1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AMD Secure Processor device driver
4 *
5 * Copyright (C) 2013,2019 Advanced Micro Devices, Inc.
6 *
7 * Author: Tom Lendacky <thomas.lendacky@amd.com>
8 * Author: Gary R Hook <gary.hook@amd.com>
9 */
10
11 #include <linux/bitfield.h>
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/device.h>
15 #include <linux/pci.h>
16 #include <linux/pci_ids.h>
17 #include <linux/dma-mapping.h>
18 #include <linux/kthread.h>
19 #include <linux/sched.h>
20 #include <linux/interrupt.h>
21 #include <linux/spinlock.h>
22 #include <linux/delay.h>
23 #include <linux/ccp.h>
24
25 #include "ccp-dev.h"
26 #include "psp-dev.h"
27
28 /* used for version string AA.BB.CC.DD */
29 #define AA GENMASK(31, 24)
30 #define BB GENMASK(23, 16)
31 #define CC GENMASK(15, 8)
32 #define DD GENMASK(7, 0)
33
34 #define MSIX_VECTORS 2
35
36 struct sp_pci {
37 int msix_count;
38 struct msix_entry msix_entry[MSIX_VECTORS];
39 };
40 static struct sp_device *sp_dev_master;
41
42 #define security_attribute_show(name, def) \
43 static ssize_t name##_show(struct device *d, struct device_attribute *attr, \
44 char *buf) \
45 { \
46 struct sp_device *sp = dev_get_drvdata(d); \
47 struct psp_device *psp = sp->psp_data; \
48 int bit = PSP_SECURITY_##def << PSP_CAPABILITY_PSP_SECURITY_OFFSET; \
49 return sysfs_emit(buf, "%d\n", (psp->capability & bit) > 0); \
50 }
51
52 security_attribute_show(fused_part, FUSED_PART)
53 static DEVICE_ATTR_RO(fused_part);
54 security_attribute_show(debug_lock_on, DEBUG_LOCK_ON)
55 static DEVICE_ATTR_RO(debug_lock_on);
56 security_attribute_show(tsme_status, TSME_STATUS)
57 static DEVICE_ATTR_RO(tsme_status);
58 security_attribute_show(anti_rollback_status, ANTI_ROLLBACK_STATUS)
59 static DEVICE_ATTR_RO(anti_rollback_status);
60 security_attribute_show(rpmc_production_enabled, RPMC_PRODUCTION_ENABLED)
61 static DEVICE_ATTR_RO(rpmc_production_enabled);
62 security_attribute_show(rpmc_spirom_available, RPMC_SPIROM_AVAILABLE)
63 static DEVICE_ATTR_RO(rpmc_spirom_available);
64 security_attribute_show(hsp_tpm_available, HSP_TPM_AVAILABLE)
65 static DEVICE_ATTR_RO(hsp_tpm_available);
66 security_attribute_show(rom_armor_enforced, ROM_ARMOR_ENFORCED)
67 static DEVICE_ATTR_RO(rom_armor_enforced);
68
69 static struct attribute *psp_security_attrs[] = {
70 &dev_attr_fused_part.attr,
71 &dev_attr_debug_lock_on.attr,
72 &dev_attr_tsme_status.attr,
73 &dev_attr_anti_rollback_status.attr,
74 &dev_attr_rpmc_production_enabled.attr,
75 &dev_attr_rpmc_spirom_available.attr,
76 &dev_attr_hsp_tpm_available.attr,
77 &dev_attr_rom_armor_enforced.attr,
78 NULL
79 };
80
psp_security_is_visible(struct kobject * kobj,struct attribute * attr,int idx)81 static umode_t psp_security_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
82 {
83 struct device *dev = kobj_to_dev(kobj);
84 struct sp_device *sp = dev_get_drvdata(dev);
85 struct psp_device *psp = sp->psp_data;
86
