1 /*
2 * tpm_tis_i2c.c - QEMU's TPM TIS I2C Device
3 *
4 * Copyright (c) 2023 IBM Corporation
5 *
6 * Authors:
7 * Ninad Palsule <ninad@linux.ibm.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or later.
10 * See the COPYING file in the top-level directory.
11 *
12 * TPM I2C implementation follows TCG TPM I2c Interface specification,
13 * Family 2.0, Level 00, Revision 1.00
14 *
15 * TPM TIS for TPM 2 implementation following TCG PC Client Platform
16 * TPM Profile (PTP) Specification, Family 2.0, Revision 00.43
17 *
18 */
19
20 #include "qemu/osdep.h"
21 #include "hw/i2c/i2c.h"
22 #include "hw/sysbus.h"
23 #include "hw/acpi/tpm.h"
24 #include "migration/vmstate.h"
25 #include "tpm_prop.h"
26 #include "qemu/log.h"
27 #include "trace.h"
28 #include "tpm_tis.h"
29
30 /* Operations */
31 #define OP_SEND 1
32 #define OP_RECV 2
33
34 /* Is locality valid */
35 #define TPM_TIS_I2C_IS_VALID_LOCTY(x) TPM_TIS_IS_VALID_LOCTY(x)
36
37 typedef struct TPMStateI2C {
38 /*< private >*/
39 I2CSlave parent_obj;
40
41 uint8_t offset; /* offset into data[] */
42 uint8_t operation; /* OP_SEND & OP_RECV */
43 uint8_t data[5]; /* Data */
44
45 /* i2c registers */
46 uint8_t loc_sel; /* Current locality */
47 uint8_t csum_enable; /* Is checksum enabled */
48
49 /* Derived from the above */
50 const char *reg_name; /* Register name */
51 uint32_t tis_addr; /* Converted tis address including locty */
52
53 /*< public >*/
54 TPMState state; /* not a QOM object */
55
56 } TPMStateI2C;
57
58 DECLARE_INSTANCE_CHECKER(TPMStateI2C, TPM_TIS_I2C,
59 TYPE_TPM_TIS_I2C)
60
61 /* Prototype */
62 static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst, uint8_t i2c_reg);
63
64 /* Register map */
65 typedef struct regMap {
66 uint8_t i2c_reg; /* I2C register */
67 uint16_t tis_reg; /* TIS register */
68 const char *reg_name; /* Register name */
69 } I2CRegMap;
70
71 /*
72 * The register values in the common code is different than the latest
73 * register numbers as per the spec hence add the conversion map
74 */
75 static const I2CRegMap tpm_tis_reg_map[] = {
76 /*
77 * These registers are sent to TIS layer. The register with UNKNOWN
78 * mapping are not sent to TIS layer and handled in I2c layer.
