define for the size of a name.  This is actually HASHALG size
+ * plus 2, so 32 for SHA256
+ */
+#define TPM2_NULL_NAME_SIZE	34
+
+/*
+ * The maximum number of PCR banks.
+ */
+#define TPM2_MAX_PCR_BANKS	8
+
+/* If you add a new hash to this, increment TPM_MAX_HASHES below */
+enum tpm_algorithms {
+	TPM_ALG_ERROR		= 0x0000,
+	TPM_ALG_SHA1		= 0x0004,
+	TPM_ALG_AES		= 0x0006,
+	TPM_ALG_KEYEDHASH	= 0x0008,
+	TPM_ALG_SHA256		= 0x000B,
+	TPM_ALG_SHA384		= 0x000C,
+	TPM_ALG_SHA512		= 0x000D,
+	TPM_ALG_NULL		= 0x0010,
+	TPM_ALG_SM3_256		= 0x0012,
+	TPM_ALG_ECC		= 0x0023,
+	TPM_ALG_CFB		= 0x0043,
+};
+
+/*
+ * The locality (0 - 4) for a TPM, as defined in section 3.2 of the
+ * Client Platform Profile Specification.
+ */
+enum tpm_localities {
+	TPM_LOCALITY_0		= 0, /* Static RTM */
+	TPM_LOCALITY_1		= 1, /* Dynamic OS */
+	TPM_LOCALITY_2		= 2, /* DRTM Environment */
+	TPM_LOCALITY_3		= 3, /* Aux Components */
+	TPM_LOCALITY_4		= 4, /* CPU DRTM Establishment */
+	TPM_MAX_LOCALITY	= TPM_LOCALITY_4
+};
+
+/*
+ * Structure to represent active PCR algorithm banks usable by the
+ * TPM chip.
+ */
+struct tpm_bank_info {
+	u16 alg_id;
+	u16 digest_size;
+	u16 crypto_id;
+};
+
+/*
+ * Maximum number of hashing algorithms a TPM can have.  This is
+ * basically a count of every hash in tpm_algorithms above
+ */
+#define TPM_MAX_HASHES		5
+
+struct tpm_digest {
+	u16 alg_id;
+	u8 digest[TPM2_MAX_DIGEST_SIZE];
+} __packed;
+
+#define TPM_HEADER_SIZE		10
+
+struct tpm_header {
+	__be16 tag;
+	__be32 length;
+	union {
+		__be32 ordinal;
+		__be32 return_code;
+	};
+} __packed;
+
 #endif
-- 
2.47.3

Re: [PATCH 4/4] tpm: Move TPM common base definitions to the command header

[kernel test robot]

Hi Alec,

kernel test robot noticed the following build warnings:

[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on char-misc/char-misc-next char-misc/char-misc-linus linus/master v7.0-rc4 next-20260320]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Alec-Brown/tpm-Initial-step-to-reorganize-TPM-public-headers/20260322-021741
base:   char-misc/char-misc-testing
patch link:    https://lore.kernel.org/r/20260317160613.2899129-5-alec.r.brown%40oracle.com
patch subject: [PATCH 4/4] tpm: Move TPM common base definitions to the command header
config: arm-randconfig-r132-20260322 (https://download.01.org/0day-ci/archive/20260322/202603220920.LNzslwgU-lkp@intel.com/config)
compiler: clang version 23.0.0git (https://github.com/llvm/llvm-project 4abb927bacf37f18f6359a41639a6d1b3bffffb5)
sparse: v0.6.5-rc1
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260322/202603220920.LNzslwgU-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603220920.LNzslwgU-lkp@intel.com/

All warnings (new ones prefixed by >>):

   In file included from drivers/char/tpm/tpm-dev-common.c:19:
   In file included from drivers/char/tpm/tpm.h:29:
   include/linux/tpm_eventlog.h:167:6: warning: variable 'mapping_size' set but not used [-Wunused-but-set-variable]
     167 |         int mapping_size;
         |             ^
   In file included from drivers/char/tpm/tpm-dev-common.c:19:
   In file included from drivers/char/tpm/tpm.h:28:
   In file included from include/linux/tpm.h:28:
>> include/linux/tpm_command.h:517:2: warning: field  within 'struct tpm_header' is less aligned than 'union tpm_header::(anonymous at include/linux/tpm_command.h:517:2)' and is usually due to 'struct tpm_header' being packed, which can lead to unaligned accesses [-Wunaligned-access]
     517 |         union {
         |         ^
   2 warnings generated.
--
   In file included from drivers/char/tpm/tpm-buf.c:7:
   In file included from include/linux/tpm.h:28:
>> include/linux/tpm_command.h:517:2: warning: field  within 'struct tpm_header' is less aligned than 'union tpm_header::(anonymous at include/linux/tpm_command.h:517:2)' and is usually due to 'struct tpm_header' being packed, which can lead to unaligned accesses [-Wunaligned-access]
     517 |         union {
         |         ^
   1 warning generated.


vim +517 include/linux/tpm_command.h

   513	
   514	struct tpm_header {
   515		__be16 tag;
   516		__be32 length;
 > 517		union {
   518			__be32 ordinal;
   519			__be32 return_code;
   520		};
   521	} __packed;
   522	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH 1/4] tpm: Initial step to reorganize TPM public headers

[Jarkko Sakkinen]

On Tue, Mar 17, 2026 at 04:03:32PM +0000, Alec Brown wrote:
> From: Ross Philipson <ross.philipson@oracle.com>
> 
> From: Ross Philipson <ross.philipson@oracle.com>

nit: just fix this glitch please :-)

