From patchwork Wed Jul 7 16:25:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 470809 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp6156237jao; Wed, 7 Jul 2021 09:26:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxD3ProQPFwVByXLVFcPgHB/dKvKM6XKpKl9KRXPUIrrz+BHqAmaURDcZH5wYXqaFzxSTNc X-Received: by 2002:aa7:cb19:: with SMTP id s25mr31714732edt.194.1625675180424; Wed, 07 Jul 2021 09:26:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625675180; cv=none; d=google.com; s=arc-20160816; b=0qyWsHseQkBPY9K8WDw4mcawny0/cN2jvdj6MA7hrqvPsDgTQ7ENJtvyjO9cL0nAkK C4Z5T0HYHs+D+WQrEZQw1mnWGReJsA/FQSIITHj+Dmz1i1xR5RvSRcknJvekfOjtQoTW nGFxeP8HOLwrbH0JOPBXZaHkvvBjtWfRCucMxZ9iSFHGm7exuyhe4d4fobZzmXkT8knl foiwKIJ75uZTIbBWz/0piLSB6YDonLVilzAR0n/6xxX5G2DhCjlFjkbVhU0BMkZLTTOp dV6KaM1/msIeMAzRVwSDH36nGuuB232DC4ZTJ9IxO9AZsYzOHbhz+GmXvYJQKjbbZjG+ rXpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=xmLxqxbp6ncyscutmAPTpC7AMs6Gx/XLAZiItTQ7h2w=; b=pi1FYtNmT3d9UbvzySjnI0W7m3fjlNDK5mBFvqaK++vdLZspgvV0vYzeI3zSU0yO7O hMg8s2RGUVZmd86KItY7c8OnWtLoWXF/5CS3lCxd+ic0NBsQmSwhMoNk1Hr0S3Xbtzq7 6gcLqnU9QvXCe8LpmLLhGvL/ekR2/XeMtkzQbCwXdyV6T0Ajt/1NVoqQkkL5xUwIlP74 aD2GlZS8pavWSUKmcqTg9SeKdY038WKU7OUjLZ+wYpQ454DnxTZwXV0wa6RfDZ9LTZc6 qSYkBIkstLzkrStuupvrVDLCXONyEq18gQ9DWQ/hcL+ogY9FBLg86r/idOmbvpBzgxGE i4eQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jNSfEC6B; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id g21si18578483edb.437.2021.07.07.09.26.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 09:26:20 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jNSfEC6B; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3015C82DE8; Wed, 7 Jul 2021 18:26:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="jNSfEC6B"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3412A82DE8; Wed, 7 Jul 2021 18:26:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3429B82BED for ; Wed, 7 Jul 2021 18:26:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x430.google.com with SMTP id i8so3712656wrp.12 for ; Wed, 07 Jul 2021 09:26:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=xmLxqxbp6ncyscutmAPTpC7AMs6Gx/XLAZiItTQ7h2w=; b=jNSfEC6BEYh0TDthUUEqcdbTjjkh8KR31HGVpu5b+uUH/JhwefLj1yCAPEcb61VWl6 53xNjyO5f3MBcEVkrhoyrSNH9tasMYWzqKCOH9xbzzvUp4FG5t5lJqNj1P3bL2JnGj9I 7qcxnl1BvUCUTYc9RSmwejhyodaAXeHa2MRHCEFFlbS9737z01+Y75uFtOoE9UOL8G91 Y9A1fr1bN2Mmjs1K6QAJvHX8iODa1p86eQqQmLssHA5nASaPlWrb6Qkf9wR+RPiIEzMA ZLP8nPf+/NFdJjFM+rmpgsZvbtiXVIWZ45UaeTPYs5B4oEUuDAStY2h2yrEsskkB3x1I 4+Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=xmLxqxbp6ncyscutmAPTpC7AMs6Gx/XLAZiItTQ7h2w=; b=k9qpOkgg16EOO7igj3ooSbnCr+usc0RfOLtrt461pAdDQuSsN1Z02t1vNf2LZ6wJ34 OY5MVctwEgK5TrknaOt16h6SNAV3eZDY08HYiVRBB3ZfgoIRdIGtCgNTpRss3MTMI2Hz tVZnRo9tHHImOR6zBJYzGUlMMRLglKKORyO0EniK2AXBdHAQL6krETSqvJGK9h5W6Kcn 9V5NIzoZsaeQtKgl/3S7J2M08dPun/Z35/KQ4jgZHLiicWZI4h/I4Bu/R5jNT/A/FAel KyxiamdI0foy5c8c7FZqHzWKYqthNDxOyObjHBahJgsPLNwxh2XcPixoWyD7A7tEKM7U QUzQ== X-Gm-Message-State: AOAM5333cn4UgX6Jij5XF5/XyvyMeHjV3OnAUTdvt0nUPp/PSn4VnsMt FSUZ2B2yZ7cpQ9SxzoRJTgtVzA== X-Received: by 2002:a5d:680b:: with SMTP id w11mr16793139wru.426.1625675170417; Wed, 07 Jul 2021 09:26:10 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-242-227.home.otenet.gr. [94.66.242.227]) by smtp.gmail.com with ESMTPSA id c125sm3796838wme.36.2021.07.07.09.26.