1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2005, 2006 IBM Corporation
4 * Copyright (C) 2014, 2015 Intel Corporation
5 *
6 * Authors:
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Kylene Hall <kjhall@us.ibm.com>
9 *
10 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11 *
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
14 *
15 * This device driver implements the TPM interface as defined in
16 * the TCG TPM Interface Spec version 1.2, revision 1.0.
17 */
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/pnp.h>
22 #include <linux/slab.h>
23 #include <linux/interrupt.h>
24 #include <linux/wait.h>
25 #include <linux/acpi.h>
26 #include <linux/freezer.h>
27 #include "tpm.h"
28 #include "tpm_tis_core.h"
29
30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
31
wait_for_tpm_stat_cond(struct tpm_chip * chip,u8 mask,bool check_cancel,bool * canceled)32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
33 bool check_cancel, bool *canceled)
34 {
35 u8 status = chip->ops->status(chip);
36
37 *canceled = false;
38 if ((status & mask) == mask)
39 return true;
40 if (check_cancel && chip->ops->req_canceled(chip, status)) {
41 *canceled = true;
42 return true;
43 }
44 return false;
45 }
46
wait_for_tpm_stat(struct tpm_chip * chip,u8 mask,unsigned long timeout,wait_queue_head_t * queue,bool check_cancel)47 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
48 unsigned long timeout, wait_queue_head_t *queue,
49 bool check_cancel)
50 {
51 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
52 unsigned long stop;
53 long rc;
54 u8 status;
55 bool canceled = false;
56
57 /* check current status */
58 status = chip->ops->status(chip);
59 if ((status & mask) == mask)
60 return 0;
61
62 stop = jiffies + timeout;
63
64 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
65 again:
66 timeout = stop - jiffies;
67 if ((long)timeout <= 0)
68 return -ETIME;
69 rc = wait_event_interruptible_timeout(*queue,
70 wait_for_tpm_stat_cond(chip, mask, check_cancel,
71 &canceled),
72 timeout);
73 if (rc > 0) {
74 if (canceled)
75 return -ECANCELED;
76 return 0;
77 }
78 if (rc == -ERESTARTSYS && freezing(current)) {
79 clear_thread_flag(TIF_SIGPENDING);
80 goto again;
81 }
82 } else {
83 do {
84 usleep_range(priv->timeout_min,
85 priv->timeout_max);
86 status = chip->ops->status(chip);
87 if ((status & mask) == mask)
88 return 0;
89 } while (time_before(jiffies, stop));
90 }
91 return -ETIME;
92 }
93
94 /* Before we attempt to access the TPM we must see that the valid bit is set.
95 * The specification says that this bit is 0 at reset and remains 0 until the
96 * 'TPM has gone through its self test and initialization and has established
97 * correct values in the other bits.'
98 */
wait_startup(struct tpm_chip * chip,int l)99 static int wait_startup(struct tpm_chip *chip, int l)
100 {
101 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
102 unsigned long stop = jiffies + chip->timeout_a;
103
104 do {
105 int rc;
106 u8 access;
107
108 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
109 if (rc < 0)
110 return rc;
111
112 if (access & TPM_ACCESS_VALID)
113 return 0;
114 tpm_msleep(TPM_TIMEOUT);
115 } while (time_before(jiffies, stop));
116 return -1;
117 }
118
check_locality(struct tpm_chip * chip,int l)119 static bool check_locality(struct tpm_chip *chip, int l)
120 {
121 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
122 int rc;
123 u8 access;
124
125 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
126 if (rc < 0)
127 return false;
128
129 if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
130 | TPM_ACCESS_REQUEST_USE)) ==
131 (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
132 priv->locality = l;
133 return true;
134 }
135
136 return false;
137 }
138
release_locality(struct tpm_chip * chip,int l)139 static int release_locality(struct tpm_chip *chip, int l)
140 {
141 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
142
143 tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
144
145 return 0;
146 }
147
request_locality(struct tpm_chip * chip,int l)148 static int request_locality(struct tpm_chip *chip, int l)
149 {
150 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
151 unsigned long stop, timeout;
152 long rc;
153
154 if (check_locality(chip, l))
