2 * Copyright (c) 2011 The Chromium OS Authors.
4 * SPDX-License-Identifier: GPL-2.0+
8 * The code in this file is based on the article "Writing a TPM Device Driver"
9 * published on http://ptgmedia.pearsoncmg.com.
11 * One principal difference is that in the simplest config the other than 0
12 * TPM localities do not get mapped by some devices (for instance, by Infineon
13 * slb9635), so this driver provides access to locality 0 only.
20 #define PREFIX "lpc_tpm: "
40 * This pointer refers to the TPM chip, 5 of its localities are mapped as an
43 #define TPM_TOTAL_LOCALITIES 5
44 static struct tpm_locality
*lpc_tpm_dev
=
45 (struct tpm_locality
*)CONFIG_TPM_TIS_BASE_ADDRESS
;
47 /* Some registers' bit field definitions */
48 #define TIS_STS_VALID (1 << 7) /* 0x80 */
49 #define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
50 #define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
51 #define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
52 #define TIS_STS_EXPECT (1 << 3) /* 0x08 */
53 #define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
55 #define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
56 #define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
57 #define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
58 #define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
59 #define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
60 #define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
61 #define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
63 #define TIS_STS_BURST_COUNT_MASK (0xffff)
64 #define TIS_STS_BURST_COUNT_SHIFT (8)
67 * Error value returned if a tpm register does not enter the expected state
68 * after continuous polling. No actual TPM register reading ever returns -1,
69 * so this value is a safe error indication to be mixed with possible status
72 #define TPM_TIMEOUT_ERR (-1)
74 /* Error value returned on various TPM driver errors. */
75 #define TPM_DRIVER_ERR (1)
77 /* 1 second is plenty for anything TPM does. */
78 #define MAX_DELAY_US (1000 * 1000)
80 /* Retrieve burst count value out of the status register contents. */
81 static u16
burst_count(u32 status
)
83 return (status
>> TIS_STS_BURST_COUNT_SHIFT
) & TIS_STS_BURST_COUNT_MASK
;
87 * Structures defined below allow creating descriptions of TPM vendor/device
88 * ID information for run time discovery. The only device the system knows
89 * about at this time is Infineon slb9635.
93 const char * const dev_name
;
98 const char *vendor_name
;
99 const struct device_name
*dev_names
;
102 static const struct device_name infineon_devices
[] = {
103 {0xb, "SLB9635 TT 1.2"},
107 static const struct vendor_name vendor_names
[] = {
108 {0x15d1, "Infineon", infineon_devices
},
112 * Cached vendor/device ID pair to indicate that the device has been already
115 static u32 vendor_dev_id
;
117 /* TPM access wrappers to support tracing */
118 static u8
tpm_read_byte(const u8
*ptr
)
121 debug(PREFIX
"Read reg 0x%4.4x returns 0x%2.2x\n",
122 (u32
)(uintptr_t)ptr
- (u32
)(uintptr_t)lpc_tpm_dev
, ret
);
126 static u32
tpm_read_word(const u32
*ptr
)
128 u32 ret
= readl(ptr
);
129 debug(PREFIX
"Read reg 0x%4.4x returns 0x%8.8x\n",
130 (u32
)(uintptr_t)ptr
- (u32
)(uintptr_t)lpc_tpm_dev
, ret
);
134 static void tpm_write_byte(u8 value
, u8
*ptr
)
136 debug(PREFIX
"Write reg 0x%4.4x with 0x%2.2x\n",
137 (u32
)(uintptr_t)ptr
- (u32
)(uintptr_t)lpc_tpm_dev
, value
);
141 static void tpm_write_word(u32 value
, u32
*ptr
)
143 debug(PREFIX
"Write reg 0x%4.4x with 0x%8.8x\n",
144 (u32
)(uintptr_t)ptr
- (u32
)(uintptr_t)lpc_tpm_dev
, value
);
151 * Wait for at least a second for a register to change its state to match the
152 * expected state. Normally the transition happens within microseconds.
154 * @reg - pointer to the TPM register
155 * @mask - bitmask for the bitfield(s) to watch
156 * @expected - value the field(s) are supposed to be set to
158 * Returns the register contents in case the expected value was found in the
159 * appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
161 static u32
tis_wait_reg(u32
*reg
, u8 mask
, u8 expected
)
163 u32 time_us
= MAX_DELAY_US
;
165 while (time_us
> 0) {
166 u32 value
= tpm_read_word(reg
);
167 if ((value
& mask
) == expected
)
169 udelay(1); /* 1 us */
172 return TPM_TIMEOUT_ERR
;
176 * Probe the TPM device and try determining its manufacturer/device name.
