1 /* $NetBSD: tpm.c,v 1.12 2017/10/28 04:53:55 riastradh Exp $ */ 2 /* 3 * Copyright (c) 2008, 2009 Michael Shalayeff 4 * Copyright (c) 2009, 2010 Hans-J�rg H�xer 5 * All rights reserved. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: tpm.c,v 1.12 2017/10/28 04:53:55 riastradh Exp $"); 22 23 #if 0 24 #define TPM_DEBUG 25 #define aprint_debug_dev aprint_error_dev 26 #endif 27 28 #include <sys/param.h> 29 #include <sys/systm.h> 30 #include <sys/kernel.h> 31 #include <sys/malloc.h> 32 #include <sys/proc.h> 33 #include <sys/device.h> 34 #include <sys/conf.h> 35 #include <sys/bus.h> 36 #include <sys/pmf.h> 37 38 #include <dev/ic/tpmreg.h> 39 #include <dev/ic/tpmvar.h> 40 41 #include "ioconf.h" 42 43 /* Set when enabling legacy interface in host bridge. */ 44 int tpm_enabled; 45 46 const struct { 47 uint32_t devid; 48 char name[32]; 49 int flags; 50 #define TPM_DEV_NOINTS 0x0001 51 } tpm_devs[] = { 52 { 0x000615d1, "IFX SLD 9630 TT 1.1", 0 }, 53 { 0x000b15d1, "IFX SLB 9635 TT 1.2", 0 }, 54 { 0x100214e4, "Broadcom BCM0102", TPM_DEV_NOINTS }, 55 { 0x00fe1050, "WEC WPCT200", 0 }, 56 { 0x687119fa, "SNS SSX35", 0 }, 57 { 0x2e4d5453, "STM ST19WP18", 0 }, 58 { 0x32021114, "ATML 97SC3203", TPM_DEV_NOINTS }, 59 { 0x10408086, "INTEL INTC0102", 0 }, 60 { 0, "", TPM_DEV_NOINTS }, 61 }; 62 63 int tpm_tis12_irqinit(struct tpm_softc *, int, int); 64 65 int tpm_waitfor_poll(struct tpm_softc *, uint8_t, int, void *); 66 int tpm_waitfor_int(struct tpm_softc *, uint8_t, int, void *, int); 67 int tpm_waitfor(struct tpm_softc *, uint8_t, int, void *); 68 int tpm_request_locality(struct tpm_softc *, int); 69 int tpm_getburst(struct tpm_softc *); 70 uint8_t tpm_status(struct tpm_softc *); 71 int tpm_tmotohz(int); 72 73 static dev_type_open(tpmopen); 74 static dev_type_close(tpmclose); 75 static dev_type_read(tpmread); 76 static dev_type_read(tpmwrite); 77 static dev_type_ioctl(tpmioctl); 78 79 #define TPMUNIT(a) minor(a) 80 81 const struct cdevsw tpm_cdevsw = { 82 .d_open = tpmopen, 83 .d_close = tpmclose, 84 .d_read = tpmread, 85 .d_write = tpmwrite, 86 .d_ioctl = tpmioctl, 87 .d_stop = nostop, 88 .d_tty = notty, 89 .d_poll = nopoll, 90 .d_mmap = nommap, 91 .d_kqfilter = nokqfilter, 92 .d_discard = nodiscard, 93 .d_flag = D_OTHER, 94 }; 95 96 /* Probe TPM using TIS 1.2 interface. */ 97 int 98 tpm_tis12_probe(bus_space_tag_t bt, bus_space_handle_t bh) 99 { 100 uint32_t r; 101 uint8_t save, reg; 102 103 r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES); 104 if (r == 0xffffffff) 105 return 0; 106 107 #ifdef TPM_DEBUG 108 char buf[128]; 109 snprintb(buf, sizeof(buf), TPM_CAPBITS, r); 110 printf("%s: caps=%s\n", __func__, buf); 111 #endif 112 if ((r & TPM_CAPSREQ) != TPM_CAPSREQ || 113 !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) { 114 #ifdef TPM_DEBUG 115 printf("%s: caps too low (caps=%s)\n", __func__, buf); 116 #endif 117 return 0; 118 } 119 120 save = bus_space_read_1(bt, bh, TPM_ACCESS); 121 bus_space_write_1(bt, bh, TPM_ACCESS, TPM_ACCESS_REQUEST_USE); 122 reg = bus_space_read_1(bt, bh, TPM_ACCESS); 123 if ((reg & TPM_ACCESS_VALID) && (reg & TPM_ACCESS_ACTIVE_LOCALITY) && 124 bus_space_read_4(bt, bh, TPM_ID) != 0xffffffff) 125 return 1; 126 127 bus_space_write_1(bt, bh, TPM_ACCESS, save); 128 return 0; 129 } 130 131 /* 132 * Setup interrupt vector if one is provided and interrupts are know to 133 * work on that particular chip. 134 */ 135 int 136 tpm_tis12_irqinit(struct tpm_softc *sc, int irq, int idx) 137 { 138 uint32_t r; 139 140 if ((irq == -1) || (tpm_devs[idx].flags & TPM_DEV_NOINTS)) { 141 sc->sc_vector = -1; 142 return 0; 143 } 144 145 /* Ack and disable all interrupts. */ 146 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE); 147 