]>
Commit | Line | Data |
---|---|---|
5e124724 VB |
1 | /* |
2 | * Copyright (c) 2011 The Chromium OS Authors. | |
3 | * | |
1a459660 | 4 | * SPDX-License-Identifier: GPL-2.0+ |
5e124724 VB |
5 | */ |
6 | ||
7 | /* | |
8 | * The code in this file is based on the article "Writing a TPM Device Driver" | |
9 | * published on http://ptgmedia.pearsoncmg.com. | |
10 | * | |
11 | * One principal difference is that in the simplest config the other than 0 | |
12 | * TPM localities do not get mapped by some devices (for instance, by Infineon | |
13 | * slb9635), so this driver provides access to locality 0 only. | |
14 | */ | |
15 | ||
16 | #include <common.h> | |
d616ba5f SG |
17 | #include <dm.h> |
18 | #include <mapmem.h> | |
5e124724 | 19 | #include <tpm.h> |
d616ba5f | 20 | #include <asm/io.h> |
5e124724 VB |
21 | |
22 | #define PREFIX "lpc_tpm: " | |
23 | ||
24 | struct tpm_locality { | |
25 | u32 access; | |
26 | u8 padding0[4]; | |
27 | u32 int_enable; | |
28 | u8 vector; | |
29 | u8 padding1[3]; | |
30 | u32 int_status; | |
31 | u32 int_capability; | |
32 | u32 tpm_status; | |
33 | u8 padding2[8]; | |
34 | u8 data; | |
35 | u8 padding3[3803]; | |
36 | u32 did_vid; | |
37 | u8 rid; | |
38 | u8 padding4[251]; | |
39 | }; | |
40 | ||
d616ba5f SG |
41 | struct tpm_tis_lpc_priv { |
42 | struct tpm_locality *regs; | |
43 | }; | |
44 | ||
5e124724 VB |
45 | /* |
46 | * This pointer refers to the TPM chip, 5 of its localities are mapped as an | |
47 | * array. | |
48 | */ | |
49 | #define TPM_TOTAL_LOCALITIES 5 | |
5e124724 VB |
50 | |
51 | /* Some registers' bit field definitions */ | |
52 | #define TIS_STS_VALID (1 << 7) /* 0x80 */ | |
53 | #define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */ | |
54 | #define TIS_STS_TPM_GO (1 << 5) /* 0x20 */ | |
55 | #define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */ | |
56 | #define TIS_STS_EXPECT (1 << 3) /* 0x08 */ | |
57 | #define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */ | |
58 | ||
59 | #define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */ | |
60 | #define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */ | |
61 | #define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */ | |
62 | #define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */ | |
63 | #define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */ | |
64 | #define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */ | |
65 | #define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */ | |
66 | ||
67 | #define TIS_STS_BURST_COUNT_MASK (0xffff) | |
68 | #define TIS_STS_BURST_COUNT_SHIFT (8) | |
69 | ||
5e124724 VB |
70 | /* 1 second is plenty for anything TPM does. */ |
71 | #define MAX_DELAY_US (1000 * 1000) | |
72 | ||
73 | /* Retrieve burst count value out of the status register contents. */ | |
74 | static u16 burst_count(u32 status) | |
75 | { | |
d616ba5f SG |
76 | return (status >> TIS_STS_BURST_COUNT_SHIFT) & |
77 | TIS_STS_BURST_COUNT_MASK; | |
5e124724 VB |
78 | } |
79 | ||
5e124724 | 80 | /* TPM access wrappers to support tracing */ |
d616ba5f | 81 | static u8 tpm_read_byte(struct tpm_tis_lpc_priv *priv, const u8 *ptr) |
5e124724 VB |
82 | { |
83 | u8 ret = readb(ptr); | |
84 | debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n", | |
d616ba5f | 85 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret); |
5e124724 VB |
86 | return ret; |
87 | } | |
88 | ||
d616ba5f | 89 | static u32 tpm_read_word(struct tpm_tis_lpc_priv *priv, const u32 *ptr) |
