tpm_tis.c revision 346722 
159078Smdodd/*-
259078Smdodd * Copyright (c) 2018 Stormshield.
359078Smdodd * Copyright (c) 2018 Semihalf.
434480Sjulian * All rights reserved.
534480Sjulian *
634480Sjulian * Redistribution and use in source and binary forms, with or without
734480Sjulian * modification, are permitted provided that the following conditions
834480Sjulian * are met:
959078Smdodd * 1. Redistributions of source code must retain the above copyright
1034480Sjulian *    notice, this list of conditions and the following disclaimer.
1134480Sjulian * 2. Redistributions in binary form must reproduce the above copyright
1234480Sjulian *    notice, this list of conditions and the following disclaimer in the
1334480Sjulian *    documentation and/or other materials provided with the distribution.
1434480Sjulian *
1534480Sjulian * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1634480Sjulian * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1759078Smdodd * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1859078Smdodd * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
1934480Sjulian * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
2034480Sjulian * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
2134480Sjulian * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2234480Sjulian * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
2334480Sjulian * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
2434480Sjulian * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2559078Smdodd * POSSIBILITY OF SUCH DAMAGE.
2634480Sjulian */
2734480Sjulian
28119418Sobrien#include <sys/cdefs.h>
29119418Sobrien__FBSDID("$FreeBSD: stable/11/sys/dev/tpm/tpm_tis.c 346722 2019-04-26 01:20:39Z mw $");
30119418Sobrien
3134480Sjulian#include "tpm20.h"
3234480Sjulian
3334480Sjulian/*
3445791Speter * TIS register space as defined in
35117126Sscottl * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
36117126Sscottl */
3745791Speter#define TPM_ACCESS			0x0
3834480Sjulian#define TPM_INT_ENABLE		0x8
3939234Sgibbs#define TPM_INT_VECTOR		0xc
4045791Speter#define TPM_INT_STS			0x10
4145791Speter#define TPM_INTF_CAPS		0x14
4234480Sjulian#define TPM_STS				0x18
4359078Smdodd#define TPM_DATA_FIFO		0x24
4459078Smdodd#define TPM_INTF_ID			0x30
4539234Sgibbs#define TPM_XDATA_FIFO		0x80
4639234Sgibbs#define TPM_DID_VID			0xF00
4739234Sgibbs#define TPM_RID				0xF04
4839234Sgibbs
49112780Smdodd#define TPM_ACCESS_LOC_REQ			BIT(1)
5052042Smdodd#define TPM_ACCESS_LOC_Seize		BIT(3)
5152042Smdodd#define TPM_ACCESS_LOC_ACTIVE		BIT(5)
5252042Smdodd#define TPM_ACCESS_LOC_RELINQUISH	BIT(5)
5359078Smdodd#define TPM_ACCESS_VALID			BIT(7)
5459078Smdodd
5559078Smdodd#define TPM_INT_ENABLE_GLOBAL_ENABLE	BIT(31)
5659078Smdodd#define TPM_INT_ENABLE_CMD_RDY			BIT(7)
5759078Smdodd#define TPM_INT_ENABLE_LOC_CHANGE		BIT(2)
5859078Smdodd#define TPM_INT_ENABLE_STS_VALID		BIT(1)
5959078Smdodd#define TPM_INT_ENABLE_DATA_AVAIL		BIT(0)
6059078Smdodd
6159078Smdodd#define TPM_INT_STS_CMD_RDY		BIT(7)
6259078Smdodd#define TPM_INT_STS_LOC_CHANGE	BIT(2)
6359078Smdodd#define TPM_INT_STS_VALID		BIT(1)
