Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / f7ae49fc4f363a803dab3be078e93ead8e75a8e9 / . / drivers / tpm / cr50_i2c.c
blob: 026adbd737b365a70f0bbea8c52e74b52bf72fc6 [file] [log] [blame]
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Cr50 / H1 TPM support
4 *
5 * Copyright 2018 Google LLC
6 */
7
8#define LOG_CATEGORY UCLASS_TPM
9
10#include <common.h>
11#include <dm.h>
12#include <i2c.h>
13#include <irq.h>
Simon Glassf7ae49f2020-05-10 11:40:05 -0600[diff] [blame^]14#include <log.h>
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]15#include <spl.h>
16#include <tpm-v2.h>
17#include <asm/gpio.h>
18#include <asm/io.h>
19#include <asm/arch/iomap.h>
20#include <asm/arch/pm.h>
21
22enum {
23 TIMEOUT_INIT_MS = 30000, /* Very long timeout for TPM init */
24 TIMEOUT_LONG_US = 2 * 1000 * 1000,
25 TIMEOUT_SHORT_US = 2 * 1000,
26 TIMEOUT_NO_IRQ_US = 20 * 1000,
27 TIMEOUT_IRQ_US = 100 * 1000,
28};
29
30enum {
31 CR50_DID_VID = 0x00281ae0L
32};
33
34enum {
35 CR50_MAX_BUF_SIZE = 63,
36};
37
Simon Glassfe6831d2020-04-08 16:57:23 -0600[diff] [blame]38/**
39 * struct cr50_priv - Private driver data
40 *
41 * @ready_gpio: GPIO to use to check if the TPM is ready
42 * @irq: IRQ to use check if the TPM is ready (has priority over @ready_gpio)
43 * @locality: Currenttly claimed locality (-1 if none)
44 * @vendor: vendor: Vendor ID for TPM
45 * @use_irq: true to use @irq, false to use @ready if available
46 */
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]47struct cr50_priv {
48 struct gpio_desc ready_gpio;
49 struct irq irq;
50 int locality;
51 uint vendor;
52 bool use_irq;
53};
54
55/* Wait for interrupt to indicate TPM is ready */
56static int cr50_i2c_wait_tpm_ready(struct udevice *dev)
57{
58 struct cr50_priv *priv = dev_get_priv(dev);
59 ulong timeout, base;
60 int i;
61
62 if (!priv->use_irq && !dm_gpio_is_valid(&priv->ready_gpio)) {
63 /* Fixed delay if interrupt not supported */
64 udelay(TIMEOUT_NO_IRQ_US);
65 return 0;
66 }
67
68 base = timer_get_us();
69 timeout = base + TIMEOUT_IRQ_US;
70
71 i = 0;
72 while (priv->use_irq ? !irq_read_and_clear(&priv->irq) :
73 !dm_gpio_get_value(&priv->ready_gpio)) {
74 i++;
75 if ((int)(timer_get_us() - timeout) >= 0) {
76 log_warning("Timeout\n");
77 /* Use this instead of the -ETIMEDOUT used by i2c */
78 return -ETIME;
79 }
80 }
81 log_debug("i=%d\n", i);
82
83 return 0;
84}
85
86/* Clear pending interrupts */
87static void cr50_i2c_clear_tpm_irq(struct udevice *dev)
88{
89 struct cr50_priv *priv = dev_get_priv(dev);
90
91 if (priv->use_irq)
92 irq_read_and_clear(&priv->irq);
93}
94
95/*
96 * cr50_i2c_read() - read from TPM register
97 *
98 * @dev: TPM chip information
99 * @addr: register address to read from
100 * @buffer: provided by caller
101 * @len: number of bytes to read
102 *
103 * 1) send register address byte 'addr' to the TPM
104 * 2) wait for TPM to indicate it is ready
105 * 3) read 'len' bytes of TPM response into the provided 'buffer'
106 *
107 * Return 0 on success. -ve on error
108 */
109static int cr50_i2c_read(struct udevice *dev, u8 addr, u8 *buffer,
110 size_t len)
111{
112 int ret;
113
114 /* Clear interrupt before starting transaction */
115 cr50_i2c_clear_tpm_irq(dev);
116
117 /* Send the register address byte to the TPM */
118 ret = dm_i2c_write(dev, 0, &addr, 1);
119 if (ret) {
120 log_err("Address write failed (err=%d)\n", ret);
121 return ret;
122 }
123
124 /* Wait for TPM to be ready with response data */
125 ret = cr50_i2c_wait_tpm_ready(dev);
126 if (ret)
127 return ret;
128
129 /* Read response data frrom the TPM */
130 ret = dm_i2c_read(dev, 0, buffer, len);
131 if (ret) {
132 log_err("Read response failed (err=%d)\n", ret);
133 return ret;
134 }
135
136 return 0;
137}
138
139/*
140 * cr50_i2c_write() - write to TPM register
141 *
142 * @dev: TPM chip information
143 * @addr: register address to write to
144 * @buffer: data to write
145 * @len: number of bytes to write
146 *
147 * 1) prepend the provided address to the provided data
148 * 2) send the address+data to the TPM
149 * 3) wait for TPM to indicate it is done writing
150 *
151 * Returns -1 on error, 0 on success.
