1 /* SPDX-License-Identifier: GPL-2.0-only */
3 /* Based on Linux Kernel TPM driver */
6 * cr50 is a TPM 2.0 capable device that requires special
7 * handling for the I2C interface.
9 * - Use an interrupt for transaction status instead of hardcoded delays
10 * - Must use write+wait+read read protocol
11 * - All 4 bytes of status register must be read/written at once
12 * - Burst count max is 63 bytes, and burst count behaves
13 * slightly differently than other I2C TPMs
14 * - When reading from FIFO the full burstcnt must be read
15 * instead of just reading header and determining the remainder
18 #include <commonlib/endian.h>
19 #include <commonlib/helpers.h>
20 #include <console/console.h>
22 #include <device/i2c_simple.h>
23 #include <drivers/tpm/cr50.h>
25 #include <security/tpm/tis.h>
32 #define CR50_MAX_BUFSIZE 63
33 #define CR50_TIMEOUT_INIT_MS 30000 /* Very long timeout for TPM init */
34 #define CR50_TIMEOUT_LONG_MS 2000 /* Long timeout while waiting for TPM */
35 #define CR50_TIMEOUT_SHORT_MS 2 /* Short timeout during transactions */
36 #define CR50_DID_VID 0x00281ae0L
37 #define TI50_DT_DID_VID 0x504a6666L
38 #define TI50_OT_DID_VID 0x50666666L
44 uint8_t buf
[CR50_MAX_BUFSIZE
+ sizeof(uint8_t)];
47 static struct tpm_inf_dev tpm_dev
;
50 * cr50_i2c_read() - read from TPM register
52 * @addr: register address to read from
53 * @buffer: provided by caller
54 * @len: number of bytes to read
56 * 1) send register address byte 'addr' to the TPM
57 * 2) wait for TPM to indicate it is ready
58 * 3) read 'len' bytes of TPM response into the provided 'buffer'
60 * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
62 static tpm_result_t
cr50_i2c_read(uint8_t addr
, uint8_t *buffer
, size_t len
)
64 if (tpm_dev
.addr
== 0)
65 return TPM_CB_INVALID_ARG
;
67 /* Clear interrupt before starting transaction */
68 cr50_plat_irq_status();
70 /* Send the register address byte to the TPM */
71 if (i2c_write_raw(tpm_dev
.bus
, tpm_dev
.addr
, &addr
, 1)) {
72 printk(BIOS_ERR
, "%s: Address write failed\n", __func__
);
73 return TPM_CB_COMMUNICATION_ERROR
;
76 /* Wait for TPM to be ready with response data */
77 if (cr50_wait_tpm_ready() != CB_SUCCESS
)
78 return TPM_CB_TIMEOUT
;
80 /* Read response data from the TPM */
81 if (i2c_read_raw(tpm_dev
.bus
, tpm_dev
.addr
, buffer
, len
)) {
82 printk(BIOS_ERR
, "%s: Read response failed\n", __func__
);
83 return TPM_CB_COMMUNICATION_ERROR
;
90 * cr50_i2c_write() - write to TPM register
92 * @addr: register address to write to
93 * @buffer: data to write
94 * @len: number of bytes to write
96 * 1) prepend the provided address to the provided data
97 * 2) send the address+data to the TPM
98 * 3) wait for TPM to indicate it is done writing
100 * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
102 static tpm_result_t
cr50_i2c_write(uint8_t addr
, const uint8_t *buffer
, size_t len
)
104 if (tpm_dev
.addr
== 0)
105 return TPM_CB_INVALID_ARG
;
106 if (len
> CR50_MAX_BUFSIZE
)
107 return TPM_CB_INVALID_ARG
;
109 /* Prepend the 'register address' to the buffer */
110 tpm_dev
.buf
[0] = addr
;
111 memcpy(tpm_dev
.buf
+ 1, buffer
, len
);
113 /* Clear interrupt before starting transaction */
114 cr50_plat_irq_status();
116 /* Send write request buffer with address */
117 if (i2c_write_raw(tpm_dev
.bus
, tpm_dev
.addr
, tpm_dev
.buf
, len
+ 1)) {
118 printk(BIOS_ERR
, "%s: Error writing to TPM\n", __func__
);
119 return TPM_CB_COMMUNICATION_ERROR
;
122 /* Wait for TPM to be ready */
123 return cr50_wait_tpm_ready() == CB_SUCCESS
? TPM_SUCCESS
: TPM_CB_TIMEOUT
;
127 * Cr50 processes reset requests asynchronously and conceivably could be busy
128 * executing a long command and not reacting to the reset pulse for a while.
