Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / be2c7d764a52cd40dd9bf4793f0107a6a3fc3466 / . / drivers / tpm / cr50_i2c.c
blob: 1942c07c605ca3797d5d178f6dd7e83323dabdc3 [file] [log] [blame]
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Cr50 / H1 TPM support
4 *
5 * Copyright 2018 Google LLC
6 */
7
8#define LOG_CATEGORY UCLASS_TPM
9
10#include <common.h>
11#include <dm.h>
12#include <i2c.h>
13#include <irq.h>
Simon Glassf7ae49f2020-05-10 11:40:05 -0600[diff] [blame]14#include <log.h>
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]15#include <spl.h>
16#include <tpm-v2.h>
17#include <asm/gpio.h>
18#include <asm/io.h>
19#include <asm/arch/iomap.h>
20#include <asm/arch/pm.h>
Simon Glassc05ed002020-05-10 11:40:11 -0600[diff] [blame]21#include <linux/delay.h>
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]22
23enum {
24 TIMEOUT_INIT_MS = 30000, /* Very long timeout for TPM init */
25 TIMEOUT_LONG_US = 2 * 1000 * 1000,
26 TIMEOUT_SHORT_US = 2 * 1000,
27 TIMEOUT_NO_IRQ_US = 20 * 1000,
28 TIMEOUT_IRQ_US = 100 * 1000,
29};
30
31enum {
32 CR50_DID_VID = 0x00281ae0L
33};
34
35enum {
36 CR50_MAX_BUF_SIZE = 63,
37};
38
Simon Glassfe6831d2020-04-08 16:57:23 -0600[diff] [blame]39/**
40 * struct cr50_priv - Private driver data
41 *
42 * @ready_gpio: GPIO to use to check if the TPM is ready
43 * @irq: IRQ to use check if the TPM is ready (has priority over @ready_gpio)
44 * @locality: Currenttly claimed locality (-1 if none)
45 * @vendor: vendor: Vendor ID for TPM
46 * @use_irq: true to use @irq, false to use @ready if available
47 */
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]48struct cr50_priv {
49 struct gpio_desc ready_gpio;
50 struct irq irq;
51 int locality;
52 uint vendor;
53 bool use_irq;
54};
55
56/* Wait for interrupt to indicate TPM is ready */
57static int cr50_i2c_wait_tpm_ready(struct udevice *dev)
58{
59 struct cr50_priv *priv = dev_get_priv(dev);
60 ulong timeout, base;
61 int i;
62
63 if (!priv->use_irq && !dm_gpio_is_valid(&priv->ready_gpio)) {
64 /* Fixed delay if interrupt not supported */
65 udelay(TIMEOUT_NO_IRQ_US);
66 return 0;
67 }
68
69 base = timer_get_us();
70 timeout = base + TIMEOUT_IRQ_US;
71
72 i = 0;
73 while (priv->use_irq ? !irq_read_and_clear(&priv->irq) :
74 !dm_gpio_get_value(&priv->ready_gpio)) {
75 i++;
76 if ((int)(timer_get_us() - timeout) >= 0) {
77 log_warning("Timeout\n");
78 /* Use this instead of the -ETIMEDOUT used by i2c */
79 return -ETIME;
80 }
81 }
82 log_debug("i=%d\n", i);
83
84 return 0;
85}
86
87/* Clear pending interrupts */
88static void cr50_i2c_clear_tpm_irq(struct udevice *dev)
89{
90 struct cr50_priv *priv = dev_get_priv(dev);
91
92 if (priv->use_irq)
93 irq_read_and_clear(&priv->irq);
94}
95
96/*
97 * cr50_i2c_read() - read from TPM register
98 *
99 * @dev: TPM chip information
100 * @addr: register address to read from
101 * @buffer: provided by caller
102 * @len: number of bytes to read
103 *
104 * 1) send register address byte 'addr' to the TPM
105 * 2) wait for TPM to indicate it is ready
106 * 3) read 'len' bytes of TPM response into the provided 'buffer'
107 *
108 * Return 0 on success. -ve on error
109 */
110static int cr50_i2c_read(struct udevice *dev, u8 addr, u8 *buffer,
111 size_t len)
112{
113 int ret;
114
115 /* Clear interrupt before starting transaction */
116 cr50_i2c_clear_tpm_irq(dev);
117
118 /* Send the register address byte to the TPM */
119 ret = dm_i2c_write(dev, 0, &addr, 1);
120 if (ret) {
121 log_err("Address write failed (err=%d)\n", ret);
122 return ret;
123 }
124
125 /* Wait for TPM to be ready with response data */
126 ret = cr50_i2c_wait_tpm_ready(dev);
127 if (ret)
128 return ret;
129
130 /* Read response data frrom the TPM */
131 ret = dm_i2c_read(dev, 0, buffer, len);
132 if (ret) {
133 log_err("Read response failed (err=%d)\n", ret);
134 return ret;
135 }
136
137 return 0;
138}
139
140/*
141 * cr50_i2c_write() - write to TPM register
142 *
143 * @dev: TPM chip information
144 * @addr: register address to write to
145 * @buffer: data to write
146 * @len: number of bytes to write
147 *
148 * 1) prepend the provided address to the provided data
149 * 2) send the address+data to the TPM
150 * 3) wait for TPM to indicate it is done writing
151 *
152 * Returns -1 on error, 0 on success.
