[people/ms/u-boot.git] / drivers / tpm / tpm_tis_lpc.c

/*
 * Copyright (c) 2011 The Chromium OS Authors.
 *
 * SPDX-License-Identifier:	GPL-2.0+
 */

/*
 * The code in this file is based on the article "Writing a TPM Device Driver"
 * published on http://ptgmedia.pearsoncmg.com.
 *
 * One principal difference is that in the simplest config the other than 0
 * TPM localities do not get mapped by some devices (for instance, by Infineon
 * slb9635), so this driver provides access to locality 0 only.
 */

#include <common.h>
#include <dm.h>
#include <mapmem.h>
#include <tpm.h>
#include <asm/io.h>

#define PREFIX "lpc_tpm: "

struct tpm_locality {
	u32 access;
	u8 padding0[4];
	u32 int_enable;
	u8 vector;
	u8 padding1[3];
	u32 int_status;
	u32 int_capability;
	u32 tpm_status;
	u8 padding2[8];
	u8 data;
	u8 padding3[3803];
	u32 did_vid;
	u8 rid;
	u8 padding4[251];
};

struct tpm_tis_lpc_priv {
	struct tpm_locality *regs;
};

/*
 * This pointer refers to the TPM chip, 5 of its localities are mapped as an
 * array.
 */
#define TPM_TOTAL_LOCALITIES	5

/* Some registers' bit field definitions */
#define TIS_STS_VALID                  (1 << 7) /* 0x80 */
#define TIS_STS_COMMAND_READY          (1 << 6) /* 0x40 */
#define TIS_STS_TPM_GO                 (1 << 5) /* 0x20 */
#define TIS_STS_DATA_AVAILABLE         (1 << 4) /* 0x10 */
#define TIS_STS_EXPECT                 (1 << 3) /* 0x08 */
#define TIS_STS_RESPONSE_RETRY         (1 << 1) /* 0x02 */

#define TIS_ACCESS_TPM_REG_VALID_STS   (1 << 7) /* 0x80 */
#define TIS_ACCESS_ACTIVE_LOCALITY     (1 << 5) /* 0x20 */
#define TIS_ACCESS_BEEN_SEIZED         (1 << 4) /* 0x10 */
#define TIS_ACCESS_SEIZE               (1 << 3) /* 0x08 */
#define TIS_ACCESS_PENDING_REQUEST     (1 << 2) /* 0x04 */
#define TIS_ACCESS_REQUEST_USE         (1 << 1) /* 0x02 */
#define TIS_ACCESS_TPM_ESTABLISHMENT   (1 << 0) /* 0x01 */

#define TIS_STS_BURST_COUNT_MASK       (0xffff)
#define TIS_STS_BURST_COUNT_SHIFT      (8)

 /* 1 second is plenty for anything TPM does. */
#define MAX_DELAY_US	(1000 * 1000)

/* Retrieve burst count value out of the status register contents. */
static u16 burst_count(u32 status)
{
	return (status >> TIS_STS_BURST_COUNT_SHIFT) &
			TIS_STS_BURST_COUNT_MASK;
}

/* TPM access wrappers to support tracing */
static u8 tpm_read_byte(struct tpm_tis_lpc_priv *priv, const u8 *ptr)
{
	u8  ret = readb(ptr);
	debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret);
	return ret;
}

static u32 tpm_read_word(struct tpm_tis_lpc_priv *priv, const u32 *ptr)
{
	u32  ret = readl(ptr);
	debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret);
	return ret;
}

static void tpm_write_byte(struct tpm_tis_lpc_priv *priv, u8 value, u8 *ptr)
{
	debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value);
	writeb(value, ptr);
}

static void tpm_write_word(struct tpm_tis_lpc_priv *priv, u32 value,
			   u32 *ptr)
{
	debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value);
	writel(value, ptr);
}

