xref: /openbsd/sys/dev/acpi/tpm.c (revision e5dd7070) 
1 /* $OpenBSD: tpm.c,v 1.10 2020/05/22 10:16:37 kettenis Exp $ */
2 
3 /*
4  * Minimal interface to Trusted Platform Module chips implementing the
5  * TPM Interface Spec 1.2, just enough to tell the TPM to save state before
6  * a system suspend.
7  *
8  * Copyright (c) 2008, 2009 Michael Shalayeff
9  * Copyright (c) 2009, 2010 Hans-Joerg Hoexer
10  * Copyright (c) 2016 joshua stein <jcs@openbsd.org>
11  * All rights reserved.
12  *
13  * Permission to use, copy, modify, and distribute this software for any
14  * purpose with or without fee is hereby granted, provided that the above
15  * copyright notice and this permission notice appear in all copies.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
18  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
20  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
21  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
22  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
23  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24  */
25 
26 #include <sys/param.h>
27 #include <sys/systm.h>
28 #include <sys/device.h>
29 #include <sys/malloc.h>
30 
31 #include <machine/bus.h>
32 #include <machine/apmvar.h>
33 
34 #include <dev/acpi/acpireg.h>
35 #include <dev/acpi/acpivar.h>
36 #include <dev/acpi/acpidev.h>
37 #include <dev/acpi/amltypes.h>
38 #include <dev/acpi/dsdt.h>
39 
40 /* #define TPM_DEBUG */
41 
42 #ifdef TPM_DEBUG
43 #define DPRINTF(x) printf x
44 #else
45 #define DPRINTF(x)
46 #endif
47 
48 #define TPM_BUFSIZ			1024
49 #define TPM_HDRSIZE			10
50 #define TPM_PARAM_SIZE			0x0001
51 
52 #define TPM_ACCESS			0x0000	/* access register */
53 #define TPM_ACCESS_ESTABLISHMENT	0x01	/* establishment */
54 #define TPM_ACCESS_REQUEST_USE		0x02	/* request using locality */
55 #define TPM_ACCESS_REQUEST_PENDING	0x04	/* pending request */
56 #define TPM_ACCESS_SEIZE		0x08	/* request locality seize */
57 #define TPM_ACCESS_SEIZED		0x10	/* locality has been seized */
58 #define TPM_ACCESS_ACTIVE_LOCALITY	0x20	/* locality is active */
59 #define TPM_ACCESS_VALID		0x80	/* bits are valid */
60 #define TPM_ACCESS_BITS	\
61     "\020\01EST\02REQ\03PEND\04SEIZE\05SEIZED\06ACT\010VALID"
62 
63 #define TPM_INTERRUPT_ENABLE		0x0008
64 #define TPM_GLOBAL_INT_ENABLE		0x80000000 /* enable ints */
65 #define TPM_CMD_READY_INT		0x00000080 /* cmd ready enable */
66 #define TPM_INT_EDGE_FALLING		0x00000018
67 #define TPM_INT_EDGE_RISING		0x00000010
68 #define TPM_INT_LEVEL_LOW		0x00000008
69 #define TPM_INT_LEVEL_HIGH		0x00000000
70 #define TPM_LOCALITY_CHANGE_INT		0x00000004 /* locality change enable */
71 #define TPM_STS_VALID_INT		0x00000002 /* int on TPM_STS_VALID is set */
72 #define TPM_DATA_AVAIL_INT		0x00000001 /* int on TPM_STS_DATA_AVAIL is set */
73 #define TPM_INTERRUPT_ENABLE_BITS \
74     "\020\040ENA\010RDY\03LOCH\02STSV\01DRDY"
75 
76 #define TPM_INT_VECTOR			0x000c	/* 8 bit reg for 4 bit irq vector */
77 #define TPM_INT_STATUS			0x0010	/* bits are & 0x87 from TPM_INTERRUPT_ENABLE */
78 
79 #define TPM_INTF_CAPABILITIES		0x0014	/* capability register */
80 #define TPM_INTF_BURST_COUNT_STATIC	0x0100	/* TPM_STS_BMASK static */
81 #define TPM_INTF_CMD_READY_INT		0x0080	/* int on ready supported */