130 * This function will make sure that the AP does not proceed with boot until
131 * TPM finished reset processing.
133 * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
135 static tpm_result_t
process_reset(void)
138 tpm_result_t rc
= TPM_SUCCESS
;
142 * Locality is released by TPM reset.
144 * If locality is taken at this point, this could be due to the fact
145 * that the TPM is performing a long operation and has not processed
146 * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
147 * it releases locality when reset is processed.
149 stopwatch_init_msecs_expire(&sw
, CR50_TIMEOUT_INIT_MS
);
152 TPM_ACCESS_VALID
| TPM_ACCESS_ACTIVE_LOCALITY
;
154 rc
= cr50_i2c_read(TPM_ACCESS(0),
155 &access
, sizeof(access
));
156 if (rc
|| ((access
& mask
) == mask
)) {
158 * Don't bombard the chip with traffic, let it keep
159 * processing the command.
165 printk(BIOS_INFO
, "TPM ready after %lld ms\n",
166 stopwatch_duration_msecs(&sw
));
169 } while (!stopwatch_expired(&sw
));
172 printk(BIOS_ERR
, "Failed to read TPM with error %d\n", rc
);
176 "TPM failed to reset after %lld ms, status: %#x\n",
177 stopwatch_duration_msecs(&sw
), access
);
182 * Locality could be already claimed (if this is a later coreboot stage and
183 * the RO did not release it), or not yet claimed, if this is verstage or the
184 * older RO did release it.
186 * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
188 static tpm_result_t
claim_locality(void)
191 const uint8_t mask
= TPM_ACCESS_VALID
| TPM_ACCESS_ACTIVE_LOCALITY
;
192 tpm_result_t rc
= TPM_SUCCESS
;
194 rc
= cr50_i2c_read(TPM_ACCESS(0), &access
, sizeof(access
));
198 if ((access
& mask
) == mask
) {
199 printk(BIOS_INFO
, "Locality already claimed\n");
203 access
= TPM_ACCESS_REQUEST_USE
;
204 rc
= cr50_i2c_write(TPM_ACCESS(0),
205 &access
, sizeof(access
));
209 rc
= cr50_i2c_read(TPM_ACCESS(0), &access
, sizeof(access
));
213 if ((access
& mask
) != mask
) {
214 printk(BIOS_INFO
, "Failed to claim locality.\n");
222 * cr50 requires all 4 bytes of status register to be read
224 * Returns lowest 8-bits of the TIS Status register value
225 * see tis_status bit mask enumerated type in tis.h.
228 static uint8_t cr50_i2c_tis_status(void)
231 tpm_result_t rc
= cr50_i2c_read(TPM_STS(tpm_dev
.locality
), buf
, sizeof(buf
));
233 printk(BIOS_ERR
, "%s: Failed to read status with error %#x\n", __func__
, rc
);
239 /* cr50 requires all 4 bytes of status register to be written */
240 static void cr50_i2c_tis_ready(void)
242 uint8_t buf
[4] = { TPM_STS_COMMAND_READY
};
243 cr50_i2c_write(TPM_STS(tpm_dev
.locality
), buf
, sizeof(buf
));
244 mdelay(CR50_TIMEOUT_SHORT_MS
);
247 /* cr50 uses bytes 3:2 of status register for burst count and
248 * all 4 bytes must be read
250 * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
252 static tpm_result_t
cr50_i2c_wait_burststs(uint8_t mask
, size_t *burst
, int *status
)
256 tpm_result_t rc
= TPM_SUCCESS
;
258 stopwatch_init_msecs_expire(&sw
, CR50_TIMEOUT_LONG_MS
);
260 while (!stopwatch_expired(&sw
)) {
261 rc
