]> git.ipfire.org Git - people/ms/u-boot.git/blob - drivers/tpm/tpm_tis_lpc.c
projects / people / ms / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add GPL-2.0+ SPDX-License-Identifier to source files
[people/ms/u-boot.git] / drivers / tpm / tpm_tis_lpc.c
1 /*
2 * Copyright (c) 2011 The Chromium OS Authors.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7 /*
8 * The code in this file is based on the article "Writing a TPM Device Driver"
9 * published on http://ptgmedia.pearsoncmg.com.
10 *
11 * One principal difference is that in the simplest config the other than 0
12 * TPM localities do not get mapped by some devices (for instance, by Infineon
13 * slb9635), so this driver provides access to locality 0 only.
14 */
15
16 #include <common.h>
17 #include <asm/io.h>
18 #include <tpm.h>
19
20 #define PREFIX "lpc_tpm: "
21
22 struct tpm_locality {
23 u32 access;
24 u8 padding0[4];
25 u32 int_enable;
26 u8 vector;
27 u8 padding1[3];
28 u32 int_status;
29 u32 int_capability;
30 u32 tpm_status;
31 u8 padding2[8];
32 u8 data;
33 u8 padding3[3803];
34 u32 did_vid;
35 u8 rid;
36 u8 padding4[251];
37 };
38
39 /*
40 * This pointer refers to the TPM chip, 5 of its localities are mapped as an
41 * array.
42 */
43 #define TPM_TOTAL_LOCALITIES 5
44 static struct tpm_locality *lpc_tpm_dev =
45 (struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS;
46
47 /* Some registers' bit field definitions */
48 #define TIS_STS_VALID (1 << 7) /* 0x80 */
49 #define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
50 #define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
51 #define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
52 #define TIS_STS_EXPECT (1 << 3) /* 0x08 */
53 #define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
54
55 #define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
56 #define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
57 #define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
58 #define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
59 #define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
60 #define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
61 #define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
62
63 #define TIS_STS_BURST_COUNT_MASK (0xffff)
64 #define TIS_STS_BURST_COUNT_SHIFT (8)
65
66 /*
67 * Error value returned if a tpm register does not enter the expected state
68 * after continuous polling. No actual TPM register reading ever returns -1,
69 * so this value is a safe error indication to be mixed with possible status
70 * register values.
71 */
72 #define TPM_TIMEOUT_ERR (-1)
73
74 /* Error value returned on various TPM driver errors. */
75 #define TPM_DRIVER_ERR (1)
76
77 /* 1 second is plenty for anything TPM does. */
78 #define MAX_DELAY_US (1000 * 1000)
79
80 /* Retrieve burst count value out of the status register contents. */
81 static u16 burst_count(u32 status)
82 {
83 return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK;
84 }
85
86 /*
87 * Structures defined below allow creating descriptions of TPM vendor/device
88 * ID information for run time discovery. The only device the system knows
89 * about at this time is Infineon slb9635.
90 */
91 struct device_name {
92 u16 dev_id;
93 const char * const dev_name;
94 };
95
96 struct vendor_name {
97 u16 vendor_id;
98 const char *vendor_name;
99 const struct device_name *dev_names;
100 };
101
102 static const struct device_name infineon_devices[] = {
103 {0xb, "SLB9635 TT 1.2"},
104 {0}
105 };
106
107 static const struct vendor_name vendor_names[] = {
108 {0x15d1, "Infineon", infineon_devices},
109 };
110
111 /*
112 * Cached vendor/device ID pair to indicate that the device has been already
113 * discovered.
114 */
115 static u32 vendor_dev_id;
116
117 /* TPM access wrappers to support tracing */
118 static u8 tpm_read_byte(const u8 *ptr)
119 {
120 u8 ret = readb(ptr);
121 debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
122 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
123 return ret;
124 }
125
126 static u32 tpm_read_word(const u32 *ptr)
127 {
128 u32 ret = readl(ptr);
129 debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
130 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
131 return ret;
132 }
133
134 static void tpm_write_byte(u8 value, u8 *ptr)
135 {
136 debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
137 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
138 writeb(value, ptr);
139 }
140
141 static void tpm_write_word(u32 value, u32 *ptr)
142 {
143 debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
144 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
145 writel(value, ptr);
146 }
147
148 /*
149 * tis_wait_reg()
150 *
151 * Wait for at least a second for a register to change its state to match the
152 * expected state. Normally the transition happens within microseconds.
