1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2005, 2006 IBM Corporation 4 * Copyright (C) 2014, 2015 Intel Corporation 5 * 6 * Authors: 7 * Leendert van Doorn <leendert@watson.ibm.com> 8 * Kylene Hall <kjhall@us.ibm.com> 9 * 10 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 11 * 12 * Device driver for TCG/TCPA TPM (trusted platform module). 13 * Specifications at www.trustedcomputinggroup.org 14 * 15 * This device driver implements the TPM interface as defined in 16 * the TCG TPM Interface Spec version 1.2, revision 1.0. 17 */ 18 #include <linux/init.h> 19 #include <linux/module.h> 20 #include <linux/moduleparam.h> 21 #include <linux/pnp.h> 22 #include <linux/slab.h> 23 #include <linux/interrupt.h> 24 #include <linux/wait.h> 25 #include <linux/acpi.h> 26 #include <linux/freezer.h> 27 #include "tpm.h" 28 #include "tpm_tis_core.h" 29 30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value); 31 32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, 33 bool check_cancel, bool *canceled) 34 { 35 u8 status = chip->ops->status(chip); 36 37 *canceled = false; 38 if ((status & mask) == mask) 39 return true; 40 if (check_cancel && chip->ops->req_canceled(chip, status)) { 41 *canceled = true; 42 return true; 43 } 44 return false; 45 } 46 47 static u8 tpm_tis_filter_sts_mask(u8 int_mask, u8 sts_mask) 48 { 49 if (!(int_mask & TPM_INTF_STS_VALID_INT)) 50 sts_mask &= ~TPM_STS_VALID; 51 52 if (!(int_mask & TPM_INTF_DATA_AVAIL_INT)) 53 sts_mask &= ~TPM_STS_DATA_AVAIL; 54 55 if (!(int_mask & TPM_INTF_CMD_READY_INT)) 56 sts_mask &= ~TPM_STS_COMMAND_READY; 57 58 return sts_mask; 59 } 60 61 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, 62 unsigned long timeout, wait_queue_head_t *queue, 63 bool check_cancel) 64 { 65 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 66 unsigned long stop; 67 long rc; 68 u8 status; 69 bool canceled = false; 70 u8 sts_mask; 71 int ret = 0; 72 73 /* check current status */ 74 status = chip->ops->status(chip); 75 if ((status & mask) == mask) 76 return 0; 77 78 sts_mask = mask & (TPM_STS_VALID | TPM_STS_DATA_AVAIL | 79 TPM_STS_COMMAND_READY); 80 /* check what status changes can be handled by irqs */ 81 sts_mask = tpm_tis_filter_sts_mask(priv->int_mask, sts_mask); 82 83 stop = jiffies + timeout; 84 /* process status changes with irq support */ 85 if (sts_mask) { 86 ret = -ETIME; 87 again: 88 timeout = stop - jiffies; 89 if ((long)timeout <= 0) 90 return -ETIME; 91 rc = wait_event_interruptible_timeout(*queue, 92 wait_for_tpm_stat_cond(chip, sts_mask, check_cancel, 93 &canceled), 94 timeout); 95 if (rc > 0) { 96 if (canceled) 97 return -ECANCELED; 98 ret = 0; 99 } 100 if (rc == -ERESTARTSYS && freezing(current)) { 101 clear_thread_flag(TIF_SIGPENDING); 102 goto again; 103 } 104 } 105 106 if (ret) 107 return ret; 108 109 mask &= ~sts_mask; 110 if (!mask) /* all done */ 111 return 0; 112 /* process status changes without irq support */ 113 do { 114 status = chip->ops->status(chip); 115 if ((status & mask) == mask) 116 return 0; 117 usleep_range(priv->timeout_min, 118 priv->timeout_max); 119 } while (time_before(jiffies, stop)); 120 return -ETIME; 121 } 122 123 /* Before we attempt to access the TPM we must see that the valid bit is set. 124 * The specification says that this bit is 0 at reset and remains 0 until the 125 * 'TPM has gone through its self test and initialization and has established 126 * correct values in the other bits.' 127 */ 128 static int wait_startup(struct tpm_chip *chip, int l) 129 { 130 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 131 unsigned long stop = jiffies + chip->timeout_a; 132 133 do { 134 int rc; 135 u8 access; 136 137 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access); 138 if (rc < 0) 139 return rc; 140 141 if (access & TPM_ACCESS_VALID) 142 return 0; 143 tpm_msleep(TPM_TIMEOUT); 144 } while (time_before(jiffies, stop)); 145 return -1; 146 } 147 148 static bool check_locality(struct tpm_chip *chip, int l) 149 { 150 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 151 int rc; 152 u8 access; 153 154 rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access); 155 if (rc < 0) 156 return false; 157 158 if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID 159 | TPM_ACCESS_REQUEST_USE)) == 160 (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) { 161 priv->locality = l; 162 return true; 163 } 164 165 return false; 166 } 167 168 static int __tpm_tis_relinquish_locality(struct tpm_tis_data *priv, int l) 169 { 170 tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY); 171 172 return 0; 173 } 174 175 static int tpm_tis_relinquish_locality(struct tpm_chip *chip, int l) 176 { 177 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 178 179 mutex_lock(&priv->locality_count_mutex); 180 priv->locality_count--; 181 if (priv->locality_count == 0) 182 __tpm_tis_relinquish_locality(priv, l); 183 mutex_unlock(&priv->locality_count_mutex); 184 185 return 0; 186 } 187 188 static int __tpm_tis_request_locality(struct tpm_chip *chip, int l) 189 { 190 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 191 unsigned long stop, timeout; 192 long rc; 193 194 if (check_locality(chip, l)) 195 return l; 196 197 rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE); 198 if (rc < 0) 199 return rc; 200 201 stop = jiffies + chip->timeout_a; 202 203 if (chip->flags & TPM_CHIP_FLAG_IRQ) { 204 again: 205 timeout = stop - jiffies; 206 if ((long)timeout <= 0) 207 return -1; 208 rc = wait_event_interruptible_timeout(priv->int_queue, 209 (check_locality 210 (chip, l)), 211 timeout); 212 if (rc > 0) 213 return l; 214 if (rc == -ERESTARTSYS && freezing(current)) { 215 clear_thread_flag(TIF_SIGPENDING); 216 goto again; 217 } 218 } else { 219 /* wait for burstcount */ 220 do { 221 if (check_locality(chip, l)) 222 return l; 223 tpm_msleep(TPM_TIMEOUT); 224 } while (time_before(jiffies, stop)); 225 } 226 return -1; 227 } 228 229 static int tpm_tis_request_locality(struct tpm_chip *chip, int l) 230 { 231 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 232 int ret = 0; 233 234 mutex_lock(&priv->locality_count_mutex); 235 if (priv->locality_count == 0) 236 ret = __tpm_tis_request_locality(chip, l); 237 if (!ret) 238 priv->locality_count++; 239 mutex_unlock(&priv->locality_count_mutex); 240 return ret; 241 } 242 243 static u8 tpm_tis_status(struct tpm_chip *chip) 244 { 245 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 246 int rc; 247 u8 status; 248 249 rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status); 250 if (rc < 0) 251 return 0; 252 253 if (unlikely((status & TPM_STS_READ_ZERO) != 0)) { 254 if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) { 255 /* 256 * If this trips, the chances are the read is 257 * returning 0xff because the locality hasn't been 258 * acquired. Usually because tpm_try_get_ops() hasn't 259 * been called before doing a TPM operation. 260 */ 261 dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n", 262 status); 263 264 /* 265 * Dump stack for forensics, as invalid TPM_STS.x could be 266 * potentially triggered by impaired tpm_try_get_ops() or 267 * tpm_find_get_ops(). 268 */ 269 dump_stack(); 270 } 271 272 return 0; 273 } 274 275 return status; 276 } 277 278 static void tpm_tis_ready(struct tpm_chip *chip) 279 { 280 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 281 282 /* this causes the current command to be aborted */ 283 tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY); 284 } 285 286 static int get_burstcount(struct tpm_chip *chip) 287 { 288 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 289 unsigned long stop; 290 int burstcnt, rc; 291 u32 value; 292 293 /* wait for burstcount */ 294 if (chip->flags & TPM_CHIP_FLAG_TPM2) 295 stop = jiffies + chip->timeout_a; 296 else 297 stop = jiffies + chip->timeout_d; 298 do { 299 rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value); 300 if (rc < 0) 301 return rc; 302 303 burstcnt = (value >> 8) & 0xFFFF; 304 if (burstcnt) 305 return burstcnt; 306 usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX); 307 } while (time_before(jiffies, stop)); 308 return -EBUSY; 309 } 310 311 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count) 312 { 313 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 314 int size = 0, burstcnt, rc; 315 316 while (size < count) { 317 rc = wait_for_tpm_stat(chip, 318 TPM_STS_DATA_AVAIL | TPM_STS_VALID, 319 chip->timeout_c, 320 &priv->read_queue, true); 321 if (rc < 0) 322 return rc; 323 burstcnt = get_burstcount(chip); 324 if (burstcnt < 0) { 325 dev_err(&chip->dev, "Unable