153 */
154static int cr50_i2c_write(struct udevice *dev, u8 addr, const u8 *buffer,
155 size_t len)
156{
157 u8 buf[len + 1];
158 int ret;
159
160 if (len > CR50_MAX_BUF_SIZE) {
161 log_err("Length %zd is too large\n", len);
162 return -E2BIG;
163 }
164
165 /* Prepend the 'register address' to the buffer */
166 buf[0] = addr;
167 memcpy(buf + 1, buffer, len);
168
169 /* Clear interrupt before starting transaction */
170 cr50_i2c_clear_tpm_irq(dev);
171
172 /* Send write request buffer with address */
173 ret = dm_i2c_write(dev, 0, buf, len + 1);
174 if (ret) {
175 log_err("Error writing to TPM (err=%d)\n", ret);
176 return ret;
177 }
178
179 /* Wait for TPM to be ready */
180 return cr50_i2c_wait_tpm_ready(dev);
181}
182
183static inline u8 tpm_access(u8 locality)
184{
185 return 0x0 | (locality << 4);
186}
187
188static inline u8 tpm_sts(u8 locality)
189{
190 return 0x1 | (locality << 4);
191}
192
193static inline u8 tpm_data_fifo(u8 locality)
194{
195 return 0x5 | (locality << 4);
196}
197
198static inline u8 tpm_did_vid(u8 locality)
199{
200 return 0x6 | (locality << 4);
201}
202
203static int release_locality(struct udevice *dev, int force)
204{
205 struct cr50_priv *priv = dev_get_priv(dev);
206 u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
207 u8 addr = tpm_access(priv->locality);
208 int ret;
209 u8 buf;
210
211 ret = cr50_i2c_read(dev, addr, &buf, 1);
212 if (ret)
213 return ret;
214
215 if (force || (buf & mask) == mask) {
216 buf = TPM_ACCESS_ACTIVE_LOCALITY;
217 cr50_i2c_write(dev, addr, &buf, 1);
218 }
219
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]220 priv->locality = -1;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]221
222 return 0;
223}
224
225/* cr50 requires all 4 bytes of status register to be read */
226static int cr50_i2c_status(struct udevice *dev)
227{
228 struct cr50_priv *priv = dev_get_priv(dev);
229 u8 buf[4];
230 int ret;
231
232 ret = cr50_i2c_read(dev, tpm_sts(priv->locality), buf, sizeof(buf));
233 if (ret) {
234 log_warning("%s: Failed to read status\n", __func__);
235 return ret;
236 }
237
238 return buf[0];
239}
240
241/* cr50 requires all 4 bytes of status register to be written */
242static int cr50_i2c_ready(struct udevice *dev)
243{
244 struct cr50_priv *priv = dev_get_priv(dev);
245 u8 buf[4] = { TPM_STS_COMMAND_READY };
246 int ret;
247
248 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), buf, sizeof(buf));
249 if (ret)
250 return ret;
251
252 udelay(TIMEOUT_SHORT_US);
253
254 return 0;
255}
256
257static int cr50_i2c_wait_burststs(struct udevice *dev, u8 mask,
258 size_t *burst, int *status)
259{
260 struct cr50_priv *priv = dev_get_priv(dev);
261 ulong timeout;
262 u32 buf;
263
264 /*
265 * cr50 uses bytes 3:2 of status register for burst count and all 4
266 * bytes must be read
267 */
268 timeout = timer_get_us() + TIMEOUT_LONG_US;
269 while (timer_get_us() < timeout) {
270 if (cr50_i2c_read(dev, tpm_sts(priv->locality),
271 (u8 *)&buf, sizeof(buf)) < 0) {
272 udelay(TIMEOUT_SHORT_US);
273 continue;
274 }
275
276 *status = buf & 0xff;
277 *burst = le16_to_cpu((buf >> 8) & 0xffff);
278
279 if ((*status & mask) == mask &&
280 *burst > 0 && *burst <= CR50_MAX_BUF_SIZE)
281 return 0;
282
283 udelay(TIMEOUT_SHORT_US);
284 }
285
286 log_warning("Timeout reading burst and status\n");
287
288 return -ETIMEDOUT;
289}
290
291static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len)
292{
293 struct cr50_priv *priv = dev_get_priv(dev);
294 size_t burstcnt, expected, current, len;
295 u8 addr = tpm_data_fifo(priv->locality);
296 u8 mask = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
297 u32 expected_buf;
298 int status;
299 int ret;
300
301 log_debug("%s: len=%x\n", __func__, buf_len);
302 if (buf_len < TPM_HEADER_SIZE)
303 return -E2BIG;
304
