1 /* $NetBSD: tpm.c,v 1.10 2014/03/16 05:20:27 dholland Exp $ */ 2 /* 3 * Copyright (c) 2008, 2009 Michael Shalayeff 4 * Copyright (c) 2009, 2010 Hans-J�rg H�xer 5 * All rights reserved. 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: tpm.c,v 1.10 2014/03/16 05:20:27 dholland Exp $"); 22 23 #if 0 24 #define TPM_DEBUG 25 #define aprint_debug_dev aprint_error_dev 26 #endif 27 28 #include <sys/param.h> 29 #include <sys/systm.h> 30 #include <sys/kernel.h> 31 #include <sys/malloc.h> 32 #include <sys/proc.h> 33 #include <sys/device.h> 34 #include <sys/conf.h> 35 #include <sys/bus.h> 36 #include <sys/pmf.h> 37 38 #include <dev/ic/tpmreg.h> 39 #include <dev/ic/tpmvar.h> 40 41 /* Set when enabling legacy interface in host bridge. */ 42 int tpm_enabled; 43 44 const struct { 45 uint32_t devid; 46 char name[32]; 47 int flags; 48 #define TPM_DEV_NOINTS 0x0001 49 } tpm_devs[] = { 50 { 0x000615d1, "IFX SLD 9630 TT 1.1", 0 }, 51 { 0x000b15d1, "IFX SLB 9635 TT 1.2", 0 }, 52 { 0x100214e4, "Broadcom BCM0102", TPM_DEV_NOINTS }, 53 { 0x00fe1050, "WEC WPCT200", 0 }, 54 { 0x687119fa, "SNS SSX35", 0 }, 55 { 0x2e4d5453, "STM ST19WP18", 0 }, 56 { 0x32021114, "ATML 97SC3203", TPM_DEV_NOINTS }, 57 { 0x10408086, "INTEL INTC0102", 0 }, 58 { 0, "", TPM_DEV_NOINTS }, 59 }; 60 61 int tpm_tis12_irqinit(struct tpm_softc *, int, int); 62 63 int tpm_waitfor_poll(struct tpm_softc *, uint8_t, int, void *); 64 int tpm_waitfor_int(struct tpm_softc *, uint8_t, int, void *, int); 65 int tpm_waitfor(struct tpm_softc *, uint8_t, int, void *); 66 int tpm_request_locality(struct tpm_softc *, int); 67 int tpm_getburst(struct tpm_softc *); 68 uint8_t tpm_status(struct tpm_softc *); 69 int tpm_tmotohz(int); 70 71 static dev_type_open(tpmopen); 72 static dev_type_close(tpmclose); 73 static dev_type_read(tpmread); 74 static dev_type_read(tpmwrite); 75 static dev_type_ioctl(tpmioctl); 76 77 extern struct cfdriver tpm_cd; 78 #define TPMUNIT(a) minor(a) 79 80 const struct cdevsw tpm_cdevsw = { 81 .d_open = tpmopen, 82 .d_close = tpmclose, 83 .d_read = tpmread, 84 .d_write = tpmwrite, 85 .d_ioctl = tpmioctl, 86 .d_stop = nostop, 87 .d_tty = notty, 88 .d_poll = nopoll, 89 .d_mmap = nommap, 90 .d_kqfilter = nokqfilter, 91 .d_flag = D_OTHER, 92 }; 93 94 /* Probe TPM using TIS 1.2 interface. */ 95 int 96 tpm_tis12_probe(bus_space_tag_t bt, bus_space_handle_t bh) 97 { 98 uint32_t r; 99 uint8_t save, reg; 100 101 r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES); 102 if (r == 0xffffffff) 103 return 0; 104 105 #ifdef TPM_DEBUG 106 char buf[128]; 107 snprintb(buf, sizeof(buf), TPM_CAPBITS, r); 108 printf("%s: caps=%s\n", __func__, buf); 109 #endif 110 if ((r & TPM_CAPSREQ) != TPM_CAPSREQ || 111 !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) { 112 #ifdef TPM_DEBUG 113 printf("%s: caps too low (caps=%s)\n", __func__, buf); 114 #endif 115 return 0; 116 } 117 118 save = bus_space_read_1(bt, bh, TPM_ACCESS); 119 bus_space_write_1(bt, bh, TPM_ACCESS, TPM_ACCESS_REQUEST_USE); 120 reg = bus_space_read_1(bt, bh, TPM_ACCESS); 121 if ((reg & TPM_ACCESS_VALID) && (reg & TPM_ACCESS_ACTIVE_LOCALITY) && 122 bus_space_read_4(bt, bh, TPM_ID) != 0xffffffff) 123 return 1; 124 125 bus_space_write_1(bt, bh, TPM_ACCESS, save); 126 return 0; 127 } 128 129 /* 130 * Setup interrupt vector if one is provided and interrupts are know to 131 * work on that particular chip. 132 */ 133 int 134 tpm_tis12_irqinit(struct tpm_softc *sc, int irq, int idx) 135 { 136 uint32_t r; 137 138 if ((irq == -1) || (tpm_devs[idx].flags & TPM_DEV_NOINTS)) { 139 sc->sc_vector = -1; 140 return 0; 141 } 142 143 /* Ack and disable all interrupts. */ 144 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE); 145 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 146 r & ~TPM_GLOBAL_INT_ENABLE); 147 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, 148 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS)); 149 #ifdef TPM_DEBUG 150 char buf[128]; 151 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 152 aprint_debug_dev(sc->sc_dev, "%s: before ien %s\n", __func__, buf); 153 #endif 154 155 /* Program interrupt vector. */ 156 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_INT_VECTOR, irq); 157 sc->sc_vector = irq; 158 159 /* Program interrupt type. */ 160 r &= ~(TPM_INT_EDGE_RISING|TPM_INT_EDGE_FALLING|TPM_INT_LEVEL_HIGH| 161 TPM_INT_LEVEL_LOW); 162 r |= TPM_GLOBAL_INT_ENABLE|TPM_CMD_READY_INT|TPM_LOCALITY_CHANGE_INT| 163 TPM_STS_VALID_INT|TPM_DATA_AVAIL_INT; 164 if (sc->sc_capabilities & TPM_INTF_INT_EDGE_RISING) 165 r |= TPM_INT_EDGE_RISING; 166 else if (sc->sc_capabilities & TPM_INTF_INT_EDGE_FALLING) 167 r |= TPM_INT_EDGE_FALLING; 168 else if (sc->sc_capabilities & TPM_INTF_INT_LEVEL_HIGH) 169 r |= TPM_INT_LEVEL_HIGH; 170 else 171 r |= TPM_INT_LEVEL_LOW; 172 173 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, r); 174 #ifdef TPM_DEBUG 175 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 176 aprint_debug_dev(sc->sc_dev, "%s: after ien %s\n", __func__, buf); 177 #endif 178 179 return 0; 180 } 181 182 /* Setup TPM using TIS 1.2 interface. */ 183 int 184 tpm_tis12_init(struct tpm_softc *sc, int irq, const char *name) 185 { 186 uint32_t r; 187 int i; 188 189 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES); 190 #ifdef TPM_DEBUG 191 char cbuf[128]; 192 snprintb(cbuf, sizeof(cbuf), TPM_CAPBITS, r); 193 aprint_debug_dev(sc->sc_dev, "%s: caps=%s ", __func__, cbuf); 194 #endif 195 if ((r & TPM_CAPSREQ) != TPM_CAPSREQ || 196 !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) { 197 char buf[128]; 198 snprintb(buf, sizeof(buf), TPM_CAPBITS, r); 199 aprint_error_dev(sc->sc_dev, "capabilities too low (caps=%s)\n", 200 buf); 201 return 1; 202 } 203 sc->sc_capabilities = r; 204 205 sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID); 206 sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV); 207 208 for (i = 0; tpm_devs[i].devid; i++) 209 if (tpm_devs[i].devid == sc->sc_devid) 210 break; 211 212 if (tpm_devs[i].devid) 213 aprint_normal(": %s rev 0x%x\n", 214 tpm_devs[i].name, sc->sc_rev); 215 else 216 aprint_normal(": device 0x%08x rev 0x%x\n", 217 sc->sc_devid, sc->sc_rev); 218 219 if (tpm_tis12_irqinit(sc, irq, i)) 220 return 1; 221 222 if (tpm_request_locality(sc, 0)) 223 return 1; 224 225 /* Abort whatever it thought it was doing. */ 226 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY); 227 228 return 0; 229 } 230 231 int 232 tpm_request_locality(struct tpm_softc *sc, int l) 233 { 234 uint32_t r; 235 int to, rv; 236 237 if (l != 0) 238 return EINVAL; 239 240 if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) & 241 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) == 242 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) 243 return 0; 244 245 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS, 246 TPM_ACCESS_REQUEST_USE); 247 248 to = tpm_tmotohz(TPM_ACCESS_TMO); 249 250 while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) & 251 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) != 252 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) { 253 rv = tsleep(sc->sc_init, PRIBIO | PCATCH, "tpm_locality", 1); 254 if (rv && rv != EWOULDBLOCK) { 255 #ifdef TPM_DEBUG 256 aprint_debug_dev(sc->sc_dev, "%s: interrupted %d\n", 257 __func__, rv); 258 #endif 259 return rv; 260 } 261 } 262 263 if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) != 264 (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) { 265 #ifdef TPM_DEBUG 266 char buf[128]; 267 snprintb(buf, sizeof(buf), TPM_ACCESS_BITS, r); 268 aprint_debug_dev(sc->sc_dev, "%s: access %s\n", __func__, buf); 269 #endif 270 return EBUSY; 271 } 272 273 return 0; 274 } 275 276 int 277 tpm_getburst(struct tpm_softc *sc) 278 { 279 int burst, to, rv; 280 281 to = tpm_tmotohz(TPM_BURST_TMO); 282 283 burst = 0; 284 while (burst == 0 && to--) { 285 /* 286 * Burst count has to be read from bits 8 to 23 without 287 * touching any other bits, eg. the actual status bits 0 288 * to 7. 