87 if (psp && (psp->capability & PSP_CAPABILITY_PSP_SECURITY_REPORTING))
88 return 0444;
89
90 return 0;
91 }
92
93 static struct attribute_group psp_security_attr_group = {
94 .attrs = psp_security_attrs,
95 .is_visible = psp_security_is_visible,
96 };
97
98 #define version_attribute_show(name, _offset) \
99 static ssize_t name##_show(struct device *d, struct device_attribute *attr, \
100 char *buf) \
101 { \
102 struct sp_device *sp = dev_get_drvdata(d); \
103 struct psp_device *psp = sp->psp_data; \
104 unsigned int val = ioread32(psp->io_regs + _offset); \
105 return sysfs_emit(buf, "%02lx.%02lx.%02lx.%02lx\n", \
106 FIELD_GET(AA, val), \
107 FIELD_GET(BB, val), \
108 FIELD_GET(CC, val), \
109 FIELD_GET(DD, val)); \
110 }
111
112 version_attribute_show(bootloader_version, psp->vdata->bootloader_info_reg)
113 static DEVICE_ATTR_RO(bootloader_version);
114 version_attribute_show(tee_version, psp->vdata->tee->info_reg)
115 static DEVICE_ATTR_RO(tee_version);
116
117 static struct attribute *psp_firmware_attrs[] = {
118 &dev_attr_bootloader_version.attr,
119 &dev_attr_tee_version.attr,
120 NULL,
121 };
122
psp_firmware_is_visible(struct kobject * kobj,struct attribute * attr,int idx)123 static umode_t psp_firmware_is_visible(struct kobject *kobj, struct attribute *attr, int idx)
124 {
125 struct device *dev = kobj_to_dev(kobj);
126 struct sp_device *sp = dev_get_drvdata(dev);
127 struct psp_device *psp = sp->psp_data;
128 unsigned int val = 0xffffffff;
129
130 if (!psp)
131 return 0;
132
133 if (attr == &dev_attr_bootloader_version.attr &&
134 psp->vdata->bootloader_info_reg)
135 val = ioread32(psp->io_regs + psp->vdata->bootloader_info_reg);
136
137 if (attr == &dev_attr_tee_version.attr &&
138 psp->capability & PSP_CAPABILITY_TEE &&
139 psp->vdata->tee->info_reg)
140 val = ioread32(psp->io_regs + psp->vdata->tee->info_reg);
141
142 /* If platform disallows accessing this register it will be all f's */
143 if (val != 0xffffffff)
144 return 0444;
145
146 return 0;
147 }
148
149 static struct attribute_group psp_firmware_attr_group = {
150 .attrs = psp_firmware_attrs,
151 .is_visible = psp_firmware_is_visible,
152 };
153
154 static const struct attribute_group *psp_groups[] = {
155 &psp_security_attr_group,
156 &psp_firmware_attr_group,
157 NULL,
158 };
159
sp_get_msix_irqs(struct sp_device * sp)160 static int sp_get_msix_irqs(struct sp_device *sp)
161 {
162 struct sp_pci *sp_pci = sp->dev_specific;
163 struct device *dev = sp->dev;
164 struct pci_dev *pdev = to_pci_dev(dev);
165 int v, ret;
166
167 for (v = 0; v < ARRAY_SIZE(sp_pci->msix_entry); v++)
168 sp_pci->msix_entry[v].entry = v;
169
170 ret = pci_enable_msix_range(pdev, sp_pci->msix_entry, 1, v);
171 if (ret < 0)
172 return ret;
173
174 sp_pci->msix_count = ret;
175 sp->use_tasklet = true;
176
177 sp->psp_irq = sp_pci->msix_entry[0].vector;
178 sp->ccp_irq = (sp_pci->msix_count > 1) ? sp_pci->msix_entry[1].vector
179 : sp_pci->msix_entry[0].vector;
180 return 0;
181 }
182
sp_get_msi_irq(struct sp_device * sp)183 static int sp_get_msi_irq(struct sp_device *sp)
184 {
185 struct device *dev = sp->dev;
186 struct pci_dev *pdev = to_pci_dev(dev);
187 int ret;
188
189 ret = pci_enable_msi(pdev);
190 if (ret)
191 return ret;
192
193 sp->ccp_irq = pdev->irq;
194 sp->psp_irq = pdev->irq;
195
196 return 0;
197 }
198
sp_get_irqs(struct sp_device * sp)199 static int sp_get_irqs(struct sp_device *sp)
200 {
201 struct device *dev = sp->dev;
202 int ret;
203
204 ret = sp_get_msix_irqs(sp);
205 if (!ret)
206 return 0;
207
208 /* Couldn't get MSI-X vectors, try MSI */
209 dev_notice(dev, "could not enable MSI-X (%d), trying MSI\n", ret);
210 ret = sp_get_msi_irq(sp);
211 if (!ret)
212 return 0;
213
214 /* Couldn't get MSI interrupt */
215 dev_notice(dev, "could not enable MSI (%d)\n", ret);
216
217 return ret;
218 }
219
sp_free_irqs(struct sp_device * sp)220 static void sp_free_irqs(struct sp_device *sp)
221 {
222 struct sp_pci *sp_pci = sp->dev_specific;
223 struct device *dev = sp->dev;
224 struct pci_dev *pdev = to_pci_dev(dev);
225
226 if (sp_pci->msix_count)
227 pci_disable_msix(pdev);
228 else if (sp->psp_irq)
229 pci_disable_msi(pdev);
230
231 sp->ccp_irq = 0;
232 sp->psp_irq = 0;
233 }
234
sp_pci_is_master(struct sp_device * sp)235 static bool sp_pci_is_master(struct sp_device *sp)
236 {
237 struct device *dev_cur, *dev_new;
238 struct pci_dev *pdev_cur, *pdev_new;
239
240 dev_new = sp->dev;
241 dev_cur = sp_dev_master->dev;
242
243 pdev_new = to_pci_dev(dev_new);
244 pdev_cur = to_pci_dev(dev_cur);
245
246 if (pci_domain_nr(pdev_new->bus) != pci_domain_nr(pdev_cur->bus))
247 return pci_domain_nr(pdev_new->bus) < pci_domain_nr(pdev_cur->bus);
248
249 if (pdev_new->bus->number != pdev_cur->bus->number)
250 return pdev_new->bus->number < pdev_cur->bus->number;
251
252 if (PCI_SLOT(pdev_new->devfn) != PCI_SLOT(pdev_cur->devfn))
253 return PCI_SLOT(pdev_new->devfn) < PCI_SLOT(pdev_cur->devfn);
254
255 if (PCI_FUNC(pdev_new->devfn) != PCI_FUNC(pdev_cur->devfn))
256 return PCI_FUNC(pdev_new->devfn) < PCI_FUNC(pdev_cur->devfn);
257
258 return false;
259 }
260
psp_set_master(struct sp_device * sp)261 static void psp_set_master(struct sp_device *sp)
262 {
263 if (!sp_dev_master) {
264 sp_dev_master = sp;
265 return;
266 }
267
268 if (sp_pci_is_master(sp))
269 sp_dev_master = sp;
270 }
271
psp_get_master(void)272 static struct sp_device *psp_get_master(void)
273 {
274 return sp_dev_master;
275 }
276
psp_clear_master(struct sp_device * sp)277 static void psp_clear_master(struct sp_device *sp)
278 {
279 if (sp == sp_dev_master) {
280 sp_dev_master = NULL;
281 dev_dbg(sp->dev, "Cleared sp_dev_master\n");
282 }
283 }
284
sp_pci_probe(struct pci_dev * pdev,const struct pci_device_id * id)285 static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
286 {
287 struct sp_device *sp;
288 struct sp_pci *sp_pci;
