blob: 3109c504f3f151caa474b4684b68301d575afbe5 [file] [log] [blame]
Vadim Bendeburydac69642011-10-17 08:36:14 +00001/*
2 * Copyright (c) 2011 The Chromium OS Authors.
3 *
Wolfgang Denkd79de1d2013-07-08 09:37:19 +02004 * SPDX-License-Identifier: GPL-2.0+
Vadim Bendeburydac69642011-10-17 08:36:14 +00005 */
6
7/*
8 * The code in this file is based on the article "Writing a TPM Device Driver"
9 * published on http://ptgmedia.pearsoncmg.com.
10 *
11 * One principal difference is that in the simplest config the other than 0
12 * TPM localities do not get mapped by some devices (for instance, by Infineon
13 * slb9635), so this driver provides access to locality 0 only.
14 */
15
16#include <common.h>
17#include <asm/io.h>
Simon Glass6c7a2322015-08-22 18:31:31 -060018#include <tis.h>
Vadim Bendeburydac69642011-10-17 08:36:14 +000019#include <tpm.h>
20
21#define PREFIX "lpc_tpm: "
22
23struct tpm_locality {
24 u32 access;
25 u8 padding0[4];
26 u32 int_enable;
27 u8 vector;
28 u8 padding1[3];
29 u32 int_status;
30 u32 int_capability;
31 u32 tpm_status;
32 u8 padding2[8];
33 u8 data;
34 u8 padding3[3803];
35 u32 did_vid;
36 u8 rid;
37 u8 padding4[251];
38};
39
40/*
41 * This pointer refers to the TPM chip, 5 of its localities are mapped as an
42 * array.
43 */
44#define TPM_TOTAL_LOCALITIES 5
45static struct tpm_locality *lpc_tpm_dev =
46 (struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS;
47
48/* Some registers' bit field definitions */
49#define TIS_STS_VALID (1 << 7) /* 0x80 */
50#define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
51#define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
52#define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
53#define TIS_STS_EXPECT (1 << 3) /* 0x08 */
54#define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
55
56#define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
57#define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
58#define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
59#define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
60#define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
61#define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
62#define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
63
64#define TIS_STS_BURST_COUNT_MASK (0xffff)
65#define TIS_STS_BURST_COUNT_SHIFT (8)
66
67/*
68 * Error value returned if a tpm register does not enter the expected state
69 * after continuous polling. No actual TPM register reading ever returns -1,
70 * so this value is a safe error indication to be mixed with possible status
71 * register values.
72 */
73#define TPM_TIMEOUT_ERR (-1)
74
75/* Error value returned on various TPM driver errors. */
76#define TPM_DRIVER_ERR (1)
77
78 /* 1 second is plenty for anything TPM does. */
79#define MAX_DELAY_US (1000 * 1000)
80
81/* Retrieve burst count value out of the status register contents. */
82static u16 burst_count(u32 status)
83{
84 return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK;
85}
86
87/*
88 * Structures defined below allow creating descriptions of TPM vendor/device
89 * ID information for run time discovery. The only device the system knows
90 * about at this time is Infineon slb9635.
91 */
92struct device_name {
93 u16 dev_id;
94 const char * const dev_name;
95};
96
97struct vendor_name {
98 u16 vendor_id;
99 const char *vendor_name;
100 const struct device_name *dev_names;
101};
102
103static const struct device_name infineon_devices[] = {
104 {0xb, "SLB9635 TT 1.2"},
105 {0}
106};
107
108static const struct vendor_name vendor_names[] = {
109 {0x15d1, "Infineon", infineon_devices},
110};
111
112/*
113 * Cached vendor/device ID pair to indicate that the device has been already
114 * discovered.
115 */
116static u32 vendor_dev_id;
117
118/* TPM access wrappers to support tracing */
119static u8 tpm_read_byte(const u8 *ptr)
120{
121 u8 ret = readb(ptr);
122 debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
Taylor Huttb3ae1442013-04-12 10:44:56 +0000123 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000124 return ret;
125}
126
127static u32 tpm_read_word(const u32 *ptr)
128{
129 u32 ret = readl(ptr);
130 debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
Taylor Huttb3ae1442013-04-12 10:44:56 +0000131 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000132 return ret;
133}
134
135static void tpm_write_byte(u8 value, u8 *ptr)
136{
137 debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
Taylor Huttb3ae1442013-04-12 10:44:56 +0000138 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000139 writeb(value, ptr);
140}
141
142static void tpm_write_word(u32 value, u32 *ptr)
143{
144 debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
Taylor Huttb3ae1442013-04-12 10:44:56 +0000145 (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000146 writel(value, ptr);
147}
148
149/*
150 * tis_wait_reg()
151 *
152 * Wait for at least a second for a register to change its state to match the
153 * expected state. Normally the transition happens within microseconds.
