1 /*-
2 * Copyright (c) 2018 Stormshield.
3 * Copyright (c) 2018 Semihalf.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include "tpm20.h"
30
31 /*
32 * TIS register space as defined in
33 * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
34 */
35 #define TPM_ACCESS 0x0
36 #define TPM_INT_ENABLE 0x8
37 #define TPM_INT_VECTOR 0xc
38 #define TPM_INT_STS 0x10
39 #define TPM_INTF_CAPS 0x14
40 #define TPM_STS 0x18
41 #define TPM_DATA_FIFO 0x24
42 #define TPM_INTF_ID 0x30
43 #define TPM_XDATA_FIFO 0x80
44 #define TPM_DID_VID 0xF00
45 #define TPM_RID 0xF04
46
47 #define TPM_ACCESS_LOC_REQ BIT(1)
48 #define TPM_ACCESS_LOC_Seize BIT(3)
49 #define TPM_ACCESS_LOC_ACTIVE BIT(5)
50 #define TPM_ACCESS_LOC_RELINQUISH BIT(5)
51 #define TPM_ACCESS_VALID BIT(7)
52
53 #define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31)
54 #define TPM_INT_ENABLE_CMD_RDY BIT(7)
55 #define TPM_INT_ENABLE_LOC_CHANGE BIT(2)
56 #define TPM_INT_ENABLE_STS_VALID BIT(1)
57 #define TPM_INT_ENABLE_DATA_AVAIL BIT(0)
58
59 #define TPM_INT_STS_CMD_RDY BIT(7)
60 #define TPM_INT_STS_LOC_CHANGE BIT(2)
61 #define TPM_INT_STS_VALID BIT(1)
62 #define TPM_INT_STS_DATA_AVAIL BIT(0)
63
64 #define TPM_INTF_CAPS_VERSION 0x70000000
65 #define TPM_INTF_CAPS_TPM20 0x30000000
66
67 #define TPM_STS_VALID BIT(7)
68 #define TPM_STS_CMD_RDY BIT(6)
69 #define TPM_STS_CMD_START BIT(5)
70 #define TPM_STS_DATA_AVAIL BIT(4)
71 #define TPM_STS_DATA_EXPECTED BIT(3)
72 #define TPM_STS_BURST_MASK 0xFFFF00
73 #define TPM_STS_BURST_OFFSET 0x8
74
75 static int tpmtis_transmit(struct tpm_sc *sc, size_t length);
76
77 static int tpmtis_acpi_probe(device_t dev);
78 static int tpmtis_attach(device_t dev);
79 static int tpmtis_detach(device_t dev);
80
81 static void tpmtis_intr_handler(void *arg);
82
83 static ACPI_STATUS tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg);
84 static bool tpmtis_setup_intr(struct tpm_sc *sc);
85
86 static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
87 static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
88 static bool tpmtis_request_locality(struct tpm_sc *sc, int locality);
89 static void tpmtis_relinquish_locality(struct tpm_sc *sc);
90 static bool tpmtis_go_ready(struct tpm_sc *sc);
91
92 static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off,
93 uint32_t mask, uint32_t val, int32_t timeout);
94
95 static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc);
96
97 char *tpmtis_ids[] = {"MSFT0101", NULL};
98
99 static int
tpmtis_acpi_probe(device_t dev)100 tpmtis_acpi_probe(device_t dev)
101 {
102 int err;
103 ACPI_TABLE_TPM23 *tbl;
104 ACPI_STATUS status;
105
106 err = ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids, NULL);
107 if (err > 0)
108 return (err);
109 /*Find TPM2 Header*/
110 status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl);
111 if(ACPI_FAILURE(status) ||
112 tbl->StartMethod != TPM2_START_METHOD_TIS)
113 err = ENXIO;
114
115 device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode");
116 return (err);
117 }
118
119 static int
tpmtis_attach(device_t dev)120 tpmtis_attach(device_t dev)
121 {
