lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87y2i7b186.fsf@collabora.com>
Date:   Wed, 09 Dec 2020 14:41:45 +0200
From:   Adrian Ratiu <adrian.ratiu@...labora.com>
To:     Jarkko Sakkinen <jarkko@...nel.org>
Cc:     linux-integrity@...r.kernel.org, Peter Huewe <peterhuewe@....de>,
        Jason Gunthorpe <jgg@...pe.ca>, linux-kernel@...r.kernel.org,
        kernel@...labora.com,
        "dlaurie@...omium.org" <dlaurie@...omium.org>,
        Helen Koike <helen.koike@...labora.com>,
        Ezequiel Garcia <ezequiel@...labora.com>
Subject: Re: [PATCH v6] char: tpm: add i2c driver for cr50

On Tue, 08 Dec 2020, Jarkko Sakkinen <jarkko@...nel.org> wrote:
> On Mon, Dec 07, 2020 at 04:20:16PM +0200, Adrian Ratiu wrote: 
>> From: "dlaurie@...omium.org" <dlaurie@...omium.org>  Add TPM 
>> 2.0 compatible I2C interface for chips with cr50 firmware. 
>> The firmware running on the currently supported H1 MCU requires 
>> a special driver to handle its specific protocol, and this 
>> makes it unsuitable to use tpm_tis_core_* and instead it must 
>> implement the underlying TPM protocol similar to the other I2C 
>> TPM drivers.   - All 4 bytes of status register must be 
>> read/written at once.  - FIFO and burst count is limited to 63 
>> and must be drained by AP.  - Provides an interrupt to indicate 
>> when read response data is ready and when the TPM is finished 
>> processing write data.   This driver is based on the existing 
>> infineon I2C TPM driver, which most closely matches the cr50 
>> i2c protocol behavior. 
> 
> Starts to look legit. Has anyone tested this? 

I tested on an x86_64 Chromebook EVE (aka Google Pixelbook) by 
chainloading in legacy mode and booting into a Yocto-based 
userspace (meta-chromebook) where I used tpm2-tools to communicate 
with the chip and also built and tested a ChromiumOS userspace in 
developer mode.

I do not have access to other HW which has this chip, so it is 
about as much testing I can do to confirm the driver works on this 
HW.

Adrian

>
> /Jarkko
>
>> 
>> Cc: Helen Koike <helen.koike@...labora.com>
>> Cc: Jarkko Sakkinen <jarkko@...nel.org>
>> Cc: Ezequiel Garcia <ezequiel@...labora.com>
>> Signed-off-by: Duncan Laurie <dlaurie@...omium.org>
>> [swboyd@...omium.org: Depend on i2c even if it's a module, replace
>> boilier plate with SPDX tag, drop asm/byteorder.h include, simplify
>> return from probe]
>> Signed-off-by: Stephen Boyd <swboyd@...omium.org>
>> Signed-off-by: Fabien Lahoudere <fabien.lahoudere@...labora.com>
>> Signed-off-by: Adrian Ratiu <adrian.ratiu@...labora.com>
>> ---
>> Changes in v6:
>>   - Whitespace, code style and kdoc fixes (Jarkko)
>> 
>> Changes in v5:
>>   - Fix copyringht notice (Jarkko)
>>   - Drop CR50_NO/FORCE defines (Jarkko)
>>   - Rename irq handler arg dev_id -> tpm_info (Jarkko)
>>   - Whitespace, brakcets, christmas tree, `checkpatch --strict`, W=n fixes
>> 
>> Changes in v4:
>>   - Replace force_release enum with defines (Jarkko)
>> 
>> Changes in v3:
>>   - Misc small fixes (typos/renamings, comments, default values)
>>   - Moved i2c_write memcpy before lock to minimize critical section (Helen)
>>   - Dropped priv->locality because it stored a constant value (Helen)
>>   - Many kdoc, function name and style fixes in general (Jarkko)
>>   - Kept the force release enum instead of defines or bool (Ezequiel)
>> 
>> Changes in v2:
>>   - Various small fixes all over (reorder includes, MAX_BUFSIZE, comments, etc)
>>   - Reworked return values of i2c_wait_tpm_ready() to fix timeout mis-handling
>> so ret == 0 now means success, the wait period jiffies is ignored because that
>> number is meaningless and return a proper timeout error in case jiffies == 0.
>>   - Make i2c default to 1 message per transfer (requested by Helen)
>>   - Move -EIO error reporting to transfer function to cleanup transfer() itself
>> and its R/W callers
>>   - Remove magic value hardcodings and introduce enum force_release.
>> 
>> Applies on next-20201207, tested on Chromebook EVE.