154 *
155 * @reg - pointer to the TPM register
156 * @mask - bitmask for the bitfield(s) to watch
157 * @expected - value the field(s) are supposed to be set to
158 *
159 * Returns the register contents in case the expected value was found in the
160 * appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
161 */
162static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected)
163{
164 u32 time_us = MAX_DELAY_US;
165
166 while (time_us > 0) {
167 u32 value = tpm_read_word(reg);
168 if ((value & mask) == expected)
169 return value;
170 udelay(1); /* 1 us */
171 time_us--;
172 }
173 return TPM_TIMEOUT_ERR;
174}
175
176/*
177 * Probe the TPM device and try determining its manufacturer/device name.
178 *
179 * Returns 0 on success (the device is found or was found during an earlier
180 * invocation) or TPM_DRIVER_ERR if the device is not found.
181 */
182int tis_init(void)
183{
184 u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid);
185 int i;
186 const char *device_name = "unknown";
187 const char *vendor_name = device_name;
188 u16 vid, did;
189
190 if (vendor_dev_id)
191 return 0; /* Already probed. */
192
193 if (!didvid || (didvid == 0xffffffff)) {
194 printf("%s: No TPM device found\n", __func__);
195 return TPM_DRIVER_ERR;
196 }
197
198 vendor_dev_id = didvid;
199
200 vid = didvid & 0xffff;
201 did = (didvid >> 16) & 0xffff;
202 for (i = 0; i < ARRAY_SIZE(vendor_names); i++) {
203 int j = 0;
204 u16 known_did;
205
206 if (vid == vendor_names[i].vendor_id)
207 vendor_name = vendor_names[i].vendor_name;
208
209 while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) {
210 if (known_did == did) {
211 device_name =
212 vendor_names[i].dev_names[j].dev_name;
213 break;
214 }
215 j++;
216 }
217 break;
218 }
219
220 printf("Found TPM %s by %s\n", device_name, vendor_name);
221 return 0;
222}
223
224/*
225 * tis_senddata()
226 *
227 * send the passed in data to the TPM device.
228 *
229 * @data - address of the data to send, byte by byte
230 * @len - length of the data to send
231 *
232 * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
233 * not accept the entire command).
234 */
235static u32 tis_senddata(const u8 * const data, u32 len)
236{
237 u32 offset = 0;
238 u16 burst = 0;
239 u32 max_cycles = 0;
240 u8 locality = 0;
241 u32 value;
242
243 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
244 TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
245 if (value == TPM_TIMEOUT_ERR) {
246 printf("%s:%d - failed to get 'command_ready' status\n",
247 __FILE__, __LINE__);
248 return TPM_DRIVER_ERR;
249 }
250 burst = burst_count(value);
251
252 while (1) {
253 unsigned count;
254
255 /* Wait till the device is ready to accept more data. */
256 while (!burst) {
257 if (max_cycles++ == MAX_DELAY_US) {
258 printf("%s:%d failed to feed %d bytes of %d\n",
259 __FILE__, __LINE__, len - offset, len);
260 return TPM_DRIVER_ERR;
261 }
262 udelay(1);
263 burst = burst_count(tpm_read_word(&lpc_tpm_dev
264 [locality].tpm_status));
265 }
266
267 max_cycles = 0;
268
269 /*
270 * Calculate number of bytes the TPM is ready to accept in one
271 * shot.
272 *
273 * We want to send the last byte outside of the loop (hence
274 * the -1 below) to make sure that the 'expected' status bit
275 * changes to zero exactly after the last byte is fed into the
276 * FIFO.
277 */
Masahiro Yamadadb204642014-11-07 03:03:31 +0900278 count = min((u32)burst, len - offset - 1);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000279 while (count--)
280 tpm_write_byte(data[offset++],
281 &lpc_tpm_dev[locality].data);
282
283 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
284 TIS_STS_VALID, TIS_STS_VALID);
285
286 if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) {
287 printf("%s:%d TPM command feed overflow\n",
288 __FILE__, __LINE__);
289 return TPM_DRIVER_ERR;
290 }
291
292 burst = burst_count(value);
293 if ((offset == (len - 1)) && burst) {
294 /*
295 * We need to be able to send the last byte to the
296 * device, so burst size must be nonzero before we
297 * break out.
298 */
299 break;
300 }
301 }
302
303 /* Send the last byte. */
304 tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data);
305 /*
306 * Verify that TPM does not expect any more data as part of this
307 * command.
308 */
309 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
310 TIS_STS_VALID, TIS_STS_VALID);
311 if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) {
312 printf("%s:%d unexpected TPM status 0x%x\n",
313 __FILE__, __LINE__, value);
314 return TPM_DRIVER_ERR;
315 }
316
317 /* OK, sitting pretty, let's start the command execution. */
318 tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status);
319 return 0;
320}
321
322/*
323 * tis_readresponse()
324 *
325 * read the TPM device response after a command was issued.
326 *
327 * @buffer - address where to read the response, byte by byte.