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 148 r & ~TPM_GLOBAL_INT_ENABLE); 149 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, 150 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS)); 151 #ifdef TPM_DEBUG 152 char buf[128]; 153 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 154 aprint_debug_dev(sc->sc_dev, "%s: before ien %s\n", __func__, buf); 155 #endif 156 157 /* Program interrupt vector. */ 158 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_INT_VECTOR, irq); 159 sc->sc_vector = irq; 160 161 /* Program interrupt type. */ 162 r &= ~(TPM_INT_EDGE_RISING|TPM_INT_EDGE_FALLING|TPM_INT_LEVEL_HIGH| 163 TPM_INT_LEVEL_LOW); 164 r |= TPM_GLOBAL_INT_ENABLE|TPM_CMD_READY_INT|TPM_LOCALITY_CHANGE_INT| 165 TPM_STS_VALID_INT|TPM_DATA_AVAIL_INT; 166 if (sc->sc_capabilities & TPM_INTF_INT_EDGE_RISING) 167 r |= TPM_INT_EDGE_RISING; 168 else if (sc->sc_capabilities & TPM_INTF_INT_EDGE_FALLING) 169 r |= TPM_INT_EDGE_FALLING; 170 else if (sc->sc_capabilities & TPM_INTF_INT_LEVEL_HIGH) 171 r |= TPM_INT_LEVEL_HIGH; 172 else 173 r |= TPM_INT_LEVEL_LOW; 174 175 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, r); 176 #ifdef TPM_DEBUG 177 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 178 aprint_debug_dev(sc->sc_dev, "%s: after ien %s\n", __func__, buf); 179 #endif 180 181 return 0; 182 } 183 184 /* Setup TPM using TIS 1.2 interface. */ 185 int 186 tpm_tis12_init(struct tpm_softc *sc, int irq, const char *name) 187 { 188 uint32_t r; 189 int i; 190 191 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES); 192 #ifdef TPM_DEBUG 193 char cbuf[128]; 194 snprintb(cbuf, sizeof(cbuf), TPM_CAPBITS, r); 195 aprint_debug_dev(sc->sc_dev, "%s: caps=%s ", __func__, cbuf); 196 #endif 197 if ((r & TPM_CAPSREQ) != TPM_CAPSREQ || 198 !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) { 199 char buf[128]; 200 snprintb(buf, sizeof(buf), TPM_CAPBITS, r); 201 aprint_error_dev(sc->sc_dev, "capabilities too low (caps=%s)\n", 202 buf); 203 return 1; 204 } 205 sc->sc_capabilities = r; 206 207 sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID); 208 sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV); 209 210 for (i = 0; tpm_devs[i].devid; i++) 211 if (tpm_devs[i].devid == sc->sc_devid) 212 break; 213 214 if (tpm_devs[i].devid) 215 aprint_normal(": %s rev 0x%x\n", 216 tpm_devs[i].name, sc->sc_rev); 217 else 218 aprint_normal(": device 0x%08x rev 0x%x\n", 219 sc->sc_devid, sc->sc_rev); 220 221 if (tpm_tis12_irqinit(sc, irq, i)) 222 return 1; 223 224 if (tpm_request_locality(sc, 0)) 225 return 1; 226 227 /* Abort whatever it thought it was doing. */ 228 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY); 229 230 return 0; 231 } 232 233 int 234 tpm_request_locality(struct tpm_softc *sc, int l) 235 { 236 uint32_t r; 237 int to, rv; 238 239 if (l != 0) 240 return EINVAL; 241 242 if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) & 243 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) == 244 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) 245 return 0; 246 247 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS, 248 TPM_ACCESS_REQUEST_USE); 249 250 to = tpm_tmotohz(TPM_ACCESS_TMO); 251 252 while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) & 253 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) != 254 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) { 255 rv = tsleep(sc->sc_init, PRIBIO | PCATCH, "tpm_locality", 1); 256 if (rv && rv != EWOULDBLOCK) { 257 #ifdef TPM_DEBUG 258 aprint_debug_dev(sc->sc_dev, "%s: interrupted %d\n", 259 __func__, rv); 260 #endif 261 return rv; 262 } 263 } 264 265 if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) != 266 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) { 267 #ifdef TPM_DEBUG 268 char buf[128]; 269 snprintb(buf, sizeof(buf), TPM_ACCESS_BITS, r); 270 aprint_debug_dev(sc->sc_dev, "%s: access %s\n", __func__, buf); 271 #endif 272 return EBUSY; 273 } 274 275 return 0; 276 } 277 278 int 279 tpm_getburst(struct tpm_softc *sc) 280 { 281 int burst, to, rv; 282 283 to = tpm_tmotohz(TPM_BURST_TMO); 284 285 burst = 0; 286 while (burst == 0 && to--) { 287 /* 288 * Burst count has to be read from bits 8 to 23 without 289 * touching any other bits, eg. the actual status bits 0 290 * to 7. 