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 09:26:10 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Simon Glass , Johannes Holland , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH 1/2 v2] tpm2: Introduce TIS tpm core Date: Wed, 7 Jul 2021 19:25:58 +0300 Message-Id: <20210707162604.84196-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean There's a lot of code duplication in U-Boot right now. All the TPM TIS compatible drivers we have at the moment have their own copy of a TIS implementation. So let's create a common layer which implements the core TIS functions. Any driver added from now own, which is compatible with the TIS spec, will only have to provide the underlying bus communication mechanisms. Signed-off-by: Ilias Apalodimas --- Changes since v1: - drivers/tpm/tpm2_tis_core.c | 545 ++++++++++++++++++++++++++++++++++++ drivers/tpm/tpm_tis.h | 40 +++ include/tpm-v2.h | 1 + 3 files changed, 586 insertions(+) create mode 100644 drivers/tpm/tpm2_tis_core.c -- 2.32.0.rc0 diff --git a/drivers/tpm/tpm2_tis_core.c b/drivers/tpm/tpm2_tis_core.c new file mode 100644 index 000000000000..9860ce2379e0 --- /dev/null +++ b/drivers/tpm/tpm2_tis_core.c @@ -0,0 +1,545 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2020, Linaro Limited + * + * Based on the Linux TIS core interface + */ + +#include +#include +#include +#include +#include +#include "tpm_tis.h" + +/** + * tpm_tis_get_desc - Get the TPM description + * + * @udev: udevice + * @buf: buffer to fill data + * @size: buffer size + * + * @Return: Number of characters written (or would have been written) in buffer + */ +int tpm_tis_get_desc(struct udevice *udev, char *buf, int size) +{ + struct tpm_chip *chip = dev_get_priv(udev); + + if (size < 80) + return -ENOSPC; + + return snprintf(buf, size, + "%s v2.0: VendorID 0x%04x, DeviceID 0x%04x, RevisionID 0x%02x [%s]", + udev->name, chip->vend_dev & 0xFFFF, + chip->vend_dev >> 16, chip->rid, + (chip->is_open ? "open" : "closed")); +} + +/** + * tpm_tis_check_locality - Check the current TPM locality + * + * @udev: udevice + * @loc: locality + * + * Return: True if the tested locality matches + */ +static bool tpm_tis_check_locality(struct udevice *udev, int loc) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + u8 locality; + + if (!phy_ops) + return false; + + phy_ops->read_bytes(udev, TPM_ACCESS(loc), 1, &locality); + if ((locality & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID | + TPM_ACCESS_REQUEST_USE)) == + (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) { + chip->locality = loc; + return true; + } + + return false; +} + +/** + * tpm_tis_request_locality - Request a locality from the TPM + * + * @udev: udevce + * @loc: requested locality + * + * Return: 0 on success -1 on failure + */ +int tpm_tis_request_locality(struct udevice *udev, int loc) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + u8 buf = TPM_ACCESS_REQUEST_USE; + unsigned long start, stop; + + if (!phy_ops) + return -1; + + if (tpm_tis_check_locality(udev, loc)) + return 0; + + phy_ops->write_bytes(udev, TPM_ACCESS(loc), 1, &buf); + start = get_timer(0); + stop = chip->timeout_a; + do { + if (tpm_tis_check_locality(udev, loc)) + return 0; + mdelay(TPM_TIMEOUT_MS); + } while (get_timer(start) < stop); + + return -1; +} + +/** + * tpm_tis_status - Check the current device status + * + * @udev: udevice + * @status: return value of status + * + * Return: 0 on success, negative on failure + */ +static int tpm_tis_status(struct udevice *udev, u8 *status) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + + if (!phy_ops) + return -EINVAL; + + if (chip->locality < 0) + return -EINVAL; + + phy_ops->read_bytes(udev, TPM_STS(chip->locality), 1, status); + + if ((*status & TPM_STS_READ_ZERO)) { + log_err("TPM returned invalid status\n"); + return -EINVAL; + } + + return 0; +} + +/** + * tpm_tis_release_locality - Release the requested locality + * + * @udev: udevice + * @loc: requested locality + * + * Return: 0 on success, negative on failure + */ +int tpm_tis_release_locality(struct udevice *udev, int loc) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + u8 buf = TPM_ACCESS_ACTIVE_LOCALITY; + int ret; + + if (!phy_ops) + return -1; + + if (chip->locality < 0) + return 0; + + ret = phy_ops->write_bytes(udev, TPM_ACCESS(loc), 1, &buf); + if (!ret) + chip->locality = -1; + + return ret; +} + +/** + * tpm_tis_wait_for_stat - Wait for TPM to become ready + * + * @udev: udev + * @mask: mask to match + * @timeout: timeout for retries + * @status: current status + * + * Return: 0 on success, negative on failure + */ +static int tpm_tis_wait_for_stat(struct udevice *udev, u8 mask, + unsigned long timeout, u8 *status) +{ + unsigned long start = get_timer(0); + unsigned long stop = timeout; + int ret; + + do { + mdelay(TPM_TIMEOUT_MS); + ret = tpm_tis_status(udev, status); + if (ret) + return ret; + + if ((*status & mask) == mask) + return 0; + } while (get_timer(start) < stop); + + return -ETIMEDOUT; +} + +/** + * tpm_tis_get_burstcount - Get the burstcount for the data FIFO + * + * @udev: udevice + * @burstcount: current burstcount + * + * Return: 0 on success, negative on failure + */ +static int tpm_tis_get_burstcount(struct udevice *udev, size_t *burstcount) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + unsigned long start, stop; + u32 burst; + + if (!phy_ops) + return -EINVAL; + + if (chip->locality < 0) + return -EINVAL; + + /* wait for burstcount */ + start = get_timer(0); + /* + * This is the TPMv2 defined timeout. Change this in case you want to + * make the driver compatile to TPMv1 + */ + stop = chip->timeout_a; + do { + phy_ops->read32(udev, TPM_STS(chip->locality), &burst); + *burstcount = (burst >> 8) & 0xFFFF; + if (*burstcount) + return 0; + + mdelay(TPM_TIMEOUT_MS); + } while (get_timer(start) < stop); + + return -ETIMEDOUT; +} + +/** + * tpm_tis_ready - Cancel pending comands and get the device on a ready state + * + * @udev: udevcie + * + * Return: 0 on success, negative on failure + */ +static int tpm_tis_ready(struct udevice *udev) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + u8 data = TPM_STS_COMMAND_READY; + + if (!phy_ops) + return -1; + + /* This will cancel any pending commands */ + return phy_ops->write_bytes(udev, TPM_STS(chip->locality), 1, &data); +} + +/** + * tpm_tis_send - send data to the device + * + * @udev: udevice + * @buf: buffer to send + * @len: size of the buffer + * + * Return: number of bytes sent or negative on failure + */ +int tpm_tis_send(struct udevice *udev, const u8 *buf, size_t len) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + size_t burstcnt, wr_size, sent = 0; + u8 data = TPM_STS_GO; + u8 status; + int ret; + + if (!phy_ops) + return -EINVAL; + + if (!chip) + return -ENODEV; + + ret = tpm_tis_request_locality(udev, 0); + if (ret < 0) + return -EBUSY; + + ret = tpm_tis_status(udev, &status); + if (ret) + goto release_locality; + + if (!