From owner-svn-src-head@freebsd.org Fri Dec 14 16:14:38 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31AA9133A6F2; Fri, 14 Dec 2018 16:14:38 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D8435847BE; Fri, 14 Dec 2018 16:14:37 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C8CAA1C34; Fri, 14 Dec 2018 16:14:37 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wBEGEbkZ048439; Fri, 14 Dec 2018 16:14:37 GMT (envelope-from mw@FreeBSD.org) Received: (from mw@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wBEGEaFO048433; Fri, 14 Dec 2018 16:14:36 GMT (envelope-from mw@FreeBSD.org) Message-Id: <201812141614.wBEGEaFO048433@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mw set sender to mw@FreeBSD.org using -f From: Marcin Wojtas Date: Fri, 14 Dec 2018 16:14:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r342084 - in head/sys: conf dev/tpm X-SVN-Group: head X-SVN-Commit-Author: mw X-SVN-Commit-Paths: in head/sys: conf dev/tpm X-SVN-Commit-Revision: 342084 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: D8435847BE X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-1.52 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.85)[-0.846,0]; NEURAL_HAM_SHORT(-0.68)[-0.677,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2018 16:14:38 -0000 Author: mw Date: Fri Dec 14 16:14:36 2018 New Revision: 342084 URL: https://svnweb.freebsd.org/changeset/base/342084 Log: Introduce driver for TPM 2.0 in CRB and FIFO (TIS) modes It was written basing on: TCG PC Client Platform TPM Profile (PTP) Specification Version 22, Revision 1.03. It only supports Locality 0. Interrupts are only supported in FIFO mode. The driver in FIFO mode was tested on x86 with Infineon SLB9665 discrete TPM chip. Driver in both modes was also tested on qemu with swtpm running on host. Submitted by: Kornel Duleba Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D18048 Added: head/sys/dev/tpm/tpm20.c (contents, props changed) head/sys/dev/tpm/tpm20.h (contents, props changed) head/sys/dev/tpm/tpm_crb.c (contents, props changed) head/sys/dev/tpm/tpm_tis.c (contents, props changed) Modified: head/sys/conf/files.amd64 Modified: head/sys/conf/files.amd64 ============================================================================== --- head/sys/conf/files.amd64 Fri Dec 14 14:49:04 2018 (r342083) +++ head/sys/conf/files.amd64 Fri Dec 14 16:14:36 2018 (r342084) @@ -491,6 +491,9 @@ dev/syscons/scvesactl.c optional sc vga vesa dev/syscons/scvgarndr.c optional sc vga dev/syscons/scvtb.c optional sc dev/tpm/tpm.c optional tpm +dev/tpm/tpm20.c optional tpm +dev/tpm/tpm_crb.c optional tpm acpi +dev/tpm/tpm_tis.c optional tpm acpi dev/tpm/tpm_acpi.c optional tpm acpi dev/tpm/tpm_isa.c optional tpm isa dev/uart/uart_cpu_x86.c optional uart Added: head/sys/dev/tpm/tpm20.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/tpm/tpm20.c Fri Dec 14 16:14:36 2018 (r342084) @@ -0,0 +1,260 @@ +/*- + * Copyright (c) 2018 Stormshield. + * Copyright (c) 2018 Semihalf. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include "tpm20.h" + +MALLOC_DECLARE(M_TPM20); +MALLOC_DEFINE(M_TPM20, "tpm_buffer", "buffer for tpm 2.0 driver"); + +static void tpm20_discard_buffer(void *arg); +static int tpm20_save_state(device_t dev, bool suspend); + +int +tpm20_read(struct cdev *dev, struct uio *uio, int flags) +{ + struct tpm_sc *sc; + size_t bytes_to_transfer; + int result = 0; + + sc = (struct tpm_sc *)dev->si_drv1; + + callout_stop(&sc->discard_buffer_callout); + sx_xlock(&sc->dev_lock); + + bytes_to_transfer = MIN(sc->pending_data_length, uio->uio_resid); + if (bytes_to_transfer > 0) { + result = uiomove((caddr_t) sc->buf, bytes_to_transfer, uio); + memset(sc->buf, 0, TPM_BUFSIZE); + sc->pending_data_length = 0; + cv_signal(&sc->buf_cv); + } else { + result = ETIMEDOUT; + } + + sx_xunlock(&sc->dev_lock); + + return (result); +} + +int +tpm20_write(struct cdev *dev, struct uio *uio, int flags) +{ + struct tpm_sc *sc; + size_t byte_count; + int result = 0; + + sc = (struct tpm_sc *)dev->si_drv1; + + byte_count = uio->uio_resid; + if (byte_count < TPM_HEADER_SIZE) { + device_printf(sc->dev, + "Requested transfer is too small\n"); + return (EINVAL); + } + + if (byte_count > TPM_BUFSIZE) { + device_printf(sc->dev, + "Requested transfer is too large\n"); + return (E2BIG); + } + + sx_xlock(&sc->dev_lock); + + while (sc->pending_data_length != 0) + cv_wait(&sc->buf_cv, &sc->dev_lock); + + result = uiomove(sc->buf, byte_count, uio); + if (result != 0) { + sx_xunlock(&sc->dev_lock); + return (result); + } + + result = sc->transmit(sc, byte_count); + + if (result == 0) + callout_reset(&sc->discard_buffer_callout, + TPM_READ_TIMEOUT / tick, tpm20_discard_buffer, sc); + + sx_xunlock(&sc->dev_lock); + return (result); +} + +static void tpm20_discard_buffer(void *arg) +{ + struct tpm_sc *sc; + + sc = (struct tpm_sc *)arg; + if (callout_pending(&sc->discard_buffer_callout)) + return; + + sx_xlock(&sc->dev_lock); + + memset(sc->buf, 0, TPM_BUFSIZE); + sc->pending_data_length = 0; + + cv_signal(&sc->buf_cv); + sx_xunlock(&sc->dev_lock); + + device_printf(sc->dev, + "User failed to read buffer in time\n"); +} + +int +tpm20_open(struct cdev *dev, int flag, int mode, struct thread *td) +{ + + return (0); +} + +int +tpm20_close(struct cdev *dev, int flag, int mode, struct thread *td) +{ + + return (0); +} + + +int +tpm20_ioctl(struct cdev *dev, u_long cmd, caddr_t data, + int flags, struct thread *td) +{ + + return (ENOTTY); +} + +int +tpm20_init(struct tpm_sc *sc) +{ + struct make_dev_args args; + int result; + + sc->buf = malloc(TPM_BUFSIZE, M_TPM20, M_WAITOK); + sx_init(&sc->dev_lock, "TPM driver lock"); + cv_init(&sc->buf_cv, "TPM buffer cv"); + callout_init(&sc->discard_buffer_callout, 1); + sc->pending_data_length = 0; + + make_dev_args_init(&args); + args.mda_devsw = &tpm_cdevsw; + args.mda_uid = UID_ROOT; + args.mda_gid = GID_WHEEL; + args.mda_mode = TPM_CDEV_PERM_FLAG; + args.mda_si_drv1 = sc; + result = make_dev_s(&args, &sc->sc_cdev, TPM_CDEV_NAME); + if (result != 0) + tpm20_release(sc); + + return (result); + +} + +void +tpm20_release(struct tpm_sc *sc) +{ + + if (sc->buf != NULL) + free(sc->buf, M_TPM20); + + sx_destroy(&sc->dev_lock); + cv_destroy(&sc->buf_cv); + if (sc->sc_cdev != NULL) + destroy_dev(sc->sc_cdev); +} + + +int +tpm20_suspend(device_t dev) +{ + return (tpm20_save_state(dev, true)); +} + +int +tpm20_shutdown(device_t dev) +{ + return (tpm20_save_state(dev, false)); +} + +static int +tpm20_save_state(device_t dev, bool suspend) +{ + struct tpm_sc *sc; + uint8_t save_cmd[] = { + 0x80, 0x01, /* TPM_ST_NO_SESSIONS tag*/ + 0x00, 0x00, 0x00, 0x0C, /* cmd length */ + 0x00, 0x00, 0x01, 0x45, 0x00, 0x00 /* cmd TPM_CC_Shutdown */ + }; + + sc = device_get_softc(dev); + + /* + * Inform the TPM whether we are going to suspend or reboot/shutdown. + */ + if (suspend) + save_cmd[11] = 1; /* TPM_SU_STATE */ + + if (sc == NULL || sc->buf == NULL) + return (0); + + sx_xlock(&sc->dev_lock); + + memcpy(sc->buf, save_cmd, sizeof(save_cmd)); + sc->transmit(sc, sizeof(save_cmd)); + + sx_xunlock(&sc->dev_lock); + + return (0); +} + +int32_t +tpm20_get_timeout(uint32_t command) +{ + int32_t timeout; + + switch (command) { + case TPM_CC_CreatePrimary: + case TPM_CC_Create: + case TPM_CC_CreateLoaded: + timeout = TPM_TIMEOUT_LONG; + break; + case TPM_CC_SequenceComplete: + case TPM_CC_Startup: + case TPM_CC_SequenceUpdate: + case TPM_CC_GetCapability: + case TPM_CC_PCR_Extend: + case TPM_CC_EventSequenceComplete: + case TPM_CC_HashSequenceStart: + timeout = TPM_TIMEOUT_C; + break; + default: + timeout = TPM_TIMEOUT_B; + break; + } + return timeout; +} Added: head/sys/dev/tpm/tpm20.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/tpm/tpm20.h Fri Dec 14 16:14:36 2018 (r342084) @@ -0,0 +1,192 @@ +/*- + * Copyright (c) 2018 Stormshield. + * Copyright (c) 2018 Semihalf. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _TPM20_H_ +#define _TPM20_H_ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include "opt_acpi.h" + +#define BIT(x) (1 << (x)) + +/* Timeouts in us */ +#define TPM_TIMEOUT_A 750000 +#define TPM_TIMEOUT_B 2000000 +#define TPM_TIMEOUT_C 200000 +#define TPM_TIMEOUT_D 30000 + +/* + * Generating RSA key pair takes ~(10-20s), which is significantly longer than + * any timeout defined in spec. Because of that we need a new one. + */ +#define TPM_TIMEOUT_LONG 40000000 + +/* List of commands that require TPM_TIMEOUT_LONG time to complete */ +#define TPM_CC_CreatePrimary 0x00000131 +#define TPM_CC_Create 0x00000153 +#define TPM_CC_CreateLoaded 0x00000191 + +/* List of commands that require only TPM_TIMEOUT_C time to complete */ +#define TPM_CC_SequenceComplete 0x0000013e +#define TPM_CC_Startup 0x00000144 +#define TPM_CC_SequenceUpdate 0x0000015c +#define TPM_CC_GetCapability 0x0000017a +#define TPM_CC_PCR_Extend 0x00000182 +#define TPM_CC_EventSequenceComplete 0x00000185 +#define TPM_CC_HashSequenceStart 0x00000186 + +/* Timeout before data in read buffer is discarded */ +#define TPM_READ_TIMEOUT 