82 #define TPM_INTF_INT_EDGE_FALLING	0x0040	/* falling edge ints supported */
83 #define TPM_INTF_INT_EDGE_RISING	0x0020	/* rising edge ints supported */
84 #define TPM_INTF_INT_LEVEL_LOW		0x0010	/* level-low ints supported */
85 #define TPM_INTF_INT_LEVEL_HIGH		0x0008	/* level-high ints supported */
86 #define TPM_INTF_LOCALITY_CHANGE_INT	0x0004	/* locality-change int (mb 1) */
87 #define TPM_INTF_STS_VALID_INT		0x0002	/* TPM_STS_VALID int supported */
88 #define TPM_INTF_DATA_AVAIL_INT		0x0001	/* TPM_STS_DATA_AVAIL int supported (mb 1) */
89 #define TPM_CAPSREQ \
90   (TPM_INTF_DATA_AVAIL_INT|TPM_INTF_LOCALITY_CHANGE_INT|TPM_INTF_INT_LEVEL_LOW)
91 #define TPM_CAPBITS \
92   "\020\01IDRDY\02ISTSV\03ILOCH\04IHIGH\05ILOW\06IEDGE\07IFALL\010IRDY\011BCST"
93 
94 #define TPM_STS				0x0018	   /* status register */
95 #define TPM_STS_MASK			0x000000ff /* status bits */
96 #define TPM_STS_BMASK			0x00ffff00 /* ro io burst size */
97 #define TPM_STS_VALID			0x00000080 /* ro other bits are valid */
98 #define TPM_STS_CMD_READY		0x00000040 /* rw chip/signal ready */
99 #define TPM_STS_GO			0x00000020 /* wo start the command */
100 #define TPM_STS_DATA_AVAIL		0x00000010 /* ro data available */
101 #define TPM_STS_DATA_EXPECT		0x00000008 /* ro more data to be written */
102 #define TPM_STS_RESP_RETRY		0x00000002 /* wo resend the response */
103 #define TPM_STS_BITS	"\020\010VALID\07RDY\06GO\05DRDY\04EXPECT\02RETRY"
104 
105 #define TPM_DATA			0x0024
106 #define TPM_ID				0x0f00
107 #define TPM_REV				0x0f04
108 #define TPM_SIZE			0x5000	/* five pages of the above */
109 
110 #define TPM_ACCESS_TMO			2000	/* 2sec */
111 #define TPM_READY_TMO			2000	/* 2sec */
112 #define TPM_READ_TMO			120000	/* 2 minutes */
113 #define TPM_BURST_TMO			2000	/* 2sec */
114 
115 struct tpm_softc {
116 	struct device		sc_dev;
117 
118 	bus_space_tag_t		sc_bt;
119 	bus_space_handle_t	sc_bh;
120 
121 	struct acpi_softc	*sc_acpi;
122 	struct aml_node		*sc_devnode;
123 
124 	uint32_t		sc_devid;
125 	uint32_t		sc_rev;
126 
127 	int			sc_enabled;
128 };
129 
130 const struct {
131 	uint32_t devid;
132 	char name[32];
133 } tpm_devs[] = {
134 	{ 0x000615d1, "Infineon SLD9630 1.1" },
135 	{ 0x000b15d1, "Infineon SLB9635 1.2" },
136 	{ 0x100214e4, "Broadcom BCM0102" },
137 	{ 0x00fe1050, "WEC WPCT200" },
138 	{ 0x687119fa, "SNS SSX35" },
139 	{ 0x2e4d5453, "STM ST19WP18" },
140 	{ 0x32021114, "Atmel 97SC3203" },
141 	{ 0x10408086, "Intel INTC0102" },
142 	{ 0, "" },
143 };
144 
145 int	tpm_match(struct device *, void *, void *);
146 void	tpm_attach(struct device *, struct device *, void *);
147 int	tpm_activate(struct device *, int);
148 
149 int	tpm_probe(bus_space_tag_t, bus_space_handle_t);
150 int	tpm_init(struct tpm_softc *);
151 int	tpm_read(struct tpm_softc *, void *, int, size_t *, int);
152 int	tpm_write(struct tpm_softc *, void *, int);
153 int	tpm_suspend(struct tpm_softc *);
154 int	tpm_resume(struct tpm_softc *);
155 
156 int	tpm_waitfor(struct tpm_softc *, uint8_t, int);
157 int	tpm_request_locality(struct tpm_softc *, int);
158 void	tpm_release_locality(struct tpm_softc *);
159 int	tpm_getburst(struct tpm_softc *);
160 uint8_t	tpm_status(struct tpm_softc *);
161 int	tpm_tmotohz(int);
162 
163 struct cfattach tpm_ca = {
164 	sizeof(struct tpm_softc),
165 	tpm_match,
166 	tpm_attach,
167 	NULL,
168 	tpm_activate
169 };
170 
171 struct cfdriver tpm_cd = {
172 	NULL, "tpm", DV_DULL
173 };
174 
175 const char *tpm_hids[] = {
176 	"PNP0C31",
177 	"ATM1200",
178 	"IFX0102",
179 	"BCM0101",
180 	"BCM0102",
181 	"NSC1200",
182 	"ICO0102",
183 	NULL
184 };
185 
186 int
187 tpm_match(struct device *parent, void *match, void *aux)
188 {
189 	struct acpi_attach_args	*aa = aux;
190 	struct cfdata		*cf = match;
191 
192 	return (acpi_matchhids(aa, tpm_hids, cf->cf_driver->cd_name));
193 }
194 
195 void
196 tpm_attach(struct device *parent, struct device *self, void *aux)
197 {
198 	struct tpm_softc	*sc = (struct tpm_softc *)self;
199 	struct acpi_attach_args *aaa = aux;
200 	int64_t			sta;
201 
202 	sc->sc_acpi = (struct acpi_softc *)parent;
203 	sc->sc_devnode = aaa->aaa_node;
204 	sc->sc_enabled = 0;
205 
206 	printf(" %s", sc->sc_devnode->name);
207 
208 	sta = acpi_getsta(sc->sc_acpi, sc->sc_devnode);
209 	if ((sta & (STA_PRESENT | STA_ENABLED | STA_DEV_OK)) !=
210 	    (STA_PRESENT | STA_ENABLED | STA_DEV_OK)) {
211 		printf(": not enabled\n");
212 		return;
213 	}
214 
215 	if (aaa->aaa_naddr < 1) {
216 		printf(": no registers\n");
217 		return;
218 	}
219 
220 	printf(" addr 0x%llx/0x%llx", aaa->aaa_addr[0], aaa->aaa_size[0]);
221 
222 	sc->sc_bt = aaa->aaa_bst[0];
223 	if (bus_space_map(sc->sc_bt, aaa->aaa_addr[0], aaa->aaa_size[0],
224 	    0, &sc->sc_bh)) {
225 		printf(": can't map registers\n");
226 		return;
227 	}
228 
229 	if (!tpm_probe(sc->sc_bt, sc->sc_bh)) {
230 		printf(": probe failed\n");
231 		return;
232 	}
233 
234 	if (tpm_init(sc) != 0) {
235 		printf(": init failed\n");
236 		return;
237 	}
238 
239 	printf("\n");
240 	sc->sc_enabled = 1;
241 }
242 
243 int
244 tpm_activate(struct device *self, int act)
245 {
246 	struct tpm_softc	*sc = (struct tpm_softc *)self;
247 
248 	switch (act) {
249 	case DVACT_SUSPEND:
250 		if (!sc->sc_enabled) {
251 			DPRINTF(("%s: suspend, but not enabled\n",
252 			    sc->sc_dev.dv_xname));
253 			return 0;
254 		}
255 		tpm_suspend(sc);
256 		break;
257 
258 	case DVACT_WAKEUP:
259 		if (!sc->sc_enabled) {
260 			DPRINTF(("%s: wakeup, but not enabled\n",
261 			    sc->sc_dev.dv_xname));
262 			return 0;
263 		}
264 		tpm_resume(sc);
265 		break;
266 	}
267 
268 	return 0;
269 }
270 
271 int
272 tpm_suspend(struct tpm_softc *sc)
273 {
274 	uint8_t command[] = {
275 	    0, 0xc1,		/* TPM_TAG_RQU_COMMAND */
276 	    0, 0, 0, 10,	/* Length in bytes */
277 	    0, 0, 0, 0x98	/* TPM_ORD_SaveStates */
278 	};
279 
280 	DPRINTF(("%s: saving state preparing for suspend\n",
281 	    sc->sc_dev.dv_xname));
282 
283 	/*
284 	 * Tell the chip to save its state so the BIOS can then restore it upon
285 	 * resume.
286 	 */
287 	tpm_write(sc, &command, sizeof(command));
288 	tpm_read(sc, &command, sizeof(command), NULL, TPM_HDRSIZE);
289 
290 	return 0;
291 }
292 
293 int
294 tpm_resume(struct tpm_softc *sc)
295 {
296 	/*
297 	 * TODO: The BIOS should have restored the chip's state for us already,
298 	 * but we should tell the chip to do a self-test here (according to the
299 	 * Linux driver).