/*
 * tis_wait_reg()
 *
 * Wait for at least a second for a register to change its state to match the
 * expected state. Normally the transition happens within microseconds.
 *
 * @reg - pointer to the TPM register
 * @mask - bitmask for the bitfield(s) to watch
 * @expected - value the field(s) are supposed to be set to
 *
 * Returns the register contents in case the expected value was found in the
 * appropriate register bits, or -ETIMEDOUT on timeout.
 */
static int tis_wait_reg(struct tpm_tis_lpc_priv *priv, u32 *reg, u8 mask,
			u8 expected)
{
	u32 time_us = MAX_DELAY_US;

	while (time_us > 0) {
		u32 value = tpm_read_word(priv, reg);
		if ((value & mask) == expected)
			return value;
		udelay(1); /* 1 us */
		time_us--;
	}

	return -ETIMEDOUT;
}

/*
 * Probe the TPM device and try determining its manufacturer/device name.
 *
 * Returns 0 on success, -ve on error
 */
static int tpm_tis_lpc_probe(struct udevice *dev)
{
	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	u32 vid, did;
	fdt_addr_t addr;
	u32 didvid;

	addr = dev_get_addr(dev);
	if (addr == FDT_ADDR_T_NONE)
		return -EINVAL;
	priv->regs = map_sysmem(addr, 0);
	didvid = tpm_read_word(priv, &priv->regs[0].did_vid);

	vid = didvid & 0xffff;
	did = (didvid >> 16) & 0xffff;
	if (vid != 0x15d1 || did != 0xb) {
		debug("Invalid vendor/device ID %04x/%04x\n", vid, did);
		return -ENOSYS;
	}

	debug("Found TPM %s by %s\n", "SLB9635 TT 1.2", "Infineon");

	return 0;
}

/*
 * tis_senddata()
 *
 * send the passed in data to the TPM device.
 *
 * @data - address of the data to send, byte by byte
 * @len - length of the data to send
 *
 * Returns 0 on success, -ve on error (in case the device does not accept
 * the entire command).
 */
static int tis_senddata(struct udevice *dev, const u8 *data, size_t len)
{
	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	struct tpm_locality *regs = priv->regs;
	u32 offset = 0;
	u16 burst = 0;
	u32 max_cycles = 0;
	u8 locality = 0;
	u32 value;

	value = tis_wait_reg(priv, &regs[locality].tpm_status,
			     TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
	if (value == -ETIMEDOUT) {
		printf("%s:%d - failed to get 'command_ready' status\n",
		       __FILE__, __LINE__);
		return value;
	}
	burst = burst_count(value);

	while (1) {
		unsigned count;

		/* Wait till the device is ready to accept more data. */
		while (!burst) {
			if (max_cycles++ == MAX_DELAY_US) {
				printf("%s:%d failed to feed %zd bytes of %zd\n",
				       __FILE__, __LINE__, len - offset, len);
				return -ETIMEDOUT;
			}
			udelay(1);
			burst = burst_count(tpm_read_word(priv,
					&regs[locality].tpm_status));
		}

		max_cycles = 0;

		/*
		 * Calculate number of bytes the TPM is ready to accept in one
		 * shot.
		 *
		 * We want to send the last byte outside of the loop (hence
		 * the -1 below) to make sure that the 'expected' status bit
		 * changes to zero exactly after the last byte is fed into the
		 * FIFO.
		 */
		count = min((size_t)burst, len - offset - 1);
		while (count--)
			tpm_write_byte(priv, data[offset++],
				       &regs[locality].data);

		value = tis_wait_reg(priv, &regs[locality].tpm_status,
				     TIS_STS_VALID, TIS_STS_VALID);

		if ((value == -ETIMEDOUT) || !(value & TIS_STS_EXPECT)) {
			printf("%s:%d TPM command feed overflow\n",
			       __FILE__, __LINE__);
			return value == -ETIMEDOUT ? value : -EIO;
		}

		burst = burst_count(value);
		if ((offset == (len - 1)) && burst) {
			/*
			 * We need to be able to send the last byte to the
			 * device, so burst size must be nonzero before we
			 * break out.
			 */
			break;
		}
	}

	/* Send the last byte. */
	tpm_write_byte(priv, data[offset++], &regs[locality].data);
	/*
	 * Verify that TPM does not expect any more data as part of this
	 * command.
	 */
	value = tis_wait_reg(priv, &regs[locality].tpm_status,
			     TIS_STS_VALID, TIS_STS_VALID);
	if ((value == -ETIMEDOUT) || (value & TIS_STS_EXPECT)) {
		printf("%s:%d unexpected TPM status 0x%x\n",
		       __FILE__, __LINE__, value);
		return value == -ETIMEDOUT ? value : -EIO;
	}

