1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2005, 2006 IBM Corporation
4 * Copyright (C) 2014, 2015 Intel Corporation
5 *
6 * Authors:
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Kylene Hall <kjhall@us.ibm.com>
9 *
10 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11 *
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
14 *
15 * This device driver implements the TPM interface as defined in
16 * the TCG TPM Interface Spec version 1.2, revision 1.0.
17 */
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/pnp.h>
22 #include <linux/slab.h>
23 #include <linux/interrupt.h>
24 #include <linux/wait.h>
25 #include <linux/acpi.h>
26 #include <linux/freezer.h>
27 #include "tpm.h"
28 #include "tpm_tis_core.h"
29
30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
31
wait_for_tpm_stat_cond(struct tpm_chip * chip,u8 mask,bool check_cancel,bool * canceled)32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
33 bool check_cancel, bool *canceled)
34 {
35 u8 status = chip->ops->status(chip);
36
37 *canceled = false;
38 if ((status & mask) == mask)
39 return true;
40 if (check_cancel && chip->ops->req_canceled(chip, status)) {
41 *canceled = true;
42 return true;
43 }
44 return false;
45 }
46
wait_for_tpm_stat(struct tpm_chip * chip,u8 mask,unsigned long timeout,wait_queue_head_t * queue,bool check_cancel)47 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
48 unsigned long timeout, wait_queue_head_t *queue,
49 bool check_cancel)
50 {
51 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
52 unsigned long stop;
53 long rc;
54 u8 status;
55 bool canceled = false;
56 u8 sts_mask = 0;
57 int ret = 0;
58
59 /* check current status */
60 status = chip->ops->status(chip);
61 if ((status & mask) == mask)
62 return 0;
63
64 /* check what status changes can be handled by irqs */
65 if (priv->int_mask & TPM_INTF_STS_VALID_INT)
66 sts_mask |= TPM_STS_VALID;
67
68 if (priv->int_mask & TPM_INTF_DATA_AVAIL_INT)
69 sts_mask |= TPM_STS_DATA_AVAIL;
70
71 if (priv->int_mask & TPM_INTF_CMD_READY_INT)
72 sts_mask |= TPM_STS_COMMAND_READY;
73
74 sts_mask &= mask;
75
76 stop = jiffies + timeout;
77 /* process status changes with irq support */
78 if (sts_mask) {
79 ret = -ETIME;
80 again:
81 timeout = stop - jiffies;
82 if ((long)timeout <= 0)
83 return -ETIME;
84 rc = wait_event_interruptible_timeout(*queue,
85 wait_for_tpm_stat_cond(chip, sts_mask, check_cancel,
86 &canceled),
87 timeout);
88 if (rc > 0) {
89 if (canceled)
90 return -ECANCELED;
91 ret = 0;
92 }
93 if (rc == -ERESTARTSYS && freezing(current)) {
94 clear_thread_flag(TIF_SIGPENDING);
95 goto again;
96 }
97 }
98
99 if (ret)
100 return ret;
101
102 mask &= ~sts_mask;
103 if (!mask) /* all done */
104 return 0;
105 /* process status changes without irq support */
106 do {
107 status = chip->ops->status(chip);
108 if ((status & mask) == mask)
109 return 0;
110 usleep_range(priv->timeout_min,
111 priv->timeout_max);
112 } while (time_before(jiffies, stop));
113 return -ETIME;
114 }
115
116 /* Before we attempt to access the TPM we must see that the valid bit is set.
117 * The specification says that this bit is 0 at reset and remains 0 until the
118 * 'TPM has gone through its self test and initialization and has established
119 * correct values in the other bits.'
