blob: 39652a977c7402e7a339bf3ce45303420f44cf0c [file] [log] [blame]
/*
* Copyright (C) 2011 Infineon Technologies
*
* Authors:
* Peter Huewe <huewe.external@infineon.com>
*
* Description:
* Device driver for TCG/TCPA TPM (trusted platform module).
* Specifications at www.trustedcomputinggroup.org
*
* This device driver implements the TPM interface as defined in
* the TCG TPM Interface Spec version 1.2, revision 1.0 and the
* Infineon I2C Protocol Stack Specification v0.20.
*
* It is based on the Linux kernel driver tpm.c from Leendert van
* Dorn, Dave Safford, Reiner Sailer, and Kyleen Hall.
*
* Version: 2.1.1
*
* SPDX-License-Identifier: GPL-2.0
*/
#include <common.h>
#include <dm.h>
#include <fdtdec.h>
#include <linux/compiler.h>
#include <i2c.h>
#include <tpm.h>
#include <asm-generic/errno.h>
#include <linux/types.h>
#include <linux/unaligned/be_byteshift.h>
#include "tpm_tis_i2c.h"
DECLARE_GLOBAL_DATA_PTR;
static const char * const chip_name[] = {
[SLB9635] = "slb9635tt",
[SLB9645] = "slb9645tt",
[UNKNOWN] = "unknown/fallback to slb9635",
};
static struct tpm_chip g_chip;
/*
* iic_tpm_read() - read from TPM register
* @addr: register address to read from
* @buffer: provided by caller
* @len: number of bytes to read
*
* Read len bytes from TPM register and put them into
* buffer (little-endian format, i.e. first byte is put into buffer[0]).
*
* NOTE: TPM is big-endian for multi-byte values. Multi-byte
* values have to be swapped.
*
* Return -EIO on error, 0 on success.
*/
static int iic_tpm_read(u8 addr, u8 *buffer, size_t len)
{
int rc;
int count;
uint32_t addrbuf = addr;
if ((g_chip.chip_type == SLB9635) || (g_chip.chip_type == UNKNOWN)) {
/* slb9635 protocol should work in both cases */
for (count = 0; count < MAX_COUNT; count++) {
rc = dm_i2c_write(g_chip.dev, 0, (uchar *)&addrbuf, 1);
if (rc == 0)
break; /* Success, break to skip sleep */
udelay(SLEEP_DURATION);
}
if (rc)
return -rc;
/* After the TPM has successfully received the register address
* it needs some time, thus we're sleeping here again, before
* retrieving the data
*/
for (count = 0; count < MAX_COUNT; count++) {
udelay(SLEEP_DURATION);
rc = dm_i2c_read(g_chip.dev, 0, buffer, len);
if (rc == 0)
break; /* success, break to skip sleep */
}
} else {
/*
* Use a combined read for newer chips.
* Unfortunately the smbus functions are not suitable due to
* the 32 byte limit of the smbus.
* Retries should usually not be needed, but are kept just to
* be safe on the safe side.
*/
for (count = 0; count < MAX_COUNT; count++) {
rc = dm_i2c_read(g_chip.dev, addr, buffer, len);
if (rc == 0)
break; /* break here to skip sleep */
udelay(SLEEP_DURATION);
}
}
/* Take care of 'guard time' */
udelay(SLEEP_DURATION);
if (rc)
return -rc;
return 0;
}
static int iic_tpm_write_generic(u8 addr, u8 *buffer, size_t len,
unsigned int sleep_time, u8 max_count)
{
int rc = 0;
int count;
for (count = 0; count < max_count; count++) {
rc = dm_i2c_write(g_chip.dev, addr, buffer, len);
if (rc == 0)
break; /* Success, break to skip sleep */
udelay(sleep_time);
}
/* take care of 'guard time' */
udelay(sleep_time);
if (rc)
return -rc;
return 0;
}
/*
* iic_tpm_write() - write to TPM register
* @addr: register address to write to
* @buffer: containing data to be written
* @len: number of bytes to write
*
* Write len bytes from provided buffer to TPM register (little
* endian format, i.e. buffer[0] is written as first byte).
