common.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Copyright (C) 2005, 2012 IBM Corporation
  4. *
  5. * Authors:
  6. * Kent Yoder <key@linux.vnet.ibm.com>
  7. * Seiji Munetoh <munetoh@jp.ibm.com>
  8. * Stefan Berger <stefanb@us.ibm.com>
  9. * Reiner Sailer <sailer@watson.ibm.com>
  10. * Kylene Hall <kjhall@us.ibm.com>
  11. * Nayna Jain <nayna@linux.vnet.ibm.com>
  12. *
  13. * Access to the event log created by a system's firmware / BIOS
  14. */
  15. #include <linux/seq_file.h>
  16. #include <linux/fs.h>
  17. #include <linux/security.h>
  18. #include <linux/module.h>
  19. #include <linux/tpm_eventlog.h>
  20. #include "../tpm.h"
  21. #include "common.h"
  22. static int tpm_bios_measurements_open(struct inode *inode,
  23. struct file *file)
  24. {
  25. int err;
  26. struct seq_file *seq;
  27. struct tpm_chip_seqops *chip_seqops;
  28. const struct seq_operations *seqops;
  29. struct tpm_chip *chip;
  30. inode_lock(inode);
  31. if (!inode->i_nlink) {
  32. inode_unlock(inode);
  33. return -ENODEV;
  34. }
  35. chip_seqops = inode->i_private;
  36. seqops = chip_seqops->seqops;
  37. chip = chip_seqops->chip;
  38. get_device(&chip->dev);
  39. inode_unlock(inode);
  40. /* now register seq file */
  41. err = seq_open(file, seqops);
  42. if (!err) {
  43. seq = file->private_data;
  44. seq->private = chip;
  45. } else {
  46. put_device(&chip->dev);
  47. }
  48. return err;
  49. }
  50. static int tpm_bios_measurements_release(struct inode *inode,
  51. struct file *file)
  52. {
  53. struct seq_file *seq = file->private_data;
  54. struct tpm_chip *chip = seq->private;
  55. put_device(&chip->dev);
  56. return seq_release(inode, file);
  57. }
  58. static const struct file_operations tpm_bios_measurements_ops = {
  59. .owner = THIS_MODULE,
  60. .open = tpm_bios_measurements_open,
  61. .read = seq_read,
  62. .llseek = seq_lseek,
  63. .release = tpm_bios_measurements_release,
  64. };
  65. static int tpm_read_log(struct tpm_chip *chip)
  66. {
  67. int rc;
  68. if (chip->log.bios_event_log != NULL) {
  69. dev_dbg(&chip->dev,
  70. "%s: ERROR - event log already initialized\n",
  71. __func__);
  72. return -EFAULT;
  73. }
  74. rc = tpm_read_log_acpi(chip);
  75. if (rc != -ENODEV)
  76. return rc;
  77. rc = tpm_read_log_efi(chip);
  78. if (rc != -ENODEV)
  79. return rc;
  80. return tpm_read_log_of(chip);
  81. }
  82. /*
  83. * tpm_bios_log_setup() - Read the event log from the firmware
  84. * @chip: TPM chip to use.
  85. *
  86. * If an event log is found then the securityfs files are setup to
  87. * export it to userspace, otherwise nothing is done.
  88. */
  89. void tpm_bios_log_setup(struct tpm_chip *chip)
  90. {
  91. const char *name = dev_name(&chip->dev);
  92. struct dentry *dentry;
  93. int log_version;
  94. int rc = 0;
  95. if (chip->flags & TPM_CHIP_FLAG_VIRTUAL)
  96. return;
  97. rc = tpm_read_log(chip);
  98. if (rc < 0)
  99. return;
  100. log_version = rc;
  101. chip->bios_dir = securityfs_create_dir(name, NULL);
  102. /* NOTE: securityfs_create_dir can return ENODEV if securityfs is
  103. * compiled out. The caller should ignore the ENODEV return code.
  104. */
  105. if (IS_ERR(chip->bios_dir))
  106. return;
  107. chip->bin_log_seqops.chip = chip;
  108. if (log_version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
  109. chip->bin_log_seqops.seqops =
  110. &tpm2_binary_b_measurements_seqops;
  111. else
  112. chip->bin_log_seqops.seqops =
  113. &tpm1_binary_b_measurements_seqops;
  114. dentry =
  115. securityfs_create_file("binary_bios_measurements",
  116. 0440, chip->bios_dir,
  117. (void *)&chip->bin_log_seqops,
  118. &tpm_bios_measurements_ops);
  119. if (IS_ERR(dentry))
  120. goto err;
  121. if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
  122. chip->ascii_log_seqops.chip = chip;
  123. chip->ascii_log_seqops.seqops =
  124. &tpm1_ascii_b_measurements_seqops;
  125. dentry =
  126. securityfs_create_file("ascii_bios_measurements",
  127. 0440, chip->bios_dir,
  128. (void *)&chip->ascii_log_seqops,
  129. &tpm_bios_measurements_ops);
  130. if (IS_ERR(dentry))
  131. goto err;
  132. }
  133. return;
  134. err:
  135. tpm_bios_log_teardown(chip);
  136. return;
  137. }
  138. void tpm_bios_log_teardown(struct tpm_chip *chip)
  139. {
  140. securityfs_remove(chip->bios_dir);
  141. }