120 */
wait_startup(struct tpm_chip * chip,int l)121 static int wait_startup(struct tpm_chip *chip, int l)
122 {
123 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
124 unsigned long stop = jiffies + chip->timeout_a;
125
126 do {
127 int rc;
128 u8 access;
129
130 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
131 if (rc < 0)
132 return rc;
133
134 if (access & TPM_ACCESS_VALID)
135 return 0;
136 tpm_msleep(TPM_TIMEOUT);
137 } while (time_before(jiffies, stop));
138 return -1;
139 }
140
check_locality(struct tpm_chip * chip,int l)141 static bool check_locality(struct tpm_chip *chip, int l)
142 {
143 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
144 int rc;
145 u8 access;
146
147 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
148 if (rc < 0)
149 return false;
150
151 if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
152 | TPM_ACCESS_REQUEST_USE)) ==
153 (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
154 priv->locality = l;
155 return true;
156 }
157
158 return false;
159 }
160
__tpm_tis_relinquish_locality(struct tpm_tis_data * priv,int l)161 static int __tpm_tis_relinquish_locality(struct tpm_tis_data *priv, int l)
162 {
163 tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
164
165 return 0;
166 }
167
tpm_tis_relinquish_locality(struct tpm_chip * chip,int l)168 static int tpm_tis_relinquish_locality(struct tpm_chip *chip, int l)
169 {
170 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
171
172 mutex_lock(&priv->locality_count_mutex);
173 priv->locality_count--;
174 if (priv->locality_count == 0)
175 __tpm_tis_relinquish_locality(priv, l);
176 mutex_unlock(&priv->locality_count_mutex);
177
178 return 0;
179 }
180
__tpm_tis_request_locality(struct tpm_chip * chip,int l)181 static int __tpm_tis_request_locality(struct tpm_chip *chip, int l)
182 {
183 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
184 unsigned long stop, timeout;
185 long rc;
186
187 if (check_locality(chip, l))
188 return l;
189
190 rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
191 if (rc < 0)
192 return rc;
193
194 stop = jiffies + chip->timeout_a;
195
196 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
197 again:
198 timeout = stop - jiffies;
199 if ((long)timeout <= 0)
200 return -1;
201 rc = wait_event_interruptible_timeout(priv->int_queue,
202 (check_locality
203 (chip, l)),
204 timeout);
205 if (rc > 0)
206 return l;
207 if (rc == -ERESTARTSYS && freezing(current)) {
208 clear_thread_flag(TIF_SIGPENDING);
209 goto again;
210 }
211 } else {
212 /* wait for burstcount */
213 do {
214 if (check_locality(chip, l))
215 return l;
216 tpm_msleep(TPM_TIMEOUT);
217 } while (time_before(jiffies, stop));
218 }
219 return -1;
220 }
221
tpm_tis_request_locality(struct tpm_chip * chip,int l)222 static int tpm_tis_request_locality(struct tpm_chip *chip, int l)
223 {
224 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
225 int ret = 0;
226
227 mutex_lock(&priv->locality_count_mutex);
228 if (priv->locality_count == 0)
229 ret = __tpm_tis_request_locality(chip, l);
230 if (!ret)
231 priv->locality_count++;
232 mutex_unlock(&priv->locality_count_mutex);
233 return ret;
234 }
235
tpm_tis_status(struct tpm_chip * chip)236 static u8 tpm_tis_status(struct tpm_chip *chip)
237 {
238 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
239 int rc;
240 u8 status;
241
242 rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
243 if (rc < 0)
244 return 0;
245
246 if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
247 if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
248 /*
249 * If this trips, the chances are the read is
250 * returning 0xff because the locality hasn't been
251 * acquired. Usually because tpm_try_get_ops() hasn't
252 * been called before doing a TPM operation.
253 */
254 dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
255 status);
256
257 /*
258 * Dump stack for forensics, as invalid TPM_STS.x could be
259 * potentially triggered by impaired tpm_try_get_ops() or
260 * tpm_find_get_ops().
261 */
262 dump_stack();
263 }
264
265 return 0;
266 }
267
268 return status;
269 }
270
tpm_tis_ready(struct tpm_chip * chip)271 static void tpm_tis_ready(struct tpm_chip *chip)
272 {
273 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
274
275 /* this causes the current command to be aborted */
276 tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
277 }
278
get_burstcount(struct tpm_chip * chip)279 static int get_burstcount(struct tpm_chip *chip)
280 {
281 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
282 unsigned long stop;
283 int burstcnt, rc;
284 u32 value;
285
286 /* wait for burstcount */
287 if (chip->flags & TPM_CHIP_FLAG_TPM2)
288 stop = jiffies + chip->timeout_a;
289 else
290 stop = jiffies + chip->timeout_d;
291 do {
292 rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
293 if (rc < 0)
294 return rc;
295
296 burstcnt = (value >> 8) & 0xFFFF;
297 if (burstcnt)
298 return burstcnt;
299 usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX);
300 } while (time_before(jiffies, stop));
301 return -EBUSY;
302 }
303
recv_data(struct tpm_chip * chip,u8 * buf,size_t count)304 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
305 {