178 * Returns 0 on success (the device is found or was found during an earlier
179 * invocation) or TPM_DRIVER_ERR if the device is not found.
183 u32 didvid
= tpm_read_word(&lpc_tpm_dev
[0].did_vid
);
185 const char *device_name
= "unknown";
186 const char *vendor_name
= device_name
;
190 return 0; /* Already probed. */
192 if (!didvid
|| (didvid
== 0xffffffff)) {
193 printf("%s: No TPM device found\n", __func__
);
194 return TPM_DRIVER_ERR
;
197 vendor_dev_id
= didvid
;
199 vid
= didvid
& 0xffff;
200 did
= (didvid
>> 16) & 0xffff;
201 for (i
= 0; i
< ARRAY_SIZE(vendor_names
); i
++) {
205 if (vid
== vendor_names
[i
].vendor_id
)
206 vendor_name
= vendor_names
[i
].vendor_name
;
208 while ((known_did
= vendor_names
[i
].dev_names
[j
].dev_id
) != 0) {
209 if (known_did
== did
) {
211 vendor_names
[i
].dev_names
[j
].dev_name
;
219 printf("Found TPM %s by %s\n", device_name
, vendor_name
);
226 * send the passed in data to the TPM device.
228 * @data - address of the data to send, byte by byte
229 * @len - length of the data to send
231 * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
232 * not accept the entire command).
234 static u32
tis_senddata(const u8
* const data
, u32 len
)
242 value
= tis_wait_reg(&lpc_tpm_dev
[locality
].tpm_status
,
243 TIS_STS_COMMAND_READY
, TIS_STS_COMMAND_READY
);
244 if (value
== TPM_TIMEOUT_ERR
) {
245 printf("%s:%d - failed to get 'command_ready' status\n",
247 return TPM_DRIVER_ERR
;
249 burst
= burst_count(value
);
254 /* Wait till the device is ready to accept more data. */
256 if (max_cycles
++ == MAX_DELAY_US
) {
257 printf("%s:%d failed to feed %d bytes of %d\n",
258 __FILE__
, __LINE__
, len
- offset
, len
);
259 return TPM_DRIVER_ERR
;
262 burst
= burst_count(tpm_read_word(&lpc_tpm_dev
263 [locality
].tpm_status
));
269 * Calculate number of bytes the TPM is ready to accept in one
272 * We want to send the last byte outside of the loop (hence
273 * the -1 below) to make sure that the 'expected' status bit
274 * changes to zero exactly after the last byte is fed into the
277 count
= min(burst
, len
- offset
- 1);
279 tpm_write_byte(data
[offset
++],
280 &lpc_tpm_dev
[locality
].data
);
282 value
= tis_wait_reg(&lpc_tpm_dev
[locality
].tpm_status
,
283 TIS_STS_VALID
, TIS_STS_VALID
);
285 if ((value
== TPM_TIMEOUT_ERR
) || !(value
& TIS_STS_EXPECT
)) {
286 printf("%s:%d TPM command feed overflow\n",
288 return TPM_DRIVER_ERR
;
291 burst
= burst_count(value
);
292 if ((offset
== (len
- 1)) && burst
) {
294 * We need to be able to send the last byte to the
295 * device, so burst size must be nonzero before we
302 /* Send the last byte. */
303 tpm_write_byte(data
[offset
++], &lpc_tpm_dev
[locality
].data
);
305 * Verify that TPM does not expect any more data as part of this
308 value
= tis_wait_reg(&lpc_tpm_dev
[locality
].tpm_status
,
309 TIS_STS_VALID
, TIS_STS_VALID
);
310 if ((value
== TPM_TIMEOUT_ERR
) || (value
& TIS_STS_EXPECT
)) {
311 printf("%s:%d unexpected TPM status 0x%x\n",
312 __FILE__
, __LINE__
, value
);
313 return TPM_DRIVER_ERR
;
316 /* OK, sitting pretty, let's start the command execution. */
317 tpm_write_word(TIS_STS_TPM_GO
, &lpc_tpm_dev
[locality
].tpm_status
);
324 * read the TPM device response after a command was issued.
326 * @buffer - address where to read the response, byte by byte.