= cr50_i2c_read(TPM_STS(tpm_dev
.locality
), buf
, sizeof(buf
));
263 mdelay(CR50_TIMEOUT_SHORT_MS
);
268 *burst
= read_le16(&buf
[1]);
270 /* Check if mask matches and burst is valid */
271 if ((*status
& mask
) == mask
&&
272 *burst
> 0 && *burst
<= CR50_MAX_BUFSIZE
)
275 mdelay(CR50_TIMEOUT_SHORT_MS
);
277 printk(BIOS_ERR
, "%s: Timeout reading burst and status with error %#x\n", __func__
, rc
);
280 return TPM_CB_COMMUNICATION_ERROR
;
283 static int cr50_i2c_tis_recv(uint8_t *buf
, size_t buf_len
)
285 size_t burstcnt
, current
, len
, expected
;
286 uint8_t addr
= TPM_DATA_FIFO(tpm_dev
.locality
);
287 uint8_t mask
= TPM_STS_VALID
| TPM_STS_DATA_AVAIL
;
289 tpm_result_t rc
= TPM_SUCCESS
;
291 if (buf_len
< TPM_HEADER_SIZE
)
294 rc
= cr50_i2c_wait_burststs(mask
, &burstcnt
, &status
);
296 printk(BIOS_ERR
, "%s: First chunk not available with error %#x\n", __func__
, rc
);
300 /* Read first chunk of burstcnt bytes */
301 rc
= cr50_i2c_read(addr
, buf
, burstcnt
);
303 printk(BIOS_ERR
, "%s: Read failed with error %#x\n", __func__
, rc
);
307 /* Determine expected data in the return buffer */
308 expected
= read_be32(buf
+ TPM_RSP_SIZE_BYTE
);
309 if (expected
> buf_len
) {
310 printk(BIOS_ERR
, "%s: Too much data: %zu > %zu\n",
311 __func__
, expected
, buf_len
);
315 /* Now read the rest of the data */
317 while (current
< expected
) {
318 /* Read updated burst count and check status */
319 if (cr50_i2c_wait_burststs(mask
, &burstcnt
, &status
))
322 len
= MIN(burstcnt
, expected
- current
);
323 rc
= cr50_i2c_read(addr
, buf
+ current
, len
);
325 printk(BIOS_ERR
, "%s: Read failed with error %#x\n", __func__
, rc
);
332 /* Ensure TPM is done reading data */
333 if (cr50_i2c_wait_burststs(TPM_STS_VALID
, &burstcnt
, &status
))
335 if (status
& TPM_STS_DATA_AVAIL
) {
336 printk(BIOS_ERR
, "%s: Data still available\n", __func__
);
343 /* Abort current transaction if still pending */
344 if (cr50_i2c_tis_status() & TPM_STS_COMMAND_READY
)
345 cr50_i2c_tis_ready();
349 static int cr50_i2c_tis_send(uint8_t *buf
, size_t len
)
352 size_t burstcnt
, limit
, sent
= 0;
353 uint8_t tpm_go
[4] = { TPM_STS_GO
};
355 tpm_result_t rc
= TPM_SUCCESS
;
357 stopwatch_init_msecs_expire(&sw
, CR50_TIMEOUT_LONG_MS
);
359 /* Wait until TPM is ready for a command */
360 while (!(cr50_i2c_tis_status() & TPM_STS_COMMAND_READY
)) {
361 if (stopwatch_expired(&sw
)) {
362 printk(BIOS_ERR
, "%s: Command ready timeout\n",
367 cr50_i2c_tis_ready();
371 uint8_t mask
= TPM_STS_VALID
;
373 /* Wait for data if this is not the first chunk */
375 mask
|= TPM_STS_DATA_EXPECT
;
377 /* Read burst count and check status */
378 if (cr50_i2c_wait_burststs(mask
, &burstcnt
, &status
))
381 /* Use burstcnt - 1 to account for the address byte
382 * that is inserted by cr50_i2c_write() */
383 limit
= MIN(burstcnt
- 1, len
);
384 rc
= cr50_i2c_write(TPM_DATA_FIFO(tpm_dev
.locality
), &buf
[sent
], limit
);
386 printk(BIOS_ERR
, "%s: Write failed with error %#x\n", __func__
, rc
);
394 /* Ensure TPM is not expecting more data */