> 
> Consolidate TPM1 constants in tpm_command.h and remove duplicate
> constants from tpm1-cmd.c.
> 
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> ---
>  drivers/char/tpm/tpm-buf.c                |  1 -
>  drivers/char/tpm/tpm1-cmd.c               | 14 +-------
>  include/keys/trusted_tpm.h                |  1 -
>  include/linux/tpm.h                       |  2 ++
>  include/linux/tpm_command.h               | 43 ++++++++++++++++-------
>  security/keys/trusted-keys/trusted_tpm1.c |  1 -
>  security/keys/trusted-keys/trusted_tpm2.c |  1 -
>  7 files changed, 33 insertions(+), 30 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
> index dc882fc9fa9e..4c4f450630df 100644
> --- a/drivers/char/tpm/tpm-buf.c
> +++ b/drivers/char/tpm/tpm-buf.c
> @@ -3,7 +3,6 @@
>   * Handling of TPM command and other buffers.
>   */
>  
> -#include <linux/tpm_command.h>
>  #include <linux/module.h>
>  #include <linux/tpm.h>
>  
> diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
> index b49a790f1bd5..664ca1fff2e8 100644
> --- a/drivers/char/tpm/tpm1-cmd.c
> +++ b/drivers/char/tpm/tpm1-cmd.c
> @@ -22,8 +22,6 @@
>  
>  #include "tpm.h"
>  
> -#define TPM_MAX_ORDINAL 243
> -
>  /*
>   * Array with one entry per ordinal defining the maximum amount
>   * of time the chip could take to return the result.  The ordinal
> @@ -308,9 +306,6 @@ unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
>  		return duration;
>  }
>  
> -#define TPM_ORD_STARTUP 153
> -#define TPM_ST_CLEAR 1
> -
>  /**
>   * tpm1_startup() - turn on the TPM
>   * @chip: TPM chip to use
> @@ -459,7 +454,6 @@ int tpm1_get_timeouts(struct tpm_chip *chip)
>  	return 0;
>  }
>  
> -#define TPM_ORD_PCR_EXTEND 20
>  int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
>  		    const char *log_msg)
>  {
> @@ -478,7 +472,6 @@ int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
>  	return rc;
>  }
>  
> -#define TPM_ORD_GET_CAP 101
>  ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
>  		    const char *desc, size_t min_cap_length)
>  {
> @@ -511,7 +504,6 @@ ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
>  }
>  EXPORT_SYMBOL_GPL(tpm1_getcap);
>  
> -#define TPM_ORD_GET_RANDOM 70
>  struct tpm1_get_random_out {
>  	__be32 rng_data_len;
>  	u8 rng_data[TPM_MAX_RNG_DATA];
> @@ -580,13 +572,12 @@ int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
>  	return rc;
>  }
>  
> -#define TPM_ORD_PCRREAD 21
>  int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
>  {
>  	struct tpm_buf buf;
>  	int rc;
>  
> -	rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
> +	rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_READ);
>  	if (rc)
>  		return rc;
>  
> @@ -609,7 +600,6 @@ int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
>  	return rc;
>  }
>  
> -#define TPM_ORD_CONTINUE_SELFTEST 83
>  /**
>   * tpm1_continue_selftest() - run TPM's selftest
>   * @chip: TPM chip to use
> @@ -726,8 +716,6 @@ int tpm1_auto_startup(struct tpm_chip *chip)
>  	return rc;
>  }
>  
> -#define TPM_ORD_SAVESTATE 152
> -
>  /**
>   * tpm1_pm_suspend() - pm suspend handler
>   * @chip: TPM chip to use.
> diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h
> index 0fadc6a4f166..3a0fa3bc8454 100644
> --- a/include/keys/trusted_tpm.h
> +++ b/include/keys/trusted_tpm.h
> @@ -3,7 +3,6 @@
>  #define __TRUSTED_TPM_H
>  
>  #include <keys/trusted-type.h>
> -#include <linux/tpm_command.h>
>  
>  extern struct trusted_key_ops trusted_key_tpm_ops;
>  
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 202da079d500..18dcf0ef46f6 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -25,6 +25,8 @@
>  #include <crypto/hash_info.h>
>  #include <crypto/aes.h>
>  
> +#include "tpm_command.h"
> +
>  #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
>  
>  #define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> index f5c03e9c3913..9a8991b8801d 100644
> --- a/include/linux/tpm_command.h
> +++ b/include/linux/tpm_command.h
> @@ -2,28 +2,45 @@
>  #ifndef __LINUX_TPM_COMMAND_H__
>  #define __LINUX_TPM_COMMAND_H__
>  
> +/************************************************/
> +/* TPM 1 Family Chips                           */
> +/************************************************/
> +
>  /*
> - * TPM Command constants from specifications at
> - * http://www.trustedcomputinggroup.org
> + * TPM 1.2 Main Specification
> + * https://trustedcomputinggroup.org/resource/tpm-main-specification/
>   */
>  
> +#define TPM_MAX_ORDINAL	243
> +
>  /* Command TAGS */
> -#define TPM_TAG_RQU_COMMAND             193
> -#define TPM_TAG_RQU_AUTH1_COMMAND       194
> -#define TPM_TAG_RQU_AUTH2_COMMAND       195
> -#define TPM_TAG_RSP_COMMAND             196
> -#define TPM_TAG_RSP_AUTH1_COMMAND       197
> -#define TPM_TAG_RSP_AUTH2_COMMAND       198
> +enum tpm_command_tags {
> +	TPM_TAG_RQU_COMMAND		= 193,
> +	TPM_TAG_RQU_AUTH1_COMMAND	= 194,
> +	TPM_TAG_RQU_AUTH2_COMMAND	= 195,
> +	TPM_TAG_RSP_COMMAND		= 196,
> +	TPM_TAG_RSP_AUTH1_COMMAND	= 197,
> +	TPM_TAG_RSP_AUTH2_COMMAND	= 198,
> +};
>  
>  /* Command Ordinals */
> -#define TPM_ORD_GETRANDOM               70
> -#define TPM_ORD_OSAP                    11
> -#define TPM_ORD_OIAP                    10
> -#define TPM_ORD_SEAL                    23
> -#define TPM_ORD_UNSEAL                  24
> +enum tpm_command_ordinals {
> +	TPM_ORD_CONTINUE_SELFTEST	= 83,
> +	TPM_ORD_GET_CAP			= 101,
> +	TPM_ORD_GET_RANDOM		= 70,
> +	TPM_ORD_PCR_EXTEND		= 20,
> +	TPM_ORD_PCR_READ		= 21,
> +	TPM_ORD_OSAP			= 11,
> +	TPM_ORD_OIAP			= 10,
> +	TPM_ORD_SAVESTATE		= 152,
> +	TPM_ORD_SEAL			= 23,
> +	TPM_ORD_STARTUP			= 153,
> +	TPM_ORD_UNSEAL			= 24,
> +};
>  
>  /* Other constants */
>  #define SRKHANDLE                       0x40000000
>  #define TPM_NONCE_SIZE                  20
> +#define TPM_ST_CLEAR			1
>  
>  #endif
> diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
> index 636acb66a4f6..10f79a8c2d35 100644
> --- a/security/keys/trusted-keys/trusted_tpm1.c
> +++ b/security/keys/trusted-keys/trusted_tpm1.c
> @@ -17,7 +17,6 @@
>  #include <keys/trusted-type.h>
>  #include <linux/key-type.h>
>  #include <linux/tpm.h>
> -#include <linux/tpm_command.h>
>  
>  #include <keys/trusted_tpm.h>
>  
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index a7ea4a1c3bed..56eb8e20780a 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -9,7 +9,6 @@
>  #include <linux/string.h>
>  #include <linux/err.h>
>  #include <linux/tpm.h>
> -#include <linux/tpm_command.h>
>  
>  #include <keys/trusted-type.h>
>  #include <keys/trusted_tpm.h>
> -- 
> 2.47.3
> 

I need to compile and test these but yes agree with the idea.

BR, Jarkko

Re: [PATCH 3/4] tpm: Move TPM2 specific definitions to the command header

[Jarkko Sakkinen]

On Tue, Mar 17, 2026 at 04:03:34PM +0000, Alec Brown wrote:
> From: Ross Philipson <ross.philipson@oracle.com>
> 
> From: Ross Philipson <ross.philipson@oracle.com>

Address this for +1 version but hold on until I have time to test
this (next week latest), as that might generate some additional
feedback.