*
* NOTE: TPM is big-endian for multi-byte values. Multi-byte
* values have to be swapped.
*
* NOTE: use this function instead of the iic_tpm_write_generic function.
*
* Return -EIO on error, 0 on success
*/
static int iic_tpm_write(u8 addr, u8 *buffer, size_t len)
{
return iic_tpm_write_generic(addr, buffer, len, SLEEP_DURATION,
MAX_COUNT);
}
/*
* This function is needed especially for the cleanup situation after
* sending TPM_READY
*/
static int iic_tpm_write_long(u8 addr, u8 *buffer, size_t len)
{
return iic_tpm_write_generic(addr, buffer, len, SLEEP_DURATION_LONG,
MAX_COUNT_LONG);
}
static int check_locality(struct tpm_chip *chip, int loc)
{
const u8 mask = TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID;
u8 buf;
int rc;
rc = iic_tpm_read(TPM_ACCESS(loc), &buf, 1);
if (rc < 0)
return rc;
if ((buf & mask) == mask) {
chip->locality = loc;
return loc;
}
return -1;
}
static void release_locality(struct tpm_chip *chip, int loc, int force)
{
const u8 mask = TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID;
u8 buf;
if (iic_tpm_read(TPM_ACCESS(loc), &buf, 1) < 0)
return;
if (force || (buf & mask) == mask) {
buf = TPM_ACCESS_ACTIVE_LOCALITY;
iic_tpm_write(TPM_ACCESS(loc), &buf, 1);
}
}
static int request_locality(struct tpm_chip *chip, int loc)
{
unsigned long start, stop;
u8 buf = TPM_ACCESS_REQUEST_USE;
int rc;
if (check_locality(chip, loc) >= 0)
return loc; /* We already have the locality */
rc = iic_tpm_write(TPM_ACCESS(loc), &buf, 1);
if (rc)
return rc;
/* Wait for burstcount */
start = get_timer(0);
stop = chip->timeout_a;
do {
if (check_locality(chip, loc) >= 0)
return loc;
udelay(TPM_TIMEOUT * 1000);
} while (get_timer(start) < stop);
return -1;
}
static u8 tpm_tis_i2c_status(struct tpm_chip *chip)
{
/* NOTE: Since i2c read may fail, return 0 in this case --> time-out */
u8 buf;
if (iic_tpm_read(TPM_STS(chip->locality), &buf, 1) < 0)
return 0;
else
return buf;
}
static void tpm_tis_i2c_ready(struct tpm_chip *chip)
{
int rc;
/* This causes the current command to be aborted */
u8 buf = TPM_STS_COMMAND_READY;
debug("%s\n", __func__);
rc = iic_tpm_write_long(TPM_STS(chip->locality), &buf, 1);
if (rc)
debug("%s: rc=%d\n", __func__, rc);
}
static ssize_t get_burstcount(struct tpm_chip *chip)
{
unsigned long start, stop;
ssize_t burstcnt;
u8 addr, buf[3];
/* Wait for burstcount */
/* XXX: Which timeout value? Spec has 2 answers (c & d) */
start = get_timer(0);
stop = chip->timeout_d;
do {
/* Note: STS is little endian */
addr = TPM_STS(chip->locality) + 1;
if (iic_tpm_read(addr, buf, 3) < 0)
burstcnt = 0;
else
burstcnt = (buf[2] << 16) + (buf[1] << 8) + buf[0];
if (burstcnt)
return burstcnt;
udelay(TPM_TIMEOUT * 1000);
} while (get_timer(start) < stop);
return -EBUSY;
}
static int wait_for_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
int *status)
{
unsigned long start, stop;
/* Check current status */
*status = tpm_tis_i2c_status(chip);
if ((*status & mask) == mask)
return 0;
start = get_timer(0);
stop = timeout;
do {
udelay(TPM_TIMEOUT * 1000);
*status = tpm_tis_i2c_status(chip);