6459078Smdodd#define TPM_INT_STS_DATA_AVAIL	BIT(0)
6559078Smdodd
6652042Smdodd#define TPM_INTF_CAPS_VERSION	0x70000000
6734480Sjulian#define TPM_INTF_CAPS_TPM20		0x30000000
6834480Sjulian
6959078Smdodd#define TPM_STS_VALID			BIT(7)
7059078Smdodd#define TPM_STS_CMD_RDY			BIT(6)
7159078Smdodd#define TPM_STS_CMD_START		BIT(5)
7234480Sjulian#define TPM_STS_DATA_AVAIL		BIT(4)
7339234Sgibbs#define TPM_STS_DATA_EXPECTED	BIT(3)
7459078Smdodd#define TPM_STS_BURST_MASK		0xFFFF00
7534480Sjulian#define TPM_STS_BURST_OFFSET	0x8
7652042Smdodd
7752042Smdoddstatic int tpmtis_transmit(struct tpm_sc *sc, size_t length);
7852042Smdodd
7934480Sjulianstatic int tpmtis_acpi_probe(device_t dev);
8045791Speterstatic int tpmtis_attach(device_t dev);
8145791Speterstatic int tpmtis_detach(device_t dev);
8245791Speter
8345791Speterstatic void tpmtis_intr_handler(void *arg);
8434480Sjulian
85112780Smdoddstatic ACPI_STATUS tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg);
86112780Smdoddstatic bool tpmtis_setup_intr(struct tpm_sc *sc);
87112780Smdodd
8845791Speterstatic bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
89112780Smdoddstatic bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
9052042Smdoddstatic bool tpmtis_request_locality(struct tpm_sc *sc, int locality);
9152042Smdoddstatic void tpmtis_relinquish_locality(struct tpm_sc *sc);
9252042Smdoddstatic bool tpmtis_go_ready(struct tpm_sc *sc);
9345791Speter
9434480Sjulianstatic bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off,
9552042Smdodd    uint32_t mask, uint32_t val, int32_t timeout);
9652042Smdoddstatic uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc);
9752042Smdodd
9845791Speterchar *tpmtis_ids[] = {"MSFT0101", NULL};
9945791Speter
10034480Sjulianstatic int
10134480Sjuliantpmtis_acpi_probe(device_t dev)
10245791Speter{
10359078Smdodd	int err = 0;
10434480Sjulian	ACPI_TABLE_TPM2 *tbl;
105112780Smdodd	ACPI_STATUS status;
10639234Sgibbs
10759078Smdodd	if (ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids) == NULL)
10834480Sjulian		return (ENXIO);
109112780Smdodd
11034480Sjulian	/*Find TPM2 Header*/
111112780Smdodd	status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl);
112112780Smdodd	if(ACPI_FAILURE(status) ||
113112780Smdodd	   tbl->StartMethod != TPM2_START_METHOD_TIS)
11459078Smdodd	    err = ENXIO;
115112780Smdodd
116112780Smdodd	device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode");
11745791Speter	return (err);
11859078Smdodd}
11934480Sjulian
120112780Smdoddstatic int
121112780Smdoddtpmtis_attach(device_t dev)
12239234Sgibbs{
12339234Sgibbs	struct tpm_sc *sc;
12459078Smdodd	int result;
12559078Smdodd
12659078Smdodd	sc = device_get_softc(dev);
12759078Smdodd	sc->dev = dev;
12859078Smdodd
12959078Smdodd	sc->mem_rid = 0;
13059078Smdodd	sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
13159078Smdodd		    RF_ACTIVE);
132104710Speter	if (sc->mem_res == NULL)
13359078Smdodd		return (ENXIO);
134117126Sscottl
135117126Sscottl	sc->irq_rid = 0;
136117126Sscottl	sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
13759078Smdodd		    RF_ACTIVE | RF_SHAREABLE);
13859078Smdodd	if (sc->irq_res != NULL) {