to read burstcount\n"); 326 return burstcnt; 327 } 328 burstcnt = min_t(int, burstcnt, count - size); 329 330 rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality), 331 burstcnt, buf + size); 332 if (rc < 0) 333 return rc; 334 335 size += burstcnt; 336 } 337 return size; 338 } 339 340 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count) 341 { 342 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 343 int size = 0; 344 int status; 345 u32 expected; 346 int rc; 347 348 if (count < TPM_HEADER_SIZE) { 349 size = -EIO; 350 goto out; 351 } 352 353 size = recv_data(chip, buf, TPM_HEADER_SIZE); 354 /* read first 10 bytes, including tag, paramsize, and result */ 355 if (size < TPM_HEADER_SIZE) { 356 dev_err(&chip->dev, "Unable to read header\n"); 357 goto out; 358 } 359 360 expected = be32_to_cpu(*(__be32 *) (buf + 2)); 361 if (expected > count || expected < TPM_HEADER_SIZE) { 362 size = -EIO; 363 goto out; 364 } 365 366 size += recv_data(chip, &buf[TPM_HEADER_SIZE], 367 expected - TPM_HEADER_SIZE); 368 if (size < expected) { 369 dev_err(&chip->dev, "Unable to read remainder of result\n"); 370 size = -ETIME; 371 goto out; 372 } 373 374 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, 375 &priv->int_queue, false) < 0) { 376 size = -ETIME; 377 goto out; 378 } 379 status = tpm_tis_status(chip); 380 if (status & TPM_STS_DATA_AVAIL) { /* retry? */ 381 dev_err(&chip->dev, "Error left over data\n"); 382 size = -EIO; 383 goto out; 384 } 385 386 rc = tpm_tis_verify_crc(priv, (size_t)size, buf); 387 if (rc < 0) { 388 dev_err(&chip->dev, "CRC mismatch for response.\n"); 389 size = rc; 390 goto out; 391 } 392 393 out: 394 tpm_tis_ready(chip); 395 return size; 396 } 397 398 /* 399 * If interrupts are used (signaled by an irq set in the vendor structure) 400 * tpm.c can skip polling for the data to be available as the interrupt is 401 * waited for here 402 */ 403 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len) 404 { 405 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 406 int rc, status, burstcnt; 407 size_t count = 0; 408 bool itpm = test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags); 409 410 status = tpm_tis_status(chip); 411 if ((status & TPM_STS_COMMAND_READY) == 0) { 412 tpm_tis_ready(chip); 413 if (wait_for_tpm_stat 414 (chip, TPM_STS_COMMAND_READY, chip->timeout_b, 415 &priv->int_queue, false) < 0) { 416 rc = -ETIME; 417 goto out_err; 418 } 419 } 420 421 while (count < len - 1) { 422 burstcnt = get_burstcount(chip); 423 if (burstcnt < 0) { 424 dev_err(&chip->dev, "Unable to read burstcount\n"); 425 rc = burstcnt; 426 goto out_err; 427 } 428 burstcnt = min_t(int, burstcnt, len - count - 1); 429 rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality), 430 burstcnt, buf + count); 431 if (rc < 0) 432 goto out_err; 433 434 count += burstcnt; 435 436 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, 437 &priv->int_queue, false) < 0) { 438 rc = -ETIME; 439 goto out_err; 440 } 441 status = tpm_tis_status(chip); 442 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) { 443 rc = -EIO; 444 goto out_err; 445 } 446 } 447 448 /* write last byte */ 449 rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]); 450 if (rc < 0) 451 goto out_err; 452 453 if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, 454 &priv->int_queue, false) < 0) { 455 rc = -ETIME; 456 goto out_err; 457 } 458 status = tpm_tis_status(chip); 459 if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) { 460 rc = -EIO; 461 goto out_err; 462 } 463 464 return 0; 465 466 out_err: 467 tpm_tis_ready(chip); 468 return rc; 469 } 470 471 static void disable_interrupts(struct tpm_chip *chip) 472 { 473 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 474 u32 intmask; 475 int rc; 476 477 if (priv->irq == 0) 478 return; 479 480 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); 481 if (rc < 0) 482 intmask = 0; 483 484 intmask &= ~TPM_GLOBAL_INT_ENABLE; 485 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); 486 487 devm_free_irq(chip->dev.parent, priv->irq, chip); 488 priv->irq = 0; 489 chip->flags &= ~TPM_CHIP_FLAG_IRQ; 490 } 491 492 /* 493 * If interrupts are used (signaled by an irq set in the vendor structure) 494 * tpm.c can skip polling for the data to be available as the interrupt is 495 * waited for here 496 */ 497 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len) 498 { 499 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 500 int rc; 501 u32 ordinal; 502 unsigned long dur; 503 504 rc = tpm_tis_send_data(chip, buf, len); 505 if (rc < 0) 506 return rc; 507 508 rc = tpm_tis_verify_crc(priv, len, buf); 509 if (rc < 0) { 510 dev_err(&chip->dev, "CRC mismatch for command.