	/* OK, sitting pretty, let's start the command execution. */
	tpm_write_word(priv, TIS_STS_TPM_GO, &regs[locality].tpm_status);
	return 0;
}

/*
 * tis_readresponse()
 *
 * read the TPM device response after a command was issued.
 *
 * @buffer - address where to read the response, byte by byte.
 * @len - pointer to the size of buffer
 *
 * On success stores the number of received bytes to len and returns 0. On
 * errors (misformatted TPM data or synchronization problems) returns
 * -ve value.
 */
static int tis_readresponse(struct udevice *dev, u8 *buffer, size_t len)
{
	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	struct tpm_locality *regs = priv->regs;
	u16 burst;
	u32 value;
	u32 offset = 0;
	u8 locality = 0;
	const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID;
	u32 expected_count = len;
	int max_cycles = 0;

	/* Wait for the TPM to process the command. */
	value = tis_wait_reg(priv, &regs[locality].tpm_status,
			      has_data, has_data);
	if (value == -ETIMEDOUT) {
		printf("%s:%d failed processing command\n",
		       __FILE__, __LINE__);
		return value;
	}

	do {
		while ((burst = burst_count(value)) == 0) {
			if (max_cycles++ == MAX_DELAY_US) {
				printf("%s:%d TPM stuck on read\n",
				       __FILE__, __LINE__);
				return -EIO;
			}
			udelay(1);
			value = tpm_read_word(priv, &regs[locality].tpm_status);
		}

		max_cycles = 0;

		while (burst-- && (offset < expected_count)) {
			buffer[offset++] = tpm_read_byte(priv,
						&regs[locality].data);

			if (offset == 6) {
				/*
				 * We got the first six bytes of the reply,
				 * let's figure out how many bytes to expect
				 * total - it is stored as a 4 byte number in
				 * network order, starting with offset 2 into
				 * the body of the reply.
				 */
				u32 real_length;
				memcpy(&real_length,
				       buffer + 2,
				       sizeof(real_length));
				expected_count = be32_to_cpu(real_length);

				if ((expected_count < offset) ||
				    (expected_count > len)) {
					printf("%s:%d bad response size %d\n",
					       __FILE__, __LINE__,
					       expected_count);
					return -ENOSPC;
				}
			}
		}

		/* Wait for the next portion. */
		value = tis_wait_reg(priv, &regs[locality].tpm_status,
				     TIS_STS_VALID, TIS_STS_VALID);
		if (value == -ETIMEDOUT) {
			printf("%s:%d failed to read response\n",
			       __FILE__, __LINE__);
			return value;
		}

		if (offset == expected_count)
			break;	/* We got all we needed. */

	} while ((value & has_data) == has_data);

	/*
	 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
	 * known to be set.
	 */
	if (value & TIS_STS_DATA_AVAILABLE) {
		printf("%s:%d wrong receive status %x\n",
		       __FILE__, __LINE__, value);
		return -EBADMSG;
	}

	/* Tell the TPM that we are done. */
	tpm_write_word(priv, TIS_STS_COMMAND_READY,
		       &regs[locality].tpm_status);

	return offset;
}

static int tpm_tis_lpc_open(struct udevice *dev)
{
	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	struct tpm_locality *regs = priv->regs;
	u8 locality = 0; /* we use locality zero for everything. */
	int ret;

	/* now request access to locality. */
	tpm_write_word(priv, TIS_ACCESS_REQUEST_USE, &regs[locality].access);

	/* did we get a lock? */
	ret = tis_wait_reg(priv, &regs[locality].access,
			 TIS_ACCESS_ACTIVE_LOCALITY,
			 TIS_ACCESS_ACTIVE_LOCALITY);
	if (ret == -ETIMEDOUT) {
		printf("%s:%d - failed to lock locality %d\n",
		       __FILE__, __LINE__, locality);
		return ret;
	}

	tpm_write_word(priv, TIS_STS_COMMAND_READY,
		       &regs[locality].tpm_status);
	return 0;
}

static int tpm_tis_lpc_close(struct udevice *dev)
{
	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	struct tpm_locality *regs = priv->regs;
	u8 locality = 0;

