drivers/spi/tpm: Add support for non CR50 SPI TPM2
Add support for a STM SPI TPM2 by adding checks for CR50. Tested using ST33HTPH2E32. Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
parent
fd50aea03e
commit
7bcd9a1d91
|
@ -14,6 +14,13 @@ config DRIVER_TPM_SPI_CHIP
|
||||||
depends on SPI_TPM
|
depends on SPI_TPM
|
||||||
|
|
||||||
config MAINBOARD_HAS_SPI_TPM_CR50
|
config MAINBOARD_HAS_SPI_TPM_CR50
|
||||||
|
bool
|
||||||
|
default n
|
||||||
|
select MAINBOARD_HAS_SPI_TPM
|
||||||
|
help
|
||||||
|
Board has a CR50 SPI TPM
|
||||||
|
|
||||||
|
config MAINBOARD_HAS_SPI_TPM
|
||||||
bool
|
bool
|
||||||
default n
|
default n
|
||||||
select SPI_TPM
|
select SPI_TPM
|
||||||
|
|
|
@ -18,6 +18,7 @@ static const struct {
|
||||||
} dev_map[] = {
|
} dev_map[] = {
|
||||||
{ 0x15d1, 0x001b, "SLB9670" },
|
{ 0x15d1, 0x001b, "SLB9670" },
|
||||||
{ 0x1ae0, 0x0028, "CR50" },
|
{ 0x1ae0, 0x0028, "CR50" },
|
||||||
|
{ 0x104a, 0x0000, "ST33HTPH2E32" },
|
||||||
};
|
};
|
||||||
|
|
||||||
static const char *tis_get_dev_name(struct tpm2_info *info)
|
static const char *tis_get_dev_name(struct tpm2_info *info)
|
||||||
|
|
|
@ -104,47 +104,51 @@ static int tpm_sync(void)
|
||||||
*/
|
*/
|
||||||
static int start_transaction(int read_write, size_t bytes, unsigned int addr)
|
static int start_transaction(int read_write, size_t bytes, unsigned int addr)
|
||||||
{
|
{
|
||||||
spi_frame_header header;
|
spi_frame_header header, header_resp;
|
||||||
uint8_t byte;
|
uint8_t byte;
|
||||||
int i;
|
int i;
|
||||||
|
int ret;
|
||||||
struct stopwatch sw;
|
struct stopwatch sw;
|
||||||
static int tpm_sync_needed;
|
static int tpm_sync_needed;
|
||||||
static struct stopwatch wake_up_sw;
|
static struct stopwatch wake_up_sw;
|
||||||
/*
|
|
||||||
* First Cr50 access in each coreboot stage where TPM is used will be
|
|
||||||
* prepended by a wake up pulse on the CS line.
|
|
||||||
*/
|
|
||||||
int wakeup_needed = 1;
|
|
||||||
|
|
||||||
/* Wait for TPM to finish previous transaction if needed */
|
if (CONFIG(TPM_CR50)) {
|
||||||
if (tpm_sync_needed) {
|
|
||||||
tpm_sync();
|
|
||||||
/*
|
/*
|
||||||
* During the first invocation of this function on each stage
|
* First Cr50 access in each coreboot stage where TPM is used will be
|
||||||
* this if () clause code does not run (as tpm_sync_needed
|
* prepended by a wake up pulse on the CS line.
|
||||||
* value is zero), during all following invocations the
|
|
||||||
* stopwatch below is guaranteed to be started.
|
|
||||||
*/
|
*/
|
||||||
if (!stopwatch_expired(&wake_up_sw))
|
int wakeup_needed = 1;
|
||||||
wakeup_needed = 0;
|
|
||||||
} else {
|
|
||||||
tpm_sync_needed = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (wakeup_needed) {
|
/* Wait for TPM to finish previous transaction if needed */
|
||||||
/* Just in case Cr50 is asleep. */
|
if (tpm_sync_needed) {
|
||||||
spi_claim_bus(&spi_slave);
|
tpm_sync();
|
||||||
udelay(1);
|
/*
|
||||||
spi_release_bus(&spi_slave);
|
* During the first invocation of this function on each stage
|
||||||
udelay(100);
|
* this if () clause code does not run (as tpm_sync_needed
|
||||||
}
|
* value is zero), during all following invocations the
|
||||||
|
* stopwatch below is guaranteed to be started.