289 */ 290 burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1); 291 burst |= bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2) 292 << 8; 293 #ifdef TPM_DEBUG 294 aprint_debug_dev(sc->sc_dev, "%s: read %d\n", __func__, burst); 295 #endif 296 if (burst) 297 return burst; 298 299 rv = tsleep(sc, PRIBIO | PCATCH, "tpm_getburst", 1); 300 if (rv && rv != EWOULDBLOCK) { 301 return 0; 302 } 303 } 304 305 return 0; 306 } 307 308 uint8_t 309 tpm_status(struct tpm_softc *sc) 310 { 311 return bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) & TPM_STS_MASK; 312 } 313 314 int 315 tpm_tmotohz(int tmo) 316 { 317 struct timeval tv; 318 319 tv.tv_sec = tmo / 1000; 320 tv.tv_usec = 1000 * (tmo % 1000); 321 322 return tvtohz(&tv); 323 } 324 325 /* Save TPM state on suspend. */ 326 bool 327 tpm_suspend(device_t dev, const pmf_qual_t *qual) 328 { 329 struct tpm_softc *sc = device_private(dev); 330 static const uint8_t command[] = { 331 0, 193, /* TPM_TAG_RQU_COMMAND */ 332 0, 0, 0, 10, /* Length in bytes */ 333 0, 0, 0, 156 /* TPM_ORD_SaveStates */ 334 }; 335 uint8_t scratch[sizeof(command)]; 336 337 /* 338 * Power down: We have to issue the SaveStates command. 339 */ 340 (*sc->sc_write)(sc, &command, sizeof(command)); 341 (*sc->sc_read)(sc, &scratch, sizeof(scratch), NULL, TPM_HDRSIZE); 342 #ifdef TPM_DEBUG 343 aprint_debug_dev(sc->sc_dev, "%s: power down\n", __func__); 344 #endif 345 return true; 346 } 347 348 /* 349 * Handle resume event. Actually nothing to do as the BIOS is supposed 350 * to restore the previously saved state. 351 */ 352 bool 353 tpm_resume(device_t dev, const pmf_qual_t *qual) 354 { 355 #ifdef TPM_DEBUG 356 struct tpm_softc *sc = device_private(dev); 357 aprint_debug_dev(sc->sc_dev, "%s: resume\n", __func__); 358 #endif 359 return true; 360 } 361 362 /* Wait for given status bits using polling. */ 363 int 364 tpm_waitfor_poll(struct tpm_softc *sc, uint8_t mask, int tmo, void *c) 365 { 366 int rv; 367 368 /* 369 * Poll until either the requested condition or a time out is 370 * met. 371 */ 372 while (((sc->sc_stat = tpm_status(sc)) & mask) != mask && tmo--) { 373 rv = tsleep(c, PRIBIO | PCATCH, "tpm_poll", 1); 374 if (rv && rv != EWOULDBLOCK) { 375 #ifdef TPM_DEBUG 376 aprint_debug_dev(sc->sc_dev, 377 "%s: interrupted %d\n", __func__, rv); 378 #endif 379 return rv; 380 } 381 } 382 383 return 0; 384 } 385 386 /* Wait for given status bits using interrupts. */ 387 int 388 tpm_waitfor_int(struct tpm_softc *sc, uint8_t mask, int tmo, void *c, 389 int inttype) 390 { 391 int rv, to; 392 393 /* Poll and return when condition is already met. */ 394 sc->sc_stat = tpm_status(sc); 395 if ((sc->sc_stat & mask) == mask) 396 return 0; 397 398 /* 399 * Enable interrupt on tpm chip. Note that interrupts on our 400 * level (SPL_TTY) are disabled (see tpm{read,write} et al) and 401 * will not be delivered to the cpu until we call tsleep(9) below. 