291 */ 292 burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1); 293 burst |= bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2) 294 << 8; 295 #ifdef TPM_DEBUG 296 aprint_debug_dev(sc->sc_dev, "%s: read %d\n", __func__, burst); 297 #endif 298 if (burst) 299 return burst; 300 301 rv = tsleep(sc, PRIBIO | PCATCH, "tpm_getburst", 1); 302 if (rv && rv != EWOULDBLOCK) { 303 return 0; 304 } 305 } 306 307 return 0; 308 } 309 310 uint8_t 311 tpm_status(struct tpm_softc *sc) 312 { 313 return bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) & TPM_STS_MASK; 314 } 315 316 int 317 tpm_tmotohz(int tmo) 318 { 319 struct timeval tv; 320 321 tv.tv_sec = tmo / 1000; 322 tv.tv_usec = 1000 * (tmo % 1000); 323 324 return tvtohz(&tv); 325 } 326 327 /* Save TPM state on suspend. */ 328 bool 329 tpm_suspend(device_t dev, const pmf_qual_t *qual) 330 { 331 struct tpm_softc *sc = device_private(dev); 332 static const uint8_t command[] = { 333 0, 193, /* TPM_TAG_RQU_COMMAND */ 334 0, 0, 0, 10, /* Length in bytes */ 335 0, 0, 0, 156 /* TPM_ORD_SaveStates */ 336 }; 337 uint8_t scratch[sizeof(command)]; 338 339 /* 340 * Power down: We have to issue the SaveStates command. 341 */ 342 (*sc->sc_write)(sc, &command, sizeof(command)); 343 (*sc->sc_read)(sc, &scratch, sizeof(scratch), NULL, TPM_HDRSIZE); 344 #ifdef TPM_DEBUG 345 aprint_debug_dev(sc->sc_dev, "%s: power down\n", __func__); 346 #endif 347 return true; 348 } 349 350 /* 351 * Handle resume event. Actually nothing to do as the BIOS is supposed 352 * to restore the previously saved state. 353 */ 354 bool 355 tpm_resume(device_t dev, const pmf_qual_t *qual) 356 { 357 #ifdef TPM_DEBUG 358 struct tpm_softc *sc = device_private(dev); 359 aprint_debug_dev(sc->sc_dev, "%s: resume\n", __func__); 360 #endif 361 return true; 362 } 363 364 /* Wait for given status bits using polling. */ 365 int 366 tpm_waitfor_poll(struct tpm_softc *sc, uint8_t mask, int tmo, void *c) 367 { 368 int rv; 369 370 /* 371 * Poll until either the requested condition or a time out is 372 * met. 373 */ 374 while (((sc->sc_stat = tpm_status(sc)) & mask) != mask && tmo--) { 375 rv = tsleep(c, PRIBIO | PCATCH, "tpm_poll", 1); 376 if (rv && rv != EWOULDBLOCK) { 377 #ifdef TPM_DEBUG 378 aprint_debug_dev(sc->sc_dev, 379 "%s: interrupted %d\n", __func__, rv); 380 #endif 381 return rv; 382 } 383 } 384 385 return 0; 386 } 387 388 /* Wait for given status bits using interrupts. */ 389 int 390 tpm_waitfor_int(struct tpm_softc *sc, uint8_t mask, int tmo, void *c, 391 int inttype) 392 { 393 int rv, to; 394 395 /* Poll and return when condition is already met. */ 396 sc->sc_stat = tpm_status(sc); 397 if ((sc->sc_stat & mask) == mask) 398 return 0; 399 400 /* 401 * Enable interrupt on tpm chip. Note that interrupts on our 402 * level (SPL_TTY) are disabled (see tpm{read,write} et al) and 403 * will not be delivered to the cpu until we call tsleep(9) below. 