>> ---
>>  drivers/char/tpm/Kconfig            |  10 +
>>  drivers/char/tpm/Makefile           |   2 +
>>  drivers/char/tpm/tpm_tis_i2c_cr50.c | 790 ++++++++++++++++++++++++++++
>>  3 files changed, 802 insertions(+)
>>  create mode 100644 drivers/char/tpm/tpm_tis_i2c_cr50.c
>> 
>> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
>> index a18c314da211..4308f9ca7a43 100644
>> --- a/drivers/char/tpm/Kconfig
>> +++ b/drivers/char/tpm/Kconfig
>> @@ -86,6 +86,16 @@ config TCG_TIS_SYNQUACER
>>  	  To compile this driver as a module, choose  M here;
>>  	  the module will be called tpm_tis_synquacer.
>>  
>> +config TCG_TIS_I2C_CR50
>> +	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
>> +	depends on I2C
>> +	select TCG_CR50
>> +	help
>> +	  This is a driver for the Google cr50 I2C TPM interface which is a
>> +	  custom microcontroller and requires a custom i2c protocol interface
>> +	  to handle the limitations of the hardware.  To compile this driver
>> +	  as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
>> +
>>  config TCG_TIS_I2C_ATMEL
>>  	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
>>  	depends on I2C
>> diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
>> index 84db4fb3a9c9..66d39ea6bd10 100644
>> --- a/drivers/char/tpm/Makefile
>> +++ b/drivers/char/tpm/Makefile
>> @@ -27,6 +27,8 @@ obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
>>  tpm_tis_spi-y := tpm_tis_spi_main.o
>>  tpm_tis_spi-$(CONFIG_TCG_TIS_SPI_CR50) += tpm_tis_spi_cr50.o
>>  
>> +obj-$(CONFIG_TCG_TIS_I2C_CR50) += tpm_tis_i2c_cr50.o
>> +
>>  obj-$(CONFIG_TCG_TIS_I2C_ATMEL) += tpm_i2c_atmel.o
>>  obj-$(CONFIG_TCG_TIS_I2C_INFINEON) += tpm_i2c_infineon.o
>>  obj-$(CONFIG_TCG_TIS_I2C_NUVOTON) += tpm_i2c_nuvoton.o
>> diff --git a/drivers/char/tpm/tpm_tis_i2c_cr50.c b/drivers/char/tpm/tpm_tis_i2c_cr50.c
>> new file mode 100644
>> index 000000000000..ec9a65e7887d
>> --- /dev/null
>> +++ b/drivers/char/tpm/tpm_tis_i2c_cr50.c
>> @@ -0,0 +1,790 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright 2020 Google Inc.
>> + *
>> + * Based on Infineon TPM driver by Peter Huewe.
>> + *
>> + * cr50 is a firmware for H1 secure modules that requires special
>> + * handling for the I2C interface.
>> + *
>> + * - Use an interrupt for transaction status instead of hardcoded delays.
>> + * - Must use write+wait+read read protocol.
>> + * - All 4 bytes of status register must be read/written at once.
>> + * - Burst count max is 63 bytes, and burst count behaves slightly differently
>> + *   than other I2C TPMs.
>> + * - When reading from FIFO the full burstcnt must be read instead of just
>> + *   reading header and determining the remainder.
>> + */
>> +
>> +#include <linux/acpi.h>
>> +#include <linux/completion.h>
>> +#include <linux/i2c.h>
>> +#include <linux/interrupt.h>
>> +#include <linux/module.h>
>> +#include <linux/pm.h>
>> +#include <linux/slab.h>
>> +#include <linux/wait.h>
>> +
>> +#include "tpm_tis_core.h"
>> +
>> +#define TPM_CR50_MAX_BUFSIZE		64
>> +#define TPM_CR50_TIMEOUT_SHORT_MS	2		/* Short timeout during transactions */
>> +#define TPM_CR50_TIMEOUT_NOIRQ_MS	20		/* Timeout for TPM ready without IRQ */
>> +#define TPM_CR50_I2C_DID_VID		0x00281ae0L	/* Device and vendor ID reg value */
>> +#define TPM_CR50_I2C_MAX_RETRIES	3		/* Max retries due to I2C errors */
>> +#define TPM_CR50_I2C_RETRY_DELAY_LO	55		/* Min usecs between retries on I2C */
>> +#define TPM_CR50_I2C_RETRY_DELAY_HI	65		/* Max usecs between retries on I2C */
>> +
>> +#define TPM_I2C_ACCESS(l)	(0x0000 | ((l) << 4))
>> +#define TPM_I2C_STS(l)		(0x0001 | ((l) << 4))
>> +#define TPM_I2C_DATA_FIFO(l)	(0x0005 | ((l) << 4))
>> +#define TPM_I2C_DID_VID(l)	(0x0006 | ((l) << 4))
>> +
>> +/**
>> + * struct tpm_i2c_cr50_priv_data - Driver private data.
>> + * @irq:	Irq number used for this chip.
>> + *		If irq <= 0, then a fixed timeout is used instead of waiting for irq.
>> + * @tpm_ready:	Struct used by irq handler to signal R/W readiness.
>> + * @buf:	Buffer used for i2c writes, with i2c address prepended to content.
>> + *
>> + * Private driver struct used by kernel threads and interrupt context.
>> + */
>> +struct tpm_i2c_cr50_priv_data {
>> +	int irq;
>> +	struct completion tpm_ready;
>> +	u8 buf[TPM_CR50_MAX_BUFSIZE];
>> +};
>> +
>> +/**
>> + * tpm_cr50_i2c_int_handler() - cr50 interrupt handler.
>> + * @dummy:	Unused parameter.
>> + * @tpm_info:	TPM chip information.
>> + *
>> + * The cr50 interrupt handler signals waiting threads that the
>> + * interrupt has been asserted. It does not do any interrupt triggered
>> + * processing but is instead used to avoid fixed delays.
>> + *
>> + * Return:
>> + *	IRQ_HANDLED signifies irq was handled by this device.
>> + */
>> +static irqreturn_t tpm_cr50_i2c_int_handler(int dummy, void *tpm_info)
>> +{
>> +	struct tpm_chip *chip = tpm_info;
>> +	struct tpm_i2c_cr50_priv_data *priv = dev_get_drvdata(&chip->dev);
>> +
>> +	complete(&priv->tpm_ready);
>> +
>> +	return IRQ_HANDLED;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_wait_tpm_ready() - Wait for tpm to signal ready.
>> + * @chip: A TPM chip.
>> + *
>> + * Wait for completion interrupt if available, otherwise use a fixed
>> + * delay for the TPM to be ready.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_wait_tpm_ready(struct tpm_chip *chip)
>> +{
>> +	struct tpm_i2c_cr50_priv_data *priv = dev_get_drvdata(&chip->dev);
>> +
>> +	/* Use a safe fixed delay if interrupt is not supported */
>> +	if (priv->irq <= 0) {
>> +		msleep(TPM_CR50_TIMEOUT_NOIRQ_MS);
>> +		return 0;
>> +	}
>> +
>> +	/* Wait for interrupt to indicate TPM is ready to respond */
>> +	if (!wait_for_completion_timeout(&priv->tpm_ready,
>> +					 msecs_to_jiffies(chip->timeout_a))) {
>> +		dev_warn(&chip->dev, "Timeout waiting for TPM ready\n");
>> +		return -ETIMEDOUT;
>> +	}
>> +
>> +	return 0;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_enable_tpm_irq() - Enable TPM irq.
>> + * @chip: A TPM chip.
>> + */
>> +static void tpm_cr50_i2c_enable_tpm_irq(struct tpm_chip *chip)
>> +{
>> +	struct tpm_i2c_cr50_priv_data *priv = dev_get_drvdata(&chip->dev);
>> +
>> +	if (priv->irq > 0) {
>> +		reinit_completion(&priv->tpm_ready);
>> +		enable_irq(priv->irq);
>> +	}
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_disable_tpm_irq() - Disable TPM irq.
>> + * @chip: A TPM chip.
>> + */
>> +static void tpm_cr50_i2c_disable_tpm_irq(struct tpm_chip *chip)
>> +{
>> +	struct tpm_i2c_cr50_priv_data *priv = dev_get_drvdata(&chip->dev);
>> +
>> +	if (priv->irq > 0)
>> +		disable_irq(priv->irq);
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_transfer_message() - Transfer a message over i2c.
>> + * @dev:	Device information.
>> + * @adapter:	I2C adapter.
>> + * @msg:	Message to transfer.
>> + *
>> + * Call unlocked i2c transfer routine with the provided parameters and
>> + * retry in case of bus errors.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_transfer_message(struct device *dev,
>> +					 struct i2c_adapter *adapter,
>> +					 struct i2c_msg *msg)
>> +{
>> +	unsigned int try;
>> +	int rc;
>> +
>> +	for (try = 0; try < TPM_CR50_I2C_MAX_RETRIES; try++) {
>> +		rc = __i2c_transfer(adapter, msg, 1);
>> +		if (rc == 1)
>> +			return 0; /* Successfully transferred the message */
>> +		if (try)
>> +			dev_warn(dev, "i2c transfer failed (attempt %d/%d): %d\n",
>> +				 try + 1, TPM_CR50_I2C_MAX_RETRIES, rc);
>> +		usleep_range(TPM_CR50_I2C_RETRY_DELAY_LO, TPM_CR50_I2C_RETRY_DELAY_HI);
>> +	}
>> +
>> +	/* No i2c message transferred */
>> +	return -EIO;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_read() - Read from TPM register.
