From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: debora@linux.vnet.ibm.com, srajiv@linux.vnet.ibm.com,
tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: jirislaby@gmail.com, preining@logic.at,
Stefan Berger <stefanb@linux.vnet.ibm.com>
Subject: [PATCH V2 11/12] tpm_tis: Probing function for Intel iTPM bug
Date: Wed, 30 Mar 2011 12:13:33 -0400 [thread overview]
Message-ID: <20110330161419.440024043@linux.vnet.ibm.com> (raw)
In-Reply-To: 20110330161322.015113054@linux.vnet.ibm.com
[-- Attachment #1: tis_probe_itpm.v2.patch --]
[-- Type: text/plain, Size: 4011 bytes --]
This patch introduces a function for automatic probing for the Intel iTPM
STS_DATA_EXPECT flaw.
The patch splits the current tpm_tis_send function into 2 parts where the 1st
part is now called tpm_tis_send_data() and merely sends the data to the TPM.
This function is then used for probing. The new tpm_tis_send function now
first calls tpm_tis_send_data and if that succeeds has the TPM process the
command and waits until the response is there.
The probing for the Intel iTPM is only invoked if the user has not passed
itpm=1 as parameter for the module *or* if such a TPM was detected via ACPI.
Previously it was necessary to pass itpm=1 when also passing force=1 to the
module when doing a 'modprobe'. This function is more general than the ACPI
test function and the function relying on ACPI could probably be removed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_tis.c | 77 ++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 73 insertions(+), 4 deletions(-)
Index: linux-2.6/drivers/char/tpm/tpm_tis.c
===================================================================
--- linux-2.6.orig/drivers/char/tpm/tpm_tis.c
+++ linux-2.6/drivers/char/tpm/tpm_tis.c
@@ -306,11 +306,10 @@ MODULE_PARM_DESC(itpm, "Force iTPM worka
* tpm.c can skip polling for the data to be available as the interrupt is
* waited for here
*/
-static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
+static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len)
{
int rc, status, burstcnt;
size_t count = 0;
- u32 ordinal;
if (request_locality(chip, 0) < 0)
return -EBUSY;
@@ -345,8 +344,7 @@ static int tpm_tis_send(struct tpm_chip
/* write last byte */
iowrite8(buf[count],
- chip->vendor.iobase +
- TPM_DATA_FIFO(chip->vendor.locality));
+ chip->vendor.iobase + TPM_DATA_FIFO(chip->vendor.locality));
wait_for_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c,
&chip->vendor.int_queue);
status = tpm_tis_status(chip);
@@ -355,6 +353,28 @@ static int tpm_tis_send(struct tpm_chip
goto out_err;
}
+ return 0;
+
+out_err:
+ tpm_tis_ready(chip);
+ release_locality(chip, chip->vendor.locality, 0);
+ return rc;
+}
+
+/*
+ * If interrupts are used (signaled by an irq set in the vendor structure)
+ * tpm.c can skip polling for the data to be available as the interrupt is
+ * waited for here
+ */
+static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
+{
+ int rc;
+ u32 ordinal;
+
+ rc = tpm_tis_send_data(chip, buf, len);
+ if (rc < 0)
+ return rc;
+
/* go and do it */
iowrite8(TPM_STS_GO,
chip->vendor.iobase + TPM_STS(chip->vendor.locality));
@@ -376,6 +396,47 @@ out_err:
return rc;
}
+/*
+ * Early probing for iTPM with STS_DATA_EXPECT flaw.
+ * Try sending command without itpm flag set and if that
+ * fails, repeat with itpm flag set.
+ */
+static int probe_itpm(struct tpm_chip *chip)
+{
+ int rc = 0;
+ u8 cmd_getticks[] = {
+ 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
+ 0x00, 0x00, 0x00, 0xf1
+ };
+ size_t len = sizeof(cmd_getticks);
+ int rem_itpm = itpm;
+
+ itpm = 0;
+
+ rc = tpm_tis_send_data(chip, cmd_getticks, len);
+ if (rc == 0)
+ goto out;
+
+ tpm_tis_ready(chip);
+ release_locality(chip, chip->vendor.locality, 0);
+
+ itpm = 1;
+
+ rc = tpm_tis_send_data(chip, cmd_getticks, len);
+ if (rc == 0) {
+ dev_info(chip->dev, "Detected an iTPM.\n");
+ rc = 1;
+ } else
+ rc = -EFAULT;
+
+out:
+ itpm = rem_itpm;
+ tpm_tis_ready(chip);
+ release_locality(chip, chip->vendor.locality, 0);
+
+ return rc;
+}
+
static const struct file_operations tis_ops = {
.owner = THIS_MODULE,
.llseek = no_llseek,
@@ -515,6 +576,14 @@ static int tpm_tis_init(struct device *d
"1.2 TPM (device-id 0x%X, rev-id %d)\n",
vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
+ if (!itpm) {
+ itpm = probe_itpm(chip);
+ if (itpm < 0) {
+ rc = -ENODEV;
+ goto out_err;
+ }
+ }
+
if (itpm)
dev_info(dev, "Intel iTPM workaround enabled\n");
next prev parent reply other threads:[~2011-03-30 16:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-30 16:13 [PATCH V2 00/12] tpm + tpm_tis : Various fixes Stefan Berger
2011-03-30 16:13 ` [PATCH V2 01/12] tpm: Use durations returned from TPM Stefan Berger
2011-03-30 16:13 ` [PATCH V2 02/12] tpm: Adjust the durations if they are too small Stefan Berger
2011-03-30 16:13 ` [PATCH V2 03/12] tpm_tis: Introduce durations sysfs entry Stefan Berger
2011-03-30 16:13 ` [PATCH V2 04/12] tpm: Use interface timeouts returned from the TPM Stefan Berger
2011-03-30 16:13 ` [PATCH V2 05/12] tpm: Adjust interface timeouts if they are too small Stefan Berger
2011-03-30 16:13 ` [PATCH V2 06/12] tpm_tis: Add timeouts sysfs entry Stefan Berger
2011-03-30 16:13 ` [PATCH V2 07/12] tpm: Fix display of data in pubek " Stefan Berger
2011-03-30 16:13 ` [PATCH V2 08/12] tpm_tis: Re-enable interrupts upon (S3) resume Stefan Berger
2011-03-30 16:13 ` [PATCH V2 09/12] tpm_tis: Delay ACPI S3 suspend while the TPM is busy Stefan Berger
2011-03-30 16:13 ` [PATCH V2 10/12] tpm_tis: Fix the probing for interrupts Stefan Berger
2011-03-30 16:13 ` Stefan Berger [this message]
2011-03-30 16:13 ` [PATCH V2 12/12] tpm: Fix a typo Stefan Berger
2011-05-27 20:55 ` [PATCH V2 00/12] tpm + tpm_tis : Various fixes Stefan Berger
2011-05-31 13:23 ` Rajiv Andrade
2011-06-13 15:34 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110330161419.440024043@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=debora@linux.vnet.ibm.com \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=preining@logic.at \
--cc=srajiv@linux.vnet.ibm.com \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox