1 /*-
2 * Copyright (c) 2018 Stormshield.
3 * Copyright (c) 2018 Semihalf.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
26 *
27 * $FreeBSD: head/sys/dev/tpm/tpm_tis.c 365144 2020-09-01 21:50:31Z mjg $
28 */
29
30 #include "tpm20.h"
31
32 /*
33 * TIS register space as defined in
34 * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
35 */
36 #define TPM_ACCESS 0x0
37 #define TPM_INT_ENABLE 0x8
38 #define TPM_INT_VECTOR 0xc
39 #define TPM_INT_STS 0x10
40 #define TPM_INTF_CAPS 0x14
41 #define TPM_STS 0x18
42 #define TPM_DATA_FIFO 0x24
43 #define TPM_INTF_ID 0x30
44 #define TPM_XDATA_FIFO 0x80
45 #define TPM_DID_VID 0xF00
46 #define TPM_RID 0xF04
47
48 #define TPM_ACCESS_LOC_REQ BIT(1)
49 #define TPM_ACCESS_LOC_Seize BIT(3)
50 #define TPM_ACCESS_LOC_ACTIVE BIT(5)
51 #define TPM_ACCESS_LOC_RELINQUISH BIT(5)
52 #define TPM_ACCESS_VALID BIT(7)
53
54 #define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31)
55 #define TPM_INT_ENABLE_CMD_RDY BIT(7)
56 #define TPM_INT_ENABLE_LOC_CHANGE BIT(2)
57 #define TPM_INT_ENABLE_STS_VALID BIT(1)
58 #define TPM_INT_ENABLE_DATA_AVAIL BIT(0)
59
60 #define TPM_INT_STS_CMD_RDY BIT(7)
61 #define TPM_INT_STS_LOC_CHANGE BIT(2)
62 #define TPM_INT_STS_VALID BIT(1)
63 #define TPM_INT_STS_DATA_AVAIL BIT(0)
64
65 #define TPM_INTF_CAPS_VERSION 0x70000000
66 #define TPM_INTF_CAPS_TPM20 0x30000000
67
68 #define TPM_STS_VALID BIT(7)
69 #define TPM_STS_CMD_RDY BIT(6)
70 #define TPM_STS_CMD_START BIT(5)
71 #define TPM_STS_DATA_AVAIL BIT(4)
72 #define TPM_STS_DATA_EXPECTED BIT(3)
73 #define TPM_STS_BURST_MASK 0xFFFF00
74 #define TPM_STS_BURST_OFFSET 0x8
75
76 static int tpmtis_transmit(struct tpm_sc *sc, size_t length);
77
78 static int tpmtis_acpi_probe(device_t dev);
79 static int tpmtis_attach(device_t dev);
80 static int tpmtis_detach(device_t dev);
81
82 static void tpmtis_intr_handler(void *arg);
83
84 static ACPI_STATUS tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg);
85 static bool tpmtis_setup_intr(struct tpm_sc *sc);
86
87 static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
88 static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
89 static bool tpmtis_request_locality(struct tpm_sc *sc, int locality);
90 static void tpmtis_relinquish_locality(struct tpm_sc *sc);
91 static bool tpmtis_go_ready(struct tpm_sc *sc);
92
93 static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off,
94 uint32_t mask, uint32_t val, int32_t timeout);
95
96 static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc);
97
98 char *tpmtis_ids[] = {"MSFT0101", NULL};
99
100 static int
tpmtis_acpi_probe(device_t dev)101 tpmtis_acpi_probe(device_t dev)
102 {
103 int err = 0;
104 ACPI_TABLE_TPM23 *tbl;
105 ACPI_STATUS status;
106
107 if (ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids) == NULL) {
108 err = ENXIO;
109 goto fail;
110 }
111 /*Find TPM2 Header*/
112 status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl);
113 if(ACPI_FAILURE(status) ||
114 tbl->StartMethod != TPM2_START_METHOD_TIS)
115 err = ENXIO;
116
117 device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode");
118 fail:
119 return (err);
120 }
121
122 static int