|
||||||
|
*/
|
||||||
|
if (!stopwatch_expired(&wake_up_sw))
|
||||||
|
wakeup_needed = 0;
|
||||||
|
} else {
|
||||||
|
tpm_sync_needed = 1;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
if (wakeup_needed) {
|
||||||
* The Cr50 on H1 does not go to sleep for 1 second after any
|
/* Just in case Cr50 is asleep. */
|
||||||
* SPI slave activity, let's be conservative and limit the
|
spi_claim_bus(&spi_slave);
|
||||||
* window to 900 ms.
|
udelay(1);
|
||||||
*/
|
spi_release_bus(&spi_slave);
|
||||||
stopwatch_init_msecs_expire(&wake_up_sw, 900);
|
udelay(100);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The Cr50 on H1 does not go to sleep for 1 second after any
|
||||||
|
* SPI slave activity, let's be conservative and limit the
|
||||||
|
* window to 900 ms.
|
||||||
|
*/
|
||||||
|
stopwatch_init_msecs_expire(&wake_up_sw, 900);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The first byte of the frame header encodes the transaction type
|
* The first byte of the frame header encodes the transaction type
|
||||||
|
@ -181,16 +185,30 @@ static int start_transaction(int read_write, size_t bytes, unsigned int addr)
|
||||||
* transmitted by the TPM during the transaction's last byte.
|
* transmitted by the TPM during the transaction's last byte.
|
||||||
*
|
*
|
||||||
* We know that cr50 is guaranteed to set the flow control bit to 0
|
* We know that cr50 is guaranteed to set the flow control bit to 0
|
||||||
* during the header transfer, but real TPM2 might be fast enough not
|
* during the header transfer. Real TPM2 are fast enough to not require
|
||||||
* to require to stall the master, this would present an issue.
|
* to stall the master. They might still use this feature, so test the
|
||||||
|
* last bit after shifting in the address bytes.
|
||||||
* crosbug.com/p/52132 has been opened to track this.
|
* crosbug.com/p/52132 has been opened to track this.
|
||||||
*/
|
*/
|
||||||
spi_xfer(&spi_slave, header.body, sizeof(header.body), NULL, 0);
|
|
||||||
|
header_resp.body[3] = 0;
|
||||||
|
if (CONFIG(TPM_CR50))
|
||||||
|
ret = spi_xfer(&spi_slave, header.body, sizeof(header.body), NULL, 0);
|
||||||
|
else
|
||||||
|
ret = spi_xfer(&spi_slave, header.body, sizeof(header.body),
|
||||||
|
header_resp.body, sizeof(header_resp.body));
|
||||||
|
if (ret) {
|
||||||
|
printk(BIOS_ERR, "SPI-TPM: transfer error\n");
|
||||||
|
spi_release_bus(&spi_slave);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (header_resp.body[3] & 1)
|
||||||
|
return 1;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now poll the bus until TPM removes the stall bit. Give it up to 100
|
* Now poll the bus until TPM removes the stall bit. Give it up to 100
|
||||||
* ms to sort it out - it could be saving stuff in nvram at some
|
* ms to sort it out - it could be saving stuff in nvram at some point.
|
||||||
* point.
|
|
||||||
*/
|
*/
|
||||||
stopwatch_init_msecs_expire(&sw, 100);
|
stopwatch_init_msecs_expire(&sw, 100);
|
||||||
do {
|
do {
|
||||||
|
@ -201,6 +219,7 @@ static int start_transaction(int read_write, size_t bytes, unsigned int addr)
|
||||||
}
|
}
|
||||||
spi_xfer(&spi_slave, NULL, 0, &byte, 1);
|
spi_xfer(&spi_slave, NULL, 0, &byte, 1);
|
||||||
} while (!(byte & 1));
|
} while (!(byte & 1));
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -408,7 +427,8 @@ static int tpm2_claim_locality(void)
|
||||||
|
|
||||||
/* Device/vendor ID values of the TPM devices this driver supports. */
|
/* Device/vendor ID values of the TPM devices this driver supports. */
|
||||||
static const uint32_t supported_did_vids[] = {
|
static const uint32_t supported_did_vids[] = {
|
||||||
0x00281ae0 /* H1 based Cr50 security chip. */
|
0x00281ae0, /* H1 based Cr50 security chip. */
|
||||||
|
0x0000104a /* ST33HTPH2E32 */
|
||||||
};
|
};
|
||||||
|
|
||||||
int tpm2_init(struct spi_slave *spi_if)
|
int tpm2_init(struct spi_slave *spi_if)
|
||||||
|
@ -454,7 +474,8 @@ int tpm2_init(struct spi_slave *spi_if)
|
||||||
|
|
||||||
printk(BIOS_INFO, " done!\n");
|
printk(BIOS_INFO, " done!\n");
|
||||||
|
|
||||||
if (ENV_SEPARATE_VERSTAGE || ENV_BOOTBLOCK)
|
// FIXME: Move this to tpm_setup()
|
||||||
|
if (ENV_SEPARATE_VERSTAGE || ENV_BOOTBLOCK || !CONFIG(VBOOT))
|
||||||
/*
|
/*
|
||||||
* Claim locality 0, do it only during the first
|
* Claim locality 0, do it only during the first
|
||||||
* initialization after reset.
