drivers/char/tpm/tpm_crb.c

   1 /*
   2  * Copyright (C) 2014 Intel Corporation
   3  *
   4  * Authors:
   5  * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
   6  *
   7  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
   8  *
   9  * This device driver implements the TPM interface as defined in
  10  * the TCG CRB 2.0 TPM specification.
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; version 2
  15  * of the License.
  16  */
  17
  18 #include <linux/acpi.h>
  19 #include <linux/highmem.h>
  20 #include <linux/rculist.h>
  21 #include <linux/module.h>
  22 #include <linux/platform_device.h>
  23 #include "tpm.h"
  24
  25 #define ACPI_SIG_TPM2 "TPM2"
  26
  27 static const u8 CRB_ACPI_START_UUID[] = {
  28         /* 0000 */ 0xAB, 0x6C, 0xBF, 0x6B, 0x63, 0x54, 0x14, 0x47,
  29         /* 0008 */ 0xB7, 0xCD, 0xF0, 0x20, 0x3C, 0x03, 0x68, 0xD4
  30 };
  31
  32 enum crb_defaults {
  33         CRB_ACPI_START_REVISION_ID = 1,
  34         CRB_ACPI_START_INDEX = 1,
  35 };
  36
  37 enum crb_start_method {
  38         CRB_SM_ACPI_START = 2,
  39         CRB_SM_CRB = 7,
  40         CRB_SM_CRB_WITH_ACPI_START = 8,
  41 };
  42
  43 struct acpi_tpm2 {
  44         struct acpi_table_header hdr;
  45         u16 platform_class;
  46         u16 reserved;
  47         u64 control_area_pa;
  48         u32 start_method;
  49 } __packed;
  50
  51 enum crb_ca_request {
  52         CRB_CA_REQ_GO_IDLE      = BIT(0),
  53         CRB_CA_REQ_CMD_READY    = BIT(1),
  54 };
  55
  56 enum crb_ca_status {
  57         CRB_CA_STS_ERROR        = BIT(0),
  58         CRB_CA_STS_TPM_IDLE     = BIT(1),
  59 };
  60
  61 enum crb_start {
  62         CRB_START_INVOKE        = BIT(0),
  63 };
  64
  65 enum crb_cancel {
  66         CRB_CANCEL_INVOKE       = BIT(0),
  67 };
  68
  69 struct crb_control_area {
  70         u32 req;
  71         u32 sts;
  72         u32 cancel;
  73         u32 start;
  74         u32 int_enable;
  75         u32 int_sts;
  76         u32 cmd_size;
  77         u32 cmd_pa_low;
  78         u32 cmd_pa_high;
  79         u32 rsp_size;
  80         u64 rsp_pa;
  81 } __packed;
  82
  83 enum crb_status {
  84         CRB_STS_COMPLETE        = BIT(0),
  85 };
  86
  87 enum crb_flags {
  88         CRB_FL_ACPI_START       = BIT(0),
  89         CRB_FL_CRB_START        = BIT(1),
  90 };
  91
  92 struct crb_priv {
  93         unsigned int flags;
  94         struct crb_control_area __iomem *cca;
  95         u8 __iomem *cmd;
  96         u8 __iomem *rsp;
  97 };
  98
  99 static SIMPLE_DEV_PM_OPS(crb_pm, tpm_pm_suspend, tpm_pm_resume);
 100
 101 static u8 crb_status(struct tpm_chip *chip)
 102 {
 103         struct crb_priv *priv = chip->vendor.priv;
 104         u8 sts = 0;
 105
 106         if ((le32_to_cpu(ioread32(&priv->cca->start)) & CRB_START_INVOKE) !=
 107             CRB_START_INVOKE)
 108                 sts |= CRB_STS_COMPLETE;
 109
 110         return sts;
 111 }
 112
 113 static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count)
 114 {
 115         struct crb_priv *priv = chip->vendor.priv;
 116         unsigned int expected;
 117
 118         /* sanity check */
 119         if (count < 6)
 120                 return -EIO;
 121
 122         if (le32_to_cpu(ioread32(&priv->cca->sts)) & CRB_CA_STS_ERROR)
 123                 return -EIO;
 124
 125         memcpy_fromio(buf, priv->rsp, 6);
 126         expected = be32_to_cpup((__be32 *) &buf[2]);
 127
 128         if (expected > count)
 129                 return -EIO;
 130
 131         memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6);
 132
 133         return expected;
 134 }
 135