	if (tpm_read_word(priv, &regs[locality].access) &
	    TIS_ACCESS_ACTIVE_LOCALITY) {
		tpm_write_word(priv, TIS_ACCESS_ACTIVE_LOCALITY,
			       &regs[locality].access);

		if (tis_wait_reg(priv, &regs[locality].access,
				 TIS_ACCESS_ACTIVE_LOCALITY, 0) == -ETIMEDOUT) {
			printf("%s:%d - failed to release locality %d\n",
			       __FILE__, __LINE__, locality);
			return -ETIMEDOUT;
		}
	}
	return 0;
}

static int tpm_tis_get_desc(struct udevice *dev, char *buf, int size)
{
	if (size < 50)
		return -ENOSPC;

	return snprintf(buf, size, "1.2 TPM (vendor %s, chip %s)",
			"Infineon", "SLB9635 TT 1.2");
}


static const struct tpm_ops tpm_tis_lpc_ops = {
	.open		= tpm_tis_lpc_open,
	.close		= tpm_tis_lpc_close,
	.get_desc	= tpm_tis_get_desc,
	.send		= tis_senddata,
	.recv		= tis_readresponse,
};

static const struct udevice_id tpm_tis_lpc_ids[] = {
	{ .compatible = "infineon,slb9635lpc" },
	{ }
};