153 *
154 * @reg - pointer to the TPM register
155 * @mask - bitmask for the bitfield(s) to watch
156 * @expected - value the field(s) are supposed to be set to
157 *
158 * Returns the register contents in case the expected value was found in the
159 * appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
160 */
161 static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected)
162 {
163 u32 time_us = MAX_DELAY_US;
164
165 while (time_us > 0) {
166 u32 value = tpm_read_word(reg);
167 if ((value & mask) == expected)
168 return value;
169 udelay(1); /* 1 us */
170 time_us--;
171 }
172 return TPM_TIMEOUT_ERR;
173 }
174
175 /*
176 * Probe the TPM device and try determining its manufacturer/device name.
177 *
178 * Returns 0 on success (the device is found or was found during an earlier
179 * invocation) or TPM_DRIVER_ERR if the device is not found.
180 */
181 int tis_init(void)
182 {
183 u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid);
184 int i;
185 const char *device_name = "unknown";
186 const char *vendor_name = device_name;
187 u16 vid, did;
188
189 if (vendor_dev_id)
190 return 0; /* Already probed. */
191
192 if (!didvid || (didvid == 0xffffffff)) {
193 printf("%s: No TPM device found\n", __func__);
194 return TPM_DRIVER_ERR;
195 }
196
197 vendor_dev_id = didvid;
198
199 vid = didvid & 0xffff;
200 did = (didvid >> 16) & 0xffff;
201 for (i = 0; i < ARRAY_SIZE(vendor_names); i++) {
202 int j = 0;
203 u16 known_did;
204
205 if (vid == vendor_names[i].vendor_id)
206 vendor_name = vendor_names[i].vendor_name;
207
208 while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) {
209 if (known_did == did) {
210 device_name =
211 vendor_names[i].dev_names[j].dev_name;
212 break;
213 }
214 j++;
215 }
216 break;
217 }
218
219 printf("Found TPM %s by %s\n", device_name, vendor_name);
220 return 0;
221 }
222
223 /*
224 * tis_senddata()
225 *
226 * send the passed in data to the TPM device.
227 *
228 * @data - address of the data to send, byte by byte
229 * @len - length of the data to send
230 *
231 * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
232 * not accept the entire command).
233 */
234 static u32 tis_senddata(const u8 * const data, u32 len)
235 {
236 u32 offset = 0;
237 u16 burst = 0;
238 u32 max_cycles = 0;
239 u8 locality = 0;
240 u32 value;
241
242 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
243 TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
244 if (value == TPM_TIMEOUT_ERR) {
245 printf("%s:%d - failed to get 'command_ready' status\n",
246 __FILE__, __LINE__);
247 return TPM_DRIVER_ERR;
248 }
249 burst = burst_count(value);
250
251 while (1) {
252 unsigned count;
253
254 /* Wait till the device is ready to accept more data. */
255 while (!burst) {
256 if (max_cycles++ == MAX_DELAY_US) {
257 printf("%s:%d failed to feed %d bytes of %d\n",
258 __FILE__, __LINE__, len - offset, len);
259 return TPM_DRIVER_ERR;
260 }
261 udelay(1);
262 burst = burst_count(tpm_read_word(&lpc_tpm_dev
263 [locality].tpm_status));
264 }
265
266 max_cycles = 0;
267
268 /*
269 * Calculate number of bytes the TPM is ready to accept in one
270 * shot.
271 *
272 * We want to send the last byte outside of the loop (hence
273 * the -1 below) to make sure that the 'expected' status bit
274 * changes to zero exactly after the last byte is fed into the
275 * FIFO.
276 */
277 count = min(burst, len - offset - 1);
278 while (count--)
279 tpm_write_byte(data[offset++],
280 &lpc_tpm_dev[locality].data);
281
282 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
283 TIS_STS_VALID, TIS_STS_VALID);
284
285 if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) {
286 printf("%s:%d TPM command feed overflow\n",
287 __FILE__, __LINE__);
288 return TPM_DRIVER_ERR;
289 }
290
291 burst = burst_count(value);
292 if ((offset == (len - 1)) && burst) {
293 /*
294 * We need to be able to send the last byte to the
295 * device, so burst size must be nonzero before we
296 * break out.
297 */
298 break;
299 }
300 }
301
302 /* Send the last byte. */
303 tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data);
304 /*
305 * Verify that TPM does not expect any more data as part of this
306 * command.
307 */
308 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
309 TIS_STS_VALID, TIS_STS_VALID);
310 if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) {
311 printf("%s:%d unexpected TPM status 0x%x\n",
312 __FILE__, __LINE__, value);
313 return TPM_DRIVER_ERR;
314 }
315
316 /* OK, sitting pretty, let's start the command execution. */
317 tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status);
318 return 0;
319 }
320
321 /*
322 * tis_readresponse()
323 *
324 * read the TPM device response after a command was issued.
325 *
326 * @buffer - address where to read the response, byte by byte.
327 * @len - pointer to the size of buffer
328 *
329 * On success stores the number of received bytes to len and returns 0. On
330 * errors (misformatted TPM data or synchronization problems) returns
331 * TPM_DRIVER_ERR.