305 ret = cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status);
306 if (ret < 0) {
307 log_warning("First chunk not available\n");
308 goto out_err;
309 }
310
311 /* Read first chunk of burstcnt bytes */
312 if (cr50_i2c_read(dev, addr, buf, burstcnt) < 0) {
313 log_warning("Read failed\n");
314 goto out_err;
315 }
316
317 /* Determine expected data in the return buffer */
318 memcpy(&expected_buf, buf + TPM_CMD_COUNT_OFFSET, sizeof(expected_buf));
319 expected = be32_to_cpu(expected_buf);
320 if (expected > buf_len) {
321 log_warning("Too much data: %zu > %zu\n", expected, buf_len);
322 goto out_err;
323 }
324
325 /* Now read the rest of the data */
326 current = burstcnt;
327 while (current < expected) {
328 /* Read updated burst count and check status */
329 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0) {
330 log_warning("- burst failure1\n");
331 goto out_err;
332 }
333
334 len = min(burstcnt, expected - current);
335 if (cr50_i2c_read(dev, addr, buf + current, len) != 0) {
336 log_warning("Read failed\n");
337 goto out_err;
338 }
339
340 current += len;
341 }
342
343 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt,
344 &status) < 0) {
345 log_warning("- burst failure2\n");
346 goto out_err;
347 }
348 if (status & TPM_STS_DATA_AVAIL) {
349 log_warning("Data still available\n");
350 goto out_err;
351 }
352
353 return current;
354
355out_err:
356 /* Abort current transaction if still pending */
357 ret = cr50_i2c_status(dev);
358 if (ret < 0)
359 return ret;
360 if (ret & TPM_STS_COMMAND_READY) {
361 ret = cr50_i2c_ready(dev);
362 if (ret)
363 return ret;
364 }
365
366 return -EIO;
367}
368
369static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len)
370{
371 struct cr50_priv *priv = dev_get_priv(dev);
372
373 int status;
374 size_t burstcnt, limit, sent = 0;
375 u8 tpm_go[4] = { TPM_STS_GO };
376 ulong timeout;
377 int ret;
378
379 log_debug("%s: len=%x\n", __func__, len);
380 timeout = timer_get_us() + TIMEOUT_LONG_US;
381 do {
382 ret = cr50_i2c_status(dev);
383 if (ret < 0)
384 goto out_err;
385 if (ret & TPM_STS_COMMAND_READY)
386 break;
387
388 if (timer_get_us() > timeout)
389 goto out_err;
390
391 ret = cr50_i2c_ready(dev);
392 if (ret)
393 goto out_err;
394 } while (1);
395
396 while (len > 0) {
397 u8 mask = TPM_STS_VALID;
398
399 /* Wait for data if this is not the first chunk */
400 if (sent > 0)
401 mask |= TPM_STS_DATA_EXPECT;
402
403 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0)
404 goto out_err;
405
406 /*
407 * Use burstcnt - 1 to account for the address byte
408 * that is inserted by cr50_i2c_write()
409 */
410 limit = min(burstcnt - 1, len);
411 if (cr50_i2c_write(dev, tpm_data_fifo(priv->locality),
412 &buf[sent], limit) != 0) {
413 log_warning("Write failed\n");
414 goto out_err;
415 }
416
417 sent += limit;
418 len -= limit;
419 }
420
421 /* Ensure TPM is not expecting more data */
422 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt, &status) < 0)
423 goto out_err;
424 if (status & TPM_STS_DATA_EXPECT) {
425 log_warning("Data still expected\n");
426 goto out_err;
427 }
428
429 /* Start the TPM command */
430 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), tpm_go,
431 sizeof(tpm_go));
432 if (ret) {
433 log_warning("Start command failed\n");
434 goto out_err;
435 }
436
437 return sent;
438
439out_err:
440 /* Abort current transaction if still pending */
441 ret = cr50_i2c_status(dev);
442
443 if (ret < 0 || (ret & TPM_STS_COMMAND_READY)) {
444 ret = cr50_i2c_ready(dev);
445 if (ret)
446 return ret;
447 }
448
449 return -EIO;
450}
451
452/**
453 * process_reset() - Wait for the Cr50 to reset
454 *
455 * Cr50 processes reset requests asynchronously and conceivably could be busy
456 * executing a long command and not reacting to the reset pulse for a while.
