Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/dev/tpm/tpm_tis.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2018 Stormshield. 3 * Copyright (c) 2018 Semihalf. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include "tpm20.h" 32 33 /* 34 * TIS register space as defined in 35 * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22 36 */ 37 #define TPM_ACCESS 0x0 38 #define TPM_INT_ENABLE 0x8 39 #define TPM_INT_VECTOR 0xc 40 #define TPM_INT_STS 0x10 41 #define TPM_INTF_CAPS 0x14 42 #define TPM_STS 0x18 43 #define TPM_DATA_FIFO 0x24 44 #define TPM_INTF_ID 0x30 45 #define TPM_XDATA_FIFO 0x80 46 #define TPM_DID_VID 0xF00 47 #define TPM_RID 0xF04 48 49 #define TPM_ACCESS_LOC_REQ BIT(1) 50 #define TPM_ACCESS_LOC_Seize BIT(3) 51 #define TPM_ACCESS_LOC_ACTIVE BIT(5) 52 #define TPM_ACCESS_LOC_RELINQUISH BIT(5) 53 #define TPM_ACCESS_VALID BIT(7) 54 55 #define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31) 56 #define TPM_INT_ENABLE_CMD_RDY BIT(7) 57 #define TPM_INT_ENABLE_LOC_CHANGE BIT(2) 58 #define TPM_INT_ENABLE_STS_VALID BIT(1) 59 #define TPM_INT_ENABLE_DATA_AVAIL BIT(0) 60 61 #define TPM_INT_STS_CMD_RDY BIT(7) 62 #define TPM_INT_STS_LOC_CHANGE BIT(2) 63 #define TPM_INT_STS_VALID BIT(1) 64 #define TPM_INT_STS_DATA_AVAIL BIT(0) 65 66 #define TPM_INTF_CAPS_VERSION 0x70000000 67 #define TPM_INTF_CAPS_TPM20 0x30000000 68 69 #define TPM_STS_VALID BIT(7) 70 #define TPM_STS_CMD_RDY BIT(6) 71 #define TPM_STS_CMD_START BIT(5) 72 #define TPM_STS_DATA_AVAIL BIT(4) 73 #define TPM_STS_DATA_EXPECTED BIT(3) 74 #define TPM_STS_BURST_MASK 0xFFFF00 75 #define TPM_STS_BURST_OFFSET 0x8 76 77 static int tpmtis_transmit(struct tpm_sc *sc, size_t length); 78 79 static int tpmtis_acpi_probe(device_t dev); 80 static int tpmtis_attach(device_t dev); 81 static int tpmtis_detach(device_t dev); 82 83 static void tpmtis_intr_handler(void *arg); 84 85 static void tpmtis_setup_intr(struct tpm_sc *sc); 86 87 static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); 88 static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); 89 static bool tpmtis_request_locality(struct tpm_sc *sc, int locality); 90 static void tpmtis_relinquish_locality(struct tpm_sc *sc); 91 static bool tpmtis_go_ready(struct tpm_sc *sc); 92 93 static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, 94 uint32_t mask, uint32_t val, int32_t timeout); 95 96 static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc); 97 98 char *tpmtis_ids[] = {"MSFT0101", NULL}; 99 100 static int 101 tpmtis_acpi_probe(device_t dev) 102 { 103 int err; 104 ACPI_TABLE_TPM23 *tbl; 105 ACPI_STATUS status; 106 107 err = ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids, NULL); 108 if (err > 0) 109 return (err); 110 /*Find TPM2 Header*/ 111 status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl); 112 if(ACPI_FAILURE(status) || 113 tbl->StartMethod != TPM2_START_METHOD_TIS) 114 err = ENXIO; 115 116 device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode"); 117 return (err); 118 } 119 120 static int 121 tpmtis_attach(device_t dev) 122 { 123 struct tpm_sc *sc; 124 int result; 125 126 sc = device_get_softc(dev); 127 sc->dev = dev; 128 sc->transmit = tpmtis_transmit; 129 sc->intr_type = -1; 130 131 sx_init(&sc->dev_lock, "TPM driver lock"); 132 sc->buf = malloc(TPM_BUFSIZE, M_TPM20, M_WAITOK); 133 134 