500000 + +#define TPM_BUFSIZE 0x1000 + +#define TPM_HEADER_SIZE 10 + +#define TPM_CDEV_NAME "tpm0" +#define TPM_CDEV_PERM_FLAG 0600 + +struct tpm_sc { + device_t dev; + + struct resource *mem_res; + struct resource *irq_res; + int mem_rid; + int irq_rid; + + struct cdev *sc_cdev; + + struct sx dev_lock; + struct cv buf_cv; + + void *intr_cookie; + int intr_type; /* Current event type */ + bool interrupts; + + uint8_t *buf; + size_t pending_data_length; + + struct callout discard_buffer_callout; + + int (*transmit)(struct tpm_sc *, size_t); +}; + +int tpm20_suspend(device_t dev); +int tpm20_shutdown(device_t dev); +int32_t tpm20_get_timeout(uint32_t command); +int tpm20_init(struct tpm_sc *sc); +void tpm20_release(struct tpm_sc *sc); + +d_open_t tpm20_open; +d_close_t tpm20_close; +d_read_t tpm20_read; +d_write_t tpm20_write; +d_ioctl_t tpm20_ioctl; + +static struct cdevsw tpm_cdevsw = { + .d_version = D_VERSION, + .d_open = tpm20_open, + .d_close = tpm20_close, + .d_read = tpm20_read, + .d_write = tpm20_write, + .d_ioctl = tpm20_ioctl, + .d_name = "tpm20", +}; + +/* Small helper routines for io ops */ +static inline uint8_t +RD1(struct tpm_sc *sc, bus_size_t off) +{ + + return (bus_read_1(sc->mem_res, off)); +} +static inline uint32_t +RD4(struct tpm_sc *sc, bus_size_t off) +{ + + return (bus_read_4(sc->mem_res, off)); +} +static inline uint64_t +RD8(struct tpm_sc *sc, bus_size_t off) +{ + + return (bus_read_8(sc->mem_res, off)); +} +static inline void +WR1(struct tpm_sc *sc, bus_size_t off, uint8_t val) +{ + + bus_write_1(sc->mem_res, off, val); +} +static inline void +WR4(struct tpm_sc *sc, bus_size_t off, uint32_t val) +{ + + bus_write_4(sc->mem_res, off, val); +} +static inline void +AND4(struct tpm_sc *sc, bus_size_t off, uint32_t val) +{ + + WR4(sc, off, RD4(sc, off) & val); +} +static inline void +OR1(struct tpm_sc *sc, bus_size_t off, uint8_t val) +{ + + WR1(sc, off, RD1(sc, off) | val); +} +static inline void +OR4(struct tpm_sc *sc, bus_size_t off, uint32_t val) +{ + + WR4(sc, off, RD4(sc, off) | val); +} +#endif /* _TPM20_H_ */ Added: head/sys/dev/tpm/tpm_crb.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/tpm/tpm_crb.c Fri Dec 14 16:14:36 2018 (r342084) @@ -0,0 +1,419 @@ +/*- + * Copyright (c) 2018 Stormshield. + * Copyright (c) 2018 Semihalf. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include "tpm20.h" + +/* + * CRB register space as defined in + * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22 + */ +#define TPM_LOC_STATE 0x0 +#define TPM_LOC_CTRL 0x8 +#define TPM_LOC_STS 0xC +#define TPM_CRB_INTF_ID 0x30 +#define TPM_CRB_CTRL_EXT 0x38 +#define TPM_CRB_CTRL_REQ 0x40 +#define TPM_CRB_CTRL_STS 0x44 +#define TPM_CRB_CTRL_CANCEL 0x48 +#define TPM_CRB_CTRL_START 0x4C +#define TPM_CRB_INT_ENABLE 0x50 +#define TPM_CRB_INT_STS 0x54 +#define TPM_CRB_CTRL_CMD_SIZE 0x58 +#define TPM_CRB_CTRL_CMD_LADDR 0x5C +#define TPM_CRB_CTRL_CMD_HADDR 0x60 +#define TPM_CRB_CTRL_RSP_SIZE 0x64 +#define TPM_CRB_CTRL_RSP_ADDR 0x68 +#define TPM_CRB_DATA_BUFFER 