155 return l;
156
157 rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
158 if (rc < 0)
159 return rc;
160
161 stop = jiffies + chip->timeout_a;
162
163 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
164 again:
165 timeout = stop - jiffies;
166 if ((long)timeout <= 0)
167 return -1;
168 rc = wait_event_interruptible_timeout(priv->int_queue,
169 (check_locality
170 (chip, l)),
171 timeout);
172 if (rc > 0)
173 return l;
174 if (rc == -ERESTARTSYS && freezing(current)) {
175 clear_thread_flag(TIF_SIGPENDING);
176 goto again;
177 }
178 } else {
179 /* wait for burstcount */
180 do {
181 if (check_locality(chip, l))
182 return l;
183 tpm_msleep(TPM_TIMEOUT);
184 } while (time_before(jiffies, stop));
185 }
186 return -1;
187 }
188
tpm_tis_status(struct tpm_chip * chip)189 static u8 tpm_tis_status(struct tpm_chip *chip)
190 {
191 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
192 int rc;
193 u8 status;
194
195 rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
196 if (rc < 0)
197 return 0;
198
199 if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
200 if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
201 /*
202 * If this trips, the chances are the read is
203 * returning 0xff because the locality hasn't been
204 * acquired. Usually because tpm_try_get_ops() hasn't
205 * been called before doing a TPM operation.
206 */
207 dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
208 status);
209
210 /*
211 * Dump stack for forensics, as invalid TPM_STS.x could be
212 * potentially triggered by impaired tpm_try_get_ops() or
213 * tpm_find_get_ops().
214 */
215 dump_stack();
216 }
217
218 return 0;
219 }
220
221 return status;
222 }
223
tpm_tis_ready(struct tpm_chip * chip)224 static void tpm_tis_ready(struct tpm_chip *chip)
225 {
226 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
227
228 /* this causes the current command to be aborted */
229 tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
230 }
231
get_burstcount(struct tpm_chip * chip)232 static int get_burstcount(struct tpm_chip *chip)
233 {
234 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
235 unsigned long stop;
236 int burstcnt, rc;
237 u32 value;
238
239 /* wait for burstcount */
240 if (chip->flags & TPM_CHIP_FLAG_TPM2)
241 stop = jiffies + chip->timeout_a;
242 else
243 stop = jiffies + chip->timeout_d;
244 do {
245 rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
246 if (rc < 0)
247 return rc;
248
249 burstcnt = (value >> 8) & 0xFFFF;
250 if (burstcnt)
251 return burstcnt;
252 usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX);
253 } while (time_before(jiffies, stop));
254 return -EBUSY;
255 }
256
recv_data(struct tpm_chip * chip,u8 * buf,size_t count)257 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
258 {
259 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
260 int size = 0, burstcnt, rc;
261
262 while (size < count) {
263 rc = wait_for_tpm_stat(chip,
264 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
265 chip->timeout_c,
266 &priv->read_queue, true);
267 if (rc < 0)
268 return rc;
269 burstcnt = get_burstcount(chip);
270 if (burstcnt < 0) {
271 dev_err(&chip->dev, "Unable to read burstcount\n");
272 return burstcnt;
273 }
274 burstcnt = min_t(int, burstcnt, count - size);
275
276 rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
277 burstcnt, buf + size);
278 if (rc < 0)
279 return rc;
280
281 size += burstcnt;
282 }
283 return size;
284 }
285
tpm_tis_recv(struct tpm_chip * chip,u8 * buf,size_t count)286 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
287 {
288 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
289 int size = 0;
290 int status;
291 u32 expected;
292 int rc;
293
294 if (count < TPM_HEADER_SIZE) {
295 size = -EIO;
296 goto out;
297 }
298
299 size = recv_data(chip, buf, TPM_HEADER_SIZE);
300 /* read first 10 bytes, including tag, paramsize, and result */
301 if (size < TPM_HEADER_SIZE) {
302 dev_err(&chip->dev, "Unable to read header\n");
303 goto out;
304 }
305
306 expected = be32_to_cpu(*(__be32 *) (buf + 2));
307 if (expected > count || expected < TPM_HEADER_SIZE) {
308 size = -EIO;
309 goto out;
310 }
311
312 size += recv_data(chip, &buf[TPM_HEADER_SIZE],
313 expected - TPM_HEADER_SIZE);
314 if (size < expected) {