U_BOOT_DRIVER(tpm_tis_lpc) = {
	.name   = "tpm_tis_lpc",
	.id     = UCLASS_TPM,
	.of_match = tpm_tis_lpc_ids,
	.ops    = &tpm_tis_lpc_ops,
	.probe	= tpm_tis_lpc_probe,
	.priv_auto_alloc_size = sizeof(struct tpm_tis_lpc_priv),
};
Commit	Line	Data
5e124724 VB	1	/*
	2	* Copyright (c) 2011 The Chromium OS Authors.
	3	*
1a459660	4	* SPDX-License-Identifier: GPL-2.0+
5e124724 VB	5	*/
	6
	7	/*
	8	* The code in this file is based on the article "Writing a TPM Device Driver"
	9	* published on http://ptgmedia.pearsoncmg.com.
	10	*
	11	* One principal difference is that in the simplest config the other than 0
	12	* TPM localities do not get mapped by some devices (for instance, by Infineon
	13	* slb9635), so this driver provides access to locality 0 only.
	14	*/
	15
	16	#include <common.h>
d616ba5f SG	17	#include <dm.h>
d616ba5f SG	18	#include <mapmem.h>
5e124724	19	#include <tpm.h>
d616ba5f	20	#include <asm/io.h>
5e124724 VB	21
	22	#define PREFIX "lpc_tpm: "
	23
	24	struct tpm_locality {
	25	u32 access;
	26	u8 padding0[4];
	27	u32 int_enable;
	28	u8 vector;
	29	u8 padding1[3];
	30	u32 int_status;
	31	u32 int_capability;
	32	u32 tpm_status;
	33	u8 padding2[8];
	34	u8 data;
	35	u8 padding3[3803];
	36	u32 did_vid;
	37	u8 rid;
	38	u8 padding4[251];
	39	};
	40
d616ba5f SG	41	struct tpm_tis_lpc_priv {
	42	struct tpm_locality *regs;
	43	};
	44
5e124724 VB	45	/*
	46	* This pointer refers to the TPM chip, 5 of its localities are mapped as an
	47	* array.
	48	*/
	49	#define TPM_TOTAL_LOCALITIES 5
5e124724 VB	50
	51	/* Some registers' bit field definitions */
	52	#define TIS_STS_VALID (1 << 7) /* 0x80 */
	53	#define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
	54	#define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
	55	#define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
	56	#define TIS_STS_EXPECT (1 << 3) /* 0x08 */
	57	#define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
	58
	59	#define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
	60	#define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
	61	#define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
	62	#define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
	63	#define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
	64	#define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
	65	#define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
	66
	67	#define TIS_STS_BURST_COUNT_MASK (0xffff)
	68	#define TIS_STS_BURST_COUNT_SHIFT (8)
	69
5e124724 VB	70	/* 1 second is plenty for anything TPM does. */
	71	#define MAX_DELAY_US (1000 * 1000)
	72
	73	/* Retrieve burst count value out of the status register contents. */
	74	static u16 burst_count(u32 status)
	75	{
d616ba5f SG	76	return (status >> TIS_STS_BURST_COUNT_SHIFT) &
d616ba5f SG	77	TIS_STS_BURST_COUNT_MASK;
5e124724 VB	78	}
5e124724 VB	79
5e124724	80	/* TPM access wrappers to support tracing */
d616ba5f	81	static u8 tpm_read_byte(struct tpm_tis_lpc_priv priv, const u8 ptr)
5e124724 VB	82	{
	83	u8 ret = readb(ptr);
	84	debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
d616ba5f	85	(u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret);
5e124724 VB	86	return ret;
	87	}
	88
d616ba5f	89	static u32 tpm_read_word(struct tpm_tis_lpc_priv priv, const u32 ptr)
5e124724 VB	90	{
	91	u32 ret = readl(ptr);
	92	debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
d616ba5f	93	(u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, ret);
5e124724 VB	94	return ret;
	95	}
	96
d616ba5f	97	static void tpm_write_byte(struct tpm_tis_lpc_priv priv, u8 value, u8 ptr)
5e124724 VB	98	{
5e124724 VB	99	debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
d616ba5f	100	(u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value);
5e124724 VB	101	writeb(value, ptr);
	102	}
	103
d616ba5f SG	104	static void tpm_write_word(struct tpm_tis_lpc_priv *priv, u32 value,
d616ba5f SG	105	u32 *ptr)