> 
> Gather all the TPM2 definitions and structures in the internal header
> file drivers/char/tpm/tpm.h into the command header, including:
>  - Command codes, return codes and definitions from the public and
> internal tpm.h files.
>  - Structures defined in numerous TPM driver C modules.
> 
> The definitions moved to these files correspond to the TCG specification
> for TPM 2 family:
> 
> TPM 2.0 Library
>  - https://trustedcomputinggroup.org/resource/tpm-library-specification/
> 
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> ---
>  drivers/char/tpm/tpm.h        |  77 ----------
>  drivers/char/tpm/tpm2-cmd.c   |  30 ----
>  drivers/char/tpm/tpm2-space.c |  13 --
>  include/linux/tpm.h           | 145 ------------------
>  include/linux/tpm_command.h   | 273 ++++++++++++++++++++++++++++++++++
>  5 files changed, 273 insertions(+), 265 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 1a9a46a921fe..147e57c0e7bb 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -51,83 +51,6 @@ enum tpm_addr {
>  	TPM_ADDR = 0x4E,
>  };
>  
> -/* TPM2 specific constants. */
> -#define TPM2_SPACE_BUFFER_SIZE		16384 /* 16 kB */
> -
> -enum tpm2_pt_props {
> -	TPM2_PT_NONE = 0x00000000,
> -	TPM2_PT_GROUP = 0x00000100,
> -	TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
> -	TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
> -	TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
> -	TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
> -	TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
> -	TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
> -	TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
> -	TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
> -	TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
> -	TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
> -	TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
> -	TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
> -	TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
> -	TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
> -	TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
> -	TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
> -	TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
> -	TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
> -	TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
> -	TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
> -	TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
> -	TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
> -	TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
> -	TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
> -	TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
> -	TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
> -	TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
> -	TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
> -	TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
> -	TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
> -	TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
> -	TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
> -	TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
> -	TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
> -	TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
> -	TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
> -	TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
> -	TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
> -	TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
> -	TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
> -	TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
> -	TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
> -	TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
> -	TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
> -	TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
> -	TPM2_PT_MODES = TPM2_PT_FIXED + 45,
> -	TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
> -	TPM2_PT_VAR = TPM2_PT_GROUP * 2,
> -	TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
> -	TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
> -	TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
> -	TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
> -	TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
> -	TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
> -	TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
> -	TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
> -	TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
> -	TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
> -	TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
> -	TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
> -	TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
> -	TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
> -	TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
> -	TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
> -	TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
> -	TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
> -	TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
> -	TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
> -	TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
> -};
> -
>  extern const struct class tpm_class;
>  extern const struct class tpmrm_class;
>  extern dev_t tpm_devt;