315 dev_err(&chip->dev, "Unable to read remainder of result\n");
316 size = -ETIME;
317 goto out;
318 }
319
320 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
321 &priv->int_queue, false) < 0) {
322 size = -ETIME;
323 goto out;
324 }
325 status = tpm_tis_status(chip);
326 if (status & TPM_STS_DATA_AVAIL) { /* retry? */
327 dev_err(&chip->dev, "Error left over data\n");
328 size = -EIO;
329 goto out;
330 }
331
332 rc = tpm_tis_verify_crc(priv, (size_t)size, buf);
333 if (rc < 0) {
334 dev_err(&chip->dev, "CRC mismatch for response.\n");
335 size = rc;
336 goto out;
337 }
338
339 out:
340 tpm_tis_ready(chip);
341 return size;
342 }
343
344 /*
345 * If interrupts are used (signaled by an irq set in the vendor structure)
346 * tpm.c can skip polling for the data to be available as the interrupt is
347 * waited for here
348 */
tpm_tis_send_data(struct tpm_chip * chip,const u8 * buf,size_t len)349 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
350 {
351 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
352 int rc, status, burstcnt;
353 size_t count = 0;
354 bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
355
356 status = tpm_tis_status(chip);
357 if ((status & TPM_STS_COMMAND_READY) == 0) {
358 tpm_tis_ready(chip);
359 if (wait_for_tpm_stat
360 (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
361 &priv->int_queue, false) < 0) {
362 rc = -ETIME;
363 goto out_err;
364 }
365 }
366
367 while (count < len - 1) {
368 burstcnt = get_burstcount(chip);
369 if (burstcnt < 0) {
370 dev_err(&chip->dev, "Unable to read burstcount\n");
371 rc = burstcnt;
372 goto out_err;
373 }
374 burstcnt = min_t(int, burstcnt, len - count - 1);
375 rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
376 burstcnt, buf + count);
377 if (rc < 0)
378 goto out_err;
379
380 count += burstcnt;
381
382 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
383 &priv->int_queue, false) < 0) {
384 rc = -ETIME;
385 goto out_err;
386 }
387 status = tpm_tis_status(chip);
388 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
389 rc = -EIO;
390 goto out_err;
391 }
392 }
393
394 /* write last byte */
395 rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
396 if (rc < 0)
397 goto out_err;
398
399 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
400 &priv->int_queue, false) < 0) {
401 rc = -ETIME;
402 goto out_err;
403 }
404 status = tpm_tis_status(chip);
405 if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
406 rc = -EIO;
407 goto out_err;
408 }
409
410 return 0;
411
412 out_err:
413 tpm_tis_ready(chip);
414 return rc;
415 }
416
disable_interrupts(struct tpm_chip * chip)417 static void disable_interrupts(struct tpm_chip *chip)
418 {
419 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
420 u32 intmask;
421 int rc;
422
423 if (priv->irq == 0)
424 return;
425
426 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
427 if (rc < 0)
428 intmask = 0;
429
430 intmask &= ~TPM_GLOBAL_INT_ENABLE;
431 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
432
433 devm_free_irq(chip->dev.parent, priv->irq, chip);
434 priv->irq = 0;
435 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
436 }
437
438 /*
439 * If interrupts are used (signaled by an irq set in the vendor structure)
440 * tpm.c can skip polling for the data to be available as the interrupt is
441 * waited for here
442 */
tpm_tis_send_main(struct tpm_chip * chip,const u8 * buf,size_t len)443 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
444 {
445 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
446 int rc;
447 u32 ordinal;
448 unsigned long dur;
449
450 rc = tpm_tis_send_data(chip, buf, len);
451 if (rc < 0)
452 return rc;
453
454 rc = tpm_tis_verify_crc(priv, len, buf);
455 if (rc < 0) {
456 dev_err(&chip->dev, "CRC mismatch for command.\n");
457 return rc;
458 }
459
460 /* go and do it */
461 rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
462 if (rc < 0)
463 goto out_err;
464
465 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
466 ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
467
468 dur = tpm_calc_ordinal_duration(chip, ordinal);
469 if (wait_for_tpm_stat
470 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
471 &priv->read_queue, false) < 0) {
472 rc = -ETIME;
473 goto out_err;
474 }
475 }
476 return 0;
477 out_err:
