1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2014 Intel Corporation 4 * 5 * Authors: 6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 7 * 8 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 9 * 10 * This device driver implements the TPM interface as defined in 11 * the TCG CRB 2.0 TPM specification. 12 */ 13 14 #include <linux/acpi.h> 15 #include <linux/highmem.h> 16 #include <linux/rculist.h> 17 #include <linux/module.h> 18 #include <linux/pm_runtime.h> 19 #ifdef CONFIG_ARM64 20 #include <linux/arm-smccc.h> 21 #endif 22 #include "tpm.h" 23 24 #define ACPI_SIG_TPM2 "TPM2" 25 #define TPM_CRB_MAX_RESOURCES 3 26 27 static const guid_t crb_acpi_start_guid = 28 GUID_INIT(0x6BBF6CAB, 0x5463, 0x4714, 29 0xB7, 0xCD, 0xF0, 0x20, 0x3C, 0x03, 0x68, 0xD4); 30 31 enum crb_defaults { 32 CRB_ACPI_START_REVISION_ID = 1, 33 CRB_ACPI_START_INDEX = 1, 34 }; 35 36 enum crb_loc_ctrl { 37 CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0), 38 CRB_LOC_CTRL_RELINQUISH = BIT(1), 39 }; 40 41 enum crb_loc_state { 42 CRB_LOC_STATE_LOC_ASSIGNED = BIT(1), 43 CRB_LOC_STATE_TPM_REG_VALID_STS = BIT(7), 44 }; 45 46 enum crb_ctrl_req { 47 CRB_CTRL_REQ_CMD_READY = BIT(0), 48 CRB_CTRL_REQ_GO_IDLE = BIT(1), 49 }; 50 51 enum crb_ctrl_sts { 52 CRB_CTRL_STS_ERROR = BIT(0), 53 CRB_CTRL_STS_TPM_IDLE = BIT(1), 54 }; 55 56 enum crb_start { 57 CRB_START_INVOKE = BIT(0), 58 }; 59 60 enum crb_cancel { 61 CRB_CANCEL_INVOKE = BIT(0), 62 }; 63 64 struct crb_regs_head { 65 u32 loc_state; 66 u32 reserved1; 67 u32 loc_ctrl; 68 u32 loc_sts; 69 u8 reserved2[32]; 70 u64 intf_id; 71 u64 ctrl_ext; 72 } __packed; 73 74 struct crb_regs_tail { 75 u32 ctrl_req; 76 u32 ctrl_sts; 77 u32 ctrl_cancel; 78 u32 ctrl_start; 79 u32 ctrl_int_enable; 80 u32 ctrl_int_sts; 81 u32 ctrl_cmd_size; 82 u32 ctrl_cmd_pa_low; 83 u32 ctrl_cmd_pa_high; 84 u32 ctrl_rsp_size; 85 u64 ctrl_rsp_pa; 86 } __packed; 87 88 enum crb_status { 89 CRB_DRV_STS_COMPLETE = BIT(0), 90 }; 91 92 struct crb_priv { 93 u32 sm; 94 const char *hid; 95 struct crb_regs_head __iomem *regs_h; 96 struct crb_regs_tail __iomem *regs_t; 97 u8 __iomem *cmd; 98 u8 __iomem *rsp; 99 u32 cmd_size; 100 u32 smc_func_id; 101 }; 102 103 struct tpm2_crb_smc { 104 u32 interrupt; 105 u8 interrupt_flags; 106 u8 op_flags; 107 u16 reserved2; 108 u32 smc_func_id; 109 }; 110 111 static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, 112 unsigned long timeout) 113 { 114 ktime_t start; 115 ktime_t stop; 116 117 start = ktime_get(); 118 stop = ktime_add(start, ms_to_ktime(timeout)); 119 120 do { 121 if ((ioread32(reg) & mask) == value) 122 return true; 123 124 usleep_range(50, 100); 125 } while (ktime_before(ktime_get(), stop)); 126 127 return ((ioread32(reg) & mask) == value); 128 } 129 130 /** 131 * __crb_go_idle - request tpm crb device to go the idle state 132 * 133 * @dev: crb device 134 * @priv: crb private data 135 * 136 * Write CRB_CTRL_REQ_GO_IDLE to TPM_CRB_CTRL_REQ 137 * The device should respond within TIMEOUT_C by clearing the bit. 138 * Anyhow, we do not wait here as a consequent CMD_READY request 139 * will be handled correctly even if idle was not completed. 140 * 141 * The function does nothing for devices with ACPI-start method 142 * or SMC-start method. 