 136 static int crb_do_acpi_start(struct tpm_chip *chip)
 137 {
 138         union acpi_object *obj;
 139         int rc;
 140
 141         obj = acpi_evaluate_dsm(chip->acpi_dev_handle,
 142                                 CRB_ACPI_START_UUID,
 143                                 CRB_ACPI_START_REVISION_ID,
 144                                 CRB_ACPI_START_INDEX,
 145                                 NULL);
 146         if (!obj)
 147                 return -ENXIO;
 148         rc = obj->integer.value == 0 ? 0 : -ENXIO;
 149         ACPI_FREE(obj);
 150         return rc;
 151 }
 152
 153 static int crb_send(struct tpm_chip *chip, u8 *buf, size_t len)
 154 {
 155         struct crb_priv *priv = chip->vendor.priv;
 156         int rc = 0;
 157
 158         if (len > le32_to_cpu(ioread32(&priv->cca->cmd_size))) {
 159                 dev_err(&chip->dev,
 160                         "invalid command count value %x %zx\n",
 161                         (unsigned int) len,
 162                         (size_t) le32_to_cpu(ioread32(&priv->cca->cmd_size)));
 163                 return -E2BIG;
 164         }
 165
 166         memcpy_toio(priv->cmd, buf, len);
 167
 168         /* Make sure that cmd is populated before issuing start. */
 169         wmb();
 170
 171         if (priv->flags & CRB_FL_CRB_START)
 172                 iowrite32(cpu_to_le32(CRB_START_INVOKE), &priv->cca->start);
 173
 174         if (priv->flags & CRB_FL_ACPI_START)
 175                 rc = crb_do_acpi_start(chip);
 176
 177         return rc;
 178 }
 179
 180 static void crb_cancel(struct tpm_chip *chip)
 181 {
 182         struct crb_priv *priv = chip->vendor.priv;
 183
 184         iowrite32(cpu_to_le32(CRB_CANCEL_INVOKE), &priv->cca->cancel);
 185
 186         /* Make sure that cmd is populated before issuing cancel. */
 187         wmb();
 188
 189         if ((priv->flags & CRB_FL_ACPI_START) && crb_do_acpi_start(chip))
 190                 dev_err(&chip->dev, "ACPI Start failed\n");
 191
 192         iowrite32(0, &priv->cca->cancel);
 193 }
 194
 195 static bool crb_req_canceled(struct tpm_chip *chip, u8 status)
 196 {
 197         struct crb_priv *priv = chip->vendor.priv;
 198         u32 cancel = le32_to_cpu(ioread32(&priv->cca->cancel));
 199
 200         return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE;
 201 }
 202
 203 static const struct tpm_class_ops tpm_crb = {
 204         .status = crb_status,
 205         .recv = crb_recv,
 206         .send = crb_send,
 207         .cancel = crb_cancel,
 208         .req_canceled = crb_req_canceled,
 209         .req_complete_mask = CRB_STS_COMPLETE,
 210         .req_complete_val = CRB_STS_COMPLETE,
 211 };
 212
 213 static int crb_acpi_add(struct acpi_device *device)
 214 {
 215         struct tpm_chip *chip;
 216         struct acpi_tpm2 *buf;
 217         struct crb_priv *priv;
 218         struct device *dev = &device->dev;
 219         acpi_status status;
 220         u32 sm;
 221         u64 pa;
 222         int rc;
 223
 224         chip = tpmm_chip_alloc(dev, &tpm_crb);
 225         if (IS_ERR(chip))
 226                 return PTR_ERR(chip);
 227
 228         chip->flags = TPM_CHIP_FLAG_TPM2;
 229
 230         status = acpi_get_table(ACPI_SIG_TPM2, 1,
 231                                 (struct acpi_table_header **) &buf);
 232         if (ACPI_FAILURE(status)) {
 233                 dev_err(dev, "failed to get TPM2 ACPI table\n");
 234                 return -ENODEV;
 235         }
 236
 237         /* At least some versions of AMI BIOS have a bug that TPM2 table has
 238          * zero address for the control area and therefore we must fail.
