1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2005, 2006 IBM Corporation
4 * Copyright (C) 2014, 2015 Intel Corporation
5 *
6 * Authors:
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Kylene Hall <kjhall@us.ibm.com>
9 *
10 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11 *
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
14 *
15 * This device driver implements the TPM interface as defined in
16 * the TCG TPM Interface Spec version 1.2, revision 1.0.
17 */
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/pnp.h>
22 #include <linux/slab.h>
23 #include <linux/interrupt.h>
24 #include <linux/wait.h>
25 #include <linux/acpi.h>
26 #include <linux/freezer.h>
27 #include "tpm.h"
28 #include "tpm_tis_core.h"
29
30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
31
wait_for_tpm_stat_cond(struct tpm_chip * chip,u8 mask,bool check_cancel,bool * canceled)32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
33 bool check_cancel, bool *canceled)
34 {
35 u8 status = chip->ops->status(chip);
36
37 *canceled = false;
38 if ((status & mask) == mask)
39 return true;
40 if (check_cancel && chip->ops->req_canceled(chip, status)) {
41 *canceled = true;
42 return true;
43 }
44 return false;
45 }
46
wait_for_tpm_stat(struct tpm_chip * chip,u8 mask,unsigned long timeout,wait_queue_head_t * queue,bool check_cancel)47 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
48 unsigned long timeout, wait_queue_head_t *queue,
49 bool check_cancel)
50 {
51 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
52 unsigned long stop;
53 long rc;
54 u8 status;
55 bool canceled = false;
56
57 /* check current status */
58 status = chip->ops->status(chip);
59 if ((status & mask) == mask)
60 return 0;
61
62 stop = jiffies + timeout;
63
64 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
65 again:
66 timeout = stop - jiffies;
67 if ((long)timeout <= 0)
68 return -ETIME;
69 rc = wait_event_interruptible_timeout(*queue,
70 wait_for_tpm_stat_cond(chip, mask, check_cancel,
71 &canceled),
72 timeout);
73 if (rc > 0) {
74 if (canceled)
75 return -ECANCELED;
76 return 0;
77 }
78 if (rc == -ERESTARTSYS && freezing(current)) {
79 clear_thread_flag(TIF_SIGPENDING);
80 goto again;
81 }
82 } else {
83 do {
84 usleep_range(priv->timeout_min,
85 priv->timeout_max);
86 status = chip->ops->status(chip);
87 if ((status & mask) == mask)
88 return 0;
89 } while (time_before(jiffies, stop));
90 }
91 return -ETIME;
92 }
93
94 /* Before we attempt to access the TPM we must see that the valid bit is set.
95 * The specification says that this bit is 0 at reset and remains 0 until the
96 * 'TPM has gone through its self test and initialization and has established
97 * correct values in the other bits.'
98 */
wait_startup(struct tpm_chip * chip,int l)99 static int wait_startup(struct tpm_chip *chip, int l)
100 {
101 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
102 unsigned long stop = jiffies + chip->timeout_a;
103
104 do {
105 int rc;
106 u8 access;
107
108 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
109 if (rc < 0)
110 return rc;
111
112 if (access & TPM_ACCESS_VALID)
113 return 0;
114 tpm_msleep(TPM_TIMEOUT);
115 } while (time_before(jiffies, stop));
116 return -1;
117 }
118
check_locality(struct tpm_chip * chip,int l)119 static bool check_locality(struct tpm_chip *chip, int l)
120 {
121 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
122 int rc;
123 u8 access;
124
125 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
126 if (rc < 0)
127 return false;
128
129 if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
130 | TPM_ACCESS_REQUEST_USE)) ==
131 (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
132 priv->locality = l;
133 return true;
134 }
135
136 return false;
137 }
138
__tpm_tis_relinquish_locality(struct tpm_tis_data * priv,int l)139 static int __tpm_tis_relinquish_locality(struct tpm_tis_data *priv, int l)
140 {
141 tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
142
143 return 0;
144 }
145
tpm_tis_relinquish_locality(struct tpm_chip * chip,int l)146 static int tpm_tis_relinquish_locality(struct tpm_chip *chip, int l)
147 {
148 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
149
150 mutex_lock(&priv->locality_count_mutex);
151 priv->locality_count--;
152 if (priv->locality_count == 0)
153 __tpm_tis_relinquish_locality(priv, l);
154 mutex_unlock(&priv->locality_count_mutex);
155
156 return 0;
157 }
158
__tpm_tis_request_locality(struct tpm_chip * chip,int l)159 static int __tpm_tis_request_locality(struct tpm_chip *chip, int l)
160 {
161 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
162 unsigned long stop, timeout;
163 long rc;
164
165 if (check_locality(chip, l))
166 return l;
167
168 rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
169 if (rc < 0)
170 return rc;
171
172 stop = jiffies + chip->timeout_a;
173
174 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
175 again:
176 timeout = stop - jiffies;
177 if ((long)timeout <= 0)
178 return -1;
179 rc = wait_event_interruptible_timeout(priv->int_queue,
180 (check_locality
181 (chip, l)),
182 timeout);
183 if (rc > 0)
184 return l;
185 if (rc == -ERESTARTSYS && freezing(current)) {
186 clear_thread_flag(TIF_SIGPENDING);
187 goto again;
188 }
189 } else {
190 /* wait for burstcount */
191 do {
192 if (check_locality(chip, l))
193 return l;
194 tpm_msleep(TPM_TIMEOUT);
195 } while (time_before(jiffies, stop));
196 }
197 return -1;
198 }
199
tpm_tis_request_locality(struct tpm_chip * chip,int l)200 static int tpm_tis_request_locality(struct tpm_chip *chip, int l)
201 {
202 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
203 int ret = 0;
204
205 mutex_lock(&priv->locality_count_mutex);
206 if (priv->locality_count == 0)
207 ret = __tpm_tis_request_locality(chip, l);
208 if (!ret)
209 priv->locality_count++;
210 mutex_unlock(&priv->locality_count_mutex);
211 return ret;
212 }
213
tpm_tis_status(struct tpm_chip * chip)214 static u8 tpm_tis_status(struct tpm_chip *chip)
215 {
216 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
217 int rc;
218 u8 status;
219
220 rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
221 if (rc < 0)
222 return 0;
223
224 if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
225 if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
226 /*
227 * If this trips, the chances are the read is
228 * returning 0xff because the locality hasn't been
229 * acquired. Usually because tpm_try_get_ops() hasn't
230 * been called before doing a TPM operation.
231 */
232 dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
233 status);
234
235 /*
236 * Dump stack for forensics, as invalid TPM_STS.x could be
237 * potentially triggered by impaired tpm_try_get_ops() or
238 * tpm_find_get_ops().
239 */
240 dump_stack();
241 }
242
243 return 0;
244 }
245
246 return status;
247 }
248
tpm_tis_ready(struct tpm_chip * chip)249 static void tpm_tis_ready(struct tpm_chip *chip)
250 {
251 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
252
253 /* this causes the current command to be aborted */
254 tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
255 }
256
get_burstcount(struct tpm_chip * chip)257 static int get_burstcount(struct tpm_chip *chip)
258 {
259 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
260 unsigned long stop;
261 int burstcnt, rc;
262 u32 value;
263
264 /* wait for burstcount */
265 if (chip->flags & TPM_CHIP_FLAG_TPM2)
266 stop = jiffies + chip->timeout_a;
267 else
268 stop = jiffies + chip->timeout_d;
269 do {
270 rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
271 if (rc < 0)
272 return rc;
273
274 burstcnt = (value >> 8) & 0xFFFF;
275 if (burstcnt)
276 return burstcnt;
277 usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX);
278 } while (time_before(jiffies, stop));
279 return -EBUSY;
280 }
281
recv_data(struct tpm_chip * chip,u8 * buf,size_t count)282 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
283 {
284 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
285 int size = 0, burstcnt, rc;
286
287 while (size < count) {
288 rc = wait_for_tpm_stat(chip,
289 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
290 chip->timeout_c,
291 &priv->read_queue, true);
292 if (rc < 0)
293 return rc;
294 burstcnt = get_burstcount(chip);
295 if (burstcnt < 0) {
296 dev_err(&chip->dev, "Unable to read burstcount\n");
297 return burstcnt;
298 }
299 burstcnt = min_t(int, burstcnt, count - size);
300
301 rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
302 burstcnt, buf + size);
303 if (rc < 0)
304 return rc;
305
306 size += burstcnt;
307 }
308 return size;
309 }
310
tpm_tis_recv(struct tpm_chip * chip,u8 * buf,size_t count)311 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
312 {
313 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
314 int size = 0;
315 int status;
316 u32 expected;
317 int rc;
318
319 if (count < TPM_HEADER_SIZE) {
320 size = -EIO;
321 goto out;
322 }
323
324 size = recv_data(chip, buf, TPM_HEADER_SIZE);