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 3a77be7ebf4a..1fa3e8a43c79 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -94,17 +94,6 @@ unsigned long tpm2_calc_ordinal_duration(u32 ordinal)
>  	return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
>  }
>  
> -struct tpm2_pcr_read_out {
> -	__be32	update_cnt;
> -	__be32	pcr_selects_cnt;
> -	__be16	hash_alg;
> -	u8	pcr_select_size;
> -	u8	pcr_select[TPM2_PCR_SELECT_MIN];
> -	__be32	digests_cnt;
> -	__be16	digest_size;
> -	u8	digest[];
> -} __packed;
> -
>  /**
>   * tpm2_pcr_read() - read a PCR value
>   * @chip:	TPM chip to use.
> @@ -238,11 +227,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
>  	return rc;
>  }
>  
> -struct tpm2_get_random_out {
> -	__be16 size;
> -	u8 buffer[TPM_MAX_RNG_DATA];
> -} __packed;
> -
>  /**
>   * tpm2_get_random() - get random bytes from the TPM RNG
>   *
> @@ -366,14 +350,6 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
>  }
>  EXPORT_SYMBOL_GPL(tpm2_flush_context);
>  
> -struct tpm2_get_cap_out {
> -	u8 more_data;
> -	__be32 subcap_id;
> -	__be32 property_cnt;
> -	__be32 property_id;
> -	__be32 value;
> -} __packed;
> -
>  /**
>   * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
>   * @chip:		a &tpm_chip instance
> @@ -541,12 +517,6 @@ static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
>  	return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
>  }
>  
> -struct tpm2_pcr_selection {
> -	__be16  hash_alg;
> -	u8  size_of_select;
> -	u8  pcr_select[3];
> -} __packed;
> -
>  ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
>  {
>  	struct tpm2_pcr_selection pcr_selection;
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 60354cd53b5c..7c1c0a174a2b 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -15,19 +15,6 @@
>  #include <linux/unaligned.h>
>  #include "tpm.h"
>  
> -enum tpm2_handle_types {
> -	TPM2_HT_HMAC_SESSION	= 0x02000000,
> -	TPM2_HT_POLICY_SESSION	= 0x03000000,
> -	TPM2_HT_TRANSIENT	= 0x80000000,
> -};
> -
> -struct tpm2_context {
> -	__be64 sequence;
> -	__be32 saved_handle;
> -	__be32 hierarchy;
> -	__be16 blob_size;
> -} __packed;
> -
>  static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space)
>  {
>  	int i;
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 18dcf0ef46f6..92957452f7a7 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -38,12 +38,6 @@ struct trusted_key_options;
>  /* opaque structure, holds auth session parameters like the session key */
>  struct tpm2_auth;
>  
> -enum tpm2_session_types {
> -	TPM2_SE_HMAC	= 0x00,
> -	TPM2_SE_POLICY	= 0x01,
> -	TPM2_SE_TRIAL	= 0x02,
> -};
> -
>  /* if you add a new hash to this, increment TPM_MAX_HASHES below */
>  enum tpm_algorithms {
>  	TPM_ALG_ERROR		= 0x0000,
> @@ -65,11 +59,6 @@ enum tpm_algorithms {
>   */
>  #define TPM_MAX_HASHES	5
>  
> -enum tpm2_curves {
> -	TPM2_ECC_NONE		= 0x0000,
> -	TPM2_ECC_NIST_P256	= 0x0003,
> -};
> -
>  struct tpm_digest {
>  	u16 alg_id;
>  	u8 digest[TPM2_MAX_DIGEST_SIZE];
> @@ -222,122 +211,11 @@ struct tpm_chip {
>  
>  #define TPM_HEADER_SIZE		10
>  
> -enum tpm2_const {
> -	TPM2_PLATFORM_PCR       =     24,
> -	TPM2_PCR_SELECT_MIN     = ((TPM2_PLATFORM_PCR + 7) / 8),
> -};
> -
> -enum tpm2_timeouts {
> -	TPM2_TIMEOUT_A          =    750,
> -	TPM2_TIMEOUT_B          =   4000,
> -	TPM2_TIMEOUT_C          =    200,
> -	TPM2_TIMEOUT_D          =     30,
> -};
> -
> -enum tpm2_durations {
> -	TPM2_DURATION_SHORT     =     20,
> -	TPM2_DURATION_LONG      =   2000,
> -	TPM2_DURATION_DEFAULT   = 120000,
> -};
> -
> -enum tpm2_structures {
> -	TPM2_ST_NO_SESSIONS	= 0x8001,
> -	TPM2_ST_SESSIONS	= 0x8002,
> -	TPM2_ST_CREATION	= 0x8021,
> -};
> -
> -/* Indicates from what layer of the software stack the error comes from */
> -#define TSS2_RC_LAYER_SHIFT	 16
> -#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> -
> -enum tpm2_return_codes {
> -	TPM2_RC_SUCCESS		= 0x0000,
> -	TPM2_RC_HASH		= 0x0083, /* RC_FMT1 */
> -	TPM2_RC_HANDLE		= 0x008B,
> -	TPM2_RC_INTEGRITY	= 0x009F,
> -	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */
> -	TPM2_RC_FAILURE		= 0x0101,
> -	TPM2_RC_DISABLED	= 0x0120,
> -	TPM2_RC_UPGRADE		= 0x012D,
> -	TPM2_RC_COMMAND_CODE    = 0x0143,
> -	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
> -	TPM2_RC_REFERENCE_H0	= 0x0910,
> -	TPM2_RC_RETRY		= 0x0922,
> -	TPM2_RC_SESSION_MEMORY	= 0x0903,
> -};
> -
> -enum tpm2_command_codes {
> -	TPM2_CC_FIRST		        = 0x011F,
> -	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
> -	TPM2_CC_HIERARCHY_CHANGE_AUTH   = 0x0129,
> -	TPM2_CC_CREATE_PRIMARY          = 0x0131,
> -	TPM2_CC_SEQUENCE_COMPLETE       = 0x013E,
> -	TPM2_CC_SELF_TEST	        = 0x0143,
> -	TPM2_CC_STARTUP		        = 0x0144,
> -	TPM2_CC_SHUTDOWN	        = 0x0145,
> -	TPM2_CC_NV_READ                 = 0x014E,
> -	TPM2_CC_CREATE		        = 0x0153,
> -	TPM2_CC_LOAD		        = 0x0157,
> -	TPM2_CC_SEQUENCE_UPDATE         = 0x015C,
> -	TPM2_CC_UNSEAL		        = 0x015E,
> -	TPM2_CC_CONTEXT_LOAD	        = 0x0161,
> -	TPM2_CC_CONTEXT_SAVE	        = 0x0162,
> -	TPM2_CC_FLUSH_CONTEXT	        = 0x0165,
> -	TPM2_CC_READ_PUBLIC		= 0x0173,
> -	TPM2_CC_START_AUTH_SESS		= 0x0176,
> -	TPM2_CC_VERIFY_SIGNATURE        = 0x0177,
> -	TPM2_CC_GET_CAPABILITY	        = 0x017A,
> -	TPM2_CC_GET_RANDOM	        = 0x017B,
> -	TPM2_CC_PCR_READ	        = 0x017E,
> -	TPM2_CC_PCR_EXTEND	        = 0x0182,
> -	TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
> -	TPM2_CC_HASH_SEQUENCE_START     = 0x0186,
> -	TPM2_CC_CREATE_LOADED           = 0x0191,