13945791Speter		if (bus_setup_intr(dev, sc->irq_res, INTR_TYPE_MISC | INTR_MPSAFE,
14034480Sjulian		    NULL, tpmtis_intr_handler, sc, &sc->intr_cookie))
14134480Sjulian			sc->interrupts = false;
14259078Smdodd		else
14334480Sjulian			sc->interrupts = tpmtis_setup_intr(sc);
14439234Sgibbs	} else {
145112780Smdodd		sc->interrupts = false;
14659078Smdodd	}
14745791Speter
14834480Sjulian	sc->intr_type = -1;
14934480Sjulian
15039234Sgibbs	sc->transmit = tpmtis_transmit;
15139234Sgibbs
15245791Speter	result = tpm20_init(sc);
15339234Sgibbs	if (result != 0)
15434480Sjulian		tpmtis_detach(dev);
155112780Smdodd
156112780Smdodd	return (result);
15759078Smdodd}
15859078Smdodd
15959078Smdoddstatic int
16059078Smdoddtpmtis_detach(device_t dev)
16145791Speter{
16259078Smdodd	struct tpm_sc *sc;
16359078Smdodd
16445791Speter	sc = device_get_softc(dev);
165112780Smdodd
16659078Smdodd	if (sc->intr_cookie != NULL)
167142357Ssam		bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
168112780Smdodd
16959078Smdodd	if (sc->irq_res != NULL)
17034480Sjulian		bus_release_resource(dev, SYS_RES_IRQ,
17134480Sjulian		    sc->irq_rid, sc->irq_res);
17234480Sjulian
17334480Sjulian	if (sc->mem_res != NULL)
17434480Sjulian		bus_release_resource(dev, SYS_RES_MEMORY,
17534480Sjulian		    sc->mem_rid, sc->mem_res);
17634480Sjulian
17759078Smdodd	tpm20_release(sc);
17859078Smdodd	return (0);
17959078Smdodd}
18059078Smdodd
18159078Smdoddstatic ACPI_STATUS
18259078Smdoddtpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg)
18359078Smdodd{
18459078Smdodd	struct tpm_sc *sc;
18559078Smdodd	uint8_t channel;
18659078Smdodd
18759078Smdodd	sc = (struct tpm_sc *)arg;
18859078Smdodd
18959078Smdodd	switch (res->Type) {
19059078Smdodd	case ACPI_RESOURCE_TYPE_IRQ:
19134480Sjulian		channel = res->Data.Irq.Interrupts[0];
19234480Sjulian		break;
19334480Sjulian	case ACPI_RESOURCE_TYPE_EXTENDED_IRQ:
19434480Sjulian		channel = res->Data.ExtendedIrq.Interrupts[0];
19534480Sjulian		break;
19634480Sjulian	default:
19734480Sjulian		return (AE_OK);
19834480Sjulian	}
19945791Speter
20045791Speter	WR1(sc, TPM_INT_VECTOR, channel);
20145791Speter	return (AE_OK);
20245791Speter}
203112780Smdodd
20445791Speterstatic bool
20545791Spetertpmtis_setup_intr(struct tpm_sc *sc)
20645791Speter{
20745791Speter	ACPI_STATUS status;
20845791Speter	ACPI_HANDLE handle;
20945791Speter	uint32_t irq_mask;
21045791Speter
21159078Smdodd	handle = acpi_get_handle(sc->dev);
21245791Speter
21345791Speter	if(!tpmtis_request_locality(sc, 0))
21445791Speter		return (false);
215165102Smjacob
216165102Smjacob	irq_mask = RD4(sc, TPM_INT_ENABLE);
217	irq_mask |= TPM_INT_ENABLE_GLOBAL_ENABLE |
218	    TPM_INT_ENABLE_DATA_AVAIL |
219	    TPM_INT_ENABLE_LOC_CHANGE |
220	    TPM_INT_ENABLE_CMD_RDY |
221	    TPM_INT_ENABLE_STS_VALID;
222	WR4(sc, TPM_INT_ENABLE, irq_mask);
223
224	status = AcpiWalkResources(handle, "_CRS",
225	    tpmtis_get_SIRQ_channel, (void *)sc);
226
227	tpmtis_relinquish_locality(sc);
228
229	return (ACPI_SUCCESS(status));
230}
231
232static void
233tpmtis_intr_handler(void *arg)
234{
235	struct tpm_sc *sc;
236	uint32_t status;
237
238	sc = (struct tpm_sc *)arg;
