]>
Commit | Line | Data |
---|---|---|
5e124724 VB |
1 | /* |
2 | * Copyright (c) 2011 The Chromium OS Authors. | |
3 | * | |
1a459660 | 4 | * SPDX-License-Identifier: GPL-2.0+ |
5e124724 VB |
5 | */ |
6 | ||
7 | /* | |
8 | * The code in this file is based on the article "Writing a TPM Device Driver" | |
9 | * published on http://ptgmedia.pearsoncmg.com. | |
10 | * | |
11 | * One principal difference is that in the simplest config the other than 0 | |
12 | * TPM localities do not get mapped by some devices (for instance, by Infineon | |
13 | * slb9635), so this driver provides access to locality 0 only. | |
14 | */ | |
15 | ||
16 | #include <common.h> | |
17 | #include <asm/io.h> | |
18 | #include <tpm.h> | |
19 | ||
20 | #define PREFIX "lpc_tpm: " | |
21 | ||
22 | struct tpm_locality { | |
23 | u32 access; | |
24 | u8 padding0[4]; | |
25 | u32 int_enable; | |
26 | u8 vector; | |
27 | u8 padding1[3]; | |
28 | u32 int_status; | |
29 | u32 int_capability; | |
30 | u32 tpm_status; | |
31 | u8 padding2[8]; | |
32 | u8 data; | |
33 | u8 padding3[3803]; | |
34 | u32 did_vid; | |
35 | u8 rid; | |
36 | u8 padding4[251]; | |
37 | }; | |
38 | ||
39 | /* | |
40 | * This pointer refers to the TPM chip, 5 of its localities are mapped as an | |
41 | * array. | |
42 | */ | |
43 | #define TPM_TOTAL_LOCALITIES 5 | |
44 | static struct tpm_locality *lpc_tpm_dev = | |
45 | (struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS; | |
46 | ||
47 | /* Some registers' bit field definitions */ | |
48 | #define TIS_STS_VALID (1 << 7) /* 0x80 */ | |
49 | #define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */ | |
50 | #define TIS_STS_TPM_GO (1 << 5) /* 0x20 */ | |
51 | #define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */ | |
52 | #define TIS_STS_EXPECT (1 << 3) /* 0x08 */ | |
53 | #define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */ | |
54 | ||
55 | #define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */ | |
56 | #define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */ | |
57 | #define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */ | |
58 | #define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */ | |
59 | #define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */ | |
60 | #define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */ | |
61 | #define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */ | |
62 | ||
63 | #define TIS_STS_BURST_COUNT_MASK (0xffff) | |
64 | #define TIS_STS_BURST_COUNT_SHIFT (8) | |
65 | ||
66 | /* | |
67 | * Error value returned if a tpm register does not enter the expected state | |
68 | * after continuous polling. No actual TPM register reading ever returns -1, | |
69 | * so this value is a safe error indication to be mixed with possible status | |
70 | * register values. | |
71 | */ | |
72 | #define TPM_TIMEOUT_ERR (-1) | |
73 | ||
74 | /* Error value returned on various TPM driver errors. */ | |
75 | #define TPM_DRIVER_ERR (1) | |
76 | ||
77 | /* 1 second is plenty for anything TPM does. */ | |
78 | #define MAX_DELAY_US (1000 * 1000) | |
79 | ||
80 | /* Retrieve burst count value out of the status register contents. */ | |
81 | static u16 burst_count(u32 status) | |
82 | { | |
83 | return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK; | |
84 | } | |
85 | ||
86 | /* | |
87 | * Structures defined below allow creating descriptions of TPM vendor/device | |
88 | * ID information for run time discovery. The only device the system knows | |
89 | * about at this time is Infineon slb9635. | |
90 | */ | |
91 | struct device_name { | |
92 | u16 dev_id; | |
93 | const char * const dev_name; | |
94 | }; | |
95 | ||
96 | struct vendor_name { | |
97 | u16 vendor_id; | |
98 | const char *vendor_name; | |
99 | const struct device_name *dev_names; | |
100 | }; | |
101 | ||
102 | static const struct device_name infineon_devices[] = { | |
103 | {0xb, "SLB9635 TT 1.2"}, | |
104 | {0} | |
105 | }; | |
106 | ||
107 | static const struct vendor_name vendor_names[] = { | |
108 | {0x15d1, "Infineon", infineon_devices}, | |
109 | }; | |
110 | ||
111 | /* | |
112 | * Cached vendor/device ID pair to indicate that the device has been already | |
