1 /*- 2 * Copyright (c) 2018 Stormshield. 3 * Copyright (c) 2018 Semihalf. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 * 27 * $FreeBSD: head/sys/dev/tpm/tpm_tis.c 365144 2020-09-01 21:50:31Z mjg $ 28 */ 29 30 #include "tpm20.h" 31 32 /* 33 * TIS register space as defined in 34 * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22 35 */ 36 #define TPM_ACCESS 0x0 37 #define TPM_INT_ENABLE 0x8 38 #define TPM_INT_VECTOR 0xc 39 #define TPM_INT_STS 0x10 40 #define TPM_INTF_CAPS 0x14 41 #define TPM_STS 0x18 42 #define TPM_DATA_FIFO 0x24 43 #define TPM_INTF_ID 0x30 44 #define TPM_XDATA_FIFO 0x80 45 #define TPM_DID_VID 0xF00 46 #define TPM_RID 0xF04 47 48 #define TPM_ACCESS_LOC_REQ BIT(1) 49 #define TPM_ACCESS_LOC_Seize BIT(3) 50 #define TPM_ACCESS_LOC_ACTIVE BIT(5) 51 #define TPM_ACCESS_LOC_RELINQUISH BIT(5) 52 #define TPM_ACCESS_VALID BIT(7) 53 54 #define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31) 55 #define TPM_INT_ENABLE_CMD_RDY BIT(7) 56 #define TPM_INT_ENABLE_LOC_CHANGE BIT(2) 57 #define TPM_INT_ENABLE_STS_VALID BIT(1) 58 #define TPM_INT_ENABLE_DATA_AVAIL BIT(0) 59 60 #define TPM_INT_STS_CMD_RDY BIT(7) 61 #define TPM_INT_STS_LOC_CHANGE BIT(2) 62 #define TPM_INT_STS_VALID BIT(1) 63 #define TPM_INT_STS_DATA_AVAIL BIT(0) 64 65 #define TPM_INTF_CAPS_VERSION 0x70000000 66 #define TPM_INTF_CAPS_TPM20 0x30000000 67 68 #define TPM_STS_VALID BIT(7) 69 #define TPM_STS_CMD_RDY BIT(6) 70 #define TPM_STS_CMD_START BIT(5) 71 #define TPM_STS_DATA_AVAIL BIT(4) 72 #define TPM_STS_DATA_EXPECTED BIT(3) 73 #define TPM_STS_BURST_MASK 0xFFFF00 74 #define TPM_STS_BURST_OFFSET 0x8 75 76 static int tpmtis_transmit(struct tpm_sc *sc, size_t length); 77 78 static int tpmtis_acpi_probe(device_t dev); 79 static int tpmtis_attach(device_t dev); 80 static int tpmtis_detach(device_t dev); 81 82 static void tpmtis_intr_handler(void *arg); 83 84 static ACPI_STATUS tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg); 85 static bool tpmtis_setup_intr(struct tpm_sc *sc); 86 87 static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); 88 static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); 89 static bool tpmtis_request_locality(struct tpm_sc *sc, int locality); 90 static void tpmtis_relinquish_locality(struct tpm_sc *sc); 91 static bool tpmtis_go_ready(struct tpm_sc *sc); 92 93 static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, 94 uint32_t mask, uint32_t val, int32_t timeout); 95 96 static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc); 97 98 char *tpmtis_ids[] = {"MSFT0101", NULL}; 99 100 static int 101 tpmtis_acpi_probe(device_t dev) 102 { 103 int err = 0; 104 ACPI_TABLE_TPM23 *tbl; 105 ACPI_STATUS status; 106 107 if (ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids) == NULL) { 108 err = ENXIO; 109 goto fail; 110 } 111 /*Find TPM2 Header*/ 112 status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl); 113 if(ACPI_FAILURE(status) || 114 tbl->StartMethod != TPM2_START_METHOD_TIS) 115 err = ENXIO; 116 117 device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode"); 118 fail: 119 return (err); 120 } 121 122 static int 123 tpmtis_attach(device_t dev) 124 { 125 struct tpm_sc *sc; 126 int result; 127 128 sc = device_get_softc(dev); 129 sc->dev = dev; 130 131 sc->mem_rid = 0; 132 sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid, 133 RF_ACTIVE); 134 if (sc->mem_res == NULL) 135 return (ENXIO); 136 137 sc->irq_rid = 0; 138 sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid, 139 RF_ACTIVE | RF_SHAREABLE); 140 if (sc->irq_res != NULL) { 141 if (bus_setup_intr(dev, sc->irq_res, INTR_MPSAFE, 142 tpmtis_intr_handler, sc, &sc->intr_cookie, NULL)) 143 sc->interrupts = false; 144 else 145 sc->interrupts = tpmtis_setup_intr(sc); 146 } else { 147 sc->interrupts = false; 148 } 149 150 sc->intr_type = -1; 151 152 sc->transmit = tpmtis_transmit; 153 154 result = tpm20_init(sc); 155 if (result != 0) 156 tpmtis_detach(dev); 157 158 return (result); 159 } 160 161 static int 162 tpmtis_detach(device_t dev) 163 { 164 struct tpm_sc *sc; 165 166 sc = device_get_softc(dev); 167 tpm20_release(sc); 168 169 if (sc->intr_cookie != NULL) 170 bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie); 171 172 if (sc->irq_res != NULL) 173 bus_release_resource(dev, SYS_RES_IRQ, 