tpm: Allow separate handling of Google Ti50 TPM

A new iteration of Google's TPM implementation will advertize a new
DID:VID, but otherwise follow the same protocol as the earlier design.

This change makes use of Kconfigs TPM_GOOGLE_CR50 and TPM_GOOGLE_TI50
to be able to take slightly different code paths, when e.g. evaluating
whether TPM firmware is new enough to support certain features.

Change-Id: I1e1f8eb9b94fc2d5689656335dc1135b47880986
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63158
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Jes Klinke 2022-03-28 14:22:24 -07:00 committed by Martin L Roth
parent 9d8df30950
commit 1430b043f0
6 changed files with 32 additions and 39 deletions

View File

@ -3,15 +3,6 @@ config I2C_TPM
help
I2C TPM driver is enabled!
config MAINBOARD_NEEDS_I2C_TI50_WORKAROUND
bool
default n
help
Ti50 FW versions below 0.15 don't support the firmware_version or board_cfg registers,
and trying to access them causes I2C errors. This config will skip accesses to these
registers, and should be selected for boards using Ti50 chips with FW < 0.15. The config
will be removed once all Ti50 stocks are updated to 0.15 or higher.
config DRIVER_TIS_DEFAULT
bool
depends on I2C_TPM

View File

@ -36,6 +36,7 @@
#define CR50_TIMEOUT_NOIRQ_MS 20 /* Timeout for TPM ready without IRQ */
#define CR50_TIMEOUT_IRQ_MS 100 /* Timeout for TPM ready with IRQ */
#define CR50_DID_VID 0x00281ae0L
#define TI50_DID_VID 0x504a6666L
struct tpm_inf_dev {
int bus;
@ -455,7 +456,7 @@ static int cr50_i2c_probe(struct tpm_chip *chip, uint32_t *did_vid)
rc = cr50_i2c_read(TPM_DID_VID(0), (uint8_t *)did_vid, 4);
/* Exit once DID and VID verified */
if (!rc && (*did_vid == CR50_DID_VID)) {
if (!rc && (*did_vid == CR50_DID_VID || *did_vid == TI50_DID_VID)) {
printk(BIOS_INFO, "done! DID_VID 0x%08x\n", *did_vid);
return 0;
}
@ -474,7 +475,6 @@ static int cr50_i2c_probe(struct tpm_chip *chip, uint32_t *did_vid)
int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
{
struct cr50_firmware_version ver;
uint32_t did_vid = 0;
if (dev_addr == 0) {
@ -500,12 +500,10 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
printk(BIOS_DEBUG, "cr50 TPM 2.0 (i2c %u:0x%02x id 0x%x)\n",
bus, dev_addr, did_vid >> 16);
/* Ti50 FW version under 0.15 doesn't support board cfg command
TODO: remove this flag after all stocks Ti50 uprev to 0.15 or above */
if (!CONFIG(MAINBOARD_NEEDS_I2C_TI50_WORKAROUND) && tpm_first_access_this_boot()) {
if (tpm_first_access_this_boot()) {
/* This is called for the side-effect of printing the version string. */
cr50_get_firmware_version(&ver);
cr50_set_board_cfg();
cr50_get_firmware_version(NULL);
cr50_set_board_cfg();
}
chip->is_open = 1;

View File

@ -419,6 +419,7 @@ static enum cb_err tpm2_claim_locality(void)
/* Device/vendor ID values of the TPM devices this driver supports. */
static const uint32_t supported_did_vids[] = {
0x00281ae0, /* H1 based Cr50 security chip. */
0x504a6666, /* H1D3C based Ti50 security chip. */
0x0000104a /* ST33HTPH2E32 */
};
@ -496,15 +497,13 @@ int tpm2_init(struct spi_slave *spi_if)
printk(BIOS_INFO, "Connected to device vid:did:rid of %4.4x:%4.4x:%2.2x\n",
tpm_info.vendor_id, tpm_info.device_id, tpm_info.revision);
/* Do some cr50-specific things here. */
if (CONFIG(TPM_GOOGLE) && tpm_info.vendor_id == 0x1ae0) {
struct cr50_firmware_version ver;
/* Do some GSC-specific things here. */
if (CONFIG(TPM_GOOGLE)) {
if (tpm_first_access_this_boot()) {
/* This is called for the side-effect of printing the firmware version
string */
cr50_get_firmware_version(&ver);
cr50_set_board_cfg();
cr50_get_firmware_version(NULL);
cr50_set_board_cfg();
}
}
return 0;