113 | * discovered. | |
114 | */ | |
115 | static u32 vendor_dev_id; | |
116 | ||
117 | /* TPM access wrappers to support tracing */ | |
118 | static u8 tpm_read_byte(const u8 *ptr) | |
119 | { | |
120 | u8 ret = readb(ptr); | |
121 | debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n", | |
af98a70a | 122 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret); |
5e124724 VB |
123 | return ret; |
124 | } | |
125 | ||
126 | static u32 tpm_read_word(const u32 *ptr) | |
127 | { | |
128 | u32 ret = readl(ptr); | |
129 | debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n", | |
af98a70a | 130 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret); |
5e124724 VB |
131 | return ret; |
132 | } | |
133 | ||
134 | static void tpm_write_byte(u8 value, u8 *ptr) | |
135 | { | |
136 | debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n", | |
af98a70a | 137 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value); |
5e124724 VB |
138 | writeb(value, ptr); |
139 | } | |
140 | ||
141 | static void tpm_write_word(u32 value, u32 *ptr) | |
142 | { | |
143 | debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n", | |
af98a70a | 144 | (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value); |
5e124724 VB |
145 | writel(value, ptr); |
146 | } | |
147 | ||
148 | /* | |
149 | * tis_wait_reg() | |
150 | * | |
151 | * Wait for at least a second for a register to change its state to match the | |
152 | * expected state. Normally the transition happens within microseconds. | |
153 | * | |
154 | * @reg - pointer to the TPM register | |
155 | * @mask - bitmask for the bitfield(s) to watch | |
156 | * @expected - value the field(s) are supposed to be set to | |
157 | * | |
158 | * Returns the register contents in case the expected value was found in the | |
159 | * appropriate register bits, or TPM_TIMEOUT_ERR on timeout. | |
160 | */ | |
161 | static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected) | |
162 | { | |
163 | u32 time_us = MAX_DELAY_US; | |
164 | ||
165 | while (time_us > 0) { | |
166 | u32 value = tpm_read_word(reg); | |
167 | if ((value & mask) == expected) | |
168 | return value; | |
169 | udelay(1); /* 1 us */ | |
170 | time_us--; | |
171 | } | |
172 | return TPM_TIMEOUT_ERR; | |
173 | } | |
174 | ||
175 | /* | |
176 | * Probe the TPM device and try determining its manufacturer/device name. | |
177 | * | |
178 | * Returns 0 on success (the device is found or was found during an earlier | |
179 | * invocation) or TPM_DRIVER_ERR if the device is not found. | |
180 | */ | |
181 | int tis_init(void) | |
182 | { | |
183 | u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid); | |
184 | int i; | |
185 | const char *device_name = "unknown"; | |
186 | const char *vendor_name = device_name; | |
187 | u16 vid, did; | |
188 | ||
189 | if (vendor_dev_id) | |
190 | return 0; /* Already probed. */ | |
191 | ||
192 | if (!didvid || (didvid == 0xffffffff)) { | |
193 | printf("%s: No TPM device found\n", __func__); | |
194 | return TPM_DRIVER_ERR; | |
195 | } | |
196 | ||
197 | vendor_dev_id = didvid; | |
198 | ||
199 | vid = didvid & 0xffff; | |
200 | did = (didvid >> 16) & 0xffff; | |
201 | for (i = 0; i < ARRAY_SIZE(vendor_names); i++) { | |
202 | int j = 0; | |
203 | u16 known_did; | |
204 | ||
205 | if (vid == vendor_names[i].vendor_id) | |
206 | vendor_name = vendor_names[i].vendor_name; | |
207 | ||
208 | while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) { | |
209 | if (known_did == did) { | |
210 | device_name = | |
211 | vendor_names[i].dev_names[j].dev_name; | |
212 | break; | |
213 | } | |
214 | j++; | |
215 | } | |
216 | break; | |
217 | } | |
218 | ||
219 | printf("Found TPM %s by %s\n", device_name, vendor_name); | |
220 | return 0; | |
221 | } | |
222 | ||
223 | /* | |
224 | * tis_senddata() | |
225 | * | |
226 | * send the passed in data to the TPM device. | |
227 | * | |
228 | * @data - address of the data to send, byte by byte | |
229 | * @len - length of the data to send | |
230 | * | |
231 | * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does | |
