1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2016 Google, Inc 4 * 5 * This device driver implements a TCG PTP FIFO interface over SPI for chips 6 * with Cr50 firmware. 7 * It is based on tpm_tis_spi driver by Peter Huewe and Christophe Ricard. 8 */ 9 10 #include <linux/completion.h> 11 #include <linux/interrupt.h> 12 #include <linux/module.h> 13 #include <linux/of.h> 14 #include <linux/pm.h> 15 #include <linux/spi/spi.h> 16 #include <linux/wait.h> 17 18 #include "tpm_tis_core.h" 19 #include "tpm_tis_spi.h" 20 21 /* 22 * Cr50 timing constants: 23 * - can go to sleep not earlier than after CR50_SLEEP_DELAY_MSEC. 24 * - needs up to CR50_WAKE_START_DELAY_USEC to wake after sleep. 25 * - requires waiting for "ready" IRQ, if supported; or waiting for at least 26 * CR50_NOIRQ_ACCESS_DELAY_MSEC between transactions, if IRQ is not supported. 27 * - waits for up to CR50_FLOW_CONTROL for flow control 'ready' indication. 28 */ 29 #define CR50_SLEEP_DELAY_MSEC 1000 30 #define CR50_WAKE_START_DELAY_USEC 1000 31 #define CR50_NOIRQ_ACCESS_DELAY msecs_to_jiffies(2) 32 #define CR50_READY_IRQ_TIMEOUT msecs_to_jiffies(TPM2_TIMEOUT_A) 33 #define CR50_FLOW_CONTROL msecs_to_jiffies(TPM2_TIMEOUT_A) 34 #define MAX_IRQ_CONFIRMATION_ATTEMPTS 3 35 36 #define TPM_CR50_FW_VER(l) (0x0f90 | ((l) << 12)) 37 #define TPM_CR50_MAX_FW_VER_LEN 64 38 39 struct cr50_spi_phy { 40 struct tpm_tis_spi_phy spi_phy; 41 42 struct mutex time_track_mutex; 43 unsigned long last_access; 44 45 unsigned long access_delay; 46 47 unsigned int irq_confirmation_attempt; 48 bool irq_needs_confirmation; 49 bool irq_confirmed; 50 }; 51 52 static inline struct cr50_spi_phy *to_cr50_spi_phy(struct tpm_tis_spi_phy *phy) 53 { 54 return container_of(phy, struct cr50_spi_phy, spi_phy); 55 } 56 57 /* 58 * The cr50 interrupt handler just signals waiting threads that the 59 * interrupt was asserted. It does not do any processing triggered 60 * by interrupts but is instead used to avoid fixed delays. 61 */ 62 static irqreturn_t cr50_spi_irq_handler(int dummy, void *dev_id) 63 { 64 struct cr50_spi_phy *cr50_phy = dev_id; 65 66 cr50_phy->irq_confirmed = true; 67 complete(&cr50_phy->spi_phy.ready); 68 69 return IRQ_HANDLED; 70 } 71 72 /* 73 * Cr50 needs to have at least some delay between consecutive 74 * transactions. Make sure we wait. 75 */ 76 static void cr50_ensure_access_delay(struct cr50_spi_phy *phy) 77 { 78 unsigned long allowed_access = phy->last_access + phy->access_delay; 79 unsigned long time_now = jiffies; 80 struct device *dev = &phy->spi_phy.spi_device->dev; 81 82 /* 83 * Note: There is a small chance, if Cr50 is not accessed in a few days, 84 * that time_in_range will not provide the correct result after the wrap 85 * around for jiffies. In this case, we'll have an unneeded short delay, 86 * which is fine. 87 */ 88 if (time_in_range_open(time_now, phy->last_access, allowed_access)) { 89 unsigned long remaining, timeout = allowed_access - time_now; 90 91 remaining = wait_for_completion_timeout(&phy->spi_phy.ready, 92 timeout); 93 if (!remaining && phy->irq_confirmed) 94 dev_warn(dev, "Timeout waiting for TPM ready IRQ\n"); 95 } 96 97 if (phy->irq_needs_confirmation) { 98 unsigned int attempt = ++phy->irq_confirmation_attempt; 99 100 if (phy->irq_confirmed) { 101 phy->irq_needs_confirmation = false; 102 phy->access_delay = CR50_READY_IRQ_TIMEOUT; 103 