152 */
153static int cr50_i2c_write(struct udevice *dev, u8 addr, const u8 *buffer,
154 size_t len)
155{
156 u8 buf[len + 1];
157 int ret;
158
159 if (len > CR50_MAX_BUF_SIZE) {
160 log_err("Length %zd is too large\n", len);
161 return -E2BIG;
162 }
163
164 /* Prepend the 'register address' to the buffer */
165 buf[0] = addr;
166 memcpy(buf + 1, buffer, len);
167
168 /* Clear interrupt before starting transaction */
169 cr50_i2c_clear_tpm_irq(dev);
170
171 /* Send write request buffer with address */
172 ret = dm_i2c_write(dev, 0, buf, len + 1);
173 if (ret) {
174 log_err("Error writing to TPM (err=%d)\n", ret);
175 return ret;
176 }
177
178 /* Wait for TPM to be ready */
179 return cr50_i2c_wait_tpm_ready(dev);
180}
181
182static inline u8 tpm_access(u8 locality)
183{
184 return 0x0 | (locality << 4);
185}
186
187static inline u8 tpm_sts(u8 locality)
188{
189 return 0x1 | (locality << 4);
190}
191
192static inline u8 tpm_data_fifo(u8 locality)
193{
194 return 0x5 | (locality << 4);
195}
196
197static inline u8 tpm_did_vid(u8 locality)
198{
199 return 0x6 | (locality << 4);
200}
201
202static int release_locality(struct udevice *dev, int force)
203{
204 struct cr50_priv *priv = dev_get_priv(dev);
205 u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
206 u8 addr = tpm_access(priv->locality);
207 int ret;
208 u8 buf;
209
210 ret = cr50_i2c_read(dev, addr, &buf, 1);
211 if (ret)
212 return ret;
213
214 if (force || (buf & mask) == mask) {
215 buf = TPM_ACCESS_ACTIVE_LOCALITY;
216 cr50_i2c_write(dev, addr, &buf, 1);
217 }
218
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]219 priv->locality = -1;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]220
221 return 0;
222}
223
224/* cr50 requires all 4 bytes of status register to be read */
225static int cr50_i2c_status(struct udevice *dev)
226{
227 struct cr50_priv *priv = dev_get_priv(dev);
228 u8 buf[4];
229 int ret;
230
231 ret = cr50_i2c_read(dev, tpm_sts(priv->locality), buf, sizeof(buf));
232 if (ret) {
233 log_warning("%s: Failed to read status\n", __func__);
234 return ret;
235 }
236
237 return buf[0];
238}
239
240/* cr50 requires all 4 bytes of status register to be written */
241static int cr50_i2c_ready(struct udevice *dev)
242{
243 struct cr50_priv *priv = dev_get_priv(dev);
244 u8 buf[4] = { TPM_STS_COMMAND_READY };
245 int ret;
246
247 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), buf, sizeof(buf));
248 if (ret)
249 return ret;
250
251 udelay(TIMEOUT_SHORT_US);
252
253 return 0;
254}
255
256static int cr50_i2c_wait_burststs(struct udevice *dev, u8 mask,
257 size_t *burst, int *status)
258{
259 struct cr50_priv *priv = dev_get_priv(dev);
260 ulong timeout;
261 u32 buf;
262
263 /*
264 * cr50 uses bytes 3:2 of status register for burst count and all 4
265 * bytes must be read
266 */
267 timeout = timer_get_us() + TIMEOUT_LONG_US;
268 while (timer_get_us() < timeout) {
269 if (cr50_i2c_read(dev, tpm_sts(priv->locality),
270 (u8 *)&buf, sizeof(buf)) < 0) {
271 udelay(TIMEOUT_SHORT_US);
272 continue;
273 }
274
275 *status = buf & 0xff;
276 *burst = le16_to_cpu((buf >> 8) & 0xffff);
277
278 if ((*status & mask) == mask &&
279 *burst > 0 && *burst <= CR50_MAX_BUF_SIZE)
280 return 0;
281
282 udelay(TIMEOUT_SHORT_US);
283 }
284
285 log_warning("Timeout reading burst and status\n");
286
287 return -ETIMEDOUT;
288}
289
290static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len)
291{
292 struct cr50_priv *priv = dev_get_priv(dev);
293 size_t burstcnt, expected, current, len;
294 u8 addr = tpm_data_fifo(priv->locality);
295 u8 mask = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
296 u32 expected_buf;
297 int status;
298 int ret;
299
300 log_debug("%s: len=%x\n", __func__, buf_len);
301 if (buf_len < TPM_HEADER_SIZE)
302 return -E2BIG;
303