143 * 144 * Return: 0 always 145 */ 146 static int __crb_go_idle(struct device *dev, struct crb_priv *priv) 147 { 148 if ((priv->sm == ACPI_TPM2_START_METHOD) || 149 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || 150 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC)) 151 return 0; 152 153 iowrite32(CRB_CTRL_REQ_GO_IDLE, &priv->regs_t->ctrl_req); 154 155 if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_req, 156 CRB_CTRL_REQ_GO_IDLE/* mask */, 157 0, /* value */ 158 TPM2_TIMEOUT_C)) { 159 dev_warn(dev, "goIdle timed out\n"); 160 return -ETIME; 161 } 162 163 return 0; 164 } 165 166 static int crb_go_idle(struct tpm_chip *chip) 167 { 168 struct device *dev = &chip->dev; 169 struct crb_priv *priv = dev_get_drvdata(dev); 170 171 return __crb_go_idle(dev, priv); 172 } 173 174 /** 175 * __crb_cmd_ready - request tpm crb device to enter ready state 176 * 177 * @dev: crb device 178 * @priv: crb private data 179 * 180 * Write CRB_CTRL_REQ_CMD_READY to TPM_CRB_CTRL_REQ 181 * and poll till the device acknowledge it by clearing the bit. 182 * The device should respond within TIMEOUT_C. 183 * 184 * The function does nothing for devices with ACPI-start method 185 * or SMC-start method. 186 * 187 * Return: 0 on success -ETIME on timeout; 188 */ 189 static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) 190 { 191 if ((priv->sm == ACPI_TPM2_START_METHOD) || 192 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || 193 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC)) 194 return 0; 195 196 iowrite32(CRB_CTRL_REQ_CMD_READY, &priv->regs_t->ctrl_req); 197 if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_req, 198 CRB_CTRL_REQ_CMD_READY /* mask */, 199 0, /* value */ 200 TPM2_TIMEOUT_C)) { 201 dev_warn(dev, "cmdReady timed out\n"); 202 return -ETIME; 203 } 204 205 return 0; 206 } 207 208 static int crb_cmd_ready(struct tpm_chip *chip) 209 { 210 struct device *dev = &chip->dev; 211 struct crb_priv *priv = dev_get_drvdata(dev); 212 213 return __crb_cmd_ready(dev, priv); 214 } 215 216 static int __crb_request_locality(struct device *dev, 217 struct crb_priv *priv, int loc) 218 { 219 u32 value = CRB_LOC_STATE_LOC_ASSIGNED | 220 CRB_LOC_STATE_TPM_REG_VALID_STS; 221 222 if (!priv->regs_h) 223 return 0; 224 225 iowrite32(CRB_LOC_CTRL_REQUEST_ACCESS, &priv->regs_h->loc_ctrl); 226 if (!crb_wait_for_reg_32(&priv->regs_h->loc_state, value, value, 227 TPM2_TIMEOUT_C)) { 228 dev_warn(dev, "TPM_LOC_STATE_x.requestAccess timed out\n"); 229 return -ETIME; 230 } 231 232 return 0; 233 } 234 235 static int crb_request_locality(struct tpm_chip *chip, int loc) 236 { 237 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 238 239 return __crb_request_locality(&chip->dev, priv, loc); 240 } 241 242 static int __crb_relinquish_locality(struct device *dev, 243 struct crb_priv *priv, int loc) 244 { 245 u32 mask = CRB_LOC_STATE_LOC_ASSIGNED | 246 CRB_LOC_STATE_TPM_REG_VALID_STS; 247 u32 value = CRB_LOC_STATE_TPM_REG_VALID_STS; 248 249 if (!priv->regs_h) 250 return 0; 251 252 iowrite32(CRB_LOC_CTRL_RELINQUISH, &priv->regs_h->loc_ctrl); 253 if (!crb_wait_for_reg_32(&priv->regs_h->loc_state, mask, value, 254 TPM2_TIMEOUT_C)) { 255 dev_warn(dev, "TPM_LOC_STATE_x.requestAccess timed out\n"); 256 return -ETIME; 257 } 258 259 return 0; 260 } 261 262 static int crb_relinquish_locality(struct tpm_chip *chip, int loc) 263 { 264 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 265 266 return __crb_relinquish_locality(&chip->dev, priv, loc); 267 } 268 269 static u8 crb_status(struct tpm_chip *chip) 270 { 271 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 272 u8 sts = 0; 273 274 if ((ioread32(&priv->regs_t->ctrl_start) & CRB_START_INVOKE) != 275 CRB_START_INVOKE) 276 sts |= CRB_DRV_STS_COMPLETE; 277 278 return sts; 279 } 280 281 static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count) 282 { 283 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 284 unsigned int expected; 285 286 /* A sanity check that the upper layer wants to get at least the header 287 * as that is the minimum size for any TPM response. 