>> + * @chip:	A TPM chip.
>> + * @addr:	Register address to read from.
>> + * @buffer:	Read destination, provided by caller.
>> + * @len:	Number of bytes to read.
>> + *
>> + * Sends the register address byte to the TPM, then waits until TPM
>> + * is ready via interrupt signal or timeout expiration, then 'len'
>> + * bytes are read from TPM response into the provided 'buffer'.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_read(struct tpm_chip *chip, u8 addr, u8 *buffer, size_t len)
>> +{
>> +	struct i2c_client *client = to_i2c_client(chip->dev.parent);
>> +	struct i2c_msg msg_reg_addr = {
>> +		.addr = client->addr,
>> +		.len = 1,
>> +		.buf = &addr
>> +	};
>> +	struct i2c_msg msg_response = {
>> +		.addr = client->addr,
>> +		.flags = I2C_M_RD,
>> +		.len = len,
>> +		.buf = buffer
>> +	};
>> +	int rc;
>> +
>> +	i2c_lock_bus(client->adapter, I2C_LOCK_SEGMENT);
>> +
>> +	/* Prepare for completion interrupt */
>> +	tpm_cr50_i2c_enable_tpm_irq(chip);
>> +
>> +	/* Send the register address byte to the TPM */
>> +	rc = tpm_cr50_i2c_transfer_message(&chip->dev, client->adapter, &msg_reg_addr);
>> +	if (rc < 0)
>> +		goto out;
>> +
>> +	/* Wait for TPM to be ready with response data */
>> +	rc = tpm_cr50_i2c_wait_tpm_ready(chip);
>> +	if (rc < 0)
>> +		goto out;
>> +
>> +	/* Read response data from the TPM */
>> +	rc = tpm_cr50_i2c_transfer_message(&chip->dev, client->adapter, &msg_response);
>> +
>> +out:
>> +	tpm_cr50_i2c_disable_tpm_irq(chip);
>> +	i2c_unlock_bus(client->adapter, I2C_LOCK_SEGMENT);
>> +
>> +	if (rc < 0)
>> +		return rc;
>> +
>> +	return 0;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_write()- Write to TPM register.
>> + * @chip:	A TPM chip.
>> + * @addr:	Register address to write to.
>> + * @buffer:	Data to write.
>> + * @len:	Number of bytes to write.
>> + *
>> + * The provided address is prepended to the data in 'buffer', the
>> + * cobined address+data is sent to the TPM, then wait for TPM to
>> + * indicate it is done writing.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_write(struct tpm_chip *chip, u8 addr, u8 *buffer,
>> +			      size_t len)
>> +{
>> +	struct tpm_i2c_cr50_priv_data *priv = dev_get_drvdata(&chip->dev);
>> +	struct i2c_client *client = to_i2c_client(chip->dev.parent);
>> +	struct i2c_msg msg = {
>> +		.addr = client->addr,
>> +		.len = len + 1,
>> +		.buf = priv->buf
>> +	};
>> +	int rc;
>> +
>> +	if (len > TPM_CR50_MAX_BUFSIZE - 1)
>> +		return -EINVAL;
>> +
>> +	/* Prepend the 'register address' to the buffer */
>> +	priv->buf[0] = addr;
>> +	memcpy(priv->buf + 1, buffer, len);
>> +
>> +	i2c_lock_bus(client->adapter, I2C_LOCK_SEGMENT);
>> +
>> +	/* Prepare for completion interrupt */
>> +	tpm_cr50_i2c_enable_tpm_irq(chip);
>> +
>> +	/* Send write request buffer with address */
>> +	rc = tpm_cr50_i2c_transfer_message(&chip->dev, client->adapter, &msg);
>> +	if (rc < 0)
>> +		goto out;
>> +
>> +	/* Wait for TPM to be ready, ignore timeout */
>> +	tpm_cr50_i2c_wait_tpm_ready(chip);
>> +
>> +out:
>> +	tpm_cr50_i2c_disable_tpm_irq(chip);
>> +	i2c_unlock_bus(client->adapter, I2C_LOCK_SEGMENT);
>> +
>> +	if (rc < 0)
>> +		return rc;
>> +
>> +	return 0;
>> +}
>> +
>> +/**
>> + * tpm_cr50_check_locality() - Verify TPM locality 0 is active.