0x80 + +#define TPM_LOC_STATE_ESTB BIT(0) +#define TPM_LOC_STATE_ASSIGNED BIT(1) +#define TPM_LOC_STATE_ACTIVE_MASK 0x9C +#define TPM_LOC_STATE_VALID BIT(7) + +#define TPM_CRB_INTF_ID_TYPE_CRB 0x1 +#define TPM_CRB_INTF_ID_TYPE 0x7 + +#define TPM_LOC_CTRL_REQUEST BIT(0) +#define TPM_LOC_CTRL_RELINQUISH BIT(1) + +#define TPM_CRB_CTRL_REQ_GO_READY BIT(0) +#define TPM_CRB_CTRL_REQ_GO_IDLE BIT(1) + +#define TPM_CRB_CTRL_STS_ERR_BIT BIT(0) +#define TPM_CRB_CTRL_STS_IDLE_BIT BIT(1) + +#define TPM_CRB_CTRL_CANCEL_CMD BIT(0) + +#define TPM_CRB_CTRL_START_CMD BIT(0) + +#define TPM_CRB_INT_ENABLE_BIT BIT(31) + +struct tpmcrb_sc { + struct tpm_sc base; + bus_size_t cmd_off; + bus_size_t rsp_off; + size_t cmd_buf_size; + size_t rsp_buf_size; +}; + + +int tpmcrb_transmit(struct tpm_sc *sc, size_t size); + +static int tpmcrb_acpi_probe(device_t dev); +static int tpmcrb_attach(device_t dev); +static int tpmcrb_detach(device_t dev); + +static ACPI_STATUS tpmcrb_fix_buff_offsets(ACPI_RESOURCE *res, void *arg); + +static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, + uint32_t mask, uint32_t val, int32_t timeout); +static bool tpmcrb_request_locality(struct tpm_sc *sc, int locality); +static void tpmcrb_relinquish_locality(struct tpm_sc *sc); +static bool tpmcrb_cancel_cmd(struct tpm_sc *sc); + +char *tpmcrb_ids[] = {"MSFT0101", NULL}; + +static int +tpmcrb_acpi_probe(device_t dev) +{ + struct resource *res; + int rid = 0; + uint32_t caps; + + if (ACPI_ID_PROBE(device_get_parent(dev), dev, tpmcrb_ids) == NULL) + return (ENXIO); + + /* Check if device is in CRB mode */ + res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid, RF_ACTIVE); + if (res == NULL) + return (ENXIO); + + caps = bus_read_4(res, TPM_CRB_INTF_ID); + bus_release_resource(dev, SYS_RES_MEMORY, rid, res); + + if ((caps & TPM_CRB_INTF_ID_TYPE) != TPM_CRB_INTF_ID_TYPE_CRB) + return (ENXIO); + + device_set_desc(dev, "Trusted Platform Module 2.0, CRB mode"); + return (BUS_PROBE_DEFAULT); +} + +static ACPI_STATUS +tpmcrb_fix_buff_offsets(ACPI_RESOURCE *res, void *arg) +{ + struct tpmcrb_sc *crb_sc; + size_t length; + uint32_t base_addr; + + crb_sc = (struct tpmcrb_sc *)arg; + + if (res->Type != ACPI_RESOURCE_TYPE_FIXED_MEMORY32) + return (AE_OK); + + base_addr = res->Data.FixedMemory32.Address; + length = res->Data.FixedMemory32.AddressLength; + + if (crb_sc->cmd_off > base_addr && crb_sc->cmd_off < base_addr + length) + crb_sc->cmd_off -= base_addr; + if (crb_sc->rsp_off > base_addr && crb_sc->rsp_off < base_addr + length) + crb_sc->rsp_off -= base_addr; + + return (AE_OK); +} + +static int +tpmcrb_attach(device_t dev) +{ + struct tpmcrb_sc *crb_sc; + struct tpm_sc *sc; + ACPI_HANDLE handle; + ACPI_STATUS status; + int result; + + crb_sc = device_get_softc(dev); + sc = &crb_sc->base; + handle = acpi_get_handle(dev); + + sc->dev = dev; + + sc->mem_rid = 0; + sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid, + RF_ACTIVE); + if (sc->mem_res == NULL) + return (ENXIO); + + if(!tpmcrb_request_locality(sc, 