300 	 */
301 
302 	DPRINTF(("%s: resume\n", sc->sc_dev.dv_xname));
303 	return 0;
304 }
305 
306 int
307 tpm_probe(bus_space_tag_t bt, bus_space_handle_t bh)
308 {
309 	uint32_t r;
310 	int tries = 10000;
311 
312 	/* wait for chip to settle */
313 	while (tries--) {
314 		if (bus_space_read_1(bt, bh, TPM_ACCESS) & TPM_ACCESS_VALID)
315 			break;
316 		else if (!tries) {
317 			printf(": timed out waiting for validity\n");
318 			return 1;
319 		}
320 
321 		DELAY(10);
322 	}
323 
324 	r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES);
325 	if (r == 0xffffffff)
326 		return 0;
327 
328 	return 1;
329 }
330 
331 int
332 tpm_init(struct tpm_softc *sc)
333 {
334 	uint32_t r, intmask;
335 	int i;
336 
337 	r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES);
338 	if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
339 	    !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
340 		DPRINTF((": caps too low (caps=%b)\n", r, TPM_CAPBITS));
341 		return 0;
342 	}
343 
344 	/* ack and disable all interrupts, we'll be using polling only */
345 	intmask = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE);
346 	intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
347 	    TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
348 	intmask &= ~TPM_GLOBAL_INT_ENABLE;
349 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, intmask);
350 
351 	if (tpm_request_locality(sc, 0)) {
352 		printf(", requesting locality failed\n");
353 		return 1;
354 	}
355 
356 	sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID);
357 	sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV);
358 
359 	for (i = 0; tpm_devs[i].devid; i++)
360 		if (tpm_devs[i].devid == sc->sc_devid)
361 			break;
362 
363 	if (tpm_devs[i].devid)
364 		printf(", %s rev 0x%x", tpm_devs[i].name, sc->sc_rev);
365 	else
366 		printf(", device 0x%08x rev 0x%x", sc->sc_devid, sc->sc_rev);
367 
368 	return 0;
369 }
370 
371 int
372 tpm_request_locality(struct tpm_softc *sc, int l)
373 {
374 	uint32_t r;
375 	int to;
376 
377 	if (l != 0)
378 		return EINVAL;
379 
380 	if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
381 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) ==
382 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY))
383 		return 0;
384 
385 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS,
386 	    TPM_ACCESS_REQUEST_USE);
387 
388 	to = tpm_tmotohz(TPM_ACCESS_TMO);
389 
390 	while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
391 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
392 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) {
393 		DELAY(10);
394 	}
395 
396 	if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
397 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) {
398 		DPRINTF(("%s: %s: access %b\n", sc->sc_dev.dv_xname, __func__,
399 		    r, TPM_ACCESS_BITS));
400 		return EBUSY;
401 	}
402 
403 	return 0;
404 }
405 
406 void
407 tpm_release_locality(struct tpm_softc *sc)
408 {
409 	if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
410 	    (TPM_ACCESS_REQUEST_PENDING|TPM_ACCESS_VALID)) ==
411 	    (TPM_ACCESS_REQUEST_PENDING|TPM_ACCESS_VALID)) {
412 		DPRINTF(("%s: releasing locality\n", sc->sc_dev.dv_xname));
413 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS,
414 		    TPM_ACCESS_ACTIVE_LOCALITY);
415 	}
416 }
417 
418 int
419 tpm_getburst(struct tpm_softc *sc)
420 {
421 	int burst, burst2, to;
422 
423 	to = tpm_tmotohz(TPM_BURST_TMO);
424 
425 	burst = 0;
426 	while (burst == 0 && to--) {
427 		/*
428 		 * Burst count has to be read from bits 8 to 23 without
429 		 * touching any other bits, eg. the actual status bits 0 to 7.