478 tpm_tis_ready(chip);
479 return rc;
480 }
481
tpm_tis_send(struct tpm_chip * chip,u8 * buf,size_t len)482 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
483 {
484 int rc, irq;
485 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
486
487 if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
488 return tpm_tis_send_main(chip, buf, len);
489
490 /* Verify receipt of the expected IRQ */
491 irq = priv->irq;
492 priv->irq = 0;
493 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
494 rc = tpm_tis_send_main(chip, buf, len);
495 priv->irq = irq;
496 chip->flags |= TPM_CHIP_FLAG_IRQ;
497 if (!priv->irq_tested)
498 tpm_msleep(1);
499 if (!priv->irq_tested)
500 disable_interrupts(chip);
501 priv->irq_tested = true;
502 return rc;
503 }
504
505 struct tis_vendor_durations_override {
506 u32 did_vid;
507 struct tpm1_version version;
508 unsigned long durations[3];
509 };
510
511 static const struct tis_vendor_durations_override vendor_dur_overrides[] = {
512 /* STMicroelectronics 0x104a */
513 { 0x0000104a,
514 { 1, 2, 8, 28 },
515 { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } },
516 };
517
tpm_tis_update_durations(struct tpm_chip * chip,unsigned long * duration_cap)518 static void tpm_tis_update_durations(struct tpm_chip *chip,
519 unsigned long *duration_cap)
520 {
521 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
522 struct tpm1_version *version;
523 u32 did_vid;
524 int i, rc;
525 cap_t cap;
526
527 chip->duration_adjusted = false;
528
529 if (chip->ops->clk_enable != NULL)
530 chip->ops->clk_enable(chip, true);
531
532 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
533 if (rc < 0) {
534 dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n",
535 __func__, rc);
536 goto out;
537 }
538
539 /* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */
540 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap,
541 "attempting to determine the 1.2 version",
542 sizeof(cap.version2));
543 if (!rc) {
544 version = &cap.version2.version;
545 } else {
546 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap,
547 "attempting to determine the 1.1 version",
548 sizeof(cap.version1));
549
550 if (rc)
551 goto out;
552
553 version = &cap.version1;
554 }
555
556 for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) {
557 if (vendor_dur_overrides[i].did_vid != did_vid)
558 continue;
559
560 if ((version->major ==
561 vendor_dur_overrides[i].version.major) &&
562 (version->minor ==
563 vendor_dur_overrides[i].version.minor) &&
564 (version->rev_major ==
565 vendor_dur_overrides[i].version.rev_major) &&
566 (version->rev_minor ==
567 vendor_dur_overrides[i].version.rev_minor)) {
568
569 memcpy(duration_cap,
570 vendor_dur_overrides[i].durations,
571 sizeof(vendor_dur_overrides[i].durations));
572
573 chip->duration_adjusted = true;
574 goto out;
575 }
576 }
577
578 out:
579 if (chip->ops->clk_enable != NULL)
580 chip->ops->clk_enable(chip, false);
581 }
582
583 struct tis_vendor_timeout_override {
584 u32 did_vid;
585 unsigned long timeout_us[4];
586 };
587
588 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
589 /* Atmel 3204 */
590 { 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
591 (TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
592 };
593
tpm_tis_update_timeouts(struct tpm_chip * chip,unsigned long * timeout_cap)594 static void tpm_tis_update_timeouts(struct tpm_chip *chip,
595 unsigned long *timeout_cap)
596 {
597 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
598 int i, rc;
599 u32 did_vid;
600
601 chip->timeout_adjusted = false;
602
603 if (chip->ops->clk_enable != NULL)
604 chip->ops->clk_enable(chip, true);
605
606 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
607 if (rc < 0) {
608 dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n",
609 __func__, rc);
610 goto out;
611 }
612
613 for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
614 if (vendor_timeout_overrides[i].did_vid != did_vid)
615 continue;
616 memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
617 sizeof(vendor_timeout_overrides[i].timeout_us));
618 chip->timeout_adjusted = true;
619 }
620
621 out:
622 if (chip->ops->clk_enable != NULL)
623 chip->ops->clk_enable(chip, false);
624
625 return;
626 }
627
628 /*
629 * Early probing for iTPM with STS_DATA_EXPECT flaw.