306 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
307 int size = 0, burstcnt, rc;
308
309 while (size < count) {
310 rc = wait_for_tpm_stat(chip,
311 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
312 chip->timeout_c,
313 &priv->read_queue, true);
314 if (rc < 0)
315 return rc;
316 burstcnt = get_burstcount(chip);
317 if (burstcnt < 0) {
318 dev_err(&chip->dev, "Unable to read burstcount\n");
319 return burstcnt;
320 }
321 burstcnt = min_t(int, burstcnt, count - size);
322
323 rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
324 burstcnt, buf + size);
325 if (rc < 0)
326 return rc;
327
328 size += burstcnt;
329 }
330 return size;
331 }
332
tpm_tis_recv(struct tpm_chip * chip,u8 * buf,size_t count)333 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
334 {
335 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
336 int size = 0;
337 int status;
338 u32 expected;
339 int rc;
340
341 if (count < TPM_HEADER_SIZE) {
342 size = -EIO;
343 goto out;
344 }
345
346 size = recv_data(chip, buf, TPM_HEADER_SIZE);
347 /* read first 10 bytes, including tag, paramsize, and result */
348 if (size < TPM_HEADER_SIZE) {
349 dev_err(&chip->dev, "Unable to read header\n");
350 goto out;
351 }
352
353 expected = be32_to_cpu(*(__be32 *) (buf + 2));
354 if (expected > count || expected < TPM_HEADER_SIZE) {
355 size = -EIO;
356 goto out;
357 }
358
359 rc = recv_data(chip, &buf[TPM_HEADER_SIZE],
360 expected - TPM_HEADER_SIZE);
361 if (rc < 0) {
362 size = rc;
363 goto out;
364 }
365 size += rc;
366 if (size < expected) {
367 dev_err(&chip->dev, "Unable to read remainder of result\n");
368 size = -ETIME;
369 goto out;
370 }
371
372 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
373 &priv->int_queue, false) < 0) {
374 size = -ETIME;
375 goto out;
376 }
377 status = tpm_tis_status(chip);
378 if (status & TPM_STS_DATA_AVAIL) { /* retry? */
379 dev_err(&chip->dev, "Error left over data\n");
380 size = -EIO;
381 goto out;
382 }
383
384 rc = tpm_tis_verify_crc(priv, (size_t)size, buf);
385 if (rc < 0) {
386 dev_err(&chip->dev, "CRC mismatch for response.\n");
387 size = rc;
388 goto out;
389 }
390
391 out:
392 tpm_tis_ready(chip);
393 return size;
394 }
395
396 /*
397 * If interrupts are used (signaled by an irq set in the vendor structure)
398 * tpm.c can skip polling for the data to be available as the interrupt is
399 * waited for here
400 */
tpm_tis_send_data(struct tpm_chip * chip,const u8 * buf,size_t len)401 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
402 {
403 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
404 int rc, status, burstcnt;
405 size_t count = 0;
406 bool itpm = test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
407
408 status = tpm_tis_status(chip);
409 if ((status & TPM_STS_COMMAND_READY) == 0) {
410 tpm_tis_ready(chip);
411 if (wait_for_tpm_stat
412 (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
413 &priv->int_queue, false) < 0) {
414 rc = -ETIME;
415 goto out_err;
416 }
417 }
418
419 while (count < len - 1) {
420 burstcnt = get_burstcount(chip);
421 if (burstcnt < 0) {
422 dev_err(&chip->dev, "Unable to read burstcount\n");
423 rc = burstcnt;
424 goto out_err;
425 }
426 burstcnt = min_t(int, burstcnt, len - count - 1);
427 rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
428 burstcnt, buf + count);
429 if (rc < 0)
430 goto out_err;
431
432 count += burstcnt;
433
434 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
435 &priv->int_queue, false) < 0) {
436 rc = -ETIME;
437 goto out_err;
438 }
439 status = tpm_tis_status(chip);
440 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
441 rc = -EIO;
442 goto out_err;
443 }
444 }
445
446 /* write last byte */
447 rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
448 if (rc < 0)
449 goto out_err;
450
451 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
452 &priv->int_queue, false) < 0) {
453 rc = -ETIME;
454 goto out_err;
455 }
456 status = tpm_tis_status(chip);
457 if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
458 rc = -EIO;
459 goto out_err;
460 }
461
462 return 0;
463
464 out_err:
465 tpm_tis_ready(chip);
466 return rc;
467 }
468
disable_interrupts(struct tpm_chip * chip)469 static void disable_interrupts(struct tpm_chip *chip)
470 {
471 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
472 u32 intmask;
473 int rc;
474
475 if (priv->irq == 0)
476 return;
477
478 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
479 if (rc < 0)
480 intmask = 0;
481
482 intmask &= ~TPM_GLOBAL_INT_ENABLE;
483 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
484
485 devm_free_irq(chip->dev.parent, priv->irq, chip);
486 priv->irq = 0;
487 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
488 }
489
490 /*
491 * If interrupts are used (signaled by an irq set in the vendor structure)
492 * tpm.c can skip polling for the data to be available as the interrupt is
493 * waited for here
494 */
tpm_tis_send_main(struct tpm_chip * chip,const u8 * buf,size_t len)495 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
496 {
497 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
498 int rc;
499 u32 ordinal;
500 unsigned long dur;
501 unsigned int try;
502
503 for (try = 0; try < TPM_RETRY; try++) {
504 rc = tpm_tis_send_data(chip, buf, len);