dev_info(dev, "TPM ready IRQ confirmed on attempt %u\n", 104 attempt); 105 } else if (attempt > MAX_IRQ_CONFIRMATION_ATTEMPTS) { 106 phy->irq_needs_confirmation = false; 107 dev_warn(dev, "IRQ not confirmed - will use delays\n"); 108 } 109 } 110 } 111 112 /* 113 * Cr50 might go to sleep if there is no SPI activity for some time and 114 * miss the first few bits/bytes on the bus. In such case, wake it up 115 * by asserting CS and give it time to start up. 116 */ 117 static bool cr50_needs_waking(struct cr50_spi_phy *phy) 118 { 119 /* 120 * Note: There is a small chance, if Cr50 is not accessed in a few days, 121 * that time_in_range will not provide the correct result after the wrap 122 * around for jiffies. In this case, we'll probably timeout or read 123 * incorrect value from TPM_STS and just retry the operation. 124 */ 125 return !time_in_range_open(jiffies, phy->last_access, 126 phy->spi_phy.wake_after); 127 } 128 129 static void cr50_wake_if_needed(struct cr50_spi_phy *cr50_phy) 130 { 131 struct tpm_tis_spi_phy *phy = &cr50_phy->spi_phy; 132 133 if (cr50_needs_waking(cr50_phy)) { 134 /* Assert CS, wait 1 msec, deassert CS */ 135 struct spi_transfer spi_cs_wake = { .delay_usecs = 1000 }; 136 137 spi_sync_transfer(phy->spi_device, &spi_cs_wake, 1); 138 /* Wait for it to fully wake */ 139 usleep_range(CR50_WAKE_START_DELAY_USEC, 140 CR50_WAKE_START_DELAY_USEC * 2); 141 } 142 143 /* Reset the time when we need to wake Cr50 again */ 144 phy->wake_after = jiffies + msecs_to_jiffies(CR50_SLEEP_DELAY_MSEC); 145 } 146 147 /* 148 * Flow control: clock the bus and wait for cr50 to set LSB before 149 * sending/receiving data. TCG PTP spec allows it to happen during 150 * the last byte of header, but cr50 never does that in practice, 151 * and earlier versions had a bug when it was set too early, so don't 152 * check for it during header transfer. 153 */ 154 static int cr50_spi_flow_control(struct tpm_tis_spi_phy *phy, 155 struct spi_transfer *spi_xfer) 156 { 157 struct device *dev = &phy->spi_device->dev; 158 unsigned long timeout = jiffies + CR50_FLOW_CONTROL; 159 struct spi_message m; 160 int ret; 161 162 spi_xfer->len = 1; 163 164 do { 165 spi_message_init(&m); 166 spi_message_add_tail(spi_xfer, &m); 167 ret = spi_sync_locked(phy->spi_device, &m); 168 if (ret < 0) 169 return ret; 170 171 if (time_after(jiffies, timeout)) { 172 dev_warn(dev, "Timeout during flow control\n"); 173 return -EBUSY; 174 } 175 } while (!(phy->iobuf[0] & 0x01)); 176 177 return 0; 178 } 179 180 static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 len, 181 u8 *in, const u8 *out) 182 { 183 struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data); 184 struct cr50_spi_phy *cr50_phy = to_cr50_spi_phy(phy); 185 int ret; 186 187 mutex_lock(&cr50_phy->time_track_mutex); 188 /* 189 * Do this outside of spi_bus_lock in case cr50 is not the 190 * only device on that spi bus. 191 */ 192 cr50_ensure_access_delay(cr50_phy); 193 cr50_wake_if_needed(cr50_phy); 194 195 ret = tpm_tis_spi_transfer(data, addr, len, in, out); 196 197 cr50_phy->last_access = jiffies; 198 mutex_unlock(&cr50_phy->time_track_mutex); 199 200 return ret; 201 } 202 203 static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr, 204 u16 len, u8 *result) 205 { 206 return tpm_tis_spi_cr50_transfer(data, addr, len, result, NULL); 207 } 208 209 