0)) { + tpmcrb_detach(dev); + return (ENXIO); + } + + /* + * Disable all interrupts for now, since I don't have a device that + * works in CRB mode and supports them. + */ + AND4(sc, TPM_CRB_INT_ENABLE, ~TPM_CRB_INT_ENABLE_BIT); + sc->interrupts = false; + + /* + * Read addresses of Tx/Rx buffers and their sizes. Note that they + * can be implemented by a single buffer. Also for some reason CMD + * addr is stored in two 4 byte neighboring registers, whereas RSP is + * stored in a single 8 byte one. + */ + crb_sc->rsp_off = RD8(sc, TPM_CRB_CTRL_RSP_ADDR); + crb_sc->cmd_off = RD4(sc, TPM_CRB_CTRL_CMD_LADDR); + crb_sc->cmd_off |= ((uint64_t) RD4(sc, TPM_CRB_CTRL_CMD_HADDR) << 32); + crb_sc->cmd_buf_size = RD4(sc, TPM_CRB_CTRL_CMD_SIZE); + crb_sc->rsp_buf_size = RD4(sc, TPM_CRB_CTRL_RSP_SIZE); + + tpmcrb_relinquish_locality(sc); + + /* Emulator returns address in acpi space instead of an offset */ + status = AcpiWalkResources(handle, "_CRS", tpmcrb_fix_buff_offsets, + (void *)crb_sc); + if (ACPI_FAILURE(status)) { + tpmcrb_detach(dev); + return (ENXIO); + } + + if (crb_sc->rsp_off == crb_sc->cmd_off) { + /* + * If Tx/Rx buffers are implemented as one they have to be of + * same size + */ + if (crb_sc->cmd_buf_size != crb_sc->rsp_buf_size) { + device_printf(sc->dev, + "Overlapping Tx/Rx buffers have different sizes\n"); + tpmcrb_detach(dev); + return (ENXIO); + } + } + + sc->transmit = tpmcrb_transmit; + + result = tpm20_init(sc); + if (result != 0) + tpmcrb_detach(dev); + + return (result); +} + +static int +tpmcrb_detach(device_t dev) +{ + struct tpm_sc *sc; + + sc = device_get_softc(dev); + + if (sc->mem_res != NULL) + bus_release_resource(dev, SYS_RES_MEMORY, + sc->mem_rid, sc->mem_res); + + tpm20_release(sc); + return (0); +} + +static bool +tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, uint32_t mask, uint32_t val, + int32_t timeout) +{ + + /* Check for condition */ + if ((RD4(sc, off) & mask) == val) + return (true); + + while (timeout > 0) { + if ((RD4(sc, off) & mask) == val) + return (true); + + pause("TPM in polling mode", 1); + timeout -= tick; + } + return (false); +} + +static bool +tpmcrb_request_locality(struct tpm_sc *sc, int locality) +{ + uint32_t mask; + + /* Currently we only support Locality 0 */ + if (locality != 0) + return (false); + + mask = TPM_LOC_STATE_VALID | TPM_LOC_STATE_ASSIGNED; + + OR4(sc, TPM_LOC_CTRL, TPM_LOC_CTRL_REQUEST); + if (!tpm_wait_for_u32(sc, TPM_LOC_STATE, mask, mask, TPM_TIMEOUT_C)) + return (false); + + return (true); +} + +static void +tpmcrb_relinquish_locality(struct tpm_sc *sc) +{ + + OR4(sc, TPM_LOC_CTRL, TPM_LOC_CTRL_RELINQUISH); +} + +static bool +tpmcrb_cancel_cmd(struct tpm_sc *sc) +{ + uint32_t mask = ~0; + + WR4(sc, TPM_CRB_CTRL_CANCEL, TPM_CRB_CTRL_CANCEL_CMD); + if (!tpm_wait_for_u32(sc, TPM_CRB_CTRL_START, + mask, ~mask, TPM_TIMEOUT_B)) { + device_printf(sc->dev, + "Device failed to cancel command\n"); + return (false); + } + + WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD); + return (true); +} + +int +tpmcrb_transmit(struct tpm_sc *sc, size_t length) +{ + struct tpmcrb_sc *crb_sc; + uint32_t mask, curr_cmd; + int timeout, bytes_available; + + crb_sc = (struct tpmcrb_sc *)sc; + + sx_assert(&sc->dev_lock, SA_XLOCKED); + + if (length > crb_sc->cmd_buf_size) { + device_printf(sc->dev, + "Requested transfer is bigger than buffer size\n"); + return (E2BIG); + } + + if (RD4(sc, TPM_CRB_CTRL_STS) & TPM_CRB_CTRL_STS_ERR_BIT) { + device_printf(sc->dev, + "Device has Error bit set\n"); + return (EIO); + } + if (!tpmcrb_request_locality(sc, 0)) { + device_printf(sc->dev, + "Failed to obtain locality\n"); + return (EIO); + } + /* Clear cancellation bit */ + WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD); + + /* Switch device to idle state if necessary */ + if (!(RD4(sc, TPM_CRB_CTRL_STS) & TPM_CRB_CTRL_STS_IDLE_BIT)) { + OR4(sc, TPM_CRB_CTRL_REQ, TPM_CRB_CTRL_REQ_GO_IDLE); + + mask = TPM_CRB_CTRL_STS_IDLE_BIT; + if (!tpm_wait_for_u32(sc, TPM_CRB_CTRL_STS, + mask, mask, TPM_TIMEOUT_C)) { + device_printf(sc->dev, + "Failed to transition to idle state\n"); + return (EIO); + } + } + /* Switch to ready state */ + OR4(sc, TPM_CRB_CTRL_REQ, TPM_CRB_CTRL_REQ_GO_READY); + + mask = TPM_CRB_CTRL_REQ_GO_READY; + if (!tpm_wait_for_u32(sc, TPM_CRB_CTRL_STS, + mask, !mask, TPM_TIMEOUT_C)) { + device_printf(sc->dev, + "Failed to transition to ready state\n"); + return (EIO); + } + + /* + * Calculate timeout for current command. + * Command code is passed in bytes 6-10. + */ + curr_cmd = be32toh(*(uint32_t *) (&sc->buf[6])); + timeout = tpm20_get_timeout(curr_cmd); + + /* Send command and tell device to process it. */ + bus_write_region_stream_1(sc->mem_res, crb_sc->cmd_off, + sc->buf, length); + bus_barrier(sc->mem_res, crb_sc->cmd_off, + length, BUS_SPACE_BARRIER_WRITE); + + WR4(sc, TPM_CRB_CTRL_START, TPM_CRB_CTRL_START_CMD); + bus_barrier(sc->mem_res, TPM_CRB_CTRL_START, + 4, BUS_SPACE_BARRIER_WRITE); + + mask = ~0; + if (!tpm_wait_for_u32(sc, TPM_CRB_CTRL_START, mask, ~mask, timeout)) { + device_printf(sc->dev, + "Timeout while waiting for device to process cmd\n"); + if (!tpmcrb_cancel_cmd(sc)) + return (EIO); + } + + /* Read response header. Length is passed in bytes 2 - 6. */ + bus_read_region_stream_1(sc->mem_res, crb_sc->rsp_off, + sc->buf, TPM_HEADER_SIZE); + bytes_available = be32toh(*(uint32_t *) (&sc->buf[2])); + + if (bytes_available > TPM_BUFSIZE || bytes_available < TPM_HEADER_SIZE) { + device_printf(sc->dev, + "Incorrect response size: %d\n", + bytes_available); + return (EIO); + } + + bus_read_region_stream_1(sc->mem_res, crb_sc->rsp_off + TPM_HEADER_SIZE, + &sc->buf[TPM_HEADER_SIZE], bytes_available - TPM_HEADER_SIZE); + + OR4(sc, TPM_CRB_CTRL_REQ, TPM_CRB_CTRL_REQ_GO_IDLE); + + tpmcrb_relinquish_locality(sc); + sc->pending_data_length = bytes_available; + + return (0); +} + +/* ACPI Driver */ +static device_method_t tpmcrb_methods[] = { + DEVMETHOD(device_probe, tpmcrb_acpi_probe), + DEVMETHOD(device_attach, tpmcrb_attach), + DEVMETHOD(device_detach, tpmcrb_detach), + DEVMETHOD(device_shutdown, tpm20_shutdown), + DEVMETHOD(device_suspend, tpm20_suspend), + {0, 0} +}; +static driver_t tpmcrb_driver = { + "tpmcrb", tpmcrb_methods, sizeof(struct tpmcrb_sc), +}; + +devclass_t tpmcrb_devclass; +DRIVER_MODULE(tpmcrb, acpi, tpmcrb_driver, tpmcrb_devclass, 0, 0); Added: head/sys/dev/tpm/tpm_tis.