402 */ 403 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 404 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) | 405 inttype); 406 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 407 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) | 408 TPM_GLOBAL_INT_ENABLE); 409 410 /* 411 * Poll once more to remedy the race between previous polling 412 * and enabling interrupts on the tpm chip. 413 */ 414 sc->sc_stat = tpm_status(sc); 415 if ((sc->sc_stat & mask) == mask) { 416 rv = 0; 417 goto out; 418 } 419 420 to = tpm_tmotohz(tmo); 421 #ifdef TPM_DEBUG 422 aprint_debug_dev(sc->sc_dev, 423 "%s: sleeping for %d ticks on %p\n", __func__, to, c); 424 #endif 425 /* 426 * tsleep(9) enables interrupts on the cpu and returns after 427 * wake up with interrupts disabled again. Note that interrupts 428 * generated by the tpm chip while being at SPL_TTY are not lost 429 * but held and delivered as soon as the cpu goes below SPL_TTY. 430 */ 431 rv = tsleep(c, PRIBIO | PCATCH, "tpm_wait", to); 432 433 sc->sc_stat = tpm_status(sc); 434 #ifdef TPM_DEBUG 435 char buf[128]; 436 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 437 aprint_debug_dev(sc->sc_dev, 438 "%s: woke up with rv %d stat %s\n", __func__, rv, buf); 439 #endif 440 if ((sc->sc_stat & mask) == mask) 441 rv = 0; 442 443 /* Disable interrupts on tpm chip again. */ 444 out: bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 445 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) & 446 ~TPM_GLOBAL_INT_ENABLE); 447 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, 448 bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) & 449 ~inttype); 450 451 return rv; 452 } 453 454 /* 455 * Wait on given status bits, uses interrupts where possible, otherwise polls. 456 */ 457 int 458 tpm_waitfor(struct tpm_softc *sc, uint8_t b0, int tmo, void *c) 459 { 460 uint8_t b; 461 int re, to, rv; 462 463 #ifdef TPM_DEBUG 464 char buf[128]; 465 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 466 aprint_debug_dev(sc->sc_dev, "%s: b0 %s\n", __func__, buf); 467 #endif 468 469 /* 470 * If possible, use interrupts, otherwise poll. 471 * 472 * We use interrupts for TPM_STS_VALID and TPM_STS_DATA_AVAIL (if 473 * the tpm chips supports them) as waiting for those can take 474 * really long. The other TPM_STS* are not needed very often 475 * so we do not support them. 476 */ 477 if (sc->sc_vector != -1) { 478 b = b0; 479 480 /* 481 * Wait for data ready. This interrupt only occures 482 * when both TPM_STS_VALID and TPM_STS_DATA_AVAIL are asserted. 483 * Thus we don't have to bother with TPM_STS_VALID 484 * separately and can just return. 485 * 486 * This only holds for interrupts! When using polling 487 * both flags have to be waited for, see below. 488 */ 489 if ((b & TPM_STS_DATA_AVAIL) && (sc->sc_capabilities & 490 TPM_INTF_DATA_AVAIL_INT)) 491 return tpm_waitfor_int(sc, b, tmo, c, 492 TPM_DATA_AVAIL_INT); 493 494 /* Wait for status valid bit. */ 495 if ((b & TPM_STS_VALID) && (sc->sc_capabilities & 496 TPM_INTF_STS_VALID_INT)) { 497 rv = tpm_waitfor_int(sc, b, tmo, c, TPM_STS_VALID_INT); 498 if (rv != 0) 499 return rv; 500 else 501 b = b0 & ~TPM_STS_VALID; 502 } 503 504 /* 505 * When all flags are taken care of, return. Otherwise 506 * use polling for eg. TPM_STS_CMD_READY. 507 */ 508 if (b == 0) 509 return 0; 510 } 511 512 re = 3; 513 restart: 514 /* 515 * If requested wait for TPM_STS_VALID before dealing with 516 * any other flag. Eg. when both TPM_STS_DATA_AVAIL and TPM_STS_VALID 517 * are requested, wait for the latter first. 