|
* initialization after reset.
|
||||||
|
@ -462,7 +483,10 @@ int tpm2_init(struct spi_slave *spi_if)
|
||||||
if (!tpm2_claim_locality())
|
if (!tpm2_claim_locality())
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
read_tpm_sts(&status);
|
if (!read_tpm_sts(&status)) {
|
||||||
|
printk(BIOS_ERR, "Reading status reg failed\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if ((status & TPM_STS_FAMILY_MASK) != TPM_STS_FAMILY_TPM_2_0) {
|
if ((status & TPM_STS_FAMILY_MASK) != TPM_STS_FAMILY_TPM_2_0) {
|
||||||
printk(BIOS_ERR, "unexpected TPM family value, status: %#x\n",
|
printk(BIOS_ERR, "unexpected TPM family value, status: %#x\n",
|
||||||
status);
|
status);
|
||||||
|
|
|
@ -18,15 +18,19 @@ menu "Trusted Platform Module"
|
||||||
config TPM1
|
config TPM1
|
||||||
bool
|
bool
|
||||||
default y if MAINBOARD_HAS_TPM1 || USER_TPM1
|
default y if MAINBOARD_HAS_TPM1 || USER_TPM1
|
||||||
depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \
|
depends on MAINBOARD_HAS_LPC_TPM || \
|
||||||
|| MAINBOARD_HAS_I2C_TPM_ATMEL
|
MAINBOARD_HAS_I2C_TPM_GENERIC || \
|
||||||
|
MAINBOARD_HAS_I2C_TPM_ATMEL
|
||||||
|
|
||||||
config TPM2
|
config TPM2
|
||||||
bool
|
bool
|
||||||
default y if MAINBOARD_HAS_TPM2 || USER_TPM2
|
default y if MAINBOARD_HAS_TPM2 || USER_TPM2
|
||||||
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \
|
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
|
||||||
|| MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \
|
MAINBOARD_HAS_LPC_TPM || \
|
||||||
|| MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_CRB_TPM
|
MAINBOARD_HAS_I2C_TPM_ATMEL || \
|
||||||
|
MAINBOARD_HAS_I2C_TPM_CR50 || \
|
||||||
|
MAINBOARD_HAS_SPI_TPM || \
|
||||||
|
MAINBOARD_HAS_CRB_TPM
|
||||||
|
|
||||||
config MAINBOARD_HAS_TPM1
|
config MAINBOARD_HAS_TPM1
|
||||||
bool
|
bool
|
||||||
|
@ -45,8 +49,9 @@ config USER_NO_TPM
|
||||||
|
|
||||||
config USER_TPM1
|
config USER_TPM1
|
||||||
bool "1.2"
|
bool "1.2"
|
||||||
depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \
|
depends on MAINBOARD_HAS_LPC_TPM || \
|
||||||
|| MAINBOARD_HAS_I2C_TPM_ATMEL
|
MAINBOARD_HAS_I2C_TPM_GENERIC || \
|
||||||
|
MAINBOARD_HAS_I2C_TPM_ATMEL
|
||||||
help
|
help
|
||||||
Enable this option to enable TPM 1.0 - 1.2 support in coreboot.
|
Enable this option to enable TPM 1.0 - 1.2 support in coreboot.
|
||||||
|
|
||||||
|
@ -54,9 +59,12 @@ config USER_TPM1
|
||||||
|
|
||||||
config USER_TPM2
|
config USER_TPM2
|
||||||
bool "2.0"
|
bool "2.0"
|
||||||
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \
|
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
|
||||||
|| MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \
|
MAINBOARD_HAS_LPC_TPM || \
|
||||||
|| MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_CRB_TPM
|
MAINBOARD_HAS_I2C_TPM_ATMEL || \
|
||||||
|
MAINBOARD_HAS_I2C_TPM_CR50 || \
|
||||||
|
MAINBOARD_HAS_SPI_TPM || \
|
||||||
|
MAINBOARD_HAS_CRB_TPM
|
||||||
help
|
help
|
||||||
Enable this option to enable TPM 2.0 support in coreboot.
|
Enable this option to enable TPM 2.0 support in coreboot.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue