search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mb/amb/birman*/gpio: remove configuration for VDD_MEM_VID[0,1]
[coreboot2.git] / src / drivers / i2c / tpm / tpm.c
blob71582c97921f6227c73f4d1bce92d1b8f5eba819
1 /* SPDX-License-Identifier: GPL-2.0-only */
2
3 /*
4 * Description:
5 * Device driver for TCG/TCPA TPM (trusted platform module).
6 * Specifications at www.trustedcomputinggroup.org
7 *
8 * This device driver implements the TPM interface as defined in
9 * the TCG TPM Interface Spec version 1.2, revision 1.0 and the
10 * Infineon I2C Protocol Stack Specification v0.20.
11 *
12 * It is based on the Linux kernel driver tpm.c from Leendert van
13 * Dorn, Dave Safford, Reiner Sailer, and Kyleen Hall.
14 *
15 * Version: 2.1.1
16 */
17
18 #include <commonlib/endian.h>
19 #include <string.h>
20 #include <types.h>
21 #include <delay.h>
22 #include <console/console.h>
23 #include <device/i2c_simple.h>
24 #include <endian.h>
25 #include <timer.h>
26 #include <security/tpm/tis.h>
27 #include "tpm.h"
28
29 /* max. number of iterations after I2C NAK */
30 #define MAX_COUNT 3
31
32 #define SLEEP_DURATION 60 /* in usec */
33 #define SLEEP_DURATION_LONG 210 /* in usec */
34 #define SLEEP_DURATION_PROBE_MS 1000 /* in msec */
35
36 /* max. number of iterations after I2C NAK for 'long' commands
37 * we need this especially for sending TPM_READY, since the cleanup after the
38 * transition to the ready state may take some time, but it is unpredictable
39 * how long it will take.
40 */
41 #define MAX_COUNT_LONG 50
42
43 /* expected value for DIDVID register */
44 #define TPM_TIS_I2C_DID_VID_9635 0x000b15d1L
45 #define TPM_TIS_I2C_DID_VID_9645 0x001a15d1L
46
47 enum i2c_chip_type {
48 SLB9635,
49 SLB9645,
50 UNKNOWN,
51 };
52
53 static const char *const chip_name[] = {
54 [SLB9635] = "slb9635tt",
55 [SLB9645] = "slb9645tt",
56 [UNKNOWN] = "unknown/fallback to slb9635",
57 };
58
59 /* Structure to store I2C TPM specific stuff */
60 struct tpm_inf_dev {
61 int bus;
62 int locality;
63 unsigned int addr;
64 unsigned int sleep_short; /* Short sleep duration in usec */
65 unsigned int sleep_long; /* Long sleep duration in usec */
66 uint8_t buf[TPM_BUFSIZE + sizeof(uint8_t)]; // max. buffer size + addr
67 enum i2c_chip_type chip_type;
68 };
69
70 static struct tpm_inf_dev tpm_dev;
71
72 /*
73 * iic_tpm_read() - read from TPM register
74 * @addr: register address to read from
75 * @buffer: provided by caller
76 * @len: number of bytes to read
77 *
78 * Read len bytes from TPM register and put them into
79 * buffer (little-endian format, i.e. first byte is put into buffer[0]).
80 *
81 * NOTE: TPM is big-endian for multi-byte values. Multi-byte
82 * values have to be swapped.
83 *
84 * Return -1 on error, 0 on success.