518 */ 519 b = b0; 520 if (b0 & TPM_STS_VALID) 521 b = TPM_STS_VALID; 522 523 to = tpm_tmotohz(tmo); 524 again: 525 if ((rv = tpm_waitfor_poll(sc, b, to, c)) != 0) 526 return rv; 527 528 if ((b & sc->sc_stat) == TPM_STS_VALID) { 529 /* Now wait for other flags. */ 530 b = b0 & ~TPM_STS_VALID; 531 to++; 532 goto again; 533 } 534 535 if ((sc->sc_stat & b) != b) { 536 #ifdef TPM_DEBUG 537 char bbuf[128], cbuf[128]; 538 snprintb(bbuf, sizeof(bbuf), TPM_STS_BITS, b); 539 snprintb(cbuf, sizeof(cbuf), TPM_STS_BITS, sc->sc_stat); 540 aprint_debug_dev(sc->sc_dev, 541 "%s: timeout: stat=%s b=%s\n", __func__, cbuf, bbuf); 542 #endif 543 if (re-- && (b0 & TPM_STS_VALID)) { 544 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 545 TPM_STS_RESP_RETRY); 546 goto restart; 547 } 548 return EIO; 549 } 550 551 return 0; 552 } 553 554 /* Start transaction. */ 555 int 556 tpm_tis12_start(struct tpm_softc *sc, int flag) 557 { 558 int rv; 559 560 if (flag == UIO_READ) { 561 rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID, 562 TPM_READ_TMO, sc->sc_read); 563 return rv; 564 } 565 566 /* Own our (0th) locality. */ 567 if ((rv = tpm_request_locality(sc, 0)) != 0) 568 return rv; 569 570 sc->sc_stat = tpm_status(sc); 571 if (sc->sc_stat & TPM_STS_CMD_READY) { 572 #ifdef TPM_DEBUG 573 char buf[128]; 574 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 575 aprint_debug_dev(sc->sc_dev, "%s: UIO_WRITE status %s\n", 576 __func__, buf); 577 #endif 578 return 0; 579 } 580 581 #ifdef TPM_DEBUG 582 aprint_debug_dev(sc->sc_dev, 583 "%s: UIO_WRITE readying chip\n", __func__); 584 #endif 585 586 /* Abort previous and restart. */ 587 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY); 588 if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READY_TMO, 589 sc->sc_write))) { 590 #ifdef TPM_DEBUG 591 aprint_debug_dev(sc->sc_dev, 592 "%s: UIO_WRITE readying failed %d\n", __func__, rv); 593 #endif 594 return rv; 595 } 596 597 #ifdef TPM_DEBUG 598 aprint_debug_dev(sc->sc_dev, 599 "%s: UIO_WRITE readying done\n", __func__); 600 #endif 601 602 return 0; 603 } 604 605 int 606 tpm_tis12_read(struct tpm_softc *sc, void *buf, size_t len, size_t *count, 607 int flags) 608 { 609 uint8_t *p = buf; 610 size_t cnt; 611 int rv, n, bcnt; 612 613 #ifdef TPM_DEBUG 614 aprint_debug_dev(sc->sc_dev, "%s: len %zu\n", __func__, len); 615 #endif 616 cnt = 0; 617 while (len > 0) { 618 if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID, 619 TPM_READ_TMO, sc->sc_read))) 620 return rv; 621 622 bcnt = tpm_getburst(sc); 623 n = MIN(len, bcnt); 624 #ifdef TPM_DEBUG 625 aprint_debug_dev(sc->sc_dev, 626 "%s: fetching %d, burst is %d\n", __func__, n, bcnt); 627 #endif 628 for (; n--; len--) { 629 *p++ = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA); 630 cnt++; 631 } 632 633 if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6) 634 break; 635 } 636 #ifdef TPM_DEBUG 637 aprint_debug_dev(sc->sc_dev, 638 "%s: read %zu bytes, len %zu\n", __func__, cnt, len); 639 #endif 640 641 if (count) 642 *count = cnt; 643 644 return 0; 645 } 646 647 int 648 tpm_tis12_write(struct tpm_softc *sc, const void *buf, size_t len) 649 { 650 const uint8_t *p = buf; 651 size_t cnt; 652 int rv, r; 653 654 #ifdef TPM_DEBUG 655 aprint_debug_dev(sc->sc_dev, 656 "%s: sc %p buf %p len %zu\n", __func__, sc, buf, len); 657 #endif 658 if (len == 0) 659 return 0; 660 661 if ((rv = tpm_request_locality(sc, 0)) != 0) 662 return rv; 663 664 cnt = 0; 665 while (cnt < len - 1) { 666 for (r = tpm_getburst(sc); r > 0 && cnt < len - 1; r--) { 667 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++); 668 cnt++; 669 } 670 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) { 671 #ifdef TPM_DEBUG 672 aprint_debug_dev(sc->sc_dev, 673 "%s: failed burst rv %d\n", __func__, rv); 674 #endif 675 return rv; 676 } 677 sc->sc_stat = tpm_status(sc); 678 if (!