if ((*status & mask) == mask)
return 0;
} while (get_timer(start) < stop);
return -ETIME;
}
static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
{
size_t size = 0;
ssize_t burstcnt;
int rc;
while (size < count) {
burstcnt = get_burstcount(chip);
/* burstcount < 0 -> tpm is busy */
if (burstcnt < 0)
return burstcnt;
/* Limit received data to max left */
if (burstcnt > (count - size))
burstcnt = count - size;
rc = iic_tpm_read(TPM_DATA_FIFO(chip->locality),
&(buf[size]), burstcnt);
if (rc == 0)
size += burstcnt;
}
return size;
}
static int tpm_tis_i2c_recv(struct tpm_chip *chip, u8 *buf, size_t count)
{
int size = 0;
int expected, status;
if (count < TPM_HEADER_SIZE) {
size = -EIO;
goto out;
}
/* Read first 10 bytes, including tag, paramsize, and result */
size = recv_data(chip, buf, TPM_HEADER_SIZE);
if (size < TPM_HEADER_SIZE) {
error("Unable to read header\n");
goto out;
}
expected = get_unaligned_be32(buf + TPM_RSP_SIZE_BYTE);
if ((size_t)expected > count) {
error("Error size=%x, expected=%x, count=%x\n", size, expected,
count);
size = -EIO;
goto out;
}
size += recv_data(chip, &buf[TPM_HEADER_SIZE],
expected - TPM_HEADER_SIZE);
if (size < expected) {
error("Unable to read remainder of result\n");
size = -ETIME;
goto out;
}
wait_for_stat(chip, TPM_STS_VALID, chip->timeout_c, &status);
if (status & TPM_STS_DATA_AVAIL) { /* Retry? */
error("Error left over data\n");
size = -EIO;
goto out;
}
out:
tpm_tis_i2c_ready(chip);
/*
* The TPM needs some time to clean up here,
* so we sleep rather than keeping the bus busy
*/
udelay(2000);
release_locality(chip, chip->locality, 0);
return size;
}
static int tpm_tis_i2c_send(struct tpm_chip *chip, u8 *buf, size_t len)
{
int rc, status;
size_t burstcnt;
size_t count = 0;
int retry = 0;
u8 sts = TPM_STS_GO;
debug("%s: len=%d\n", __func__, len);
if (len > TPM_DEV_BUFSIZE)
return -E2BIG; /* Command is too long for our tpm, sorry */
if (request_locality(chip, 0) < 0)
return -EBUSY;
status = tpm_tis_i2c_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
tpm_tis_i2c_ready(chip);
if (wait_for_stat(chip, TPM_STS_COMMAND_READY,
chip->timeout_b, &status) < 0) {
rc = -ETIME;
goto out_err;
}
}
burstcnt = get_burstcount(chip);
/* burstcount < 0 -> tpm is busy */
if (burstcnt < 0)
return burstcnt;
while (count < len) {
udelay(300);
if (burstcnt > len - count)
burstcnt = len - count;
#ifdef CONFIG_TPM_TIS_I2C_BURST_LIMITATION
if (retry && burstcnt > CONFIG_TPM_TIS_I2C_BURST_LIMITATION)
burstcnt = CONFIG_TPM_TIS_I2C_BURST_LIMITATION;
#endif /* CONFIG_TPM_TIS_I2C_BURST_LIMITATION */
rc = iic_tpm_write(TPM_DATA_FIFO(chip->locality),
&(buf[count]), burstcnt);
if (rc == 0)
count += burstcnt;
else {
debug("%s: error\n", __func__);
if (retry++ > 10) {
rc = -EIO;
goto out_err;
}
rc = wait_for_stat(chip, TPM_STS_VALID,
chip->timeout_c, &status);
if (rc)
goto out_err;
if ((status & TPM_STS_DATA_EXPECT) == 0) {
rc = -EIO;
goto out_err;
}
}
}
/* Go and do it */
iic_tpm_write(TPM_STS(chip->locality), &sts, 1);
debug("done\n");
return len;
out_err:
debug("%s: out_err\n", __func__);
tpm_tis_i2c_ready(chip);