\n"); 511 return rc; 512 } 513 514 /* go and do it */ 515 rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO); 516 if (rc < 0) 517 goto out_err; 518 519 if (chip->flags & TPM_CHIP_FLAG_IRQ) { 520 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 521 522 dur = tpm_calc_ordinal_duration(chip, ordinal); 523 if (wait_for_tpm_stat 524 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur, 525 &priv->read_queue, false) < 0) { 526 rc = -ETIME; 527 goto out_err; 528 } 529 } 530 return 0; 531 out_err: 532 tpm_tis_ready(chip); 533 return rc; 534 } 535 536 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) 537 { 538 int rc, irq; 539 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 540 541 if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || 542 test_bit(TPM_TIS_IRQ_TESTED, &priv->flags)) 543 return tpm_tis_send_main(chip, buf, len); 544 545 /* Verify receipt of the expected IRQ */ 546 irq = priv->irq; 547 priv->irq = 0; 548 chip->flags &= ~TPM_CHIP_FLAG_IRQ; 549 rc = tpm_tis_send_main(chip, buf, len); 550 priv->irq = irq; 551 chip->flags |= TPM_CHIP_FLAG_IRQ; 552 if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags)) 553 tpm_msleep(1); 554 if (!test_bit(TPM_TIS_IRQ_TESTED, &priv->flags)) 555 disable_interrupts(chip); 556 set_bit(TPM_TIS_IRQ_TESTED, &priv->flags); 557 return rc; 558 } 559 560 struct tis_vendor_durations_override { 561 u32 did_vid; 562 struct tpm1_version version; 563 unsigned long durations[3]; 564 }; 565 566 static const struct tis_vendor_durations_override vendor_dur_overrides[] = { 567 /* STMicroelectronics 0x104a */ 568 { 0x0000104a, 569 { 1, 2, 8, 28 }, 570 { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } }, 571 }; 572 573 static void tpm_tis_update_durations(struct tpm_chip *chip, 574 unsigned long *duration_cap) 575 { 576 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 577 struct tpm1_version *version; 578 u32 did_vid; 579 int i, rc; 580 cap_t cap; 581 582 chip->duration_adjusted = false; 583 584 if (chip->ops->clk_enable != NULL) 585 chip->ops->clk_enable(chip, true); 586 587 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid); 588 if (rc < 0) { 589 dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n", 590 __func__, rc); 591 goto out; 592 } 593 594 /* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */ 595 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap, 596 "attempting to determine the 1.2 version", 597 sizeof(cap.version2)); 598 if (!rc) { 599 version = &cap.version2.version; 600 } else { 601 rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap, 602 "attempting to determine the 1.1 version", 603 sizeof(cap.version1)); 604 605 if (rc) 606 goto out; 607 608 version = &cap.version1; 609 } 610 611 for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) { 612 if (vendor_dur_overrides[i].did_vid != did_vid) 613 continue; 614 615 if ((version->major == 616 vendor_dur_overrides[i].version.major) && 617 (version->minor == 618 vendor_dur_overrides[i].version.minor) && 619 (version->rev_major == 620 vendor_dur_overrides[i].version.rev_major) && 621 (version->rev_minor == 622 vendor_dur_overrides[i].version.rev_minor)) { 623 624 memcpy(duration_cap, 625 vendor_dur_overrides[i].durations, 626 sizeof(vendor_dur_overrides[i].durations)); 627 628 chip->duration_adjusted = true; 629 goto out; 630 } 631 } 632 633 out: 634 if (chip->ops->clk_enable != NULL) 635 chip->ops->clk_enable(chip, false); 636 } 637 638 struct tis_vendor_timeout_override { 639 u32 did_vid; 640 unsigned long timeout_us[4]; 641 }; 642 643 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = { 644 /* Atmel 3204 */ 645 { 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000), 646 (TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } }, 647 }; 648 649 static void tpm_tis_update_timeouts(struct tpm_chip *chip, 650 unsigned long *timeout_cap) 651 { 652 