325 /* read first 10 bytes, including tag, paramsize, and result */
326 if (size < TPM_HEADER_SIZE) {
327 dev_err(&chip->dev, "Unable to read header\n");
328 goto out;
329 }
330
331 expected = be32_to_cpu(*(__be32 *) (buf + 2));
332 if (expected > count || expected < TPM_HEADER_SIZE) {
333 size = -EIO;
334 goto out;
335 }
336
337 rc = recv_data(chip, &buf[TPM_HEADER_SIZE],
338 expected - TPM_HEADER_SIZE);
339 if (rc < 0) {
340 size = rc;
341 goto out;
342 }
343 size += rc;
344 if (size < expected) {
345 dev_err(&chip->dev, "Unable to read remainder of result\n");
346 size = -ETIME;
347 goto out;
348 }
349
350 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
351 &priv->int_queue, false) < 0) {
352 size = -ETIME;
353 goto out;
354 }
355 status = tpm_tis_status(chip);
356 if (status & TPM_STS_DATA_AVAIL) { /* retry? */
357 dev_err(&chip->dev, "Error left over data\n");
358 size = -EIO;
359 goto out;
360 }
361
362 out:
363 tpm_tis_ready(chip);
364 return size;
365 }
366
367 /*
368 * If interrupts are used (signaled by an irq set in the vendor structure)
369 * tpm.c can skip polling for the data to be available as the interrupt is
370 * waited for here
371 */
tpm_tis_send_data(struct tpm_chip * chip,const u8 * buf,size_t len)372 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
373 {
374 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
375 int rc, status, burstcnt;
376 size_t count = 0;
377 bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
378
379 status = tpm_tis_status(chip);
380 if ((status & TPM_STS_COMMAND_READY) == 0) {
381 tpm_tis_ready(chip);
382 if (wait_for_tpm_stat
383 (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
384 &priv->int_queue, false) < 0) {
385 rc = -ETIME;
386 goto out_err;
387 }
388 }
389
390 while (count < len - 1) {
391 burstcnt = get_burstcount(chip);
392 if (burstcnt < 0) {
393 dev_err(&chip->dev, "Unable to read burstcount\n");
394 rc = burstcnt;
395 goto out_err;
396 }
397 burstcnt = min_t(int, burstcnt, len - count - 1);
398 rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
399 burstcnt, buf + count);
400 if (rc < 0)
401 goto out_err;
402
403 count += burstcnt;
404
405 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
406 &priv->int_queue, false) < 0) {
407 rc = -ETIME;
408 goto out_err;
409 }
410 status = tpm_tis_status(chip);
411 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
412 rc = -EIO;
413 goto out_err;
414 }
415 }
416
417 /* write last byte */
418 rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
419 if (rc < 0)
420 goto out_err;
421
422 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
423 &priv->int_queue, false) < 0) {
424 rc = -ETIME;
425 goto out_err;
426 }
427 status = tpm_tis_status(chip);
428 if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
429 rc = -EIO;
430 goto out_err;
431 }
432
433 return 0;
434
435 out_err:
436 tpm_tis_ready(chip);
437 return rc;
438 }
439
disable_interrupts(struct tpm_chip * chip)440 static void disable_interrupts(struct tpm_chip *chip)
441 {
442 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
443 u32 intmask;
444 int rc;
445
446 if (priv->irq == 0)
447 return;
448
449 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
450 if (rc < 0)
451 intmask = 0;
452
453 intmask &= ~TPM_GLOBAL_INT_ENABLE;
454 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
455
456 devm_free_irq(chip->dev.parent, priv->irq, chip);
457 priv->irq = 0;
458 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
459 }
460
461 /*
462 * If interrupts are used (signaled by an irq set in the vendor structure)
463 * tpm.c can skip polling for the data to be available as the interrupt is
464 * waited for here
465 */
tpm_tis_send_main(struct tpm_chip * chip,const u8 * buf,size_t len)466 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
467 {
468 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
469 int rc;
470 u32 ordinal;
471 unsigned long dur;
472 unsigned int try;
473
474 for (try = 0; try < TPM_RETRY; try++) {
475 rc = tpm_tis_send_data(chip, buf, len);
476 if (rc >= 0)
477 /* Data transfer done successfully */
478 break;
479 else if (rc != -EIO)
480 /* Data transfer failed, not recoverable */
481 return rc;
482 }
483
484 /* go and do it */
485 rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
486 if (rc < 0)
487 goto out_err;
488
489 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
490 ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
491
492 dur = tpm_calc_ordinal_duration(chip, ordinal);
