xref: /openbmc/linux/drivers/char/tpm/tpm_crb.c (revision ca55b2fef3a9373fcfc30f82fd26bc7fccbda732)
1 /*
2  * Copyright (C) 2014 Intel Corporation
3  *
4  * Authors:
5  * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
6  *
7  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
8  *
9  * This device driver implements the TPM interface as defined in
10  * the TCG CRB 2.0 TPM specification.
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; version 2
15  * of the License.
16  */
17 
18 #include <linux/acpi.h>
19 #include <linux/highmem.h>
20 #include <linux/rculist.h>
21 #include <linux/module.h>
22 #include <linux/platform_device.h>
23 #include "tpm.h"
24 
25 #define ACPI_SIG_TPM2 "TPM2"
26 
27 static const u8 CRB_ACPI_START_UUID[] = {
28 	/* 0000 */ 0xAB, 0x6C, 0xBF, 0x6B, 0x63, 0x54, 0x14, 0x47,
29 	/* 0008 */ 0xB7, 0xCD, 0xF0, 0x20, 0x3C, 0x03, 0x68, 0xD4
30 };
31 
32 enum crb_defaults {
33 	CRB_ACPI_START_REVISION_ID = 1,
34 	CRB_ACPI_START_INDEX = 1,
35 };
36 
37 enum crb_start_method {
38 	CRB_SM_ACPI_START = 2,
39 	CRB_SM_CRB = 7,
40 	CRB_SM_CRB_WITH_ACPI_START = 8,
41 };
42 
43 struct acpi_tpm2 {
44 	struct acpi_table_header hdr;
45 	u16 platform_class;
46 	u16 reserved;
47 	u64 control_area_pa;
48 	u32 start_method;
49 } __packed;
50 
51 enum crb_ca_request {
52 	CRB_CA_REQ_GO_IDLE	= BIT(0),
53 	CRB_CA_REQ_CMD_READY	= BIT(1),
54 };
55 
56 enum crb_ca_status {
57 	CRB_CA_STS_ERROR	= BIT(0),
58 	CRB_CA_STS_TPM_IDLE	= BIT(1),
59 };
60 
61 enum crb_start {
62 	CRB_START_INVOKE	= BIT(0),
63 };
64 
65 enum crb_cancel {
66 	CRB_CANCEL_INVOKE	= BIT(0),
67 };
68 
69 struct crb_control_area {
70 	u32 req;
71 	u32 sts;
72 	u32 cancel;
73 	u32 start;
74 	u32 int_enable;
75 	u32 int_sts;
76 	u32 cmd_size;
77 	u64 cmd_pa;
78 	u32 rsp_size;
79 	u64 rsp_pa;
80 } __packed;
81 
82 enum crb_status {
83 	CRB_STS_COMPLETE	= BIT(0),
84 };
85 
86 enum crb_flags {
87 	CRB_FL_ACPI_START	= BIT(0),
88 	CRB_FL_CRB_START	= BIT(1),
89 };
90 
91 struct crb_priv {
92 	unsigned int flags;
93 	struct crb_control_area __iomem *cca;
94 	u8 __iomem *cmd;
95 	u8 __iomem *rsp;
96 };
97 
98 static SIMPLE_DEV_PM_OPS(crb_pm, tpm_pm_suspend, tpm_pm_resume);
99 
100 static u8 crb_status(struct tpm_chip *chip)
101 {
102 	struct crb_priv *priv = chip->vendor.priv;
103 	u8 sts = 0;
104 
105 	if ((le32_to_cpu(ioread32(&priv->cca->start)) & CRB_START_INVOKE) !=
106 	    CRB_START_INVOKE)
107 		sts |= CRB_STS_COMPLETE;
108 
109 	return sts;
110 }
111 
112 static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count)
113 {
114 	struct crb_priv *priv = chip->vendor.priv;
115 	unsigned int expected;
116 
117 	/* sanity check */
118 	if (count < 6)
119 		return -EIO;
120 
121 	if (le32_to_cpu(ioread32(&priv->cca->sts)) & CRB_CA_STS_ERROR)
122 		return -EIO;
123 
124 	memcpy_fromio(buf, priv->rsp, 6);
125 	expected = be32_to_cpup((__be32 *) &buf[2]);
126 
127 	if (expected > count)
128 		return -EIO;
129 
130 	memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6);
131 
132 	return expected;
133 }
134 
135 static int crb_do_acpi_start(struct tpm_chip *chip)
136 {
137 	union acpi_object *obj;
138 	int rc;
139 
140 	obj = acpi_evaluate_dsm(chip->acpi_dev_handle,
141 				CRB_ACPI_START_UUID,
142 				CRB_ACPI_START_REVISION_ID,
143 				CRB_ACPI_START_INDEX,
144 				NULL);
145 	if (!obj)
146 		return -ENXIO;
147 	rc = obj->integer.value == 0 ? 0 : -ENXIO;
148 	ACPI_FREE(obj);
149 	return rc;
150 }
151 
152 static int crb_send(struct tpm_chip *chip, u8 *buf, size_t len)
153 {
154 	struct crb_priv *priv = chip->vendor.priv;
155 	int rc = 0;
156 
157 	if (len > le32_to_cpu(ioread32(&priv->cca->cmd_size))) {
158 		dev_err(&chip->dev,
159 			"invalid command count value %x %zx\n",
160 			(unsigned int) len,
161 			(size_t) le32_to_cpu(ioread32(&priv->cca->cmd_size)));
162 		return -E2BIG;
163 	}
164 
165 	memcpy_toio(priv->cmd, buf, len);
166 
167 	/* Make sure that cmd is populated before issuing start. */
168 	wmb();
169 
170 	if (priv->flags & CRB_FL_CRB_START)
171 		iowrite32(cpu_to_le32(CRB_START_INVOKE), &priv->cca->start);
172 
173 	if (priv->flags & CRB_FL_ACPI_START)
174 		rc = crb_do_acpi_start(chip);
175 
176 	return rc;
177 }
178 
179 static void crb_cancel(struct tpm_chip *chip)
180 {
181 	struct crb_priv *priv = chip->vendor.priv;
182 
183 	iowrite32(cpu_to_le32(CRB_CANCEL_INVOKE), &priv->cca->cancel);
184 
185 	/* Make sure that cmd is populated before issuing cancel. */
186 	wmb();
187 
188 	if ((priv->flags & CRB_FL_ACPI_START) && crb_do_acpi_start(chip))
189 		dev_err(&chip->dev, "ACPI Start failed\n");
190 
191 	iowrite32(0, &priv->cca->cancel);
192 }
193 
194 static bool crb_req_canceled(struct tpm_chip *chip, u8 status)
195 {
196 	struct crb_priv *priv = chip->vendor.priv;
197 	u32 cancel = le32_to_cpu(ioread32(&priv->cca->cancel));
198 
199 	return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE;
200 }
201 
202 static const struct tpm_class_ops tpm_crb = {
203 	.status = crb_status,
204 	.recv = crb_recv,
205 	.send = crb_send,
206 	.cancel = crb_cancel,
207 	.req_canceled = crb_req_canceled,
208 	.req_complete_mask = CRB_STS_COMPLETE,
209 	.req_complete_val = CRB_STS_COMPLETE,
210 };
211 
212 static int crb_acpi_add(struct acpi_device *device)
213 {
214 	struct tpm_chip *chip;
215 	struct acpi_tpm2 *buf;
216 	struct crb_priv *priv;
217 	struct device *dev = &device->dev;
218 	acpi_status status;
219 	u32 sm;
220 	u64 pa;
221 	int rc;
222 
223 	chip = tpmm_chip_alloc(dev, &tpm_crb);
224 	if (IS_ERR(chip))
225 		return PTR_ERR(chip);
226 
227 	chip->flags = TPM_CHIP_FLAG_TPM2;
228 
229 	status = acpi_get_table(ACPI_SIG_TPM2, 1,
230 				(struct acpi_table_header **) &buf);
231 	if (ACPI_FAILURE(status)) {
232 		dev_err(dev, "failed to get TPM2 ACPI table\n");
233 		return -ENODEV;
234 	}
235 
236 	/* At least some versions of AMI BIOS have a bug that TPM2 table has
237 	 * zero address for the control area and therefore we must fail.
238 	*/
239 	if (!buf->control_area_pa) {
240 		dev_err(dev, "TPM2 ACPI table has a zero address for the control area\n");
241 		return -EINVAL;
242 	}
243 
244 	if (buf->hdr.length < sizeof(struct acpi_tpm2)) {
245 		dev_err(dev, "TPM2 ACPI table has wrong size");
246 		return -EINVAL;
247 	}
248 
249 	priv = (struct crb_priv *) devm_kzalloc(dev, sizeof(struct crb_priv),
250 						GFP_KERNEL);
251 	if (!priv) {
252 		dev_err(dev, "failed to devm_kzalloc for private data\n");
253 		return -ENOMEM;
254 	}
255 
256 	sm = le32_to_cpu(buf->start_method);
257 
258 	/* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs
259 	 * report only ACPI start but in practice seems to require both
260 	 * ACPI start and CRB start.
261 	 */
262 	if (sm == CRB_SM_CRB || sm == CRB_SM_CRB_WITH_ACPI_START ||
263 	    !strcmp(acpi_device_hid(device), "MSFT0101"))
264 		priv->flags |= CRB_FL_CRB_START;
265 
266 	if (sm == CRB_SM_ACPI_START || sm == CRB_SM_CRB_WITH_ACPI_START)
267 		priv->flags |= CRB_FL_ACPI_START;
268 
269 	priv->cca = (struct crb_control_area __iomem *)
270 		devm_ioremap_nocache(dev, buf->control_area_pa, 0x1000);
271 	if (!priv->cca) {
272 		dev_err(dev, "ioremap of the control area failed\n");
273 		return -ENOMEM;
274 	}
275 
276 	memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
277 	pa = le64_to_cpu(pa);
278 	priv->cmd = devm_ioremap_nocache(dev, pa,
279 					 ioread32(&priv->cca->cmd_size));
280 	if (!priv->cmd) {
281 		dev_err(dev, "ioremap of the command buffer failed\n");
282 		return -ENOMEM;
283 	}
284 
285 	memcpy_fromio(&pa, &priv->cca->rsp_pa, 8);
286 	pa = le64_to_cpu(pa);
287 	priv->rsp = devm_ioremap_nocache(dev, pa,
288 					 ioread32(&priv->cca->rsp_size));
289 	if (!priv->rsp) {
290 		dev_err(dev, "ioremap of the response buffer failed\n");
291 		return -ENOMEM;
292 	}
293 
294 	chip->vendor.priv = priv;
295 
296 	/* Default timeouts and durations */
297 	chip->vendor.timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
298 	chip->vendor.timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
299 	chip->vendor.timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
300 	chip->vendor.timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
301 	chip->vendor.duration[TPM_SHORT] =
302 		msecs_to_jiffies(TPM2_DURATION_SHORT);
303 	chip->vendor.duration[TPM_MEDIUM] =
304 		msecs_to_jiffies(TPM2_DURATION_MEDIUM);
305 	chip->vendor.duration[TPM_LONG] =
306 		msecs_to_jiffies(TPM2_DURATION_LONG);
307 
308 	chip->acpi_dev_handle = device->handle;
309 
310 	rc = tpm2_do_selftest(chip);
311 	if (rc)
312 		return rc;
313 
314 	return tpm_chip_register(chip);
315 }
316 
317 static int crb_acpi_remove(struct acpi_device *device)
318 {
319 	struct device *dev = &device->dev;
320 	struct tpm_chip *chip = dev_get_drvdata(dev);
321 
322 	tpm_chip_unregister(chip);
323 
324 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
325 		tpm2_shutdown(chip, TPM2_SU_CLEAR);
326 
327 	return 0;
328 }
329 
330 static struct acpi_device_id crb_device_ids[] = {
331 	{"MSFT0101", 0},
332 	{"", 0},
333 };
334 MODULE_DEVICE_TABLE(acpi, crb_device_ids);
335 
336 static struct acpi_driver crb_acpi_driver = {
337 	.name = "tpm_crb",
338 	.ids = crb_device_ids,
339 	.ops = {
340 		.add = crb_acpi_add,
341 		.remove = crb_acpi_remove,
342 	},
343 	.drv = {
344 		.pm = &crb_pm,
345 	},
346 };
347 
348 module_acpi_driver(crb_acpi_driver);
349 MODULE_AUTHOR("Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>");
350 MODULE_DESCRIPTION("TPM2 Driver");
351 MODULE_VERSION("0.1");
352 MODULE_LICENSE("GPL");
353