5e124724 VB	106	{
5e124724 VB	107	debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
d616ba5f	108	(u32)(uintptr_t)ptr - (u32)(uintptr_t)priv->regs, value);
5e124724 VB	109	writel(value, ptr);
	110	}
	111
	112	/*
	113	* tis_wait_reg()
	114	*
	115	* Wait for at least a second for a register to change its state to match the
	116	* expected state. Normally the transition happens within microseconds.
	117	*
	118	* @reg - pointer to the TPM register
	119	* @mask - bitmask for the bitfield(s) to watch
	120	* @expected - value the field(s) are supposed to be set to
	121	*
	122	* Returns the register contents in case the expected value was found in the
d616ba5f	123	* appropriate register bits, or -ETIMEDOUT on timeout.
5e124724	124	*/
d616ba5f SG	125	static int tis_wait_reg(struct tpm_tis_lpc_priv priv, u32 reg, u8 mask,
d616ba5f SG	126	u8 expected)
5e124724 VB	127	{
	128	u32 time_us = MAX_DELAY_US;
	129
	130	while (time_us > 0) {
d616ba5f	131	u32 value = tpm_read_word(priv, reg);
5e124724 VB	132	if ((value & mask) == expected)
	133	return value;
	134	udelay(1); /* 1 us */
	135	time_us--;
	136	}
d616ba5f SG	137
d616ba5f SG	138	return -ETIMEDOUT;
5e124724 VB	139	}
	140
	141	/*
	142	* Probe the TPM device and try determining its manufacturer/device name.
	143	*
d616ba5f	144	* Returns 0 on success, -ve on error
5e124724	145	*/
d616ba5f	146	static int tpm_tis_lpc_probe(struct udevice *dev)
5e124724	147	{
d616ba5f SG	148	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
	149	u32 vid, did;
	150	fdt_addr_t addr;
	151	u32 didvid;
5e124724	152
d616ba5f SG	153	addr = dev_get_addr(dev);
	154	if (addr == FDT_ADDR_T_NONE)
	155	return -EINVAL;
	156	priv->regs = map_sysmem(addr, 0);
	157	didvid = tpm_read_word(priv, &priv->regs[0].did_vid);
5e124724 VB	158
	159	vid = didvid & 0xffff;
	160	did = (didvid >> 16) & 0xffff;
d616ba5f SG	161	if (vid != 0x15d1 \|\| did != 0xb) {
	162	debug("Invalid vendor/device ID %04x/%04x\n", vid, did);
	163	return -ENOSYS;
5e124724 VB	164	}
5e124724 VB	165
d616ba5f SG	166	debug("Found TPM %s by %s\n", "SLB9635 TT 1.2", "Infineon");
d616ba5f SG	167
5e124724 VB	168	return 0;
	169	}
	170
	171	/*
	172	* tis_senddata()
	173	*
	174	* send the passed in data to the TPM device.
	175	*
	176	* @data - address of the data to send, byte by byte
	177	* @len - length of the data to send
	178	*
d616ba5f SG	179	* Returns 0 on success, -ve on error (in case the device does not accept
d616ba5f SG	180	* the entire command).
5e124724	181	*/
d616ba5f	182	static int tis_senddata(struct udevice dev, const u8 data, size_t len)
5e124724	183	{
d616ba5f SG	184	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
d616ba5f SG	185	struct tpm_locality *regs = priv->regs;
5e124724 VB	186	u32 offset = 0;
	187	u16 burst = 0;
	188	u32 max_cycles = 0;
	189	u8 locality = 0;
	190	u32 value;
	191
d616ba5f	192	value = tis_wait_reg(priv, &regs[locality].tpm_status,
5e124724	193	TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
d616ba5f	194	if (value == -ETIMEDOUT) {
5e124724 VB	195	printf("%s:%d - failed to get 'command_ready' status\n",
5e124724 VB	196	__FILE__, __LINE__);
d616ba5f	197	return value;
5e124724 VB	198	}
	199	burst = burst_count(value);
	200
	201	while (1) {
	202	unsigned count;
	203
	204	/* Wait till the device is ready to accept more data. */
	205	while (!burst) {
	206	if (max_cycles++ == MAX_DELAY_US) {
22230e91	207	printf("%s:%d failed to feed %zd bytes of %zd\n",
5e124724	208	__FILE__, __LINE__, len - offset, len);
d616ba5f	209	return -ETIMEDOUT;
5e124724 VB	210	}
5e124724 VB	211	udelay(1);
d616ba5f SG	212	burst = burst_count(tpm_read_word(priv,
d616ba5f SG	213	&regs[locality].tpm_status));
5e124724 VB	214	}
	215
	216	max_cycles = 0;
	217
	218	/*
	219	* Calculate number of bytes the TPM is ready to accept in one
	220	* shot.
	221	*
	222	* We want to send the last byte outside of the loop (hence
	223	* the -1 below) to make sure that the 'expected' status bit