493 if (wait_for_tpm_stat
494 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
495 &priv->read_queue, false) < 0) {
496 rc = -ETIME;
497 goto out_err;
498 }
499 }
500 return 0;
501 out_err:
502 tpm_tis_ready(chip);
503 return rc;
504 }
505
tpm_tis_send(struct tpm_chip * chip,u8 * buf,size_t len)506 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
507 {
508 int rc, irq;
509 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
510
511 if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
512 return tpm_tis_send_main(chip, buf, len);
513
514 /* Verify receipt of the expected IRQ */
515 irq = priv->irq;
516 priv->irq = 0;
517 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
518 rc = tpm_tis_send_main(chip, buf, len);
519 priv->irq = irq;
520 chip->flags |= TPM_CHIP_FLAG_IRQ;
521 if (!priv->irq_tested)
522 tpm_msleep(1);
523 if (!priv->irq_tested)
524 disable_interrupts(chip);
525 priv->irq_tested = true;
526 return rc;
527 }
528
529 struct tis_vendor_durations_override {
530 u32 did_vid;
531 struct tpm1_version version;
532 unsigned long durations[3];
533 };
534
535 static const struct tis_vendor_durations_override vendor_dur_overrides[] = {
536 /* STMicroelectronics 0x104a */
537 { 0x0000104a,
538 { 1, 2, 8, 28 },
539 { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } },
540 };
541
tpm_tis_update_durations(struct tpm_chip * chip,unsigned long * duration_cap)542 static void tpm_tis_update_durations(struct tpm_chip *chip,
543 unsigned long *duration_cap)
544 {
545 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
546 struct tpm1_version *version;
547 u32 did_vid;
548 int i, rc;
549 cap_t cap;
550
551 chip->duration_adjusted = false;
552
553 if (chip->ops->clk_enable != NULL)
554 chip->ops->clk_enable(chip, true);
555
556 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
557 if (rc < 0) {
558 dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n",
559 __func__, rc);
560 goto out;
561 }
562
563 /* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */
564 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap,
565 "attempting to determine the 1.2 version",
566 sizeof(cap.version2));
567 if (!rc) {
568 version = &cap.version2.version;
569 } else {
570 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap,
571 "attempting to determine the 1.1 version",
572 sizeof(cap.version1));
573
574 if (rc)
575 goto out;
576
577 version = &cap.version1;
578 }
579
580 for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) {
581 if (vendor_dur_overrides[i].did_vid != did_vid)
582 continue;
583
584 if ((version->major ==
585 vendor_dur_overrides[i].version.major) &&
586 (version->minor ==
587 vendor_dur_overrides[i].version.minor) &&
588 (version->rev_major ==
589 vendor_dur_overrides[i].version.rev_major) &&
590 (version->rev_minor ==
591 vendor_dur_overrides[i].version.rev_minor)) {
592
593 memcpy(duration_cap,
594 vendor_dur_overrides[i].durations,
595 sizeof(vendor_dur_overrides[i].durations));
596
597 chip->duration_adjusted = true;
598 goto out;
599 }
600 }
601
602 out:
603 if (chip->ops->clk_enable != NULL)
604 chip->ops->clk_enable(chip, false);
605 }
606
607 struct tis_vendor_timeout_override {
608 u32 did_vid;
609 unsigned long timeout_us[4];
610 };
611
612 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
613 /* Atmel 3204 */
614 { 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
615 (TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
616 };
617
tpm_tis_update_timeouts(struct tpm_chip * chip,unsigned long * timeout_cap)618 static void tpm_tis_update_timeouts(struct tpm_chip *chip,
619 unsigned long *timeout_cap)
620 {
621 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
622 int i, rc;
623 u32 did_vid;
624
625 chip->timeout_adjusted = false;
626
627 if (chip->ops->clk_enable != NULL)
628 chip->ops->clk_enable(chip, true);
629
630 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
631 if (rc < 0) {
632 dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n",
633 __func__, rc);
634 goto out;
635 }
636
637 for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
638 if (vendor_timeout_overrides[i].did_vid != did_vid)
639 continue;
640 memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
641 sizeof(vendor_timeout_overrides[i].timeout_us));
642 chip->timeout_adjusted = true;
643 }
644
645 out:
646 if (chip->ops->clk_enable != NULL)
647 chip->ops->clk_enable(chip, false);
648
649 return;
650 }
651
652 /*
653 * Early probing for iTPM with STS_DATA_EXPECT flaw.