122 struct tpm_sc *sc;
123 int result;
124
125 sc = device_get_softc(dev);
126 sc->dev = dev;
127
128 sc->mem_rid = 0;
129 sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
130 RF_ACTIVE);
131 if (sc->mem_res == NULL)
132 return (ENXIO);
133
134 sc->irq_rid = 0;
135 sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
136 RF_ACTIVE | RF_SHAREABLE);
137 if (sc->irq_res != NULL) {
138 if (bus_setup_intr(dev, sc->irq_res, INTR_TYPE_MISC | INTR_MPSAFE,
139 NULL, tpmtis_intr_handler, sc, &sc->intr_cookie))
140 sc->interrupts = false;
141 else
142 sc->interrupts = tpmtis_setup_intr(sc);
143 } else {
144 sc->interrupts = false;
145 }
146
147 sc->intr_type = -1;
148
149 sc->transmit = tpmtis_transmit;
150
151 result = tpm20_init(sc);
152 if (result != 0)
153 tpmtis_detach(dev);
154
155 return (result);
156 }
157
158 static int
tpmtis_detach(device_t dev)159 tpmtis_detach(device_t dev)
160 {
161 struct tpm_sc *sc;
162
163 sc = device_get_softc(dev);
164 tpm20_release(sc);
165
166 if (sc->intr_cookie != NULL)
167 bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
168
169 if (sc->irq_res != NULL)
170 bus_release_resource(dev, SYS_RES_IRQ,
171 sc->irq_rid, sc->irq_res);
172
173 if (sc->mem_res != NULL)
174 bus_release_resource(dev, SYS_RES_MEMORY,
175 sc->mem_rid, sc->mem_res);
176
177 return (0);
178 }
179
180 static ACPI_STATUS
tpmtis_get_SIRQ_channel(ACPI_RESOURCE * res,void * arg)181 tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg)
182 {
183 struct tpm_sc *sc;
184 uint8_t channel;
185
186 sc = (struct tpm_sc *)arg;
187
188 switch (res->Type) {
189 case ACPI_RESOURCE_TYPE_IRQ:
190 channel = res->Data.Irq.Interrupts[0];
191 break;
192 case ACPI_RESOURCE_TYPE_EXTENDED_IRQ:
193 channel = res->Data.ExtendedIrq.Interrupts[0];
194 break;
195 default:
196 return (AE_OK);
197 }
198
199 WR1(sc, TPM_INT_VECTOR, channel);
200 return (AE_OK);
201 }
202
203 static bool
tpmtis_setup_intr(struct tpm_sc * sc)204 tpmtis_setup_intr(struct tpm_sc *sc)
205 {
206 ACPI_STATUS status;
207 ACPI_HANDLE handle;
208 uint32_t irq_mask;
209
210 handle = acpi_get_handle(sc->dev);
211
212 if(!tpmtis_request_locality(sc, 0))
213 return (false);
214
215 irq_mask = RD4(sc, TPM_INT_ENABLE);
216 irq_mask |= TPM_INT_ENABLE_GLOBAL_ENABLE |
217 TPM_INT_ENABLE_DATA_AVAIL |
218 TPM_INT_ENABLE_LOC_CHANGE |
219 TPM_INT_ENABLE_CMD_RDY |
220 TPM_INT_ENABLE_STS_VALID;
221 WR4(sc, TPM_INT_ENABLE, irq_mask);
222
223 status = AcpiWalkResources(handle, "_CRS",
224 tpmtis_get_SIRQ_channel, (void *)sc);
225
226 tpmtis_relinquish_locality(sc);
227
228 return (ACPI_SUCCESS(status));
229 }
230
231 static void
tpmtis_intr_handler(void * arg)232 tpmtis_intr_handler(void *arg)
233 {
234 struct tpm_sc *sc;
235 uint32_t status;
236
237 sc = (struct tpm_sc *)arg;
238 status = RD4(sc, TPM_INT_STS);
239
240 WR4(sc, TPM_INT_STS, status);
241 if (sc->intr_type != -1 && sc->intr_type & status)
242 wakeup(sc);
243 }
244
245 static bool
tpm_wait_for_u32(struct tpm_sc * sc,bus_size_t off,uint32_t mask,uint32_t val,int32_t timeout)246 tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val,
247 int32_t timeout)