630 * Try sending command without itpm flag set and if that
631 * fails, repeat with itpm flag set.
632 */
probe_itpm(struct tpm_chip * chip)633 static int probe_itpm(struct tpm_chip *chip)
634 {
635 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
636 int rc = 0;
637 static const u8 cmd_getticks[] = {
638 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
639 0x00, 0x00, 0x00, 0xf1
640 };
641 size_t len = sizeof(cmd_getticks);
642 u16 vendor;
643
644 if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
645 return 0;
646
647 rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
648 if (rc < 0)
649 return rc;
650
651 /* probe only iTPMS */
652 if (vendor != TPM_VID_INTEL)
653 return 0;
654
655 if (request_locality(chip, 0) != 0)
656 return -EBUSY;
657
658 rc = tpm_tis_send_data(chip, cmd_getticks, len);
659 if (rc == 0)
660 goto out;
661
662 tpm_tis_ready(chip);
663
664 priv->flags |= TPM_TIS_ITPM_WORKAROUND;
665
666 rc = tpm_tis_send_data(chip, cmd_getticks, len);
667 if (rc == 0)
668 dev_info(&chip->dev, "Detected an iTPM.\n");
669 else {
670 priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
671 rc = -EFAULT;
672 }
673
674 out:
675 tpm_tis_ready(chip);
676 release_locality(chip, priv->locality);
677
678 return rc;
679 }
680
tpm_tis_req_canceled(struct tpm_chip * chip,u8 status)681 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
682 {
683 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
684
685 switch (priv->manufacturer_id) {
686 case TPM_VID_WINBOND:
687 return ((status == TPM_STS_VALID) ||
688 (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
689 case TPM_VID_STM:
690 return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
691 default:
692 return (status == TPM_STS_COMMAND_READY);
693 }
694 }
695
tis_int_handler(int dummy,void * dev_id)696 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
697 {
698 struct tpm_chip *chip = dev_id;
699 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
700 u32 interrupt;
701 int i, rc;
702
703 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
704 if (rc < 0)
705 return IRQ_NONE;
706
707 if (interrupt == 0)
708 return IRQ_NONE;
709
710 priv->irq_tested = true;
711 if (interrupt & TPM_INTF_DATA_AVAIL_INT)
712 wake_up_interruptible(&priv->read_queue);
713 if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
714 for (i = 0; i < 5; i++)
715 if (check_locality(chip, i))
716 break;
717 if (interrupt &
718 (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
719 TPM_INTF_CMD_READY_INT))
720 wake_up_interruptible(&priv->int_queue);
721
722 /* Clear interrupts handled with TPM_EOI */
723 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
724 if (rc < 0)
725 return IRQ_NONE;
726
727 tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
728 return IRQ_HANDLED;
729 }
730
tpm_tis_gen_interrupt(struct tpm_chip * chip)731 static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
732 {
733 const char *desc = "attempting to generate an interrupt";
734 u32 cap2;
735 cap_t cap;
736 int ret;
737
738 ret = request_locality(chip, 0);
739 if (ret < 0)
740 return ret;
741
742 if (chip->flags & TPM_CHIP_FLAG_TPM2)
743 ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
744 else
745 ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
746
747 release_locality(chip, 0);
748
749 return ret;
750 }
751
752 /* Register the IRQ and issue a command that will cause an interrupt. If an
753 * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
754 * everything and leave in polling mode. Returns 0 on success.