(status & TPM_STS_COMMAND_READY)) { + ret = tpm_tis_ready(udev); + if (ret) { + log_err("Can't cancel previous TPM operation\n"); + goto release_locality; + } + ret = tpm_tis_wait_for_stat(udev, TPM_STS_COMMAND_READY, + chip->timeout_b, &status); + if (ret) { + log_err("TPM not ready\n"); + goto release_locality; + } + } + + while (len > 0) { + ret = tpm_tis_get_burstcount(udev, &burstcnt); + if (ret) + goto release_locality; + + wr_size = min(len, burstcnt); + ret = phy_ops->write_bytes(udev, TPM_DATA_FIFO(chip->locality), + wr_size, buf + sent); + if (ret < 0) + goto release_locality; + + ret = tpm_tis_wait_for_stat(udev, TPM_STS_VALID, + chip->timeout_c, &status); + if (ret) + goto release_locality; + + sent += wr_size; + len -= wr_size; + /* make sure the TPM expects more data */ + if (len && !(status & TPM_STS_DATA_EXPECT)) { + ret = -EIO; + goto release_locality; + } + } + + /* + * Make a final check ensuring everything is ok and the TPM expects no + * more data + */ + ret = tpm_tis_wait_for_stat(udev, TPM_STS_VALID, chip->timeout_c, + &status); + if (ret) + goto release_locality; + + if (status & TPM_STS_DATA_EXPECT) { + ret = -EIO; + goto release_locality; + } + + ret = phy_ops->write_bytes(udev, TPM_STS(chip->locality), 1, &data); + if (ret) + goto release_locality; + + tpm_tis_release_locality(udev, chip->locality); + return sent; + +release_locality: + tpm_tis_ready(udev); + tpm_tis_release_locality(udev, chip->locality); + + return ret; +} + +/** + * tpm_tis_recv_data - Receive data from a device. Wrapper for tpm_tis_recv + * + * @udev: udevice + * @buf: buffer to copy data + * @size: buffer size + * + * Return: bytes read or negative on failure + */ +static int tpm_tis_recv_data(struct udevice *udev, u8 *buf, size_t count) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + int size = 0, len, ret; + size_t burstcnt; + u8 status; + + if (!phy_ops) + return -EINVAL; + + while (size < count && + tpm_tis_wait_for_stat(udev, TPM_STS_DATA_AVAIL | TPM_STS_VALID, + chip->timeout_c, &status) == 0) { + ret = tpm_tis_get_burstcount(udev, &burstcnt); + if (ret) + return burstcnt; + + len = min_t(int, burstcnt, count - size); + ret = phy_ops->read_bytes(udev, TPM_DATA_FIFO(chip->locality), + len, buf + size); + if (ret < 0) + return ret; + + size += len; + } + + return size; +} + +/** + * tpm_tis_recv - Receive data from a device + * + * @udev: udevice + * @buf: buffer to copy data + * @size: buffer size + * + * Return: bytes read or negative on failure + */ +int tpm_tis_recv(struct udevice *udev, u8 *buf, size_t count) +{ + struct tpm_chip *chip = dev_get_priv(udev); + int ret; + int size, expected; + + if (!chip) + return -ENODEV; + + if (count < TPM_HEADER_SIZE) + return -E2BIG; + + ret = tpm_tis_request_locality(udev, 0); + if (ret < 0) + return -EBUSY; + + size = tpm_tis_recv_data(udev, buf, TPM_HEADER_SIZE); + if (size < TPM_HEADER_SIZE) { + log_err("TPM error, unable to read header\n"); + goto out; + } + + expected = get_unaligned_be32(buf + TPM_CMD_COUNT_OFFSET); + if (expected > count) { + size = -EIO; + log_warning("Too much data: %d > %zu\n", expected, count); + goto out; + } + + size += tpm_tis_recv_data(udev, &buf[TPM_HEADER_SIZE], + expected - TPM_HEADER_SIZE); + if (size < expected) { + log(LOGC_NONE, LOGL_ERR, + "TPM error, unable to read remaining bytes of result\n"); + size = -EIO; + goto out; + } + +out: + tpm_tis_ready(udev); + tpm_tis_release_locality(udev, chip->locality); + + return