174 sc->irq_rid, sc->irq_res); 175 176 if (sc->mem_res != NULL) 177 bus_release_resource(dev, SYS_RES_MEMORY, 178 sc->mem_rid, sc->mem_res); 179 180 return (0); 181 } 182 183 static ACPI_STATUS 184 tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg) 185 { 186 struct tpm_sc *sc; 187 uint8_t channel; 188 189 sc = (struct tpm_sc *)arg; 190 191 switch (res->Type) { 192 case ACPI_RESOURCE_TYPE_IRQ: 193 channel = res->Data.Irq.Interrupts[0]; 194 break; 195 case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: 196 channel = res->Data.ExtendedIrq.Interrupts[0]; 197 break; 198 default: 199 return (AE_OK); 200 } 201 202 WR1(sc, TPM_INT_VECTOR, channel); 203 return (AE_OK); 204 } 205 206 static bool 207 tpmtis_setup_intr(struct tpm_sc *sc) 208 { 209 ACPI_STATUS status; 210 ACPI_HANDLE handle; 211 uint32_t irq_mask; 212 213 handle = acpi_get_handle(sc->dev); 214 215 if(!tpmtis_request_locality(sc, 0)) 216 return (false); 217 218 irq_mask = RD4(sc, TPM_INT_ENABLE); 219 irq_mask |= TPM_INT_ENABLE_GLOBAL_ENABLE | 220 TPM_INT_ENABLE_DATA_AVAIL | 221 TPM_INT_ENABLE_LOC_CHANGE | 222 TPM_INT_ENABLE_CMD_RDY | 223 TPM_INT_ENABLE_STS_VALID; 224 WR4(sc, TPM_INT_ENABLE, irq_mask); 225 226 status = AcpiWalkResources(handle, "_CRS", 227 tpmtis_get_SIRQ_channel, (void *)sc); 228 229 tpmtis_relinquish_locality(sc); 230 231 return (ACPI_SUCCESS(status)); 232 } 233 234 static void 235 tpmtis_intr_handler(void *arg) 236 { 237 struct tpm_sc *sc; 238 uint32_t status; 239 240 sc = (struct tpm_sc *)arg; 241 status = RD4(sc, TPM_INT_STS); 242 243 WR4(sc, TPM_INT_STS, status); 244 if (sc->intr_type != -1 && sc->intr_type & status) 245 wakeup(sc); 246 } 247 248 static bool 249 tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val, 250 int32_t timeout) 251 { 252 253 /* Check for condition */ 254 if ((RD4(sc, off) & mask) == val) 255 return (true); 256 257 /* If interrupts are enabled sleep for timeout duration */ 258 if(sc->interrupts && sc->intr_type != -1) { 259 tsleep(sc, 0, "TPM WITH INTERRUPTS", timeout / ustick); 260 261 sc->intr_type = -1; 262 return ((RD4(sc, off) & mask) == val); 263 } 264 265 /* If we don't have interrupts poll the device every tick */ 266 while (timeout > 0) { 267 if ((RD4(sc, off) & mask) == val) 268 return (true); 269 270 tsleep(tpm_wait_for_u32, 0, "TPM POLLING", 1); 271 timeout -= ustick; 272 } 273 return (false); 274 } 275 276 static uint16_t 277 tpmtis_wait_for_burst(struct tpm_sc *sc) 278 { 279 int timeout; 280 uint16_t burst_count; 281 282 timeout = TPM_TIMEOUT_A; 283 284 while (timeout-- > 0) { 285 burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >> 286 TPM_STS_BURST_OFFSET; 287 if (burst_count > 0) 288 break; 289 290 DELAY(1); 291 } 292 return (burst_count); 293 } 294 295 static bool 296 tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf) 297 { 298 uint16_t burst_count; 299 300 while (count > 0) { 301 burst_count = tpmtis_wait_for_burst(sc); 302 if (burst_count == 0) 303 return (false); 304 305 burst_count = MIN(burst_count, count); 306 count -= burst_count; 307 308 while (burst_count-- > 0) 309 *buf++ = RD1(sc, TPM_DATA_FIFO); 310 } 311 312 return (true); 313 } 314 315 static bool 316 tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf) 317 { 318 uint16_t burst_count; 319 320 while (count > 0) { 321 burst_count = tpmtis_wait_for_burst(sc); 322 if (burst_count == 0) 323 return (false); 324 325 burst_count = MIN(burst_count, count); 326 count -= burst_count; 327 328 while (burst_count-- > 0) 329 WR1(sc, TPM_DATA_FIFO, *buf++); 330 } 331 332 return (true); 333 } 334 335 static bool 336 tpmtis_request_locality(struct tpm_sc *sc, int locality) 337 { 338 uint8_t mask; 339 int timeout; 340 341 /* Currently we only support Locality 0 */ 342 if (locality != 0) 343 return (false); 344 345 mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID; 346 timeout = TPM_TIMEOUT_A; 347 sc->intr_type = TPM_INT_STS_LOC_CHANGE; 348 349 WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ); 350 bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE); 351 if(sc->interrupts) { 352 tsleep(sc, 0, "TPMLOCREQUEST with INTR", timeout / ustick); 353 return ((RD1(sc, TPM_ACCESS) & mask) == mask); 354 } else { 355 while(timeout > 0) { 356 if ((RD1(sc, TPM_ACCESS) & mask) == mask) 357 return (true); 358 359 tsleep(tpmtis_request_locality, 0, 360 "TPMLOCREQUEST POLLING", 1); 361 timeout -= ustick; 362 } 363 } 364 365 return (false); 366 } 367 368 static void 369 tpmtis_relinquish_locality(struct tpm_sc *sc) 370 { 371 372 /* 373 * Interrupts can only be cleared when a locality is active. 