/*
* The TPM needs some time to clean up here,
* so we sleep rather than keeping the bus busy
*/
udelay(2000);
release_locality(chip, chip->locality, 0);
return rc;
}
static enum i2c_chip_type tpm_tis_i2c_chip_type(void)
{
#if CONFIG_IS_ENABLED(OF_CONTROL)
const void *blob = gd->fdt_blob;
if (fdtdec_next_compatible(blob, 0, COMPAT_INFINEON_SLB9645_TPM) >= 0)
return SLB9645;
if (fdtdec_next_compatible(blob, 0, COMPAT_INFINEON_SLB9635_TPM) >= 0)
return SLB9635;
#endif
return UNKNOWN;
}
static int tpm_tis_i2c_init(struct udevice *dev)
{
struct tpm_chip *chip = &g_chip;
u32 vendor;
u32 expected_did_vid;
g_chip.dev = dev;
g_chip.chip_type = tpm_tis_i2c_chip_type();
chip->is_open = 1;
/* Disable interrupts (not supported) */
chip->irq = 0;
/* Default timeouts */
chip->timeout_a = TIS_SHORT_TIMEOUT;
chip->timeout_b = TIS_LONG_TIMEOUT;
chip->timeout_c = TIS_SHORT_TIMEOUT;
chip->timeout_d = TIS_SHORT_TIMEOUT;
chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_canceled = TPM_STS_COMMAND_READY;
if (request_locality(chip, 0) < 0)
return -ENODEV;
/* Read four bytes from DID_VID register */
if (iic_tpm_read(TPM_DID_VID(0), (uchar *)&vendor, 4) < 0) {
release_locality(chip, 0, 1);
return -EIO;
}
if (g_chip.chip_type == SLB9635) {
vendor = be32_to_cpu(vendor);
expected_did_vid = TPM_TIS_I2C_DID_VID_9635;
} else {
/* device id and byte order has changed for newer i2c tpms */
expected_did_vid = TPM_TIS_I2C_DID_VID_9645;
}
if (g_chip.chip_type != UNKNOWN && vendor != expected_did_vid) {
error("Vendor id did not match! ID was %08x\n", vendor);
return -ENODEV;
}
debug("1.2 TPM (chip type %s device-id 0x%X)\n",
chip_name[g_chip.chip_type], vendor >> 16);
/*
* A timeout query to TPM can be placed here.
* Standard timeout values are used so far
*/
return 0;
}
/* Returns max number of milliseconds to wait */
static unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
u32 ordinal)
{
int duration_idx = TPM_UNDEFINED;
int duration = 0;
if (ordinal < TPM_MAX_ORDINAL) {
duration_idx = tpm_ordinal_duration[ordinal];
} else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) <
TPM_MAX_PROTECTED_ORDINAL) {
duration_idx = tpm_protected_ordinal_duration[
ordinal & TPM_PROTECTED_ORDINAL_MASK];
}
if (duration_idx != TPM_UNDEFINED)
duration = chip->duration[duration_idx];
if (duration <= 0)
return 2 * 60 * HZ; /* Two minutes timeout */
else
return duration;
}
static ssize_t tpm_transmit(const unsigned char *buf, size_t bufsiz)
{
int rc;
u32 count, ordinal;
unsigned long start, stop;
struct tpm_chip *chip = &g_chip;
/* switch endianess: big->little */
count = get_unaligned_be32(buf + TPM_CMD_COUNT_BYTE);
ordinal = get_unaligned_be32(buf + TPM_CMD_ORDINAL_BYTE);
if (count == 0) {
error("no data\n");
return -ENODATA;
}
if (count > bufsiz) {
error("invalid count value %x %zx\n", count, bufsiz);
return -E2BIG;
}
debug("Calling send\n");
rc = tpm_tis_i2c_send(chip, (u8 *)buf, count);
debug(" ... done calling send\n");
if (rc < 0) {
error("tpm_transmit: tpm_send: error %d\n", rc);
goto out;
}
if (chip->irq)
goto out_recv;
start = get_timer(0);