755 */
tpm_tis_probe_irq_single(struct tpm_chip * chip,u32 intmask,int flags,int irq)756 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
757 int flags, int irq)
758 {
759 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
760 u8 original_int_vec;
761 int rc;
762 u32 int_status;
763
764 if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
765 dev_name(&chip->dev), chip) != 0) {
766 dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
767 irq);
768 return -1;
769 }
770 priv->irq = irq;
771
772 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
773 &original_int_vec);
774 if (rc < 0)
775 return rc;
776
777 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
778 if (rc < 0)
779 return rc;
780
781 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
782 if (rc < 0)
783 return rc;
784
785 /* Clear all existing */
786 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
787 if (rc < 0)
788 return rc;
789
790 /* Turn on */
791 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
792 intmask | TPM_GLOBAL_INT_ENABLE);
793 if (rc < 0)
794 return rc;
795
796 priv->irq_tested = false;
797
798 /* Generate an interrupt by having the core call through to
799 * tpm_tis_send
800 */
801 rc = tpm_tis_gen_interrupt(chip);
802 if (rc < 0)
803 return rc;
804
805 /* tpm_tis_send will either confirm the interrupt is working or it
806 * will call disable_irq which undoes all of the above.
807 */
808 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
809 rc = tpm_tis_write8(priv, original_int_vec,
810 TPM_INT_VECTOR(priv->locality));
811 if (rc < 0)
812 return rc;
813
814 return 1;
815 }
816
817 return 0;
818 }
819
820 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
821 * do not have ACPI/etc. We typically expect the interrupt to be declared if
822 * present.
823 */
tpm_tis_probe_irq(struct tpm_chip * chip,u32 intmask)824 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
825 {
826 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
827 u8 original_int_vec;
828 int i, rc;
829
830 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
831 &original_int_vec);
832 if (rc < 0)
833 return;
834
835 if (!original_int_vec) {
836 if (IS_ENABLED(CONFIG_X86))
837 for (i = 3; i <= 15; i++)
838 if (!tpm_tis_probe_irq_single(chip, intmask, 0,
839 i))
840 return;
841 } else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
842 original_int_vec))
843 return;
844 }
845
tpm_tis_remove(struct tpm_chip * chip)846 void tpm_tis_remove(struct tpm_chip *chip)
847 {
848 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
849 u32 reg = TPM_INT_ENABLE(priv->locality);
850 u32 interrupt;
851 int rc;
852
853 tpm_tis_clkrun_enable(chip, true);
854
855 rc = tpm_tis_read32(priv, reg, &interrupt);
856 if (rc < 0)
857 interrupt = 0;
858
859 tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
860
861 tpm_tis_clkrun_enable(chip, false);
862
863 if (priv->ilb_base_addr)
864 iounmap(priv->ilb_base_addr);
865 }
866 EXPORT_SYMBOL_GPL(tpm_tis_remove);
867
868 /**
869 * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
870 * of a single TPM command
871 * @chip: TPM chip to use
872 * @value: 1 - Disable CLKRUN protocol, so that clocks are free running
873 * 0 - Enable CLKRUN protocol
874 * Call this function directly in tpm_tis_remove() in error or driver removal
875 * path, since the chip->ops is set to NULL in tpm_chip_unregister().
876 */
tpm_tis_clkrun_enable(struct tpm_chip * chip,bool value)877 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
878 {
879 struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
880 u32 clkrun_val;
881
882 if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
883 !data->ilb_base_addr)
884 return;
885
886 if (value) {
887 data->clkrun_enabled++;
888 if (data->clkrun_enabled > 1)
889 return;
890 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
891
892 /* Disable LPC CLKRUN# */
893 clkrun_val &= ~LPC_CLKRUN_EN;
894 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
895
896 /*
897 * Write any random value on port 0x80 which is on LPC, to make
898 * sure LPC clock is running before sending any TPM command.
899 */
900 outb(0xCC, 0x80);
901 } else {
902 data->clkrun_enabled--;
903 if (data->clkrun_enabled)
904 return;
905
906 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
907
908 /* Enable LPC CLKRUN# */
909 clkrun_val |= LPC_CLKRUN_EN;
910 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
911
912 /*
913 * Write any random value on port 0x80 which is on LPC, to make
914 * sure LPC clock is running before sending any TPM command.
