Revert "security/tpm/: turn tis_{init,open} into tis_probe"

This reverts commit d43154486d.

From CB:68991: This causes CraterLake boot up process to die.
Investigation in progress.

Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Tested-by: siemens-bot
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
This commit is contained in:
Sergii Dmytruk 2022-12-22 19:35:25 +02:00 committed by Felix Held
parent 025d20eaeb
commit 4ee03170e0
11 changed files with 180 additions and 124 deletions

View File

@ -14,6 +14,8 @@
#include "tpm.h" #include "tpm.h"
#include "chip.h" #include "chip.h"
static unsigned int tpm_is_open;
static const struct { static const struct {
uint16_t vid; uint16_t vid;
uint16_t did; uint16_t did;
@ -33,8 +35,41 @@ static const char *tis_get_dev_name(struct tpm2_info *info)
return "Unknown"; return "Unknown";
} }
static int crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf, int tis_open(void)
size_t *rbuf_len) {
if (tpm_is_open) {
printk(BIOS_ERR, "%s called twice.\n", __func__);
return -1;
}
if (CONFIG(HAVE_INTEL_PTT)) {
if (!ptt_active()) {
printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
return -1;
}
printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
}
return 0;
}
int tis_init(void)
{
struct tpm2_info info;
// Wake TPM up (if necessary)
if (tpm2_init() != 0)
return -1;
tpm2_get_info(&info);
printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info),
info.revision);
return 0;
}
int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf, size_t *rbuf_len)
{ {
int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
@ -46,30 +81,6 @@ static int crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *r
return 0; return 0;
} }
tis_sendrecv_fn tis_probe(void)
{
struct tpm2_info info;
/* Wake TPM up (if necessary) */
if (tpm2_init() != 0)
return NULL;
tpm2_get_info(&info);
printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info),
info.revision);
if (CONFIG(HAVE_INTEL_PTT)) {
if (!ptt_active()) {
printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
return NULL;
}
printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
}
return &crb_tpm_sendrecv;
}
static void crb_tpm_fill_ssdt(const struct device *dev) static void crb_tpm_fill_ssdt(const struct device *dev)
{ {
const char *path = acpi_device_path(dev); const char *path = acpi_device_path(dev);

View File

@ -484,6 +484,7 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
cr50_set_board_cfg(); cr50_set_board_cfg();
} }
chip->is_open = 1;
return 0; return 0;
} }

View File

@ -19,6 +19,32 @@ static struct tpm_chip chip;
#define TPM_CMD_COUNT_BYTE 2 #define TPM_CMD_COUNT_BYTE 2
#define TPM_CMD_ORDINAL_BYTE 6 #define TPM_CMD_ORDINAL_BYTE 6
int tis_open(void)
{
int rc;
if (chip.is_open) {
printk(BIOS_DEBUG, "%s() called twice.\n", __func__);
return -1;
}
rc = tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS,
CONFIG_DRIVER_TPM_I2C_ADDR);
if (rc < 0)
chip.is_open = 0;
if (rc)
return -1;
return 0;
}
int tis_init(void)
{
return tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS,
CONFIG_DRIVER_TPM_I2C_ADDR);
}
static ssize_t tpm_transmit(const uint8_t *sbuf, size_t sbufsiz, void *rbuf, static ssize_t tpm_transmit(const uint8_t *sbuf, size_t sbufsiz, void *rbuf,
size_t rbufsiz) size_t rbufsiz)
{ {
@ -81,8 +107,8 @@ out:
return rc; return rc;
} }
static int i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
uint8_t *recvbuf, size_t *rbuf_len) uint8_t *recvbuf, size_t *rbuf_len)
{ {
ASSERT(sbuf_size >= 10); ASSERT(sbuf_size >= 10);
@ -118,14 +144,3 @@ static int i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
return 0; return 0;
} }
tis_sendrecv_fn tis_probe(void)
{
if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
return NULL;
if (tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
return NULL;
return &i2c_tpm_sendrecv;
}