289 struct device *dev = &pdev->dev;
290 void __iomem * const *iomap_table;
291 int bar_mask;
292 int ret;
293
294 ret = -ENOMEM;
295 sp = sp_alloc_struct(dev);
296 if (!sp)
297 goto e_err;
298
299 sp_pci = devm_kzalloc(dev, sizeof(*sp_pci), GFP_KERNEL);
300 if (!sp_pci)
301 goto e_err;
302
303 sp->dev_specific = sp_pci;
304 sp->dev_vdata = (struct sp_dev_vdata *)id->driver_data;
305 if (!sp->dev_vdata) {
306 ret = -ENODEV;
307 dev_err(dev, "missing driver data\n");
308 goto e_err;
309 }
310
311 ret = pcim_enable_device(pdev);
312 if (ret) {
313 dev_err(dev, "pcim_enable_device failed (%d)\n", ret);
314 goto e_err;
315 }
316
317 bar_mask = pci_select_bars(pdev, IORESOURCE_MEM);
318 ret = pcim_iomap_regions(pdev, bar_mask, "ccp");
319 if (ret) {
320 dev_err(dev, "pcim_iomap_regions failed (%d)\n", ret);
321 goto e_err;
322 }
323
324 iomap_table = pcim_iomap_table(pdev);
325 if (!iomap_table) {
326 dev_err(dev, "pcim_iomap_table failed\n");
327 ret = -ENOMEM;
328 goto e_err;
329 }
330
331 sp->io_map = iomap_table[sp->dev_vdata->bar];
332 if (!sp->io_map) {
333 dev_err(dev, "ioremap failed\n");
334 ret = -ENOMEM;
335 goto e_err;
336 }
337
338 ret = sp_get_irqs(sp);
339 if (ret)
340 goto e_err;
341
342 pci_set_master(pdev);
343 sp->set_psp_master_device = psp_set_master;
344 sp->get_psp_master_device = psp_get_master;
345 sp->clear_psp_master_device = psp_clear_master;
346
347 ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48));
348 if (ret) {
349 ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32));
350 if (ret) {
351 dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n",
352 ret);
353 goto free_irqs;
354 }
355 }
356
357 dev_set_drvdata(dev, sp);
358
359 ret = sp_init(sp);
360 if (ret)
361 goto free_irqs;
362
363 return 0;
364
365 free_irqs:
366 sp_free_irqs(sp);
367 e_err:
368 dev_notice(dev, "initialization failed\n");
369 return ret;
370 }
371
sp_pci_shutdown(struct pci_dev * pdev)372 static void sp_pci_shutdown(struct pci_dev *pdev)
373 {
374 struct device *dev = &pdev->dev;
375 struct sp_device *sp = dev_get_drvdata(dev);
376
377 if (!sp)
378 return;
379
380 sp_destroy(sp);
381 }
382
sp_pci_remove(struct pci_dev * pdev)383 static void sp_pci_remove(struct pci_dev *pdev)
384 {
385 struct device *dev = &pdev->dev;
386 struct sp_device *sp = dev_get_drvdata(dev);
387
388 if (!sp)
389 return;
390
391 sp_destroy(sp);
392
393 sp_free_irqs(sp);
394 }
395
sp_pci_suspend(struct device * dev)396 static int __maybe_unused sp_pci_suspend(struct device *dev)
397 {
398 struct sp_device *sp = dev_get_drvdata(dev);
399
400 return sp_suspend(sp);
401 }
402
sp_pci_resume(struct device * dev)403 static int __maybe_unused sp_pci_resume(struct device *dev)
404 {
405 struct sp_device *sp = dev_get_drvdata(dev);
406
407 return sp_resume(sp);
408 }
409
410 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
411 static const struct sev_vdata sevv1 = {
412 .cmdresp_reg = 0x10580, /* C2PMSG_32 */