505 if (rc >= 0)
506 /* Data transfer done successfully */
507 break;
508 else if (rc != -EIO)
509 /* Data transfer failed, not recoverable */
510 return rc;
511 }
512
513 rc = tpm_tis_verify_crc(priv, len, buf);
514 if (rc < 0) {
515 dev_err(&chip->dev, "CRC mismatch for command.\n");
516 return rc;
517 }
518
519 /* go and do it */
520 rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
521 if (rc < 0)
522 goto out_err;
523
524 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
525 ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
526
527 dur = tpm_calc_ordinal_duration(chip, ordinal);
528 if (wait_for_tpm_stat
529 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
530 &priv->read_queue, false) < 0) {
531 rc = -ETIME;
532 goto out_err;
533 }
534 }
535 return 0;
536 out_err:
537 tpm_tis_ready(chip);
538 return rc;
539 }
540
tpm_tis_send(struct tpm_chip * chip,u8 * buf,size_t len)541 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
542 {
543 int rc, irq;
544 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
545
546 if (!(chip->flags & TPM_CHIP_FLAG_IRQ) ||
547 test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
548 return tpm_tis_send_main(chip, buf, len);
549
550 /* Verify receipt of the expected IRQ */
551 irq = priv->irq;
552 priv->irq = 0;
553 chip->flags &= ~TPM_CHIP_FLAG_IRQ;
554 rc = tpm_tis_send_main(chip, buf, len);
555 priv->irq = irq;
556 chip->flags |= TPM_CHIP_FLAG_IRQ;
557 if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
558 tpm_msleep(1);
559 if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags))
560 disable_interrupts(chip);
561 set_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
562 return rc;
563 }
564
565 struct tis_vendor_durations_override {
566 u32 did_vid;
567 struct tpm1_version version;
568 unsigned long durations[3];
569 };
570
571 static const struct tis_vendor_durations_override vendor_dur_overrides[] = {
572 /* STMicroelectronics 0x104a */
573 { 0x0000104a,
574 { 1, 2, 8, 28 },
575 { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } },
576 };
577
tpm_tis_update_durations(struct tpm_chip * chip,unsigned long * duration_cap)578 static void tpm_tis_update_durations(struct tpm_chip *chip,
579 unsigned long *duration_cap)
580 {
581 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
582 struct tpm1_version *version;
583 u32 did_vid;
584 int i, rc;
585 cap_t cap;
586
587 chip->duration_adjusted = false;
588
589 if (chip->ops->clk_enable != NULL)
590 chip->ops->clk_enable(chip, true);
591
592 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
593 if (rc < 0) {
594 dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n",
595 __func__, rc);
596 goto out;
597 }
598
599 /* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */
600 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap,
601 "attempting to determine the 1.2 version",
602 sizeof(cap.version2));
603 if (!rc) {
604 version = &cap.version2.version;
605 } else {
606 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap,
607 "attempting to determine the 1.1 version",
608 sizeof(cap.version1));
609
610 if (rc)
611 goto out;
612
613 version = &cap.version1;
614 }
615
616 for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) {
617 if (vendor_dur_overrides[i].did_vid != did_vid)
618 continue;
619
620 if ((version->major ==
621 vendor_dur_overrides[i].version.major) &&
622 (version->minor ==
623 vendor_dur_overrides[i].version.minor) &&
624 (version->rev_major ==
625 vendor_dur_overrides[i].version.rev_major) &&
626 (version->rev_minor ==
627 vendor_dur_overrides[i].version.rev_minor)) {
628
629 memcpy(duration_cap,
630 vendor_dur_overrides[i].durations,
631 sizeof(vendor_dur_overrides[i].durations));
632
633 chip->duration_adjusted = true;
634 goto out;
635 }
636 }
637
638 out:
639 if (chip->ops->clk_enable != NULL)
640 chip->ops->clk_enable(chip, false);
641 }
642
643 struct tis_vendor_timeout_override {
644 u32 did_vid;
645 unsigned long timeout_us[4];
646 };
647
648 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
649 /* Atmel 3204 */
650 { 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
651 (TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
652 };
653
tpm_tis_update_timeouts(struct tpm_chip * chip,unsigned long * timeout_cap)654 static void tpm_tis_update_timeouts(struct tpm_chip *chip,
655 unsigned long *timeout_cap)
656 {
657 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
658 int i, rc;
659 u32 did_vid;
660
661 chip->timeout_adjusted = false;
662
663 if (chip->ops->clk_enable != NULL)
664 chip->ops->clk_enable(chip, true);
665
666 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
667 if (rc < 0) {
668 dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n",
669 __func__, rc);
670 goto out;
671 }
672
673 for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
674 if (vendor_timeout_overrides[i].did_vid != did_vid)
675 continue;
676 memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
677 sizeof(vendor_timeout_overrides[i].timeout_us));
678 chip->timeout_adjusted = true;
679 }
680
681 out:
682 if (chip->ops->clk_enable != NULL)
683 chip->ops->clk_enable(chip, false);
684
685 return;
686 }
687
688 /*
689 * Early probing for iTPM with STS_DATA_EXPECT flaw.