430 		 */
431 		burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1);
432 		DPRINTF(("%s: %s: read1(0x%x): 0x%x\n", sc->sc_dev.dv_xname,
433 		    __func__, TPM_STS + 1, burst));
434 		burst2 = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2);
435 		DPRINTF(("%s: %s: read1(0x%x): 0x%x\n", sc->sc_dev.dv_xname,
436 		    __func__, TPM_STS + 2, burst2));
437 		burst |= burst2 << 8;
438 		if (burst)
439 			return burst;
440 
441 		DELAY(10);
442 	}
443 
444 	DPRINTF(("%s: getburst timed out\n", sc->sc_dev.dv_xname));
445 
446 	return 0;
447 }
448 
449 uint8_t
450 tpm_status(struct tpm_softc *sc)
451 {
452 	return bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) & TPM_STS_MASK;
453 }
454 
455 int
456 tpm_tmotohz(int tmo)
457 {
458 	struct timeval tv;
459 
460 	tv.tv_sec = tmo / 1000;
461 	tv.tv_usec = 1000 * (tmo % 1000);
462 
463 	return tvtohz(&tv);
464 }
465 
466 int
467 tpm_waitfor(struct tpm_softc *sc, uint8_t mask, int tries)
468 {
469 	uint8_t status;
470 
471 	while (((status = tpm_status(sc)) & mask) != mask) {
472 		if (tries == 0) {
473 			DPRINTF(("%s: %s: timed out, status 0x%x != 0x%x\n",
474 			    sc->sc_dev.dv_xname, __func__, status, mask));
475 			return status;
476 		}
477 
478 		tries--;
479 		DELAY(1);
480 	}
481 
482 	return 0;
483 }
484 
485 int
486 tpm_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
487     int flags)
488 {
489 	uint8_t *p = buf;
490 	uint8_t c;
491 	size_t cnt;
492 	int rv, n, bcnt;
493 
494 	DPRINTF(("%s: %s %d:", sc->sc_dev.dv_xname, __func__, len));
495 
496 	cnt = 0;
497 	while (len > 0) {
498 		if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
499 		    TPM_READ_TMO)))
500 			return rv;
501 
502 		bcnt = tpm_getburst(sc);
503 		n = MIN(len, bcnt);
504 
505 		for (; n--; len--) {
506 			c = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA);
507 			DPRINTF((" %02x", c));
508 			*p++ = c;
509 			cnt++;
510 		}
511 
512 		if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6)
513 			break;
514 	}
515 
516 	DPRINTF(("\n"));
517 
518 	if (count)
519 		*count = cnt;
520 
521 	return 0;
522 }
523 
524 int
525 tpm_write(struct tpm_softc *sc, void *buf, int len)
526 {
527 	uint8_t *p = buf;
528 	uint8_t status;
529 	size_t count = 0;
530 	int rv, r;
531 
532 	if ((rv = tpm_request_locality(sc, 0)) != 0)
533 		return rv;
534 
535 	DPRINTF(("%s: %s %d:", sc->sc_dev.dv_xname, __func__, len));
536 	for (r = 0; r < len; r++)
537 		DPRINTF((" %02x", (uint8_t)(*(p + r))));
538 	DPRINTF(("\n"));
539 
540 	/* read status */
541 	status = tpm_status(sc);
542 	if ((status & TPM_STS_CMD_READY) == 0) {
543 		/* abort! */
544 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
545 		    TPM_STS_CMD_READY);
546 		if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READ_TMO))) {
547 			DPRINTF(("%s: failed waiting for ready after abort "
548 			    "(0x%x)\n", sc->sc_dev.dv_xname, rv));
549 			return rv;
550 		}
551 	}
552 
553 	while (count < len - 1) {
554 		for (r = tpm_getburst(sc); r > 0 && count < len - 1; r--) {
555 			DPRINTF(("%s: %s: write1(0x%x, 0x%x)\n",
556 			    sc->sc_dev.dv_xname, __func__, TPM_DATA, *p));
557 			bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
558 			count++;
559 		}
560 		if ((rv = tpm_waitfor(sc, TPM_STS_VALID | TPM_STS_DATA_EXPECT,
561 		    TPM_READ_TMO))) {
562 			DPRINTF(("%s: %s: failed waiting for next byte (%d)\n",
563 			    sc->sc_dev.dv_xname, __func__, rv));
564 			return rv;
565 		}
566 	}
567 
568 	DPRINTF(("%s: %s: write1(0x%x, 0x%x)\n", sc->sc_dev.dv_xname, __func__,
569 	    TPM_DATA, *p));
570 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p);
571 	count++;
572 
573 	if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO))) {
574 		DPRINTF(("%s: %s: failed after last byte (%d)\n",
575 		    sc->sc_dev.dv_xname, __func__, rv));
576 		return rv;
577 	}
578 
579 	if ((status = tpm_status(sc)) & TPM_STS_DATA_EXPECT) {
580 		DPRINTF(("%s: %s: final status still expecting data: %b\n",
581 		    sc->sc_dev.dv_xname, __func__, status, TPM_STS_BITS));
582 		return status;
583 	}
584 
585 	DPRINTF(("%s: final status after write: %b\n", sc->sc_dev.dv_xname,
586 	    status, TPM_STS_BITS));
587 
588 	/* XXX: are we ever sending non-command data? */
589 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_GO);
590 
591 	return 0;
592 }
593