5e124724 VB |
90 | { |
91 | u32 ret = readl(ptr); | |
92 | debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n", | |
d616ba5f | 93 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret); |
5e124724 VB |
94 | return ret; |
95 | } | |
96 | ||
d616ba5f | 97 | static void tpm_write_byte(struct tpm_tis_lpc_priv *priv, u8 value, u8 *ptr) |
5e124724 VB |
98 | { |
99 | debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n", | |
d616ba5f | 100 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value); |
5e124724 VB |
101 | writeb(value, ptr); |
102 | } | |
103 | ||
d616ba5f SG |
104 | static void tpm_write_word(struct tpm_tis_lpc_priv *priv, u32 value, |
105 | u32 *ptr) | |
5e124724 VB |
106 | { |
107 | debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n", | |
d616ba5f | 108 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value); |
5e124724 VB |
109 | writel(value, ptr); |
110 | } | |
111 | ||
112 | /* | |
113 | * tis_wait_reg() | |
114 | * | |
115 | * Wait for at least a second for a register to change its state to match the | |
116 | * expected state. Normally the transition happens within microseconds. | |
117 | * | |
118 | * @reg - pointer to the TPM register | |
119 | * @mask - bitmask for the bitfield(s) to watch | |
120 | * @expected - value the field(s) are supposed to be set to | |
121 | * | |
122 | * Returns the register contents in case the expected value was found in the | |
d616ba5f | 123 | * appropriate register bits, or -ETIMEDOUT on timeout. |
5e124724 | 124 | */ |
d616ba5f SG |
125 | static int tis_wait_reg(struct tpm_tis_lpc_priv *priv, u32 *reg, u8 mask, |
126 | u8 expected) | |
5e124724 VB |
127 | { |
128 | u32 time_us = MAX_DELAY_US; | |
129 | ||
130 | while (time_us > 0) { | |
d616ba5f | 131 | u32 value = tpm_read_word(priv, reg); |
5e124724 VB |
132 | if ((value & mask) == expected) |
133 | return value; | |
134 | udelay(1); /* 1 us */ | |
135 | time_us--; | |
136 | } | |
d616ba5f SG |
137 | |
138 | return -ETIMEDOUT; | |
5e124724 VB |
139 | } |
140 | ||
141 | /* | |
142 | * Probe the TPM device and try determining its manufacturer/device name. | |
143 | * | |
d616ba5f | 144 | * Returns 0 on success, -ve on error |
5e124724 | 145 | */ |
d616ba5f | 146 | static int tpm_tis_lpc_probe(struct udevice *dev) |
5e124724 | 147 | { |
d616ba5f SG |
148 | struct tpm_tis_lpc_priv *priv = dev_get_priv(dev); |
149 | u32 vid, did; | |
150 | fdt_addr_t addr; | |
151 | u32 didvid; | |
5e124724 | 152 | |
d616ba5f SG |
153 | addr = dev_get_addr(dev); |
154 | if (addr == FDT_ADDR_T_NONE) | |
155 | return -EINVAL; | |
156 | priv->regs = map_sysmem(addr, 0); | |
157 | didvid = tpm_read_word(priv, &priv->regs[0].did_vid); | |
5e124724 VB |
158 | |
159 | vid = didvid & 0xffff; | |
160 | did = (didvid >> 16) & 0xffff; | |
d616ba5f SG |
161 | if (vid != 0x15d1 || did != 0xb) { |
162 | debug("Invalid vendor/device ID %04x/%04x\n", vid, did); | |
163 | return -ENOSYS; | |
5e124724 VB |
164 | } |
165 | ||
d616ba5f SG |
166 | debug("Found TPM %s by %s\n", "SLB9635 TT 1.2", "Infineon"); |
167 | ||
5e124724 VB |
168 | return 0; |
169 | } | |
170 | ||
171 | /* | |
172 | * tis_senddata() | |
173 | * | |
174 | * send the passed in data to the TPM device. | |
175 | * | |
176 | * @data - address of the data to send, byte by byte | |
177 | * @len - length of the data to send | |
178 | * | |
d616ba5f SG |
179 | * Returns 0 on success, -ve on error (in case the device does not accept |
