Commit 15cb9a2b authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'tpmdd-next-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd 

Pull tpm updates from Jarkko Sakkinen:
 "This contains a new driver: a TPM FF-A driver.

  FF comes from Firmware Framework, and A comes from Arm's A-profile.
  FF-A is essentially a standard mechanism to communicate with TrustZone
  apps such as TPM.

  Other than that, this includes a pile of fixes and small improvments"

* tag 'tpmdd-next-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  tpm: Make chip->{status,cancel,req_canceled} opt
  MAINTAINERS: TPM DEVICE DRIVER: add missing includes
  tpm: End any active auth session before shutdown
  Documentation: tpm: Add documentation for the CRB FF-A interface
  tpm_crb: Add support for the ARM FF-A start method
  ACPICA: Add start method for ARM FF-A
  tpm_crb: Clean-up and refactor check for idle support
  tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A
  tpm/tpm_ftpm_tee: fix struct ftpm_tee_private documentation
  tpm, tpm_tis: Workaround failed command reception on Infineon devices
  tpm, tpm_tis: Fix timeout handling when waiting for TPM status
  tpm: Convert warn to dbg in tpm2_start_auth_session()
  tpm: Lazily flush auth session when getting random data
  tpm: ftpm_tee: remove incorrect of_match_ptr annotation
  tpm: do not start chip while suspended
parents f8a4eba3 980a5736

Documentation/security/tpm/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -10,3 +10,4 @@ Trusted Platform Module documentation 
   tpm_vtpm_proxy

   xen-tpmfront

   tpm_ftpm_tee

   tpm_ffa_crb

Documentation/security/tpm/tpm_ffa_crb.rst

0 → 100644
+65 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



========================

TPM CRB over FF-A Driver

========================



The TPM Command Response Buffer (CRB) interface is a standard TPM interface

defined in the TCG PC Client Platform TPM Profile (PTP) Specification [1]_.

The CRB provides a structured set of control registers a client uses when

interacting with a TPM as well as a data buffer for storing TPM commands and

responses. A CRB interface can be implemented in:



- hardware registers in a discrete TPM chip



- in memory for a TPM running in isolated environment where shared memory

  allows a client to interact with the TPM



The Firmware Framework for Arm A-profile (FF-A) [2]_ is a specification

that defines interfaces and protocols for the following purposes:



- Compartmentalize firmware into software partitions that run in the Arm

  Secure world environment (also know as TrustZone)



- Provide a standard interface for software components in the Non-secure

  state, for example OS and Hypervisors, to communicate with this firmware.



A TPM can be implemented as an FF-A secure service.  This could be a firmware

TPM or could potentially be a TPM service that acts as a proxy to a discrete

TPM chip. An FF-A based TPM abstracts hardware details (e.g. bus controller

and chip selects) away from the OS and can protect locality 4 from access

by an OS.  The TCG-defined CRB interface is used by clients to interact

with the TPM service.



The Arm TPM Service Command Response Buffer Interface Over FF-A [3]_

specification defines FF-A messages that can be used by a client to signal

when updates have been made to the CRB.



How the Linux CRB driver interacts with FF-A is summarized below:



- The tpm_crb_ffa driver registers with the FF-A subsystem in the kernel

  with an architected TPM service UUID defined in the CRB over FF-A spec.



- If a TPM service is discovered by FF-A, the probe() function in the

  tpm_crb_ffa driver runs, and the driver initializes.



- The probing and initialization of the Linux CRB driver is triggered

  by the discovery of a TPM advertised via ACPI.  The CRB driver can

  detect the type of TPM through the ACPI 'start' method.  The start

  method for Arm FF-A was defined in TCG ACPI v1.4 [4]_.



- When the CRB driver performs its normal functions such as signaling 'start'

  and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction

  in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM.



References

==========



.. [1] **TCG PC Client Platform TPM Profile (PTP) Specification**

   https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/

.. [2] **Arm Firmware Framework for Arm A-profile (FF-A)**

   https://developer.arm.com/documentation/den0077/latest/

.. [3] **Arm TPM Service Command Response Buffer Interface Over FF-A**

   https://developer.arm.com/documentation/den0138/latest/

.. [4] **TCG ACPI Specification**

   https://trustedcomputinggroup.org/resource/tcg-acpi-specification/

MAINTAINERS

+2 −0
Original line number Diff line number Diff line
@@ -24187,6 +24187,8 @@ Q: https://patchwork.kernel.org/project/linux-integrity/list/ 
T:	git git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git

F:	Documentation/devicetree/bindings/tpm/

F:	drivers/char/tpm/

F:	include/linux/tpm*.h

F:	include/uapi/linux/vtpm_proxy.h

F:	tools/testing/selftests/tpm2/









TPS546D24 DRIVER

























drivers/char/tpm/Kconfig



+9
−0






























Original line number
Diff line number
Diff line







@@ -210,6 +210,15 @@ config TCG_CRB







	  from within Linux.  To compile this driver as a module, choose









	  M here; the module will be called tpm_crb.



















config TCG_ARM_CRB_FFA









	tristate "TPM CRB over Arm FF-A Transport"









	depends on ARM_FFA_TRANSPORT && TCG_CRB









	default TCG_CRB









	help









	  If the Arm FF-A transport is used to access the TPM say Yes.









	  To compile this driver as a module, choose M here; the module









	  will be called tpm_crb_ffa.



















config TCG_VTPM_PROXY









	tristate "VTPM Proxy Interface"









	depends on TCG_TPM
































drivers/char/tpm/Makefile



+1
−0






























Original line number
Diff line number
Diff line







@@ -42,5 +42,6 @@ obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o







obj-$(CONFIG_TCG_TIS_ST33ZP24) += st33zp24/









obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o









obj-$(CONFIG_TCG_CRB) += tpm_crb.o









obj-$(CONFIG_TCG_ARM_CRB_FFA) += tpm_crb_ffa.o









obj-$(CONFIG_TCG_VTPM_PROXY) += tpm_vtpm_proxy.o









obj-$(CONFIG_TCG_FTPM_TEE) += tpm_ftpm_tee.o