404 */ 405 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 406 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) | 407 inttype); 408 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 409 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) | 410 TPM_GLOBAL_INT_ENABLE); 411 412 /* 413 * Poll once more to remedy the race between previous polling 414 * and enabling interrupts on the tpm chip. 415 */ 416 sc->sc_stat = tpm_status(sc); 417 if ((sc->sc_stat & mask) == mask) { 418 rv = 0; 419 goto out; 420 } 421 422 to = tpm_tmotohz(tmo); 423 #ifdef TPM_DEBUG 424 aprint_debug_dev(sc->sc_dev, 425 "%s: sleeping for %d ticks on %p\n", __func__, to, c); 426 #endif 427 /* 428 * tsleep(9) enables interrupts on the cpu and returns after 429 * wake up with interrupts disabled again. Note that interrupts 430 * generated by the tpm chip while being at SPL_TTY are not lost 431 * but held and delivered as soon as the cpu goes below SPL_TTY. 432 */ 433 rv = tsleep(c, PRIBIO | PCATCH, "tpm_wait", to); 434 435 sc->sc_stat = tpm_status(sc); 436 #ifdef TPM_DEBUG 437 char buf[128]; 438 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 439 aprint_debug_dev(sc->sc_dev, 440 "%s: woke up with rv %d stat %s\n", __func__, rv, buf); 441 #endif 442 if ((sc->sc_stat & mask) == mask) 443 rv = 0; 444 445 /* Disable interrupts on tpm chip again. */ 446 out: bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 447 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) & 448 ~TPM_GLOBAL_INT_ENABLE); 449 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 450 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) & 451 ~inttype); 452 453 return rv; 454 } 455 456 /* 457 * Wait on given status bits, uses interrupts where possible, otherwise polls. 458 */ 459 int 460 tpm_waitfor(struct tpm_softc *sc, uint8_t b0, int tmo, void *c) 461 { 462 uint8_t b; 463 int re, to, rv; 464 465 #ifdef TPM_DEBUG 466 char buf[128]; 467 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 468 aprint_debug_dev(sc->sc_dev, "%s: b0 %s\n", __func__, buf); 469 #endif 470 471 /* 472 * If possible, use interrupts, otherwise poll. 473 * 474 * We use interrupts for TPM_STS_VALID and TPM_STS_DATA_AVAIL (if 475 * the tpm chips supports them) as waiting for those can take 476 * really long. The other TPM_STS* are not needed very often 477 * so we do not support them. 478 */ 479 if (sc->sc_vector != -1) { 480 b = b0; 481 482 /* 483 * Wait for data ready. This interrupt only occures 484 * when both TPM_STS_VALID and TPM_STS_DATA_AVAIL are asserted. 485 * Thus we don't have to bother with TPM_STS_VALID 486 * separately and can just return. 487 * 488 * This only holds for interrupts! When using polling 489 * both flags have to be waited for, see below. 490 */ 491 if ((b & TPM_STS_DATA_AVAIL) && (sc->sc_capabilities & 492 TPM_INTF_DATA_AVAIL_INT)) 493 return tpm_waitfor_int(sc, b, tmo, c, 494 TPM_DATA_AVAIL_INT); 495 496 /* Wait for status valid bit. */ 497 if ((b & TPM_STS_VALID) && (sc->sc_capabilities & 498 TPM_INTF_STS_VALID_INT)) { 499 rv = tpm_waitfor_int(sc, b, tmo, c, TPM_STS_VALID_INT); 500 if (rv != 0) 501 return rv; 502 else 503 b = b0 & ~TPM_STS_VALID; 504 } 505 506 /* 507 * When all flags are taken care of, return. Otherwise 508 * use polling for eg. TPM_STS_CMD_READY. 509 */ 510 if (b == 0) 511 return 0; 512 } 513 514 re = 3; 515 restart: 516 /* 517 * If requested wait for TPM_STS_VALID before dealing with 518 * any other flag. Eg. when both TPM_STS_DATA_AVAIL and TPM_STS_VALID 519 * are requested, wait for the latter first. 