]>
Commit | Line | Data |
---|---|---|
5e124724 VB |
1 | /* |
2 | * Copyright (c) 2011 The Chromium OS Authors. | |
3 | * | |
4 | * See file CREDITS for list of people who contributed to this | |
5 | * project. | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU General Public License as | |
9 | * published by the Free Software Foundation; either version 2 of | |
10 | * the License, or (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program; if not, write to the Free Software | |
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, | |
20 | * MA 02111-1307 USA | |
21 | */ | |
22 | ||
23 | /* | |
24 | * The code in this file is based on the article "Writing a TPM Device Driver" | |
25 | * published on http://ptgmedia.pearsoncmg.com. | |
26 | * | |
27 | * One principal difference is that in the simplest config the other than 0 | |
28 | * TPM localities do not get mapped by some devices (for instance, by Infineon | |
29 | * slb9635), so this driver provides access to locality 0 only. | |
30 | */ | |
31 | ||
32 | #include <common.h> | |
33 | #include <asm/io.h> | |
34 | #include <tpm.h> | |
35 | ||
36 | #define PREFIX "lpc_tpm: " | |
37 | ||
38 | struct tpm_locality { | |
39 | u32 access; | |
40 | u8 padding0[4]; | |
41 | u32 int_enable; | |
42 | u8 vector; | |
43 | u8 padding1[3]; | |
44 | u32 int_status; | |
45 | u32 int_capability; | |
46 | u32 tpm_status; | |
47 | u8 padding2[8]; | |
48 | u8 data; | |
49 | u8 padding3[3803]; | |
50 | u32 did_vid; | |
51 | u8 rid; | |
52 | u8 padding4[251]; | |
53 | }; | |
54 | ||
55 | /* | |
56 | * This pointer refers to the TPM chip, 5 of its localities are mapped as an | |
57 | * array. | |
58 | */ | |
59 | #define TPM_TOTAL_LOCALITIES 5 | |
60 | static struct tpm_locality *lpc_tpm_dev = | |
61 | (struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS; | |
62 | ||
63 | /* Some registers' bit field definitions */ | |
64 | #define TIS_STS_VALID (1 << 7) /* 0x80 */ | |
65 | #define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */ | |
66 | #define TIS_STS_TPM_GO (1 << 5) /* 0x20 */ | |
67 | #define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */ | |
68 | #define TIS_STS_EXPECT (1 << 3) /* 0x08 */ | |
69 | #define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */ | |
70 | ||
71 | #define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */ | |
72 | #define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */ | |
73 | #define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */ | |
74 | #define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */ | |
75 | #define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */ | |
76 | #define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */ | |
77 | #define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */ | |
78 | ||
79 | #define TIS_STS_BURST_COUNT_MASK (0xffff) | |
80 | #define TIS_STS_BURST_COUNT_SHIFT (8) | |
81 | ||
82 | /* | |
83 | * Error value returned if a tpm register does not enter the expected state | |
84 | * after continuous polling. No actual TPM register reading ever returns -1, | |
85 | * so this value is a safe error indication to be mixed with possible status | |
86 | * register values. | |
87 | */ | |
88 | #define TPM_TIMEOUT_ERR (-1) | |
89 | ||
90 | /* Error value returned on various TPM driver errors. */ | |
91 | #define TPM_DRIVER_ERR (1) | |
92 | ||
93 | /* 1 second is plenty for anything TPM does. */ | |
94 | #define MAX_DELAY_US (1000 * 1000) | |
95 | ||
96 | /* Retrieve burst count value out of the status register contents. */ | |
97 | static u16 burst_count(u32 status) | |
98 | { | |
99 | return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK; | |
100 | } | |
101 | ||
102 | /* | |
103 | * Structures defined below allow creating descriptions of TPM vendor/device | |
104 | * ID information for run time discovery. The only device the system knows | |
105 | * about at this time is Infineon slb9635. | |
106 | */ | |
107 | struct device_name { | |
108 | u16 dev_id; | |
109 | const char * const dev_name; | |
110 | }; | |
111 | ||
112 | struct vendor_name { | |
113 | u16 vendor_id; | |
114 | const char *vendor_name; | |
115 | const struct device_name *dev_names; | |
116 | }; | |
117 | ||