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 653 int i, rc; 654 u32 did_vid; 655 656 chip->timeout_adjusted = false; 657 658 if (chip->ops->clk_enable != NULL) 659 chip->ops->clk_enable(chip, true); 660 661 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid); 662 if (rc < 0) { 663 dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n", 664 __func__, rc); 665 goto out; 666 } 667 668 for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) { 669 if (vendor_timeout_overrides[i].did_vid != did_vid) 670 continue; 671 memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us, 672 sizeof(vendor_timeout_overrides[i].timeout_us)); 673 chip->timeout_adjusted = true; 674 } 675 676 out: 677 if (chip->ops->clk_enable != NULL) 678 chip->ops->clk_enable(chip, false); 679 680 return; 681 } 682 683 /* 684 * Early probing for iTPM with STS_DATA_EXPECT flaw. 685 * Try sending command without itpm flag set and if that 686 * fails, repeat with itpm flag set. 687 */ 688 static int probe_itpm(struct tpm_chip *chip) 689 { 690 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 691 int rc = 0; 692 static const u8 cmd_getticks[] = { 693 0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a, 694 0x00, 0x00, 0x00, 0xf1 695 }; 696 size_t len = sizeof(cmd_getticks); 697 u16 vendor; 698 699 if (test_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags)) 700 return 0; 701 702 rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor); 703 if (rc < 0) 704 return rc; 705 706 /* probe only iTPMS */ 707 if (vendor != TPM_VID_INTEL) 708 return 0; 709 710 if (tpm_tis_request_locality(chip, 0) != 0) 711 return -EBUSY; 712 713 rc = tpm_tis_send_data(chip, cmd_getticks, len); 714 if (rc == 0) 715 goto out; 716 717 tpm_tis_ready(chip); 718 719 set_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags); 720 721 rc = tpm_tis_send_data(chip, cmd_getticks, len); 722 if (rc == 0) 723 dev_info(&chip->dev, "Detected an iTPM.\n"); 724 else { 725 clear_bit(TPM_TIS_ITPM_WORKAROUND, &priv->flags); 726 rc = -EFAULT; 727 } 728 729 out: 730 tpm_tis_ready(chip); 731 tpm_tis_relinquish_locality(chip, priv->locality); 732 733 return rc; 734 } 735 736 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status) 737 { 738 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 739 740 if (!test_bit(TPM_TIS_DEFAULT_CANCELLATION, &priv->flags)) { 741 switch (priv->manufacturer_id) { 742 case TPM_VID_WINBOND: 743 return ((status == TPM_STS_VALID) || 744 (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY))); 745 case TPM_VID_STM: 746 return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)); 747 default: 748 break; 749 } 750 } 751 752 return status == TPM_STS_COMMAND_READY; 753 } 754 755 static irqreturn_t tis_int_handler(int dummy, void *dev_id) 756 { 757 struct tpm_chip *chip = dev_id; 758 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 759 u32 interrupt; 760 int rc; 761 762 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt); 763 if (rc < 0) 764 return IRQ_NONE; 765 766 if (interrupt == 0) 767 return IRQ_NONE; 768 769 set_bit(TPM_TIS_IRQ_TESTED, &priv->flags); 770 if (interrupt & TPM_INTF_DATA_AVAIL_INT) 771 wake_up_interruptible(&priv->read_queue); 772 773 if (interrupt & 774 (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT | 775 TPM_INTF_CMD_READY_INT)) 776 wake_up_interruptible(&priv->int_queue); 777 778 /* Clear interrupts handled with TPM_EOI */ 779 tpm_tis_request_locality(chip, 0); 780 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt); 781 tpm_tis_relinquish_locality(chip, 0); 782 if (rc < 0) 783 return IRQ_NONE; 784 785 tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt); 786 return IRQ_HANDLED; 787 } 788 789 static void tpm_tis_gen_interrupt(struct tpm_chip *chip) 790 { 791 const char *desc = "attempting to generate an interrupt"; 792 u32 cap2; 793 cap_t cap; 794 int ret; 795 796 chip->flags |= TPM_CHIP_FLAG_IRQ; 797 798 if (chip->flags & TPM_CHIP_FLAG_TPM2) 799 ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc); 800 else 801 ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0); 802 803 if (ret) 804 chip->flags &= ~TPM_CHIP_FLAG_IRQ; 805 } 806 807 /* Register the IRQ and issue a command that will cause an interrupt. If an 808 * irq is seen then leave the chip setup for IRQ operation, otherwise reverse 809 * everything and leave in polling mode. Returns 0 on success. 