Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / d36856a3850734101c3bb0a3114fb57d44cb783b / . / drivers / tpm / cr50_i2c.c
blob: b904a7d426e7e43201651ea0acca644131590719 [file] [log] [blame]
Simon Glassd36856a2020-02-06 09:55:04 -0700[diff] [blame^]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Cr50 / H1 TPM support
4 *
5 * Copyright 2018 Google LLC
6 */
7
8#define LOG_CATEGORY UCLASS_TPM
9
10#include <common.h>
11#include <dm.h>
12#include <i2c.h>
13#include <irq.h>
14#include <spl.h>
15#include <tpm-v2.h>
16#include <asm/gpio.h>
17#include <asm/io.h>
18#include <asm/arch/iomap.h>
19#include <asm/arch/pm.h>
20
21enum {
22 TIMEOUT_INIT_MS = 30000, /* Very long timeout for TPM init */
23 TIMEOUT_LONG_US = 2 * 1000 * 1000,
24 TIMEOUT_SHORT_US = 2 * 1000,
25 TIMEOUT_NO_IRQ_US = 20 * 1000,
26 TIMEOUT_IRQ_US = 100 * 1000,
27};
28
29enum {
30 CR50_DID_VID = 0x00281ae0L
31};
32
33enum {
34 CR50_MAX_BUF_SIZE = 63,
35};
36
37struct cr50_priv {
38 struct gpio_desc ready_gpio;
39 struct irq irq;
40 int locality;
41 uint vendor;
42 bool use_irq;
43};
44
45/* Wait for interrupt to indicate TPM is ready */
46static int cr50_i2c_wait_tpm_ready(struct udevice *dev)
47{
48 struct cr50_priv *priv = dev_get_priv(dev);
49 ulong timeout, base;
50 int i;
51
52 if (!priv->use_irq && !dm_gpio_is_valid(&priv->ready_gpio)) {
53 /* Fixed delay if interrupt not supported */
54 udelay(TIMEOUT_NO_IRQ_US);
55 return 0;
56 }
57
58 base = timer_get_us();
59 timeout = base + TIMEOUT_IRQ_US;
60
61 i = 0;
62 while (priv->use_irq ? !irq_read_and_clear(&priv->irq) :
63 !dm_gpio_get_value(&priv->ready_gpio)) {
64 i++;
65 if ((int)(timer_get_us() - timeout) >= 0) {
66 log_warning("Timeout\n");
67 /* Use this instead of the -ETIMEDOUT used by i2c */
68 return -ETIME;
69 }
70 }
71 log_debug("i=%d\n", i);
72
73 return 0;
74}
75
76/* Clear pending interrupts */
77static void cr50_i2c_clear_tpm_irq(struct udevice *dev)
78{
79 struct cr50_priv *priv = dev_get_priv(dev);
80
81 if (priv->use_irq)
82 irq_read_and_clear(&priv->irq);
83}
84
85/*
86 * cr50_i2c_read() - read from TPM register
87 *
88 * @dev: TPM chip information
89 * @addr: register address to read from
90 * @buffer: provided by caller
91 * @len: number of bytes to read
92 *
93 * 1) send register address byte 'addr' to the TPM
94 * 2) wait for TPM to indicate it is ready
95 * 3) read 'len' bytes of TPM response into the provided 'buffer'
96 *
97 * Return 0 on success. -ve on error
98 */
99static int cr50_i2c_read(struct udevice *dev, u8 addr, u8 *buffer,
100 size_t len)
101{
102 int ret;
103
104 /* Clear interrupt before starting transaction */
105 cr50_i2c_clear_tpm_irq(dev);
106
107 /* Send the register address byte to the TPM */
108 ret = dm_i2c_write(dev, 0, &addr, 1);
109 if (ret) {
110 log_err("Address write failed (err=%d)\n", ret);
111 return ret;
112 }
113
114 /* Wait for TPM to be ready with response data */
115 ret = cr50_i2c_wait_tpm_ready(dev);
116 if (ret)
117 return ret;
118
119 /* Read response data frrom the TPM */
120 ret = dm_i2c_read(dev, 0, buffer, len);
121 if (ret) {
122 log_err("Read response failed (err=%d)\n", ret);
123 return ret;
124 }
125
126 return 0;
127}
128
129/*
130 * cr50_i2c_write() - write to TPM register
131 *
132 * @dev: TPM chip information
133 * @addr: register address to write to
134 * @buffer: data to write
135 * @len: number of bytes to write
136 *
137 * 1) prepend the provided address to the provided data
138 * 2) send the address+data to the TPM
139 * 3) wait for TPM to indicate it is done writing
140 *
141 * Returns -1 on error, 0 on success.
