GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

drivers/spi/tpm: Add support for non CR50 SPI TPM2 

Add support for a STM SPI TPM2 by adding checks for CR50.
Tested using ST33HTPH2E32.

Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Patrick Rudolph 2020-03-20 09:55:43 +01:00 committed by Philipp Deppenwiese
parent fd50aea03e
commit 7bcd9a1d91
4 changed files with 89 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/drivers/spi/tpm/Kconfig
View File

@ -14,6 +14,13 @@ config DRIVER_TPM_SPI_CHIP
depends on SPI_TPM depends on SPI_TPM
config MAINBOARD_HAS_SPI_TPM_CR50 config MAINBOARD_HAS_SPI_TPM_CR50
bool
default n
select MAINBOARD_HAS_SPI_TPM
help
Board has a CR50 SPI TPM
config MAINBOARD_HAS_SPI_TPM
bool bool
default n default n
select SPI_TPM select SPI_TPM

1
src/drivers/spi/tpm/tis.c
View File

@ -18,6 +18,7 @@ static const struct {
} dev_map[] = { } dev_map[] = {
{ 0x15d1, 0x001b, "SLB9670" }, { 0x15d1, 0x001b, "SLB9670" },
{ 0x1ae0, 0x0028, "CR50" }, { 0x1ae0, 0x0028, "CR50" },
{ 0x104a, 0x0000, "ST33HTPH2E32" },
}; };
static const char *tis_get_dev_name(struct tpm2_info *info) static const char *tis_get_dev_name(struct tpm2_info *info)

42
src/drivers/spi/tpm/tpm.c
View File

@ -104,12 +104,15 @@ static int tpm_sync(void)
*/ */
static int start_transaction(int read_write, size_t bytes, unsigned int addr) static int start_transaction(int read_write, size_t bytes, unsigned int addr)
{ {
spi_frame_header header; spi_frame_header header, header_resp;
uint8_t byte; uint8_t byte;
int i; int i;
int ret;
struct stopwatch sw; struct stopwatch sw;
static int tpm_sync_needed; static int tpm_sync_needed;
static struct stopwatch wake_up_sw; static struct stopwatch wake_up_sw;
if (CONFIG(TPM_CR50)) {
/* /*
* First Cr50 access in each coreboot stage where TPM is used will be * First Cr50 access in each coreboot stage where TPM is used will be
* prepended by a wake up pulse on the CS line. * prepended by a wake up pulse on the CS line.
@ -145,6 +148,7 @@ static int start_transaction(int read_write, size_t bytes, unsigned int addr)
* window to 900 ms. * window to 900 ms.
*/ */
stopwatch_init_msecs_expire(&wake_up_sw, 900); stopwatch_init_msecs_expire(&wake_up_sw, 900);
}
/* /*
* The first byte of the frame header encodes the transaction type * The first byte of the frame header encodes the transaction type
@ -181,16 +185,30 @@ static int start_transaction(int read_write, size_t bytes, unsigned int addr)
* transmitted by the TPM during the transaction's last byte. * transmitted by the TPM during the transaction's last byte.
* *
* We know that cr50 is guaranteed to set the flow control bit to 0 * We know that cr50 is guaranteed to set the flow control bit to 0
* during the header transfer, but real TPM2 might be fast enough not * during the header transfer. Real TPM2 are fast enough to not require
* to require to stall the master, this would present an issue. * to stall the master. They might still use this feature, so test the
* last bit after shifting in the address bytes.
* crosbug.com/p/52132 has been opened to track this. * crosbug.com/p/52132 has been opened to track this.
*/ */
spi_xfer(&spi_slave, header.body, sizeof(header.body), NULL, 0);
header_resp.body[3] = 0;
if (CONFIG(TPM_CR50))
ret = spi_xfer(&spi_slave, header.body, sizeof(header.body), NULL, 0);
else
ret = spi_xfer(&spi_slave, header.body, sizeof(header.body),
header_resp.body, sizeof(header_resp.body));
if (ret) {
printk(BIOS_ERR, "SPI-TPM: transfer error\n");
spi_release_bus(&spi_slave);
return 0;
}
if (header_resp.body[3] & 1)
return 1;
/* /*
* Now poll the bus until TPM removes the stall bit. Give it up to 100 * Now poll the bus until TPM removes the stall bit. Give it up to 100
* ms to sort it out - it could be saving stuff in nvram at some * ms to sort it out - it could be saving stuff in nvram at some point.
* point.
*/ */
stopwatch_init_msecs_expire(&sw, 100); stopwatch_init_msecs_expire(&sw, 100);
do { do {
@ -201,6 +219,7 @@ static int start_transaction(int read_write, size_t bytes, unsigned int addr)
} }
spi_xfer(&spi_slave, NULL, 0, &byte, 1); spi_xfer(&spi_slave, NULL, 0, &byte, 1);
} while (!(byte & 1)); } while (!(byte & 1));
return 1; return 1;
} }
@ -408,7 +427,8 @@ static int tpm2_claim_locality(void)
/* Device/vendor ID values of the TPM devices this driver supports. */ /* Device/vendor ID values of the TPM devices this driver supports. */
static const uint32_t supported_did_vids[] = { static const uint32_t supported_did_vids[] = {
0x00281ae0 /* H1 based Cr50 security chip. */ 0x00281ae0, /* H1 based Cr50 security chip. */
0x0000104a /* ST33HTPH2E32 */
}; };
int tpm2_init(struct spi_slave *spi_if) int tpm2_init(struct spi_slave *spi_if)
@ -454,7 +474,8 @@ int tpm2_init(struct spi_slave *spi_if)
printk(BIOS_INFO, " done!\n"); printk(BIOS_INFO, " done!\n");
if (ENV_SEPARATE_VERSTAGE || ENV_BOOTBLOCK) // FIXME: Move this to tpm_setup()
if (ENV_SEPARATE_VERSTAGE || ENV_BOOTBLOCK || !CONFIG(VBOOT))
/* /*
* Claim locality 0, do it only during the first * Claim locality 0, do it only during the first
* initialization after reset. * initialization after reset.
@ -462,7 +483,10 @@ int tpm2_init(struct spi_slave *spi_if)
if (!tpm2_claim_locality()) if (!tpm2_claim_locality())
return -1; return -1;
read_tpm_sts(&status); if (!read_tpm_sts(&status)) {
printk(BIOS_ERR, "Reading status reg failed\n");
return -1;
}
if ((status & TPM_STS_FAMILY_MASK) != TPM_STS_FAMILY_TPM_2_0) { if ((status & TPM_STS_FAMILY_MASK) != TPM_STS_FAMILY_TPM_2_0) {
printk(BIOS_ERR, "unexpected TPM family value, status: %#x\n", printk(BIOS_ERR, "unexpected TPM family value, status: %#x\n",
status); status);

