leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TPM: workaround to enforce PCR updates across suspends

Browse Source 
Add a workaround for TPM's which fail to flush last written
PCR values in a TPM_SaveState, in preparation for suspend.

Signed-off-by: David Safford <safford@watson.ibm.com>
Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Rajiv Andrade 2010-03-25 00:55:32 -03:00 committed by James Morris
parent 310de047ee
commit 225a9be24d
2 changed files with 50 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Documentation/kernel-parameters.txt
View File

@ -99,6 +99,7 @@ parameter is applicable:
SWSUSP Software suspend (hibernation) is enabled. SWSUSP Software suspend (hibernation) is enabled.
SUSPEND System suspend states are enabled. SUSPEND System suspend states are enabled.
FTRACE Function tracing enabled. FTRACE Function tracing enabled.
TPM TPM drivers are enabled.
TS Appropriate touchscreen support is enabled. TS Appropriate touchscreen support is enabled.
UMS USB Mass Storage support is enabled. UMS USB Mass Storage support is enabled.
USB USB support is enabled. USB USB support is enabled.
@ -2619,6 +2620,15 @@ and is between 256 and 4096 characters. It is defined in the file
tp720= [HW,PS2] tp720= [HW,PS2]
tpm_suspend_pcr=[HW,TPM]
Format: integer pcr id
Specify that at suspend time, the tpm driver
should extend the specified pcr with zeros,
as a workaround for some chips which fail to
flush the last written pcr on TPM_SaveState.
This will guarantee that all the other pcrs
are saved.
trace_buf_size=nn[KMG] trace_buf_size=nn[KMG]
[FTRACE] will set tracing buffer size. [FTRACE] will set tracing buffer size.

47
drivers/char/tpm/tpm.c
View File

@ -1067,6 +1067,27 @@ void tpm_remove_hardware(struct device *dev)
} }
EXPORT_SYMBOL_GPL(tpm_remove_hardware); EXPORT_SYMBOL_GPL(tpm_remove_hardware);
#define TPM_ORD_SAVESTATE cpu_to_be32(152)
#define SAVESTATE_RESULT_SIZE 10
static struct tpm_input_header savestate_header = {
.tag = TPM_TAG_RQU_COMMAND,
.length = cpu_to_be32(10),
.ordinal = TPM_ORD_SAVESTATE
};
/* Bug workaround - some TPM's don't flush the most
* recently changed pcr on suspend, so force the flush
* with an extend to the selected _unused_ non-volatile pcr.
*/
static int tpm_suspend_pcr;
static int __init tpm_suspend_setup(char *str)
{
get_option(&str, &tpm_suspend_pcr);
return 1;
}
__setup("tpm_suspend_pcr=", tpm_suspend_setup);
/* /*
* We are about to suspend. Save the TPM state * We are about to suspend. Save the TPM state
* so that it can be restored. * so that it can be restored.
@ -1074,17 +1095,29 @@ EXPORT_SYMBOL_GPL(tpm_remove_hardware);
int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) int tpm_pm_suspend(struct device *dev, pm_message_t pm_state)
{ {
struct tpm_chip *chip = dev_get_drvdata(dev); struct tpm_chip *chip = dev_get_drvdata(dev);
u8 savestate[] = { struct tpm_cmd_t cmd;
0, 193, /* TPM_TAG_RQU_COMMAND */ int rc;
0, 0, 0, 10, /* blob length (in bytes) */
0, 0, 0, 152 /* TPM_ORD_SaveState */ u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
};
if (chip == NULL) if (chip == NULL)
return -ENODEV; return -ENODEV;
tpm_transmit(chip, savestate, sizeof(savestate)); /* for buggy tpm, flush pcrs with extend to selected dummy */
return 0; if (tpm_suspend_pcr) {
cmd.header.in = pcrextend_header;
cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr);
memcpy(cmd.params.pcrextend_in.hash, dummy_hash,
TPM_DIGEST_SIZE);
rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
"extending dummy pcr before suspend");
}
/* now do the actual savestate */
cmd.header.in = savestate_header;
rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE,
"sending savestate before suspend");
return rc;
} }
EXPORT_SYMBOL_GPL(tpm_pm_suspend); EXPORT_SYMBOL_GPL(tpm_pm_suspend);