327 * @len - pointer to the size of buffer
329 * On success stores the number of received bytes to len and returns 0. On
330 * errors (misformatted TPM data or synchronization problems) returns
333 static u32
tis_readresponse(u8
*buffer
, u32
*len
)
339 const u32 has_data
= TIS_STS_DATA_AVAILABLE
| TIS_STS_VALID
;
340 u32 expected_count
= *len
;
343 /* Wait for the TPM to process the command. */
344 value
= tis_wait_reg(&lpc_tpm_dev
[locality
].tpm_status
,
346 if (value
== TPM_TIMEOUT_ERR
) {
347 printf("%s:%d failed processing command\n",
349 return TPM_DRIVER_ERR
;
353 while ((burst
= burst_count(value
)) == 0) {
354 if (max_cycles
++ == MAX_DELAY_US
) {
355 printf("%s:%d TPM stuck on read\n",
357 return TPM_DRIVER_ERR
;
360 value
= tpm_read_word(&lpc_tpm_dev
361 [locality
].tpm_status
);
366 while (burst
-- && (offset
< expected_count
)) {
367 buffer
[offset
++] = tpm_read_byte(&lpc_tpm_dev
372 * We got the first six bytes of the reply,
373 * let's figure out how many bytes to expect
374 * total - it is stored as a 4 byte number in
375 * network order, starting with offset 2 into
376 * the body of the reply.
381 sizeof(real_length
));
382 expected_count
= be32_to_cpu(real_length
);
384 if ((expected_count
< offset
) ||
385 (expected_count
> *len
)) {
386 printf("%s:%d bad response size %d\n",
389 return TPM_DRIVER_ERR
;
394 /* Wait for the next portion. */
395 value
= tis_wait_reg(&lpc_tpm_dev
[locality
].tpm_status
,
396 TIS_STS_VALID
, TIS_STS_VALID
);
397 if (value
== TPM_TIMEOUT_ERR
) {
398 printf("%s:%d failed to read response\n",
400 return TPM_DRIVER_ERR
;
403 if (offset
== expected_count
)
404 break; /* We got all we needed. */
406 } while ((value
& has_data
) == has_data
);
409 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
412 if (value
& TIS_STS_DATA_AVAILABLE
) {
413 printf("%s:%d wrong receive status %x\n",
414 __FILE__
, __LINE__
, value
);
415 return TPM_DRIVER_ERR
;
418 /* Tell the TPM that we are done. */
419 tpm_write_word(TIS_STS_COMMAND_READY
, &lpc_tpm_dev
420 [locality
].tpm_status
);
427 u8 locality
= 0; /* we use locality zero for everything. */
430 return TPM_DRIVER_ERR
;
432 /* now request access to locality. */
433 tpm_write_word(TIS_ACCESS_REQUEST_USE
, &lpc_tpm_dev
[locality
].access
);
435 /* did we get a lock? */
436 if (tis_wait_reg(&lpc_tpm_dev
[locality
].access
,
437 TIS_ACCESS_ACTIVE_LOCALITY
,
438 TIS_ACCESS_ACTIVE_LOCALITY
) == TPM_TIMEOUT_ERR
) {
439 printf("%s:%d - failed to lock locality %d\n",
440 __FILE__
, __LINE__
, locality
);
441 return TPM_DRIVER_ERR
;
444 tpm_write_word(TIS_STS_COMMAND_READY
,
445 &lpc_tpm_dev
[locality
].tpm_status
);
453 if (tpm_read_word(&lpc_tpm_dev
[locality
].access
) &
454 TIS_ACCESS_ACTIVE_LOCALITY
) {
455 tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY
,
456 &lpc_tpm_dev
[locality
].access
);
458 if (tis_wait_reg(&lpc_tpm_dev
[locality
].access
,
459 TIS_ACCESS_ACTIVE_LOCALITY
, 0) ==
461 printf("%s:%d - failed to release locality %d\n",
462 __FILE__
, __LINE__
, locality
);
463 return TPM_DRIVER_ERR
;
469 int tis_sendrecv(const u8
*sendbuf
, size_t send_size
,
470 u8
*recvbuf
, size_t *recv_len
)
472 if (tis_senddata(sendbuf
, send_size
)) {
473 printf("%s:%d failed sending data to TPM\n",
475 return TPM_DRIVER_ERR
;
478 return tis_readresponse(recvbuf
, (u32
*)recv_len
);