654 * Try sending command without itpm flag set and if that
655 * fails, repeat with itpm flag set.
656 */
probe_itpm(struct tpm_chip * chip)657 static int probe_itpm(struct tpm_chip *chip)
658 {
659 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
660 int rc = 0;
661 static const u8 cmd_getticks[] = {
662 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
663 0x00, 0x00, 0x00, 0xf1
664 };
665 size_t len = sizeof(cmd_getticks);
666 u16 vendor;
667
668 if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
669 return 0;
670
671 rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
672 if (rc < 0)
673 return rc;
674
675 /* probe only iTPMS */
676 if (vendor != TPM_VID_INTEL)
677 return 0;
678
679 if (tpm_tis_request_locality(chip, 0) != 0)
680 return -EBUSY;
681
682 rc = tpm_tis_send_data(chip, cmd_getticks, len);
683 if (rc == 0)
684 goto out;
685
686 tpm_tis_ready(chip);
687
688 priv->flags |= TPM_TIS_ITPM_WORKAROUND;
689
690 rc = tpm_tis_send_data(chip, cmd_getticks, len);
691 if (rc == 0)
692 dev_info(&chip->dev, "Detected an iTPM.\n");
693 else {
694 priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
695 rc = -EFAULT;
696 }
697
698 out:
699 tpm_tis_ready(chip);
700 tpm_tis_relinquish_locality(chip, priv->locality);
701
702 return rc;
703 }
704
tpm_tis_req_canceled(struct tpm_chip * chip,u8 status)705 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
706 {
707 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
708
709 switch (priv->manufacturer_id) {
710 case TPM_VID_WINBOND:
711 return ((status == TPM_STS_VALID) ||
712 (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
713 case TPM_VID_STM:
714 return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
715 default:
716 return (status == TPM_STS_COMMAND_READY);
717 }
718 }
719
tis_int_handler(int dummy,void * dev_id)720 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
721 {
722 struct tpm_chip *chip = dev_id;
723 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
724 u32 interrupt;
725 int i, rc;
726
727 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
728 if (rc < 0)
729 return IRQ_NONE;
730
731 if (interrupt == 0)
732 return IRQ_NONE;
733
734 priv->irq_tested = true;
735 if (interrupt & TPM_INTF_DATA_AVAIL_INT)
736 wake_up_interruptible(&priv->read_queue);
737 if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
738 for (i = 0; i < 5; i++)
739 if (check_locality(chip, i))
740 break;
741 if (interrupt &
742 (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
743 TPM_INTF_CMD_READY_INT))
744 wake_up_interruptible(&priv->int_queue);
745
746 /* Clear interrupts handled with TPM_EOI */
747 tpm_tis_request_locality(chip, 0);
748 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
749 tpm_tis_relinquish_locality(chip, 0);
750 if (rc < 0)
751 return IRQ_NONE;
752
753 tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
754 return IRQ_HANDLED;
755 }
756
tpm_tis_gen_interrupt(struct tpm_chip * chip)757 static void tpm_tis_gen_interrupt(struct tpm_chip *chip)
758 {
759 const char *desc = "attempting to generate an interrupt";
760 u32 cap2;
761 cap_t cap;
762 int ret;
763
764 if (chip->flags & TPM_CHIP_FLAG_TPM2)
765 ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
766 else
767 ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
768 }
769
770 /* Register the IRQ and issue a command that will cause an interrupt. If an
771 * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
772 * everything and leave in polling mode. Returns 0 on success.