304 ret = cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status);
305 if (ret < 0) {
306 log_warning("First chunk not available\n");
307 goto out_err;
308 }
309
310 /* Read first chunk of burstcnt bytes */
311 if (cr50_i2c_read(dev, addr, buf, burstcnt) < 0) {
312 log_warning("Read failed\n");
313 goto out_err;
314 }
315
316 /* Determine expected data in the return buffer */
317 memcpy(&expected_buf, buf + TPM_CMD_COUNT_OFFSET, sizeof(expected_buf));
318 expected = be32_to_cpu(expected_buf);
319 if (expected > buf_len) {
320 log_warning("Too much data: %zu > %zu\n", expected, buf_len);
321 goto out_err;
322 }
323
324 /* Now read the rest of the data */
325 current = burstcnt;
326 while (current < expected) {
327 /* Read updated burst count and check status */
328 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0) {
329 log_warning("- burst failure1\n");
330 goto out_err;
331 }
332
333 len = min(burstcnt, expected - current);
334 if (cr50_i2c_read(dev, addr, buf + current, len) != 0) {
335 log_warning("Read failed\n");
336 goto out_err;
337 }
338
339 current += len;
340 }
341
342 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt,
343 &status) < 0) {
344 log_warning("- burst failure2\n");
345 goto out_err;
346 }
347 if (status & TPM_STS_DATA_AVAIL) {
348 log_warning("Data still available\n");
349 goto out_err;
350 }
351
352 return current;
353
354out_err:
355 /* Abort current transaction if still pending */
356 ret = cr50_i2c_status(dev);
357 if (ret < 0)
358 return ret;
359 if (ret & TPM_STS_COMMAND_READY) {
360 ret = cr50_i2c_ready(dev);
361 if (ret)
362 return ret;
363 }
364
365 return -EIO;
366}
367
368static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len)
369{
370 struct cr50_priv *priv = dev_get_priv(dev);
371
372 int status;
373 size_t burstcnt, limit, sent = 0;
374 u8 tpm_go[4] = { TPM_STS_GO };
375 ulong timeout;
376 int ret;
377
378 log_debug("%s: len=%x\n", __func__, len);
379 timeout = timer_get_us() + TIMEOUT_LONG_US;
380 do {
381 ret = cr50_i2c_status(dev);
382 if (ret < 0)
383 goto out_err;
384 if (ret & TPM_STS_COMMAND_READY)
385 break;
386
387 if (timer_get_us() > timeout)
388 goto out_err;
389
390 ret = cr50_i2c_ready(dev);
391 if (ret)
392 goto out_err;
393 } while (1);
394
395 while (len > 0) {
396 u8 mask = TPM_STS_VALID;
397
398 /* Wait for data if this is not the first chunk */
399 if (sent > 0)
400 mask |= TPM_STS_DATA_EXPECT;
401
402 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0)
403 goto out_err;
404
405 /*
406 * Use burstcnt - 1 to account for the address byte
407 * that is inserted by cr50_i2c_write()
408 */
409 limit = min(burstcnt - 1, len);
410 if (cr50_i2c_write(dev, tpm_data_fifo(priv->locality),
411 &buf[sent], limit) != 0) {
412 log_warning("Write failed\n");
413 goto out_err;
414 }
415
416 sent += limit;
417 len -= limit;
418 }
419
420 /* Ensure TPM is not expecting more data */
421 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt, &status) < 0)
422 goto out_err;
423 if (status & TPM_STS_DATA_EXPECT) {
424 log_warning("Data still expected\n");
425 goto out_err;
426 }
427
428 /* Start the TPM command */
429 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), tpm_go,
430 sizeof(tpm_go));
431 if (ret) {
432 log_warning("Start command failed\n");
433 goto out_err;
434 }
435
436 return sent;
437
438out_err:
439 /* Abort current transaction if still pending */
440 ret = cr50_i2c_status(dev);
441
442 if (ret < 0 || (ret & TPM_STS_COMMAND_READY)) {
443 ret = cr50_i2c_ready(dev);
444 if (ret)
445 return ret;
446 }
447
448 return -EIO;
449}
450
451/**
452 * process_reset() - Wait for the Cr50 to reset
453 *
454 * Cr50 processes reset requests asynchronously and conceivably could be busy
455 * executing a long command and not reacting to the reset pulse for a while.