520 */ 521 b = b0; 522 if (b0 & TPM_STS_VALID) 523 b = TPM_STS_VALID; 524 525 to = tpm_tmotohz(tmo); 526 again: 527 if ((rv = tpm_waitfor_poll(sc, b, to, c)) != 0) 528 return rv; 529 530 if ((b & sc->sc_stat) == TPM_STS_VALID) { 531 /* Now wait for other flags. */ 532 b = b0 & ~TPM_STS_VALID; 533 to++; 534 goto again; 535 } 536 537 if ((sc->sc_stat & b) != b) { 538 #ifdef TPM_DEBUG 539 char bbuf[128], cbuf[128]; 540 snprintb(bbuf, sizeof(bbuf), TPM_STS_BITS, b); 541 snprintb(cbuf, sizeof(cbuf), TPM_STS_BITS, sc->sc_stat); 542 aprint_debug_dev(sc->sc_dev, 543 "%s: timeout: stat=%s b=%s\n", __func__, cbuf, bbuf); 544 #endif 545 if (re-- && (b0 & TPM_STS_VALID)) { 546 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 547 TPM_STS_RESP_RETRY); 548 goto restart; 549 } 550 return EIO; 551 } 552 553 return 0; 554 } 555 556 /* Start transaction. */ 557 int 558 tpm_tis12_start(struct tpm_softc *sc, int flag) 559 { 560 int rv; 561 562 if (flag == UIO_READ) { 563 rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID, 564 TPM_READ_TMO, sc->sc_read); 565 return rv; 566 } 567 568 /* Own our (0th) locality. */ 569 if ((rv = tpm_request_locality(sc, 0)) != 0) 570 return rv; 571 572 sc->sc_stat = tpm_status(sc); 573 if (sc->sc_stat & TPM_STS_CMD_READY) { 574 #ifdef TPM_DEBUG 575 char buf[128]; 576 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 577 aprint_debug_dev(sc->sc_dev, "%s: UIO_WRITE status %s\n", 578 __func__, buf); 579 #endif 580 return 0; 581 } 582 583 #ifdef TPM_DEBUG 584 aprint_debug_dev(sc->sc_dev, 585 "%s: UIO_WRITE readying chip\n", __func__); 586 #endif 587 588 /* Abort previous and restart. */ 589 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY); 590 if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READY_TMO, 591 sc->sc_write))) { 592 #ifdef TPM_DEBUG 593 aprint_debug_dev(sc->sc_dev, 594 "%s: UIO_WRITE readying failed %d\n", __func__, rv); 595 #endif 596 return rv; 597 } 598 599 #ifdef TPM_DEBUG 600 aprint_debug_dev(sc->sc_dev, 601 "%s: UIO_WRITE readying done\n", __func__); 602 #endif 603 604 return 0; 605 } 606 607 int 608 tpm_tis12_read(struct tpm_softc *sc, void *buf, size_t len, size_t *count, 609 int flags) 610 { 611 uint8_t *p = buf; 612 size_t cnt; 613 int rv, n, bcnt; 614 615 #ifdef TPM_DEBUG 616 aprint_debug_dev(sc->sc_dev, "%s: len %zu\n", __func__, len); 617 #endif 618 cnt = 0; 619 while (len > 0) { 620 if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID, 621 TPM_READ_TMO, sc->sc_read))) 622 return rv; 623 624 bcnt = tpm_getburst(sc); 625 n = MIN(len, bcnt); 626 #ifdef TPM_DEBUG 627 aprint_debug_dev(sc->sc_dev, 628 "%s: fetching %d, burst is %d\n", __func__, n, bcnt); 629 #endif 630 for (; n--; len--) { 631 *p++ = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA); 632 cnt++; 633 } 634 635 if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6) 636 break; 637 } 638 #ifdef TPM_DEBUG 639 aprint_debug_dev(sc->sc_dev, 640 "%s: read %zu bytes, len %zu\n", __func__, cnt, len); 641 #endif 642 643 if (count) 644 *count = cnt; 645 646 return 0; 647 } 648 649 int 650 tpm_tis12_write(struct tpm_softc *sc, const void *buf, size_t len) 651 { 652 const uint8_t *p = buf; 653 size_t cnt; 654 int rv, r; 655 656 #ifdef TPM_DEBUG 657 aprint_debug_dev(sc->sc_dev, 658 "%s: sc %p buf %p len %zu\n", __func__, sc, buf, len); 659 #endif 660 if (len == 0) 661 return 0; 662 663 if ((rv = tpm_request_locality(sc, 0)) != 0) 664 return rv; 665 666 cnt = 0; 667 while (cnt < len - 1) { 668 for (r = tpm_getburst(sc); r > 0 && cnt < len - 1; r--) { 669 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++); 670 cnt++; 671 } 672 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) { 673 #ifdef TPM_DEBUG 674 aprint_debug_dev(sc->sc_dev, 675 "%s: failed burst rv %d\n", __func__, rv); 676 #endif 677 return rv; 678 } 679 sc->sc_stat = tpm_status(sc); 680 if (!