288 */ 289 if (count < TPM_HEADER_SIZE) 290 return -EIO; 291 292 /* If this bit is set, according to the spec, the TPM is in 293 * unrecoverable condition. 294 */ 295 if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR) 296 return -EIO; 297 298 /* Read the first 8 bytes in order to get the length of the response. 299 * We read exactly a quad word in order to make sure that the remaining 300 * reads will be aligned. 301 */ 302 memcpy_fromio(buf, priv->rsp, 8); 303 304 expected = be32_to_cpup((__be32 *)&buf[2]); 305 if (expected > count || expected < TPM_HEADER_SIZE) 306 return -EIO; 307 308 memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8); 309 310 return expected; 311 } 312 313 static int crb_do_acpi_start(struct tpm_chip *chip) 314 { 315 union acpi_object *obj; 316 int rc; 317 318 obj = acpi_evaluate_dsm(chip->acpi_dev_handle, 319 &crb_acpi_start_guid, 320 CRB_ACPI_START_REVISION_ID, 321 CRB_ACPI_START_INDEX, 322 NULL); 323 if (!obj) 324 return -ENXIO; 325 rc = obj->integer.value == 0 ? 0 : -ENXIO; 326 ACPI_FREE(obj); 327 return rc; 328 } 329 330 #ifdef CONFIG_ARM64 331 /* 332 * This is a TPM Command Response Buffer start method that invokes a 333 * Secure Monitor Call to requrest the firmware to execute or cancel 334 * a TPM 2.0 command. 335 */ 336 static int tpm_crb_smc_start(struct device *dev, unsigned long func_id) 337 { 338 struct arm_smccc_res res; 339 340 arm_smccc_smc(func_id, 0, 0, 0, 0, 0, 0, 0, &res); 341 if (res.a0 != 0) { 342 dev_err(dev, 343 FW_BUG "tpm_crb_smc_start() returns res.a0 = 0x%lx\n", 344 res.a0); 345 return -EIO; 346 } 347 348 return 0; 349 } 350 #else 351 static int tpm_crb_smc_start(struct device *dev, unsigned long func_id) 352 { 353 dev_err(dev, FW_BUG "tpm_crb: incorrect start method\n"); 354 return -EINVAL; 355 } 356 #endif 357 358 static int crb_send(struct tpm_chip *chip, u8 *buf, size_t len) 359 { 360 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 361 int rc = 0; 362 363 /* Zero the cancel register so that the next command will not get 364 * canceled. 365 */ 366 iowrite32(0, &priv->regs_t->ctrl_cancel); 367 368 if (len > priv->cmd_size) { 369 dev_err(&chip->dev, "invalid command count value %zd %d\n", 370 len, priv->cmd_size); 371 return -E2BIG; 372 } 373 374 memcpy_toio(priv->cmd, buf, len); 375 376 /* Make sure that cmd is populated before issuing start. */ 377 wmb(); 378 379 /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs 380 * report only ACPI start but in practice seems to require both 381 * CRB start, hence invoking CRB start method if hid == MSFT0101. 