security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset EC

Add marshaling and unmarshaling support for cr50 vendor sub-command to
reset EC and a interface function to exchange the same.

BUG=b:181051734
TEST=Build and boot to OS in drawlat. Ensure that when the command is
issued, EC reset is triggered.

Change-Id: I46063678511d27fea5eabbd12fc3af0b1df68143
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51164
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>

src/security/tpm/tss/tcg-2.0/tss_marshaling.c

@@ -333,6 +333,9 @@ static int marshal_cr50_vendor_command(struct obuf *ob, const void *command_body
 	case TPM2_CR50_SUB_CMD_GET_BOOT_MODE:
 		rc |= obuf_write_be16(ob, *sub_command);
 		break;
+	case TPM2_CR50_SUB_CMD_RESET_EC:
+		rc |= obuf_write_be16(ob, *sub_command);
+		break;
 	default:
 		/* Unsupported subcommand. */
 		printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n",
@@ -560,6 +563,8 @@ static int unmarshal_vendor_command(struct ibuf *ib,
 		return ibuf_read_be8(ib, &vcr->tpm_mode);
 	case TPM2_CR50_SUB_CMD_GET_BOOT_MODE:
 		return ibuf_read_be8(ib, &vcr->boot_mode);
+	case TPM2_CR50_SUB_CMD_RESET_EC:
+		break;
 	default:
 		printk(BIOS_ERR,
 		       "%s:%d - unsupported vendor command %#04x!\n",

src/security/tpm/tss/vendor/cr50/cr50.c

@@ -2,6 +2,7 @@
 
 #include <console/console.h>
 #include <endian.h>
+#include <halt.h>
 #include <vb2_api.h>
 #include <security/tpm/tis.h>
 #include <security/tpm/tss.h>
@@ -148,3 +149,30 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
 
 	return TPM_SUCCESS;
 }
+
+uint32_t tlcl_cr50_reset_ec(void)
+{
+	struct tpm2_response *response;
+	uint16_t reset_cmd = TPM2_CR50_SUB_CMD_RESET_EC;
+
+	printk(BIOS_DEBUG, "Issuing EC reset\n");
+
+	response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &reset_cmd);
+
+	if (!response)
+		return TPM_E_IOERROR;
+
+	if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
+	    response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND)
+		/* Explicitly inform caller when command is not supported */
+		return TPM_E_NO_SUCH_COMMAND;
+
+	if (response->hdr.tpm_code)
+		/* Unexpected return code from Cr50 */
+		return TPM_E_IOERROR;
+
+	printk(BIOS_DEBUG, "EC reset coming up...\n");
+	halt();
+
+	return TPM_SUCCESS;
+}

src/security/tpm/tss/vendor/cr50/cr50.h

@@ -15,6 +15,7 @@
 #define TPM2_CR50_SUB_CMD_GET_REC_BTN (29)
 #define TPM2_CR50_SUB_CMD_TPM_MODE (40)
 #define TPM2_CR50_SUB_CMD_GET_BOOT_MODE (52)
+#define TPM2_CR50_SUB_CMD_RESET_EC (53)
 
 /* Cr50 vendor-specific error codes. */
 #define VENDOR_RC_ERR              0x00000500
@@ -95,4 +96,12 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
  */
 uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
 
+/**
+ * CR50 specific TPM command sequence to issue an EC reset.
+ *
+ * Returns TPM_E_* for errors.
+ * On Success, this function invokes halt() and does not return.
+ */
+uint32_t tlcl_cr50_reset_ec(void);
+
 #endif /* CR50_TSS_STRUCTURES_H_ */