tpmtis_attach(device_t dev)123 tpmtis_attach(device_t dev)
124 {
125 struct tpm_sc *sc;
126 int result;
127
128 sc = device_get_softc(dev);
129 sc->dev = dev;
130
131 sc->mem_rid = 0;
132 sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
133 RF_ACTIVE);
134 if (sc->mem_res == NULL)
135 return (ENXIO);
136
137 sc->irq_rid = 0;
138 sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
139 RF_ACTIVE | RF_SHAREABLE);
140 if (sc->irq_res != NULL) {
141 if (bus_setup_intr(dev, sc->irq_res, INTR_MPSAFE,
142 tpmtis_intr_handler, sc, &sc->intr_cookie, NULL))
143 sc->interrupts = false;
144 else
145 sc->interrupts = tpmtis_setup_intr(sc);
146 } else {
147 sc->interrupts = false;
148 }
149
150 sc->intr_type = -1;
151
152 sc->transmit = tpmtis_transmit;
153
154 result = tpm20_init(sc);
155 if (result != 0)
156 tpmtis_detach(dev);
157
158 return (result);
159 }
160
161 static int
tpmtis_detach(device_t dev)162 tpmtis_detach(device_t dev)
163 {
164 struct tpm_sc *sc;
165
166 sc = device_get_softc(dev);
167 tpm20_release(sc);
168
169 if (sc->intr_cookie != NULL)
170 bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
171
172 if (sc->irq_res != NULL)
173 bus_release_resource(dev, SYS_RES_IRQ,
174 sc->irq_rid, sc->irq_res);
175
176 if (sc->mem_res != NULL)
177 bus_release_resource(dev, SYS_RES_MEMORY,
178 sc->mem_rid, sc->mem_res);
179
180 return (0);
181 }
182
183 static ACPI_STATUS
tpmtis_get_SIRQ_channel(ACPI_RESOURCE * res,void * arg)184 tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg)
185 {
186 struct tpm_sc *sc;
187 uint8_t channel;
188
189 sc = (struct tpm_sc *)arg;
190
191 switch (res->Type) {
192 case ACPI_RESOURCE_TYPE_IRQ:
193 channel = res->Data.Irq.Interrupts[0];
194 break;
195 case ACPI_RESOURCE_TYPE_EXTENDED_IRQ:
196 channel = res->Data.ExtendedIrq.Interrupts[0];
197 break;
198 default:
199 return (AE_OK);
200 }
201
202 WR1(sc, TPM_INT_VECTOR, channel);
203 return (AE_OK);
204 }
205
206 static bool
tpmtis_setup_intr(struct tpm_sc * sc)207 tpmtis_setup_intr(struct tpm_sc *sc)
208 {
209 ACPI_STATUS status;
210 ACPI_HANDLE handle;
211 uint32_t irq_mask;
212
213 handle = acpi_get_handle(sc->dev);
214
215 if(!tpmtis_request_locality(sc, 0))
216 return (false);
217
218 irq_mask = RD4(sc, TPM_INT_ENABLE);
219 irq_mask |= TPM_INT_ENABLE_GLOBAL_ENABLE |
220 TPM_INT_ENABLE_DATA_AVAIL |
221 TPM_INT_ENABLE_LOC_CHANGE |
222 TPM_INT_ENABLE_CMD_RDY |
223 TPM_INT_ENABLE_STS_VALID;
224 WR4(sc, TPM_INT_ENABLE, irq_mask);
225
226 status = AcpiWalkResources(handle, "_CRS",
227 tpmtis_get_SIRQ_channel, (void *)sc);
228
229 tpmtis_relinquish_locality(sc);
230
231 return (ACPI_SUCCESS(status));
232 }
233
234 static void
tpmtis_intr_handler(void * arg)235 tpmtis_intr_handler(void *arg)
236 {
237 struct tpm_sc *sc;
238 uint32_t status;
239
240 sc = (struct tpm_sc *)arg;
241 status = RD4(sc, TPM_INT_STS);
242
243 WR4(sc, TPM_INT_STS, status);
244 if (sc->intr_type != -1 && sc->intr_type & status)
245 wakeup(sc);
246 }
247
248 static bool
tpm_wait_for_u32(struct tpm_sc * sc,bus_size_t off,uint32_t mask,uint32_t val,int32_t timeout)249 tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val,
250 int32_t timeout)