> -	TPM2_CC_LAST		        = 0x0193, /* Spec 1.36 */
> -};
> -
> -enum tpm2_permanent_handles {
> -	TPM2_RH_NULL		= 0x40000007,
> -	TPM2_RS_PW		= 0x40000009,
> -};
> -
> -/* Most Significant Octet for key types  */
> -enum tpm2_mso_type {
> -	TPM2_MSO_NVRAM		= 0x01,
> -	TPM2_MSO_SESSION	= 0x02,
> -	TPM2_MSO_POLICY		= 0x03,
> -	TPM2_MSO_PERMANENT	= 0x40,
> -	TPM2_MSO_VOLATILE	= 0x80,
> -	TPM2_MSO_PERSISTENT	= 0x81,
> -};
> -
>  static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
>  {
>  	return handle >> 24;
>  }
>  
> -enum tpm2_capabilities {
> -	TPM2_CAP_HANDLES	= 1,
> -	TPM2_CAP_COMMANDS	= 2,
> -	TPM2_CAP_PCRS		= 5,
> -	TPM2_CAP_TPM_PROPERTIES = 6,
> -};
> -
> -enum tpm2_properties {
> -	TPM_PT_TOTAL_COMMANDS	= 0x0129,
> -};
> -
> -enum tpm2_startup_types {
> -	TPM2_SU_CLEAR	= 0x0000,
> -	TPM2_SU_STATE	= 0x0001,
> -};
> -
> -enum tpm2_cc_attrs {
> -	TPM2_CC_ATTR_CHANDLES	= 25,
> -	TPM2_CC_ATTR_RHANDLE	= 28,
> -	TPM2_CC_ATTR_VENDOR	= 29,
> -};
> -
>  #define TPM_VID_INTEL    0x8086
>  #define TPM_VID_WINBOND  0x1050
>  #define TPM_VID_STM      0x104A
> @@ -389,29 +267,6 @@ struct tpm_buf {
>  	u8 handles;
>  };
>  
> -enum tpm2_object_attributes {
> -	TPM2_OA_FIXED_TPM		= BIT(1),
> -	TPM2_OA_ST_CLEAR		= BIT(2),
> -	TPM2_OA_FIXED_PARENT		= BIT(4),
> -	TPM2_OA_SENSITIVE_DATA_ORIGIN	= BIT(5),
> -	TPM2_OA_USER_WITH_AUTH		= BIT(6),
> -	TPM2_OA_ADMIN_WITH_POLICY	= BIT(7),
> -	TPM2_OA_NO_DA			= BIT(10),
> -	TPM2_OA_ENCRYPTED_DUPLICATION	= BIT(11),
> -	TPM2_OA_RESTRICTED		= BIT(16),
> -	TPM2_OA_DECRYPT			= BIT(17),
> -	TPM2_OA_SIGN			= BIT(18),
> -};
> -
> -enum tpm2_session_attributes {
> -	TPM2_SA_CONTINUE_SESSION	= BIT(0),
> -	TPM2_SA_AUDIT_EXCLUSIVE		= BIT(1),
> -	TPM2_SA_AUDIT_RESET		= BIT(3),
> -	TPM2_SA_DECRYPT			= BIT(5),
> -	TPM2_SA_ENCRYPT			= BIT(6),
> -	TPM2_SA_AUDIT			= BIT(7),
> -};
> -
>  struct tpm2_hash {
>  	unsigned int crypto_id;
>  	unsigned int tpm_id;
> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> index 20b634591fb1..ee76fcd5ecef 100644
> --- a/include/linux/tpm_command.h
> +++ b/include/linux/tpm_command.h
> @@ -158,4 +158,277 @@ struct tpm1_get_random_out {
>  #define TPM_NONCE_SIZE                  20
>  #define TPM_ST_CLEAR			1
>  
> +/************************************************/
> +/* TPM 2 Family Chips                           */
> +/************************************************/
> +
> +/*
> + * TPM 2.0 Library
> + * https://trustedcomputinggroup.org/resource/tpm-library-specification/
> + */
> +
> +/* TPM2 specific constants. */
> +#define TPM2_SPACE_BUFFER_SIZE		16384 /* 16 kB */
> +
> +enum tpm2_session_types {
> +	TPM2_SE_HMAC	= 0x00,
> +	TPM2_SE_POLICY	= 0x01,
> +	TPM2_SE_TRIAL	= 0x02,
> +};
> +
> +enum tpm2_timeouts {
> +	TPM2_TIMEOUT_A		= 750,
> +	TPM2_TIMEOUT_B		= 4000,
> +	TPM2_TIMEOUT_C		= 200,
> +	TPM2_TIMEOUT_D		= 30,
> +	TPM2_DURATION_SHORT	= 20,
> +	TPM2_DURATION_MEDIUM	= 750,
> +	TPM2_DURATION_LONG	= 2000,
> +	TPM2_DURATION_LONG_LONG	= 300000,
> +	TPM2_DURATION_DEFAULT	= 120000,
> +};
> +
> +enum tpm2_structures {
> +	TPM2_ST_NO_SESSIONS	= 0x8001,
> +	TPM2_ST_SESSIONS	= 0x8002,
> +	TPM2_ST_CREATION	= 0x8021,
> +};
> +
> +/* Indicates from what layer of the software stack the error comes from */
> +#define TSS2_RC_LAYER_SHIFT	 16
> +#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> +
> +enum tpm2_return_codes {
> +	TPM2_RC_SUCCESS		= 0x0000,
> +	TPM2_RC_HASH		= 0x0083, /* RC_FMT1 */
> +	TPM2_RC_HANDLE		= 0x008B,
> +	TPM2_RC_INTEGRITY	= 0x009F,
> +	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */
> +	TPM2_RC_FAILURE		= 0x0101,
> +	TPM2_RC_DISABLED	= 0x0120,
> +	TPM2_RC_UPGRADE		= 0x012D,
> +	TPM2_RC_COMMAND_CODE	= 0x0143,
> +	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
> +	TPM2_RC_REFERENCE_H0	= 0x0910,
> +	TPM2_RC_RETRY		= 0x0922,
> +	TPM2_RC_SESSION_MEMORY	= 0x0903,
> +};
> +
> +enum tpm2_command_codes {
> +	TPM2_CC_FIRST			= 0x011F,
> +	TPM2_CC_HIERARCHY_CONTROL	= 0x0121,
> +	TPM2_CC_HIERARCHY_CHANGE_AUTH	= 0x0129,
> +	TPM2_CC_CREATE_PRIMARY		= 0x0131,
> +	TPM2_CC_SEQUENCE_COMPLETE	= 0x013E,
> +	TPM2_CC_SELF_TEST		= 0x0143,
> +	TPM2_CC_STARTUP			= 0x0144,
> +	TPM2_CC_SHUTDOWN		= 0x0145,
> +	TPM2_CC_NV_READ			= 0x014E,
> +	TPM2_CC_CREATE			= 0x0153,
> +	TPM2_CC_LOAD			= 0x0157,
> +	TPM2_CC_SEQUENCE_UPDATE		= 0x015C,
> +	TPM2_CC_UNSEAL			= 0x015E,
> +	TPM2_CC_CONTEXT_LOAD		= 0x0161,
> +	TPM2_CC_CONTEXT_SAVE		= 0x0162,
> +	TPM2_CC_FLUSH_CONTEXT		= 0x0165,
> +	TPM2_CC_READ_PUBLIC		= 0x0173,
> +	TPM2_CC_START_AUTH_SESS		= 0x0176,
> +	TPM2_CC_VERIFY_SIGNATURE	= 0x0177,
> +	TPM2_CC_GET_CAPABILITY		= 0x017A,
> +	TPM2_CC_GET_RANDOM		= 0x017B,
> +	TPM2_CC_PCR_READ		= 0x017E,
> +	TPM2_CC_PCR_EXTEND		= 0x0182,
> +	TPM2_CC_EVENT_SEQUENCE_COMPLETE	= 0x0185,
> +	TPM2_CC_HASH_SEQUENCE_START	= 0x0186,
> +	TPM2_CC_CREATE_LOADED		= 0x0191,
> +	TPM2_CC_LAST			= 0x0193, /* Spec 1.36 */
> +};
> +
> +enum tpm2_capabilities {
> +	TPM2_CAP_HANDLES	= 1,
> +	TPM2_CAP_COMMANDS	= 2,
> +	TPM2_CAP_PCRS		= 5,
> +	TPM2_CAP_TPM_PROPERTIES = 6,
> +};
> +
> +enum tpm2_properties {
> +	TPM_PT_TOTAL_COMMANDS	= 0x0129,
> +};
> +
> +enum tpm2_startup_types {
> +	TPM2_SU_CLEAR		= 0x0000,
> +	TPM2_SU_STATE		= 0x0001,
> +};
> +
> +enum tpm2_cc_attrs {
> +	TPM2_CC_ATTR_CHANDLES	= 25,
> +	TPM2_CC_ATTR_RHANDLE	= 28,
> +	TPM2_CC_ATTR_VENDOR	= 29,
> +};
> +
> +enum tpm2_permanent_handles {
> +	TPM2_RH_NULL		= 0x40000007,
> +	TPM2_RS_PW		= 0x40000009,
> +};
> +
> +/* Most Significant Octet for key types  */