248 {
249
250 /* Check for condition */
251 if ((RD4(sc, off) & mask) == val)
252 return (true);
253
254 /* If interrupts are enabled sleep for timeout duration */
255 if(sc->interrupts && sc->intr_type != -1) {
256 tsleep(sc, PWAIT, "TPM WITH INTERRUPTS", timeout / tick);
257
258 sc->intr_type = -1;
259 return ((RD4(sc, off) & mask) == val);
260 }
261
262 /* If we don't have interrupts poll the device every tick */
263 while (timeout > 0) {
264 if ((RD4(sc, off) & mask) == val)
265 return (true);
266
267 pause("TPM POLLING", 1);
268 timeout -= tick;
269 }
270 return (false);
271 }
272
273 static uint16_t
tpmtis_wait_for_burst(struct tpm_sc * sc)274 tpmtis_wait_for_burst(struct tpm_sc *sc)
275 {
276 int timeout;
277 uint16_t burst_count;
278
279 timeout = TPM_TIMEOUT_A;
280
281 while (timeout-- > 0) {
282 burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >>
283 TPM_STS_BURST_OFFSET;
284 if (burst_count > 0)
285 break;
286
287 DELAY(1);
288 }
289 return (burst_count);
290 }
291
292 static bool
tpmtis_read_bytes(struct tpm_sc * sc,size_t count,uint8_t * buf)293 tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
294 {
295 uint16_t burst_count;
296
297 while (count > 0) {
298 burst_count = tpmtis_wait_for_burst(sc);
299 if (burst_count == 0)
300 return (false);
301
302 burst_count = MIN(burst_count, count);
303 count -= burst_count;
304
305 while (burst_count-- > 0)
306 *buf++ = RD1(sc, TPM_DATA_FIFO);
307 }
308
309 return (true);
310 }
311
312 static bool
tpmtis_write_bytes(struct tpm_sc * sc,size_t count,uint8_t * buf)313 tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
314 {
315 uint16_t burst_count;
316
317 while (count > 0) {
318 burst_count = tpmtis_wait_for_burst(sc);
319 if (burst_count == 0)
320 return (false);
321
322 burst_count = MIN(burst_count, count);
323 count -= burst_count;
324
325 while (burst_count-- > 0)
326 WR1(sc, TPM_DATA_FIFO, *buf++);
327 }
328
329 return (true);
330 }
331
332 static bool
tpmtis_request_locality(struct tpm_sc * sc,int locality)333 tpmtis_request_locality(struct tpm_sc *sc, int locality)
334 {
335 uint8_t mask;
336 int timeout;
337
338 /* Currently we only support Locality 0 */
339 if (locality != 0)
340 return (false);
341
342 mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID;
343 timeout = TPM_TIMEOUT_A;
344 sc->intr_type = TPM_INT_STS_LOC_CHANGE;
345
346 WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ);
347 bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE);
348 if(sc->interrupts) {
349 tsleep(sc, PWAIT, "TPMLOCREQUEST with INTR", timeout / tick);
350 return ((RD1(sc, TPM_ACCESS) & mask) == mask);
351 } else {
352 while(timeout > 0) {
353 if ((RD1(sc, TPM_ACCESS) & mask) == mask)
354 return (true);
355
356 pause("TPMLOCREQUEST POLLING", 1);
357 timeout -= tick;
358 }
359 }
360
361 return (false);
362 }
363
364 static void
tpmtis_relinquish_locality(struct tpm_sc * sc)365 tpmtis_relinquish_locality(struct tpm_sc *sc)
366 {
367
368 /*
369 * Interrupts can only be cleared when a locality is active.
370 * Clear them now in case interrupt handler didn't make it in time.