239	status = RD4(sc, TPM_INT_STS);
240
241	WR4(sc, TPM_INT_STS, status);
242	if (sc->intr_type != -1 && sc->intr_type & status)
243		wakeup(sc);
244}
245
246static bool
247tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val,
248    int32_t timeout)
249{
250
251	/* Check for condition */
252	if ((RD4(sc, off) & mask) == val)
253		return (true);
254
255	/* If interrupts are enabled sleep for timeout duration */
256	if(sc->interrupts && sc->intr_type != -1) {
257		tsleep(sc, PWAIT, "TPM WITH INTERRUPTS", timeout / tick);
258
259		sc->intr_type = -1;
260		return ((RD4(sc, off) & mask) == val);
261	}
262
263	/* If we don't have interrupts poll the device every tick */
264	while (timeout > 0) {
265		if ((RD4(sc, off) & mask) == val)
266			return (true);
267
268		pause("TPM POLLING", 1);
269		timeout -= tick;
270	}
271	return (false);
272}
273
274static uint16_t
275tpmtis_wait_for_burst(struct tpm_sc *sc)
276{
277	int timeout;
278	uint16_t burst_count;
279
280	timeout = TPM_TIMEOUT_A;
281
282	while (timeout-- > 0) {
283		burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >>
284		    TPM_STS_BURST_OFFSET;
285		if (burst_count > 0)
286			break;
287
288		DELAY(1);
289	}
290	return (burst_count);
291}
292
293static bool
294tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
295{
296	uint16_t burst_count;
297
298	while (count > 0) {
299		burst_count = tpmtis_wait_for_burst(sc);
300		if (burst_count == 0)
301			return (false);
302
303		burst_count = MIN(burst_count, count);
304		count -= burst_count;
305
306		while (burst_count-- > 0)
307			*buf++ = RD1(sc, TPM_DATA_FIFO);
308	}
309
310	return (true);
311}
312
313static bool
314tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
315{
316	uint16_t burst_count;
317
318	while (count > 0) {
319		burst_count = tpmtis_wait_for_burst(sc);
320		if (burst_count == 0)
321			return (false);
322
323		burst_count = MIN(burst_count, count);
324		count -= burst_count;
325
326		while (burst_count-- > 0)
327			WR1(sc, TPM_DATA_FIFO, *buf++);
328	}
329
330	return (true);
331}
332
333
334static bool
335tpmtis_request_locality(struct tpm_sc *sc, int locality)
336{
337	uint8_t mask;
338	int timeout;
339
340	/* Currently we only support Locality 0 */
341	if (locality != 0)
342		return (false);
343
344	mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID;
345	timeout = TPM_TIMEOUT_A;
346	sc->intr_type = TPM_INT_STS_LOC_CHANGE;
347
348	WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ);
349	bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE);
350	if(sc->interrupts) {
351		tsleep(sc, PWAIT, "TPMLOCREQUEST with INTR", timeout / tick);
352		return ((RD1(sc, TPM_ACCESS) & mask) == mask);
353	} else  {
354		while(timeout > 0) {
355			if ((RD1(sc, TPM_ACCESS) & mask) == mask)
356				return (true);
357
358			pause("TPMLOCREQUEST POLLING", 1);
359			timeout -= tick;
360		}
361	}
362
363	return (false);
364}
365
366static void
367tpmtis_relinquish_locality(struct tpm_sc *sc)
368{
369
370	/*
371	 * Interrupts can only be cleared when a locality is active.
372	 * Clear them now in case interrupt handler didn't make it in time.