(sc->sc_stat & TPM_STS_DATA_EXPECT)) { 681 #ifdef TPM_DEBUG 682 char sbuf[128]; 683 snprintb(sbuf, sizeof(sbuf), TPM_STS_BITS, sc->sc_stat); 684 aprint_debug_dev(sc->sc_dev, 685 "%s: failed rv %d stat=%s\n", __func__, rv, sbuf); 686 #endif 687 return EIO; 688 } 689 } 690 691 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++); 692 cnt++; 693 694 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) { 695 #ifdef TPM_DEBUG 696 aprint_debug_dev(sc->sc_dev, "%s: failed last byte rv %d\n", 697 __func__, rv); 698 #endif 699 return rv; 700 } 701 if ((sc->sc_stat & TPM_STS_DATA_EXPECT) != 0) { 702 #ifdef TPM_DEBUG 703 char sbuf[128]; 704 snprintb(sbuf, sizeof(sbuf), TPM_STS_BITS, sc->sc_stat); 705 aprint_debug_dev(sc->sc_dev, 706 "%s: failed rv %d stat=%s\n", __func__, rv, sbuf); 707 #endif 708 return EIO; 709 } 710 711 #ifdef TPM_DEBUG 712 aprint_debug_dev(sc->sc_dev, "%s: wrote %zu byte\n", __func__, cnt); 713 #endif 714 715 return 0; 716 } 717 718 /* Finish transaction. */ 719 int 720 tpm_tis12_end(struct tpm_softc *sc, int flag, int err) 721 { 722 int rv = 0; 723 724 if (flag == UIO_READ) { 725 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, 726 sc->sc_read))) 727 return rv; 728 729 /* Still more data? */ 730 sc->sc_stat = tpm_status(sc); 731 if (!err && ((sc->sc_stat & TPM_STS_DATA_AVAIL) 732 == TPM_STS_DATA_AVAIL)) { 733 #ifdef TPM_DEBUG 734 char buf[128]; 735 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 736 aprint_debug_dev(sc->sc_dev, 737 "%s: read failed stat=%s\n", __func__, buf); 738 #endif 739 rv = EIO; 740 } 741 742 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 743 TPM_STS_CMD_READY); 744 745 /* Release our (0th) locality. */ 746 bus_space_write_1(sc->sc_bt, sc->sc_bh,TPM_ACCESS, 747 TPM_ACCESS_ACTIVE_LOCALITY); 748 } else { 749 /* Hungry for more? */ 750 sc->sc_stat = tpm_status(sc); 751 if (!err && (sc->sc_stat & TPM_STS_DATA_EXPECT)) { 752 #ifdef TPM_DEBUG 753 char buf[128]; 754 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 755 aprint_debug_dev(sc->sc_dev, 756 "%s: write failed stat=%s\n", __func__, buf); 757 #endif 758 rv = EIO; 759 } 760 761 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 762 err ? TPM_STS_CMD_READY : TPM_STS_GO); 763 } 764 765 return rv; 766 } 767 768 int 769 tpm_intr(void *v) 770 { 771 struct tpm_softc *sc = v; 772 uint32_t r; 773 #ifdef TPM_DEBUG 774 static int cnt = 0; 775 #endif 776 777 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS); 778 #ifdef TPM_DEBUG 779 if (r != 0) { 780 char buf[128]; 781 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 782 aprint_debug_dev(sc->sc_dev, "%s: int=%s (%d)\n", __func__, 783 buf, cnt); 784 } else 785 cnt++; 786 #endif 787 if (!(r & (TPM_CMD_READY_INT | TPM_LOCALITY_CHANGE_INT | 788 TPM_STS_VALID_INT | TPM_DATA_AVAIL_INT))) 789 #ifdef __FreeBSD__ 790 return; 791 #else 792 return 0; 793 #endif 794 if (r & TPM_STS_VALID_INT) 795 wakeup(sc); 796 797 if (r & TPM_CMD_READY_INT) 798 wakeup(sc->sc_write); 799 800 if (r & TPM_DATA_AVAIL_INT) 801 wakeup(sc->sc_read); 802 803 if (r & TPM_LOCALITY_CHANGE_INT) 804 wakeup(sc->sc_init); 805 806 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, r); 807 808 return 1; 809 } 810 811 /* Read single byte using legacy interface. */ 812 static inline uint8_t 813 tpm_legacy_in(bus_space_tag_t iot, bus_space_handle_t ioh, int reg) 814 { 815 bus_space_write_1(iot, ioh, 0, reg); 816 return bus_space_read_1(iot, ioh, 1); 817 } 818 819 /* Probe for TPM using legacy interface. */ 820 int 821 tpm_legacy_probe(bus_space_tag_t iot, bus_addr_t iobase) 822 { 823 bus_space_handle_t ioh; 824 uint8_t r, v; 825 int i, rv = 0; 826 char id[8]; 827 828 if (!tpm_enabled || iobase == -1) 829 return 0; 830 831 if (bus_space_map(iot, iobase, 2, 0, &ioh)) 832 return 0; 833 834 v = bus_space_read_1(iot, ioh, 0); 835 if (v == 0xff) { 836 bus_space_unmap(iot, ioh, 2); 837 return 0; 838 } 839 r = bus_space_read_1(iot, ioh, 1); 840 841 for (i = sizeof(id); i--; ) 842 id[i] = tpm_legacy_in(iot, ioh, TPM_ID + i); 843 844 #ifdef TPM_DEBUG 845 printf("tpm_legacy_probe %.4s %d.%d.%d.