size; +} + +/** tpm_tis_cleanup - Get the device in ready state and release locality + * + * @udev: udevice + * + * Return: always 0 + */ +int tpm_tis_cleanup(struct udevice *udev) +{ + struct tpm_chip *chip = dev_get_priv(udev); + + tpm_tis_ready(udev); + tpm_tis_release_locality(udev, chip->locality); + + return 0; +} + +/** + * tpm_tis_open - Open the device and request locality 0 + * + * @udev: udevice + * + * Return: 0 on success, negative on failure + */ +int tpm_tis_open(struct udevice *udev) +{ + struct tpm_chip *chip = dev_get_priv(udev); + int ret; + + if (chip->is_open) + return -EBUSY; + + ret = tpm_tis_request_locality(udev, 0); + if (!ret) + chip->is_open = 1; + + return ret; +} + +/** + * tpm_tis_ops_register - register the PHY ops for the device + * + * @udev: udevice + * @ops: bus ops for the device + */ +void tpm_tis_ops_register(struct udevice *udev, struct tpm_tis_phy_ops *ops) +{ + struct tpm_chip *chip = dev_get_priv(udev); + + chip->phy_ops = ops; +} + +/** + * tpm_tis_init - inititalize the device + * + * @udev: udevice + * + * Return: 0 on success, negative on failure + */ +int tpm_tis_init(struct udevice *udev) +{ + struct tpm_chip *chip = dev_get_priv(udev); + struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; + int ret; + u32 tmp; + + if (!phy_ops) + return -1; + ret = tpm_tis_request_locality(udev, 0); + if (ret) + return ret; + + chip->timeout_a = TIS_SHORT_TIMEOUT_MS; + chip->timeout_b = TIS_LONG_TIMEOUT_MS; + chip->timeout_c = TIS_SHORT_TIMEOUT_MS; + chip->timeout_d = TIS_SHORT_TIMEOUT_MS; + + /* Disable interrupts */ + phy_ops->read32(udev, TPM_INT_ENABLE(chip->locality), &tmp); + tmp |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT | + TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT; + tmp &= ~TPM_GLOBAL_INT_ENABLE; + phy_ops->write32(udev, TPM_INT_ENABLE(chip->locality), tmp); + + phy_ops->read_bytes(udev, TPM_RID(chip->locality), 1, &chip->rid); + phy_ops->read32(udev, TPM_DID_VID(chip->locality), &chip->vend_dev); + + return tpm_tis_release_locality(udev, chip->locality); +} + +/** + * tpm_tis_close - Close the device and release locality + * + * @udev: udevice + * + * Return: 0 on success, negative on failure + */ +int tpm_tis_close(struct udevice *udev) +{ + struct tpm_chip *chip = dev_get_priv(udev); + int ret = 0; + + if (chip->is_open) { + ret = tpm_tis_release_locality(udev, chip->locality); + chip->is_open = 0; + } + + return ret; +} diff --git a/drivers/tpm/tpm_tis.h b/drivers/tpm/tpm_tis.h index 2a160fe05c9a..fde3bb71f7c2 100644 --- a/drivers/tpm/tpm_tis.h +++ b/drivers/tpm/tpm_tis.h @@ -21,6 +21,37 @@ #include #include +struct tpm_tis_phy_ops { + int (*read_bytes)(struct udevice *udev, u32 addr, u16 len, + u8 *result); + int (*write_bytes)(struct udevice *udev, u32 addr, u16 len, + const u8 *value); + int (*read16)(struct udevice *udev, u32 addr, u16 *result); + int (*read32)(struct udevice *udev, u32 addr, u32 *result); + int (*write32)(struct udevice *udev, u32 addr, u32 src); +}; + +enum tis_int_flags { + TPM_GLOBAL_INT_ENABLE = 0x80000000, + TPM_INTF_BURST_COUNT_STATIC = 0x100, + TPM_INTF_CMD_READY_INT = 0x080, + TPM_INTF_INT_EDGE_FALLING = 0x040, + TPM_INTF_INT_EDGE_RISING = 0x020, + TPM_INTF_INT_LEVEL_LOW = 0x010, + TPM_INTF_INT_LEVEL_HIGH = 0x008, + TPM_INTF_LOCALITY_CHANGE_INT = 0x004, + TPM_INTF_STS_VALID_INT = 0x002, + TPM_INTF_DATA_AVAIL_INT = 0x001, +}; + +#define