(sc->sc_stat & TPM_STS_DATA_EXPECT)) { 679 #ifdef TPM_DEBUG 680 char sbuf[128]; 681 snprintb(sbuf, sizeof(sbuf), TPM_STS_BITS, sc->sc_stat); 682 aprint_debug_dev(sc->sc_dev, 683 "%s: failed rv %d stat=%s\n", __func__, rv, sbuf); 684 #endif 685 return EIO; 686 } 687 } 688 689 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++); 690 cnt++; 691 692 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) { 693 #ifdef TPM_DEBUG 694 aprint_debug_dev(sc->sc_dev, "%s: failed last byte rv %d\n", 695 __func__, rv); 696 #endif 697 return rv; 698 } 699 if ((sc->sc_stat & TPM_STS_DATA_EXPECT) != 0) { 700 #ifdef TPM_DEBUG 701 char sbuf[128]; 702 snprintb(sbuf, sizeof(sbuf), TPM_STS_BITS, sc->sc_stat); 703 aprint_debug_dev(sc->sc_dev, 704 "%s: failed rv %d stat=%s\n", __func__, rv, sbuf); 705 #endif 706 return EIO; 707 } 708 709 #ifdef TPM_DEBUG 710 aprint_debug_dev(sc->sc_dev, "%s: wrote %zu byte\n", __func__, cnt); 711 #endif 712 713 return 0; 714 } 715 716 /* Finish transaction. */ 717 int 718 tpm_tis12_end(struct tpm_softc *sc, int flag, int err) 719 { 720 int rv = 0; 721 722 if (flag == UIO_READ) { 723 if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, 724 sc->sc_read))) 725 return rv; 726 727 /* Still more data? */ 728 sc->sc_stat = tpm_status(sc); 729 if (!err && ((sc->sc_stat & TPM_STS_DATA_AVAIL) 730 == TPM_STS_DATA_AVAIL)) { 731 #ifdef TPM_DEBUG 732 char buf[128]; 733 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 734 aprint_debug_dev(sc->sc_dev, 735 "%s: read failed stat=%s\n", __func__, buf); 736 #endif 737 rv = EIO; 738 } 739 740 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 741 TPM_STS_CMD_READY); 742 743 /* Release our (0th) locality. */ 744 bus_space_write_1(sc->sc_bt, sc->sc_bh,TPM_ACCESS, 745 TPM_ACCESS_ACTIVE_LOCALITY); 746 } else { 747 /* Hungry for more? */ 748 sc->sc_stat = tpm_status(sc); 749 if (!err && (sc->sc_stat & TPM_STS_DATA_EXPECT)) { 750 #ifdef TPM_DEBUG 751 char buf[128]; 752 snprintb(buf, sizeof(buf), TPM_STS_BITS, sc->sc_stat); 753 aprint_debug_dev(sc->sc_dev, 754 "%s: write failed stat=%s\n", __func__, buf); 755 #endif 756 rv = EIO; 757 } 758 759 bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, 760 err ? TPM_STS_CMD_READY : TPM_STS_GO); 761 } 762 763 return rv; 764 } 765 766 int 767 tpm_intr(void *v) 768 { 769 struct tpm_softc *sc = v; 770 uint32_t r; 771 #ifdef TPM_DEBUG 772 static int cnt = 0; 773 #endif 774 775 r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS); 776 #ifdef TPM_DEBUG 777 if (r != 0) { 778 char buf[128]; 779 snprintb(buf, sizeof(buf), TPM_INTERRUPT_ENABLE_BITS, r); 780 aprint_debug_dev(sc->sc_dev, "%s: int=%s (%d)\n", __func__, 781 buf, cnt); 782 } else 783 cnt++; 784 #endif 785 if (!(r & (TPM_CMD_READY_INT | TPM_LOCALITY_CHANGE_INT | 786 TPM_STS_VALID_INT | TPM_DATA_AVAIL_INT))) 787 #ifdef __FreeBSD__ 788 return; 789 #else 790 return 0; 791 #endif 792 if (r & TPM_STS_VALID_INT) 793 wakeup(sc); 794 795 if (r & TPM_CMD_READY_INT) 796 wakeup(sc->sc_write); 797 798 if (r & TPM_DATA_AVAIL_INT) 799 wakeup(sc->sc_read); 800 801 if (r & TPM_LOCALITY_CHANGE_INT) 802 wakeup(sc->sc_init); 803 804 bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, r); 805 806 return 1; 807 } 808 809 /* Read single byte using legacy interface. */ 810 static inline uint8_t 811 tpm_legacy_in(bus_space_tag_t iot, bus_space_handle_t ioh, int reg) 812 { 813 bus_space_write_1(iot, ioh, 0, reg); 814 return bus_space_read_1(iot, ioh, 1); 815 } 816 817 /* Probe for TPM using legacy interface. */ 818 int 819 tpm_legacy_probe(bus_space_tag_t iot, bus_addr_t iobase) 820 { 821 bus_space_handle_t ioh; 822 uint8_t r, v; 823 int i, rv = 0; 824 char id[8]; 825 826 if (!tpm_enabled || iobase == -1) 827 return 0; 828 829 if (bus_space_map(iot, iobase, 2, 0, &ioh)) 830 return 0; 831 832 v = bus_space_read_1(iot, ioh, 0); 833 if (v == 0xff) { 834 bus_space_unmap(iot, ioh, 2); 835 return 0; 836 } 837 r = bus_space_read_1(iot, ioh, 1); 838 839 for (i = sizeof(id); i--; ) 840 id[i] = tpm_legacy_in(iot, ioh, TPM_ID + i); 841 842 #ifdef TPM_DEBUG 843 printf("tpm_legacy_probe %.4s %d.%d.%d.