251 {
252
253 /* Check for condition */
254 if ((RD4(sc, off) & mask) == val)
255 return (true);
256
257 /* If interrupts are enabled sleep for timeout duration */
258 if(sc->interrupts && sc->intr_type != -1) {
259 tsleep(sc, 0, "TPM WITH INTERRUPTS", timeout / ustick);
260
261 sc->intr_type = -1;
262 return ((RD4(sc, off) & mask) == val);
263 }
264
265 /* If we don't have interrupts poll the device every tick */
266 while (timeout > 0) {
267 if ((RD4(sc, off) & mask) == val)
268 return (true);
269
270 tsleep(tpm_wait_for_u32, 0, "TPM POLLING", 1);
271 timeout -= ustick;
272 }
273 return (false);
274 }
275
276 static uint16_t
tpmtis_wait_for_burst(struct tpm_sc * sc)277 tpmtis_wait_for_burst(struct tpm_sc *sc)
278 {
279 int timeout;
280 uint16_t burst_count;
281
282 timeout = TPM_TIMEOUT_A;
283
284 while (timeout-- > 0) {
285 burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >>
286 TPM_STS_BURST_OFFSET;
287 if (burst_count > 0)
288 break;
289
290 DELAY(1);
291 }
292 return (burst_count);
293 }
294
295 static bool
tpmtis_read_bytes(struct tpm_sc * sc,size_t count,uint8_t * buf)296 tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
297 {
298 uint16_t burst_count;
299
300 while (count > 0) {
301 burst_count = tpmtis_wait_for_burst(sc);
302 if (burst_count == 0)
303 return (false);
304
305 burst_count = MIN(burst_count, count);
306 count -= burst_count;
307
308 while (burst_count-- > 0)
309 *buf++ = RD1(sc, TPM_DATA_FIFO);
310 }
311
312 return (true);
313 }
314
315 static bool
tpmtis_write_bytes(struct tpm_sc * sc,size_t count,uint8_t * buf)316 tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
317 {
318 uint16_t burst_count;
319
320 while (count > 0) {
321 burst_count = tpmtis_wait_for_burst(sc);
322 if (burst_count == 0)
323 return (false);
324
325 burst_count = MIN(burst_count, count);
326 count -= burst_count;
327
328 while (burst_count-- > 0)
329 WR1(sc, TPM_DATA_FIFO, *buf++);
330 }
331
332 return (true);
333 }
334
335 static bool
tpmtis_request_locality(struct tpm_sc * sc,int locality)336 tpmtis_request_locality(struct tpm_sc *sc, int locality)
337 {
338 uint8_t mask;
339 int timeout;
340
341 /* Currently we only support Locality 0 */
342 if (locality != 0)
343 return (false);
344
345 mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID;
346 timeout = TPM_TIMEOUT_A;
347 sc->intr_type = TPM_INT_STS_LOC_CHANGE;
348
349 WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ);
350 bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE);
351 if(sc->interrupts) {
352 tsleep(sc, 0, "TPMLOCREQUEST with INTR", timeout / ustick);
353 return ((RD1(sc, TPM_ACCESS) & mask) == mask);
354 } else {
355 while(timeout > 0) {
356 if ((RD1(sc, TPM_ACCESS) & mask) == mask)
357 return (true);
358
359 tsleep(tpmtis_request_locality, 0,
360 "TPMLOCREQUEST POLLING", 1);
361 timeout -= ustick;
362 }
363 }
364
365 return (false);
366 }
367
368 static void
tpmtis_relinquish_locality(struct tpm_sc * sc)369 tpmtis_relinquish_locality(struct tpm_sc *sc)
370 {
371
372 /*
373 * Interrupts can only be cleared when a locality is active.
374 * Clear them now in case interrupt handler didn't make it in time.