773 */
tpm_tis_probe_irq_single(struct tpm_chip * chip,u32 intmask,int flags,int irq)774 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
775 int flags, int irq)
776 {
777 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
778 u8 original_int_vec;
779 int rc;
780 u32 int_status;
781
782
783 rc = devm_request_threaded_irq(chip->dev.parent, irq, NULL,
784 tis_int_handler, IRQF_ONESHOT | flags,
785 dev_name(&chip->dev), chip);
786 if (rc) {
787 dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
788 irq);
789 return -1;
790 }
791 priv->irq = irq;
792
793 rc = tpm_tis_request_locality(chip, 0);
794 if (rc < 0)
795 return rc;
796
797 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
798 &original_int_vec);
799 if (rc < 0) {
800 tpm_tis_relinquish_locality(chip, priv->locality);
801 return rc;
802 }
803
804 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
805 if (rc < 0)
806 goto restore_irqs;
807
808 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
809 if (rc < 0)
810 goto restore_irqs;
811
812 /* Clear all existing */
813 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
814 if (rc < 0)
815 goto restore_irqs;
816 /* Turn on */
817 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
818 intmask | TPM_GLOBAL_INT_ENABLE);
819 if (rc < 0)
820 goto restore_irqs;
821
822 priv->irq_tested = false;
823
824 /* Generate an interrupt by having the core call through to
825 * tpm_tis_send
826 */
827 tpm_tis_gen_interrupt(chip);
828
829 restore_irqs:
830 /* tpm_tis_send will either confirm the interrupt is working or it
831 * will call disable_irq which undoes all of the above.
832 */
833 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
834 tpm_tis_write8(priv, original_int_vec,
835 TPM_INT_VECTOR(priv->locality));
836 rc = -1;
837 }
838
839 tpm_tis_relinquish_locality(chip, priv->locality);
840
841 return rc;
842 }
843
844 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
845 * do not have ACPI/etc. We typically expect the interrupt to be declared if
846 * present.
847 */
tpm_tis_probe_irq(struct tpm_chip * chip,u32 intmask)848 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
849 {
850 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
851 u8 original_int_vec;
852 int i, rc;
853
854 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
855 &original_int_vec);
856 if (rc < 0)
857 return;
858
859 if (!original_int_vec) {
860 if (IS_ENABLED(CONFIG_X86))
861 for (i = 3; i <= 15; i++)
862 if (!tpm_tis_probe_irq_single(chip, intmask, 0,
863 i))
864 return;
865 } else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
866 original_int_vec))
867 return;
868 }
869
tpm_tis_remove(struct tpm_chip * chip)870 void tpm_tis_remove(struct tpm_chip *chip)
871 {
872 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
873 u32 reg = TPM_INT_ENABLE(priv->locality);
874 u32 interrupt;
875 int rc;
876
877 tpm_tis_clkrun_enable(chip, true);
878
879 rc = tpm_tis_read32(priv, reg, &interrupt);
880 if (rc < 0)
881 interrupt = 0;
882
883 tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
884
885 tpm_tis_clkrun_enable(chip, false);
886
887 if (priv->ilb_base_addr)
888 iounmap(priv->ilb_base_addr);
889 }
890 EXPORT_SYMBOL_GPL(tpm_tis_remove);
891
892 /**
893 * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
894 * of a single TPM command
895 * @chip: TPM chip to use
896 * @value: 1 - Disable CLKRUN protocol, so that clocks are free running
897 * 0 - Enable CLKRUN protocol
898 * Call this function directly in tpm_tis_remove() in error or driver removal
899 * path, since the chip->ops is set to NULL in tpm_chip_unregister().
900 */
tpm_tis_clkrun_enable(struct tpm_chip * chip,bool value)901 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
902 {
903 struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
904 u32 clkrun_val;
905
906 if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
907 !data->ilb_base_addr)
908 return;
909
910 if (value) {
911 data->clkrun_enabled++;
912 if (data->clkrun_enabled > 1)
913 return;
914 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
915
916 /* Disable LPC CLKRUN# */
917 clkrun_val &= ~LPC_CLKRUN_EN;
918 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
919
920 /*
921 * Write any random value on port 0x80 which is on LPC, to make
922 * sure LPC clock is running before sending any TPM command.
923 */
924 outb(0xCC, 0x80);
925 } else {
926 data->clkrun_enabled--;
927 if (data->clkrun_enabled)
928 return;
929
930 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
931
932 /* Enable LPC CLKRUN# */
933 clkrun_val |= LPC_CLKRUN_EN;
934 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
935
936 /*
937 * Write any random value on port 0x80 which is on LPC, to make
938 * sure LPC clock is running before sending any TPM command.