456 *
457 * This function will make sure that the AP does not proceed with boot until
458 * TPM finished reset processing.
459 *
460 * @dev: Cr50 device
461 * @return 0 if OK, -EPERM if locality could not be taken
462 */
463static int process_reset(struct udevice *dev)
464{
465 const int loc = 0;
466 u8 access;
467 ulong start;
468
469 /*
470 * Locality is released by TPM reset.
471 *
472 * If locality is taken at this point, this could be due to the fact
473 * that the TPM is performing a long operation and has not processed
474 * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
475 * it releases locality when reset is processed.
476 */
477 start = get_timer(0);
478 do {
479 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
480 int ret;
481
482 ret = cr50_i2c_read(dev, tpm_access(loc),
483 &access, sizeof(access));
484 if (ret || ((access & mask) == mask)) {
485 /*
486 * Don't bombard the chip with traffic; let it keep
487 * processing the command.
488 */
489 mdelay(2);
490 continue;
491 }
492
493 log_warning("TPM ready after %ld ms\n", get_timer(start));
494
495 return 0;
496 } while (get_timer(start) < TIMEOUT_INIT_MS);
497
498 log_warning("TPM failed to reset after %ld ms, status: %#x\n",
499 get_timer(start), access);
500
501 return -EPERM;
502}
503
504/*
505 * Locality could be already claimed (if this is a later U-Boot phase and the
506 * read-only U-Boot did not release it), or not yet claimed, if this is TPL or
507 * the older read-only U-Boot did release it.
508 */
509static int claim_locality(struct udevice *dev, int loc)
510{
511 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]512 struct cr50_priv *priv = dev_get_priv(dev);
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]513 u8 access;
514 int ret;
515
516 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
517 if (ret)
518 return log_msg_ret("read1", ret);
519
520 if ((access & mask) == mask) {
521 log_warning("Locality already claimed\n");
522 return 0;
523 }
524
525 access = TPM_ACCESS_REQUEST_USE;
526 ret = cr50_i2c_write(dev, tpm_access(loc), &access, sizeof(access));
527 if (ret)
528 return log_msg_ret("write", ret);
529
530 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
531 if (ret)
532 return log_msg_ret("read2", ret);
533
534 if ((access & mask) != mask) {
535 log_err("Failed to claim locality\n");
536 return -EPERM;
537 }
538 log_info("Claimed locality %d\n", loc);
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]539 priv->locality = loc;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]540
541 return 0;
542}
543
544static int cr50_i2c_get_desc(struct udevice *dev, char *buf, int size)
545{
546 struct dm_i2c_chip *chip = dev_get_parent_platdata(dev);
547 struct cr50_priv *priv = dev_get_priv(dev);
548
549 return snprintf(buf, size, "cr50 TPM 2.0 (i2c %02x id %x) irq=%d",
550 chip->chip_addr, priv->vendor >> 16, priv->use_irq);
551}
552
553static int cr50_i2c_open(struct udevice *dev)
554{
555 char buf[80];
556 int ret;
557
558 ret = process_reset(dev);
559 if (ret)
560 return log_msg_ret("reset", ret);
561
562 ret = claim_locality(dev, 0);
563 if (ret)
564 return log_msg_ret("claim", ret);
565
566 cr50_i2c_get_desc(dev, buf, sizeof(buf));
567 log_debug("%s\n", buf);
568
569 return 0;
570}
571
572static int cr50_i2c_cleanup(struct udevice *dev)