85 */
86 static int iic_tpm_read(uint8_t addr, uint8_t *buffer, size_t len)
87 {
88 int rc;
89 int count;
90
91 if (tpm_dev.addr == 0)
92 return -1;
93
94 switch (tpm_dev.chip_type) {
95 case SLB9635:
96 case UNKNOWN:
97 /* slb9635 protocol should work in both cases */
98 for (count = 0; count < MAX_COUNT; count++) {
99 rc = i2c_write_raw(tpm_dev.bus, tpm_dev.addr,
100 &addr, 1);
101 if (rc == 0)
102 break; /* success, break to skip sleep */
103
104 udelay(tpm_dev.sleep_short);
105 }
106
107 if (rc)
108 return -1;
109
110 /* After the TPM has successfully received the register address
111 * it needs some time, thus we're sleeping here again, before
112 * retrieving the data
113 */
114 for (count = 0; count < MAX_COUNT; count++) {
115 udelay(tpm_dev.sleep_short);
116 rc = i2c_read_raw(tpm_dev.bus, tpm_dev.addr,
117 buffer, len);
118 if (rc == 0)
119 break; /* success, break to skip sleep */
120 }
121 break;
122
123 default:
124 {
125 /* use a combined read for newer chips
126 * unfortunately the smbus functions are not suitable due to
127 * the 32 byte limit of the smbus.
128 * retries should usually not be needed, but are kept just to
129 * be safe on the safe side.
130 */
131 struct i2c_msg aseg = { .flags = 0, .slave = tpm_dev.addr,
132 .buf = &addr, .len = 1 };
133 struct i2c_msg dseg = { .flags = I2C_M_RD,
134 .slave = tpm_dev.addr,
135 .buf = buffer, .len = len };
136 for (count = 0; count < MAX_COUNT; count++) {
137 rc = i2c_transfer(tpm_dev.bus, &aseg, 1) ||
138 i2c_transfer(tpm_dev.bus, &dseg, 1);
139 if (rc == 0)
140 break; /* break here to skip sleep */
141 udelay(tpm_dev.sleep_short);
142 }
143 }
144 }
145
146 /* take care of 'guard time' */
147 udelay(tpm_dev.sleep_short);
148 if (rc)
149 return -1;
150
151 return 0;
152 }
153
154 static int iic_tpm_write_generic(uint8_t addr, uint8_t *buffer, size_t len,
155 unsigned int sleep_time,
156 uint8_t max_count)
157 {
158 int rc = 0;
159 int count;
160
161 if (len > TPM_BUFSIZE) {
162 printk(BIOS_DEBUG, "%s: Length %zd is too large\n",
163 __func__, len);
164 return -1;
165 }
166
167 /* prepare send buffer */
168 tpm_dev.buf[0] = addr;
169 memcpy(&(tpm_dev.buf[1]), buffer, len);
170
171 if (tpm_dev.addr == 0)
172 return -1;
173 for (count = 0; count < max_count; count++) {
174 rc = i2c_write_raw(tpm_dev.bus, tpm_dev.addr,
175 tpm_dev.buf, len + 1);
176 if (rc == 0)
177 break; /* success, break to skip sleep */
178
179 udelay(sleep_time);
180 }
181
182 /* take care of 'guard time' */
183 udelay(tpm_dev.sleep_short);
184 if (rc)
185 return -1;
186
187 return 0;
188 }
189
190 /*
191 * iic_tpm_write() - write to TPM register
192 * @addr: register address to write to
193 * @buffer: containing data to be written
194 * @len: number of bytes to write
195 *
196 * Write len bytes from provided buffer to TPM register (little
197 * endian format, i.e. buffer[0] is written as first byte).
198 *
199 * NOTE: TPM is big-endian for multi-byte values. Multi-byte
200 * values have to be swapped.
201 *
202 * NOTE: use this function instead of the iic_tpm_write_generic function.