373	 */
374	if(sc->interrupts)
375		AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS));
376
377	OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH);
378}
379
380static bool
381tpmtis_go_ready(struct tpm_sc *sc)
382{
383	uint32_t mask;
384
385	mask = TPM_STS_CMD_RDY;
386	sc->intr_type = TPM_INT_STS_CMD_RDY;
387
388	OR4(sc, TPM_STS, TPM_STS_CMD_RDY);
389	bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
390	if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B))
391		return (false);
392
393	AND4(sc, TPM_STS, ~TPM_STS_CMD_RDY);
394	return (true);
395}
396
397static int
398tpmtis_transmit(struct tpm_sc *sc, size_t length)
399{
400	size_t bytes_available;
401	uint32_t mask, curr_cmd;
402	int timeout;
403
404	sx_assert(&sc->dev_lock, SA_XLOCKED);
405
406	if (!tpmtis_request_locality(sc, 0)) {
407		device_printf(sc->dev,
408		    "Failed to obtain locality\n");
409		return (EIO);
410	}
411	if (!tpmtis_go_ready(sc)) {
412		device_printf(sc->dev,
413		    "Failed to switch to ready state\n");
414		return (EIO);
415	}
416	if (!tpmtis_write_bytes(sc, length, sc->buf)) {
417		device_printf(sc->dev,
418		    "Failed to write cmd to device\n");
419		return (EIO);
420	}
421
422	mask = TPM_STS_VALID;
423	sc->intr_type = TPM_INT_STS_VALID;
424	if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) {
425		device_printf(sc->dev,
426		    "Timeout while waiting for valid bit\n");
427		return (EIO);
428	}
429	if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) {
430		device_printf(sc->dev,
431		    "Device expects more data even though we already"
432		    " sent everything we had\n");
433		return (EIO);
434	}
435
436	/*
437	 * Calculate timeout for current command.
438	 * Command code is passed in bytes 6-10.
439	 */
440	curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6]));
441	timeout = tpm20_get_timeout(curr_cmd);
442
443	WR4(sc, TPM_STS, TPM_STS_CMD_START);
444	bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
445
446	mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
447	sc->intr_type = TPM_INT_STS_DATA_AVAIL;
448	if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) {
449		device_printf(sc->dev,
450		    "Timeout while waiting for device to process cmd\n");
451		/*
452		 * Switching to ready state also cancels processing
453		 * current command
454		 */
455		if (!tpmtis_go_ready(sc))
456			return (EIO);
457
458		/*
459		 * After canceling a command we should get a response,
460		 * check if there is one.
461		 */
462		sc->intr_type = TPM_INT_STS_DATA_AVAIL;
463		if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C))
464			return (EIO);
465	}
466	/* Read response header. Length is passed in bytes 2 - 6. */
467	if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) {
468		device_printf(sc->dev,
469		    "Failed to read response header\n");
470		return (EIO);
471	}
472	bytes_available = be32toh(*(uint32_t *) (&sc->buf[2]));
473
474	if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) {
475		device_printf(sc->dev,
476		    "Incorrect response size: %zu\n",
477		    bytes_available);
478		return (EIO);
479	}
480	if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE,
481	    &sc->buf[TPM_HEADER_SIZE])) {
482		device_printf(sc->dev,
483		    "Failed to read response\n");
484		return (EIO);
485	}
486	tpmtis_relinquish_locality(sc);
487	sc->pending_data_length = bytes_available;
488
489	return (0);
490}
491
492/* ACPI Driver */
493static device_method_t tpmtis_methods[] = {
494	DEVMETHOD(device_probe,		tpmtis_acpi_probe),
495	DEVMETHOD(device_attach,	tpmtis_attach),
496	DEVMETHOD(device_detach,	tpmtis_detach),
497	DEVMETHOD(device_shutdown,	tpm20_shutdown),
498	DEVMETHOD(device_suspend,	tpm20_suspend),
499	{0, 0}
500};
501static driver_t	tpmtis_driver = {
502	"tpmtis", tpmtis_methods, sizeof(struct tpm_sc),
503};
504
505devclass_t tpmtis_devclass;
506DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, tpmtis_devclass, 0, 0);
507