sc->mem_rid = 0; 135 sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid, 136 RF_ACTIVE); 137 if (sc->mem_res == NULL) { 138 tpmtis_detach(dev); 139 return (ENXIO); 140 } 141 142 sc->irq_rid = 0; 143 sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid, 144 RF_ACTIVE | RF_SHAREABLE); 145 if (sc->irq_res == NULL) 146 goto skip_irq; 147 148 result = bus_setup_intr(dev, sc->irq_res, INTR_TYPE_MISC | INTR_MPSAFE, 149 NULL, tpmtis_intr_handler, sc, &sc->intr_cookie); 150 if (result != 0) { 151 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq_res); 152 goto skip_irq; 153 } 154 tpmtis_setup_intr(sc); 155 156 skip_irq: 157 result = tpm20_init(sc); 158 if (result != 0) 159 tpmtis_detach(dev); 160 161 return (result); 162 } 163 164 static int 165 tpmtis_detach(device_t dev) 166 { 167 struct tpm_sc *sc; 168 169 sc = device_get_softc(dev); 170 tpm20_release(sc); 171 172 if (sc->intr_cookie != NULL) 173 bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie); 174 175 if (sc->irq_res != NULL) 176 bus_release_resource(dev, SYS_RES_IRQ, 177 sc->irq_rid, sc->irq_res); 178 179 if (sc->mem_res != NULL) 180 bus_release_resource(dev, SYS_RES_MEMORY, 181 sc->mem_rid, sc->mem_res); 182 183 return (0); 184 } 185 186 /* 187 * Test if the advertisted interrupt actually works. 188 * This sends a simple command. (GetRandom) 189 * Interrupts are then enabled in the handler. 190 */ 191 static void 192 tpmtis_test_intr(struct tpm_sc *sc) 193 { 194 uint8_t cmd[] = { 195 0x80, 0x01, /* TPM_ST_NO_SESSIONS tag*/ 196 0x00, 0x00, 0x00, 0x0c, /* cmd length */ 197 0x00, 0x00, 0x01, 0x7b, /* cmd TPM_CC_GetRandom */ 198 0x00, 0x01 /* number of bytes requested */ 199 }; 200 201 sx_xlock(&sc->dev_lock); 202 memcpy(sc->buf, cmd, sizeof(cmd)); 203 tpmtis_transmit(sc, sizeof(cmd)); 204 sc->pending_data_length = 0; 205 sx_xunlock(&sc->dev_lock); 206 } 207 208 static void 209 tpmtis_setup_intr(struct tpm_sc *sc) 210 { 211 uint32_t reg; 212 uint8_t irq; 213 214 irq = bus_get_resource_start(sc->dev, SYS_RES_IRQ, sc->irq_rid); 215 216 /* 217 * SIRQ has to be between 1 - 15. 218 * I found a system with ACPI table that reported a value of 0x2d. 219 * An attempt to use such value resulted in an interrupt storm. 220 */ 221 if (irq == 0 || irq > 0xF) 222 return; 223 224 if(!tpmtis_request_locality(sc, 0)) 225 sc->interrupts = false; 226 227 WR1(sc, TPM_INT_VECTOR, irq); 228 229 /* Clear all pending interrupts. */ 230 reg = RD4(sc, TPM_INT_STS); 231 WR4(sc, TPM_INT_STS, reg); 232 233 reg = RD4(sc, TPM_INT_ENABLE); 234 reg |= TPM_INT_ENABLE_GLOBAL_ENABLE | 235 TPM_INT_ENABLE_DATA_AVAIL | 236 TPM_INT_ENABLE_LOC_CHANGE | 237 TPM_INT_ENABLE_CMD_RDY | 238 TPM_INT_ENABLE_STS_VALID; 239 WR4(sc, TPM_INT_ENABLE, reg); 240 241 tpmtis_relinquish_locality(sc); 242 tpmtis_test_intr(sc); 243 } 244 245 static void 246 tpmtis_intr_handler(void *arg) 247 { 248 struct tpm_sc *sc; 249 uint32_t status; 250 251 sc = (struct tpm_sc *)arg; 252 status = RD4(sc, TPM_INT_STS); 253 254 WR4(sc, TPM_INT_STS, status); 255 256 /* Check for stray interrupts. */ 257 if (sc->intr_type == -1 || (sc->intr_type & status) == 0) 258 return; 259 260 sc->interrupts = true; 261 wakeup(sc); 262 } 263 264 static bool 265 tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val, 266 int32_t timeout) 267 { 268 269 /* Check for condition */ 270 