180 | * the entire command). | |
5e124724 | 181 | */ |
d616ba5f | 182 | static int tis_senddata(struct udevice *dev, const u8 *data, size_t len) |
5e124724 | 183 | { |
d616ba5f SG |
184 | struct tpm_tis_lpc_priv *priv = dev_get_priv(dev); |
185 | struct tpm_locality *regs = priv->regs; | |
5e124724 VB |
186 | u32 offset = 0; |
187 | u16 burst = 0; | |
188 | u32 max_cycles = 0; | |
189 | u8 locality = 0; | |
190 | u32 value; | |
191 | ||
d616ba5f | 192 | value = tis_wait_reg(priv, ®s[locality].tpm_status, |
5e124724 | 193 | TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY); |
d616ba5f | 194 | if (value == -ETIMEDOUT) { |
5e124724 VB |
195 | printf("%s:%d - failed to get 'command_ready' status\n", |
196 | __FILE__, __LINE__); | |
d616ba5f | 197 | return value; |
5e124724 VB |
198 | } |
199 | burst = burst_count(value); | |
200 | ||
201 | while (1) { | |
202 | unsigned count; | |
203 | ||
204 | /* Wait till the device is ready to accept more data. */ | |
205 | while (!burst) { | |
206 | if (max_cycles++ == MAX_DELAY_US) { | |
22230e91 | 207 | printf("%s:%d failed to feed %zd bytes of %zd\n", |
5e124724 | 208 | __FILE__, __LINE__, len - offset, len); |
d616ba5f | 209 | return -ETIMEDOUT; |
5e124724 VB |
210 | } |
211 | udelay(1); | |
d616ba5f SG |
212 | burst = burst_count(tpm_read_word(priv, |
213 | ®s[locality].tpm_status)); | |
5e124724 VB |
214 | } |
215 | ||
216 | max_cycles = 0; | |
217 | ||
218 | /* | |
219 | * Calculate number of bytes the TPM is ready to accept in one | |
220 | * shot. | |
221 | * | |
222 | * We want to send the last byte outside of the loop (hence | |
223 | * the -1 below) to make sure that the 'expected' status bit | |
224 | * changes to zero exactly after the last byte is fed into the | |
225 | * FIFO. | |
226 | */ | |
22230e91 | 227 | count = min((size_t)burst, len - offset - 1); |
5e124724 | 228 | while (count--) |
d616ba5f SG |
229 | tpm_write_byte(priv, data[offset++], |
230 | ®s[locality].data); | |
5e124724 | 231 | |
d616ba5f | 232 | value = tis_wait_reg(priv, ®s[locality].tpm_status, |
5e124724 VB |
233 | TIS_STS_VALID, TIS_STS_VALID); |
234 | ||
d616ba5f | 235 | if ((value == -ETIMEDOUT) || !(value & TIS_STS_EXPECT)) { |
5e124724 VB |
236 | printf("%s:%d TPM command feed overflow\n", |
237 | __FILE__, __LINE__); | |
d616ba5f | 238 | return value == -ETIMEDOUT ? value : -EIO; |
5e124724 VB |
239 | } |
240 | ||
241 | burst = burst_count(value); | |
242 | if ((offset == (len - 1)) && burst) { | |
243 | /* | |
244 | * We need to be able to send the last byte to the | |
245 | * device, so burst size must be nonzero before we | |
246 | * break out. | |
247 | */ | |
248 | break; | |
249 | } | |
250 | } | |
251 | ||
252 | /* Send the last byte. */ | |
d616ba5f | 253 | tpm_write_byte(priv, data[offset++], ®s[locality].data); |
5e124724 VB |
254 | /* |
255 | * Verify that TPM does not expect any more data as part of this | |
256 | * command. | |
257 | */ | |
d616ba5f | 258 | value = tis_wait_reg(priv, ®s[locality].tpm_status, |
5e124724 | 259 | TIS_STS_VALID, TIS_STS_VALID); |
d616ba5f | 260 | if ((value == -ETIMEDOUT) || (value & TIS_STS_EXPECT)) { |
5e124724 VB |
261 | printf("%s:%d unexpected TPM status 0x%x\n", |
262 | __FILE__, __LINE__, value); | |
d616ba5f | 263 | return value == -ETIMEDOUT ? value : -EIO; |
5e124724 VB |
264 | } |
265 | ||
266 | /* OK, sitting pretty, let's start the command execution. */ | |