> +enum tpm2_mso_type {
> +	TPM2_MSO_NVRAM		= 0x01,
> +	TPM2_MSO_SESSION	= 0x02,
> +	TPM2_MSO_POLICY		= 0x03,
> +	TPM2_MSO_PERMANENT	= 0x40,
> +	TPM2_MSO_VOLATILE	= 0x80,
> +	TPM2_MSO_PERSISTENT	= 0x81,
> +};
> +
> +enum tpm2_curves {
> +	TPM2_ECC_NONE		= 0x0000,
> +	TPM2_ECC_NIST_P256	= 0x0003,
> +};
> +
> +enum tpm2_object_attributes {
> +	TPM2_OA_FIXED_TPM		= BIT(1),
> +	TPM2_OA_ST_CLEAR		= BIT(2),
> +	TPM2_OA_FIXED_PARENT		= BIT(4),
> +	TPM2_OA_SENSITIVE_DATA_ORIGIN	= BIT(5),
> +	TPM2_OA_USER_WITH_AUTH		= BIT(6),
> +	TPM2_OA_ADMIN_WITH_POLICY	= BIT(7),
> +	TPM2_OA_NO_DA			= BIT(10),
> +	TPM2_OA_ENCRYPTED_DUPLICATION	= BIT(11),
> +	TPM2_OA_RESTRICTED		= BIT(16),
> +	TPM2_OA_DECRYPT			= BIT(17),
> +	TPM2_OA_SIGN			= BIT(18),
> +};
> +
> +enum tpm2_session_attributes {
> +	TPM2_SA_CONTINUE_SESSION	= BIT(0),
> +	TPM2_SA_AUDIT_EXCLUSIVE		= BIT(1),
> +	TPM2_SA_AUDIT_RESET		= BIT(3),
> +	TPM2_SA_DECRYPT			= BIT(5),
> +	TPM2_SA_ENCRYPT			= BIT(6),
> +	TPM2_SA_AUDIT			= BIT(7),
> +};
> +
> +enum tpm2_pcr_select {
> +	TPM2_PLATFORM_PCR	= 24,
> +	TPM2_PCR_SELECT_MIN	= ((TPM2_PLATFORM_PCR + 7) / 8),
> +};
> +
> +enum tpm2_handle_types {
> +	TPM2_HT_HMAC_SESSION	= 0x02000000,
> +	TPM2_HT_POLICY_SESSION	= 0x03000000,
> +	TPM2_HT_TRANSIENT	= 0x80000000,
> +};
> +
> +enum tpm2_pt_props {
> +	TPM2_PT_NONE			= 0x00000000,
> +	TPM2_PT_GROUP			= 0x00000100,
> +	TPM2_PT_FIXED			= TPM2_PT_GROUP * 1,
> +	TPM2_PT_FAMILY_INDICATOR	= TPM2_PT_FIXED + 0,
> +	TPM2_PT_LEVEL		= TPM2_PT_FIXED + 1,
> +	TPM2_PT_REVISION	= TPM2_PT_FIXED + 2,
> +	TPM2_PT_DAY_OF_YEAR	= TPM2_PT_FIXED + 3,
> +	TPM2_PT_YEAR		= TPM2_PT_FIXED + 4,
> +	TPM2_PT_MANUFACTURER	= TPM2_PT_FIXED + 5,
> +	TPM2_PT_VENDOR_STRING_1	= TPM2_PT_FIXED + 6,
> +	TPM2_PT_VENDOR_STRING_2	= TPM2_PT_FIXED + 7,
> +	TPM2_PT_VENDOR_STRING_3	= TPM2_PT_FIXED + 8,
> +	TPM2_PT_VENDOR_STRING_4	= TPM2_PT_FIXED + 9,
> +	TPM2_PT_VENDOR_TPM_TYPE	= TPM2_PT_FIXED + 10,
> +	TPM2_PT_FIRMWARE_VERSION_1	= TPM2_PT_FIXED + 11,
> +	TPM2_PT_FIRMWARE_VERSION_2	= TPM2_PT_FIXED + 12,
> +	TPM2_PT_INPUT_BUFFER		= TPM2_PT_FIXED + 13,
> +	TPM2_PT_HR_TRANSIENT_MIN	= TPM2_PT_FIXED + 14,
> +	TPM2_PT_HR_PERSISTENT_MIN	= TPM2_PT_FIXED + 15,
> +	TPM2_PT_HR_LOADED_MIN		= TPM2_PT_FIXED + 16,
> +	TPM2_PT_ACTIVE_SESSIONS_MAX	= TPM2_PT_FIXED + 17,
> +	TPM2_PT_PCR_COUNT	= TPM2_PT_FIXED + 18,
> +	TPM2_PT_PCR_SELECT_MIN	= TPM2_PT_FIXED + 19,
> +	TPM2_PT_CONTEXT_GAP_MAX	= TPM2_PT_FIXED + 20,
> +	TPM2_PT_NV_COUNTERS_MAX	= TPM2_PT_FIXED + 22,
> +	TPM2_PT_NV_INDEX_MAX	= TPM2_PT_FIXED + 23,
> +	TPM2_PT_MEMORY		= TPM2_PT_FIXED + 24,
> +	TPM2_PT_CLOCK_UPDATE	= TPM2_PT_FIXED + 25,
> +	TPM2_PT_CONTEXT_HASH	= TPM2_PT_FIXED + 26,
> +	TPM2_PT_CONTEXT_SYM	= TPM2_PT_FIXED + 27,
> +	TPM2_PT_CONTEXT_SYM_SIZE	= TPM2_PT_FIXED + 28,
> +	TPM2_PT_ORDERLY_COUNT		= TPM2_PT_FIXED + 29,
> +	TPM2_PT_MAX_COMMAND_SIZE	= TPM2_PT_FIXED + 30,
> +	TPM2_PT_MAX_RESPONSE_SIZE	= TPM2_PT_FIXED + 31,
> +	TPM2_PT_MAX_DIGEST		= TPM2_PT_FIXED + 32,
> +	TPM2_PT_MAX_OBJECT_CONTEXT	= TPM2_PT_FIXED + 33,
> +	TPM2_PT_MAX_SESSION_CONTEXT	= TPM2_PT_FIXED + 34,
> +	TPM2_PT_PS_FAMILY_INDICATOR	= TPM2_PT_FIXED + 35,
> +	TPM2_PT_PS_LEVEL	= TPM2_PT_FIXED + 36,
> +	TPM2_PT_PS_REVISION	= TPM2_PT_FIXED + 37,
> +	TPM2_PT_PS_DAY_OF_YEAR	= TPM2_PT_FIXED + 38,
> +	TPM2_PT_PS_YEAR		= TPM2_PT_FIXED + 39,
> +	TPM2_PT_SPLIT_MAX	= TPM2_PT_FIXED + 40,
> +	TPM2_PT_TOTAL_COMMANDS	= TPM2_PT_FIXED + 41,
> +	TPM2_PT_LIBRARY_COMMANDS	= TPM2_PT_FIXED + 42,
> +	TPM2_PT_VENDOR_COMMANDS		= TPM2_PT_FIXED + 43,
> +	TPM2_PT_NV_BUFFER_MAX		= TPM2_PT_FIXED + 44,
> +	TPM2_PT_MODES			= TPM2_PT_FIXED + 45,
> +	TPM2_PT_MAX_CAP_BUFFER		= TPM2_PT_FIXED + 46,
> +	TPM2_PT_VAR		= TPM2_PT_GROUP * 2,
> +	TPM2_PT_PERMANENT	= TPM2_PT_VAR + 0,
> +	TPM2_PT_STARTUP_CLEAR	= TPM2_PT_VAR + 1,
> +	TPM2_PT_HR_NV_INDEX	= TPM2_PT_VAR + 2,
> +	TPM2_PT_HR_LOADED	= TPM2_PT_VAR + 3,
> +	TPM2_PT_HR_LOADED_AVAIL	= TPM2_PT_VAR + 4,
> +	TPM2_PT_HR_ACTIVE	= TPM2_PT_VAR + 5,
> +	TPM2_PT_HR_ACTIVE_AVAIL	= TPM2_PT_VAR + 6,
> +	TPM2_PT_HR_TRANSIENT_AVAIL	= TPM2_PT_VAR + 7,
> +	TPM2_PT_HR_PERSISTENT		= TPM2_PT_VAR + 8,
> +	TPM2_PT_HR_PERSISTENT_AVAIL	= TPM2_PT_VAR + 9,
> +	TPM2_PT_NV_COUNTERS		= TPM2_PT_VAR + 10,
> +	TPM2_PT_NV_COUNTERS_AVAIL	= TPM2_PT_VAR + 11,
> +	TPM2_PT_ALGORITHM_SET		= TPM2_PT_VAR + 12,
> +	TPM2_PT_LOADED_CURVES		= TPM2_PT_VAR + 13,
> +	TPM2_PT_LOCKOUT_COUNTER		= TPM2_PT_VAR + 14,
> +	TPM2_PT_MAX_AUTH_FAIL		= TPM2_PT_VAR + 15,
> +	TPM2_PT_LOCKOUT_INTERVAL	= TPM2_PT_VAR + 16,
> +	TPM2_PT_LOCKOUT_RECOVERY	= TPM2_PT_VAR + 17,
> +	TPM2_PT_NV_WRITE_RECOVERY	= TPM2_PT_VAR + 18,
> +	TPM2_PT_AUDIT_COUNTER_0	= TPM2_PT_VAR + 19,
> +	TPM2_PT_AUDIT_COUNTER_1	= TPM2_PT_VAR + 20,
> +};
> +
> +struct tpm2_pcr_read_out {
> +	__be32 update_cnt;
> +	__be32 pcr_selects_cnt;
> +	__be16 hash_alg;
> +	u8 pcr_select_size;
> +	u8 pcr_select[TPM2_PCR_SELECT_MIN];
> +	__be32 digests_cnt;
> +	__be16 digest_size;
> +	u8 digest[];
> +} __packed;
> +
> +struct tpm2_get_random_out {
> +	__be16 size;
> +	u8 buffer[TPM_MAX_RNG_DATA];
> +} __packed;
> +
> +struct tpm2_get_cap_out {
> +	u8 more_data;
> +	__be32 subcap_id;
> +	__be32 property_cnt;
> +	__be32 property_id;
> +	__be32 value;
> +} __packed;
> +
> +struct tpm2_pcr_selection {
> +	__be16 hash_alg;
> +	u8 size_of_select;
> +	u8 pcr_select[3];
> +} __packed;
> +
> +struct tpm2_context {
> +	__be64 sequence;
> +	__be32 saved_handle;
> +	__be32 hierarchy;
> +	__be16 blob_size;
> +} __packed;
> +
>  #endif
> -- 
> 2.47.3
> 