if ((RD4(sc, off) & mask) == val) 271 return (true); 272 273 /* If interrupts are enabled sleep for timeout duration */ 274 if(sc->interrupts && sc->intr_type != -1) { 275 tsleep(sc, PWAIT, "TPM WITH INTERRUPTS", timeout / tick); 276 277 sc->intr_type = -1; 278 return ((RD4(sc, off) & mask) == val); 279 } 280 281 /* If we don't have interrupts poll the device every tick */ 282 while (timeout > 0) { 283 if ((RD4(sc, off) & mask) == val) 284 return (true); 285 286 pause("TPM POLLING", 1); 287 timeout -= tick; 288 } 289 return (false); 290 } 291 292 static uint16_t 293 tpmtis_wait_for_burst(struct tpm_sc *sc) 294 { 295 int timeout; 296 uint16_t burst_count; 297 298 timeout = TPM_TIMEOUT_A; 299 300 while (timeout-- > 0) { 301 burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >> 302 TPM_STS_BURST_OFFSET; 303 if (burst_count > 0) 304 break; 305 306 DELAY(1); 307 } 308 return (burst_count); 309 } 310 311 static bool 312 tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf) 313 { 314 uint16_t burst_count; 315 316 while (count > 0) { 317 burst_count = tpmtis_wait_for_burst(sc); 318 if (burst_count == 0) 319 return (false); 320 321 burst_count = MIN(burst_count, count); 322 count -= burst_count; 323 324 while (burst_count-- > 0) 325 *buf++ = RD1(sc, TPM_DATA_FIFO); 326 } 327 328 return (true); 329 } 330 331 static bool 332 tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf) 333 { 334 uint16_t burst_count; 335 336 while (count > 0) { 337 burst_count = tpmtis_wait_for_burst(sc); 338 if (burst_count == 0) 339 return (false); 340 341 burst_count = MIN(burst_count, count); 342 count -= burst_count; 343 344 while (burst_count-- > 0) 345 WR1(sc, TPM_DATA_FIFO, *buf++); 346 } 347 348 return (true); 349 } 350 351 static bool 352 tpmtis_request_locality(struct tpm_sc *sc, int locality) 353 { 354 uint8_t mask; 355 int timeout; 356 357 /* Currently we only support Locality 0 */ 358 if (locality != 0) 359 return (false); 360 361 mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID; 362 timeout = TPM_TIMEOUT_A; 363 sc->intr_type = TPM_INT_STS_LOC_CHANGE; 364 365 WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ); 366 bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE); 367 if(sc->interrupts) { 368 tsleep(sc, PWAIT, "TPMLOCREQUEST with INTR", timeout / tick); 369 return ((RD1(sc, TPM_ACCESS) & mask) == mask); 370 } else { 371 while(timeout > 0) { 372 if ((RD1(sc, TPM_ACCESS) & mask) == mask) 373 return (true); 374 375 pause("TPMLOCREQUEST POLLING", 1); 376 timeout -= tick; 377 } 378 } 379 380 return (false); 381 } 382 383 static void 384 tpmtis_relinquish_locality(struct tpm_sc *sc) 385 { 386 387 /* 388 * Interrupts can only be cleared when a locality is active. 389 * Clear them now in case interrupt handler didn't make it in time. 390 */ 391 if(sc->interrupts) 392 AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS)); 393 394 OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH); 395 } 396 397 static bool 398 tpmtis_go_ready(struct tpm_sc *sc) 399 { 400 uint32_t mask; 401 402 mask = TPM_STS_CMD_RDY; 403 sc->intr_type = TPM_INT_STS_CMD_RDY; 404 405 WR4(sc, TPM_STS, TPM_STS_CMD_RDY); 406 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE); 407 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B)) 408 return (false); 409 410 return (true); 411 } 