28
src/security/tpm/Kconfig
View File

@ -18,15 +18,19 @@ menu "Trusted Platform Module"
config TPM1 config TPM1
bool bool
default y if MAINBOARD_HAS_TPM1 || USER_TPM1 default y if MAINBOARD_HAS_TPM1 || USER_TPM1
depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \ depends on MAINBOARD_HAS_LPC_TPM || \
|| MAINBOARD_HAS_I2C_TPM_ATMEL MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_I2C_TPM_ATMEL
config TPM2 config TPM2
bool bool
default y if MAINBOARD_HAS_TPM2 || USER_TPM2 default y if MAINBOARD_HAS_TPM2 || USER_TPM2
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \ depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
|| MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \ MAINBOARD_HAS_LPC_TPM || \
|| MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_CRB_TPM MAINBOARD_HAS_I2C_TPM_ATMEL || \
MAINBOARD_HAS_I2C_TPM_CR50 || \
MAINBOARD_HAS_SPI_TPM || \
MAINBOARD_HAS_CRB_TPM
config MAINBOARD_HAS_TPM1 config MAINBOARD_HAS_TPM1
bool bool
@ -45,8 +49,9 @@ config USER_NO_TPM
config USER_TPM1 config USER_TPM1
bool "1.2" bool "1.2"
depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \ depends on MAINBOARD_HAS_LPC_TPM || \
|| MAINBOARD_HAS_I2C_TPM_ATMEL MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_I2C_TPM_ATMEL
help help
Enable this option to enable TPM 1.0 - 1.2 support in coreboot. Enable this option to enable TPM 1.0 - 1.2 support in coreboot.
@ -54,9 +59,12 @@ config USER_TPM1
config USER_TPM2 config USER_TPM2
bool "2.0" bool "2.0"
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \ depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
|| MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \ MAINBOARD_HAS_LPC_TPM || \
|| MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_CRB_TPM MAINBOARD_HAS_I2C_TPM_ATMEL || \
MAINBOARD_HAS_I2C_TPM_CR50 || \
MAINBOARD_HAS_SPI_TPM || \
MAINBOARD_HAS_CRB_TPM
help help
Enable this option to enable TPM 2.0 support in coreboot. Enable this option to enable TPM 2.0 support in coreboot.