690 * Try sending command without itpm flag set and if that
691 * fails, repeat with itpm flag set.
692 */
probe_itpm(struct tpm_chip * chip)693 static int probe_itpm(struct tpm_chip *chip)
694 {
695 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
696 int rc = 0;
697 static const u8 cmd_getticks[] = {
698 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
699 0x00, 0x00, 0x00, 0xf1
700 };
701 size_t len = sizeof(cmd_getticks);
702 u16 vendor;
703
704 if (test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags))
705 return 0;
706
707 rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
708 if (rc < 0)
709 return rc;
710
711 /* probe only iTPMS */
712 if (vendor != TPM_VID_INTEL)
713 return 0;
714
715 if (tpm_tis_request_locality(chip, 0) != 0)
716 return -EBUSY;
717
718 rc = tpm_tis_send_data(chip, cmd_getticks, len);
719 if (rc == 0)
720 goto out;
721
722 tpm_tis_ready(chip);
723
724 set_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
725
726 rc = tpm_tis_send_data(chip, cmd_getticks, len);
727 if (rc == 0)
728 dev_info(&chip->dev, "Detected an iTPM.\n");
729 else {
730 clear_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags);
731 rc = -EFAULT;
732 }
733
734 out:
735 tpm_tis_ready(chip);
736 tpm_tis_relinquish_locality(chip, priv->locality);
737
738 return rc;
739 }
740
tpm_tis_req_canceled(struct tpm_chip * chip,u8 status)741 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
742 {
743 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
744
745 if (!test_bit(TPM_TIS_DEFAULT_CANCELLATION, &priv->flags)) {
746 switch (priv->manufacturer_id) {
747 case TPM_VID_WINBOND:
748 return ((status == TPM_STS_VALID) ||
749 (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
750 case TPM_VID_STM:
751 return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
752 default:
753 break;
754 }
755 }
756
757 return status == TPM_STS_COMMAND_READY;
758 }
759
tis_int_handler(int dummy,void * dev_id)760 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
761 {
762 struct tpm_chip *chip = dev_id;
763 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
764 u32 interrupt;
765 int i, rc;
766
767 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
768 if (rc < 0)
769 return IRQ_NONE;
770
771 if (interrupt == 0)
772 return IRQ_NONE;
773
774 set_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
775 if (interrupt & TPM_INTF_DATA_AVAIL_INT)
776 wake_up_interruptible(&priv->read_queue);
777 if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
778 for (i = 0; i < 5; i++)
779 if (check_locality(chip, i))
780 break;
781 if (interrupt &
782 (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
783 TPM_INTF_CMD_READY_INT))
784 wake_up_interruptible(&priv->int_queue);
785
786 /* Clear interrupts handled with TPM_EOI */
787 tpm_tis_request_locality(chip, 0);
788 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
789 tpm_tis_relinquish_locality(chip, 0);
790 if (rc < 0)
791 return IRQ_NONE;
792
793 tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
794 return IRQ_HANDLED;
795 }
796
tpm_tis_gen_interrupt(struct tpm_chip * chip)797 static void tpm_tis_gen_interrupt(struct tpm_chip *chip)
798 {
799 const char *desc = "attempting to generate an interrupt";
800 u32 cap2;
801 cap_t cap;
802 int ret;
803
804 if (chip->flags & TPM_CHIP_FLAG_TPM2)
805 ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
806 else
807 ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
808 }
809
810 /* Register the IRQ and issue a command that will cause an interrupt. If an
811 * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
812 * everything and leave in polling mode. Returns 0 on success.