810 */ 811 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask, 812 int flags, int irq) 813 { 814 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 815 u8 original_int_vec; 816 int rc; 817 u32 int_status; 818 819 820 rc = devm_request_threaded_irq(chip->dev.parent, irq, NULL, 821 tis_int_handler, IRQF_ONESHOT | flags, 822 dev_name(&chip->dev), chip); 823 if (rc) { 824 dev_info(&chip->dev, "Unable to request irq: %d for probe\n", 825 irq); 826 return -1; 827 } 828 priv->irq = irq; 829 830 rc = tpm_tis_request_locality(chip, 0); 831 if (rc < 0) 832 return rc; 833 834 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality), 835 &original_int_vec); 836 if (rc < 0) { 837 tpm_tis_relinquish_locality(chip, priv->locality); 838 return rc; 839 } 840 841 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq); 842 if (rc < 0) 843 goto restore_irqs; 844 845 rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status); 846 if (rc < 0) 847 goto restore_irqs; 848 849 /* Clear all existing */ 850 rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status); 851 if (rc < 0) 852 goto restore_irqs; 853 /* Turn on */ 854 rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), 855 intmask | TPM_GLOBAL_INT_ENABLE); 856 if (rc < 0) 857 goto restore_irqs; 858 859 clear_bit(TPM_TIS_IRQ_TESTED, &priv->flags); 860 861 /* Generate an interrupt by having the core call through to 862 * tpm_tis_send 863 */ 864 tpm_tis_gen_interrupt(chip); 865 866 restore_irqs: 867 /* tpm_tis_send will either confirm the interrupt is working or it 868 * will call disable_irq which undoes all of the above. 869 */ 870 if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) { 871 tpm_tis_write8(priv, original_int_vec, 872 TPM_INT_VECTOR(priv->locality)); 873 rc = -1; 874 } 875 876 tpm_tis_relinquish_locality(chip, priv->locality); 877 878 return rc; 879 } 880 881 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that 882 * do not have ACPI/etc. We typically expect the interrupt to be declared if 883 * present. 884 */ 885 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask) 886 { 887 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 888 u8 original_int_vec; 889 int i, rc; 890 891 rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality), 892 &original_int_vec); 893 if (rc < 0) 894 return; 895 896 if (!original_int_vec) { 897 if (IS_ENABLED(CONFIG_X86)) 898 for (i = 3; i <= 15; i++) 899 if (!tpm_tis_probe_irq_single(chip, intmask, 0, 900 i)) 901 return; 902 } else if (!tpm_tis_probe_irq_single(chip, intmask, 0, 903 original_int_vec)) 904 return; 905 } 906 907 void tpm_tis_remove(struct tpm_chip *chip) 908 { 909 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 910 u32 reg = TPM_INT_ENABLE(priv->locality); 911 u32 interrupt; 912 int rc; 913 914 tpm_tis_clkrun_enable(chip, true); 915 916 rc = tpm_tis_read32(priv, reg, &interrupt); 917 if (rc < 0) 918 interrupt = 0; 919 920 tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt); 921 922 tpm_tis_clkrun_enable(chip, false); 923 924 if (priv->ilb_base_addr) 925 iounmap(priv->ilb_base_addr); 926 } 927 EXPORT_SYMBOL_GPL(tpm_tis_remove); 928 929 /** 930 * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration 931 * of a single TPM command 932 * @chip: TPM chip to use 933 * @value: 1 - Disable CLKRUN protocol, so that clocks are free running 934 * 0 - Enable CLKRUN protocol 935 * Call this function directly in tpm_tis_remove() in error or driver removal 936 * path, since the chip->ops is set to NULL in tpm_chip_unregister(). 937 */ 938 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value) 939 { 940 struct tpm_tis_data *data = dev_get_drvdata(&chip->dev); 941 u32 clkrun_val; 942 943 if (!IS_ENABLED(CONFIG_X86) || !is_bsw() || 944 !data->ilb_base_addr) 945 return; 946 947 if (value) { 948 data->clkrun_enabled++; 949 if (data->clkrun_enabled > 1) 950 return; 951 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); 952 953 /* Disable LPC CLKRUN# */ 954 clkrun_val &= ~LPC_CLKRUN_EN; 955 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); 956 957 /* 958 * Write any random value on port 0x80 which is on LPC, to make 959 * sure LPC clock is running before sending any TPM command. 