142 */
143static int cr50_i2c_write(struct udevice *dev, u8 addr, const u8 *buffer,
144 size_t len)
145{
146 u8 buf[len + 1];
147 int ret;
148
149 if (len > CR50_MAX_BUF_SIZE) {
150 log_err("Length %zd is too large\n", len);
151 return -E2BIG;
152 }
153
154 /* Prepend the 'register address' to the buffer */
155 buf[0] = addr;
156 memcpy(buf + 1, buffer, len);
157
158 /* Clear interrupt before starting transaction */
159 cr50_i2c_clear_tpm_irq(dev);
160
161 /* Send write request buffer with address */
162 ret = dm_i2c_write(dev, 0, buf, len + 1);
163 if (ret) {
164 log_err("Error writing to TPM (err=%d)\n", ret);
165 return ret;
166 }
167
168 /* Wait for TPM to be ready */
169 return cr50_i2c_wait_tpm_ready(dev);
170}
171
172static inline u8 tpm_access(u8 locality)
173{
174 return 0x0 | (locality << 4);
175}
176
177static inline u8 tpm_sts(u8 locality)
178{
179 return 0x1 | (locality << 4);
180}
181
182static inline u8 tpm_data_fifo(u8 locality)
183{
184 return 0x5 | (locality << 4);
185}
186
187static inline u8 tpm_did_vid(u8 locality)
188{
189 return 0x6 | (locality << 4);
190}
191
192static int release_locality(struct udevice *dev, int force)
193{
194 struct cr50_priv *priv = dev_get_priv(dev);
195 u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
196 u8 addr = tpm_access(priv->locality);
197 int ret;
198 u8 buf;
199
200 ret = cr50_i2c_read(dev, addr, &buf, 1);
201 if (ret)
202 return ret;
203
204 if (force || (buf & mask) == mask) {
205 buf = TPM_ACCESS_ACTIVE_LOCALITY;
206 cr50_i2c_write(dev, addr, &buf, 1);
207 }
208
209 priv->locality = 0;
210
211 return 0;
212}
213
214/* cr50 requires all 4 bytes of status register to be read */
215static int cr50_i2c_status(struct udevice *dev)
216{
217 struct cr50_priv *priv = dev_get_priv(dev);
218 u8 buf[4];
219 int ret;
220
221 ret = cr50_i2c_read(dev, tpm_sts(priv->locality), buf, sizeof(buf));
222 if (ret) {
223 log_warning("%s: Failed to read status\n", __func__);
224 return ret;
225 }
226
227 return buf[0];
228}
229
230/* cr50 requires all 4 bytes of status register to be written */
231static int cr50_i2c_ready(struct udevice *dev)
232{
233 struct cr50_priv *priv = dev_get_priv(dev);
234 u8 buf[4] = { TPM_STS_COMMAND_READY };
235 int ret;
236
237 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), buf, sizeof(buf));
238 if (ret)
239 return ret;
240
241 udelay(TIMEOUT_SHORT_US);
242
243 return 0;
244}
245
246static int cr50_i2c_wait_burststs(struct udevice *dev, u8 mask,
247 size_t *burst, int *status)
248{
249 struct cr50_priv *priv = dev_get_priv(dev);
250 ulong timeout;
251 u32 buf;
252
253 /*
254 * cr50 uses bytes 3:2 of status register for burst count and all 4
255 * bytes must be read
256 */
257 timeout = timer_get_us() + TIMEOUT_LONG_US;
258 while (timer_get_us() < timeout) {
259 if (cr50_i2c_read(dev, tpm_sts(priv->locality),
260 (u8 *)&buf, sizeof(buf)) < 0) {
261 udelay(TIMEOUT_SHORT_US);
262 continue;
263 }
264
265 *status = buf & 0xff;
266 *burst = le16_to_cpu((buf >> 8) & 0xffff);
267
268 if ((*status & mask) == mask &&
269 *burst > 0 && *burst <= CR50_MAX_BUF_SIZE)
270 return 0;
271
272 udelay(TIMEOUT_SHORT_US);
273 }
274
275 log_warning("Timeout reading burst and status\n");
276
277 return -ETIMEDOUT;
278}
279