382 */ 383 if ((priv->sm == ACPI_TPM2_COMMAND_BUFFER) || 384 (priv->sm == ACPI_TPM2_MEMORY_MAPPED) || 385 (!strcmp(priv->hid, "MSFT0101"))) 386 iowrite32(CRB_START_INVOKE, &priv->regs_t->ctrl_start); 387 388 if ((priv->sm == ACPI_TPM2_START_METHOD) || 389 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD)) 390 rc = crb_do_acpi_start(chip); 391 392 if (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC) { 393 iowrite32(CRB_START_INVOKE, &priv->regs_t->ctrl_start); 394 rc = tpm_crb_smc_start(&chip->dev, priv->smc_func_id); 395 } 396 397 return rc; 398 } 399 400 static void crb_cancel(struct tpm_chip *chip) 401 { 402 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 403 404 iowrite32(CRB_CANCEL_INVOKE, &priv->regs_t->ctrl_cancel); 405 406 if (((priv->sm == ACPI_TPM2_START_METHOD) || 407 (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD)) && 408 crb_do_acpi_start(chip)) 409 dev_err(&chip->dev, "ACPI Start failed\n"); 410 } 411 412 static bool crb_req_canceled(struct tpm_chip *chip, u8 status) 413 { 414 struct crb_priv *priv = dev_get_drvdata(&chip->dev); 415 u32 cancel = ioread32(&priv->regs_t->ctrl_cancel); 416 417 return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE; 418 } 419 420 static const struct tpm_class_ops tpm_crb = { 421 .flags = TPM_OPS_AUTO_STARTUP, 422 .status = crb_status, 423 .recv = crb_recv, 424 .send = crb_send, 425 .cancel = crb_cancel, 426 .req_canceled = crb_req_canceled, 427 .go_idle = crb_go_idle, 428 .cmd_ready = crb_cmd_ready, 429 .request_locality = crb_request_locality, 430 .relinquish_locality = crb_relinquish_locality, 431 .req_complete_mask = CRB_DRV_STS_COMPLETE, 432 .req_complete_val = CRB_DRV_STS_COMPLETE, 433 }; 434 435 static int crb_check_resource(struct acpi_resource *ares, void *data) 436 { 437 struct resource *iores_array = data; 438 struct resource_win win; 439 struct resource *res = &(win.res); 440 int i; 441 442 if (acpi_dev_resource_memory(ares, res) || 443 acpi_dev_resource_address_space(ares, &win)) { 444 for (i = 0; i < TPM_CRB_MAX_RESOURCES + 1; ++i) { 445 if (resource_type(iores_array + i) != IORESOURCE_MEM) { 446 iores_array[i] = *res; 447 iores_array[i].name = NULL; 448 break; 449 } 450 } 451 } 452 453 return 1; 454 } 455 456 static void __iomem *crb_map_res(struct device *dev, struct resource *iores, 457 void __iomem **iobase_ptr, u64 start, u32 size) 458 { 459 struct resource new_res = { 460 .start = start, 461 .end = start + size - 1, 462 .flags = IORESOURCE_MEM, 463 }; 464 465 /* Detect a 64 bit address on a 32 bit system */ 466 if (start != new_res.start) 467 return (void __iomem *) ERR_PTR(-EINVAL); 468 469 if (!iores) 470 return devm_ioremap_resource(dev, &new_res); 471 472 if (!*iobase_ptr) { 473 *iobase_ptr = devm_ioremap_resource(dev, iores); 474 if (IS_ERR(*iobase_ptr)) 475 return *iobase_ptr; 476 } 477 478 return *iobase_ptr + (new_res.start - iores->start); 479 } 480 481 /* 482 * Work around broken BIOSs that return inconsistent values from the ACPI 483 * region vs the registers. Trust the ACPI region. Such broken systems 484 * probably cannot send large TPM commands since the buffer will be truncated. 485 */ 486 static u64 crb_fixup_cmd_size(struct device *dev, struct resource *io_res, 487 u64 start, u64 size) 488 { 489 if (io_res->start > start || io_res->end < start) 490 return size; 491 492 if (start + size - 1 <= io_res->end) 493 return size; 494 495 dev_err(dev, 496 FW_BUG "ACPI region does not cover the entire command/response buffer. %pr vs %llx %llx\n", 497 io_res, start, size); 498 499 return io_res->end - start + 1; 500 } 501 502 static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, 503 struct acpi_table_tpm2 *buf) 504 { 505 struct list_head acpi_resource_list; 506 struct resource iores_array[TPM_CRB_MAX_RESOURCES + 1] = { {0} }; 