>> + * @chip: A TPM chip.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_check_locality(struct tpm_chip *chip)
>> +{
>> +	u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
>> +	u8 buf;
>> +	int rc;
>> +
>> +	rc = tpm_cr50_i2c_read(chip, TPM_I2C_ACCESS(0), &buf, sizeof(buf));
>> +	if (rc < 0)
>> +		return rc;
>> +
>> +	if ((buf & mask) == mask)
>> +		return 0;
>> +
>> +	return -EIO;
>> +}
>> +
>> +/**
>> + * tpm_cr50_release_locality() - Release TPM locality.
>> + * @chip:	A TPM chip.
>> + * @force:	Flag to force release if set.
>> + */
>> +static void tpm_cr50_release_locality(struct tpm_chip *chip, bool force)
>> +{
>> +	u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
>> +	u8 addr = TPM_I2C_ACCESS(0);
>> +	u8 buf;
>> +
>> +	if (tpm_cr50_i2c_read(chip, addr, &buf, sizeof(buf)) < 0)
>> +		return;
>> +
>> +	if (force || (buf & mask) == mask) {
>> +		buf = TPM_ACCESS_ACTIVE_LOCALITY;
>> +		tpm_cr50_i2c_write(chip, addr, &buf, sizeof(buf));
>> +	}
>> +}
>> +
>> +/**
>> + * tpm_cr50_request_locality() - Request TPM locality 0.
>> + * @chip: A TPM chip.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_request_locality(struct tpm_chip *chip)
>> +{
>> +	u8 buf = TPM_ACCESS_REQUEST_USE;
>> +	unsigned long stop;
>> +	int rc;
>> +
>> +	if (!tpm_cr50_check_locality(chip))
>> +		return 0;
>> +
>> +	rc = tpm_cr50_i2c_write(chip, TPM_I2C_ACCESS(0), &buf, sizeof(buf));
>> +	if (rc < 0)
>> +		return rc;
>> +
>> +	stop = jiffies + chip->timeout_a;
>> +	do {
>> +		if (!tpm_cr50_check_locality(chip))
>> +			return 0;
>> +
>> +		msleep(TPM_CR50_TIMEOUT_SHORT_MS);
>> +	} while (time_before(jiffies, stop));
>> +
>> +	return -ETIMEDOUT;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_tis_status() - Read cr50 tis status.
>> + * @chip: A TPM chip.
>> + *
>> + * cr50 requires all 4 bytes of status register to be read.
>> + *
>> + * Return:
>> + *	TPM status byte.
>> + */
>> +static u8 tpm_cr50_i2c_tis_status(struct tpm_chip *chip)
>> +{
>> +	u8 buf[4];
>> +
>> +	if (tpm_cr50_i2c_read(chip, TPM_I2C_STS(0), buf, sizeof(buf)) < 0)
>> +		return 0;
>> +
>> +	return buf[0];
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_tis_set_ready() - Set status register to ready.
>> + * @chip: A TPM chip.
>> + *
>> + * cr50 requires all 4 bytes of status register to be written.
>> + */
>> +static void tpm_cr50_i2c_tis_set_ready(struct tpm_chip *chip)
>> +{
>> +	u8 buf[4] = { TPM_STS_COMMAND_READY };
>> +
>> +	tpm_cr50_i2c_write(chip, TPM_I2C_STS(0), buf, sizeof(buf));
>> +	msleep(TPM_CR50_TIMEOUT_SHORT_MS);
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_get_burst_and_status() - Get burst count and status.
>> + * @chip:	A TPM chip.
>> + * @mask:	Status mask.
>> + * @burst:	Return value for burst.
>> + * @status:	Return value for status.
>> + *
>> + * cr50 uses bytes 3:2 of status register for burst count and
>> + * all 4 bytes must be read.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_get_burst_and_status(struct tpm_chip *chip, u8 mask,
>> +					     size_t *burst, u32 *status)
>> +{
>> +	unsigned long stop;
>> +	u8 buf[4];
>> +
>> +	*status = 0;
>> +
>> +	/* wait for burstcount */
>> +	stop = jiffies + chip->timeout_b;
>> +
>> +	do {
>> +		if (tpm_cr50_i2c_read(chip, TPM_I2C_STS(0), buf, sizeof(buf)) < 0) {
>> +			msleep(TPM_CR50_TIMEOUT_SHORT_MS);
>> +			continue;
>> +		}
>> +
>> +		*status = *buf;
>> +		*burst = le16_to_cpup((__le16 *)(buf + 1));
>> +
>> +		if ((*status & mask) == mask &&
>> +		    *burst > 0 && *burst <= TPM_CR50_MAX_BUFSIZE - 1)
>> +			return 0;
>> +
>> +		msleep(TPM_CR50_TIMEOUT_SHORT_MS);
>> +	} while (time_before(jiffies, stop));
>> +
>> +	dev_err(&chip->dev, "Timeout reading burst and status\n");
>> +	return -ETIMEDOUT;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_tis_recv() - TPM reception callback.