%d\n", 844 &id[4], id[0], id[1], id[2], id[3]); 845 #endif 846 /* 847 * The only chips using the legacy interface we are aware of are 848 * by Atmel. For other chips more signature would have to be added. 849 */ 850 if (!bcmp(&id[4], "ATML", 4)) 851 rv = 1; 852 853 if (!rv) { 854 bus_space_write_1(iot, ioh, r, 1); 855 bus_space_write_1(iot, ioh, v, 0); 856 } 857 bus_space_unmap(iot, ioh, 2); 858 859 return rv; 860 } 861 862 /* Setup TPM using legacy interface. */ 863 int 864 tpm_legacy_init(struct tpm_softc *sc, int irq, const char *name) 865 { 866 char id[8]; 867 int i; 868 869 if ((i = bus_space_map(sc->sc_batm, tpm_enabled, 2, 0, &sc->sc_bahm))) { 870 aprint_debug_dev(sc->sc_dev, "cannot map tpm registers (%d)\n", 871 i); 872 tpm_enabled = 0; 873 return 1; 874 } 875 876 for (i = sizeof(id); i--; ) 877 id[i] = tpm_legacy_in(sc->sc_bt, sc->sc_bh, TPM_ID + i); 878 879 aprint_debug_dev(sc->sc_dev, "%.4s %d.%d @0x%x\n", &id[4], id[0], 880 id[1], tpm_enabled); 881 tpm_enabled = 0; 882 883 return 0; 884 } 885 886 /* Start transaction. */ 887 int 888 tpm_legacy_start(struct tpm_softc *sc, int flag) 889 { 890 struct timeval tv; 891 uint8_t bits, r; 892 int to, rv; 893 894 bits = flag == UIO_READ ? TPM_LEGACY_DA : 0; 895 tv.tv_sec = TPM_LEGACY_TMO; 896 tv.tv_usec = 0; 897 to = tvtohz(&tv) / TPM_LEGACY_SLEEP; 898 while (((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) & 899 (TPM_LEGACY_BUSY|bits)) != bits && to--) { 900 rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_start", 901 TPM_LEGACY_SLEEP); 902 if (rv && rv != EWOULDBLOCK) 903 return rv; 904 } 905 906 #if defined(TPM_DEBUG) && !defined(__FreeBSD__) 907 char buf[128]; 908 snprintb(buf, sizeof(buf), TPM_LEGACY_BITS, r); 909 aprint_debug_dev(sc->sc_dev, "%s: bits %s\n", device_xname(sc->sc_dev), 910 buf); 911 #endif 912 if ((r & (TPM_LEGACY_BUSY|bits)) != bits) 913 return EIO; 914 915 return 0; 916 } 917 918 int 919 tpm_legacy_read(struct tpm_softc *sc, void *buf, size_t len, size_t *count, 920 int flags) 921 { 922 uint8_t *p; 923 size_t cnt; 924 int to, rv; 925 926 cnt = rv = 0; 927 for (p = buf; !rv && len > 0; len--) { 928 for (to = 1000; 929 !(bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1) & 930 TPM_LEGACY_DA); DELAY(1)) 931 if (!to--) 932 return EIO; 933 934 DELAY(TPM_LEGACY_DELAY); 935 *p++ = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 0); 936 cnt++; 937 } 938 939 *count = cnt; 940 return 0; 941 } 942 943 int 944 tpm_legacy_write(struct tpm_softc *sc, const void *buf, size_t len) 945 { 946 const uint8_t *p; 947 size_t n; 948 949 for (p = buf, n = len; n--; DELAY(TPM_LEGACY_DELAY)) { 950 if (!n && len != TPM_BUFSIZ) { 951 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, 952 TPM_LEGACY_LAST); 953 DELAY(TPM_LEGACY_DELAY); 954 } 955 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 0, *p++); 956 } 957 958 return 0; 959 } 960 961 /* Finish transaction. */ 962 int 963 tpm_legacy_end(struct tpm_softc *sc, int flag, int rv) 964 { 965 struct timeval tv; 966 uint8_t r; 967 int to; 968 969 if (rv || flag == UIO_READ) 970 bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, TPM_LEGACY_ABRT); 971 else { 972 tv.tv_sec = TPM_LEGACY_TMO; 973 tv.tv_usec = 0; 974 to = tvtohz(&tv) / TPM_LEGACY_SLEEP; 975 while(((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) & 976 TPM_LEGACY_BUSY) && to--) { 977 rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_end", 978 TPM_LEGACY_SLEEP); 979 if (rv && rv != EWOULDBLOCK) 980 return rv; 981 } 982 983 #if defined(TPM_DEBUG) && !defined(__FreeBSD__) 984 char buf[128]; 985 snprintb(buf, sizeof(buf), TPM_LEGACY_BITS, r); 986 aprint_debug_dev(sc->sc_dev, "%s: bits %s\n", 987 device_xname(sc->sc_dev), buf); 988 #endif 989 if (r & TPM_LEGACY_BUSY) 990 return EIO; 991 992 if (r & TPM_LEGACY_RE) 993 return EIO; /* XXX Retry the loop? */ 994 } 995 996 return rv; 997 } 998 999 int 1000 tpmopen(dev_t dev, int flag, int mode, struct lwp *l) 1001 { 1002 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1003 1004 if (!sc) 1005 return ENXIO; 1006 1007 if (sc->sc_flags & TPM_OPEN) 1008 return EBUSY; 1009 1010 sc->sc_flags |= TPM_OPEN; 1011 1012 return 0; 1013 } 1014 1015 int 1016 tpmclose(dev_t dev, int flag, int mode, struct lwp *l) 1017 { 1018 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1019 1020 if (!sc) 1021 return ENXIO; 1022 1023 if (!