TPM_ACCESS(l) (0x0000 | ((l) << 12)) +#define TPM_INT_ENABLE(l) (0x0008 | ((l) << 12)) +#define TPM_STS(l) (0x0018 | ((l) << 12)) +#define TPM_DATA_FIFO(l) (0x0024 | ((l) << 12)) +#define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) +#define TPM_RID(l) (0x0F04 | ((l) << 12)) +#define TPM_INTF_CAPS(l) (0x0014 | ((l) << 12)) + enum tpm_timeout { TPM_TIMEOUT_MS = 5, TIS_SHORT_TIMEOUT_MS = 750, @@ -43,6 +74,7 @@ struct tpm_chip { u8 rid; unsigned long timeout_a, timeout_b, timeout_c, timeout_d; /* msec */ ulong chip_type; + struct tpm_tis_phy_ops *phy_ops; }; struct tpm_input_header { @@ -130,4 +162,12 @@ enum tis_status { }; #endif +int tpm_tis_open(struct udevice *udev); +int tpm_tis_close(struct udevice *udev); +int tpm_tis_cleanup(struct udevice *udev); +int tpm_tis_send(struct udevice *udev, const u8 *buf, size_t len); +int tpm_tis_recv(struct udevice *udev, u8 *buf, size_t count); +int tpm_tis_get_desc(struct udevice *udev, char *buf, int size); +int tpm_tis_init(struct udevice *udev); +void tpm_tis_ops_register(struct udevice *udev, struct tpm_tis_phy_ops *ops); #endif diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 247b38696766..3e48e358613f 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -378,6 +378,7 @@ enum { TPM_STS_DATA_EXPECT = 1 << 3, TPM_STS_SELF_TEST_DONE = 1 << 2, TPM_STS_RESPONSE_RETRY = 1 << 1, + TPM_STS_READ_ZERO = 0x23 }; enum { From patchwork Wed Jul 7 16:25:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 470810 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp6156382jao; Wed, 7 Jul 2021 09:26:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0Y35kDgqkJKGMKFNUfpyFgmLJ1QNKZvqXfJj8xWQeUQKbPwslkN8iEf9ZlA58wQTYBhoO X-Received: by 2002:a17:906:2f15:: with SMTP id v21mr24476149eji.220.1625675189808; Wed, 07 Jul 2021 09:26:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625675189; cv=none; d=google.com; s=arc-20160816; b=k6Zv54phvQjV+SzwvZAL8zba8OMUd/VOIJR23aG2VqqU61osjacibuQVyEM5kWrDZi tVtwA9z7DXEbwYWc0k8GiXlqlNEJgnGuAxzW1W1x/eVhKvOWotLuW0ue4CHSDqiq/gT6 R9e9eMDRkrE+daWD1JEB5NdoqoyhosZpr/iKWBB5vUb2RZgaX9zUq3PF1UF8e6pdRa7c YIPAjyKUR3dSdUV8U4J/GaVzIylbg22lX1Vk9uz8uC6ubJnaFP4BOkcIgAfP0uLPZrDq llEkFoNP06JfvD+PvzuVTNKY3guHDs3Z3RhnepF7sccF2tS9H+xJWFlQcA/eX+RGP6RN TDKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=crceJdheh/QQVgWojHS+0SYocJXu47rlr3fRJRbsuiI=; b=W4Y9/+VQAbUr2re8G4YXi7cJaruYllARm7OsMuZswxgAJaE6VQTHv9CP+Uq8wjF9La zNU1G32GFO7VzHZCw8gqwK4UHgCKy055E+LOI7PQG/2iETzSjPm4FYYFLQGAZHO1aeXE 04Xfhj+qMS0ItNl087riG/YB5lXvZ4p0L6mD+VGqvEsSZYfK1zLqYR9h2TrwzSEVa0QY vmyTI0Nw/rCvRHOz/1rvw5H8RmudsauNkJCbWXoNzZvQzaRsI5ulXtXR6SrBkVhu2yA6 0EzF13Nn/0ixWWqrVczCTSI+stQrOeSHzRwmxlJnPPbPTdD2vGX50WB+shQcEK685Z/V 55zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VAx5nXjA; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id g2si17859048ejp.350.2021.07.07.09.26.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 09:26:29 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VAx5nXjA; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 86FEC82E10; Wed, 7 Jul 2021 18:26:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="VAx5nXjA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BAE0082E10; Wed, 7 Jul 2021 18:26:20 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 94F008009C for ; Wed, 7 Jul 2021 18:26:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x332.google.com with SMTP id q18-20020a1ce9120000b02901f259f3a250so2092439wmc.2 