d616ba5f | 267 | tpm_write_word(priv, TIS_STS_TPM_GO, ®s[locality].tpm_status); |
5e124724 VB |
268 | return 0; |
269 | } | |
270 | ||
271 | /* | |
272 | * tis_readresponse() | |
273 | * | |
274 | * read the TPM device response after a command was issued. | |
275 | * | |
276 | * @buffer - address where to read the response, byte by byte. | |
277 | * @len - pointer to the size of buffer | |
278 | * | |
279 | * On success stores the number of received bytes to len and returns 0. On | |
280 | * errors (misformatted TPM data or synchronization problems) returns | |
d616ba5f | 281 | * -ve value. |
5e124724 | 282 | */ |
d616ba5f | 283 | static int tis_readresponse(struct udevice *dev, u8 *buffer, size_t len) |
5e124724 | 284 | { |
d616ba5f SG |
285 | struct tpm_tis_lpc_priv *priv = dev_get_priv(dev); |
286 | struct tpm_locality *regs = priv->regs; | |
5e124724 VB |
287 | u16 burst; |
288 | u32 value; | |
289 | u32 offset = 0; | |
290 | u8 locality = 0; | |
291 | const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID; | |
d616ba5f | 292 | u32 expected_count = len; |
5e124724 VB |
293 | int max_cycles = 0; |
294 | ||
295 | /* Wait for the TPM to process the command. */ | |
d616ba5f | 296 | value = tis_wait_reg(priv, ®s[locality].tpm_status, |
5e124724 | 297 | has_data, has_data); |
d616ba5f | 298 | if (value == -ETIMEDOUT) { |
5e124724 VB |
299 | printf("%s:%d failed processing command\n", |
300 | __FILE__, __LINE__); | |
d616ba5f | 301 | return value; |
5e124724 VB |
302 | } |
303 | ||
304 | do { | |
305 | while ((burst = burst_count(value)) == 0) { | |
306 | if (max_cycles++ == MAX_DELAY_US) { | |
307 | printf("%s:%d TPM stuck on read\n", | |
308 | __FILE__, __LINE__); | |
d616ba5f | 309 | return -EIO; |
5e124724 VB |
310 | } |
311 | udelay(1); | |
d616ba5f | 312 | value = tpm_read_word(priv, ®s[locality].tpm_status); |
5e124724 VB |
313 | } |
314 | ||
315 | max_cycles = 0; | |
316 | ||
317 | while (burst-- && (offset < expected_count)) { | |
d616ba5f SG |
318 | buffer[offset++] = tpm_read_byte(priv, |
319 | ®s[locality].data); | |
5e124724 VB |
320 | |
321 | if (offset == 6) { | |
322 | /* | |
323 | * We got the first six bytes of the reply, | |
324 | * let's figure out how many bytes to expect | |
325 | * total - it is stored as a 4 byte number in | |
326 | * network order, starting with offset 2 into | |
327 | * the body of the reply. | |
328 | */ | |
329 | u32 real_length; | |
330 | memcpy(&real_length, | |
331 | buffer + 2, | |
332 | sizeof(real_length)); | |
333 | expected_count = be32_to_cpu(real_length); | |
334 | ||
335 | if ((expected_count < offset) || | |
d616ba5f | 336 | (expected_count > len)) { |
5e124724 VB |
337 | printf("%s:%d bad response size %d\n", |
338 | __FILE__, __LINE__, | |
339 | expected_count); | |
d616ba5f | 340 | return -ENOSPC; |
5e124724 VB |
341 | } |
342 | } | |
343 | } | |
344 | ||
345 | /* Wait for the next portion. */ | |
d616ba5f | 346 | value = tis_wait_reg(priv, ®s[locality].tpm_status, |
5e124724 | 347 | TIS_STS_VALID, TIS_STS_VALID); |
d616ba5f | 348 | if (value == -ETIMEDOUT) { |
5e124724 VB |
349 | printf("%s:%d failed to read response\n", |
350 | __FILE__, __LINE__); | |
d616ba5f | 351 | return value; |
5e124724 VB |
352 | } |
353 | ||
354 | if (offset == expected_count) | |
355 | break; /* We got all we needed. */ | |
356 | ||
357 | } while ((value & has_data) == has_data); | |
358 | ||
359 | /* | |
360 | * Make sure we indeed read all there was. The TIS_STS_VALID bit is | |