328 * @len - pointer to the size of buffer
329 *
330 * On success stores the number of received bytes to len and returns 0. On
331 * errors (misformatted TPM data or synchronization problems) returns
332 * TPM_DRIVER_ERR.
333 */
334static u32 tis_readresponse(u8 *buffer, u32 *len)
335{
336 u16 burst;
337 u32 value;
338 u32 offset = 0;
339 u8 locality = 0;
340 const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID;
341 u32 expected_count = *len;
342 int max_cycles = 0;
343
344 /* Wait for the TPM to process the command. */
345 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
346 has_data, has_data);
347 if (value == TPM_TIMEOUT_ERR) {
348 printf("%s:%d failed processing command\n",
349 __FILE__, __LINE__);
350 return TPM_DRIVER_ERR;
351 }
352
353 do {
354 while ((burst = burst_count(value)) == 0) {
355 if (max_cycles++ == MAX_DELAY_US) {
356 printf("%s:%d TPM stuck on read\n",
357 __FILE__, __LINE__);
358 return TPM_DRIVER_ERR;
359 }
360 udelay(1);
361 value = tpm_read_word(&lpc_tpm_dev
362 [locality].tpm_status);
363 }
364
365 max_cycles = 0;
366
367 while (burst-- && (offset < expected_count)) {
368 buffer[offset++] = tpm_read_byte(&lpc_tpm_dev
369 [locality].data);
370
371 if (offset == 6) {
372 /*
373 * We got the first six bytes of the reply,
374 * let's figure out how many bytes to expect
375 * total - it is stored as a 4 byte number in
376 * network order, starting with offset 2 into
377 * the body of the reply.
378 */
379 u32 real_length;
380 memcpy(&real_length,
381 buffer + 2,
382 sizeof(real_length));
383 expected_count = be32_to_cpu(real_length);
384
385 if ((expected_count < offset) ||
386 (expected_count > *len)) {
387 printf("%s:%d bad response size %d\n",
388 __FILE__, __LINE__,
389 expected_count);
390 return TPM_DRIVER_ERR;
391 }
392 }
393 }
394
395 /* Wait for the next portion. */
396 value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
397 TIS_STS_VALID, TIS_STS_VALID);
398 if (value == TPM_TIMEOUT_ERR) {
399 printf("%s:%d failed to read response\n",
400 __FILE__, __LINE__);
401 return TPM_DRIVER_ERR;
402 }
403
404 if (offset == expected_count)
405 break; /* We got all we needed. */
406
407 } while ((value & has_data) == has_data);
408
409 /*
410 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
411 * known to be set.
412 */
413 if (value & TIS_STS_DATA_AVAILABLE) {
414 printf("%s:%d wrong receive status %x\n",
415 __FILE__, __LINE__, value);
416 return TPM_DRIVER_ERR;
417 }
418
419 /* Tell the TPM that we are done. */
420 tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev
421 [locality].tpm_status);
422 *len = offset;
423 return 0;
424}
425
426int tis_open(void)
427{
428 u8 locality = 0; /* we use locality zero for everything. */
429
Vadim Bendeburydac69642011-10-17 08:36:14 +0000430 /* now request access to locality. */
431 tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access);
432
433 /* did we get a lock? */
434 if (tis_wait_reg(&lpc_tpm_dev[locality].access,
435 TIS_ACCESS_ACTIVE_LOCALITY,
436 TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) {
437 printf("%s:%d - failed to lock locality %d\n",
438 __FILE__, __LINE__, locality);
439 return TPM_DRIVER_ERR;
440 }
441
442 tpm_write_word(TIS_STS_COMMAND_READY,
443 &lpc_tpm_dev[locality].tpm_status);
444 return 0;
445}
446
447int tis_close(void)
448{
449 u8 locality = 0;
450
451 if (tpm_read_word(&lpc_tpm_dev[locality].access) &
452 TIS_ACCESS_ACTIVE_LOCALITY) {
453 tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY,
454 &lpc_tpm_dev[locality].access);
455
456 if (tis_wait_reg(&lpc_tpm_dev[locality].access,
457 TIS_ACCESS_ACTIVE_LOCALITY, 0) ==
458 TPM_TIMEOUT_ERR) {
459 printf("%s:%d - failed to release locality %d\n",
460 __FILE__, __LINE__, locality);
461 return TPM_DRIVER_ERR;
462 }
463 }
464 return 0;
465}
466
467int tis_sendrecv(const u8 *sendbuf, size_t send_size,
468 u8 *recvbuf, size_t *recv_len)
469{
470 if (tis_senddata(sendbuf, send_size)) {
471 printf("%s:%d failed sending data to TPM\n",
472 __FILE__, __LINE__);
473 return TPM_DRIVER_ERR;
474 }
475
Taylor Huttb3ae1442013-04-12 10:44:56 +0000476 return tis_readresponse(recvbuf, (u32 *)recv_len);
Vadim Bendeburydac69642011-10-17 08:36:14 +0000477}