395 if (cr50_i2c_wait_burststs(TPM_STS_VALID
, &burstcnt
, &status
))
397 if (status
& TPM_STS_DATA_EXPECT
) {
398 printk(BIOS_ERR
, "%s: Data still expected\n", __func__
);
402 /* Start the TPM command */
403 rc
= cr50_i2c_write(TPM_STS(tpm_dev
.locality
), tpm_go
, sizeof(tpm_go
));
405 printk(BIOS_ERR
, "%s: Start command failed with error %#x\n", __func__
, rc
);
411 /* Abort current transaction if still pending */
412 if (cr50_i2c_tis_status() & TPM_STS_COMMAND_READY
)
413 cr50_i2c_tis_ready();
417 static void cr50_vendor_init(struct tpm_chip
*chip
)
419 chip
->req_complete_mask
= TPM_STS_DATA_AVAIL
| TPM_STS_VALID
;
420 chip
->req_complete_val
= TPM_STS_DATA_AVAIL
| TPM_STS_VALID
;
421 chip
->req_canceled
= TPM_STS_COMMAND_READY
;
422 chip
->status
= &cr50_i2c_tis_status
;
423 chip
->recv
= &cr50_i2c_tis_recv
;
424 chip
->send
= &cr50_i2c_tis_send
;
425 chip
->cancel
= &cr50_i2c_tis_ready
;
428 tpm_result_t
tpm_vendor_probe(unsigned int bus
, uint32_t addr
, enum tpm_family
*family
)
436 static tpm_result_t
cr50_i2c_probe(uint32_t *did_vid
)
439 tpm_result_t rc
= TPM_SUCCESS
;
442 * 1s should be enough to synchronize with the TPM even under the
443 * worst nested reset request conditions. In vast majority of cases
444 * there would be no wait at all. If this probe fails, boot likely
445 * cannot proceed, so an extra long timeout is appropriate.
447 printk(BIOS_INFO
, "Probing TPM I2C: ");
449 for (retries
= 100; retries
> 0; retries
--) {
450 rc
= cr50_i2c_read(TPM_DID_VID(0), (uint8_t *)did_vid
, 4);
452 /* Exit once DID and VID verified */
453 if (!rc
&& (*did_vid
== CR50_DID_VID
|| *did_vid
== TI50_DT_DID_VID
||
454 *did_vid
== TI50_OT_DID_VID
)) {
455 printk(BIOS_INFO
, "done! DID_VID 0x%08x\n", *did_vid
);
459 /* TPM might be resetting, let's retry in a bit. */
461 printk(BIOS_INFO
, ".");
465 * I2C reads failed, or the DID and VID didn't match
468 printk(BIOS_ERR
, "DID_VID 0x%08x not recognized\n", *did_vid
);
471 return TPM_CB_COMMUNICATION_ERROR
;
474 tpm_result_t
tpm_vendor_init(struct tpm_chip
*chip
, unsigned int bus
, uint32_t dev_addr
)
476 uint32_t did_vid
= 0;
477 tpm_result_t rc
= TPM_SUCCESS
;
480 printk(BIOS_ERR
, "%s: missing device address\n", __func__
);
481 return TPM_CB_INVALID_ARG
;
485 tpm_dev
.addr
= dev_addr
;
487 cr50_vendor_init(chip
);
489 rc
= cr50_i2c_probe(&did_vid
);
493 if (ENV_SEPARATE_VERSTAGE
|| ENV_BOOTBLOCK
) {
494 rc
= process_reset();
499 rc
= claim_locality();
503 printk(BIOS_DEBUG
, "GSC TPM 2.0 (i2c %u:0x%02x id %#x)\n",
504 bus
, dev_addr
, did_vid
>> 16);
506 if (tpm_first_access_this_boot()) {
507 /* This is called for the side-effect of printing the version string. */
508 cr50_get_firmware_version(NULL
);
509 cr50_set_board_cfg();
515 enum cb_err
tis_vendor_write(unsigned int addr
, const void *buffer
, size_t bytes
)
517 return cr50_i2c_write(addr
& 0xff, buffer
, bytes
) ? CB_ERR
: CB_SUCCESS
;
520 enum cb_err
tis_vendor_read(unsigned int addr
, void *buffer
, size_t bytes
)
522 return cr50_i2c_read(addr
& 0xff, buffer
, bytes
) ? CB_ERR
: CB_SUCCESS
;