 239         */
 240         if (!buf->control_area_pa) {
 241                 dev_err(dev, "TPM2 ACPI table has a zero address for the control area\n");
 242                 return -EINVAL;
 243         }
 244
 245         if (buf->hdr.length < sizeof(struct acpi_tpm2)) {
 246                 dev_err(dev, "TPM2 ACPI table has wrong size");
 247                 return -EINVAL;
 248         }
 249
 250         priv = (struct crb_priv *) devm_kzalloc(dev, sizeof(struct crb_priv),
 251                                                 GFP_KERNEL);
 252         if (!priv) {
 253                 dev_err(dev, "failed to devm_kzalloc for private data\n");
 254                 return -ENOMEM;
 255         }
 256
 257         sm = le32_to_cpu(buf->start_method);
 258
 259         /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs
 260          * report only ACPI start but in practice seems to require both
 261          * ACPI start and CRB start.
 262          */
 263         if (sm == CRB_SM_CRB || sm == CRB_SM_CRB_WITH_ACPI_START ||
 264             !strcmp(acpi_device_hid(device), "MSFT0101"))
 265                 priv->flags |= CRB_FL_CRB_START;
 266
 267         if (sm == CRB_SM_ACPI_START || sm == CRB_SM_CRB_WITH_ACPI_START)
 268                 priv->flags |= CRB_FL_ACPI_START;
 269
 270         priv->cca = (struct crb_control_area __iomem *)
 271                 devm_ioremap_nocache(dev, buf->control_area_pa, 0x1000);
 272         if (!priv->cca) {
 273                 dev_err(dev, "ioremap of the control area failed\n");
 274                 return -ENOMEM;
 275         }
 276
 277         pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) |
 278                 (u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low));
 279         priv->cmd = devm_ioremap_nocache(dev, pa,
 280                                          ioread32(&priv->cca->cmd_size));
 281         if (!priv->cmd) {
 282                 dev_err(dev, "ioremap of the command buffer failed\n");
 283                 return -ENOMEM;
 284         }
 285
 286         memcpy_fromio(&pa, &priv->cca->rsp_pa, 8);
 287         pa = le64_to_cpu(pa);
 288         priv->rsp = devm_ioremap_nocache(dev, pa,
 289                                          ioread32(&priv->cca->rsp_size));
 290         if (!priv->rsp) {
 291                 dev_err(dev, "ioremap of the response buffer failed\n");
 292                 return -ENOMEM;
 293         }
 294
 295         chip->vendor.priv = priv;
 296
 297         /* Default timeouts and durations */
 298         chip->vendor.timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
 299         chip->vendor.timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
 300         chip->vendor.timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
 301         chip->vendor.timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
 302         chip->vendor.duration[TPM_SHORT] =
 303                 msecs_to_jiffies(TPM2_DURATION_SHORT);
 304         chip->vendor.duration[TPM_MEDIUM] =
 305                 msecs_to_jiffies(TPM2_DURATION_MEDIUM);
 306         chip->vendor.duration[TPM_LONG] =
 307                 msecs_to_jiffies(TPM2_DURATION_LONG);
 308
 309         chip->acpi_dev_handle = device->handle;
 310
 311         rc = tpm2_do_selftest(chip);
 312         if (rc)
 313                 return rc;
 314
 315         return tpm_chip_register(chip);
 316 }
 317
 318 static int crb_acpi_remove(struct acpi_device *device)
 319 {
 320         struct device *dev = &device->dev;
 321         struct tpm_chip *chip = dev_get_drvdata(dev);
 322
 323         tpm_chip_unregister(chip);
 324
 325         if (chip->flags & TPM_CHIP_FLAG_TPM2)
 326                 tpm2_shutdown(chip, TPM2_SU_CLEAR);
 327
 328         return 0;
 329 }
 330
 331 static struct acpi_device_id crb_device_ids[] = {
 332         {"MSFT0101", 0},
 333         {"", 0},
 334 };
 335 MODULE_DEVICE_TABLE(acpi, crb_device_ids);
 336
 337 static struct acpi_driver crb_acpi_driver = {
 338         .name = "tpm_crb",
 339         .ids = crb_device_ids,
 340         .ops = {
 341                 .add = crb_acpi_add,
 342                 .remove = crb_acpi_remove,
 343         },
 344         .drv = {
 345                 .pm = &crb_pm,
 346         },
 347 };
 348
 349 module_acpi_driver(crb_acpi_driver);
 350 MODULE_AUTHOR("Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>");
 351 MODULE_DESCRIPTION("TPM2 Driver");
 352 MODULE_VERSION("0.1");
 353 MODULE_LICENSE("GPL");