static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr, 210 u16 len, const u8 *value) 211 { 212 return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, value); 213 } 214 215 static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = { 216 .read_bytes = tpm_tis_spi_cr50_read_bytes, 217 .write_bytes = tpm_tis_spi_cr50_write_bytes, 218 .read16 = tpm_tis_spi_read16, 219 .read32 = tpm_tis_spi_read32, 220 .write32 = tpm_tis_spi_write32, 221 }; 222 223 static void cr50_print_fw_version(struct tpm_tis_data *data) 224 { 225 struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data); 226 int i, len = 0; 227 char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1]; 228 char fw_ver_block[4]; 229 230 /* 231 * Write anything to TPM_CR50_FW_VER to start from the beginning 232 * of the version string 233 */ 234 tpm_tis_write8(data, TPM_CR50_FW_VER(data->locality), 0); 235 236 /* Read the string, 4 bytes at a time, until we get '\0' */ 237 do { 238 tpm_tis_read_bytes(data, TPM_CR50_FW_VER(data->locality), 4, 239 fw_ver_block); 240 for (i = 0; i < 4 && fw_ver_block[i]; ++len, ++i) 241 fw_ver[len] = fw_ver_block[i]; 242 } while (i == 4 && len < TPM_CR50_MAX_FW_VER_LEN); 243 fw_ver[len] = '\0'; 244 245 dev_info(&phy->spi_device->dev, "Cr50 firmware version: %s\n", fw_ver); 246 } 247 248 int cr50_spi_probe(struct spi_device *spi) 249 { 250 struct tpm_tis_spi_phy *phy; 251 struct cr50_spi_phy *cr50_phy; 252 int ret; 253 struct tpm_chip *chip; 254 255 cr50_phy = devm_kzalloc(&spi->dev, sizeof(*cr50_phy), GFP_KERNEL); 256 if (!cr50_phy) 257 return -ENOMEM; 258 259 phy = &cr50_phy->spi_phy; 260 phy->flow_control = cr50_spi_flow_control; 261 phy->wake_after = jiffies; 262 init_completion(&phy->ready); 263 264 cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY; 265 cr50_phy->last_access = jiffies; 266 mutex_init(&cr50_phy->time_track_mutex); 267 268 if (spi->irq > 0) { 269 ret = devm_request_irq(&spi->dev, spi->irq, 270 cr50_spi_irq_handler, 271 IRQF_TRIGGER_RISING | IRQF_ONESHOT, 272 "cr50_spi", cr50_phy); 273 if (ret < 0) { 274 if (ret == -EPROBE_DEFER) 275 return ret; 276 dev_warn(&spi->dev, "Requesting IRQ %d failed: %d\n", 277 spi->irq, ret); 278 /* 279 * This is not fatal, the driver will fall back to 280 * delays automatically, since ready will never 281 * be completed without a registered irq handler. 282 * So, just fall through. 283 */ 284 } else { 285 /* 286 * IRQ requested, let's verify that it is actually 287 * triggered, before relying on it. 288 */ 289 cr50_phy->irq_needs_confirmation = true; 290 } 291 } else { 292 dev_warn(&spi->dev, 293 "No IRQ - will use delays between transactions.\n"); 294 } 295 296 ret = tpm_tis_spi_init(spi, phy, -1, &tpm_spi_cr50_phy_ops); 297 if (ret) 298 return ret; 299 300 cr50_print_fw_version(&phy->priv); 301 302 chip = dev_get_drvdata(&spi->dev); 303 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED; 304 305 return 0; 306 } 307 308 #ifdef CONFIG_PM_SLEEP 309 int tpm_tis_spi_resume(struct device *dev) 310 { 311 struct tpm_chip *chip = dev_get_drvdata(dev); 312 struct tpm_tis_data *data = dev_get_drvdata(&chip->dev); 313 struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data); 314 /* 315 * Jiffies not increased during suspend, so we need to reset 316 * the time to wake Cr50 after resume. 317 */ 318 phy->wake_after = jiffies; 319 320 return tpm_tis_resume(dev); 321 } 322 #endif 323