413 .cmdbuff_addr_lo_reg = 0x105e0, /* C2PMSG_56 */
414 .cmdbuff_addr_hi_reg = 0x105e4, /* C2PMSG_57 */
415 };
416
417 static const struct sev_vdata sevv2 = {
418 .cmdresp_reg = 0x10980, /* C2PMSG_32 */
419 .cmdbuff_addr_lo_reg = 0x109e0, /* C2PMSG_56 */
420 .cmdbuff_addr_hi_reg = 0x109e4, /* C2PMSG_57 */
421 };
422
423 static const struct tee_vdata teev1 = {
424 .cmdresp_reg = 0x10544, /* C2PMSG_17 */
425 .cmdbuff_addr_lo_reg = 0x10548, /* C2PMSG_18 */
426 .cmdbuff_addr_hi_reg = 0x1054c, /* C2PMSG_19 */
427 .ring_wptr_reg = 0x10550, /* C2PMSG_20 */
428 .ring_rptr_reg = 0x10554, /* C2PMSG_21 */
429 .info_reg = 0x109e8, /* C2PMSG_58 */
430 };
431
432 static const struct tee_vdata teev2 = {
433 .cmdresp_reg = 0x10944, /* C2PMSG_17 */
434 .cmdbuff_addr_lo_reg = 0x10948, /* C2PMSG_18 */
435 .cmdbuff_addr_hi_reg = 0x1094c, /* C2PMSG_19 */
436 .ring_wptr_reg = 0x10950, /* C2PMSG_20 */
437 .ring_rptr_reg = 0x10954, /* C2PMSG_21 */
438 };
439
440 static const struct platform_access_vdata pa_v1 = {
441 .cmdresp_reg = 0x10570, /* C2PMSG_28 */
442 .cmdbuff_addr_lo_reg = 0x10574, /* C2PMSG_29 */
443 .cmdbuff_addr_hi_reg = 0x10578, /* C2PMSG_30 */
444 .doorbell_button_reg = 0x10a24, /* C2PMSG_73 */
445 .doorbell_cmd_reg = 0x10a40, /* C2PMSG_80 */
446 };
447
448 static const struct platform_access_vdata pa_v2 = {
449 .doorbell_button_reg = 0x10a24, /* C2PMSG_73 */
450 .doorbell_cmd_reg = 0x10a40, /* C2PMSG_80 */
451 };
452
453 static const struct psp_vdata pspv1 = {
454 .sev = &sevv1,
455 .bootloader_info_reg = 0x105ec, /* C2PMSG_59 */
456 .feature_reg = 0x105fc, /* C2PMSG_63 */
457 .inten_reg = 0x10610, /* P2CMSG_INTEN */
458 .intsts_reg = 0x10614, /* P2CMSG_INTSTS */
459 };
460
461 static const struct psp_vdata pspv2 = {
462 .sev = &sevv2,
463 .bootloader_info_reg = 0x109ec, /* C2PMSG_59 */
464 .feature_reg = 0x109fc, /* C2PMSG_63 */
465 .inten_reg = 0x10690, /* P2CMSG_INTEN */
466 .intsts_reg = 0x10694, /* P2CMSG_INTSTS */
467 };
468
469 static const struct psp_vdata pspv3 = {
470 .tee = &teev1,
471 .platform_access = &pa_v1,
472 .bootloader_info_reg = 0x109ec, /* C2PMSG_59 */
473 .feature_reg = 0x109fc, /* C2PMSG_63 */
474 .inten_reg = 0x10690, /* P2CMSG_INTEN */
475 .intsts_reg = 0x10694, /* P2CMSG_INTSTS */
476 .platform_features = PLATFORM_FEATURE_DBC,
477 };
478
479 static const struct psp_vdata pspv4 = {
480 .sev = &sevv2,
481 .tee = &teev1,
482 .bootloader_info_reg = 0x109ec, /* C2PMSG_59 */
483 .feature_reg = 0x109fc, /* C2PMSG_63 */
484 .inten_reg = 0x10690, /* P2CMSG_INTEN */
485 .intsts_reg = 0x10694, /* P2CMSG_INTSTS */
486 };
487
488 static const struct psp_vdata pspv5 = {
489 .tee = &teev2,
490 .platform_access = &pa_v2,
491 .feature_reg = 0x109fc, /* C2PMSG_63 */
492 .inten_reg = 0x10510, /* P2CMSG_INTEN */
493 .intsts_reg = 0x10514, /* P2CMSG_INTSTS */
494 };
495
496 static const struct psp_vdata pspv6 = {
497 .sev = &sevv2,
498 .tee = &teev2,
499 .feature_reg = 0x109fc, /* C2PMSG_63 */