>> + * @chip:	A TPM chip.
>> + * @buf:	Reception buffer.
>> + * @buf_len:	Buffer length to read.
>> + *
>> + * Return:
>> + * - >= 0:	Number of read bytes.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_tis_recv(struct tpm_chip *chip, u8 *buf, size_t buf_len)
>> +{
>> +
>> +	u8 mask = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
>> +	size_t burstcnt, cur, len, expected;
>> +	u8 addr = TPM_I2C_DATA_FIFO(0);
>> +	u32 status;
>> +	int rc;
>> +
>> +	if (buf_len < TPM_HEADER_SIZE)
>> +		return -EINVAL;
>> +
>> +	rc = tpm_cr50_i2c_get_burst_and_status(chip, mask, &burstcnt, &status);
>> +	if (rc < 0)
>> +		goto out_err;
>> +
>> +	if (burstcnt > buf_len || burstcnt < TPM_HEADER_SIZE) {
>> +		dev_err(&chip->dev,
>> +			"Unexpected burstcnt: %zu (max=%zu, min=%d)\n",
>> +			burstcnt, buf_len, TPM_HEADER_SIZE);
>> +		rc = -EIO;
>> +		goto out_err;
>> +	}
>> +
>> +	/* Read first chunk of burstcnt bytes */
>> +	rc = tpm_cr50_i2c_read(chip, addr, buf, burstcnt);
>> +	if (rc < 0) {
>> +		dev_err(&chip->dev, "Read of first chunk failed\n");
>> +		goto out_err;
>> +	}
>> +
>> +	/* Determine expected data in the return buffer */
>> +	expected = be32_to_cpup((__be32 *)(buf + 2));
>> +	if (expected > buf_len) {
>> +		dev_err(&chip->dev, "Buffer too small to receive i2c data\n");
>> +		goto out_err;
>> +	}
>> +
>> +	/* Now read the rest of the data */
>> +	cur = burstcnt;
>> +	while (cur < expected) {
>> +		/* Read updated burst count and check status */
>> +		rc = tpm_cr50_i2c_get_burst_and_status(chip, mask, &burstcnt, &status);
>> +		if (rc < 0)
>> +			goto out_err;
>> +
>> +		len = min_t(size_t, burstcnt, expected - cur);
>> +		rc = tpm_cr50_i2c_read(chip, addr, buf + cur, len);
>> +		if (rc < 0) {
>> +			dev_err(&chip->dev, "Read failed\n");
>> +			goto out_err;
>> +		}
>> +
>> +		cur += len;
>> +	}
>> +
>> +	/* Ensure TPM is done reading data */
>> +	rc = tpm_cr50_i2c_get_burst_and_status(chip, TPM_STS_VALID, &burstcnt, &status);
>> +	if (rc < 0)
>> +		goto out_err;
>> +	if (status & TPM_STS_DATA_AVAIL) {
>> +		dev_err(&chip->dev, "Data still available\n");
>> +		rc = -EIO;
>> +		goto out_err;
>> +	}
>> +
>> +	tpm_cr50_release_locality(chip, false);
>> +	return cur;
>> +
>> +out_err:
>> +	/* Abort current transaction if still pending */
>> +	if (tpm_cr50_i2c_tis_status(chip) & TPM_STS_COMMAND_READY)
>> +		tpm_cr50_i2c_tis_set_ready(chip);
>> +
>> +	tpm_cr50_release_locality(chip, false);
>> +	return rc;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_tis_send() - TPM transmission callback.
>> + * @chip:	A TPM chip.
>> + * @buf:	Buffer to send.
>> + * @len:	Buffer length.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
>> +{
>> +	size_t burstcnt, limit, sent = 0;
>> +	u8 tpm_go[4] = { TPM_STS_GO };
>> +	unsigned long stop;
>> +	u32 status;
>> +	int rc;
>> +
>> +	rc = tpm_cr50_request_locality(chip);
>> +	if (rc < 0)
>> +		return rc;
>> +
>> +	/* Wait until TPM is ready for a command */
>> +	stop = jiffies + chip->timeout_b;
>> +	while (!(tpm_cr50_i2c_tis_status(chip) & TPM_STS_COMMAND_READY)) {
>> +		if (time_after(jiffies, stop)) {
>> +			rc = -ETIMEDOUT;
>> +			goto out_err;
>> +		}
>> +
>> +		tpm_cr50_i2c_tis_set_ready(chip);
>> +	}
>> +
>> +	while (len > 0) {
>> +		u8 mask = TPM_STS_VALID;
>> +
>> +		/* Wait for data if this is not the first chunk */
>> +		if (sent > 0)
>> +			mask |= TPM_STS_DATA_EXPECT;
>> +
>> +		/* Read burst count and check status */
>> +		rc = tpm_cr50_i2c_get_burst_and_status(chip, mask, &burstcnt, &status);
>> +		if (rc < 0)
>> +			goto out_err;
>> +
>> +		/*
>> +		 * Use burstcnt - 1 to account for the address byte
>> +		 * that is inserted by tpm_cr50_i2c_write()
>> +		 */
>> +		limit = min_t(size_t, burstcnt - 1, len);
>> +		rc = tpm_cr50_i2c_write(chip, TPM_I2C_DATA_FIFO(0), &buf[sent], limit);
>> +		if (rc < 0) {
>> +			dev_err(&chip->dev, "Write failed\n");
>> +			goto out_err;
>> +		}
>> +
>> +		sent += limit;
>> +		len -= limit;
>> +	}
>> +
>> +	/* Ensure TPM is not expecting more data */
>> +	rc = tpm_cr50_i2c_get_burst_and_status(chip, TPM_STS_VALID, &burstcnt, &status);
>> +	if (rc < 0)
>> +		goto out_err;
>> +	if (status & TPM_STS_DATA_EXPECT) {
>> +		dev_err(&chip->dev, "Data still expected\n");
>> +		rc = -EIO;
>> +		goto out_err;
>> +	}
>> +
>> +	/* Start the TPM command */
>> +	rc = tpm_cr50_i2c_write(chip, TPM_I2C_STS(0), tpm_go,
>> +				sizeof(tpm_go));
>> +	if (rc < 0) {
>> +		dev_err(&chip->dev, "Start command failed\n");
>> +		goto out_err;
>> +	}
>> +	return 0;
>> +
>> +out_err:
>> +	/* Abort current transaction if still pending */
>> +	if (tpm_cr50_i2c_tis_status(chip) & TPM_STS_COMMAND_READY)
>> +		tpm_cr50_i2c_tis_set_ready(chip);
>> +
>> +	tpm_cr50_release_locality(chip, false);
>> +	return rc;
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_req_canceled() - Callback to notify a request cancel.
>> + * @chip:	A TPM chip.
>> + * @status:	Status given by the cancel callback.
>> + *
>> + * Return:
>> + *	True if command is ready, False otherwise.
>> + */
>> +static bool tpm_cr50_i2c_req_canceled(struct tpm_chip *chip, u8 status)
>> +{
>> +	return status == TPM_STS_COMMAND_READY;
>> +}
>> +
>> +static const struct tpm_class_ops cr50_i2c = {
>> +	.flags = TPM_OPS_AUTO_STARTUP,
>> +	.status = &tpm_cr50_i2c_tis_status,
>> +	.recv = &tpm_cr50_i2c_tis_recv,
>> +	.send = &tpm_cr50_i2c_tis_send,
>> +	.cancel = &tpm_cr50_i2c_tis_set_ready,
>> +	.req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
>> +	.req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
>> +	.req_canceled = &tpm_cr50_i2c_req_canceled,
>> +};
>> +
>> +static const struct i2c_device_id cr50_i2c_table[] = {
>> +	{"cr50_i2c", 0},
>> +	{}
>> +};
>> +MODULE_DEVICE_TABLE(i2c, cr50_i2c_table);
>> +
>> +#ifdef CONFIG_ACPI
>> +static const struct acpi_device_id cr50_i2c_acpi_id[] = {
>> +	{ "GOOG0005", 0 },
>> +	{}
>> +};
>> +MODULE_DEVICE_TABLE(acpi, cr50_i2c_acpi_id);
>> +#endif
>> +
>> +#ifdef CONFIG_OF
>> +static const struct of_device_id of_cr50_i2c_match[] = {
>> +	{ .compatible = "google,cr50", },
>> +	{}
>> +};
>> +MODULE_DEVICE_TABLE(of, of_cr50_i2c_match);
>> +#endif
>> +
>> +/**
>> + * tpm_cr50_i2c_probe() - Driver probe function.
>> + * @client:	I2C client information.