203 *
204 * Return -EIO on error, 0 on success
205 */
206 static int iic_tpm_write(uint8_t addr, uint8_t *buffer, size_t len)
207 {
208 return iic_tpm_write_generic(addr, buffer, len, tpm_dev.sleep_short,
209 MAX_COUNT);
210 }
211
212 /*
213 * This function is needed especially for the cleanup situation after
214 * sending TPM_READY
215 * */
216 static int iic_tpm_write_long(uint8_t addr, uint8_t *buffer, size_t len)
217 {
218 return iic_tpm_write_generic(addr, buffer, len, tpm_dev.sleep_long,
219 MAX_COUNT_LONG);
220 }
221
222 static int check_locality(int loc)
223 {
224 uint8_t buf;
225
226 if (iic_tpm_read(TPM_ACCESS(loc), &buf, 1) < 0)
227 return -1;
228
229 if ((buf & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) ==
230 (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
231 tpm_dev.locality = loc;
232 return loc;
233 }
234
235 return -1;
236 }
237
238 static void release_locality(int loc, int force)
239 {
240 uint8_t buf;
241 if (iic_tpm_read(TPM_ACCESS(loc), &buf, 1) < 0)
242 return;
243
244 if (force || (buf & (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID)) ==
245 (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID)) {
246 buf = TPM_ACCESS_ACTIVE_LOCALITY;
247 iic_tpm_write(TPM_ACCESS(loc), &buf, 1);
248 }
249 }
250
251 static int request_locality(int loc)
252 {
253 uint8_t buf = TPM_ACCESS_REQUEST_USE;
254
255 if (check_locality(loc) >= 0)
256 return loc; /* we already have the locality */
257
258 iic_tpm_write(TPM_ACCESS(loc), &buf, 1);
259
260 /* wait for burstcount */
261 int timeout = 2 * 1000; /* 2s timeout */
262 while (timeout) {
263 if (check_locality(loc) >= 0)
264 return loc;
265 mdelay(TPM_TIMEOUT);
266 timeout--;
267 }
268
269 return -1;
270 }
271
272 static uint8_t tpm_tis_i2c_status(void)
273 {
274 /* NOTE: Since I2C read may fail, return 0 in this case --> time-out */
275 uint8_t buf;
276 if (iic_tpm_read(TPM_STS(tpm_dev.locality), &buf, 1) < 0)
277 return 0;
278 else if (buf == 0xff) /* Some TPMs sometimes randomly return 0xff. */
279 return 0;
280 else
281 return buf;
282 }
283
284 static void tpm_tis_i2c_ready(void)
285 {
286 /* this causes the current command to be aborted */
287 uint8_t buf = TPM_STS_COMMAND_READY;
288 iic_tpm_write_long(TPM_STS(tpm_dev.locality), &buf, 1);
289 }
290
291 static ssize_t get_burstcount(void)
292 {
293 ssize_t burstcnt;
294 uint8_t buf[3];
295
296 /* wait for burstcount */
297 int timeout = 2 * 1000; /* 2s timeout */
298 while (timeout) {
299 /* Note: STS is little endian */
300 if (iic_tpm_read(TPM_STS(tpm_dev.locality) + 1, buf, 3)
301 < 0)
302 burstcnt = 0;
303 else
304 burstcnt = (buf[2] << 16) + (buf[1] << 8) + buf[0];
305
306 if (burstcnt && burstcnt != 0xffffff)
307 return burstcnt;
308 mdelay(TPM_TIMEOUT);
309 timeout--;
310 }
311 return -1;
312 }
313
314 static int wait_for_stat(uint8_t mask, int *status)
315 {
316 unsigned long timeout = 2 * 1024;
317 while (timeout) {
318 *status = tpm_tis_i2c_status();
319 if ((*status & mask) == mask)
320 return 0;
321 mdelay(TPM_TIMEOUT);
322 timeout--;
323 }
324
325 return -1;
326 }
327
328 static int recv_data(uint8_t *buf, size_t count)
329 {
330 size_t size = 0;
331
332 while (size < count) {
333 ssize_t burstcnt = get_burstcount();
334 int rc;
335