375 */
376 if(sc->interrupts)
377 AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS));
378
379 OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH);
380 }
381
382 static bool
tpmtis_go_ready(struct tpm_sc * sc)383 tpmtis_go_ready(struct tpm_sc *sc)
384 {
385 uint32_t mask;
386
387 mask = TPM_STS_CMD_RDY;
388 sc->intr_type = TPM_INT_STS_CMD_RDY;
389
390 WR4(sc, TPM_STS, TPM_STS_CMD_RDY);
391 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
392 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B))
393 return (false);
394
395 return (true);
396 }
397
398 static int
tpmtis_transmit(struct tpm_sc * sc,size_t length)399 tpmtis_transmit(struct tpm_sc *sc, size_t length)
400 {
401 size_t bytes_available;
402 uint32_t mask, curr_cmd;
403 int timeout;
404
405 KKASSERT(lockstatus(&sc->dev_lock, curthread) == LK_EXCLUSIVE);
406
407 if (!tpmtis_request_locality(sc, 0)) {
408 device_printf(sc->dev,
409 "Failed to obtain locality\n");
410 return (EIO);
411 }
412 if (!tpmtis_go_ready(sc)) {
413 device_printf(sc->dev,
414 "Failed to switch to ready state\n");
415 return (EIO);
416 }
417 if (!tpmtis_write_bytes(sc, length, sc->buf)) {
418 device_printf(sc->dev,
419 "Failed to write cmd to device\n");
420 return (EIO);
421 }
422
423 mask = TPM_STS_VALID;
424 sc->intr_type = TPM_INT_STS_VALID;
425 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) {
426 device_printf(sc->dev,
427 "Timeout while waiting for valid bit\n");
428 return (EIO);
429 }
430 if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) {
431 device_printf(sc->dev,
432 "Device expects more data even though we already"
433 " sent everything we had\n");
434 return (EIO);
435 }
436
437 /*
438 * Calculate timeout for current command.
439 * Command code is passed in bytes 6-10.
440 */
441 curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6]));
442 timeout = tpm20_get_timeout(curr_cmd);
443
444 WR4(sc, TPM_STS, TPM_STS_CMD_START);
445 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
446
447 mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
448 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
449 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) {
450 device_printf(sc->dev,
451 "Timeout while waiting for device to process cmd\n");
452 /*
453 * Switching to ready state also cancels processing
454 * current command
455 */
456 if (!tpmtis_go_ready(sc))
457 return (EIO);
458
459 /*
460 * After canceling a command we should get a response,
461 * check if there is one.
462 */
463 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
464 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C))
465 return (EIO);
466 }
467 /* Read response header. Length is passed in bytes 2 - 6. */
468 if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) {
469 device_printf(sc->dev,
470 "Failed to read response header\n");
471 return (EIO);
472 }
473 bytes_available = be32toh(*(uint32_t *) (&sc->buf[2]));
474
475 if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) {
476 device_printf(sc->dev,
477 "Incorrect response size: %zu\n",
478 bytes_available);
479 return (EIO);
480 }
481 if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE,
482 &sc->buf[TPM_HEADER_SIZE])) {
483 device_printf(sc->dev,
484 "Failed to read response\n");
485 return (EIO);
486 }
487 tpmtis_relinquish_locality(sc);
488 sc->pending_data_length = bytes_available;
489
490 return (0);
491 }
492
493 /* ACPI Driver */
494 static device_method_t tpmtis_methods[] = {
495 DEVMETHOD(device_probe, tpmtis_acpi_probe),
496 DEVMETHOD(device_attach, tpmtis_attach),
497 DEVMETHOD(device_detach, tpmtis_detach),
498 DEVMETHOD(device_shutdown, tpm20_shutdown),
499 DEVMETHOD(device_suspend, tpm20_suspend),
500 {0, 0}
501 };
502 static driver_t tpmtis_driver = {
503 "tpmtis", tpmtis_methods, sizeof(struct tpm_sc),
504 };
505
506 devclass_t tpmtis_devclass;
507 DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, tpmtis_devclass, NULL, NULL);
508