232 | * not accept the entire command). | |
233 | */ | |
234 | static u32 tis_senddata(const u8 * const data, u32 len) | |
235 | { | |
236 | u32 offset = 0; | |
237 | u16 burst = 0; | |
238 | u32 max_cycles = 0; | |
239 | u8 locality = 0; | |
240 | u32 value; | |
241 | ||
242 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
243 | TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY); | |
244 | if (value == TPM_TIMEOUT_ERR) { | |
245 | printf("%s:%d - failed to get 'command_ready' status\n", | |
246 | __FILE__, __LINE__); | |
247 | return TPM_DRIVER_ERR; | |
248 | } | |
249 | burst = burst_count(value); | |
250 | ||
251 | while (1) { | |
252 | unsigned count; | |
253 | ||
254 | /* Wait till the device is ready to accept more data. */ | |
255 | while (!burst) { | |
256 | if (max_cycles++ == MAX_DELAY_US) { | |
257 | printf("%s:%d failed to feed %d bytes of %d\n", | |
258 | __FILE__, __LINE__, len - offset, len); | |
259 | return TPM_DRIVER_ERR; | |
260 | } | |
261 | udelay(1); | |
262 | burst = burst_count(tpm_read_word(&lpc_tpm_dev | |
263 | [locality].tpm_status)); | |
264 | } | |
265 | ||
266 | max_cycles = 0; | |
267 | ||
268 | /* | |
269 | * Calculate number of bytes the TPM is ready to accept in one | |
270 | * shot. | |
271 | * | |
272 | * We want to send the last byte outside of the loop (hence | |
273 | * the -1 below) to make sure that the 'expected' status bit | |
274 | * changes to zero exactly after the last byte is fed into the | |
275 | * FIFO. | |
276 | */ | |
277 | count = min(burst, len - offset - 1); | |
278 | while (count--) | |
279 | tpm_write_byte(data[offset++], | |
280 | &lpc_tpm_dev[locality].data); | |
281 | ||
282 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
283 | TIS_STS_VALID, TIS_STS_VALID); | |
284 | ||
285 | if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) { | |
286 | printf("%s:%d TPM command feed overflow\n", | |
287 | __FILE__, __LINE__); | |
288 | return TPM_DRIVER_ERR; | |
289 | } | |
290 | ||
291 | burst = burst_count(value); | |
292 | if ((offset == (len - 1)) && burst) { | |
293 | /* | |
294 | * We need to be able to send the last byte to the | |
295 | * device, so burst size must be nonzero before we | |
296 | * break out. | |
297 | */ | |
298 | break; | |
299 | } | |
300 | } | |
301 | ||
302 | /* Send the last byte. */ | |
303 | tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data); | |
304 | /* | |
305 | * Verify that TPM does not expect any more data as part of this | |
306 | * command. | |
307 | */ | |
308 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
309 | TIS_STS_VALID, TIS_STS_VALID); | |
310 | if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) { | |
311 | printf("%s:%d unexpected TPM status 0x%x\n", | |
312 | __FILE__, __LINE__, value); | |
313 | return TPM_DRIVER_ERR; | |
314 | } | |
315 | ||
316 | /* OK, sitting pretty, let's start the command execution. */ | |
317 | tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status); | |
318 | return 0; | |
319 | } | |
320 | ||
321 | /* | |
322 | * tis_readresponse() | |
323 | * | |
324 | * read the TPM device response after a command was issued. | |
325 | * | |
326 | * @buffer - address where to read the response, byte by byte. | |
327 | * @len - pointer to the size of buffer | |
328 | * | |
329 | * On success stores the number of received bytes to len and returns 0. On | |
330 | * errors (misformatted TPM data or synchronization problems) returns | |
331 | * TPM_DRIVER_ERR. | |
332 | */ | |
333 | static u32 tis_readresponse(u8 *buffer, u32 *len) | |
334 | { | |
335 | u16 burst; | |
336 | u32 value; | |
337 | u32 offset = 0; | |
338 | u8 locality = 0; | |
339 | const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID; | |
340 | u32 expected_count = *len; | |
341 | int max_cycles = 0; | |
342 | ||
343 | /* Wait for the TPM to process the command. */ | |
344 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
345 | has_data, has_data); | |
346 | if (value == TPM_TIMEOUT_ERR) { | |
347 | printf("%s:%d failed processing command\n", | |
348 | __FILE__, __LINE__); | |
349 | return TPM_DRIVER_ERR; | |
350 | } | |
351 | ||
352 | do { | |