118 | static const struct device_name infineon_devices[] = { | |
119 | {0xb, "SLB9635 TT 1.2"}, | |
120 | {0} | |
121 | }; | |
122 | ||
123 | static const struct vendor_name vendor_names[] = { | |
124 | {0x15d1, "Infineon", infineon_devices}, | |
125 | }; | |
126 | ||
127 | /* | |
128 | * Cached vendor/device ID pair to indicate that the device has been already | |
129 | * discovered. | |
130 | */ | |
131 | static u32 vendor_dev_id; | |
132 | ||
133 | /* TPM access wrappers to support tracing */ | |
134 | static u8 tpm_read_byte(const u8 *ptr) | |
135 | { | |
136 | u8 ret = readb(ptr); | |
137 | debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n", | |
af98a70a | 138 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret); |
5e124724 VB |
139 | return ret; |
140 | } | |
141 | ||
142 | static u32 tpm_read_word(const u32 *ptr) | |
143 | { | |
144 | u32 ret = readl(ptr); | |
145 | debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n", | |
af98a70a | 146 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret); |
5e124724 VB |
147 | return ret; |
148 | } | |
149 | ||
150 | static void tpm_write_byte(u8 value, u8 *ptr) | |
151 | { | |
152 | debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n", | |
af98a70a | 153 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value); |
5e124724 VB |
154 | writeb(value, ptr); |
155 | } | |
156 | ||
157 | static void tpm_write_word(u32 value, u32 *ptr) | |
158 | { | |
159 | debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n", | |
af98a70a | 160 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value); |
5e124724 VB |
161 | writel(value, ptr); |
162 | } | |
163 | ||
164 | /* | |
165 | * tis_wait_reg() | |
166 | * | |
167 | * Wait for at least a second for a register to change its state to match the | |
168 | * expected state. Normally the transition happens within microseconds. | |
169 | * | |
170 | * @reg - pointer to the TPM register | |
171 | * @mask - bitmask for the bitfield(s) to watch | |
172 | * @expected - value the field(s) are supposed to be set to | |
173 | * | |
174 | * Returns the register contents in case the expected value was found in the | |
175 | * appropriate register bits, or TPM_TIMEOUT_ERR on timeout. | |
176 | */ | |
177 | static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected) | |
178 | { | |
179 | u32 time_us = MAX_DELAY_US; | |
180 | ||
181 | while (time_us > 0) { | |
182 | u32 value = tpm_read_word(reg); | |
183 | if ((value & mask) == expected) | |
184 | return value; | |
185 | udelay(1); /* 1 us */ | |
186 | time_us--; | |
187 | } | |
188 | return TPM_TIMEOUT_ERR; | |
189 | } | |
190 | ||
191 | /* | |
192 | * Probe the TPM device and try determining its manufacturer/device name. | |
193 | * | |
194 | * Returns 0 on success (the device is found or was found during an earlier | |
195 | * invocation) or TPM_DRIVER_ERR if the device is not found. | |
196 | */ | |
197 | int tis_init(void) | |
198 | { | |
199 | u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid); | |
200 | int i; | |
201 | const char *device_name = "unknown"; | |
202 | const char *vendor_name = device_name; | |
203 | u16 vid, did; | |
204 | ||
205 | if (vendor_dev_id) | |
206 | return 0; /* Already probed. */ | |
207 | ||
208 | if (!didvid || (didvid == 0xffffffff)) { | |
209 | printf("%s: No TPM device found\n", __func__); | |
210 | return TPM_DRIVER_ERR; | |
211 | } | |
212 | ||
213 | vendor_dev_id = didvid; | |
214 | ||
215 | vid = didvid & 0xffff; | |
216 | did = (didvid >> 16) & 0xffff; | |
217 | for (i = 0; i < ARRAY_SIZE(vendor_names); i++) { | |
218 | int j = 0; | |
219 | u16 known_did; | |
220 | ||
221 | if (vid == vendor_names[i].vendor_id) | |
222 | vendor_name = vendor_names[i].vendor_name; | |
223 | ||
224 | while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) { | |
225 | if (known_did == did) { | |
226 | device_name = | |
227 | vendor_names[i].dev_names[j].dev_name; | |
228 | break; | |
229 | } | |
230 | j++; | |
231 | } | |
232 | break; | |
233 | } | |
234 | ||
235 | printf("Found TPM %s by %s\n", device_name, vendor_name); | |
236 | return 0; | |
237 | } | |
238 | ||
239 | /* | |
240 | * tis_senddata() | |
241 | * | |
242 | * send the passed in data to the TPM device. | |
243 | * | |