for ; Wed, 07 Jul 2021 09:26:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=crceJdheh/QQVgWojHS+0SYocJXu47rlr3fRJRbsuiI=; b=VAx5nXjADwajNzg+LvfDVnozERuKFSBLe13kc52e2FxVggp1d8WYzXnpsGoQ/1tozq p8zWcsFqRhgKIIC4qKI0FncvFPID5kKtUzvDGAUP+ohay5xndQ+Ntv61+ihncbLMUFku gIjRDngdI+UfJybCMUhBmh7KNughG5kcTSFYefpfr2ni5UFr9Q8WCCp2owIsphacqjGw OWkjgUxFzv7qRlJpaPO2D13Km7QMUIQkvIB4KVIoomRyaTaNgeawMg9VTCaUtV1srbPO r34cateZp3L6/4hUKbUFISlbBpSsC/zesoToUVQRj+r0VeCj3ntV12F4I2VmGL/cl9xe dMLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=crceJdheh/QQVgWojHS+0SYocJXu47rlr3fRJRbsuiI=; b=KLcFXRZe0BCAncchZWSGw26q66h1QuvQQOgcPGEZBiXLA/CfBklYn3XlMKCaVnPg0j OLbC58hZUnFSbGIf598a2FxfcBuZjwu6MbZD4y1bsrEd5lDgDnV/MFcmz5daXEXhXx2R kG4AOtYUsgUlCATrST7kICmDUvp/QkwK0h17ubP0d5PG24FZ9D/bWVP+WNGMukyl8LrS AxGl8HdVm0KsA34gVbFoP7GADwawpXE+/62f63wE0Cc2CvZHaUdHWD6NzlCZ2sh4bbvH VDyFNOhlbyCf33Tez5OEZCnPltlf20pUe70ET2+kx2dFeAX6SUxT/CUtDByu19sf5W8v xYFg== X-Gm-Message-State: AOAM5319MmtRjp6sERWUyMljCsHNTUxl+VWX+3Y5bVWZUPtQTro7riqk zM2hX5JU4QmZPt+kmL/vwVRIyA== X-Received: by 2002:a1c:5985:: with SMTP id n127mr27531622wmb.75.1625675176146; Wed, 07 Jul 2021 09:26:16 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-242-227.home.otenet.gr. [94.66.242.227]) by smtp.gmail.com with ESMTPSA id c125sm3796838wme.36.2021.07.07.09.26.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 09:26:15 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Simon Glass , Johannes Holland , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH 2/2] tpm2: Add a TPMv2 MMIO TIS driver Date: Wed, 7 Jul 2021 19:25:59 +0300 Message-Id: <20210707162604.84196-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 In-Reply-To: <20210707162604.84196-1-ilias.apalodimas@linaro.org> References: <20210707162604.84196-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add support for devices that expose a TPMv2 though MMIO. Apart from those devices, we can use the driver in our QEMU setups and test TPM related code which is difficult to achieve using the sandbox driver (e.g test the EFI TCG2 protocol). It's worth noting that a previous patch added TPMv2 TIS core functions, which the current driver is consuming. Signed-off-by: Ilias Apalodimas --- Changes since v1: - split off the tis core code into a different file drivers/tpm/Kconfig | 9 +++ drivers/tpm/Makefile | 1 + drivers/tpm/tpm2_tis_mmio.c | 156 ++++++++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 drivers/tpm/tpm2_tis_mmio.c -- 2.32.0.rc0 diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index 9eebab5cfd90..406ee8716e1e 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -161,6 +161,15 @@ config TPM2_FTPM_TEE help This driver supports firmware TPM running in TEE. +config TPM2_MMIO + bool "MMIO based TPM2 Interface" + depends on TPM_V2 + help + This driver supports firmware TPM2.0 MMIO interface. + The usual TPM operations and the 'tpm' command can be used to talk + to the device using the standard TPM Interface Specification (TIS) + protocol. + endif # TPM_V2 endmenu diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile index f64d20067f88..1065c1874f58 100644 --- a/drivers/tpm/Makefile +++ b/drivers/tpm/Makefile @@ -14,3 +14,4 @@ obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o +obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o diff --git a/drivers/tpm/tpm2_tis_mmio.c b/drivers/tpm/tpm2_tis_mmio.c new file mode 100644 index 