2 * Copyright (c) 2018 Stormshield.
3 * Copyright (c) 2018 Semihalf.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
19 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
23 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
34 * TIS register space as defined in
35 * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
37 #define TPM_ACCESS 0x0
38 #define TPM_INT_ENABLE 0x8
39 #define TPM_INT_VECTOR 0xc
40 #define TPM_INT_STS 0x10
41 #define TPM_INTF_CAPS 0x14
43 #define TPM_DATA_FIFO 0x24
44 #define TPM_INTF_ID 0x30
45 #define TPM_XDATA_FIFO 0x80
46 #define TPM_DID_VID 0xF00
49 #define TPM_ACCESS_LOC_REQ BIT(1)
50 #define TPM_ACCESS_LOC_Seize BIT(3)
51 #define TPM_ACCESS_LOC_ACTIVE BIT(5)
52 #define TPM_ACCESS_LOC_RELINQUISH BIT(5)
53 #define TPM_ACCESS_VALID BIT(7)
55 #define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31)
56 #define TPM_INT_ENABLE_CMD_RDY BIT(7)
57 #define TPM_INT_ENABLE_LOC_CHANGE BIT(2)
58 #define TPM_INT_ENABLE_STS_VALID BIT(1)
59 #define TPM_INT_ENABLE_DATA_AVAIL BIT(0)
61 #define TPM_INT_STS_CMD_RDY BIT(7)
62 #define TPM_INT_STS_LOC_CHANGE BIT(2)
63 #define TPM_INT_STS_VALID BIT(1)
64 #define TPM_INT_STS_DATA_AVAIL BIT(0)
66 #define TPM_INTF_CAPS_VERSION 0x70000000
67 #define TPM_INTF_CAPS_TPM20 0x30000000
69 #define TPM_STS_VALID BIT(7)
70 #define TPM_STS_CMD_RDY BIT(6)
71 #define TPM_STS_CMD_START BIT(5)
72 #define TPM_STS_DATA_AVAIL BIT(4)
73 #define TPM_STS_DATA_EXPECTED BIT(3)
74 #define TPM_STS_BURST_MASK 0xFFFF00
75 #define TPM_STS_BURST_OFFSET 0x8
77 static int tpmtis_transmit(struct tpm_sc *sc, size_t length);
79 static int tpmtis_acpi_probe(device_t dev);
80 static int tpmtis_attach(device_t dev);
81 static int tpmtis_detach(device_t dev);
83 static void tpmtis_intr_handler(void *arg);
85 static void tpmtis_setup_intr(struct tpm_sc *sc);
87 static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
88 static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf);
89 static bool tpmtis_request_locality(struct tpm_sc *sc, int locality);
90 static void tpmtis_relinquish_locality(struct tpm_sc *sc);
91 static bool tpmtis_go_ready(struct tpm_sc *sc);
93 static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off,
94 uint32_t mask, uint32_t val, int32_t timeout);
96 static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc);
98 char *tpmtis_ids[] = {"MSFT0101", NULL};
101 tpmtis_acpi_probe(device_t dev)
104 ACPI_TABLE_TPM23 *tbl;
107 err = ACPI_ID_PROBE(device_get_parent(dev), dev, tpmtis_ids, NULL);
111 status = AcpiGetTable(ACPI_SIG_TPM2, 1, (ACPI_TABLE_HEADER **) &tbl);
112 if(ACPI_FAILURE(status) ||
113 tbl->StartMethod != TPM2_START_METHOD_TIS)
116 device_set_desc(dev, "Trusted Platform Module 2.0, FIFO mode");
121 tpmtis_attach(device_t dev)
126 sc = device_get_softc(dev);
128 sc->transmit = tpmtis_transmit;
131 sx_init(&sc->dev_lock, "TPM driver lock");
132 sc->buf = malloc(TPM_BUFSIZE, M_TPM20, M_WAITOK);
135 sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
137 if (sc->mem_res == NULL) {
143 sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
144 RF_ACTIVE | RF_SHAREABLE);
145 if (sc->irq_res == NULL)
148 result = bus_setup_intr(dev, sc->irq_res, INTR_TYPE_MISC | INTR_MPSAFE,
149 NULL, tpmtis_intr_handler, sc, &sc->intr_cookie);
151 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq_res);
154 tpmtis_setup_intr(sc);
157 result = tpm20_init(sc);
165 tpmtis_detach(device_t dev)
169 sc = device_get_softc(dev);
172 if (sc->intr_cookie != NULL)
173 bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
175 if (sc->irq_res != NULL)
176 bus_release_resource(dev, SYS_RES_IRQ,
177 sc->irq_rid, sc->irq_res);
179 if (sc->mem_res != NULL)
180 bus_release_resource(dev, SYS_RES_MEMORY,
181 sc->mem_rid, sc->mem_res);
187 * Test if the advertisted interrupt actually works.