353 | while ((burst = burst_count(value)) == 0) { | |
354 | if (max_cycles++ == MAX_DELAY_US) { | |
355 | printf("%s:%d TPM stuck on read\n", | |
356 | __FILE__, __LINE__); | |
357 | return TPM_DRIVER_ERR; | |
358 | } | |
359 | udelay(1); | |
360 | value = tpm_read_word(&lpc_tpm_dev | |
361 | [locality].tpm_status); | |
362 | } | |
363 | ||
364 | max_cycles = 0; | |
365 | ||
366 | while (burst-- && (offset < expected_count)) { | |
367 | buffer[offset++] = tpm_read_byte(&lpc_tpm_dev | |
368 | [locality].data); | |
369 | ||
370 | if (offset == 6) { | |
371 | /* | |
372 | * We got the first six bytes of the reply, | |
373 | * let's figure out how many bytes to expect | |
374 | * total - it is stored as a 4 byte number in | |
375 | * network order, starting with offset 2 into | |
376 | * the body of the reply. | |
377 | */ | |
378 | u32 real_length; | |
379 | memcpy(&real_length, | |
380 | buffer + 2, | |
381 | sizeof(real_length)); | |
382 | expected_count = be32_to_cpu(real_length); | |
383 | ||
384 | if ((expected_count < offset) || | |
385 | (expected_count > *len)) { | |
386 | printf("%s:%d bad response size %d\n", | |
387 | __FILE__, __LINE__, | |
388 | expected_count); | |
389 | return TPM_DRIVER_ERR; | |
390 | } | |
391 | } | |
392 | } | |
393 | ||
394 | /* Wait for the next portion. */ | |
395 | value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status, | |
396 | TIS_STS_VALID, TIS_STS_VALID); | |
397 | if (value == TPM_TIMEOUT_ERR) { | |
398 | printf("%s:%d failed to read response\n", | |
399 | __FILE__, __LINE__); | |
400 | return TPM_DRIVER_ERR; | |
401 | } | |
402 | ||
403 | if (offset == expected_count) | |
404 | break; /* We got all we needed. */ | |
405 | ||
406 | } while ((value & has_data) == has_data); | |
407 | ||
408 | /* | |
409 | * Make sure we indeed read all there was. The TIS_STS_VALID bit is | |
410 | * known to be set. | |
411 | */ | |
412 | if (value & TIS_STS_DATA_AVAILABLE) { | |
413 | printf("%s:%d wrong receive status %x\n", | |
414 | __FILE__, __LINE__, value); | |
415 | return TPM_DRIVER_ERR; | |
416 | } | |
417 | ||
418 | /* Tell the TPM that we are done. */ | |
419 | tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev | |
420 | [locality].tpm_status); | |
421 | *len = offset; | |
422 | return 0; | |
423 | } | |
424 | ||
425 | int tis_open(void) | |
426 | { | |
427 | u8 locality = 0; /* we use locality zero for everything. */ | |
428 | ||
429 | if (tis_close()) | |
430 | return TPM_DRIVER_ERR; | |
431 | ||
432 | /* now request access to locality. */ | |
433 | tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access); | |
434 | ||
435 | /* did we get a lock? */ | |
436 | if (tis_wait_reg(&lpc_tpm_dev[locality].access, | |
437 | TIS_ACCESS_ACTIVE_LOCALITY, | |
438 | TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) { | |
439 | printf("%s:%d - failed to lock locality %d\n", | |
440 | __FILE__, __LINE__, locality); | |
441 | return TPM_DRIVER_ERR; | |
442 | } | |
443 | ||
444 | tpm_write_word(TIS_STS_COMMAND_READY, | |
445 | &lpc_tpm_dev[locality].tpm_status); | |
446 | return 0; | |
447 | } | |
448 | ||
449 | int tis_close(void) | |
450 | { | |
451 | u8 locality = 0; | |
452 | ||
453 | if (tpm_read_word(&lpc_tpm_dev[locality].access) & | |
454 | TIS_ACCESS_ACTIVE_LOCALITY) { | |
455 | tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY, | |
456 | &lpc_tpm_dev[locality].access); | |
457 | ||
458 | if (tis_wait_reg(&lpc_tpm_dev[locality].access, | |
459 | TIS_ACCESS_ACTIVE_LOCALITY, 0) == | |
460 | TPM_TIMEOUT_ERR) { | |
461 | printf("%s:%d - failed to release locality %d\n", | |
462 | __FILE__, __LINE__, locality); | |
463 | return TPM_DRIVER_ERR; | |
464 | } | |
465 | } | |
466 | return 0; | |
467 | } | |
468 | ||
469 | int tis_sendrecv(const u8 *sendbuf, size_t send_size, | |
470 | u8 *recvbuf, size_t *recv_len) | |
471 | { | |
472 | if (tis_senddata(sendbuf, send_size)) { | |
473 | printf("%s:%d failed sending data to TPM\n", | |
474 | __FILE__, __LINE__); | |
475 | return TPM_DRIVER_ERR; | |
476 | } | |
477 | ||
af98a70a | 478 | return tis_readresponse(recvbuf, (u32 *)recv_len); |
5e124724 | 479 | } |