280static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len)
281{
282 struct cr50_priv *priv = dev_get_priv(dev);
283 size_t burstcnt, expected, current, len;
284 u8 addr = tpm_data_fifo(priv->locality);
285 u8 mask = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
286 u32 expected_buf;
287 int status;
288 int ret;
289
290 log_debug("%s: len=%x\n", __func__, buf_len);
291 if (buf_len < TPM_HEADER_SIZE)
292 return -E2BIG;
293
294 ret = cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status);
295 if (ret < 0) {
296 log_warning("First chunk not available\n");
297 goto out_err;
298 }
299
300 /* Read first chunk of burstcnt bytes */
301 if (cr50_i2c_read(dev, addr, buf, burstcnt) < 0) {
302 log_warning("Read failed\n");
303 goto out_err;
304 }
305
306 /* Determine expected data in the return buffer */
307 memcpy(&expected_buf, buf + TPM_CMD_COUNT_OFFSET, sizeof(expected_buf));
308 expected = be32_to_cpu(expected_buf);
309 if (expected > buf_len) {
310 log_warning("Too much data: %zu > %zu\n", expected, buf_len);
311 goto out_err;
312 }
313
314 /* Now read the rest of the data */
315 current = burstcnt;
316 while (current < expected) {
317 /* Read updated burst count and check status */
318 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0) {
319 log_warning("- burst failure1\n");
320 goto out_err;
321 }
322
323 len = min(burstcnt, expected - current);
324 if (cr50_i2c_read(dev, addr, buf + current, len) != 0) {
325 log_warning("Read failed\n");
326 goto out_err;
327 }
328
329 current += len;
330 }
331
332 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt,
333 &status) < 0) {
334 log_warning("- burst failure2\n");
335 goto out_err;
336 }
337 if (status & TPM_STS_DATA_AVAIL) {
338 log_warning("Data still available\n");
339 goto out_err;
340 }
341
342 return current;
343
344out_err:
345 /* Abort current transaction if still pending */
346 ret = cr50_i2c_status(dev);
347 if (ret < 0)
348 return ret;
349 if (ret & TPM_STS_COMMAND_READY) {
350 ret = cr50_i2c_ready(dev);
351 if (ret)
352 return ret;
353 }
354
355 return -EIO;
356}
357
358static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len)
359{
360 struct cr50_priv *priv = dev_get_priv(dev);
361
362 int status;
363 size_t burstcnt, limit, sent = 0;
364 u8 tpm_go[4] = { TPM_STS_GO };
365 ulong timeout;
366 int ret;
367
368 log_debug("%s: len=%x\n", __func__, len);
369 timeout = timer_get_us() + TIMEOUT_LONG_US;
370 do {
371 ret = cr50_i2c_status(dev);
372 if (ret < 0)
373 goto out_err;
374 if (ret & TPM_STS_COMMAND_READY)
375 break;
376
377 if (timer_get_us() > timeout)
378 goto out_err;
379
380 ret = cr50_i2c_ready(dev);
381 if (ret)
382 goto out_err;
383 } while (1);
384
385 while (len > 0) {
386 u8 mask = TPM_STS_VALID;
387
388 /* Wait for data if this is not the first chunk */
389 if (sent > 0)
390 mask |= TPM_STS_DATA_EXPECT;
391
392 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0)
393 goto out_err;
394
395 /*
396 * Use burstcnt - 1 to account for the address byte
397 * that is inserted by cr50_i2c_write()
398 */
399 limit = min(burstcnt - 1, len);
400 if (cr50_i2c_write(dev, tpm_data_fifo(priv->locality),
401 &buf[sent], limit) != 0) {
402 log_warning("Write failed\n");
403 goto out_err;
404 }
405
406 sent += limit;
407 len -= limit;
408 }
409