%d\n", 846 &id[4], id[0], id[1], id[2], id[3]); 847 #endif 848 /* 849 * The only chips using the legacy interface we are aware of are 850 * by Atmel. For other chips more signature would have to be added. 851 */ 852 if (!bcmp(&id[4], "ATML", 4)) 853 rv = 1; 854 855 if (!rv) { 856 bus_space_write_1(iot, ioh, r, 1); 857 bus_space_write_1(iot, ioh, v, 0); 858 } 859 bus_space_unmap(iot, ioh, 2); 860 861 return rv; 862 } 863 864 /* Setup TPM using legacy interface. */ 865 int 866 tpm_legacy_init(struct tpm_softc *sc, int irq, const char *name) 867 { 868 char id[8]; 869 int i; 870 871 if ((i = bus_space_map(sc->sc_batm, tpm_enabled, 2, 0, &sc->sc_bahm))) { 872 aprint_debug_dev(sc->sc_dev, "cannot map tpm registers (%d)\n", 873 i); 874 tpm_enabled = 0; 875 return 1; 876 } 877 878 for (i = sizeof(id); i--; ) 879 id[i] = tpm_legacy_in(sc->sc_bt, sc->sc_bh, TPM_ID + i); 880 881 aprint_debug_dev(sc->sc_dev, "%.4s %d.%d @0x%x\n", &id[4], id[0], 882 id[1], tpm_enabled); 883 tpm_enabled = 0; 884 885 return 0; 886 } 887 888 /* Start transaction. */ 889 int 890 tpm_legacy_start(struct tpm_softc *sc, int flag) 891 { 892 struct timeval tv; 893 uint8_t bits, r; 894 int to, rv; 895 896 bits = flag == UIO_READ ? TPM_LEGACY_DA : 0; 897 tv.tv_sec = TPM_LEGACY_TMO; 898 tv.tv_usec = 0; 899 to = tvtohz(&tv) / TPM_LEGACY_SLEEP; 900 while (((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) & 901 (TPM_LEGACY_BUSY|bits)) != bits && to--) { 902 rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_start", 903 TPM_LEGACY_SLEEP); 904 if (rv && rv != EWOULDBLOCK) 905 return rv; 906 } 907 908 #if defined(TPM_DEBUG) && !defined(__FreeBSD__) 909 char buf[128]; 910 snprintb(buf, sizeof(buf), TPM_LEGACY_BITS, r); 911 aprint_debug_dev(sc->sc_dev, "%s: bits %s\n", device_xname(sc->sc_dev), 912 buf); 913 #endif 914 if ((r & (TPM_LEGACY_BUSY|bits)) != bits) 915 return EIO; 916 917 return 0; 918 } 919 920 int 921 tpm_legacy_read(struct tpm_softc *sc, void *buf, size_t len, size_t *count, 922 int flags) 923 { 924 uint8_t *p; 925 size_t cnt; 926 int to, rv; 927 928 cnt = rv = 0; 929 for (p = buf; !rv && len > 0; len--) { 930 for (to = 1000; 931 !(bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1) & 932 TPM_LEGACY_DA); DELAY(1)) 933 if (!to--) 934 return EIO; 935 936 DELAY(TPM_LEGACY_DELAY); 937 *p++ = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 0); 938 cnt++; 939 } 940 941 *count = cnt; 942 return 0; 943 } 944 945 int 946 tpm_legacy_write(struct tpm_softc *sc, const void *buf, size_t len) 947 { 948 const uint8_t *p; 949 size_t n; 950 951 for (p = buf, n = len; n--; DELAY(TPM_LEGACY_DELAY)) { 952 if (!n && len != TPM_BUFSIZ) { 953 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, 954 TPM_LEGACY_LAST); 955 DELAY(TPM_LEGACY_DELAY); 956 } 957 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 0, *p++); 958 } 959 960 return 0; 961 } 962 963 /* Finish transaction. */ 964 int 965 tpm_legacy_end(struct tpm_softc *sc, int flag, int rv) 966 { 967 struct timeval tv; 968 uint8_t r; 969 int to; 970 971 if (rv || flag == UIO_READ) 972 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, TPM_LEGACY_ABRT); 973 else { 974 tv.tv_sec = TPM_LEGACY_TMO; 975 tv.tv_usec = 0; 976 to = tvtohz(&tv) / TPM_LEGACY_SLEEP; 977 while(((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) & 978 TPM_LEGACY_BUSY) && to--) { 979 rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_end", 980 TPM_LEGACY_SLEEP); 981 if (rv && rv != EWOULDBLOCK) 982 return rv; 983 } 984 985 #if defined(TPM_DEBUG) && !defined(__FreeBSD__) 986 char buf[128]; 987 snprintb(buf, sizeof(buf), TPM_LEGACY_BITS, r); 988 aprint_debug_dev(sc->sc_dev, "%s: bits %s\n", 989 device_xname(sc->sc_dev), buf); 990 #endif 991 if (r & TPM_LEGACY_BUSY) 992 return EIO; 993 994 if (r & TPM_LEGACY_RE) 995 return EIO; /* XXX Retry the loop? */ 996 } 997 998 return rv; 999 } 1000 1001 int 1002 tpmopen(dev_t dev, int flag, int mode, struct lwp *l) 1003 { 1004 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1005 1006 if (!sc) 1007 return ENXIO; 1008 1009 if (sc->sc_flags & TPM_OPEN) 1010 return EBUSY; 1011 1012 sc->sc_flags |= TPM_OPEN; 1013 1014 return 0; 1015 } 1016 1017 int 1018 tpmclose(dev_t dev, int flag, int mode, struct lwp *l) 1019 { 1020 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1021 1022 if (!sc) 1023 return ENXIO; 1024 1025 if (!(sc->sc_flags & TPM_OPEN)) 1026 return EINVAL; 1027 1028 sc->sc_flags &= ~TPM_OPEN; 1029 1030 return 0; 1031 } 1032 1033 int 1034 tpmread(dev_t dev, struct uio *uio, int flags) 1035 { 1036 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1037 uint8_t buf[TPM_BUFSIZ], *p; 1038 size_t cnt, len, n; 1039 int rv, s; 1040 1041 if (!sc) 1042 return ENXIO; 1043 1044 s = spltty(); 1045 if ((rv = (*sc->sc_start)(sc, UIO_READ))) 1046 goto out; 1047 1048 #ifdef TPM_DEBUG 1049 aprint_debug_dev(sc->sc_dev, "%s: getting header\n", __func__); 1050 #endif 1051 if ((rv = (*sc->sc_read)(sc, buf, TPM_HDRSIZE, &cnt, 0))) { 1052 (*sc->sc_end)(sc, UIO_READ, rv); 1053 goto out; 1054 } 1055 1056 len = (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8) | buf[5]; 1057 #ifdef TPM_DEBUG 1058 aprint_debug_dev(sc->sc_dev, "%s: len %zu, io count %zu\n", __func__, 1059 len, uio->uio_resid); 1060 #endif 1061 if (len > uio->uio_resid) { 1062 rv = EIO; 1063 (*sc->sc_end)(sc, UIO_READ, rv); 1064 #ifdef TPM_DEBUG 1065 aprint_debug_dev(sc->sc_dev, 1066 "%s: bad residual io count 0x%zx\n", __func__, 1067 uio->uio_resid); 1068 #endif 1069 goto out; 1070 } 1071 1072 /* Copy out header. */ 1073 if ((rv = uiomove(buf, cnt, uio))) { 1074 #ifdef TPM_DEBUG 1075 aprint_debug_dev(sc->sc_dev, 1076 "%s: uiomove failed %d\n", __func__, rv); 1077 #endif 1078 (*sc->sc_end)(sc, UIO_READ, rv); 1079 goto out; 1080 } 1081 1082 /* Get remaining part of the answer (if anything is left). */ 1083 for (len -= cnt, p = buf, n = sizeof(buf); len > 0; p = buf, len -= n, 1084 n = sizeof(buf)) { 1085 n = MIN(n, len); 1086 #ifdef TPM_DEBUG 1087 aprint_debug_dev(sc->sc_dev, "%s: n %zu len %zu\n", __func__, 1088 n, len); 1089 #endif 1090 if ((rv = (*sc->sc_read)(sc, p, n, NULL, TPM_PARAM_SIZE))) { 1091 (*sc->sc_end)(sc, UIO_READ, rv); 1092 goto out; 1093 } 1094 p += n; 1095 if ((rv = uiomove(buf, p - buf, uio))) { 1096 #ifdef TPM_DEBUG 1097 aprint_debug_dev(sc->sc_dev, 1098 "%s: uiomove failed %d\n", __func__, rv); 1099 #endif 1100 (*sc->sc_end)(sc, UIO_READ, rv); 1101 goto out; 1102 } 1103 } 1104 1105 rv = (*sc->sc_end)(sc, UIO_READ, rv); 1106 out: 1107 splx(s); 1108 return rv; 1109 } 1110 1111 int 1112 tpmwrite(dev_t dev, struct uio *uio, int flags) 1113 { 1114 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1115 uint8_t buf[TPM_BUFSIZ]; 1116 int n, rv, s; 1117 1118 if (!sc) 1119 return ENXIO; 1120 1121 s = spltty(); 1122 1123 #ifdef TPM_DEBUG 1124 aprint_debug_dev(sc->sc_dev, "%s: io count %zu\n", __func__, 1125 uio->uio_resid); 1126 #endif 1127 1128 n = MIN(sizeof(buf), uio->uio_resid); 1129 if ((rv = uiomove(buf, n, uio))) { 1130 #ifdef TPM_DEBUG 1131 aprint_debug_dev(sc->sc_dev, 1132 "%s: uiomove failed %d\n", __func__, rv); 1133 #endif 1134 splx(s); 1135 return rv; 1136 } 1137 1138 if ((rv = (*sc->sc_start)(sc, UIO_WRITE))) { 1139 splx(s); 1140 return rv; 1141 } 1142 1143 if ((rv = (*sc->sc_write)(sc, buf, n))) { 1144 splx(s); 1145 return rv; 1146 } 1147 1148 rv = (*sc->sc_end)(sc, UIO_WRITE, rv); 1149 splx(s); 1150 return rv; 1151 } 1152 1153 int 1154 tpmioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l) 1155 { 1156 return ENOTTY; 1157 } 1158