>> + * @id:		I2C device id.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_probe(struct i2c_client *client,
>> +			      const struct i2c_device_id *id)
>> +{
>> +	struct tpm_i2c_cr50_priv_data *priv;
>> +	struct device *dev = &client->dev;
>> +	struct tpm_chip *chip;
>> +	u32 vendor;
>> +	u8 buf[4];
>> +	int rc;
>> +
>> +	if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C))
>> +		return -ENODEV;
>> +
>> +	chip = tpmm_chip_alloc(dev, &cr50_i2c);
>> +	if (IS_ERR(chip))
>> +		return PTR_ERR(chip);
>> +
>> +	priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
>> +	if (!priv)
>> +		return -ENOMEM;
>> +
>> +	/* cr50 is a TPM 2.0 chip */
>> +	chip->flags |= TPM_CHIP_FLAG_TPM2;
>> +	chip->flags |= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED;
>> +
>> +	/* Default timeouts */
>> +	chip->timeout_a = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
>> +	chip->timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT);
>> +	chip->timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
>> +	chip->timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
>> +
>> +	dev_set_drvdata(&chip->dev, priv);
>> +	init_completion(&priv->tpm_ready);
>> +
>> +	if (client->irq > 0) {
>> +		rc = devm_request_irq(dev, client->irq, tpm_cr50_i2c_int_handler,
>> +				      IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
>> +				      dev->driver->name, chip);
>> +		if (rc < 0) {
>> +			dev_err(dev, "Failed to probe IRQ %d\n", client->irq);
>> +			return rc;
>> +		}
>> +
>> +		disable_irq(client->irq);
>> +		priv->irq = client->irq;
>> +	} else {
>> +		dev_warn(dev, "No IRQ, will use %ums delay for TPM ready\n",
>> +			 TPM_CR50_TIMEOUT_NOIRQ_MS);
>> +	}
>> +
>> +	rc = tpm_cr50_request_locality(chip);
>> +	if (rc < 0) {
>> +		dev_err(dev, "Could not request locality\n");
>> +		return rc;
>> +	}
>> +
>> +	/* Read four bytes from DID_VID register */
>> +	rc = tpm_cr50_i2c_read(chip, TPM_I2C_DID_VID(0), buf, sizeof(buf));
>> +	if (rc < 0) {
>> +		dev_err(dev, "Could not read vendor id\n");
>> +		tpm_cr50_release_locality(chip, true);
>> +		return rc;
>> +	}
>> +
>> +	vendor = le32_to_cpup((__le32 *)buf);
>> +	if (vendor != TPM_CR50_I2C_DID_VID) {
>> +		dev_err(dev, "Vendor ID did not match! ID was %08x\n", vendor);
>> +		tpm_cr50_release_locality(chip, true);
>> +		return -ENODEV;
>> +	}
>> +
>> +	dev_info(dev, "cr50 TPM 2.0 (i2c 0x%02x irq %d id 0x%x)\n",
>> +		 client->addr, client->irq, vendor >> 16);
>> +
>> +	return tpm_chip_register(chip);
>> +}
>> +
>> +/**
>> + * tpm_cr50_i2c_remove() - Driver remove function.
>> + * @client: I2C client information.
>> + *
>> + * Return:
>> + * - 0:		Success.
>> + * - -errno:	A POSIX error code.
>> + */
>> +static int tpm_cr50_i2c_remove(struct i2c_client *client)
>> +{
>> +	struct tpm_chip *chip = i2c_get_clientdata(client);
>> +	struct device *dev = &client->dev;
>> +
>> +	if (!chip) {
>> +		dev_err(dev, "Could not get client data at remove\n");
>> +		return -ENODEV;
>> +	}
>> +
>> +	tpm_chip_unregister(chip);
>> +	tpm_cr50_release_locality(chip, true);
>> +
>> +	return 0;
>> +}
>> +
>> +static SIMPLE_DEV_PM_OPS(cr50_i2c_pm, tpm_pm_suspend, tpm_pm_resume);
>> +
>> +static struct i2c_driver cr50_i2c_driver = {
>> +	.id_table = cr50_i2c_table,
>> +	.probe = tpm_cr50_i2c_probe,
>> +	.remove = tpm_cr50_i2c_remove,
>> +	.driver = {
>> +		.name = "cr50_i2c",
>> +		.pm = &cr50_i2c_pm,
>> +		.acpi_match_table = ACPI_PTR(cr50_i2c_acpi_id),
>> +		.of_match_table = of_match_ptr(of_cr50_i2c_match),
>> +	},
>> +};
>> +
>> +module_i2c_driver(cr50_i2c_driver);
>> +
>> +MODULE_DESCRIPTION("cr50 TPM I2C Driver");
>> +MODULE_LICENSE("GPL");
>> -- 
>> 2.29.2
>> 
>> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