336 /* burstcount < 0 = TPM is busy */
337 if (burstcnt < 0)
338 return burstcnt;
339
340 /* limit received data to max. left */
341 if (burstcnt > (count - size))
342 burstcnt = count - size;
343
344 rc = iic_tpm_read(TPM_DATA_FIFO(tpm_dev.locality),
345 &(buf[size]),
346 burstcnt);
347 if (rc == 0)
348 size += burstcnt;
349 }
350 return size;
351 }
352
353 static int tpm_tis_i2c_recv(uint8_t *buf, size_t count)
354 {
355 int size = 0;
356 uint32_t expected;
357 int status;
358
359 if (count < TPM_HEADER_SIZE) {
360 size = -1;
361 goto out;
362 }
363
364 /* read first 10 bytes, including tag, paramsize, and result */
365 size = recv_data(buf, TPM_HEADER_SIZE);
366 if (size < TPM_HEADER_SIZE) {
367 printk(BIOS_DEBUG, "%s: Unable to read header\n", __func__);
368 goto out;
369 }
370
371 memcpy(&expected, buf + TPM_RSP_SIZE_BYTE, sizeof(expected));
372 expected = be32_to_cpu(expected);
373 if ((size_t)expected > count) {
374 size = -1;
375 goto out;
376 }
377
378 size += recv_data(&buf[TPM_HEADER_SIZE], expected - TPM_HEADER_SIZE);
379 if (size < expected) {
380 printk(BIOS_DEBUG, "%s: Unable to read remainder of result\n", __func__);
381 size = -1;
382 goto out;
383 }
384
385 wait_for_stat(TPM_STS_VALID, &status);
386 if (status & TPM_STS_DATA_AVAIL) { /* retry? */
387 printk(BIOS_DEBUG, "%s: Error left over data\n", __func__);
388 size = -1;
389 goto out;
390 }
391
392 out:
393 tpm_tis_i2c_ready();
394
395 return size;
396 }
397
398 static int tpm_tis_i2c_send(uint8_t *buf, size_t len)
399 {
400 int status;
401 size_t count = 0;
402 uint8_t sts = TPM_STS_GO;
403
404 if (len > TPM_BUFSIZE)
405 return -1; /* command is too long for our TPM, sorry */
406
407 status = tpm_tis_i2c_status();
408 if ((status & TPM_STS_COMMAND_READY) == 0) {
409 tpm_tis_i2c_ready();
410 if (wait_for_stat(TPM_STS_COMMAND_READY, &status) < 0)
411 goto out_err;
412 }
413
414 while (count < len - 1) {
415 ssize_t burstcnt = get_burstcount();
416
417 /* burstcount < 0 = TPM is busy */
418 if (burstcnt < 0)
419 return burstcnt;
420
421 if (burstcnt > (len-1-count))
422 burstcnt = len-1-count;
423
424 if (iic_tpm_write(TPM_DATA_FIFO(tpm_dev.locality),
425 &(buf[count]), burstcnt) == 0)
426 count += burstcnt;
427
428 wait_for_stat(TPM_STS_VALID, &status);
429 if ((status & TPM_STS_DATA_EXPECT) == 0)
430 goto out_err;
431 }
432
433 /* write last byte */
434 iic_tpm_write(TPM_DATA_FIFO(tpm_dev.locality), &(buf[count]), 1);
435
436 wait_for_stat(TPM_STS_VALID, &status);
437 if ((status & TPM_STS_DATA_EXPECT) != 0)
438 goto out_err;
439
440 /* go and do it */
441 iic_tpm_write(TPM_STS(tpm_dev.locality), &sts, 1);
442
443 return len;
444
445 out_err:
446 tpm_tis_i2c_ready();
447
448 return -1;
449 }
450
451 /* Initialization of I2C TPM */
452
453 tpm_result_t tpm_vendor_probe(unsigned int bus, uint32_t addr, enum tpm_family *family)
454 {
455 struct stopwatch sw;
456 uint8_t buf = 0;
457 int ret;
458 long sw_run_duration = SLEEP_DURATION_PROBE_MS;
459
460 /*
461 * Infineon "I2C Protocol Stack Specification v0.20" is supposedly a
462 * simple adoption of the LPC TIS Protocol to the I2C Bus, but looking
463 * at "TCG PC Client Specific TIS" doesn't confirm that and Infineon's
464 * specification isn't publicly available.