915 */
916 outb(0xCC, 0x80);
917 }
918 }
919
920 static const struct tpm_class_ops tpm_tis = {
921 .flags = TPM_OPS_AUTO_STARTUP,
922 .status = tpm_tis_status,
923 .recv = tpm_tis_recv,
924 .send = tpm_tis_send,
925 .cancel = tpm_tis_ready,
926 .update_timeouts = tpm_tis_update_timeouts,
927 .update_durations = tpm_tis_update_durations,
928 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
929 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
930 .req_canceled = tpm_tis_req_canceled,
931 .request_locality = request_locality,
932 .relinquish_locality = release_locality,
933 .clk_enable = tpm_tis_clkrun_enable,
934 };
935
tpm_tis_core_init(struct device * dev,struct tpm_tis_data * priv,int irq,const struct tpm_tis_phy_ops * phy_ops,acpi_handle acpi_dev_handle)936 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
937 const struct tpm_tis_phy_ops *phy_ops,
938 acpi_handle acpi_dev_handle)
939 {
940 u32 vendor;
941 u32 intfcaps;
942 u32 intmask;
943 u32 clkrun_val;
944 u8 rid;
945 int rc, probe;
946 struct tpm_chip *chip;
947
948 chip = tpmm_chip_alloc(dev, &tpm_tis);
949 if (IS_ERR(chip))
950 return PTR_ERR(chip);
951
952 #ifdef CONFIG_ACPI
953 chip->acpi_dev_handle = acpi_dev_handle;
954 #endif
955
956 chip->hwrng.quality = priv->rng_quality;
957
958 /* Maximum timeouts */
959 chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
960 chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
961 chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
962 chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
963 priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
964 priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
965 priv->phy_ops = phy_ops;
966
967 dev_set_drvdata(&chip->dev, priv);
968
969 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
970 if (rc < 0)
971 return rc;
972
973 priv->manufacturer_id = vendor;
974
975 if (priv->manufacturer_id == TPM_VID_ATML &&
976 !(chip->flags & TPM_CHIP_FLAG_TPM2)) {
977 priv->timeout_min = TIS_TIMEOUT_MIN_ATML;
978 priv->timeout_max = TIS_TIMEOUT_MAX_ATML;
979 }
980
981 if (is_bsw()) {
982 priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
983 ILB_REMAP_SIZE);
984 if (!priv->ilb_base_addr)
985 return -ENOMEM;
986
987 clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
988 /* Check if CLKRUN# is already not enabled in the LPC bus */
989 if (!(clkrun_val & LPC_CLKRUN_EN)) {
990 iounmap(priv->ilb_base_addr);
991 priv->ilb_base_addr = NULL;
992 }
993 }
994
995 if (chip->ops->clk_enable != NULL)
996 chip->ops->clk_enable(chip, true);
997
998 if (wait_startup(chip, 0) != 0) {
999 rc = -ENODEV;
1000 goto out_err;
1001 }
1002
1003 /* Take control of the TPM's interrupt hardware and shut it off */
1004 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1005 if (rc < 0)
1006 goto out_err;
1007
1008 intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
1009 TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
1010 intmask &= ~TPM_GLOBAL_INT_ENABLE;
1011
1012 rc = request_locality(chip, 0);
1013 if (rc < 0) {
1014 rc = -ENODEV;
1015 goto out_err;
1016 }
1017
1018 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1019 release_locality(chip, 0);
1020
1021 rc = tpm_chip_start(chip);
1022 if (rc)
1023 goto out_err;
1024 rc = tpm2_probe(chip);
1025 tpm_chip_stop(chip);
1026 if (rc)
1027 goto out_err;
1028
1029 rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
1030 if (rc < 0)
1031 goto out_err;
1032
1033 dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1034 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1035 vendor >> 16, rid);
1036
1037 probe = probe_itpm(chip);
1038 if (probe < 0) {
1039 rc = -ENODEV;
1040 goto out_err;
1041 }
1042
1043 /* Figure out the capabilities */
1044 rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1045 if (rc < 0)
1046 goto out_err;
1047
1048 dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1049 intfcaps);
1050 if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
1051 dev_dbg(dev, "\tBurst Count Static\n");
1052 if (intfcaps & TPM_INTF_CMD_READY_INT)
1053 dev_dbg(dev, "\tCommand Ready Int Support\n");
1054 if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
1055 dev_dbg(dev, "\tInterrupt Edge Falling\n");
1056 if (intfcaps & TPM_INTF_INT_EDGE_RISING)
1057 dev_dbg(dev, "\tInterrupt Edge Rising\n");
1058 if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
1059 dev_dbg(dev, "\tInterrupt Level Low\n");
1060 if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
1061 dev_dbg(dev, "\tInterrupt Level High\n");
1062 if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT)
1063 dev_dbg(dev, "\tLocality Change Int Support\n");
1064 if (intfcaps & TPM_INTF_STS_VALID_INT)
1065 dev_dbg(dev, "\tSts Valid Int Support\n");
1066 if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
1067 dev_dbg(dev, "\tData Avail Int Support\n");
1068
1069 /* INTERRUPT Setup */
1070 init_waitqueue_head(&priv->read_queue);
1071 init_waitqueue_head(&priv->int_queue);
1072 if (irq != -1) {
1073 /*
1074 * Before doing irq testing issue a command to the TPM in polling mode
1075 * to make sure it works. May as well use that command to set the
1076 * proper timeouts for the driver.