412 413 static int 414 tpmtis_transmit(struct tpm_sc *sc, size_t length) 415 { 416 size_t bytes_available; 417 uint32_t mask, curr_cmd; 418 int timeout; 419 420 sx_assert(&sc->dev_lock, SA_XLOCKED); 421 422 if (!tpmtis_request_locality(sc, 0)) { 423 device_printf(sc->dev, 424 "Failed to obtain locality\n"); 425 return (EIO); 426 } 427 if (!tpmtis_go_ready(sc)) { 428 device_printf(sc->dev, 429 "Failed to switch to ready state\n"); 430 return (EIO); 431 } 432 if (!tpmtis_write_bytes(sc, length, sc->buf)) { 433 device_printf(sc->dev, 434 "Failed to write cmd to device\n"); 435 return (EIO); 436 } 437 438 mask = TPM_STS_VALID; 439 sc->intr_type = TPM_INT_STS_VALID; 440 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) { 441 device_printf(sc->dev, 442 "Timeout while waiting for valid bit\n"); 443 return (EIO); 444 } 445 if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) { 446 device_printf(sc->dev, 447 "Device expects more data even though we already" 448 " sent everything we had\n"); 449 return (EIO); 450 } 451 452 /* 453 * Calculate timeout for current command. 454 * Command code is passed in bytes 6-10. 455 */ 456 curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6])); 457 timeout = tpm20_get_timeout(curr_cmd); 458 459 WR4(sc, TPM_STS, TPM_STS_CMD_START); 460 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE); 461 462 mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID; 463 sc->intr_type = TPM_INT_STS_DATA_AVAIL; 464 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) { 465 device_printf(sc->dev, 466 "Timeout while waiting for device to process cmd\n"); 467 /* 468 * Switching to ready state also cancels processing 469 * current command 470 */ 471 if (!tpmtis_go_ready(sc)) 472 return (EIO); 473 474 /* 475 * After canceling a command we should get a response, 476 * check if there is one. 477 */ 478 sc->intr_type = TPM_INT_STS_DATA_AVAIL; 479 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) 480 return (EIO); 481 } 482 /* Read response header. Length is passed in bytes 2 - 6. */ 483 if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) { 484 device_printf(sc->dev, 485 "Failed to read response header\n"); 486 return (EIO); 487 } 488 bytes_available = be32toh(*(uint32_t *) (&sc->buf[2])); 489 490 if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) { 491 device_printf(sc->dev, 492 "Incorrect response size: %zu\n", 493 bytes_available); 494 return (EIO); 495 } 496 if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE, 497 &sc->buf[TPM_HEADER_SIZE])) { 498 device_printf(sc->dev, 499 "Failed to read response\n"); 500 return (EIO); 501 } 502 tpmtis_relinquish_locality(sc); 503 sc->pending_data_length = bytes_available; 504 505 return (0); 506 } 507 508 /* ACPI Driver */ 509 static device_method_t tpmtis_methods[] = { 510 DEVMETHOD(device_probe, tpmtis_acpi_probe), 511 DEVMETHOD(device_attach, tpmtis_attach), 512 DEVMETHOD(device_detach, tpmtis_detach), 513 DEVMETHOD(device_shutdown, tpm20_shutdown), 514 DEVMETHOD(device_suspend, tpm20_suspend), 515 {0, 0} 516 }; 517 518 static driver_t tpmtis_driver = { 519 "tpmtis", tpmtis_methods, sizeof(struct tpm_sc), 520 }; 521 522 DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, 0, 0);
Cache object: e5314ac94c9f23439259a9667eaadb6d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]