573{
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]574 struct cr50_priv *priv = dev_get_priv(dev);
575
576 printf("%s: cleanup %d\n", __func__, priv->locality);
577 if (priv->locality != -1)
578 release_locality(dev, 1);
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]579
580 return 0;
581}
582
583enum {
584 TPM_TIMEOUT_MS = 5,
585 SHORT_TIMEOUT_MS = 750,
586 LONG_TIMEOUT_MS = 2000,
587};
588
589static int cr50_i2c_ofdata_to_platdata(struct udevice *dev)
590{
591 struct tpm_chip_priv *upriv = dev_get_uclass_priv(dev);
592 struct cr50_priv *priv = dev_get_priv(dev);
593 struct irq irq;
594 int ret;
595
596 upriv->version = TPM_V2;
597 upriv->duration_ms[TPM_SHORT] = SHORT_TIMEOUT_MS;
598 upriv->duration_ms[TPM_MEDIUM] = LONG_TIMEOUT_MS;
599 upriv->duration_ms[TPM_LONG] = LONG_TIMEOUT_MS;
600 upriv->retry_time_ms = TPM_TIMEOUT_MS;
601
602 upriv->pcr_count = 32;
603 upriv->pcr_select_min = 2;
604
605 /* Optional GPIO to track when cr50 is ready */
606 ret = irq_get_by_index(dev, 0, &irq);
607 if (!ret) {
608 priv->irq = irq;
609 priv->use_irq = true;
610 } else {
Simon Glass32e8ee02020-04-08 16:57:24 -0600[diff] [blame]611 ret = gpio_request_by_name(dev, "ready-gpios", 0,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]612 &priv->ready_gpio, GPIOD_IS_IN);
613 if (ret) {
614 log_warning("Cr50 does not have an ready GPIO/interrupt (err=%d)\n",
615 ret);
616 }
617 }
618
619 return 0;
620}
621
622static int cr50_i2c_probe(struct udevice *dev)
623{
624 struct cr50_priv *priv = dev_get_priv(dev);
625 u32 vendor = 0;
626 ulong start;
627
628 /*
629 * 150ms should be enough to synchronise with the TPM even under the
630 * worst nested-reset-request conditions. In the vast majority of cases
631 * there will be no wait at all.
632 */
633 start = get_timer(0);
634 while (get_timer(start) < 150) {
635 int ret;
636
637 /* Exit once DID and VID verified */
638 ret = cr50_i2c_read(dev, tpm_did_vid(0), (u8 *)&vendor, 4);
639 if (!ret && vendor == CR50_DID_VID)
640 break;
641
642 /* TPM might be resetting; let's retry in a bit */
643 mdelay(10);
644 }
645 if (vendor != CR50_DID_VID) {
646 log_debug("DID_VID %08x not recognised\n", vendor);
647 return log_msg_ret("vendor-id", -EXDEV);
648 }
649 priv->vendor = vendor;
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]650 priv->locality = -1;
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]651
652 return 0;
653}
654
655static const struct tpm_ops cr50_i2c_ops = {
656 .open = cr50_i2c_open,
657 .get_desc = cr50_i2c_get_desc,
658 .send = cr50_i2c_send,
659 .recv = cr50_i2c_recv,
660 .cleanup = cr50_i2c_cleanup,
661};
662
663static const struct udevice_id cr50_i2c_ids[] = {
664 { .compatible = "google,cr50" },
665 { }
666};
667
668U_BOOT_DRIVER(cr50_i2c) = {
669 .name = "cr50_i2c",
670 .id = UCLASS_TPM,
671 .of_match = cr50_i2c_ids,
672 .ops = &cr50_i2c_ops,
673 .ofdata_to_platdata = cr50_i2c_ofdata_to_platdata,
674 .probe = cr50_i2c_probe,
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]675 .remove = cr50_i2c_cleanup,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]676 .priv_auto_alloc_size = sizeof(struct cr50_priv),
Simon Glass79b7ade2020-04-08 16:57:22 -0600[diff] [blame]677 .flags = DM_FLAG_OS_PREPARE,
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame]678};