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/tpm/tpm_tis.c Fri Dec 14 16:14:36 2018 (r342084) @@ -0,0 +1,510 @@ +/*- + * Copyright (c) 2018 Stormshield. + * Copyright (c) 2018 Semihalf. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include "tpm20.h" + +/* + * TIS register space as defined in + * TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22 + */ +#define TPM_ACCESS 0x0 +#define TPM_INT_ENABLE 0x8 +#define TPM_INT_VECTOR 0xc +#define TPM_INT_STS 0x10 +#define TPM_INTF_CAPS 0x14 +#define TPM_STS 0x18 +#define TPM_DATA_FIFO 0x24 +#define TPM_INTF_ID 0x30 +#define TPM_XDATA_FIFO 0x80 +#define TPM_DID_VID 0xF00 +#define TPM_RID 0xF04 + +#define TPM_ACCESS_LOC_REQ BIT(1) +#define TPM_ACCESS_LOC_Seize BIT(3) +#define TPM_ACCESS_LOC_ACTIVE BIT(5) +#define TPM_ACCESS_LOC_RELINQUISH BIT(5) +#define TPM_ACCESS_VALID BIT(7) + +#define TPM_INT_ENABLE_GLOBAL_ENABLE BIT(31) +#define TPM_INT_ENABLE_CMD_RDY BIT(7) +#define TPM_INT_ENABLE_LOC_CHANGE BIT(2) +#define TPM_INT_ENABLE_STS_VALID BIT(1) +#define TPM_INT_ENABLE_DATA_AVAIL BIT(0) + +#define TPM_INT_STS_CMD_RDY BIT(7) +#define TPM_INT_STS_LOC_CHANGE BIT(2) +#define TPM_INT_STS_VALID BIT(1) +#define TPM_INT_STS_DATA_AVAIL BIT(0) + +#define TPM_INTF_CAPS_VERSION 0x70000000 +#define TPM_INTF_CAPS_TPM20 0x30000000 + +#define TPM_STS_VALID BIT(7) +#define TPM_STS_CMD_RDY BIT(6) +#define TPM_STS_CMD_START BIT(5) +#define TPM_STS_DATA_AVAIL BIT(4) +#define TPM_STS_DATA_EXPECTED BIT(3) +#define TPM_STS_BURST_MASK 0xFFFF00 +#define TPM_STS_BURST_OFFSET 0x8 + +static int tpmtis_transmit(struct tpm_sc *sc, size_t length); + +static int tpmtis_acpi_probe(device_t dev); +static int tpmtis_attach(device_t dev); +static int tpmtis_detach(device_t dev); + +static void tpmtis_intr_handler(void *arg); + +static ACPI_STATUS tpmtis_get_SIRQ_channel(ACPI_RESOURCE *res, void *arg); +static bool tpmtis_setup_intr(struct tpm_sc *sc); + +static bool tpmtis_read_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); +static bool tpmtis_write_bytes(struct tpm_sc *sc, size_t count, uint8_t *buf); +static bool tpmtis_request_locality(struct tpm_sc *sc, int locality); +static void tpmtis_relinquish_locality(struct tpm_sc *sc); +static bool tpmtis_go_ready(struct tpm_sc *sc); + +static bool tpm_wait_for_u32(struct tpm_sc *sc, bus_size_t off, + uint32_t mask, uint32_t val, int32_t timeout); +static uint16_t tpmtis_wait_for_burst(struct tpm_sc *sc); + +char *tpmtis_ids[] = {"MSFT0101", NULL}; + +static int +tpmtis_acpi_probe(device_t dev) +{ + struct resource *res; + int rid = 0; + uint32_t caps; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***