500 .inten_reg = 0x10510, /* P2CMSG_INTEN */
501 .intsts_reg = 0x10514, /* P2CMSG_INTSTS */
502 };
503
504 #endif
505
506 static const struct sp_dev_vdata dev_vdata[] = {
507 { /* 0 */
508 .bar = 2,
509 #ifdef CONFIG_CRYPTO_DEV_SP_CCP
510 .ccp_vdata = &ccpv3,
511 #endif
512 },
513 { /* 1 */
514 .bar = 2,
515 #ifdef CONFIG_CRYPTO_DEV_SP_CCP
516 .ccp_vdata = &ccpv5a,
517 #endif
518 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
519 .psp_vdata = &pspv1,
520 #endif
521 },
522 { /* 2 */
523 .bar = 2,
524 #ifdef CONFIG_CRYPTO_DEV_SP_CCP
525 .ccp_vdata = &ccpv5b,
526 #endif
527 },
528 { /* 3 */
529 .bar = 2,
530 #ifdef CONFIG_CRYPTO_DEV_SP_CCP
531 .ccp_vdata = &ccpv5a,
532 #endif
533 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
534 .psp_vdata = &pspv2,
535 #endif
536 },
537 { /* 4 */
538 .bar = 2,
539 #ifdef CONFIG_CRYPTO_DEV_SP_CCP
540 .ccp_vdata = &ccpv5a,
541 #endif
542 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
543 .psp_vdata = &pspv3,
544 #endif
545 },
546 { /* 5 */
547 .bar = 2,
548 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
549 .psp_vdata = &pspv4,
550 #endif
551 },
552 { /* 6 */
553 .bar = 2,
554 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
555 .psp_vdata = &pspv3,
556 #endif
557 },
558 { /* 7 */
559 .bar = 2,
560 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
561 .psp_vdata = &pspv5,
562 #endif
563 },
564 { /* 8 */
565 .bar = 2,
566 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
567 .psp_vdata = &pspv6,
568 #endif
569 },
570 };
571 static const struct pci_device_id sp_pci_table[] = {
572 { PCI_VDEVICE(AMD, 0x1537), (kernel_ulong_t)&dev_vdata[0] },
573 { PCI_VDEVICE(AMD, 0x1456), (kernel_ulong_t)&dev_vdata[1] },
574 { PCI_VDEVICE(AMD, 0x1468), (kernel_ulong_t)&dev_vdata[2] },
575 { PCI_VDEVICE(AMD, 0x1486), (kernel_ulong_t)&dev_vdata[3] },
576 { PCI_VDEVICE(AMD, 0x15DF), (kernel_ulong_t)&dev_vdata[4] },
577 { PCI_VDEVICE(AMD, 0x14CA), (kernel_ulong_t)&dev_vdata[5] },
578 { PCI_VDEVICE(AMD, 0x15C7), (kernel_ulong_t)&dev_vdata[6] },
579 { PCI_VDEVICE(AMD, 0x1649), (kernel_ulong_t)&dev_vdata[6] },
580 { PCI_VDEVICE(AMD, 0x1134), (kernel_ulong_t)&dev_vdata[7] },
581 { PCI_VDEVICE(AMD, 0x17E0), (kernel_ulong_t)&dev_vdata[7] },
582 { PCI_VDEVICE(AMD, 0x156E), (kernel_ulong_t)&dev_vdata[8] },
583 /* Last entry must be zero */
584 { 0, }
585 };
586 MODULE_DEVICE_TABLE(pci, sp_pci_table);
587
588 static SIMPLE_DEV_PM_OPS(sp_pci_pm_ops, sp_pci_suspend, sp_pci_resume);
589
590 static struct pci_driver sp_pci_driver = {
591 .name = "ccp",
592 .id_table = sp_pci_table,
593 .probe = sp_pci_probe,
594 .remove = sp_pci_remove,
595 .shutdown = sp_pci_shutdown,
596 .driver.pm = &sp_pci_pm_ops,
597 .dev_groups = psp_groups,
598 };
599
sp_pci_init(void)600 int sp_pci_init(void)
601 {
602 return pci_register_driver(&sp_pci_driver);
603 }
604
sp_pci_exit(void)605 void sp_pci_exit(void)
606 {
607 pci_unregister_driver(&sp_pci_driver);
608 }
609