465 *
466 * Because it's unknown how to access information about TPM version of
467 * the device in this case, the assumption is that whatever TPM version
468 * is enabled at compile-time defines what the device supports. And
469 * since this driver doesn't appear to be used with TPM 2 devices, the
470 * check is written in a way to give TPM 1 preference even if support
471 * for both versions is compiled in.
472 */
473 if (family != NULL)
474 *family = CONFIG(TPM1) ? TPM_1 : TPM_2;
475
476 tpm_dev.chip_type = UNKNOWN;
477 tpm_dev.bus = bus;
478 tpm_dev.addr = addr;
479 tpm_dev.sleep_short = SLEEP_DURATION;
480 tpm_dev.sleep_long = SLEEP_DURATION_LONG;
481
482 /*
483 * Probe TPM. Check if the TPM_ACCESS register's ValidSts bit is set(1)
484 * If the bit remains clear(0) then claim that init has failed.
485 */
486 stopwatch_init_msecs_expire(&sw, sw_run_duration);
487 do {
488 ret = iic_tpm_read(TPM_ACCESS(0), &buf, 1);
489 if (!ret && (buf & TPM_STS_VALID)) {
490 sw_run_duration = stopwatch_duration_msecs(&sw);
491 break;
492 }
493 udelay(SLEEP_DURATION);
494 } while (!stopwatch_expired(&sw));
495
496 printk(BIOS_INFO,
497 "%s: ValidSts bit %s(%d) in TPM_ACCESS register after %ld ms\n",
498 __func__, (buf & TPM_STS_VALID) ? "set" : "clear",
499 (buf & TPM_STS_VALID) >> 7, sw_run_duration);
500
501 /*
502 * Claim failure if the ValidSts (bit 7) is clear.
503 */
504 if (!(buf & TPM_STS_VALID))
505 return TPM_CB_FAIL;
506
507 return TPM_SUCCESS;
508 }
509
510 tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
511 {
512 uint32_t vendor;
513
514 if (dev_addr == 0) {
515 printk(BIOS_ERR, "%s: missing device address\n", __func__);
516 return TPM_CB_INVALID_ARG;
517 }
518
519 tpm_dev.chip_type = UNKNOWN;
520 tpm_dev.bus = bus;
521 tpm_dev.addr = dev_addr;
522 tpm_dev.sleep_short = SLEEP_DURATION;
523 tpm_dev.sleep_long = SLEEP_DURATION_LONG;
524
525 chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
526 chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
527 chip->req_canceled = TPM_STS_COMMAND_READY;
528 chip->status = &tpm_tis_i2c_status;
529 chip->recv = &tpm_tis_i2c_recv;
530 chip->send = &tpm_tis_i2c_send;
531 chip->cancel = &tpm_tis_i2c_ready;
532
533 if (request_locality(0) != 0)
534 return TPM_CB_FAIL;
535
536 /* Read four bytes from DID_VID register */
537 if (iic_tpm_read(TPM_DID_VID(0), (uint8_t *)&vendor, 4) < 0)
538 goto out_err;
539
540 if (vendor == TPM_TIS_I2C_DID_VID_9645) {
541 tpm_dev.chip_type = SLB9645;
542 } else if (be32_to_cpu(vendor) == TPM_TIS_I2C_DID_VID_9635) {
543 tpm_dev.chip_type = SLB9635;
544 } else {
545 printk(BIOS_DEBUG, "Vendor ID 0x%08x not recognized.\n",
546 vendor);
547 goto out_err;
548 }
549
550 printk(BIOS_DEBUG, "I2C TPM %u:%02x (chip type %s device-id %#X)\n",
551 tpm_dev.bus, tpm_dev.addr,
552 chip_name[tpm_dev.chip_type], vendor >> 16);
553
554 /*
555 * A timeout query to TPM can be placed here.
556 * Standard timeout values are used so far
557 */
558
559 return TPM_SUCCESS;
560
561 out_err:
562 release_locality(0, 1);
563 return TPM_CB_FAIL;
564 }
coreboot repo mirror