332 */
333 static u32 tis_readresponse(u8 *buffer, u32 *len)
334 {
335 u16 burst;
336 u32 value;
337 u32 offset = 0;
338 u8 locality = 0;
339 const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID;
340 u32 expected_count = *len;
341 int max_cycles = 0;
342
343 /* Wait for the TPM to process the command. */
344 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
345 has_data, has_data);
346 if (value == TPM_TIMEOUT_ERR) {
347 printf("%s:%d failed processing command\n",
348 __FILE__, __LINE__);
349 return TPM_DRIVER_ERR;
350 }
351
352 do {
353 while ((burst = burst_count(value)) == 0) {
354 if (max_cycles++ == MAX_DELAY_US) {
355 printf("%s:%d TPM stuck on read\n",
356 __FILE__, __LINE__);
357 return TPM_DRIVER_ERR;
358 }
359 udelay(1);
360 value = tpm_read_word(&lpc_tpm_dev
361 [locality].tpm_status);
362 }
363
364 max_cycles = 0;
365
366 while (burst-- && (offset < expected_count)) {
367 buffer[offset++] = tpm_read_byte(&lpc_tpm_dev
368 [locality].data);
369
370 if (offset == 6) {
371 /*
372 * We got the first six bytes of the reply,
373 * let's figure out how many bytes to expect
374 * total - it is stored as a 4 byte number in
375 * network order, starting with offset 2 into
376 * the body of the reply.
377 */
378 u32 real_length;
379 memcpy(&real_length,
380 buffer + 2,
381 sizeof(real_length));
382 expected_count = be32_to_cpu(real_length);
383
384 if ((expected_count < offset) ||
385 (expected_count > *len)) {
386 printf("%s:%d bad response size %d\n",
387 __FILE__, __LINE__,
388 expected_count);
389 return TPM_DRIVER_ERR;
390 }
391 }
392 }
393
394 /* Wait for the next portion. */
395 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
396 TIS_STS_VALID, TIS_STS_VALID);
397 if (value == TPM_TIMEOUT_ERR) {
398 printf("%s:%d failed to read response\n",
399 __FILE__, __LINE__);
400 return TPM_DRIVER_ERR;
401 }
402
403 if (offset == expected_count)
404 break; /* We got all we needed. */
405
406 } while ((value & has_data) == has_data);
407
408 /*
409 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
410 * known to be set.
411 */
412 if (value & TIS_STS_DATA_AVAILABLE) {
413 printf("%s:%d wrong receive status %x\n",
414 __FILE__, __LINE__, value);
415 return TPM_DRIVER_ERR;
416 }
417
418 /* Tell the TPM that we are done. */
419 tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev
420 [locality].tpm_status);
421 *len = offset;
422 return 0;
423 }
424
425 int tis_open(void)
426 {
427 u8 locality = 0; /* we use locality zero for everything. */
428
429 if (tis_close())
430 return TPM_DRIVER_ERR;
431
432 /* now request access to locality. */
433 tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access);
434
435 /* did we get a lock? */
436 if (tis_wait_reg(&lpc_tpm_dev[locality].access,
437 TIS_ACCESS_ACTIVE_LOCALITY,
438 TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) {
439 printf("%s:%d - failed to lock locality %d\n",
440 __FILE__, __LINE__, locality);
441 return TPM_DRIVER_ERR;
442 }
443
444 tpm_write_word(TIS_STS_COMMAND_READY,
445 &lpc_tpm_dev[locality].tpm_status);
446 return 0;
447 }
448
449 int tis_close(void)
450 {
451 u8 locality = 0;
452
453 if (tpm_read_word(&lpc_tpm_dev[locality].access) &
454 TIS_ACCESS_ACTIVE_LOCALITY) {
455 tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY,
456 &lpc_tpm_dev[locality].access);
457
458 if (tis_wait_reg(&lpc_tpm_dev[locality].access,
459 TIS_ACCESS_ACTIVE_LOCALITY, 0) ==
460 TPM_TIMEOUT_ERR) {
461 printf("%s:%d - failed to release locality %d\n",
462 __FILE__, __LINE__, locality);
463 return TPM_DRIVER_ERR;
464 }
465 }
466 return 0;
467 }
468
469 int tis_sendrecv(const u8 *sendbuf, size_t send_size,
470 u8 *recvbuf, size_t *recv_len)
471 {
472 if (tis_senddata(sendbuf, send_size)) {
473 printf("%s:%d failed sending data to TPM\n",
474 __FILE__, __LINE__);
475 return TPM_DRIVER_ERR;
476 }
477
478 return tis_readresponse(recvbuf, (u32 *)recv_len);
479 }
"Das U-Boot" Source Tree