244 | * @data - address of the data to send, byte by byte | |
245 | * @len - length of the data to send | |
246 | * | |
247 | * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does | |
248 | * not accept the entire command). | |
249 | */ | |
250 | static u32 tis_senddata(const u8 * const data, u32 len) | |
251 | { | |
252 | u32 offset = 0; | |
253 | u16 burst = 0; | |
254 | u32 max_cycles = 0; | |
255 | u8 locality = 0; | |
256 | u32 value; | |
257 | ||
258 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
259 | TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY); | |
260 | if (value == TPM_TIMEOUT_ERR) { | |
261 | printf("%s:%d - failed to get 'command_ready' status\n", | |
262 | __FILE__, __LINE__); | |
263 | return TPM_DRIVER_ERR; | |
264 | } | |
265 | burst = burst_count(value); | |
266 | ||
267 | while (1) { | |
268 | unsigned count; | |
269 | ||
270 | /* Wait till the device is ready to accept more data. */ | |
271 | while (!burst) { | |
272 | if (max_cycles++ == MAX_DELAY_US) { | |
273 | printf("%s:%d failed to feed %d bytes of %d\n", | |
274 | __FILE__, __LINE__, len - offset, len); | |
275 | return TPM_DRIVER_ERR; | |
276 | } | |
277 | udelay(1); | |
278 | burst = burst_count(tpm_read_word(&lpc_tpm_dev | |
279 | [locality].tpm_status)); | |
280 | } | |
281 | ||
282 | max_cycles = 0; | |
283 | ||
284 | /* | |
285 | * Calculate number of bytes the TPM is ready to accept in one | |
286 | * shot. | |
287 | * | |
288 | * We want to send the last byte outside of the loop (hence | |
289 | * the -1 below) to make sure that the 'expected' status bit | |
290 | * changes to zero exactly after the last byte is fed into the | |
291 | * FIFO. | |
292 | */ | |
293 | count = min(burst, len - offset - 1); | |
294 | while (count--) | |
295 | tpm_write_byte(data[offset++], | |
296 | &lpc_tpm_dev[locality].data); | |
297 | ||
298 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
299 | TIS_STS_VALID, TIS_STS_VALID); | |
300 | ||
301 | if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) { | |
302 | printf("%s:%d TPM command feed overflow\n", | |
303 | __FILE__, __LINE__); | |
304 | return TPM_DRIVER_ERR; | |
305 | } | |
306 | ||
307 | burst = burst_count(value); | |
308 | if ((offset == (len - 1)) && burst) { | |
309 | /* | |
310 | * We need to be able to send the last byte to the | |
311 | * device, so burst size must be nonzero before we | |
312 | * break out. | |
313 | */ | |
314 | break; | |
315 | } | |
316 | } | |
317 | ||
318 | /* Send the last byte. */ | |
319 | tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data); | |
320 | /* | |
321 | * Verify that TPM does not expect any more data as part of this | |
322 | * command. | |
323 | */ | |
324 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
325 | TIS_STS_VALID, TIS_STS_VALID); | |
326 | if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) { | |
327 | printf("%s:%d unexpected TPM status 0x%x\n", | |
328 | __FILE__, __LINE__, value); | |
329 | return TPM_DRIVER_ERR; | |
330 | } | |
331 | ||
332 | /* OK, sitting pretty, let's start the command execution. */ | |
333 | tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status); | |
334 | return 0; | |
335 | } | |
336 | ||
337 | /* | |
338 | * tis_readresponse() | |
339 | * | |
340 | * read the TPM device response after a command was issued. | |
341 | * | |
342 | * @buffer - address where to read the response, byte by byte. | |
343 | * @len - pointer to the size of buffer | |
344 | * | |
345 | * On success stores the number of received bytes to len and returns 0. On | |
346 | * errors (misformatted TPM data or synchronization problems) returns | |
347 | * TPM_DRIVER_ERR. | |
348 | */ | |
349 | static u32 tis_readresponse(u8 *buffer, u32 *len) | |
350 | { | |
351 | u16 burst; | |
352 | u32 value; | |
353 | u32 offset = 0; | |
354 | u8 locality = 0; | |
355 | const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID; | |
356 | u32 expected_count = *len; | |
357 | int max_cycles = 0; | |
358 | ||
359 | /* Wait for the TPM to process the command. */ | |
360 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
361 | has_data, has_data); | |
362 | if (value == TPM_TIMEOUT_ERR) { | |
363 | printf("%s:%d failed processing command\n", | |