	224	* changes to zero exactly after the last byte is fed into the
	225	* FIFO.
	226	*/
22230e91	227	count = min((size_t)burst, len - offset - 1);
5e124724	228	while (count--)
d616ba5f SG	229	tpm_write_byte(priv, data[offset++],
d616ba5f SG	230	&regs[locality].data);
5e124724	231
d616ba5f	232	value = tis_wait_reg(priv, &regs[locality].tpm_status,
5e124724 VB	233	TIS_STS_VALID, TIS_STS_VALID);
5e124724 VB	234
d616ba5f	235	if ((value == -ETIMEDOUT) \|\| !(value & TIS_STS_EXPECT)) {
5e124724 VB	236	printf("%s:%d TPM command feed overflow\n",
5e124724 VB	237	__FILE__, __LINE__);
d616ba5f	238	return value == -ETIMEDOUT ? value : -EIO;
5e124724 VB	239	}
	240
	241	burst = burst_count(value);
	242	if ((offset == (len - 1)) && burst) {
	243	/*
	244	* We need to be able to send the last byte to the
	245	* device, so burst size must be nonzero before we
	246	* break out.
	247	*/
	248	break;
	249	}
	250	}
	251
	252	/* Send the last byte. */
d616ba5f	253	tpm_write_byte(priv, data[offset++], &regs[locality].data);
5e124724 VB	254	/*
	255	* Verify that TPM does not expect any more data as part of this
	256	* command.
	257	*/
d616ba5f	258	value = tis_wait_reg(priv, &regs[locality].tpm_status,
5e124724	259	TIS_STS_VALID, TIS_STS_VALID);
d616ba5f	260	if ((value == -ETIMEDOUT) \|\| (value & TIS_STS_EXPECT)) {
5e124724 VB	261	printf("%s:%d unexpected TPM status 0x%x\n",
5e124724 VB	262	__FILE__, __LINE__, value);
d616ba5f	263	return value == -ETIMEDOUT ? value : -EIO;
5e124724 VB	264	}
	265
	266	/* OK, sitting pretty, let's start the command execution. */
d616ba5f	267	tpm_write_word(priv, TIS_STS_TPM_GO, &regs[locality].tpm_status);
5e124724 VB	268	return 0;
	269	}
	270
	271	/*
	272	* tis_readresponse()
	273	*
	274	* read the TPM device response after a command was issued.
	275	*
	276	* @buffer - address where to read the response, byte by byte.
	277	* @len - pointer to the size of buffer
	278	*
	279	* On success stores the number of received bytes to len and returns 0. On
	280	* errors (misformatted TPM data or synchronization problems) returns
d616ba5f	281	* -ve value.
5e124724	282	*/
d616ba5f	283	static int tis_readresponse(struct udevice dev, u8 buffer, size_t len)
5e124724	284	{
d616ba5f SG	285	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
d616ba5f SG	286	struct tpm_locality *regs = priv->regs;
5e124724 VB	287	u16 burst;
	288	u32 value;
	289	u32 offset = 0;
	290	u8 locality = 0;
	291	const u32 has_data = TIS_STS_DATA_AVAILABLE \| TIS_STS_VALID;
d616ba5f	292	u32 expected_count = len;
5e124724 VB	293	int max_cycles = 0;
	294
	295	/* Wait for the TPM to process the command. */
d616ba5f	296	value = tis_wait_reg(priv, &regs[locality].tpm_status,
5e124724	297	has_data, has_data);
d616ba5f	298	if (value == -ETIMEDOUT) {
5e124724 VB	299	printf("%s:%d failed processing command\n",
5e124724 VB	300	__FILE__, __LINE__);
d616ba5f	301	return value;
5e124724 VB	302	}
	303
	304	do {
	305	while ((burst = burst_count(value)) == 0) {
	306	if (max_cycles++ == MAX_DELAY_US) {
	307	printf("%s:%d TPM stuck on read\n",
	308	__FILE__, __LINE__);
d616ba5f	309	return -EIO;
5e124724 VB	310	}
5e124724 VB	311	udelay(1);
d616ba5f	312	value = tpm_read_word(priv, &regs[locality].tpm_status);
5e124724 VB	313	}
	314
	315	max_cycles = 0;
	316
	317	while (burst-- && (offset < expected_count)) {
d616ba5f SG	318	buffer[offset++] = tpm_read_byte(priv,
d616ba5f SG	319	&regs[locality].data);
5e124724 VB	320
	321	if (offset == 6) {
	322	/*
	323	* We got the first six bytes of the reply,
	324	* let's figure out how many bytes to expect
	325	* total - it is stored as a 4 byte number in
	326	* network order, starting with offset 2 into
	327	* the body of the reply.
	328	*/
	329	u32 real_length;
	330	memcpy(&real_length,
	331	buffer + 2,
	332	sizeof(real_length));
	333	expected_count = be32_to_cpu(real_length);
	334
	335	if ((expected_count < offset) \|\|