939 */
940 outb(0xCC, 0x80);
941 }
942 }
943
944 static const struct tpm_class_ops tpm_tis = {
945 .flags = TPM_OPS_AUTO_STARTUP,
946 .status = tpm_tis_status,
947 .recv = tpm_tis_recv,
948 .send = tpm_tis_send,
949 .cancel = tpm_tis_ready,
950 .update_timeouts = tpm_tis_update_timeouts,
951 .update_durations = tpm_tis_update_durations,
952 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
953 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
954 .req_canceled = tpm_tis_req_canceled,
955 .request_locality = tpm_tis_request_locality,
956 .relinquish_locality = tpm_tis_relinquish_locality,
957 .clk_enable = tpm_tis_clkrun_enable,
958 };
959
tpm_tis_core_init(struct device * dev,struct tpm_tis_data * priv,int irq,const struct tpm_tis_phy_ops * phy_ops,acpi_handle acpi_dev_handle)960 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
961 const struct tpm_tis_phy_ops *phy_ops,
962 acpi_handle acpi_dev_handle)
963 {
964 u32 vendor;
965 u32 intfcaps;
966 u32 intmask;
967 u32 clkrun_val;
968 u8 rid;
969 int rc, probe;
970 struct tpm_chip *chip;
971
972 chip = tpmm_chip_alloc(dev, &tpm_tis);
973 if (IS_ERR(chip))
974 return PTR_ERR(chip);
975
976 #ifdef CONFIG_ACPI
977 chip->acpi_dev_handle = acpi_dev_handle;
978 #endif
979
980 chip->hwrng.quality = priv->rng_quality;
981
982 /* Maximum timeouts */
983 chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
984 chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
985 chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
986 chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
987 priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
988 priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
989 priv->phy_ops = phy_ops;
990 priv->locality_count = 0;
991 mutex_init(&priv->locality_count_mutex);
992
993 dev_set_drvdata(&chip->dev, priv);
994
995 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
996 if (rc < 0)
997 return rc;
998
999 priv->manufacturer_id = vendor;
1000
1001 if (priv->manufacturer_id == TPM_VID_ATML &&
1002 !(chip->flags & TPM_CHIP_FLAG_TPM2)) {
1003 priv->timeout_min = TIS_TIMEOUT_MIN_ATML;
1004 priv->timeout_max = TIS_TIMEOUT_MAX_ATML;
1005 }
1006
1007 if (is_bsw()) {
1008 priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
1009 ILB_REMAP_SIZE);
1010 if (!priv->ilb_base_addr)
1011 return -ENOMEM;
1012
1013 clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
1014 /* Check if CLKRUN# is already not enabled in the LPC bus */
1015 if (!(clkrun_val & LPC_CLKRUN_EN)) {
1016 iounmap(priv->ilb_base_addr);
1017 priv->ilb_base_addr = NULL;
1018 }
1019 }
1020
1021 if (chip->ops->clk_enable != NULL)
1022 chip->ops->clk_enable(chip, true);
1023
1024 if (wait_startup(chip, 0) != 0) {
1025 rc = -ENODEV;
1026 goto out_err;
1027 }
1028
1029 /* Take control of the TPM's interrupt hardware and shut it off */
1030 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1031 if (rc < 0)
1032 goto out_err;
1033
1034 intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
1035 TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
1036 intmask &= ~TPM_GLOBAL_INT_ENABLE;
1037
1038 rc = tpm_tis_request_locality(chip, 0);
1039 if (rc < 0) {
1040 rc = -ENODEV;
1041 goto out_err;
1042 }
1043
1044 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1045 tpm_tis_relinquish_locality(chip, 0);
1046
1047 rc = tpm_chip_start(chip);
1048 if (rc)
1049 goto out_err;
1050 rc = tpm2_probe(chip);
1051 tpm_chip_stop(chip);
1052 if (rc)
1053 goto out_err;
1054
1055 rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
1056 if (rc < 0)
1057 goto out_err;
1058
1059 dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1060 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1061 vendor >> 16, rid);
1062
1063 probe = probe_itpm(chip);
1064 if (probe < 0) {
1065 rc = -ENODEV;
1066 goto out_err;
1067 }
1068
1069 /* Figure out the capabilities */
1070 rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1071 if (rc < 0)
1072 goto out_err;
1073
1074 dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1075 intfcaps);
1076 if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
1077 dev_dbg(dev, "\tBurst Count Static\n");
1078 if (intfcaps & TPM_INTF_CMD_READY_INT)
1079 dev_dbg(dev, "\tCommand Ready Int Support\n");
1080 if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
1081 dev_dbg(dev, "\tInterrupt Edge Falling\n");
1082 if (intfcaps & TPM_INTF_INT_EDGE_RISING)
1083 dev_dbg(dev, "\tInterrupt Edge Rising\n");
1084 if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
1085 dev_dbg(dev, "\tInterrupt Level Low\n");
1086 if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
1087 dev_dbg(dev, "\tInterrupt Level High\n");
1088 if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT)
1089 dev_dbg(dev, "\tLocality Change Int Support\n");
1090 if (intfcaps & TPM_INTF_STS_VALID_INT)
1091 dev_dbg(dev, "\tSts Valid Int Support\n");
1092 if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
1093 dev_dbg(dev, "\tData Avail Int Support\n");
1094
1095 /* INTERRUPT Setup */
1096 init_waitqueue_head(&priv->read_queue);
1097 init_waitqueue_head(&priv->int_queue);
1098 if (irq != -1) {
1099 /*
1100 * Before doing irq testing issue a command to the TPM in polling mode
1101 * to make sure it works. May as well use that command to set the
1102 * proper timeouts for the driver.