507 void __iomem *iobase_array[TPM_CRB_MAX_RESOURCES] = {NULL}; 508 struct device *dev = &device->dev; 509 struct resource *iores; 510 void __iomem **iobase_ptr; 511 int i; 512 u32 pa_high, pa_low; 513 u64 cmd_pa; 514 u32 cmd_size; 515 __le64 __rsp_pa; 516 u64 rsp_pa; 517 u32 rsp_size; 518 int ret; 519 520 INIT_LIST_HEAD(&acpi_resource_list); 521 ret = acpi_dev_get_resources(device, &acpi_resource_list, 522 crb_check_resource, iores_array); 523 if (ret < 0) 524 return ret; 525 acpi_dev_free_resource_list(&acpi_resource_list); 526 527 if (resource_type(iores_array) != IORESOURCE_MEM) { 528 dev_err(dev, FW_BUG "TPM2 ACPI table does not define a memory resource\n"); 529 return -EINVAL; 530 } else if (resource_type(iores_array + TPM_CRB_MAX_RESOURCES) == 531 IORESOURCE_MEM) { 532 dev_warn(dev, "TPM2 ACPI table defines too many memory resources\n"); 533 memset(iores_array + TPM_CRB_MAX_RESOURCES, 534 0, sizeof(*iores_array)); 535 iores_array[TPM_CRB_MAX_RESOURCES].flags = 0; 536 } 537 538 iores = NULL; 539 iobase_ptr = NULL; 540 for (i = 0; resource_type(iores_array + i) == IORESOURCE_MEM; ++i) { 541 if (buf->control_address >= iores_array[i].start && 542 buf->control_address + sizeof(struct crb_regs_tail) - 1 <= 543 iores_array[i].end) { 544 iores = iores_array + i; 545 iobase_ptr = iobase_array + i; 546 break; 547 } 548 } 549 550 priv->regs_t = crb_map_res(dev, iores, iobase_ptr, buf->control_address, 551 sizeof(struct crb_regs_tail)); 552 553 if (IS_ERR(priv->regs_t)) 554 return PTR_ERR(priv->regs_t); 555 556 /* The ACPI IO region starts at the head area and continues to include 557 * the control area, as one nice sane region except for some older 558 * stuff that puts the control area outside the ACPI IO region. 559 */ 560 if ((priv->sm == ACPI_TPM2_COMMAND_BUFFER) || 561 (priv->sm == ACPI_TPM2_MEMORY_MAPPED)) { 562 if (iores && 563 buf->control_address == iores->start + 564 sizeof(*priv->regs_h)) 565 priv->regs_h = *iobase_ptr; 566 else 567 dev_warn(dev, FW_BUG "Bad ACPI memory layout"); 568 } 569 570 ret = __crb_request_locality(dev, priv, 0); 571 if (ret) 572 return ret; 573 574 /* 575 * PTT HW bug w/a: wake up the device to access 576 * possibly not retained registers. 577 */ 578 ret = __crb_cmd_ready(dev, priv); 579 if (ret) 580 goto out_relinquish_locality; 581 582 pa_high = ioread32(&priv->regs_t->ctrl_cmd_pa_high); 583 pa_low = ioread32(&priv->regs_t->ctrl_cmd_pa_low); 584 cmd_pa = ((u64)pa_high << 32) | pa_low; 585 cmd_size = ioread32(&priv->regs_t->ctrl_cmd_size); 586 587 iores = NULL; 588 iobase_ptr = NULL; 589 for (i = 0; iores_array[i].end; ++i) { 590 if (cmd_pa >= iores_array[i].start && 591 cmd_pa <= iores_array[i].end) { 592 iores = iores_array + i; 593 iobase_ptr = iobase_array + i; 594 break; 595 } 596 } 597 598 if (iores) 599 cmd_size = crb_fixup_cmd_size(dev, iores, cmd_pa, cmd_size); 600 601 dev_dbg(dev, "cmd_hi = %X cmd_low = %X cmd_size %X\n", 602 pa_high, pa_low, cmd_size); 603 604 priv->cmd = crb_map_res(dev, iores, iobase_ptr, cmd_pa, cmd_size); 605 if (IS_ERR(priv->cmd)) { 606 ret = PTR_ERR(priv->cmd); 607 goto out; 608 } 609 610 memcpy_fromio(&__rsp_pa, &priv->regs_t->ctrl_rsp_pa, 8); 611 rsp_pa = le64_to_cpu(__rsp_pa); 612 rsp_size = ioread32(&priv->regs_t->ctrl_rsp_size); 613 614 iores = NULL; 615 iobase_ptr = NULL; 616 for (i = 0; resource_type(iores_array + i) == IORESOURCE_MEM; ++i) { 617 if (rsp_pa >= iores_array[i].start && 618 rsp_pa <= iores_array[i].end) { 619 iores = iores_array + i; 620 iobase_ptr = iobase_array + i; 621 break; 622 } 623 } 624 625 if (iores) 626 rsp_size = crb_fixup_cmd_size(dev, iores, rsp_pa, rsp_size); 627 628 if (cmd_pa != rsp_pa) { 629 priv->rsp = crb_map_res(dev, iores, iobase_ptr, 630 rsp_pa, rsp_size); 631 ret = PTR_ERR_OR_ZERO(priv->rsp); 632 goto out; 633 } 634 635 /* According to the PTP specification, overlapping command and response 636 * buffer sizes must be identical. 