000000000000..2183a2807162 --- /dev/null +++ b/drivers/tpm/tpm2_tis_mmio.c @@ -0,0 +1,156 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * driver for mmio TCG/TIS TPM (trusted platform module). + * + * Specifications at www.trustedcomputinggroup.org + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "tpm_tis.h" +#include "tpm_internal.h" + +struct tpm_tis_chip_data { + unsigned int pcr_count; + unsigned int pcr_select_min; + unsigned int time_before_first_cmd_ms; + void __iomem *iobase; +}; + +static int mmio_read_bytes(struct udevice *udev, u32 addr, u16 len, + u8 *result) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + while (len--) + *result++ = ioread8(drv_data->iobase + addr); + return 0; +} + +static int mmio_write_bytes(struct udevice *udev, u32 addr, u16 len, + const u8 *value) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + while (len--) + iowrite8(*value++, drv_data->iobase + addr); + return 0; +} + +static int mmio_read16(struct udevice *udev, u32 addr, u16 *result) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + *result = ioread16(drv_data->iobase + addr); + return 0; +} + +static int mmio_read32(struct udevice *udev, u32 addr, u32 *result) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + *result = ioread32(drv_data->iobase + addr); + return 0; +} + +static int mmio_write32(struct udevice *udev, u32 addr, u32 value) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + iowrite32(value, drv_data->iobase + addr); + return 0; +} + +static struct tpm_tis_phy_ops phy_ops = { + .read_bytes = mmio_read_bytes, + .write_bytes = mmio_write_bytes, + .read16 = mmio_read16, + .read32 = mmio_read32, + .write32 = mmio_write32, +}; + +static int tpm_tis_probe(struct udevice *udev) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + struct tpm_chip_priv *priv = dev_get_uclass_priv(udev); + int ret = 0; + fdt_addr_t ioaddr; + u64 sz; + + ioaddr = dev_read_addr(udev); + if (ioaddr == FDT_ADDR_T_NONE) + return -EINVAL; + + ret = dev_read_u64(udev, "reg", &sz); + if (ret) + return -EINVAL; + + drv_data->iobase = ioremap(ioaddr, sz); + log_info("Remapped TPM2 base: 0x%llx size: 0x%llx\n", ioaddr, sz); + tpm_tis_ops_register(udev, &phy_ops); + ret = tpm_tis_init(udev); + if (ret) + goto iounmap; + + priv->pcr_count = drv_data->pcr_count; + priv->pcr_select_min = drv_data->pcr_select_min; + /* + * Although the driver probably works with a TPMv1 our Kconfig + * limits the driver to TPMv2 only + */ + priv->version = TPM_V2; + + return ret; +iounmap: + iounmap(drv_data->iobase); + return -EINVAL; +} + +static int tpm_tis_remove(struct udevice *udev) +{ + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); + + iounmap(drv_data->iobase); + return tpm_tis_cleanup(udev); +} + +static const struct tpm_ops tpm_tis_ops = { + .open = tpm_tis_open, + .close = tpm_tis_close, + .get_desc = tpm_tis_get_desc, + .send = tpm_tis_send, + .recv = tpm_tis_recv, + .cleanup = tpm_tis_cleanup, +}; + +static const struct tpm_tis_chip_data tpm_tis_std_chip_data = { + .pcr_count = 24, + .pcr_select_min = 3, +}; + +static const struct udevice_id tpm_tis_ids[] = { + { + .compatible = "tcg,tpm-tis-mmio", + .data = (ulong)&tpm_tis_std_chip_data, + }, + { } +}; + +U_BOOT_DRIVER(tpm_tis_mmio) = { + .name = "tpm_tis_mmio", + .id = UCLASS_TPM, + .of_match = tpm_tis_ids, + .ops = &tpm_tis_ops, + .probe = tpm_tis_probe, + .remove = tpm_tis_remove, + .priv_auto = sizeof(struct tpm_chip), +};