361 | * known to be set. | |
362 | */ | |
363 | if (value & TIS_STS_DATA_AVAILABLE) { | |
364 | printf("%s:%d wrong receive status %x\n", | |
365 | __FILE__, __LINE__, value); | |
d616ba5f | 366 | return -EBADMSG; |
5e124724 VB |
367 | } |
368 | ||
369 | /* Tell the TPM that we are done. */ | |
d616ba5f SG |
370 | tpm_write_word(priv, TIS_STS_COMMAND_READY, |
371 | ®s[locality].tpm_status); | |
372 | ||
373 | return offset; | |
5e124724 VB |
374 | } |
375 | ||
d616ba5f | 376 | static int tpm_tis_lpc_open(struct udevice *dev) |
5e124724 | 377 | { |
d616ba5f SG |
378 | struct tpm_tis_lpc_priv *priv = dev_get_priv(dev); |
379 | struct tpm_locality *regs = priv->regs; | |
5e124724 | 380 | u8 locality = 0; /* we use locality zero for everything. */ |
d616ba5f | 381 | int ret; |
5e124724 | 382 | |
5e124724 | 383 | /* now request access to locality. */ |
d616ba5f | 384 | tpm_write_word(priv, TIS_ACCESS_REQUEST_USE, ®s[locality].access); |
5e124724 VB |
385 | |
386 | /* did we get a lock? */ | |
d616ba5f | 387 | ret = tis_wait_reg(priv, ®s[locality].access, |
5e124724 | 388 | TIS_ACCESS_ACTIVE_LOCALITY, |
d616ba5f SG |
389 | TIS_ACCESS_ACTIVE_LOCALITY); |
390 | if (ret == -ETIMEDOUT) { | |
5e124724 VB |
391 | printf("%s:%d - failed to lock locality %d\n", |
392 | __FILE__, __LINE__, locality); | |
d616ba5f | 393 | return ret; |
5e124724 VB |
394 | } |
395 | ||
d616ba5f SG |
396 | tpm_write_word(priv, TIS_STS_COMMAND_READY, |
397 | ®s[locality].tpm_status); | |
5e124724 VB |
398 | return 0; |
399 | } | |
400 | ||
d616ba5f | 401 | static int tpm_tis_lpc_close(struct udevice *dev) |
5e124724 | 402 | { |
d616ba5f SG |
403 | struct tpm_tis_lpc_priv *priv = dev_get_priv(dev); |
404 | struct tpm_locality *regs = priv->regs; | |
5e124724 VB |
405 | u8 locality = 0; |
406 | ||
d616ba5f | 407 | if (tpm_read_word(priv, ®s[locality].access) & |
5e124724 | 408 | TIS_ACCESS_ACTIVE_LOCALITY) { |
d616ba5f SG |
409 | tpm_write_word(priv, TIS_ACCESS_ACTIVE_LOCALITY, |
410 | ®s[locality].access); | |
5e124724 | 411 | |
d616ba5f SG |
412 | if (tis_wait_reg(priv, ®s[locality].access, |
413 | TIS_ACCESS_ACTIVE_LOCALITY, 0) == -ETIMEDOUT) { | |
5e124724 VB |
414 | printf("%s:%d - failed to release locality %d\n", |
415 | __FILE__, __LINE__, locality); | |
d616ba5f | 416 | return -ETIMEDOUT; |
5e124724 VB |
417 | } |
418 | } | |
419 | return 0; | |
420 | } | |
421 | ||
d616ba5f | 422 | static int tpm_tis_get_desc(struct udevice *dev, char *buf, int size) |
5e124724 | 423 | { |
d616ba5f SG |
424 | if (size < 50) |
425 | return -ENOSPC; | |
5e124724 | 426 | |
d616ba5f SG |
427 | return snprintf(buf, size, "1.2 TPM (vendor %s, chip %s)", |
428 | "Infineon", "SLB9635 TT 1.2"); | |
5e124724 | 429 | } |
d616ba5f SG |
430 | |
431 | ||
432 | static const struct tpm_ops tpm_tis_lpc_ops = { | |
433 | .open = tpm_tis_lpc_open, | |
434 | .close = tpm_tis_lpc_close, | |
435 | .get_desc = tpm_tis_get_desc, | |
436 | .send = tis_senddata, | |
437 | .recv = tis_readresponse, | |
438 | }; | |
439 | ||
440 | static const struct udevice_id tpm_tis_lpc_ids[] = { | |
441 | { .compatible = "infineon,slb9635lpc" }, | |
442 | { } | |
443 | }; | |
444 | ||
445 | U_BOOT_DRIVER(tpm_tis_lpc) = { | |
446 | .name = "tpm_tis_lpc", | |
447 | .id = UCLASS_TPM, | |
448 | .of_match = tpm_tis_lpc_ids, | |
449 | .ops = &tpm_tis_lpc_ops, | |
450 | .probe = tpm_tis_lpc_probe, | |
451 | .priv_auto_alloc_size = sizeof(struct tpm_tis_lpc_priv), | |
452 | }; |