188 * This sends a simple command. (GetRandom)
189 * Interrupts are then enabled in the handler.
192 tpmtis_test_intr(struct tpm_sc *sc)
195 0x80, 0x01, /* TPM_ST_NO_SESSIONS tag*/
196 0x00, 0x00, 0x00, 0x0c, /* cmd length */
197 0x00, 0x00, 0x01, 0x7b, /* cmd TPM_CC_GetRandom */
198 0x00, 0x01 /* number of bytes requested */
201 sx_xlock(&sc->dev_lock);
202 memcpy(sc->buf, cmd, sizeof(cmd));
203 tpmtis_transmit(sc, sizeof(cmd));
204 sc->pending_data_length = 0;
205 sx_xunlock(&sc->dev_lock);
209 tpmtis_setup_intr(struct tpm_sc *sc)
214 irq = bus_get_resource_start(sc->dev, SYS_RES_IRQ, sc->irq_rid);
217 * SIRQ has to be between 1 - 15.
218 * I found a system with ACPI table that reported a value of 0x2d.
219 * An attempt to use such value resulted in an interrupt storm.
221 if (irq == 0 || irq > 0xF)
224 if(!tpmtis_request_locality(sc, 0))
225 sc->interrupts = false;
227 WR1(sc, TPM_INT_VECTOR, irq);
229 /* Clear all pending interrupts. */
230 reg = RD4(sc, TPM_INT_STS);
231 WR4(sc, TPM_INT_STS, reg);
233 reg = RD4(sc, TPM_INT_ENABLE);
234 reg |= TPM_INT_ENABLE_GLOBAL_ENABLE |
235 TPM_INT_ENABLE_DATA_AVAIL |
236 TPM_INT_ENABLE_LOC_CHANGE |
237 TPM_INT_ENABLE_CMD_RDY |
238 TPM_INT_ENABLE_STS_VALID;
239 WR4(sc, TPM_INT_ENABLE, reg);
241 tpmtis_relinquish_locality(sc);
242 tpmtis_test_intr(sc);
246 tpmtis_intr_handler(void *arg)
251 sc = (struct tpm_sc *)arg;
252 status = RD4(sc, TPM_INT_STS);
254 WR4(sc, TPM_INT_STS, status);
256 /* Check for stray interrupts. */
257 if (sc->intr_type == -1 || (sc->intr_type & status) == 0)
260 sc->interrupts = true;
265 tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val,
269 /* Check for condition */
270 if ((RD4(sc, off) & mask) == val)
273 /* If interrupts are enabled sleep for timeout duration */
274 if(sc->interrupts && sc->intr_type != -1) {
275 tsleep(sc, PWAIT, "TPM WITH INTERRUPTS", timeout / tick);
278 return ((RD4(sc, off) & mask) == val);
281 /* If we don't have interrupts poll the device every tick */
282 while (timeout > 0) {
283 if ((RD4(sc, off) & mask) == val)
286 pause("TPM POLLING", 1);
293 tpmtis_wait_for_burst(struct tpm_sc *sc)
296 uint16_t burst_count;
298 timeout = TPM_TIMEOUT_A;
300 while (timeout-- > 0) {
301 burst_count = (RD4(sc, TPM_STS) & TPM_STS_BURST_MASK) >>
302 TPM_STS_BURST_OFFSET;
308 return (burst_count);
312 tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
314 uint16_t burst_count;
317 burst_count = tpmtis_wait_for_burst(sc);
318 if (burst_count == 0)
321 burst_count = MIN(burst_count, count);
322 count -= burst_count;
324 while (burst_count-- > 0)
325 *buf++ = RD1(sc, TPM_DATA_FIFO);
332 tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf)
334 uint16_t burst_count;
337 burst_count = tpmtis_wait_for_burst(sc);
338 if (burst_count == 0)
341 burst_count = MIN(burst_count, count);
342 count -= burst_count;
344 while (burst_count-- > 0)
345 WR1(sc, TPM_DATA_FIFO, *buf++);
352 tpmtis_request_locality(struct tpm_sc *sc, int locality)
357 /* Currently we only support Locality 0 */
361 mask = TPM_ACCESS_LOC_ACTIVE | TPM_ACCESS_VALID;
362 timeout = TPM_TIMEOUT_A;
363 sc->intr_type = TPM_INT_STS_LOC_CHANGE;
365 WR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_REQ);
366 bus_barrier(sc->mem_res, TPM_ACCESS, 1, BUS_SPACE_BARRIER_WRITE);
368 tsleep(sc, PWAIT, "TPMLOCREQUEST with INTR", timeout / tick);
369 return ((RD1(sc, TPM_ACCESS) & mask) == mask);
372 if ((RD1(sc, TPM_ACCESS) & mask) == mask)
375 pause("TPMLOCREQUEST POLLING", 1);
384 tpmtis_relinquish_locality(struct tpm_sc *sc)
388 * Interrupts can only be cleared when a locality is active.