410 /* Ensure TPM is not expecting more data */
411 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt, &status) < 0)
412 goto out_err;
413 if (status & TPM_STS_DATA_EXPECT) {
414 log_warning("Data still expected\n");
415 goto out_err;
416 }
417
418 /* Start the TPM command */
419 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), tpm_go,
420 sizeof(tpm_go));
421 if (ret) {
422 log_warning("Start command failed\n");
423 goto out_err;
424 }
425
426 return sent;
427
428out_err:
429 /* Abort current transaction if still pending */
430 ret = cr50_i2c_status(dev);
431
432 if (ret < 0 || (ret & TPM_STS_COMMAND_READY)) {
433 ret = cr50_i2c_ready(dev);
434 if (ret)
435 return ret;
436 }
437
438 return -EIO;
439}
440
441/**
442 * process_reset() - Wait for the Cr50 to reset
443 *
444 * Cr50 processes reset requests asynchronously and conceivably could be busy
445 * executing a long command and not reacting to the reset pulse for a while.
446 *
447 * This function will make sure that the AP does not proceed with boot until
448 * TPM finished reset processing.
449 *
450 * @dev: Cr50 device
451 * @return 0 if OK, -EPERM if locality could not be taken
452 */
453static int process_reset(struct udevice *dev)
454{
455 const int loc = 0;
456 u8 access;
457 ulong start;
458
459 /*
460 * Locality is released by TPM reset.
461 *
462 * If locality is taken at this point, this could be due to the fact
463 * that the TPM is performing a long operation and has not processed
464 * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
465 * it releases locality when reset is processed.
466 */
467 start = get_timer(0);
468 do {
469 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
470 int ret;
471
472 ret = cr50_i2c_read(dev, tpm_access(loc),
473 &access, sizeof(access));
474 if (ret || ((access & mask) == mask)) {
475 /*
476 * Don't bombard the chip with traffic; let it keep
477 * processing the command.
478 */
479 mdelay(2);
480 continue;
481 }
482
483 log_warning("TPM ready after %ld ms\n", get_timer(start));
484
485 return 0;
486 } while (get_timer(start) < TIMEOUT_INIT_MS);
487
488 log_warning("TPM failed to reset after %ld ms, status: %#x\n",
489 get_timer(start), access);
490
491 return -EPERM;
492}
493
494/*
495 * Locality could be already claimed (if this is a later U-Boot phase and the
496 * read-only U-Boot did not release it), or not yet claimed, if this is TPL or
497 * the older read-only U-Boot did release it.
498 */
499static int claim_locality(struct udevice *dev, int loc)
500{
501 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
502 u8 access;
503 int ret;
504
505 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
506 if (ret)
507 return log_msg_ret("read1", ret);
508
509 if ((access & mask) == mask) {
510 log_warning("Locality already claimed\n");
511 return 0;
512 }
513
514 access = TPM_ACCESS_REQUEST_USE;
515 ret = cr50_i2c_write(dev, tpm_access(loc), &access, sizeof(access));
516 if (ret)
517 return log_msg_ret("write", ret);
518
519 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
520 if (ret)
521 return log_msg_ret("read2", ret);
522
523 if ((access & mask) != mask) {
524 log_err("Failed to claim locality\n");
525 return -EPERM;
526 }
527 log_info("Claimed locality %d\n", loc);
528
529 return 0;