d616ba5f	336	(expected_count > len)) {
5e124724 VB	337	printf("%s:%d bad response size %d\n",
	338	__FILE__, __LINE__,
	339	expected_count);
d616ba5f	340	return -ENOSPC;
5e124724 VB	341	}
	342	}
	343	}
	344
	345	/* Wait for the next portion. */
d616ba5f	346	value = tis_wait_reg(priv, &regs[locality].tpm_status,
5e124724	347	TIS_STS_VALID, TIS_STS_VALID);
d616ba5f	348	if (value == -ETIMEDOUT) {
5e124724 VB	349	printf("%s:%d failed to read response\n",
5e124724 VB	350	__FILE__, __LINE__);
d616ba5f	351	return value;
5e124724 VB	352	}
	353
	354	if (offset == expected_count)
	355	break; /* We got all we needed. */
	356
	357	} while ((value & has_data) == has_data);
	358
	359	/*
	360	* Make sure we indeed read all there was. The TIS_STS_VALID bit is
	361	* known to be set.
	362	*/
	363	if (value & TIS_STS_DATA_AVAILABLE) {
	364	printf("%s:%d wrong receive status %x\n",
	365	__FILE__, __LINE__, value);
d616ba5f	366	return -EBADMSG;
5e124724 VB	367	}
	368
	369	/* Tell the TPM that we are done. */
d616ba5f SG	370	tpm_write_word(priv, TIS_STS_COMMAND_READY,
	371	&regs[locality].tpm_status);
	372
	373	return offset;
5e124724 VB	374	}
5e124724 VB	375
d616ba5f	376	static int tpm_tis_lpc_open(struct udevice *dev)
5e124724	377	{
d616ba5f SG	378	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
d616ba5f SG	379	struct tpm_locality *regs = priv->regs;
5e124724	380	u8 locality = 0; /* we use locality zero for everything. */
d616ba5f	381	int ret;
5e124724	382
5e124724	383	/* now request access to locality. */
d616ba5f	384	tpm_write_word(priv, TIS_ACCESS_REQUEST_USE, &regs[locality].access);
5e124724 VB	385
5e124724 VB	386	/* did we get a lock? */
d616ba5f	387	ret = tis_wait_reg(priv, &regs[locality].access,
5e124724	388	TIS_ACCESS_ACTIVE_LOCALITY,
d616ba5f SG	389	TIS_ACCESS_ACTIVE_LOCALITY);
d616ba5f SG	390	if (ret == -ETIMEDOUT) {
5e124724 VB	391	printf("%s:%d - failed to lock locality %d\n",
5e124724 VB	392	__FILE__, __LINE__, locality);
d616ba5f	393	return ret;
5e124724 VB	394	}
5e124724 VB	395
d616ba5f SG	396	tpm_write_word(priv, TIS_STS_COMMAND_READY,
d616ba5f SG	397	&regs[locality].tpm_status);
5e124724 VB	398	return 0;
	399	}
	400
d616ba5f	401	static int tpm_tis_lpc_close(struct udevice *dev)
5e124724	402	{
d616ba5f SG	403	struct tpm_tis_lpc_priv *priv = dev_get_priv(dev);
d616ba5f SG	404	struct tpm_locality *regs = priv->regs;
5e124724 VB	405	u8 locality = 0;
5e124724 VB	406
d616ba5f	407	if (tpm_read_word(priv, &regs[locality].access) &
5e124724	408	TIS_ACCESS_ACTIVE_LOCALITY) {
d616ba5f SG	409	tpm_write_word(priv, TIS_ACCESS_ACTIVE_LOCALITY,
d616ba5f SG	410	&regs[locality].access);
5e124724	411
d616ba5f SG	412	if (tis_wait_reg(priv, &regs[locality].access,
d616ba5f SG	413	TIS_ACCESS_ACTIVE_LOCALITY, 0) == -ETIMEDOUT) {
5e124724 VB	414	printf("%s:%d - failed to release locality %d\n",
5e124724 VB	415	__FILE__, __LINE__, locality);
d616ba5f	416	return -ETIMEDOUT;
5e124724 VB	417	}
	418	}
	419	return 0;
	420	}
	421
d616ba5f	422	static int tpm_tis_get_desc(struct udevice dev, char buf, int size)
5e124724	423	{
d616ba5f SG	424	if (size < 50)
d616ba5f SG	425	return -ENOSPC;
5e124724	426
d616ba5f SG	427	return snprintf(buf, size, "1.2 TPM (vendor %s, chip %s)",
d616ba5f SG	428	"Infineon", "SLB9635 TT 1.2");
5e124724	429	}
d616ba5f SG	430
	431
	432	static const struct tpm_ops tpm_tis_lpc_ops = {
	433	.open = tpm_tis_lpc_open,
	434	.close = tpm_tis_lpc_close,
	435	.get_desc = tpm_tis_get_desc,
	436	.send = tis_senddata,
	437	.recv = tis_readresponse,
	438	};
	439
	440	static const struct udevice_id tpm_tis_lpc_ids[] = {
	441	{ .compatible = "infineon,slb9635lpc" },
	442	{ }
	443	};
	444
	445	U_BOOT_DRIVER(tpm_tis_lpc) = {
	446	.name = "tpm_tis_lpc",
	447	.id = UCLASS_TPM,
	448	.of_match = tpm_tis_lpc_ids,
	449	.ops = &tpm_tis_lpc_ops,
	450	.probe = tpm_tis_lpc_probe,
	451	.priv_auto_alloc_size = sizeof(struct tpm_tis_lpc_priv),
	452	};