457 *
458 * This function will make sure that the AP does not proceed with boot until
459 * TPM finished reset processing.
460 *
461 * @dev: Cr50 device
462 * @return 0 if OK, -EPERM if locality could not be taken
463 */
464static int process_reset(struct udevice *dev)
465{
466 const int loc = 0;
467 u8 access;
468 ulong start;
469
470 /*
471 * Locality is released by TPM reset.
472 *
473 * If locality is taken at this point, this could be due to the fact
474 * that the TPM is performing a long operation and has not processed
475 * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
476 * it releases locality when reset is processed.
477 */
478 start = get_timer(0);
479 do {
480 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
481 int ret;
482
483 ret = cr50_i2c_read(dev, tpm_access(loc),
484 &access, sizeof(access));
485 if (ret || ((access & mask) == mask)) {
486 /*
487 * Don't bombard the chip with traffic; let it keep
488 * processing the command.
489 */
490 mdelay(2);
491 continue;
492 }
493
494 log_warning("TPM ready after %ld ms\n", get_timer(start));
495
496 return 0;
497 } while (get_timer(start) < TIMEOUT_INIT_MS);
498
499 log_warning("TPM failed to reset after %ld ms, status: %#x\n",
500 get_timer(start), access);
501
502 return -EPERM;
503}
504
505/*
506 * Locality could be already claimed (if this is a later U-Boot phase and the
507 * read-only U-Boot did not release it), or not yet claimed, if this is TPL or
508 * the older read-only U-Boot did release it.
509 */
510static int claim_locality(struct udevice *dev, int loc)
511{
512 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]513 struct cr50_priv *priv = dev_get_priv(dev);
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]514 u8 access;
515 int ret;
516
517 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
518 if (ret)
519 return log_msg_ret("read1", ret);
520
521 if ((access & mask) == mask) {
522 log_warning("Locality already claimed\n");
523 return 0;
524 }
525
526 access = TPM_ACCESS_REQUEST_USE;
527 ret = cr50_i2c_write(dev, tpm_access(loc), &access, sizeof(access));
528 if (ret)
529 return log_msg_ret("write", ret);
530
531 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
532 if (ret)
533 return log_msg_ret("read2", ret);
534
535 if ((access & mask) != mask) {
536 log_err("Failed to claim locality\n");
537 return -EPERM;
538 }
539 log_info("Claimed locality %d\n", loc);
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]540 priv->locality = loc;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]541
542 return 0;
543}
544
545static int cr50_i2c_get_desc(struct udevice *dev, char *buf, int size)
546{
547 struct dm_i2c_chip *chip = dev_get_parent_platdata(dev);
548 struct cr50_priv *priv = dev_get_priv(dev);
549
550 return snprintf(buf, size, "cr50 TPM 2.0 (i2c %02x id %x) irq=%d",
551 chip->chip_addr, priv->vendor >> 16, priv->use_irq);
552}
553
554static int cr50_i2c_open(struct udevice *dev)
555{
556 char buf[80];
557 int ret;
558
559 ret = process_reset(dev);
560 if (ret)
561 return log_msg_ret("reset", ret);
562
563 ret = claim_locality(dev, 0);
564 if (ret)
565 return log_msg_ret("claim", ret);
566
567 cr50_i2c_get_desc(dev, buf, sizeof(buf));
568 log_debug("%s\n", buf);
569
570 return 0;
571}
572
573static int cr50_i2c_cleanup(struct udevice *dev)