813 */
tpm_tis_probe_irq_single(struct tpm_chip * chip,u32 intmask,int flags,int irq)814 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
815 int flags, int irq)
816 {
817 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
818 u8 original_int_vec;
819 int rc;
820 u32 int_status;
821
822
823 rc = devm_request_threaded_irq(chip->dev.parent, irq, NULL,
824 tis_int_handler, IRQF_ONESHOT | flags,
825 dev_name(&chip->dev), chip);
826 if (rc) {
827 dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
828 irq);
829 return -1;
830 }
831 priv->irq = irq;
832
833 rc = tpm_tis_request_locality(chip, 0);
834 if (rc < 0)
835 return rc;
836
837 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
838 &original_int_vec);
839 if (rc < 0) {
840 tpm_tis_relinquish_locality(chip, priv->locality);
841 return rc;
842 }
843
844 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
845 if (rc < 0)
846 goto restore_irqs;
847
848 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
849 if (rc < 0)
850 goto restore_irqs;
851
852 /* Clear all existing */
853 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
854 if (rc < 0)
855 goto restore_irqs;
856 /* Turn on */
857 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
858 intmask | TPM_GLOBAL_INT_ENABLE);
859 if (rc < 0)
860 goto restore_irqs;
861
862 clear_bit(TPM_TIS_IRQ_TESTED, &priv->flags);
863
864 /* Generate an interrupt by having the core call through to
865 * tpm_tis_send
866 */
867 tpm_tis_gen_interrupt(chip);
868
869 restore_irqs:
870 /* tpm_tis_send will either confirm the interrupt is working or it
871 * will call disable_irq which undoes all of the above.
872 */
873 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
874 tpm_tis_write8(priv, original_int_vec,
875 TPM_INT_VECTOR(priv->locality));
876 rc = -1;
877 }
878
879 tpm_tis_relinquish_locality(chip, priv->locality);
880
881 return rc;
882 }
883
884 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
885 * do not have ACPI/etc. We typically expect the interrupt to be declared if
886 * present.
887 */
tpm_tis_probe_irq(struct tpm_chip * chip,u32 intmask)888 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
889 {
890 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
891 u8 original_int_vec;
892 int i, rc;
893
894 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
895 &original_int_vec);
896 if (rc < 0)
897 return;
898
899 if (!original_int_vec) {
900 if (IS_ENABLED(CONFIG_X86))
901 for (i = 3; i <= 15; i++)
902 if (!tpm_tis_probe_irq_single(chip, intmask, 0,
903 i))
904 return;
905 } else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
906 original_int_vec))
907 return;
908 }
909
tpm_tis_remove(struct tpm_chip * chip)910 void tpm_tis_remove(struct tpm_chip *chip)
911 {
912 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
913 u32 reg = TPM_INT_ENABLE(priv->locality);
914 u32 interrupt;
915 int rc;
916
917 tpm_tis_clkrun_enable(chip, true);
918
919 rc = tpm_tis_read32(priv, reg, &interrupt);
920 if (rc < 0)
921 interrupt = 0;
922
923 tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
924
925 tpm_tis_clkrun_enable(chip, false);
926
927 if (priv->ilb_base_addr)
928 iounmap(priv->ilb_base_addr);
929 }
930 EXPORT_SYMBOL_GPL(tpm_tis_remove);
931
932 /**
933 * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
934 * of a single TPM command
935 * @chip: TPM chip to use
936 * @value: 1 - Disable CLKRUN protocol, so that clocks are free running
937 * 0 - Enable CLKRUN protocol
938 * Call this function directly in tpm_tis_remove() in error or driver removal
939 * path, since the chip->ops is set to NULL in tpm_chip_unregister().
940 */
tpm_tis_clkrun_enable(struct tpm_chip * chip,bool value)941 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
942 {
943 struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
944 u32 clkrun_val;
945
946 if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
947 !data->ilb_base_addr)
948 return;
949
950 if (value) {
951 data->clkrun_enabled++;
952 if (data->clkrun_enabled > 1)
953 return;
954 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
955
956 /* Disable LPC CLKRUN# */
957 clkrun_val &= ~LPC_CLKRUN_EN;
958 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
959
960 /*
961 * Write any random value on port 0x80 which is on LPC, to make
962 * sure LPC clock is running before sending any TPM command.
963 */
964 outb(0xCC, 0x80);
965 } else {
966 data->clkrun_enabled--;
967 if (data->clkrun_enabled)
968 return;
969
970 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
971
972 /* Enable LPC CLKRUN# */
973 clkrun_val |= LPC_CLKRUN_EN;
974 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
975
976 /*
977 * Write any random value on port 0x80 which is on LPC, to make
978 * sure LPC clock is running before sending any TPM command.