389 * Clear them now in case interrupt handler didn't make it in time.
392 AND4(sc, TPM_INT_STS, RD4(sc, TPM_INT_STS));
394 OR1(sc, TPM_ACCESS, TPM_ACCESS_LOC_RELINQUISH);
398 tpmtis_go_ready(struct tpm_sc *sc)
402 mask = TPM_STS_CMD_RDY;
403 sc->intr_type = TPM_INT_STS_CMD_RDY;
405 WR4(sc, TPM_STS, TPM_STS_CMD_RDY);
406 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
407 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_B))
414 tpmtis_transmit(struct tpm_sc *sc, size_t length)
416 size_t bytes_available;
417 uint32_t mask, curr_cmd;
420 sx_assert(&sc->dev_lock, SA_XLOCKED);
422 if (!tpmtis_request_locality(sc, 0)) {
423 device_printf(sc->dev,
424 "Failed to obtain locality\n");
427 if (!tpmtis_go_ready(sc)) {
428 device_printf(sc->dev,
429 "Failed to switch to ready state\n");
432 if (!tpmtis_write_bytes(sc, length, sc->buf)) {
433 device_printf(sc->dev,
434 "Failed to write cmd to device\n");
438 mask = TPM_STS_VALID;
439 sc->intr_type = TPM_INT_STS_VALID;
440 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C)) {
441 device_printf(sc->dev,
442 "Timeout while waiting for valid bit\n");
445 if (RD4(sc, TPM_STS) & TPM_STS_DATA_EXPECTED) {
446 device_printf(sc->dev,
447 "Device expects more data even though we already"
448 " sent everything we had\n");
453 * Calculate timeout for current command.
454 * Command code is passed in bytes 6-10.
456 curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6]));
457 timeout = tpm20_get_timeout(curr_cmd);
459 WR4(sc, TPM_STS, TPM_STS_CMD_START);
460 bus_barrier(sc->mem_res, TPM_STS, 4, BUS_SPACE_BARRIER_WRITE);
462 mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
463 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
464 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, timeout)) {
465 device_printf(sc->dev,
466 "Timeout while waiting for device to process cmd\n");
468 * Switching to ready state also cancels processing
471 if (!tpmtis_go_ready(sc))
475 * After canceling a command we should get a response,
476 * check if there is one.
478 sc->intr_type = TPM_INT_STS_DATA_AVAIL;
479 if (!tpm_wait_for_u32(sc, TPM_STS, mask, mask, TPM_TIMEOUT_C))
482 /* Read response header. Length is passed in bytes 2 - 6. */
483 if(!tpmtis_read_bytes(sc, TPM_HEADER_SIZE, sc->buf)) {
484 device_printf(sc->dev,
485 "Failed to read response header\n");
488 bytes_available = be32toh(*(uint32_t *) (&sc->buf[2]));
490 if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) {
491 device_printf(sc->dev,
492 "Incorrect response size: %zu\n",
496 if(!tpmtis_read_bytes(sc, bytes_available - TPM_HEADER_SIZE,
497 &sc->buf[TPM_HEADER_SIZE])) {
498 device_printf(sc->dev,
499 "Failed to read response\n");
502 tpmtis_relinquish_locality(sc);
503 sc->pending_data_length = bytes_available;
509 static device_method_t tpmtis_methods[] = {
510 DEVMETHOD(device_probe, tpmtis_acpi_probe),
511 DEVMETHOD(device_attach, tpmtis_attach),
512 DEVMETHOD(device_detach, tpmtis_detach),
513 DEVMETHOD(device_shutdown, tpm20_shutdown),
514 DEVMETHOD(device_suspend, tpm20_suspend),
518 static driver_t tpmtis_driver = {
519 "tpmtis", tpmtis_methods, sizeof(struct tpm_sc),
522 DRIVER_MODULE(tpmtis, acpi, tpmtis_driver, 0, 0);
projects / FreeBSD / FreeBSD.git / blob