View File

@ -5,6 +5,9 @@
#include <string.h>
#include <types.h>
#define CR50_DID_VID 0x00281ae0L
#define TI50_DID_VID 0x504a6666L
#define CR50_BOARD_CFG_LOCKBIT_MASK 0x80000000U
#define CR50_BOARD_CFG_FEATUREBITS_MASK 0x3FFFFFFFU
@ -84,7 +87,7 @@ static uint32_t cr50_get_board_cfg(void)
const enum cb_err ret = tis_vendor_read(get_reg_addr(CR50_BOARD_CFG_REG), &value,
sizeof(value));
if (ret != CB_SUCCESS) {
printk(BIOS_INFO, "Error reading from cr50\n");
printk(BIOS_ERR, "Error reading from Cr50\n");
return 0;
}
@ -96,6 +99,11 @@ static uint32_t cr50_get_board_cfg(void)
*/
enum cb_err cr50_set_board_cfg(void)
{
/* If we get here and we aren't cr50, then we must be ti50 which does
* not currently need to support a board_cfg register. */
if (!CONFIG(TPM_GOOGLE_CR50))
return CB_SUCCESS;
struct cr50_firmware_version ver;
enum cb_err ret;
uint32_t value;
@ -109,7 +117,7 @@ enum cb_err cr50_set_board_cfg(void)
/* Set the CR50_BOARD_CFG register, for e.g. asking cr50 to use longer ready pulses. */
ret = tis_vendor_read(get_reg_addr(CR50_BOARD_CFG_REG), &value, sizeof(value));
if (ret != CB_SUCCESS) {
printk(BIOS_INFO, "Error reading from cr50\n");
printk(BIOS_ERR, "Error reading from Cr50\n");
return CB_ERR;
}
@ -142,19 +150,15 @@ enum cb_err cr50_set_board_cfg(void)
bool cr50_is_long_interrupt_pulse_enabled(void)
{
/*
* Ti50 FW versions under 0.15 don't support the board cfg register,
* and all Ti50 versions only support long IRQ pulses.
* TODO: Remove this after all Ti50 stocks uprev to 0.15 or above.
*/
if (CONFIG(MAINBOARD_NEEDS_I2C_TI50_WORKAROUND))
return true;
if (CONFIG(TPM_GOOGLE_CR50))
return !!(cr50_get_board_cfg() & CR50_BOARD_CFG_100US_READY_PULSE);
return !!(cr50_get_board_cfg() & CR50_BOARD_CFG_100US_READY_PULSE);
/* Ti50 and future GSCs will support only long interrupt pulses. */
return true;
}
static enum cb_err cr50_parse_fw_version(const char *version_str,
struct cr50_firmware_version *ver)
struct cr50_firmware_version *ver)
{
int epoch, major, minor;
@ -219,6 +223,7 @@ enum cb_err cr50_get_firmware_version(struct cr50_firmware_version *version)
}
success:
*version = cr50_firmware_version;
if (version)
*version = cr50_firmware_version;
return CB_SUCCESS;
}

View File

@ -5,7 +5,7 @@
#include <types.h>
/* Structure describing the elements of Cr50 firmware version. */
/* Structure describing the elements of GSC firmware version. */
struct cr50_firmware_version {
int epoch;
int major;
@ -15,7 +15,7 @@ struct cr50_firmware_version {
/* Indicates whether Cr50 ready pulses are guaranteed to be at least 100us. */
bool cr50_is_long_interrupt_pulse_enabled(void);
/* Get the Cr50 firmware version information. */
/* Get the GSC firmware version information. */
enum cb_err cr50_get_firmware_version(struct cr50_firmware_version *version);
/* Set the BOARD_CFG register depending on Cr50 Kconfigs */

View File

@ -1,7 +1,6 @@
config BOARD_GOOGLE_BRYA_COMMON
def_bool n
select BOARD_ROMSIZE_KB_32768
select CR50_USE_LONG_INTERRUPT_PULSES
select DRIVERS_GENERIC_ALC1015
select DRIVERS_GENERIC_GPIO_KEYS
select DRIVERS_GENERIC_MAX98357A
@ -37,7 +36,6 @@ config BOARD_GOOGLE_BRYA_COMMON
select SOC_INTEL_CSE_LITE_SKU
select SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES if SOC_INTEL_ALDERLAKE_PCH_P
select SOC_INTEL_COMMON_BASECODE_DEBUG_FEATURE
select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_BRYA
def_bool n
@ -46,6 +44,7 @@ config BOARD_GOOGLE_BASEBOARD_BRYA
select MEMORY_SOLDERDOWN if !BOARD_GOOGLE_BANSHEE
select SOC_INTEL_ALDERLAKE_PCH_P
select SYSTEM_TYPE_LAPTOP
select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_BRASK
def_bool n
@ -57,16 +56,17 @@ config BOARD_GOOGLE_BASEBOARD_BRASK
select RT8168_GET_MAC_FROM_VPD
select RT8168_SET_LED_MODE
select SOC_INTEL_ALDERLAKE_PCH_P
select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_NISSA
def_bool n
select BOARD_GOOGLE_BRYA_COMMON
select CHROMEOS_DRAM_PART_NUMBER_IN_CBI if CHROMEOS
select MAINBOARD_NEEDS_I2C_TI50_WORKAROUND
select MEMORY_SOLDERDOWN
select SOC_INTEL_ALDERLAKE_PCH_N
select SOC_INTEL_CSE_LITE_COMPRESS_ME_RW
select SYSTEM_TYPE_LAPTOP
select TPM_GOOGLE_TI50
if BOARD_GOOGLE_BRYA_COMMON