637 */ 638 if (cmd_size != rsp_size) { 639 dev_err(dev, FW_BUG "overlapping command and response buffer sizes are not identical"); 640 ret = -EINVAL; 641 goto out; 642 } 643 644 priv->rsp = priv->cmd; 645 646 out: 647 if (!ret) 648 priv->cmd_size = cmd_size; 649 650 __crb_go_idle(dev, priv); 651 652 out_relinquish_locality: 653 654 __crb_relinquish_locality(dev, priv, 0); 655 656 return ret; 657 } 658 659 static int crb_acpi_add(struct acpi_device *device) 660 { 661 struct acpi_table_tpm2 *buf; 662 struct crb_priv *priv; 663 struct tpm_chip *chip; 664 struct device *dev = &device->dev; 665 struct tpm2_crb_smc *crb_smc; 666 acpi_status status; 667 u32 sm; 668 int rc; 669 670 status = acpi_get_table(ACPI_SIG_TPM2, 1, 671 (struct acpi_table_header **) &buf); 672 if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) { 673 dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n"); 674 return -EINVAL; 675 } 676 677 /* Should the FIFO driver handle this? */ 678 sm = buf->start_method; 679 if (sm == ACPI_TPM2_MEMORY_MAPPED) 680 return -ENODEV; 681 682 priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL); 683 if (!priv) 684 return -ENOMEM; 685 686 if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC) { 687 if (buf->header.length < (sizeof(*buf) + sizeof(*crb_smc))) { 688 dev_err(dev, 689 FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n", 690 buf->header.length, 691 ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC); 692 return -EINVAL; 693 } 694 crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf)); 695 priv->smc_func_id = crb_smc->smc_func_id; 696 } 697 698 priv->sm = sm; 699 priv->hid = acpi_device_hid(device); 700 701 rc = crb_map_io(device, priv, buf); 702 if (rc) 703 return rc; 704 705 chip = tpmm_chip_alloc(dev, &tpm_crb); 706 if (IS_ERR(chip)) 707 return PTR_ERR(chip); 708 709 dev_set_drvdata(&chip->dev, priv); 710 chip->acpi_dev_handle = device->handle; 711 chip->flags = TPM_CHIP_FLAG_TPM2; 712 713 return tpm_chip_register(chip); 714 } 715 716 static int crb_acpi_remove(struct acpi_device *device) 717 { 718 struct device *dev = &device->dev; 719 struct tpm_chip *chip = dev_get_drvdata(dev); 720 721 tpm_chip_unregister(chip); 722 723 return 0; 724 } 725 726 static const struct dev_pm_ops crb_pm = { 727 SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) 728 }; 729 730 static const struct acpi_device_id crb_device_ids[] = { 731 {"MSFT0101", 0}, 732 {"", 0}, 733 }; 734 MODULE_DEVICE_TABLE(acpi, crb_device_ids); 735 736 static struct acpi_driver crb_acpi_driver = { 737 .name = "tpm_crb", 738 .ids = crb_device_ids, 739 .ops = { 740 .add = crb_acpi_add, 741 .remove = crb_acpi_remove, 742 }, 743 .drv = { 744 .pm = &crb_pm, 745 }, 746 }; 747 748 module_acpi_driver(crb_acpi_driver); 749 MODULE_AUTHOR("Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>"); 750 MODULE_DESCRIPTION("TPM2 Driver"); 751 MODULE_VERSION("0.1"); 752 MODULE_LICENSE("GPL"); 753