1 /* SPDX-License-Identifier: MIT */
2 /******************************************************************************
3  * tpmif.h
4  *
5  * TPM I/O interface for Xen guest OSes.
6  *
7  * Copyright (c) 2005, IBM Corporation
8  *
9  * Author: Stefan Berger, stefanb@us.ibm.com
10  * Grant table support: Mahadevan Gomathisankaran
11  *
12  * This code has been derived from tools/libxc/xen/io/netif.h
13  *
14  * Copyright (c) 2003-2004, Keir Fraser
15  */
16 
17 #ifndef __XEN_PUBLIC_IO_TPMIF_H__
18 #define __XEN_PUBLIC_IO_TPMIF_H__
19 
20 #include "../grant_table.h"
21 
22 struct tpmif_tx_request {
23     unsigned long addr;   /* Machine address of packet.   */
24     grant_ref_t ref;      /* grant table access reference */
25     uint16_t unused;
26     uint16_t size;        /* Packet size in bytes.        */
27 };
28 typedef struct tpmif_tx_request tpmif_tx_request_t;
29 
30 /*
31  * The TPMIF_TX_RING_SIZE defines the number of pages the
32  * front-end and backend can exchange (= size of array).
33  */
34 typedef uint32_t TPMIF_RING_IDX;
35 
36 #define TPMIF_TX_RING_SIZE 1
37 
38 /* This structure must fit in a memory page. */
39 
40 struct tpmif_ring {
41     struct tpmif_tx_request req;
42 };
43 typedef struct tpmif_ring tpmif_ring_t;
44 
45 struct tpmif_tx_interface {
46     struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
47 };
48 typedef struct tpmif_tx_interface tpmif_tx_interface_t;
49 
50 /******************************************************************************
51  * TPM I/O interface for Xen guest OSes, v2
52  *
53  * Author: Daniel De Graaf <dgdegra@tycho.nsa.gov>
54  *
55  * This protocol emulates the request/response behavior of a TPM using a Xen
56  * shared memory interface. All interaction with the TPM is at the direction
57  * of the frontend, since a TPM (hardware or virtual) is a passive device -
58  * the backend only processes commands as requested by the frontend.
59  *
60  * The frontend sends a request to the TPM by populating the shared page with
61  * the request packet, changing the state to TPMIF_STATE_SUBMIT, and sending
62  * and event channel notification. When the backend is finished, it will set
63  * the state to TPMIF_STATE_FINISH and send an event channel notification.
64  *
65  * In order to allow long-running commands to be canceled, the frontend can
66  * at any time change the state to TPMIF_STATE_CANCEL and send a notification.
67  * The TPM can either finish the command (changing state to TPMIF_STATE_FINISH)
68  * or can cancel the command and change the state to TPMIF_STATE_IDLE. The TPM
69  * can also change the state to TPMIF_STATE_IDLE instead of TPMIF_STATE_FINISH
70  * if another reason for cancellation is required - for example, a physical
71  * TPM may cancel a command if the interface is seized by another locality.
72  *
73  * The TPM command format is defined by the TCG, and is available at
74  * http://www.trustedcomputinggroup.org/resources/tpm_main_specification
75  */
76 
77 enum tpmif_state {
78     TPMIF_STATE_IDLE,        /* no contents / vTPM idle / cancel complete */
79     TPMIF_STATE_SUBMIT,      /* request ready / vTPM working */
80     TPMIF_STATE_FINISH,      /* response ready / vTPM idle */
81     TPMIF_STATE_CANCEL,      /* cancel requested / vTPM working */
82 };
83 /* Note: The backend should only change state to IDLE or FINISH, while the
84  * frontend should only change to SUBMIT or CANCEL. Status changes do not need
85  * to use atomic operations.
86  */
87 
88 
89 /* The shared page for vTPM request/response packets looks like:
90  *
91  *  Offset               Contents
92  *  =================================================
93  *  0                    struct tpmif_shared_page
94  *  16                   [optional] List of grant IDs
95  *  16+4*nr_extra_pages  TPM packet data
96  *
97  * If the TPM packet data extends beyond the end of a single page, the grant IDs
98  * defined in extra_pages are used as if they were mapped immediately following
99  * the primary shared page. The grants are allocated by the frontend and mapped
100  * by the backend. Before sending a request spanning multiple pages, the
101  * frontend should verify that the TPM supports such large requests by querying
102  * the TPM_CAP_PROP_INPUT_BUFFER property from the TPM.
103  */
104 struct tpmif_shared_page {
105     uint32_t length;         /* request/response length in bytes */
106 
107     uint8_t state;           /* enum tpmif_state */
108     uint8_t locality;        /* for the current request */
109     uint8_t pad;             /* should be zero */
110 
111     uint8_t nr_extra_pages;  /* extra pages for long packets; may be zero */
112     uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
113 };
114 typedef struct tpmif_shared_page tpmif_shared_page_t;
115 
116 #endif
117 
118 /*
119  * Local variables:
120  * mode: C
121  * c-file-style: "BSD"
122  * c-basic-offset: 4
123  * tab-width: 4
124  * indent-tabs-mode: nil
125  * End:
126  */
127