View File

@ -22,8 +22,18 @@ struct tpm_output_header {
uint32_t return_code; uint32_t return_code;
} __packed; } __packed;
static int i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, int tis_open(void)
uint8_t *recvbuf, size_t *rbuf_len) {
return 0;
}
int tis_init(void)
{
return 0;
}
int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
uint8_t *recvbuf, size_t *rbuf_len)
{ {
size_t hdr_bytes; size_t hdr_bytes;
struct tpm_output_header *header; struct tpm_output_header *header;
@ -102,8 +112,3 @@ static int i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
/* Successful transfer */ /* Successful transfer */
return 0; return 0;
} }
tis_sendrecv_fn tis_probe(void)
{
return &i2c_tis_sendrecv;
}

View File

@ -507,6 +507,8 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
tpm_dev.sleep_short = SLEEP_DURATION; tpm_dev.sleep_short = SLEEP_DURATION;
tpm_dev.sleep_long = SLEEP_DURATION_LONG; tpm_dev.sleep_long = SLEEP_DURATION_LONG;
chip->is_open = 1;
chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID; chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID; chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_canceled = TPM_STS_COMMAND_READY; chip->req_canceled = TPM_STS_COMMAND_READY;

View File

@ -38,6 +38,7 @@ enum tpm_timeout {
#define TPM_DID_VID(l) (0x0006 | ((l) << 4)) #define TPM_DID_VID(l) (0x0006 | ((l) << 4))
struct tpm_chip { struct tpm_chip {
int is_open;
uint8_t req_complete_mask; uint8_t req_complete_mask;
uint8_t req_complete_val; uint8_t req_complete_val;
uint8_t req_canceled; uint8_t req_canceled;

View File

@ -373,7 +373,7 @@ static int tis_command_ready(u8 locality)
* Returns 0 on success (the device is found or was found during an earlier * Returns 0 on success (the device is found or was found during an earlier
* invocation) or TPM_DRIVER_ERR if the device is not found. * invocation) or TPM_DRIVER_ERR if the device is not found.
*/ */
static u32 pc80_tis_probe(void) static u32 tis_probe(void)
{ {
const char *device_name = "unknown"; const char *device_name = "unknown";
const char *vendor_name = device_name; const char *vendor_name = device_name;
@ -608,11 +608,26 @@ static u32 tis_readresponse(u8 *buffer, size_t *len)
} }
/* /*
* tis_init()
*
* Initialize the TPM device. Returns 0 on success or TPM_DRIVER_ERR on
* failure (in case device probing did not succeed).
*/
int tis_init(void)
{
if (tis_probe())
return TPM_DRIVER_ERR;
return 0;
}
/*
* tis_open()
*
* Requests access to locality 0 for the caller. * Requests access to locality 0 for the caller.
* *
* Returns 0 on success, TPM_DRIVER_ERR on failure. * Returns 0 on success, TPM_DRIVER_ERR on failure.
*/ */
static int pc80_tis_open(void) int tis_open(void)
{ {
u8 locality = 0; /* we use locality zero for everything */ u8 locality = 0; /* we use locality zero for everything */
@ -638,6 +653,8 @@ static int pc80_tis_open(void)
} }
/* /*
* tis_sendrecv()
*
* Send the requested data to the TPM and then try to get its response * Send the requested data to the TPM and then try to get its response
* *
* @sendbuf - buffer of the data to send * @sendbuf - buffer of the data to send
@ -648,8 +665,8 @@ static int pc80_tis_open(void)
* Returns 0 on success (and places the number of response bytes at recv_len) * Returns 0 on success (and places the number of response bytes at recv_len)
* or TPM_DRIVER_ERR on failure. * or TPM_DRIVER_ERR on failure.
*/ */
static int pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size, int tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
uint8_t *recvbuf, size_t *recv_len) uint8_t *recvbuf, size_t *recv_len)
{ {
if (tis_senddata(sendbuf, send_size)) { if (tis_senddata(sendbuf, send_size)) {
printf("%s:%d failed sending data to TPM\n", printf("%s:%d failed sending data to TPM\n",
@ -660,23 +677,6 @@ static int pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size,
return tis_readresponse(recvbuf, recv_len); return tis_readresponse(recvbuf, recv_len);
} }
/*
* tis_probe()
*
* Probe for the TPM device and set it up for use within locality 0. Returns
* pointer to send-receive function on success or NULL on failure.
*/
tis_sendrecv_fn tis_probe(void)
{
if (pc80_tis_probe())
return NULL;
if (pc80_tis_open())
return NULL;
return &pc80_tpm_sendrecv;
}
/* /*
* tis_setup_interrupt() * tis_setup_interrupt()
* *