79 * NOTE: Adding frequently used registers at the start
80 */
81 { TPM_I2C_REG_DATA_FIFO, TPM_TIS_REG_DATA_FIFO, "FIFO", },
82 { TPM_I2C_REG_STS, TPM_TIS_REG_STS, "STS", },
83 { TPM_I2C_REG_DATA_CSUM_GET, TPM_I2C_REG_UNKNOWN, "CSUM_GET", },
84 { TPM_I2C_REG_LOC_SEL, TPM_I2C_REG_UNKNOWN, "LOC_SEL", },
85 { TPM_I2C_REG_ACCESS, TPM_TIS_REG_ACCESS, "ACCESS", },
86 { TPM_I2C_REG_INT_ENABLE, TPM_TIS_REG_INT_ENABLE, "INTR_ENABLE",},
87 { TPM_I2C_REG_INT_CAPABILITY, TPM_I2C_REG_UNKNOWN, "INTR_CAP", },
88 { TPM_I2C_REG_INTF_CAPABILITY, TPM_TIS_REG_INTF_CAPABILITY, "INTF_CAP", },
89 { TPM_I2C_REG_DID_VID, TPM_TIS_REG_DID_VID, "DID_VID", },
90 { TPM_I2C_REG_RID, TPM_TIS_REG_RID, "RID", },
91 { TPM_I2C_REG_I2C_DEV_ADDRESS, TPM_I2C_REG_UNKNOWN, "DEV_ADDRESS",},
92 { TPM_I2C_REG_DATA_CSUM_ENABLE, TPM_I2C_REG_UNKNOWN, "CSUM_ENABLE",},
93 };
94
tpm_tis_i2c_pre_save(void * opaque)95 static int tpm_tis_i2c_pre_save(void *opaque)
96 {
97 TPMStateI2C *i2cst = opaque;
98
99 return tpm_tis_pre_save(&i2cst->state);
100 }
101
tpm_tis_i2c_post_load(void * opaque,int version_id)102 static int tpm_tis_i2c_post_load(void *opaque, int version_id)
103 {
104 TPMStateI2C *i2cst = opaque;
105
106 if (i2cst->offset >= 1) {
107 tpm_tis_i2c_to_tis_reg(i2cst, i2cst->data[0]);
108 }
109
110 return 0;
111 }
112
113 static const VMStateDescription vmstate_tpm_tis_i2c = {
114 .name = "tpm-tis-i2c",
115 .version_id = 0,
116 .pre_save = tpm_tis_i2c_pre_save,
117 .post_load = tpm_tis_i2c_post_load,
118 .fields = (const VMStateField[]) {
119 VMSTATE_BUFFER(state.buffer, TPMStateI2C),
120 VMSTATE_UINT16(state.rw_offset, TPMStateI2C),
121 VMSTATE_UINT8(state.active_locty, TPMStateI2C),
122 VMSTATE_UINT8(state.aborting_locty, TPMStateI2C),
123 VMSTATE_UINT8(state.next_locty, TPMStateI2C),
124
125 VMSTATE_STRUCT_ARRAY(state.loc, TPMStateI2C, TPM_TIS_NUM_LOCALITIES, 0,
126 vmstate_locty, TPMLocality),
127
128 /* i2c specifics */
129 VMSTATE_UINT8(offset, TPMStateI2C),
130 VMSTATE_UINT8(operation, TPMStateI2C),
131 VMSTATE_BUFFER(data, TPMStateI2C),
132 VMSTATE_UINT8(loc_sel, TPMStateI2C),
133 VMSTATE_UINT8(csum_enable, TPMStateI2C),
134
135 VMSTATE_END_OF_LIST()
136 }
137 };
138
139 /*
140 * Set data value. The i2cst->offset is not updated as called in
141 * the read path.
142 */
tpm_tis_i2c_set_data(TPMStateI2C * i2cst,uint32_t data)143 static void tpm_tis_i2c_set_data(TPMStateI2C *i2cst, uint32_t data)
144 {
145 i2cst->data[1] = data;
146 i2cst->data[2] = data >> 8;
147 i2cst->data[3] = data >> 16;
148 i2cst->data[4] = data >> 24;
149 }
150 /*
151 * Generate interface capability based on what is returned by TIS and what is
152 * expected by I2C. Save the capability in the data array overwriting the TIS
153 * capability.