530}
531
532static int cr50_i2c_get_desc(struct udevice *dev, char *buf, int size)
533{
534 struct dm_i2c_chip *chip = dev_get_parent_platdata(dev);
535 struct cr50_priv *priv = dev_get_priv(dev);
536
537 return snprintf(buf, size, "cr50 TPM 2.0 (i2c %02x id %x) irq=%d",
538 chip->chip_addr, priv->vendor >> 16, priv->use_irq);
539}
540
541static int cr50_i2c_open(struct udevice *dev)
542{
543 char buf[80];
544 int ret;
545
546 ret = process_reset(dev);
547 if (ret)
548 return log_msg_ret("reset", ret);
549
550 ret = claim_locality(dev, 0);
551 if (ret)
552 return log_msg_ret("claim", ret);
553
554 cr50_i2c_get_desc(dev, buf, sizeof(buf));
555 log_debug("%s\n", buf);
556
557 return 0;
558}
559
560static int cr50_i2c_cleanup(struct udevice *dev)
561{
562 release_locality(dev, 1);
563
564 return 0;
565}
566
567enum {
568 TPM_TIMEOUT_MS = 5,
569 SHORT_TIMEOUT_MS = 750,
570 LONG_TIMEOUT_MS = 2000,
571};
572
573static int cr50_i2c_ofdata_to_platdata(struct udevice *dev)
574{
575 struct tpm_chip_priv *upriv = dev_get_uclass_priv(dev);
576 struct cr50_priv *priv = dev_get_priv(dev);
577 struct irq irq;
578 int ret;
579
580 upriv->version = TPM_V2;
581 upriv->duration_ms[TPM_SHORT] = SHORT_TIMEOUT_MS;
582 upriv->duration_ms[TPM_MEDIUM] = LONG_TIMEOUT_MS;
583 upriv->duration_ms[TPM_LONG] = LONG_TIMEOUT_MS;
584 upriv->retry_time_ms = TPM_TIMEOUT_MS;
585
586 upriv->pcr_count = 32;
587 upriv->pcr_select_min = 2;
588
589 /* Optional GPIO to track when cr50 is ready */
590 ret = irq_get_by_index(dev, 0, &irq);
591 if (!ret) {
592 priv->irq = irq;
593 priv->use_irq = true;
594 } else {
595 ret = gpio_request_by_name(dev, "ready-gpio", 0,
596 &priv->ready_gpio, GPIOD_IS_IN);
597 if (ret) {
598 log_warning("Cr50 does not have an ready GPIO/interrupt (err=%d)\n",
599 ret);
600 }
601 }
602
603 return 0;
604}
605
606static int cr50_i2c_probe(struct udevice *dev)
607{
608 struct cr50_priv *priv = dev_get_priv(dev);
609 u32 vendor = 0;
610 ulong start;
611
612 /*
613 * 150ms should be enough to synchronise with the TPM even under the
614 * worst nested-reset-request conditions. In the vast majority of cases
615 * there will be no wait at all.
616 */
617 start = get_timer(0);
618 while (get_timer(start) < 150) {
619 int ret;
620
621 /* Exit once DID and VID verified */
622 ret = cr50_i2c_read(dev, tpm_did_vid(0), (u8 *)&vendor, 4);
623 if (!ret && vendor == CR50_DID_VID)
624 break;
625
626 /* TPM might be resetting; let's retry in a bit */
627 mdelay(10);
628 }
629 if (vendor != CR50_DID_VID) {
630 log_debug("DID_VID %08x not recognised\n", vendor);
631 return log_msg_ret("vendor-id", -EXDEV);
632 }
633 priv->vendor = vendor;
634
635 return 0;
636}
637
638static const struct tpm_ops cr50_i2c_ops = {
639 .open = cr50_i2c_open,
640 .get_desc = cr50_i2c_get_desc,
641 .send = cr50_i2c_send,
642 .recv = cr50_i2c_recv,
643 .cleanup = cr50_i2c_cleanup,
644};
645
646static const struct udevice_id cr50_i2c_ids[] = {
647 { .compatible = "google,cr50" },
648 { }
649};
650
651U_BOOT_DRIVER(cr50_i2c) = {
652 .name = "cr50_i2c",
653 .id = UCLASS_TPM,
654 .of_match = cr50_i2c_ids,
655 .ops = &cr50_i2c_ops,
656 .ofdata_to_platdata = cr50_i2c_ofdata_to_platdata,
657 .probe = cr50_i2c_probe,
658 .priv_auto_alloc_size = sizeof(struct cr50_priv),
659};