979 */
980 outb(0xCC, 0x80);
981 }
982 }
983
984 static const struct tpm_class_ops tpm_tis = {
985 .flags = TPM_OPS_AUTO_STARTUP,
986 .status = tpm_tis_status,
987 .recv = tpm_tis_recv,
988 .send = tpm_tis_send,
989 .cancel = tpm_tis_ready,
990 .update_timeouts = tpm_tis_update_timeouts,
991 .update_durations = tpm_tis_update_durations,
992 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
993 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
994 .req_canceled = tpm_tis_req_canceled,
995 .request_locality = tpm_tis_request_locality,
996 .relinquish_locality = tpm_tis_relinquish_locality,
997 .clk_enable = tpm_tis_clkrun_enable,
998 };
999
tpm_tis_core_init(struct device * dev,struct tpm_tis_data * priv,int irq,const struct tpm_tis_phy_ops * phy_ops,acpi_handle acpi_dev_handle)1000 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
1001 const struct tpm_tis_phy_ops *phy_ops,
1002 acpi_handle acpi_dev_handle)
1003 {
1004 u32 vendor;
1005 u32 intfcaps;
1006 u32 intmask;
1007 u32 clkrun_val;
1008 u8 rid;
1009 int rc, probe;
1010 struct tpm_chip *chip;
1011
1012 chip = tpmm_chip_alloc(dev, &tpm_tis);
1013 if (IS_ERR(chip))
1014 return PTR_ERR(chip);
1015
1016 #ifdef CONFIG_ACPI
1017 chip->acpi_dev_handle = acpi_dev_handle;
1018 #endif
1019
1020 chip->hwrng.quality = priv->rng_quality;
1021
1022 /* Maximum timeouts */
1023 chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
1024 chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
1025 chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
1026 chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
1027 priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
1028 priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
1029 priv->phy_ops = phy_ops;
1030 priv->locality_count = 0;
1031 mutex_init(&priv->locality_count_mutex);
1032
1033 dev_set_drvdata(&chip->dev, priv);
1034
1035 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
1036 if (rc < 0)
1037 return rc;
1038
1039 priv->manufacturer_id = vendor;
1040
1041 if (priv->manufacturer_id == TPM_VID_ATML &&
1042 !(chip->flags & TPM_CHIP_FLAG_TPM2)) {
1043 priv->timeout_min = TIS_TIMEOUT_MIN_ATML;
1044 priv->timeout_max = TIS_TIMEOUT_MAX_ATML;
1045 }
1046
1047 if (is_bsw()) {
1048 priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
1049 ILB_REMAP_SIZE);
1050 if (!priv->ilb_base_addr)
1051 return -ENOMEM;
1052
1053 clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
1054 /* Check if CLKRUN# is already not enabled in the LPC bus */
1055 if (!(clkrun_val & LPC_CLKRUN_EN)) {
1056 iounmap(priv->ilb_base_addr);
1057 priv->ilb_base_addr = NULL;
1058 }
1059 }
1060
1061 if (chip->ops->clk_enable != NULL)
1062 chip->ops->clk_enable(chip, true);
1063
1064 if (wait_startup(chip, 0) != 0) {
1065 rc = -ENODEV;
1066 goto out_err;
1067 }
1068
1069 /* Take control of the TPM's interrupt hardware and shut it off */
1070 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1071 if (rc < 0)
1072 goto out_err;
1073
1074 /* Figure out the capabilities */
1075 rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1076 if (rc < 0)
1077 goto out_err;
1078
1079 dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1080 intfcaps);
1081 if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
1082 dev_dbg(dev, "\tBurst Count Static\n");
1083 if (intfcaps & TPM_INTF_CMD_READY_INT) {
1084 intmask |= TPM_INTF_CMD_READY_INT;
1085 dev_dbg(dev, "\tCommand Ready Int Support\n");
1086 }
1087 if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
1088 dev_dbg(dev, "\tInterrupt Edge Falling\n");
1089 if (intfcaps & TPM_INTF_INT_EDGE_RISING)
1090 dev_dbg(dev, "\tInterrupt Edge Rising\n");
1091 if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
1092 dev_dbg(dev, "\tInterrupt Level Low\n");
1093 if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
1094 dev_dbg(dev, "\tInterrupt Level High\n");
1095 if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT) {
1096 intmask |= TPM_INTF_LOCALITY_CHANGE_INT;
1097 dev_dbg(dev, "\tLocality Change Int Support\n");
1098 }
1099 if (intfcaps & TPM_INTF_STS_VALID_INT) {
1100 intmask |= TPM_INTF_STS_VALID_INT;
1101 dev_dbg(dev, "\tSts Valid Int Support\n");
1102 }
1103 if (intfcaps & TPM_INTF_DATA_AVAIL_INT) {
1104 intmask |= TPM_INTF_DATA_AVAIL_INT;
1105 dev_dbg(dev, "\tData Avail Int Support\n");
1106 }
1107
1108 intmask &= ~TPM_GLOBAL_INT_ENABLE;
1109
1110 rc = tpm_tis_request_locality(chip, 0);
1111 if (rc < 0) {
1112 rc = -ENODEV;
1113 goto out_err;
1114 }
1115
1116 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1117 tpm_tis_relinquish_locality(chip, 0);
1118
1119 rc = tpm_chip_start(chip);
1120 if (rc)
1121 goto out_err;
1122 rc = tpm2_probe(chip);
1123 tpm_chip_stop(chip);
1124 if (rc)
1125 goto out_err;
1126
1127 rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
1128 if (rc < 0)
1129 goto out_err;
1130
1131 dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1132 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1133 vendor >> 16, rid);
1134
1135 probe = probe_itpm(chip);
1136 if (probe < 0) {
1137 rc = -ENODEV;
1138 goto out_err;
1139 }
1140
1141 /* INTERRUPT Setup */
1142 init_waitqueue_head(&priv->read_queue);
1143 init_waitqueue_head(&priv->int_queue);
1144
1145 rc = tpm_chip_bootstrap(chip);
1146 if (rc)
1147 goto out_err;
1148
1149 if (irq != -1) {
1150 /*
1151 * Before doing irq testing issue a command to the TPM in polling mode
1152 * to make sure it works. May as well use that command to set the
1153 * proper timeouts for the driver.