1103 */
1104
1105 rc = tpm_tis_request_locality(chip, 0);
1106 if (rc < 0)
1107 goto out_err;
1108
1109 rc = tpm_get_timeouts(chip);
1110
1111 tpm_tis_relinquish_locality(chip, 0);
1112
1113 if (rc) {
1114 dev_err(dev, "Could not get TPM timeouts and durations\n");
1115 rc = -ENODEV;
1116 goto out_err;
1117 }
1118
1119 if (irq)
1120 tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1121 irq);
1122 else
1123 tpm_tis_probe_irq(chip, intmask);
1124
1125 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
1126 dev_err(&chip->dev, FW_BUG
1127 "TPM interrupt not working, polling instead\n");
1128
1129 rc = tpm_tis_request_locality(chip, 0);
1130 if (rc < 0)
1131 goto out_err;
1132 disable_interrupts(chip);
1133 tpm_tis_relinquish_locality(chip, 0);
1134 }
1135 }
1136
1137 rc = tpm_chip_register(chip);
1138 if (rc)
1139 goto out_err;
1140
1141 if (chip->ops->clk_enable != NULL)
1142 chip->ops->clk_enable(chip, false);
1143
1144 return 0;
1145 out_err:
1146 if (chip->ops->clk_enable != NULL)
1147 chip->ops->clk_enable(chip, false);
1148
1149 tpm_tis_remove(chip);
1150
1151 return rc;
1152 }
1153 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
1154
1155 #ifdef CONFIG_PM_SLEEP
tpm_tis_reenable_interrupts(struct tpm_chip * chip)1156 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
1157 {
1158 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
1159 u32 intmask;
1160 int rc;
1161
1162 if (chip->ops->clk_enable != NULL)
1163 chip->ops->clk_enable(chip, true);
1164
1165 /* reenable interrupts that device may have lost or
1166 * BIOS/firmware may have disabled
1167 */
1168 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
1169 if (rc < 0)
1170 goto out;
1171
1172 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1173 if (rc < 0)
1174 goto out;
1175
1176 intmask |= TPM_INTF_CMD_READY_INT
1177 | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
1178 | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
1179
1180 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1181
1182 out:
1183 if (chip->ops->clk_enable != NULL)
1184 chip->ops->clk_enable(chip, false);
1185
1186 return;
1187 }
1188
tpm_tis_resume(struct device * dev)1189 int tpm_tis_resume(struct device *dev)
1190 {
1191 struct tpm_chip *chip = dev_get_drvdata(dev);
1192 int ret;
1193
1194 ret = tpm_tis_request_locality(chip, 0);
1195 if (ret < 0)
1196 return ret;
1197
1198 if (chip->flags & TPM_CHIP_FLAG_IRQ)
1199 tpm_tis_reenable_interrupts(chip);
1200
1201 ret = tpm_pm_resume(dev);
1202 if (ret)
1203 goto out;
1204
1205 /*
1206 * TPM 1.2 requires self-test on resume. This function actually returns
1207 * an error code but for unknown reason it isn't handled.
1208 */
1209 if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
1210 tpm1_do_selftest(chip);
1211 out:
1212 tpm_tis_relinquish_locality(chip, 0);
1213
1214 return ret;
1215 }
1216 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1217 #endif
1218
1219 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1220 MODULE_DESCRIPTION("TPM Driver");
1221 MODULE_VERSION("2.0");
1222 MODULE_LICENSE("GPL");
1223