574{
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]575 struct cr50_priv *priv = dev_get_priv(dev);
576
577 printf("%s: cleanup %d\n", __func__, priv->locality);
578 if (priv->locality != -1)
579 release_locality(dev, 1);
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]580
581 return 0;
582}
583
584enum {
585 TPM_TIMEOUT_MS = 5,
586 SHORT_TIMEOUT_MS = 750,
587 LONG_TIMEOUT_MS = 2000,
588};
589
590static int cr50_i2c_ofdata_to_platdata(struct udevice *dev)
591{
592 struct tpm_chip_priv *upriv = dev_get_uclass_priv(dev);
593 struct cr50_priv *priv = dev_get_priv(dev);
594 struct irq irq;
595 int ret;
596
597 upriv->version = TPM_V2;
598 upriv->duration_ms[TPM_SHORT] = SHORT_TIMEOUT_MS;
599 upriv->duration_ms[TPM_MEDIUM] = LONG_TIMEOUT_MS;
600 upriv->duration_ms[TPM_LONG] = LONG_TIMEOUT_MS;
601 upriv->retry_time_ms = TPM_TIMEOUT_MS;
602
603 upriv->pcr_count = 32;
604 upriv->pcr_select_min = 2;
605
606 /* Optional GPIO to track when cr50 is ready */
607 ret = irq_get_by_index(dev, 0, &irq);
608 if (!ret) {
609 priv->irq = irq;
610 priv->use_irq = true;
611 } else {
Simon Glass32e8ee02020-04-08 16:57:24 -0600[diff] [blame]612 ret = gpio_request_by_name(dev, "ready-gpios", 0,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]613 &priv->ready_gpio, GPIOD_IS_IN);
614 if (ret) {
615 log_warning("Cr50 does not have an ready GPIO/interrupt (err=%d)\n",
616 ret);
617 }
618 }
619
620 return 0;
621}
622
623static int cr50_i2c_probe(struct udevice *dev)
624{
625 struct cr50_priv *priv = dev_get_priv(dev);
626 u32 vendor = 0;
627 ulong start;
628
629 /*
630 * 150ms should be enough to synchronise with the TPM even under the
631 * worst nested-reset-request conditions. In the vast majority of cases
632 * there will be no wait at all.
633 */
634 start = get_timer(0);
635 while (get_timer(start) < 150) {
636 int ret;
637
638 /* Exit once DID and VID verified */
639 ret = cr50_i2c_read(dev, tpm_did_vid(0), (u8 *)&vendor, 4);
640 if (!ret && vendor == CR50_DID_VID)
641 break;
642
643 /* TPM might be resetting; let's retry in a bit */
644 mdelay(10);
645 }
646 if (vendor != CR50_DID_VID) {
647 log_debug("DID_VID %08x not recognised\n", vendor);
648 return log_msg_ret("vendor-id", -EXDEV);
649 }
650 priv->vendor = vendor;
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]651 priv->locality = -1;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]652
653 return 0;
654}
655
656static const struct tpm_ops cr50_i2c_ops = {
657 .open = cr50_i2c_open,
658 .get_desc = cr50_i2c_get_desc,
659 .send = cr50_i2c_send,
660 .recv = cr50_i2c_recv,
661 .cleanup = cr50_i2c_cleanup,
662};
663
664static const struct udevice_id cr50_i2c_ids[] = {
665 { .compatible = "google,cr50" },
666 { }
667};
668
669U_BOOT_DRIVER(cr50_i2c) = {
670 .name = "cr50_i2c",
671 .id = UCLASS_TPM,
672 .of_match = cr50_i2c_ids,
673 .ops = &cr50_i2c_ops,
674 .ofdata_to_platdata = cr50_i2c_ofdata_to_platdata,
675 .probe = cr50_i2c_probe,
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]676 .remove = cr50_i2c_cleanup,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]677 .priv_auto_alloc_size = sizeof(struct cr50_priv),
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]678 .flags = DM_FLAG_OS_PREPARE,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]679};