374 * Clear them now in case interrupt handler didn't make it in time. 375 */ 376 if(sc->interrupts) 377 AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS)); 378 379 OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH); 380 } 381 382 static bool 383 tpmtis_go_ready(struct tpm_sc *sc) 384 { 385 uint32_t mask; 386 387 mask = TPM_STS_CMD_RDY; 388 sc->intr_type = TPM_INT_STS_CMD_RDY; 389 390 WR4(sc, TPM_STS, TPM_STS_CMD_RDY); 391 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE); 392 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B)) 393 return (false); 394 395 return (true); 396 } 397 398 static int 399 tpmtis_transmit(struct tpm_sc *sc, size_t length) 400 { 401 size_t bytes_available; 402 uint32_t mask, curr_cmd; 403 int timeout; 404 405 KKASSERT(lockstatus(&sc->dev_lock, curthread) == LK_EXCLUSIVE); 406 407 if (!tpmtis_request_locality(sc, 0)) { 408 device_printf(sc->dev, 409 "Failed to obtain locality\n"); 410 return (EIO); 411 } 412 if (!tpmtis_go_ready(sc)) { 413 device_printf(sc->dev, 414 "Failed to switch to ready state\n"); 415 return (EIO); 416 } 417 if (!tpmtis_write_bytes(sc, length, sc->buf)) { 418 device_printf(sc->dev, 419 "Failed to write cmd to device\n"); 420 return (EIO); 421 } 422 423 mask = TPM_STS_VALID; 424 sc->intr_type = TPM_INT_STS_VALID; 425 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) { 426 device_printf(sc->dev, 427 "Timeout while waiting for valid bit\n"); 428 return (EIO); 429 } 430 if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) { 431 device_printf(sc->dev, 432 "Device expects more data even though we already" 433 " sent everything we had\n"); 434 return (EIO); 435 } 436 437 /* 438 * Calculate timeout for current command. 439 * Command code is passed in bytes 6-10. 440 */ 441 curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6])); 442 timeout = tpm20_get_timeout(curr_cmd); 443 444 WR4(sc, TPM_STS, TPM_STS_CMD_START); 445 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE); 446 447 mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID; 448 sc->intr_type = TPM_INT_STS_DATA_AVAIL; 449 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) { 450 device_printf(sc->dev, 451 "Timeout while waiting for device to process cmd\n"); 452 /* 453 * Switching to ready state also cancels processing 454 * current command 455 */ 456 if (!tpmtis_go_ready(sc)) 457 return (EIO); 458 459 /* 460 * After canceling a command we should get a response, 461 * check if there is one. 462 */ 463 sc->intr_type = TPM_INT_STS_DATA_AVAIL; 464 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) 465 return (EIO); 466 } 467 /* Read response header. Length is passed in bytes 2 - 6. */ 468 if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) { 469 device_printf(sc->dev, 470 "Failed to read response header\n"); 471 return (EIO); 472 } 473 bytes_available = be32toh(*(uint32_t *) (&sc->buf[2])); 474 475 if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) { 476 device_printf(sc->dev, 477 "Incorrect response size: %zu\n", 478 bytes_available); 479 return (EIO); 480 } 481 if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE, 482 &sc->buf[TPM_HEADER_SIZE])) { 483 device_printf(sc->dev, 484 "Failed to read response\n"); 485 return (EIO); 486 } 487 tpmtis_relinquish_locality(sc); 488 sc->pending_data_length = bytes_available; 489 490 return (0); 491 } 492 493 /* ACPI Driver */ 494 static device_method_t tpmtis_methods[] = { 495 DEVMETHOD(device_probe, tpmtis_acpi_probe), 496 DEVMETHOD(device_attach, tpmtis_attach), 497 DEVMETHOD(device_detach, tpmtis_detach), 498 DEVMETHOD(device_shutdown, tpm20_shutdown), 499 DEVMETHOD(device_suspend, tpm20_suspend), 500 {0, 0} 501 }; 502 static driver_t tpmtis_driver = { 503 "tpmtis", tpmtis_methods, sizeof(struct tpm_sc), 504 }; 505 506 devclass_t tpmtis_devclass; 507 DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, tpmtis_devclass, NULL, NULL); 508