stop = tpm_calc_ordinal_duration(chip, ordinal);
do {
debug("waiting for status... %ld %ld\n", start, stop);
u8 status = tpm_tis_i2c_status(chip);
if ((status & chip->req_complete_mask) ==
chip->req_complete_val) {
debug("...got it;\n");
goto out_recv;
}
if (status == chip->req_canceled) {
error("Operation Canceled\n");
rc = -ECANCELED;
goto out;
}
udelay(TPM_TIMEOUT * 1000);
} while (get_timer(start) < stop);
tpm_tis_i2c_ready(chip);
error("Operation Timed out\n");
rc = -ETIME;
goto out;
out_recv:
debug("out_recv: reading response...\n");
rc = tpm_tis_i2c_recv(chip, (u8 *)buf, TPM_BUFSIZE);
if (rc < 0)
error("tpm_transmit: tpm_recv: error %d\n", rc);
out:
return rc;
}
static int tpm_open_dev(struct udevice *dev)
{
int rc;
debug("%s: start\n", __func__);
if (g_chip.is_open)
return -EBUSY;
rc = tpm_tis_i2c_init(dev);
if (rc < 0)
g_chip.is_open = 0;
return rc;
}
static void tpm_close(void)
{
if (g_chip.is_open) {
release_locality(&g_chip, g_chip.locality, 1);
g_chip.is_open = 0;
}
}
/**
* Decode TPM configuration.
*
* @param dev Returns a configuration of TPM device
* @return 0 if ok, -1 on error
*/
static int tpm_decode_config(struct tpm_chip *chip)
{
const void *blob = gd->fdt_blob;
struct udevice *bus;
int chip_addr;
int parent;
int node;
int ret;
node = fdtdec_next_compatible(blob, 0, COMPAT_INFINEON_SLB9635_TPM);
if (node < 0) {
node = fdtdec_next_compatible(blob, 0,
COMPAT_INFINEON_SLB9645_TPM);
}
if (node < 0) {
debug("%s: Node not found\n", __func__);
return -1;
}
parent = fdt_parent_offset(blob, node);
if (parent < 0) {
debug("%s: Cannot find node parent\n", __func__);
return -1;
}
/*
* TODO(sjg@chromium.org): Remove this when driver model supports
* TPMs
*/
ret = uclass_get_device_by_of_offset(UCLASS_I2C, parent, &bus);
if (ret) {
debug("Cannot find bus for node '%s: ret=%d'\n",
fdt_get_name(blob, parent, NULL), ret);
return ret;
}
chip_addr = fdtdec_get_int(blob, node, "reg", -1);
if (chip_addr == -1) {
debug("Cannot find reg property for node '%s: ret=%d'\n",
fdt_get_name(blob, node, NULL), ret);
return ret;
}
/*
* TODO(sjg@chromium.org): Older TPMs will need to use the older method
* in iic_tpm_read() so the offset length needs to be 0 here.
*/
ret = i2c_get_chip(bus, chip_addr, 1, &chip->dev);
if (ret) {
debug("Cannot find device for node '%s: ret=%d'\n",
fdt_get_name(blob, node, NULL), ret);
return ret;
}
return 0;
}
int tis_init(void)
{
if (g_chip.inited)
return 0;
if (tpm_decode_config(&g_chip))
return -1;
debug("%s: done\n", __func__);
g_chip.inited = 1;
return 0;
}
int tis_open(void)
{
int rc;
if (!g_chip.inited)
return -1;
rc = tpm_open_dev(g_chip.dev);
return rc;
}
int tis_close(void)
{
if (!g_chip.inited)
return -1;
tpm_close();
return 0;
}
int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
uint8_t *recvbuf, size_t *rbuf_len)
{
int len;
uint8_t buf[4096];
if (!g_chip.inited)
return -1;
if (sizeof(buf) < sbuf_size)
return -1;
memcpy(buf, sendbuf, sbuf_size);
len = tpm_transmit(buf, sbuf_size);
if (len < 10) {
*rbuf_len = 0;
return -1;
}
memcpy(recvbuf, buf, len);
*rbuf_len = len;
return 0;
}