371 */
372 if(sc->interrupts)
373 AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS));
374
375 OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH);
376 }
377
378 static bool
tpmtis_go_ready(struct tpm_sc * sc)379 tpmtis_go_ready(struct tpm_sc *sc)
380 {
381 uint32_t mask;
382
383 mask = TPM_STS_CMD_RDY;
384 sc->intr_type = TPM_INT_STS_CMD_RDY;
385
386 WR4(sc, TPM_STS, TPM_STS_CMD_RDY);
387 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
388 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B))
389 return (false);
390
391 return (true);
392 }
393
394 static int
tpmtis_transmit(struct tpm_sc * sc,size_t length)395 tpmtis_transmit(struct tpm_sc *sc, size_t length)
396 {
397 size_t bytes_available;
398 uint32_t mask, curr_cmd;
399 int timeout;
400
401 sx_assert(&sc->dev_lock, SA_XLOCKED);
402
403 if (!tpmtis_request_locality(sc, 0)) {
404 device_printf(sc->dev,
405 "Failed to obtain locality\n");
406 return (EIO);
407 }
408 if (!tpmtis_go_ready(sc)) {
409 device_printf(sc->dev,
410 "Failed to switch to ready state\n");
411 return (EIO);
412 }
413 if (!tpmtis_write_bytes(sc, length, sc->buf)) {
414 device_printf(sc->dev,
415 "Failed to write cmd to device\n");
416 return (EIO);
417 }
418
419 mask = TPM_STS_VALID;
420 sc->intr_type = TPM_INT_STS_VALID;
421 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) {
422 device_printf(sc->dev,
423 "Timeout while waiting for valid bit\n");
424 return (EIO);
425 }
426 if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) {
427 device_printf(sc->dev,
428 "Device expects more data even though we already"
429 " sent everything we had\n");
430 return (EIO);
431 }
432
433 /*
434 * Calculate timeout for current command.
435 * Command code is passed in bytes 6-10.
436 */
437 curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6]));
438 timeout = tpm20_get_timeout(curr_cmd);
439
440 WR4(sc, TPM_STS, TPM_STS_CMD_START);
441 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
442
443 mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
444 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
445 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) {
446 device_printf(sc->dev,
447 "Timeout while waiting for device to process cmd\n");
448 /*
449 * Switching to ready state also cancels processing
450 * current command
451 */
452 if (!tpmtis_go_ready(sc))
453 return (EIO);
454
455 /*
456 * After canceling a command we should get a response,
457 * check if there is one.
458 */
459 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
460 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C))
461 return (EIO);
462 }
463 /* Read response header. Length is passed in bytes 2 - 6. */
464 if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) {
465 device_printf(sc->dev,
466 "Failed to read response header\n");
467 return (EIO);
468 }
469 bytes_available = be32toh(*(uint32_t *) (&sc->buf[2]));
470
471 if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) {
472 device_printf(sc->dev,
473 "Incorrect response size: %zu\n",
474 bytes_available);
475 return (EIO);
476 }
477 if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE,
478 &sc->buf[TPM_HEADER_SIZE])) {
479 device_printf(sc->dev,
480 "Failed to read response\n");
481 return (EIO);
482 }
483 tpmtis_relinquish_locality(sc);
484 sc->pending_data_length = bytes_available;
485
486 return (0);
487 }
488
489 /* ACPI Driver */
490 static device_method_t tpmtis_methods[] = {
491 DEVMETHOD(device_probe, tpmtis_acpi_probe),
492 DEVMETHOD(device_attach, tpmtis_attach),
493 DEVMETHOD(device_detach, tpmtis_detach),
494 DEVMETHOD(device_shutdown, tpm20_shutdown),
495 DEVMETHOD(device_suspend, tpm20_suspend),
496 {0, 0}
497 };
498 static driver_t tpmtis_driver = {
499 "tpmtis", tpmtis_methods, sizeof(struct tpm_sc),
500 };
501
502 devclass_t tpmtis_devclass;
503 DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, tpmtis_devclass, 0, 0);
504