BR, Jarkko

Re: [PATCH 4/4] tpm: Move TPM common base definitions to the command header

[Jarkko Sakkinen]

On Tue, Mar 17, 2026 at 04:03:35PM +0000, Alec Brown wrote:
> From: Ross Philipson <ross.philipson@oracle.com>
> 
> From: Ross Philipson <ross.philipson@oracle.com>
> 
> These are top level definitions shared by both TPM 1 and 2
> family chips. This includes core definitions like TPM localities,
> common crypto algorithm IDs, and the base TPM command header.
> 
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> ---
>  include/linux/tpm.h         | 50 +--------------------
>  include/linux/tpm_command.h | 89 +++++++++++++++++++++++++++++++++++++
>  2 files changed, 90 insertions(+), 49 deletions(-)
> 
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 92957452f7a7..a282b7045a24 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -27,49 +27,12 @@
>  
>  #include "tpm_command.h"
>  
> -#define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
> -
> -#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> -#define TPM2_MAX_PCR_BANKS	8
> -
>  struct tpm_chip;
>  struct trusted_key_payload;
>  struct trusted_key_options;
>  /* opaque structure, holds auth session parameters like the session key */
>  struct tpm2_auth;
>  
> -/* if you add a new hash to this, increment TPM_MAX_HASHES below */
> -enum tpm_algorithms {
> -	TPM_ALG_ERROR		= 0x0000,
> -	TPM_ALG_SHA1		= 0x0004,
> -	TPM_ALG_AES		= 0x0006,
> -	TPM_ALG_KEYEDHASH	= 0x0008,
> -	TPM_ALG_SHA256		= 0x000B,
> -	TPM_ALG_SHA384		= 0x000C,
> -	TPM_ALG_SHA512		= 0x000D,
> -	TPM_ALG_NULL		= 0x0010,
> -	TPM_ALG_SM3_256		= 0x0012,
> -	TPM_ALG_ECC		= 0x0023,
> -	TPM_ALG_CFB		= 0x0043,
> -};
> -
> -/*
> - * maximum number of hashing algorithms a TPM can have.  This is
> - * basically a count of every hash in tpm_algorithms above
> - */
> -#define TPM_MAX_HASHES	5
> -
> -struct tpm_digest {
> -	u16 alg_id;
> -	u8 digest[TPM2_MAX_DIGEST_SIZE];
> -} __packed;
> -
> -struct tpm_bank_info {
> -	u16 alg_id;
> -	u16 digest_size;
> -	u16 crypto_id;
> -};
> -
>  enum TPM_OPS_FLAGS {
>  	TPM_OPS_AUTO_STARTUP = BIT(0),
>  };
> @@ -127,7 +90,7 @@ struct tpm_chip_seqops {
>  	const struct seq_operations *seqops;
>  };
>  
> -/* fixed define for the curve we use which is NIST_P256 */
> +/* Fixed define for the curve we use which is NIST_P256 */
>  #define EC_PT_SZ	32
>  
>  /*
> @@ -209,8 +172,6 @@ struct tpm_chip {
>  #endif
>  };
>  
> -#define TPM_HEADER_SIZE		10
> -
>  static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
>  {
>  	return handle >> 24;
> @@ -239,15 +200,6 @@ enum tpm_chip_flags {
>  
>  #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
>  
> -struct tpm_header {
> -	__be16 tag;
> -	__be32 length;
> -	union {
> -		__be32 ordinal;
> -		__be32 return_code;
> -	};
> -} __packed;
> -
>  enum tpm_buf_flags {
>  	/* the capacity exceeded: */
>  	TPM_BUF_OVERFLOW	= BIT(0),
> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> index ee76fcd5ecef..25a247254140 100644
> --- a/include/linux/tpm_command.h
> +++ b/include/linux/tpm_command.h
> @@ -431,4 +431,93 @@ struct tpm2_context {
>  	__be16 blob_size;
>  } __packed;
>  
> +/************************************************/
> +/* TPM Common Defs                              */
> +/************************************************/
> +
> +#define TPM_DIGEST_SIZE		20	/* Max TPM v1.2 PCR size */
> +#define TPM_BUFSIZE		4096
> +
> +/*
> + * SHA-512 is, as of today, the largest digest in the TCG algorithm repository.
> + */
> +#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> +
> +/*
> + * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the
> + * name algorithm and hash of TPMT_PUBLIC.
> + */
> +#define TPM2_MAX_NAME_SIZE	(TPM2_MAX_DIGEST_SIZE + 2)
> +
> +/*
> + * Fixed define for the size of a name.  This is actually HASHALG size
> + * plus 2, so 32 for SHA256
> + */
> +#define TPM2_NULL_NAME_SIZE	34
> +
> +/*
> + * The maximum number of PCR banks.
> + */
> +#define TPM2_MAX_PCR_BANKS	8
> +
> +/* If you add a new hash to this, increment TPM_MAX_HASHES below */
> +enum tpm_algorithms {
> +	TPM_ALG_ERROR		= 0x0000,
> +	TPM_ALG_SHA1		= 0x0004,
> +	TPM_ALG_AES		= 0x0006,
> +	TPM_ALG_KEYEDHASH	= 0x0008,
> +	TPM_ALG_SHA256		= 0x000B,
> +	TPM_ALG_SHA384		= 0x000C,
> +	TPM_ALG_SHA512		= 0x000D,
> +	TPM_ALG_NULL		= 0x0010,
> +	TPM_ALG_SM3_256		= 0x0012,
> +	TPM_ALG_ECC		= 0x0023,
> +	TPM_ALG_CFB		= 0x0043,
> +};
> +
> +/*
> + * The locality (0 - 4) for a TPM, as defined in section 3.2 of the
> + * Client Platform Profile Specification.
> + */
> +enum tpm_localities {
> +	TPM_LOCALITY_0		= 0, /* Static RTM */
> +	TPM_LOCALITY_1		= 1, /* Dynamic OS */
> +	TPM_LOCALITY_2		= 2, /* DRTM Environment */
> +	TPM_LOCALITY_3		= 3, /* Aux Components */
> +	TPM_LOCALITY_4		= 4, /* CPU DRTM Establishment */
> +	TPM_MAX_LOCALITY	= TPM_LOCALITY_4
> +};
> +
> +/*
> + * Structure to represent active PCR algorithm banks usable by the
> + * TPM chip.
> + */
> +struct tpm_bank_info {
> +	u16 alg_id;
> +	u16 digest_size;
> +	u16 crypto_id;
> +};
> +
> +/*
> + * Maximum number of hashing algorithms a TPM can have.  This is
> + * basically a count of every hash in tpm_algorithms above
> + */
> +#define TPM_MAX_HASHES		5
> +
> +struct tpm_digest {
> +	u16 alg_id;
> +	u8 digest[TPM2_MAX_DIGEST_SIZE];
> +} __packed;
> +
> +#define TPM_HEADER_SIZE		10
> +
> +struct tpm_header {
> +	__be16 tag;
> +	__be32 length;
> +	union {
> +		__be32 ordinal;
> +		__be32 return_code;
> +	};
> +} __packed;
> +
>  #endif
> -- 
> 2.47.3
> 

Yep, all looks great and clean to me but exactly for that reason
this needs to the truth serum :-)

BR, Jarkko

RE: [PATCH 4/4] tpm: Move TPM common base definitions to the command header

[Alec Brown]