154 */
tpm_tis_i2c_interface_capability(TPMStateI2C * i2cst,uint32_t tis_cap)155 static uint32_t tpm_tis_i2c_interface_capability(TPMStateI2C *i2cst,
156 uint32_t tis_cap)
157 {
158 uint32_t i2c_cap;
159
160 /* Now generate i2c capability */
161 i2c_cap = (TPM_I2C_CAP_INTERFACE_TYPE |
162 TPM_I2C_CAP_INTERFACE_VER |
163 TPM_I2C_CAP_TPM2_FAMILY |
164 TPM_I2C_CAP_LOCALITY_CAP |
165 TPM_I2C_CAP_BUS_SPEED |
166 TPM_I2C_CAP_DEV_ADDR_CHANGE);
167
168 /* Now check the TIS and set some capabilities */
169
170 /* Static burst count set */
171 if (tis_cap & TPM_TIS_CAP_BURST_COUNT_STATIC) {
172 i2c_cap |= TPM_I2C_CAP_BURST_COUNT_STATIC;
173 }
174
175 return i2c_cap;
176 }
177
178 /* Convert I2C register to TIS address and returns the name of the register */
tpm_tis_i2c_to_tis_reg(TPMStateI2C * i2cst,uint8_t i2c_reg)179 static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst, uint8_t i2c_reg)
180 {
181 const I2CRegMap *reg_map;
182 int i;
183
184 i2cst->tis_addr = 0xffffffff;
185
186 /* Special case for the STS register. */
187 if (i2c_reg >= TPM_I2C_REG_STS && i2c_reg <= TPM_I2C_REG_STS + 3) {
188 i2c_reg = TPM_I2C_REG_STS;
189 }
190
191 for (i = 0; i < ARRAY_SIZE(tpm_tis_reg_map); i++) {
192 reg_map = &tpm_tis_reg_map[i];
193 if (reg_map->i2c_reg == i2c_reg) {
194 i2cst->reg_name = reg_map->reg_name;
195 i2cst->tis_addr = reg_map->tis_reg;
196
197 /* Include the locality in the address. */
198 assert(TPM_TIS_I2C_IS_VALID_LOCTY(i2cst->loc_sel));
199 i2cst->tis_addr += (i2cst->loc_sel << TPM_TIS_LOCALITY_SHIFT);
200 break;
201 }
202 }
203 }
204
205 /* Clear some fields from the structure. */
tpm_tis_i2c_clear_data(TPMStateI2C * i2cst)206 static inline void tpm_tis_i2c_clear_data(TPMStateI2C *i2cst)
207 {
208 /* Clear operation and offset */
209 i2cst->operation = 0;
210 i2cst->offset = 0;
211 i2cst->tis_addr = 0xffffffff;
212 i2cst->reg_name = NULL;
213 memset(i2cst->data, 0, sizeof(i2cst->data));
214
215 return;
216 }
217
218 /* Send data to TPM */
tpm_tis_i2c_tpm_send(TPMStateI2C * i2cst)219 static inline void tpm_tis_i2c_tpm_send(TPMStateI2C *i2cst)
220 {
221 uint32_t data;
222 size_t offset = 0;
223 uint32_t sz = 4;
224
225 if ((i2cst->operation == OP_SEND) && (i2cst->offset > 1)) {
226
227 switch (i2cst->data[0]) {
228 case TPM_I2C_REG_DATA_CSUM_ENABLE:
229 /*
230 * Checksum is not handled by TIS code hence we will consume the
231 * register here.
232 */
233 i2cst->csum_enable = i2cst->data[1] & TPM_DATA_CSUM_ENABLED;
234 break;
235 case TPM_I2C_REG_DATA_FIFO:
236 /* Handled in the main i2c_send function */
237 break;
238 case TPM_I2C_REG_LOC_SEL:
239 /*
240 * This register is not handled by TIS so save the locality
241 * locally
242 */
243 if (TPM_TIS_I2C_IS_VALID_LOCTY(i2cst->data[1])) {
244 i2cst->loc_sel = i2cst->data[1];
245 }
246 break;
247 default:
248 /* We handle non-FIFO here */
249
250 /* Index 0 is a register. Convert byte stream to uint32_t */
251 data = i2cst->data[1];
252 data |= i2cst->data[2] << 8;
253 data |= i2cst->data[3] << 16;
254 data |= i2cst->data[4] << 24;
255
256 /* Add register specific masking */
257 switch (i2cst->data[0]) {
258 case TPM_I2C_REG_INT_ENABLE:
259 data &= TPM_I2C_INT_ENABLE_MASK;
260 break;
261 case TPM_I2C_REG_STS ... TPM_I2C_REG_STS + 3:
262 /*
263 * STS register has 4 bytes data.