View File

@ -5,6 +5,8 @@
#include "tpm.h" #include "tpm.h"
static unsigned int tpm_is_open;
static const struct { static const struct {
uint16_t vid; uint16_t vid;
uint16_t did; uint16_t did;
@ -27,8 +29,41 @@ static const char *tis_get_dev_name(struct tpm2_info *info)
return "Unknown"; return "Unknown";
} }
static int tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, int tis_open(void)
uint8_t *recvbuf, size_t *rbuf_len) {
if (tpm_is_open) {
printk(BIOS_ERR, "%s() called twice.\n", __func__);
return -1;
}
return 0;
}
int tis_init(void)
{
struct spi_slave spi;
struct tpm2_info info;
if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS,
CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) {
printk(BIOS_ERR, "Failed to setup TPM SPI slave\n");
return -1;
}
if (tpm2_init(&spi)) {
printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n");
return -1;
}
tpm2_get_info(&info);
printk(BIOS_INFO, "Initialized TPM device %s revision %d\n",
tis_get_dev_name(&info), info.revision);
return 0;
}
int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
uint8_t *recvbuf, size_t *rbuf_len)
{ {
int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
@ -39,27 +74,3 @@ static int tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
return 0; return 0;
} }
tis_sendrecv_fn tis_probe(void)
{
struct spi_slave spi;
struct tpm2_info info;
if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS,
CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) {
printk(BIOS_ERR, "Failed to setup TPM SPI slave\n");
return NULL;
}
if (tpm2_init(&spi)) {
printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n");
return NULL;
}
tpm2_get_info(&info);
printk(BIOS_INFO, "Initialized TPM device %s revision %d\n",
tis_get_dev_name(&info), info.revision);
return &tpm_sendrecv;
}

View File

@ -32,6 +32,25 @@ enum tis_status {
}; };
/* /*
* tis_init()
*
* Initialize the TPM device. Returns 0 on success or -1 on
* failure (in case device probing did not succeed).
*/
int tis_init(void);
/*
* tis_open()
*
* Requests access to locality 0 for the caller.
*
* Returns 0 on success, -1 on failure.
*/
int tis_open(void);
/*
* tis_sendrecv()
*
* Send the requested data to the TPM and then try to get its response * Send the requested data to the TPM and then try to get its response
* *
* @sendbuf - buffer of the data to send * @sendbuf - buffer of the data to send
@ -42,19 +61,8 @@ enum tis_status {
* Returns 0 on success (and places the number of response bytes at recv_len) * Returns 0 on success (and places the number of response bytes at recv_len)
* or -1 on failure. * or -1 on failure.
*/ */
typedef int (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf, int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
size_t *recv_len); size_t *recv_len);
/*
* tis_probe()
*
* Probe for the TPM device and set it up for use within locality 0. Returns
* pointer to send-receive function on success or NULL on failure.
*
* Do not call this explicitly, it's meant to be used exclusively by TSS
* implementation (tlcl_lib_init() function to be specific).
*/
tis_sendrecv_fn tis_probe(void);
/* TODO: This is supposed to be used only for Google TPM. /* TODO: This is supposed to be used only for Google TPM.
Consider moving this to drivers/tpm/cr50.h. */ Consider moving this to drivers/tpm/cr50.h. */