364 | __FILE__, __LINE__); | |
365 | return TPM_DRIVER_ERR; | |
366 | } | |
367 | ||
368 | do { | |
369 | while ((burst = burst_count(value)) == 0) { | |
370 | if (max_cycles++ == MAX_DELAY_US) { | |
371 | printf("%s:%d TPM stuck on read\n", | |
372 | __FILE__, __LINE__); | |
373 | return TPM_DRIVER_ERR; | |
374 | } | |
375 | udelay(1); | |
376 | value = tpm_read_word(&lpc_tpm_dev | |
377 | [locality].tpm_status); | |
378 | } | |
379 | ||
380 | max_cycles = 0; | |
381 | ||
382 | while (burst-- && (offset < expected_count)) { | |
383 | buffer[offset++] = tpm_read_byte(&lpc_tpm_dev | |
384 | [locality].data); | |
385 | ||
386 | if (offset == 6) { | |
387 | /* | |
388 | * We got the first six bytes of the reply, | |
389 | * let's figure out how many bytes to expect | |
390 | * total - it is stored as a 4 byte number in | |
391 | * network order, starting with offset 2 into | |
392 | * the body of the reply. | |
393 | */ | |
394 | u32 real_length; | |
395 | memcpy(&real_length, | |
396 | buffer + 2, | |
397 | sizeof(real_length)); | |
398 | expected_count = be32_to_cpu(real_length); | |
399 | ||
400 | if ((expected_count < offset) || | |
401 | (expected_count > *len)) { | |
402 | printf("%s:%d bad response size %d\n", | |
403 | __FILE__, __LINE__, | |
404 | expected_count); | |
405 | return TPM_DRIVER_ERR; | |
406 | } | |
407 | } | |
408 | } | |
409 | ||
410 | /* Wait for the next portion. */ | |
411 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
412 | TIS_STS_VALID, TIS_STS_VALID); | |
413 | if (value == TPM_TIMEOUT_ERR) { | |
414 | printf("%s:%d failed to read response\n", | |
415 | __FILE__, __LINE__); | |
416 | return TPM_DRIVER_ERR; | |
417 | } | |
418 | ||
419 | if (offset == expected_count) | |
420 | break; /* We got all we needed. */ | |
421 | ||
422 | } while ((value & has_data) == has_data); | |
423 | ||
424 | /* | |
425 | * Make sure we indeed read all there was. The TIS_STS_VALID bit is | |
426 | * known to be set. | |
427 | */ | |
428 | if (value & TIS_STS_DATA_AVAILABLE) { | |
429 | printf("%s:%d wrong receive status %x\n", | |
430 | __FILE__, __LINE__, value); | |
431 | return TPM_DRIVER_ERR; | |
432 | } | |
433 | ||
434 | /* Tell the TPM that we are done. */ | |
435 | tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev | |
436 | [locality].tpm_status); | |
437 | *len = offset; | |
438 | return 0; | |
439 | } | |
440 | ||
441 | int tis_open(void) | |
442 | { | |
443 | u8 locality = 0; /* we use locality zero for everything. */ | |
444 | ||
445 | if (tis_close()) | |
446 | return TPM_DRIVER_ERR; | |
447 | ||
448 | /* now request access to locality. */ | |
449 | tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access); | |
450 | ||
451 | /* did we get a lock? */ | |
452 | if (tis_wait_reg(&lpc_tpm_dev[locality].access, | |
453 | TIS_ACCESS_ACTIVE_LOCALITY, | |
454 | TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) { | |
455 | printf("%s:%d - failed to lock locality %d\n", | |
456 | __FILE__, __LINE__, locality); | |
457 | return TPM_DRIVER_ERR; | |
458 | } | |
459 | ||
460 | tpm_write_word(TIS_STS_COMMAND_READY, | |
461 | &lpc_tpm_dev[locality].tpm_status); | |
462 | return 0; | |
463 | } | |
464 | ||
465 | int tis_close(void) | |
466 | { | |
467 | u8 locality = 0; | |
468 | ||
469 | if (tpm_read_word(&lpc_tpm_dev[locality].access) & | |
470 | TIS_ACCESS_ACTIVE_LOCALITY) { | |
471 | tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY, | |
472 | &lpc_tpm_dev[locality].access); | |
473 | ||
474 | if (tis_wait_reg(&lpc_tpm_dev[locality].access, | |
475 | TIS_ACCESS_ACTIVE_LOCALITY, 0) == | |
476 | TPM_TIMEOUT_ERR) { | |
477 | printf("%s:%d - failed to release locality %d\n", | |
478 | __FILE__, __LINE__, locality); | |
479 | return TPM_DRIVER_ERR; | |
480 | } | |
481 | } | |
482 | return 0; | |
483 | } | |
484 | ||
485 | int tis_sendrecv(const u8 *sendbuf, size_t send_size, | |
486 | u8 *recvbuf, size_t *recv_len) | |
487 | { | |
488 | if (tis_senddata(sendbuf, send_size)) { | |
489 | printf("%s:%d failed sending data to TPM\n", | |
490 | __FILE__, __LINE__); | |
491 | return TPM_DRIVER_ERR; | |
492 | } | |
493 | ||
af98a70a | 494 | return tis_readresponse(recvbuf, (u32 *)recv_len); |
5e124724 | 495 | } |