264 * As per the specs following writes must be allowed.
265 * - From base address 1 to 4 bytes are allowed.
266 * - Single byte write to first or last byte must
267 * be allowed.
268 */
269 offset = i2cst->data[0] - TPM_I2C_REG_STS;
270 if (offset > 0) {
271 sz = 1;
272 }
273 data &= (TPM_I2C_STS_WRITE_MASK >> (offset * 8));
274 break;
275 }
276
277 tpm_tis_write_data(&i2cst->state, i2cst->tis_addr + offset, data,
278 sz);
279 break;
280 }
281
282 tpm_tis_i2c_clear_data(i2cst);
283 }
284
285 return;
286 }
287
288 /* Callback from TPM to indicate that response is copied */
tpm_tis_i2c_request_completed(TPMIf * ti,int ret)289 static void tpm_tis_i2c_request_completed(TPMIf *ti, int ret)
290 {
291 TPMStateI2C *i2cst = TPM_TIS_I2C(ti);
292 TPMState *s = &i2cst->state;
293
294 /* Inform the common code. */
295 tpm_tis_request_completed(s, ret);
296 }
297
tpm_tis_i2c_get_tpm_version(TPMIf * ti)298 static enum TPMVersion tpm_tis_i2c_get_tpm_version(TPMIf *ti)
299 {
300 TPMStateI2C *i2cst = TPM_TIS_I2C(ti);
301 TPMState *s = &i2cst->state;
302
303 return tpm_tis_get_tpm_version(s);
304 }
305
tpm_tis_i2c_event(I2CSlave * i2c,enum i2c_event event)306 static int tpm_tis_i2c_event(I2CSlave *i2c, enum i2c_event event)
307 {
308 TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
309 int ret = 0;
310
311 switch (event) {
312 case I2C_START_RECV:
313 trace_tpm_tis_i2c_event("START_RECV");
314 break;
315 case I2C_START_SEND:
316 trace_tpm_tis_i2c_event("START_SEND");
317 tpm_tis_i2c_clear_data(i2cst);
318 break;
319 case I2C_FINISH:
320 trace_tpm_tis_i2c_event("FINISH");
321 if (i2cst->operation == OP_SEND) {
322 tpm_tis_i2c_tpm_send(i2cst);
323 } else {
324 tpm_tis_i2c_clear_data(i2cst);
325 }
326 break;
327 default:
328 break;
329 }
330
331 return ret;
332 }
333
334 /*
335 * If data is for FIFO then it is received from tpm_tis_common buffer
336 * otherwise it will be handled using single call to common code and
337 * cached in the local buffer.
338 */
tpm_tis_i2c_recv(I2CSlave * i2c)339 static uint8_t tpm_tis_i2c_recv(I2CSlave *i2c)
340 {
341 int ret = 0;
342 uint32_t data_read;
343 TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
344 TPMState *s = &i2cst->state;
345 uint16_t i2c_reg = i2cst->data[0];
346 size_t offset;
347
348 if (i2cst->operation == OP_RECV) {
349
350 /* Do not cache FIFO data. */
351 if (i2cst->data[0] == TPM_I2C_REG_DATA_FIFO) {
352 data_read = tpm_tis_read_data(s, i2cst->tis_addr, 1);
353 ret = (data_read & 0xff);
354 } else if (i2cst->offset < sizeof(i2cst->data)) {
355 ret = i2cst->data[i2cst->offset++];
356 }
357
358 } else if ((i2cst->operation == OP_SEND) && (i2cst->offset < 2)) {
359 /* First receive call after send */
360
361 i2cst->operation = OP_RECV;
362
363 switch (i2c_reg) {
364 case TPM_I2C_REG_LOC_SEL:
365 /* Location selection register is managed by i2c */
366 tpm_tis_i2c_set_data(i2cst, i2cst->loc_sel);
367 break;
368 case TPM_I2C_REG_DATA_FIFO:
369 /* FIFO data is directly read from TPM TIS */
370 data_read = tpm_tis_read_data(s, i2cst->tis_addr, 1);
371 tpm_tis_i2c_set_data(i2cst, (data_read & 0xff));
372 break;
373 case TPM_I2C_REG_DATA_CSUM_ENABLE:
374 tpm_tis_i2c_set_data(i2cst, i2cst->csum_enable);
375 break;
376 case TPM_I2C_REG_INT_CAPABILITY:
377 /*
378 * Interrupt is not supported in the linux kernel hence we cannot
379 * test this model with interrupts.