(sc->sc_flags & TPM_OPEN)) 1024 return EINVAL; 1025 1026 sc->sc_flags &= ~TPM_OPEN; 1027 1028 return 0; 1029 } 1030 1031 int 1032 tpmread(dev_t dev, struct uio *uio, int flags) 1033 { 1034 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1035 uint8_t buf[TPM_BUFSIZ], *p; 1036 size_t cnt, len, n; 1037 int rv, s; 1038 1039 if (!sc) 1040 return ENXIO; 1041 1042 s = spltty(); 1043 if ((rv = (*sc->sc_start)(sc, UIO_READ))) 1044 goto out; 1045 1046 #ifdef TPM_DEBUG 1047 aprint_debug_dev(sc->sc_dev, "%s: getting header\n", __func__); 1048 #endif 1049 if ((rv = (*sc->sc_read)(sc, buf, TPM_HDRSIZE, &cnt, 0))) { 1050 (*sc->sc_end)(sc, UIO_READ, rv); 1051 goto out; 1052 } 1053 1054 len = (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8) | buf[5]; 1055 #ifdef TPM_DEBUG 1056 aprint_debug_dev(sc->sc_dev, "%s: len %zu, io count %zu\n", __func__, 1057 len, uio->uio_resid); 1058 #endif 1059 if (len > uio->uio_resid) { 1060 rv = EIO; 1061 (*sc->sc_end)(sc, UIO_READ, rv); 1062 #ifdef TPM_DEBUG 1063 aprint_debug_dev(sc->sc_dev, 1064 "%s: bad residual io count 0x%zx\n", __func__, 1065 uio->uio_resid); 1066 #endif 1067 goto out; 1068 } 1069 1070 /* Copy out header. */ 1071 if ((rv = uiomove(buf, cnt, uio))) { 1072 #ifdef TPM_DEBUG 1073 aprint_debug_dev(sc->sc_dev, 1074 "%s: uiomove failed %d\n", __func__, rv); 1075 #endif 1076 (*sc->sc_end)(sc, UIO_READ, rv); 1077 goto out; 1078 } 1079 1080 /* Get remaining part of the answer (if anything is left). */ 1081 for (len -= cnt, p = buf, n = sizeof(buf); len > 0; p = buf, len -= n, 1082 n = sizeof(buf)) { 1083 n = MIN(n, len); 1084 #ifdef TPM_DEBUG 1085 aprint_debug_dev(sc->sc_dev, "%s: n %zu len %zu\n", __func__, 1086 n, len); 1087 #endif 1088 if ((rv = (*sc->sc_read)(sc, p, n, NULL, TPM_PARAM_SIZE))) { 1089 (*sc->sc_end)(sc, UIO_READ, rv); 1090 goto out; 1091 } 1092 p += n; 1093 if ((rv = uiomove(buf, p - buf, uio))) { 1094 #ifdef TPM_DEBUG 1095 aprint_debug_dev(sc->sc_dev, 1096 "%s: uiomove failed %d\n", __func__, rv); 1097 #endif 1098 (*sc->sc_end)(sc, UIO_READ, rv); 1099 goto out; 1100 } 1101 } 1102 1103 rv = (*sc->sc_end)(sc, UIO_READ, rv); 1104 out: 1105 splx(s); 1106 return rv; 1107 } 1108 1109 int 1110 tpmwrite(dev_t dev, struct uio *uio, int flags) 1111 { 1112 struct tpm_softc *sc = device_lookup_private(&tpm_cd, TPMUNIT(dev)); 1113 uint8_t buf[TPM_BUFSIZ]; 1114 int n, rv, s; 1115 1116 if (!sc) 1117 return ENXIO; 1118 1119 s = spltty(); 1120 1121 #ifdef TPM_DEBUG 1122 aprint_debug_dev(sc->sc_dev, "%s: io count %zu\n", __func__, 1123 uio->uio_resid); 1124 #endif 1125 1126 n = MIN(sizeof(buf), uio->uio_resid); 1127 if ((rv = uiomove(buf, n, uio))) { 1128 #ifdef TPM_DEBUG 1129 aprint_debug_dev(sc->sc_dev, 1130 "%s: uiomove failed %d\n", __func__, rv); 1131 #endif 1132 splx(s); 1133 return rv; 1134 } 1135 1136 if ((rv = (*sc->sc_start)(sc, UIO_WRITE))) { 1137 splx(s); 1138 return rv; 1139 } 1140 1141 if ((rv = (*sc->sc_write)(sc, buf, n))) { 1142 splx(s); 1143 return rv; 1144 } 1145 1146 rv = (*sc->sc_end)(sc, UIO_WRITE, rv); 1147 splx(s); 1148 return rv; 1149 } 1150 1151 int 1152 tpmioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l) 1153 { 1154 return ENOTTY; 1155 } 1156