On Mon, Mar 23, 2026 at 1:42 AM, Jarkko Sakkinen <jarkko@kernel.org> wrote:
> On Tue, Mar 17, 2026 at 04:03:35PM +0000, Alec Brown wrote:
> > From: Ross Philipson <ross.philipson@oracle.com>
> >
> > From: Ross Philipson <ross.philipson@oracle.com>
> >
> > These are top level definitions shared by both TPM 1 and 2 family
> > chips. This includes core definitions like TPM localities, common
> > crypto algorithm IDs, and the base TPM command header.
> >
> > Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> > Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> > Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> > ---
> >  include/linux/tpm.h         | 50 +--------------------
> >  include/linux/tpm_command.h | 89
> > +++++++++++++++++++++++++++++++++++++
> >  2 files changed, 90 insertions(+), 49 deletions(-)
> >
> > diff --git a/include/linux/tpm.h b/include/linux/tpm.h index
> > 92957452f7a7..a282b7045a24 100644
> > --- a/include/linux/tpm.h
> > +++ b/include/linux/tpm.h
> > @@ -27,49 +27,12 @@
> >
> >  #include "tpm_command.h"
> >
> > -#define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
> > -
> > -#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> > -#define TPM2_MAX_PCR_BANKS	8
> > -
> >  struct tpm_chip;
> >  struct trusted_key_payload;
> >  struct trusted_key_options;
> >  /* opaque structure, holds auth session parameters like the session
> > key */  struct tpm2_auth;
> >
> > -/* if you add a new hash to this, increment TPM_MAX_HASHES below */
> > -enum tpm_algorithms {
> > -	TPM_ALG_ERROR		= 0x0000,
> > -	TPM_ALG_SHA1		= 0x0004,
> > -	TPM_ALG_AES		= 0x0006,
> > -	TPM_ALG_KEYEDHASH	= 0x0008,
> > -	TPM_ALG_SHA256		= 0x000B,
> > -	TPM_ALG_SHA384		= 0x000C,
> > -	TPM_ALG_SHA512		= 0x000D,
> > -	TPM_ALG_NULL		= 0x0010,
> > -	TPM_ALG_SM3_256		= 0x0012,
> > -	TPM_ALG_ECC		= 0x0023,
> > -	TPM_ALG_CFB		= 0x0043,
> > -};
> > -
> > -/*
> > - * maximum number of hashing algorithms a TPM can have.  This is
> > - * basically a count of every hash in tpm_algorithms above
> > - */
> > -#define TPM_MAX_HASHES	5
> > -
> > -struct tpm_digest {
> > -	u16 alg_id;
> > -	u8 digest[TPM2_MAX_DIGEST_SIZE];
> > -} __packed;
> > -
> > -struct tpm_bank_info {
> > -	u16 alg_id;
> > -	u16 digest_size;
> > -	u16 crypto_id;
> > -};
> > -
> >  enum TPM_OPS_FLAGS {
> >  	TPM_OPS_AUTO_STARTUP = BIT(0),
> >  };
> > @@ -127,7 +90,7 @@ struct tpm_chip_seqops {
> >  	const struct seq_operations *seqops;  };
> >
> > -/* fixed define for the curve we use which is NIST_P256 */
> > +/* Fixed define for the curve we use which is NIST_P256 */
> >  #define EC_PT_SZ	32
> >
> >  /*
> > @@ -209,8 +172,6 @@ struct tpm_chip {
> >  #endif
> >  };
> >
> > -#define TPM_HEADER_SIZE		10
> > -
> >  static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)  {
> >  	return handle >> 24;
> > @@ -239,15 +200,6 @@ enum tpm_chip_flags {
> >
> >  #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
> >
> > -struct tpm_header {
> > -	__be16 tag;
> > -	__be32 length;
> > -	union {
> > -		__be32 ordinal;
> > -		__be32 return_code;
> > -	};
> > -} __packed;
> > -
> >  enum tpm_buf_flags {
> >  	/* the capacity exceeded: */
> >  	TPM_BUF_OVERFLOW	= BIT(0),
> > diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> > index ee76fcd5ecef..25a247254140 100644
> > --- a/include/linux/tpm_command.h
> > +++ b/include/linux/tpm_command.h
> > @@ -431,4 +431,93 @@ struct tpm2_context {
> >  	__be16 blob_size;
> >  } __packed;
> >
> > +/************************************************/
> > +/* TPM Common Defs                              */
> > +/************************************************/
> > +
> > +#define TPM_DIGEST_SIZE		20	/* Max TPM v1.2 PCR size */
> > +#define TPM_BUFSIZE		4096
> > +
> > +/*
> > + * SHA-512 is, as of today, the largest digest in the TCG algorithm repository.
> > + */
> > +#define TPM2_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE
> > +
> > +/*
> > + * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID
> > +of the
> > + * name algorithm and hash of TPMT_PUBLIC.
> > + */
> > +#define TPM2_MAX_NAME_SIZE	(TPM2_MAX_DIGEST_SIZE + 2)
> > +
> > +/*
> > + * Fixed define for the size of a name.  This is actually HASHALG
> > +size
> > + * plus 2, so 32 for SHA256
> > + */
> > +#define TPM2_NULL_NAME_SIZE	34
> > +
> > +/*
> > + * The maximum number of PCR banks.
> > + */
> > +#define TPM2_MAX_PCR_BANKS	8
> > +
> > +/* If you add a new hash to this, increment TPM_MAX_HASHES below */
> > +enum tpm_algorithms {
> > +	TPM_ALG_ERROR		= 0x0000,
> > +	TPM_ALG_SHA1		= 0x0004,
> > +	TPM_ALG_AES		= 0x0006,
> > +	TPM_ALG_KEYEDHASH	= 0x0008,
> > +	TPM_ALG_SHA256		= 0x000B,
> > +	TPM_ALG_SHA384		= 0x000C,
> > +	TPM_ALG_SHA512		= 0x000D,
> > +	TPM_ALG_NULL		= 0x0010,
> > +	TPM_ALG_SM3_256		= 0x0012,
> > +	TPM_ALG_ECC		= 0x0023,
> > +	TPM_ALG_CFB		= 0x0043,
> > +};
> > +
> > +/*
> > + * The locality (0 - 4) for a TPM, as defined in section 3.2 of the
> > + * Client Platform Profile Specification.
> > + */
> > +enum tpm_localities {
> > +	TPM_LOCALITY_0		= 0, /* Static RTM */
> > +	TPM_LOCALITY_1		= 1, /* Dynamic OS */
> > +	TPM_LOCALITY_2		= 2, /* DRTM Environment */
> > +	TPM_LOCALITY_3		= 3, /* Aux Components */
> > +	TPM_LOCALITY_4		= 4, /* CPU DRTM Establishment */
> > +	TPM_MAX_LOCALITY	= TPM_LOCALITY_4
> > +};
> > +
> > +/*
> > + * Structure to represent active PCR algorithm banks usable by the
> > + * TPM chip.
> > + */
> > +struct tpm_bank_info {
> > +	u16 alg_id;
> > +	u16 digest_size;
> > +	u16 crypto_id;
> > +};
> > +
> > +/*
> > + * Maximum number of hashing algorithms a TPM can have.  This is
> > + * basically a count of every hash in tpm_algorithms above  */
> > +#define TPM_MAX_HASHES		5
> > +
> > +struct tpm_digest {
> > +	u16 alg_id;
> > +	u8 digest[TPM2_MAX_DIGEST_SIZE];
> > +} __packed;
> > +
> > +#define TPM_HEADER_SIZE		10
> > +
> > +struct tpm_header {
> > +	__be16 tag;
> > +	__be32 length;
> > +	union {
> > +		__be32 ordinal;
> > +		__be32 return_code;
> > +	};
> > +} __packed;
> > +
> >  #endif
> > --
> > 2.47.3
> >
> 
> Yep, all looks great and clean to me but exactly for that reason
> this needs to the truth serum :-)
> 
> BR, Jarkko

Thanks for taking a look! Glad to hear the patches are looking good!

Alec Brown