380 */
381 tpm_tis_i2c_set_data(i2cst, TPM_I2C_INT_ENABLE_MASK);
382 break;
383 case TPM_I2C_REG_DATA_CSUM_GET:
384 /*
385 * Checksum registers are not supported by common code hence
386 * call a common code to get the checksum.
387 */
388 data_read = tpm_tis_get_checksum(s);
389
390 /* Save the byte stream in data field */
391 tpm_tis_i2c_set_data(i2cst, data_read);
392 break;
393 default:
394 data_read = tpm_tis_read_data(s, i2cst->tis_addr, 4);
395
396 switch (i2c_reg) {
397 case TPM_I2C_REG_INTF_CAPABILITY:
398 /* Prepare the capabilities as per I2C interface */
399 data_read = tpm_tis_i2c_interface_capability(i2cst,
400 data_read);
401 break;
402 case TPM_I2C_REG_STS ... TPM_I2C_REG_STS + 3:
403 offset = i2c_reg - TPM_I2C_REG_STS;
404 /*
405 * As per specs, STS bit 31:26 are reserved and must
406 * be set to 0
407 */
408 data_read &= TPM_I2C_STS_READ_MASK;
409 /*
410 * STS register has 4 bytes data.
411 * As per the specs following reads must be allowed.
412 * - From base address 1 to 4 bytes are allowed.
413 * - Last byte must be allowed to read as a single byte
414 * - Second and third byte must be allowed to read as two
415 * two bytes.
416 */
417 data_read >>= (offset * 8);
418 break;
419 }
420
421 /* Save byte stream in data[] */
422 tpm_tis_i2c_set_data(i2cst, data_read);
423 break;
424 }
425
426 /* Return first byte with this call */
427 i2cst->offset = 1; /* keep the register value intact for debug */
428 ret = i2cst->data[i2cst->offset++];
429 } else {
430 i2cst->operation = OP_RECV;
431 }
432
433 trace_tpm_tis_i2c_recv(ret);
434
435 return ret;
436 }
437
438 /*
439 * Send function only remembers data in the buffer and then calls
440 * TPM TIS common code during FINISH event.
441 */
tpm_tis_i2c_send(I2CSlave * i2c,uint8_t data)442 static int tpm_tis_i2c_send(I2CSlave *i2c, uint8_t data)
443 {
444 TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
445
446 /* Reject non-supported registers. */
447 if (i2cst->offset == 0) {
448 /* Convert I2C register to TIS register */
449 tpm_tis_i2c_to_tis_reg(i2cst, data);
450 if (i2cst->tis_addr == 0xffffffff) {
451 return 0xffffffff;
452 }
453
454 trace_tpm_tis_i2c_send_reg(i2cst->reg_name, data);
455
456 /* We do not support device address change */
457 if (data == TPM_I2C_REG_I2C_DEV_ADDRESS) {
458 qemu_log_mask(LOG_UNIMP, "%s: Device address change "
459 "is not supported.\n", __func__);
460 return 0xffffffff;
461 }
462 } else {
463 trace_tpm_tis_i2c_send(data);
464 }
465
466 if (i2cst->offset < sizeof(i2cst->data)) {
467 i2cst->operation = OP_SEND;
468
469 /*
470 * In two cases, we save values in the local buffer.
471 * 1) The first value is always a register.
472 * 2) In case of non-FIFO multibyte registers, TIS expects full
473 * register value hence I2C layer cache the register value and send
474 * to TIS during FINISH event.
475 */
476 if ((i2cst->offset == 0) ||
477 (i2cst->data[0] != TPM_I2C_REG_DATA_FIFO)) {
478 i2cst->data[i2cst->offset++] = data;
479 } else {
480 /*
481 * The TIS can process FIFO data one byte at a time hence the FIFO
482 * data is sent to TIS directly.
483 */
484 tpm_tis_write_data(&i2cst->state, i2cst->tis_addr, data, 1);
485 }
486
487 return 0;
488 }
489
490 /* Return non-zero to indicate NAK */
491 return 1;
492 }
493
494 static Property tpm_tis_i2c_properties[] = {
495 DEFINE_PROP_TPMBE("tpmdev", TPMStateI2C, state.be_driver),
496 DEFINE_PROP_END_OF_LIST(),
497 };
498
tpm_tis_i2c_realizefn(DeviceState * dev,Error ** errp)499 static void tpm_tis_i2c_realizefn(DeviceState *dev, Error **errp)
500 {
501 TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
502 TPMState *s = &i2cst->state;
503
504 if (!tpm_find()) {
505 error_setg(errp, "at most one TPM device is permitted");
506 return;
507 }
508
509 /*
510 * Get the backend pointer. It is not initialized properly during
511 * device_class_set_props
512 */
513 s->be_driver = qemu_find_tpm_be("tpm0");
514
515 if (!s->be_driver) {
516 error_setg(errp, "'tpmdev' property is required");
517 return;
518 }
519 }
520
tpm_tis_i2c_reset(DeviceState * dev)521 static void tpm_tis_i2c_reset(DeviceState *dev)
522 {
523 TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
524 TPMState *s = &i2cst->state;
525
526 tpm_tis_i2c_clear_data(i2cst);
527
528 i2cst->csum_enable = 0;
529 i2cst->loc_sel = 0x00;
530
531 return tpm_tis_reset(s);
532 }
533
tpm_tis_i2c_class_init(ObjectClass * klass,void * data)534 static void tpm_tis_i2c_class_init(ObjectClass *klass, void *data)
535 {
536 DeviceClass *dc = DEVICE_CLASS(klass);
537 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
538 TPMIfClass *tc = TPM_IF_CLASS(klass);
539
540 dc->realize = tpm_tis_i2c_realizefn;
541 device_class_set_legacy_reset(dc, tpm_tis_i2c_reset);
542 dc->vmsd = &vmstate_tpm_tis_i2c;
543 device_class_set_props(dc, tpm_tis_i2c_properties);
544 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
545
546 k->event = tpm_tis_i2c_event;
547 k->recv = tpm_tis_i2c_recv;
548 k->send = tpm_tis_i2c_send;
549
550 tc->model = TPM_MODEL_TPM_TIS;
551 tc->request_completed = tpm_tis_i2c_request_completed;
552 tc->get_version = tpm_tis_i2c_get_tpm_version;
553 }
554
555 static const TypeInfo tpm_tis_i2c_info = {
556 .name = TYPE_TPM_TIS_I2C,
557 .parent = TYPE_I2C_SLAVE,
558 .instance_size = sizeof(TPMStateI2C),
559 .class_init = tpm_tis_i2c_class_init,
560 .interfaces = (InterfaceInfo[]) {
561 { TYPE_TPM_IF },
562 { }
563 }
564 };
565
tpm_tis_i2c_register_types(void)566 static void tpm_tis_i2c_register_types(void)
567 {
568 type_register_static(&tpm_tis_i2c_info);
569 }
570
571 type_init(tpm_tis_i2c_register_types)
572