1077 */
1078
1079 rc = request_locality(chip, 0);
1080 if (rc < 0)
1081 goto out_err;
1082
1083 rc = tpm_get_timeouts(chip);
1084
1085 release_locality(chip, 0);
1086
1087 if (rc) {
1088 dev_err(dev, "Could not get TPM timeouts and durations\n");
1089 rc = -ENODEV;
1090 goto out_err;
1091 }
1092
1093 if (irq) {
1094 tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1095 irq);
1096 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
1097 dev_err(&chip->dev, FW_BUG
1098 "TPM interrupt not working, polling instead\n");
1099
1100 disable_interrupts(chip);
1101 }
1102 } else {
1103 tpm_tis_probe_irq(chip, intmask);
1104 }
1105 }
1106
1107 rc = tpm_chip_register(chip);
1108 if (rc)
1109 goto out_err;
1110
1111 if (chip->ops->clk_enable != NULL)
1112 chip->ops->clk_enable(chip, false);
1113
1114 return 0;
1115 out_err:
1116 if (chip->ops->clk_enable != NULL)
1117 chip->ops->clk_enable(chip, false);
1118
1119 tpm_tis_remove(chip);
1120
1121 return rc;
1122 }
1123 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
1124
1125 #ifdef CONFIG_PM_SLEEP
tpm_tis_reenable_interrupts(struct tpm_chip * chip)1126 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
1127 {
1128 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
1129 u32 intmask;
1130 int rc;
1131
1132 if (chip->ops->clk_enable != NULL)
1133 chip->ops->clk_enable(chip, true);
1134
1135 /* reenable interrupts that device may have lost or
1136 * BIOS/firmware may have disabled
1137 */
1138 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
1139 if (rc < 0)
1140 goto out;
1141
1142 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1143 if (rc < 0)
1144 goto out;
1145
1146 intmask |= TPM_INTF_CMD_READY_INT
1147 | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
1148 | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
1149
1150 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1151
1152 out:
1153 if (chip->ops->clk_enable != NULL)
1154 chip->ops->clk_enable(chip, false);
1155
1156 return;
1157 }
1158
tpm_tis_resume(struct device * dev)1159 int tpm_tis_resume(struct device *dev)
1160 {
1161 struct tpm_chip *chip = dev_get_drvdata(dev);
1162 int ret;
1163
1164 if (chip->flags & TPM_CHIP_FLAG_IRQ)
1165 tpm_tis_reenable_interrupts(chip);
1166
1167 ret = tpm_pm_resume(dev);
1168 if (ret)
1169 return ret;
1170
1171 /*
1172 * TPM 1.2 requires self-test on resume. This function actually returns
1173 * an error code but for unknown reason it isn't handled.
1174 */
1175 if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
1176 ret = request_locality(chip, 0);
1177 if (ret < 0)
1178 return ret;
1179
1180 tpm1_do_selftest(chip);
1181
1182 release_locality(chip, 0);
1183 }
1184
1185 return 0;
1186 }
1187 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1188 #endif
1189
1190 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1191 MODULE_DESCRIPTION("TPM Driver");
1192 MODULE_VERSION("2.0");
1193 MODULE_LICENSE("GPL");
1194