View File

@ -24,18 +24,12 @@
#include <console/console.h> #include <console/console.h>
#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args) #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
static tis_sendrecv_fn tis_sendrecv;
static int tpm_send_receive(const uint8_t *request, static int tpm_send_receive(const uint8_t *request,
uint32_t request_length, uint32_t request_length,
uint8_t *response, uint8_t *response,
uint32_t *response_length) uint32_t *response_length)
{ {
size_t len = *response_length; size_t len = *response_length;
if (tis_sendrecv == NULL)
die("TSS 1.2 wasn't initialized\n");
if (tis_sendrecv(request, request_length, response, &len)) if (tis_sendrecv(request, request_length, response, &len))
return VB2_ERROR_UNKNOWN; return VB2_ERROR_UNKNOWN;
/* check 64->32bit overflow and (re)check response buffer overflow */ /* check 64->32bit overflow and (re)check response buffer overflow */
@ -146,14 +140,19 @@ static uint32_t send(const uint8_t *command)
/* Exported functions. */ /* Exported functions. */
static uint8_t tlcl_init_done;
uint32_t tlcl_lib_init(void) uint32_t tlcl_lib_init(void)
{ {
if (tis_sendrecv != NULL) if (tlcl_init_done)
return VB2_SUCCESS; return VB2_SUCCESS;
tis_sendrecv = tis_probe(); if (tis_init())
if (tis_sendrecv == NULL)
return VB2_ERROR_UNKNOWN; return VB2_ERROR_UNKNOWN;
if (tis_open())
return VB2_ERROR_UNKNOWN;
tlcl_init_done = 1;
return VB2_SUCCESS; return VB2_SUCCESS;
} }

View File

@ -16,8 +16,6 @@
* TPM2 specification. * TPM2 specification.
*/ */
static tis_sendrecv_fn tis_sendrecv;
void *tpm_process_command(TPM_CC command, void *command_body) void *tpm_process_command(TPM_CC command, void *command_body)
{ {
struct obuf ob; struct obuf ob;
@ -28,9 +26,6 @@ void *tpm_process_command(TPM_CC command, void *command_body)
/* Command/response buffer. */ /* Command/response buffer. */
static uint8_t cr_buffer[TPM_BUFFER_SIZE]; static uint8_t cr_buffer[TPM_BUFFER_SIZE];
if (tis_sendrecv == NULL)
die("TSS 2.0 wasn't initialized\n");
obuf_init(&ob, cr_buffer, sizeof(cr_buffer)); obuf_init(&ob, cr_buffer, sizeof(cr_buffer));
if (tpm_marshal_command(command, command_body, &ob) < 0) { if (tpm_marshal_command(command, command_body, &ob) < 0) {
@ -206,18 +201,26 @@ uint32_t tlcl_clear_control(bool disable)
return TPM_SUCCESS; return TPM_SUCCESS;
} }
static uint8_t tlcl_init_done;
/* This function is called directly by vboot, uses vboot return types. */ /* This function is called directly by vboot, uses vboot return types. */
uint32_t tlcl_lib_init(void) uint32_t tlcl_lib_init(void)
{ {
if (tis_sendrecv != NULL) if (tlcl_init_done)
return VB2_SUCCESS; return VB2_SUCCESS;
tis_sendrecv = tis_probe(); if (tis_init()) {
if (tis_sendrecv == NULL) { printk(BIOS_ERR, "%s: tis_init returned error\n", __func__);
printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__);
return VB2_ERROR_UNKNOWN; return VB2_ERROR_UNKNOWN;
} }
if (tis_open()) {
printk(BIOS_ERR, "%s: tis_open returned error\n", __func__);
return VB2_ERROR_UNKNOWN;
}
tlcl_init_done = 1;
return VB2_SUCCESS; return VB2_SUCCESS;
} }