960 */ 961 outb(0xCC, 0x80); 962 } else { 963 data->clkrun_enabled--; 964 if (data->clkrun_enabled) 965 return; 966 967 clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET); 968 969 /* Enable LPC CLKRUN# */ 970 clkrun_val |= LPC_CLKRUN_EN; 971 iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET); 972 973 /* 974 * Write any random value on port 0x80 which is on LPC, to make 975 * sure LPC clock is running before sending any TPM command. 976 */ 977 outb(0xCC, 0x80); 978 } 979 } 980 981 static const struct tpm_class_ops tpm_tis = { 982 .flags = TPM_OPS_AUTO_STARTUP, 983 .status = tpm_tis_status, 984 .recv = tpm_tis_recv, 985 .send = tpm_tis_send, 986 .cancel = tpm_tis_ready, 987 .update_timeouts = tpm_tis_update_timeouts, 988 .update_durations = tpm_tis_update_durations, 989 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 990 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 991 .req_canceled = tpm_tis_req_canceled, 992 .request_locality = tpm_tis_request_locality, 993 .relinquish_locality = tpm_tis_relinquish_locality, 994 .clk_enable = tpm_tis_clkrun_enable, 995 }; 996 997 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, 998 const struct tpm_tis_phy_ops *phy_ops, 999 acpi_handle acpi_dev_handle) 1000 { 1001 u32 vendor; 1002 u32 intfcaps; 1003 u32 intmask; 1004 u32 clkrun_val; 1005 u8 rid; 1006 int rc, probe; 1007 struct tpm_chip *chip; 1008 1009 chip = tpmm_chip_alloc(dev, &tpm_tis); 1010 if (IS_ERR(chip)) 1011 return PTR_ERR(chip); 1012 1013 #ifdef CONFIG_ACPI 1014 chip->acpi_dev_handle = acpi_dev_handle; 1015 #endif 1016 1017 chip->hwrng.quality = priv->rng_quality; 1018 1019 /* Maximum timeouts */ 1020 chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX); 1021 chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX); 1022 chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX); 1023 chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX); 1024 priv->timeout_min = TPM_TIMEOUT_USECS_MIN; 1025 priv->timeout_max = TPM_TIMEOUT_USECS_MAX; 1026 priv->phy_ops = phy_ops; 1027 priv->locality_count = 0; 1028 mutex_init(&priv->locality_count_mutex); 1029 1030 dev_set_drvdata(&chip->dev, priv); 1031 1032 rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor); 1033 if (rc < 0) 1034 return rc; 1035 1036 priv->manufacturer_id = vendor; 1037 1038 if (priv->manufacturer_id == TPM_VID_ATML && 1039 !(chip->flags & TPM_CHIP_FLAG_TPM2)) { 1040 priv->timeout_min = TIS_TIMEOUT_MIN_ATML; 1041 priv->timeout_max = TIS_TIMEOUT_MAX_ATML; 1042 } 1043 1044 if (is_bsw()) { 1045 priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR, 1046 ILB_REMAP_SIZE); 1047 if (!priv->ilb_base_addr) 1048 return -ENOMEM; 1049 1050 clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET); 1051 /* Check if CLKRUN# is already not enabled in the LPC bus */ 1052 if (!(clkrun_val & LPC_CLKRUN_EN)) { 1053 iounmap(priv->ilb_base_addr); 1054 priv->ilb_base_addr = NULL; 1055 } 1056 } 1057 1058 if (chip->ops->clk_enable != NULL) 1059 chip->ops->clk_enable(chip, true); 1060 1061 if (wait_startup(chip, 0) != 0) { 1062 rc = -ENODEV; 1063 goto out_err; 1064 } 1065 1066 /* Take control of the TPM's interrupt hardware and shut it off */ 1067 rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); 1068 if (rc < 0) 1069 goto out_err; 1070 1071 /* Figure out the capabilities */ 1072 rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps); 1073 if (rc < 0) 1074 goto out_err; 1075 1076 dev_dbg(dev, "TPM interface capabilities (0x%x):\n", 1077 intfcaps); 1078 if (intfcaps & TPM_INTF_BURST_COUNT_STATIC) 1079 dev_dbg(dev, "\tBurst Count Static\n"); 1080 if (intfcaps & TPM_INTF_CMD_READY_INT) { 1081 intmask |= TPM_INTF_CMD_READY_INT; 1082 dev_dbg(dev, "\tCommand Ready Int Support\n"); 1083 } 1084 if (intfcaps & TPM_INTF_INT_EDGE_FALLING) 1085 dev_dbg(dev, "\tInterrupt Edge Falling\n"); 1086 if (intfcaps & TPM_INTF_INT_EDGE_RISING) 1087 dev_dbg(dev, "\tInterrupt Edge Rising\n"); 1088 if (intfcaps & TPM_INTF_INT_LEVEL_LOW) 1089 dev_dbg(dev, "\tInterrupt Level Low\n"); 1090 if (intfcaps & TPM_INTF_INT_LEVEL_HIGH) 1091 dev_dbg(dev, "\tInterrupt Level High\n"); 1092 if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT) { 1093 intmask |= TPM_INTF_LOCALITY_CHANGE_INT; 1094 dev_dbg(dev, "\tLocality Change Int Support\n"); 1095 } 1096 if (intfcaps & TPM_INTF_STS_VALID_INT) { 1097 intmask |= TPM_INTF_STS_VALID_INT; 1098 dev_dbg(dev, "\tSts Valid Int Support\n"); 1099 } 1100 if (intfcaps & TPM_INTF_DATA_AVAIL_INT) { 1101 intmask |= TPM_INTF_DATA_AVAIL_INT; 1102 dev_dbg(dev, "\tData Avail Int Support\n"); 1103 } 1104 1105 intmask &= ~TPM_GLOBAL_INT_ENABLE; 1106 1107 rc = tpm_tis_request_locality(chip, 0); 1108 if (rc < 0) { 1109 rc = -ENODEV; 1110 goto out_err; 1111 } 1112 1113 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); 1114 tpm_tis_relinquish_locality(chip, 0); 1115 1116 rc = tpm_chip_start(chip); 1117 if (rc) 1118 goto out_err; 1119 rc = tpm2_probe(chip); 1120 tpm_chip_stop(chip); 1121 if (rc) 1122 goto out_err; 1123 1124 rc = tpm_tis_read8(priv, TPM_RID(0), &rid); 1125 if (rc < 0) 1126 goto out_err; 1127 1128 dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n", 1129 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2", 1130 vendor >> 16, rid); 1131 1132 probe = probe_itpm(chip); 1133 if (probe < 0) { 1134 rc = -ENODEV; 1135 goto out_err; 1136 } 1137 1138 /* INTERRUPT Setup */ 1139 init_waitqueue_head(&priv->read_queue); 1140 init_waitqueue_head(&priv->int_queue); 1141 1142 rc = tpm_chip_bootstrap(chip); 1143 if (rc) 1144 goto out_err; 1145 1146 if (irq != -1) { 1147 /* 1148 * Before doing irq testing issue a command to the TPM in polling mode 1149 * to make sure it works. May as well use that command to set the 1150 * proper timeouts for the driver. 1151 */ 1152 1153 rc = tpm_tis_request_locality(chip, 0); 1154 if (rc < 0) 1155 goto out_err; 1156 1157 rc = tpm_get_timeouts(chip); 1158 1159 tpm_tis_relinquish_locality(chip, 0); 1160 1161 if (rc) { 1162 dev_err(dev, "Could not get TPM timeouts and durations\n"); 1163 rc = -ENODEV; 1164 goto out_err; 1165 } 1166 1167 if (irq) 1168 tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED, 1169 irq); 1170 else 1171 tpm_tis_probe_irq(chip, intmask); 1172 1173 if (chip->flags & TPM_CHIP_FLAG_IRQ) { 1174 priv->int_mask = intmask; 1175 } else { 1176 dev_err(&chip->dev, FW_BUG 1177 "TPM interrupt not working, polling instead\n"); 1178 1179 rc = tpm_tis_request_locality(chip, 0); 1180 if (rc < 0) 1181 goto out_err; 1182 disable_interrupts(chip); 1183 tpm_tis_relinquish_locality(chip, 0); 1184 } 1185 } 1186 1187 rc = tpm_chip_register(chip); 1188 if (rc) 1189 goto out_err; 1190 1191 if (chip->ops->clk_enable != NULL) 1192 chip->ops->clk_enable(chip, false); 1193 1194 return 0; 1195 out_err: 1196 if (chip->ops->clk_enable != NULL) 1197 chip->ops->clk_enable(chip, false); 1198 1199 tpm_tis_remove(chip); 1200 1201 return rc; 1202 } 1203 EXPORT_SYMBOL_GPL(tpm_tis_core_init); 1204 1205 #ifdef CONFIG_PM_SLEEP 1206 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip) 1207 { 1208 struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); 1209 u32 intmask; 1210 int rc; 1211 1212 if (chip->ops->clk_enable != NULL) 1213 chip->ops->clk_enable(chip, true); 1214 1215 /* reenable interrupts that device may have lost or 1216 * BIOS/firmware may have disabled 1217 */ 1218 rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq); 1219 if (rc < 0) 1220 goto out; 1221 1222 intmask = priv->int_mask | TPM_GLOBAL_INT_ENABLE; 1223 1224 tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); 1225 1226 out: 1227 if (chip->ops->clk_enable != NULL) 1228 chip->ops->clk_enable(chip, false); 1229 1230 return; 1231 } 1232 1233 int tpm_tis_resume(struct device *dev) 1234 { 1235 struct tpm_chip *chip = dev_get_drvdata(dev); 1236 int ret; 1237 1238 ret = tpm_tis_request_locality(chip, 0); 1239 if (ret < 0) 1240 return ret; 1241 1242 if (chip->flags & TPM_CHIP_FLAG_IRQ) 1243 tpm_tis_reenable_interrupts(chip); 1244 1245 ret = tpm_pm_resume(dev); 1246 if (ret) 1247 goto out; 1248 1249 /* 1250 * TPM 1.2 requires self-test on resume. This function actually returns 1251 * an error code but for unknown reason it isn't handled. 1252 */ 1253 if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) 1254 tpm1_do_selftest(chip); 1255 out: 1256 tpm_tis_relinquish_locality(chip, 0); 1257 1258 return ret; 1259 } 1260 EXPORT_SYMBOL_GPL(tpm_tis_resume); 1261 #endif 1262 1263 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1264 MODULE_DESCRIPTION("TPM Driver"); 1265 MODULE_VERSION("2.0"); 1266 MODULE_LICENSE("GPL"); 1267