1154 */
1155
1156 rc = tpm_tis_request_locality(chip, 0);
1157 if (rc < 0)
1158 goto out_err;
1159
1160 rc = tpm_get_timeouts(chip);
1161
1162 tpm_tis_relinquish_locality(chip, 0);
1163
1164 if (rc) {
1165 dev_err(dev, "Could not get TPM timeouts and durations\n");
1166 rc = -ENODEV;
1167 goto out_err;
1168 }
1169
1170 if (irq)
1171 tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1172 irq);
1173 else
1174 tpm_tis_probe_irq(chip, intmask);
1175
1176 if (chip->flags & TPM_CHIP_FLAG_IRQ) {
1177 priv->int_mask = intmask;
1178 } else {
1179 dev_err(&chip->dev, FW_BUG
1180 "TPM interrupt not working, polling instead\n");
1181
1182 rc = tpm_tis_request_locality(chip, 0);
1183 if (rc < 0)
1184 goto out_err;
1185 disable_interrupts(chip);
1186 tpm_tis_relinquish_locality(chip, 0);
1187 }
1188 }
1189
1190 rc = tpm_chip_register(chip);
1191 if (rc)
1192 goto out_err;
1193
1194 if (chip->ops->clk_enable != NULL)
1195 chip->ops->clk_enable(chip, false);
1196
1197 return 0;
1198 out_err:
1199 if (chip->ops->clk_enable != NULL)
1200 chip->ops->clk_enable(chip, false);
1201
1202 tpm_tis_remove(chip);
1203
1204 return rc;
1205 }
1206 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
1207
1208 #ifdef CONFIG_PM_SLEEP
tpm_tis_reenable_interrupts(struct tpm_chip * chip)1209 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
1210 {
1211 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
1212 u32 intmask;
1213 int rc;
1214
1215 /*
1216 * Re-enable interrupts that device may have lost or BIOS/firmware may
1217 * have disabled.
1218 */
1219 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
1220 if (rc < 0) {
1221 dev_err(&chip->dev, "Setting IRQ failed.\n");
1222 return;
1223 }
1224
1225 intmask = priv->int_mask | TPM_GLOBAL_INT_ENABLE;
1226 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1227 if (rc < 0)
1228 dev_err(&chip->dev, "Enabling interrupts failed.\n");
1229 }
1230
tpm_tis_resume(struct device * dev)1231 int tpm_tis_resume(struct device *dev)
1232 {
1233 struct tpm_chip *chip = dev_get_drvdata(dev);
1234 int ret;
1235
1236 ret = tpm_chip_start(chip);
1237 if (ret)
1238 return ret;
1239
1240 if (chip->flags & TPM_CHIP_FLAG_IRQ)
1241 tpm_tis_reenable_interrupts(chip);
1242
1243 /*
1244 * TPM 1.2 requires self-test on resume. This function actually returns
1245 * an error code but for unknown reason it isn't handled.
1246 */
1247 if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
1248 tpm1_do_selftest(chip);
1249
1250 tpm_chip_stop(chip);
1251
1252 ret = tpm_pm_resume(dev);
1253 if (ret)
1254 return ret;
1255
1256 return 0;
1257 }
1258 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1259 #endif
1260
1261 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1262 MODULE_DESCRIPTION("TPM Driver");
1263 MODULE_VERSION("2.0");
1264 MODULE_LICENSE("GPL");
1265