1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2014 Intel Corporation
4 *
5 * Authors:
6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
7 *
8 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
9 *
10 * This device driver implements the TPM interface as defined in
11 * the TCG CRB 2.0 TPM specification.
12 */
13
14 #include <linux/acpi.h>
15 #include <linux/highmem.h>
16 #include <linux/rculist.h>
17 #include <linux/module.h>
18 #include <linux/pm_runtime.h>
19 #ifdef CONFIG_ARM64
20 #include <linux/arm-smccc.h>
21 #endif
22 #include "tpm_crb_ffa.h"
23 #include "tpm.h"
24
25 #define ACPI_SIG_TPM2 "TPM2"
26 #define TPM_CRB_MAX_RESOURCES 3
27
28 static const guid_t crb_acpi_start_guid =
29 GUID_INIT(0x6BBF6CAB, 0x5463, 0x4714,
30 0xB7, 0xCD, 0xF0, 0x20, 0x3C, 0x03, 0x68, 0xD4);
31
32 enum crb_defaults {
33 CRB_ACPI_START_REVISION_ID = 1,
34 CRB_ACPI_START_INDEX = 1,
35 };
36
37 enum crb_loc_ctrl {
38 CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0),
39 CRB_LOC_CTRL_RELINQUISH = BIT(1),
40 };
41
42 enum crb_loc_state {
43 CRB_LOC_STATE_LOC_ASSIGNED = BIT(1),
44 CRB_LOC_STATE_TPM_REG_VALID_STS = BIT(7),
45 };
46
47 enum crb_ctrl_req {
48 CRB_CTRL_REQ_CMD_READY = BIT(0),
49 CRB_CTRL_REQ_GO_IDLE = BIT(1),
50 };
51
52 enum crb_ctrl_sts {
53 CRB_CTRL_STS_ERROR = BIT(0),
54 CRB_CTRL_STS_TPM_IDLE = BIT(1),
55 };
56
57 enum crb_start {
58 CRB_START_INVOKE = BIT(0),
59 };
60
61 enum crb_cancel {
62 CRB_CANCEL_INVOKE = BIT(0),
63 };
64
65 struct crb_regs_head {
66 u32 loc_state;
67 u32 reserved1;
68 u32 loc_ctrl;
69 u32 loc_sts;
70 u8 reserved2[32];
71 u64 intf_id;
72 u64 ctrl_ext;
73 } __packed;
74
75 struct crb_regs_tail {
76 u32 ctrl_req;
77 u32 ctrl_sts;
78 u32 ctrl_cancel;
79 u32 ctrl_start;
80 u32 ctrl_int_enable;
81 u32 ctrl_int_sts;
82 u32 ctrl_cmd_size;
83 u32 ctrl_cmd_pa_low;
84 u32 ctrl_cmd_pa_high;
85 u32 ctrl_rsp_size;
86 u64 ctrl_rsp_pa;
87 } __packed;
88
89 enum crb_status {
90 CRB_DRV_STS_COMPLETE = BIT(0),
91 };
92
93 struct crb_priv {
94 u32 sm;
95 const char *hid;
96 struct crb_regs_head __iomem *regs_h;
97 struct crb_regs_tail __iomem *regs_t;
98 u8 __iomem *cmd;
99 u8 __iomem *rsp;
100 u32 cmd_size;
101 u32 smc_func_id;
102 u32 __iomem *pluton_start_addr;
103 u32 __iomem *pluton_reply_addr;
104 u8 ffa_flags;
105 u8 ffa_attributes;
106 };
107
108 struct tpm2_crb_smc {
109 u32 interrupt;
110 u8 interrupt_flags;
111 u8 op_flags;
112 u16 reserved2;
113 u32 smc_func_id;
114 };
115
116 /* CRB over FFA start method parameters in TCG2 ACPI table */
117 struct tpm2_crb_ffa {
118 u8 flags;
119 u8 attributes;
120 u16 partition_id;
121 u8 reserved[8];
122 };
123
124 struct tpm2_crb_pluton {
125 u64 start_addr;
126 u64 reply_addr;
127 };
128
129 /*
130 * Returns true if the start method supports idle.
131 */
tpm_crb_has_idle(u32 start_method)132 static inline bool tpm_crb_has_idle(u32 start_method)
133 {
134 return !(start_method == ACPI_TPM2_START_METHOD ||
135 start_method == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD ||
136 start_method == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC ||
137 start_method == ACPI_TPM2_CRB_WITH_ARM_FFA);
138 }
139
crb_wait_for_reg_32(u32 __iomem * reg,u32 mask,u32 value,unsigned long timeout)140 static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value,
141 unsigned long timeout)
142 {
143 ktime_t start;
144 ktime_t stop;
145
146 start = ktime_get();
147 stop = ktime_add(start, ms_to_ktime(timeout));
148
149 do {
150 if ((ioread32(reg) & mask) == value)
151 return true;
152
153 usleep_range(50, 100);
154 } while (ktime_before(ktime_get(), stop));
155
156 return ((ioread32(reg) & mask) == value);
157 }
158
crb_try_pluton_doorbell(struct crb_priv * priv,bool wait_for_complete)159 static int crb_try_pluton_doorbell(struct crb_priv *priv, bool wait_for_complete)
160 {
161 if (priv->sm != ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON)
162 return 0;
163
164 if (!crb_wait_for_reg_32(priv->pluton_reply_addr, ~0, 1, TPM2_TIMEOUT_C))
165 return -ETIME;
166
167 iowrite32(1, priv->pluton_start_addr);
168 if (wait_for_complete == false)
169 return 0;
170
171 if (!crb_wait_for_reg_32(priv->pluton_start_addr,
172 0xffffffff, 0, 200))
173 return -ETIME;
174
175 return 0;
176 }
177
178 /**
179 * __crb_go_idle - request tpm crb device to go the idle state
180 *
181 * @dev: crb device
182 * @priv: crb private data
183 *
184 * Write CRB_CTRL_REQ_GO_IDLE to TPM_CRB_CTRL_REQ
185 * The device should respond within TIMEOUT_C by clearing the bit.
186 * Anyhow, we do not wait here as a consequent CMD_READY request
187 * will be handled correctly even if idle was not completed.
188 *
189 * The function does nothing for devices with ACPI-start method
190 * or SMC-start method.
191 *
192 * Return: 0 always
193 */
__crb_go_idle(struct device * dev,struct crb_priv * priv)194 static int __crb_go_idle(struct device *dev, struct crb_priv *priv)
195 {
196 int rc;
197
198 if (!tpm_crb_has_idle(priv->sm))
199 return 0;
200
201 iowrite32(CRB_CTRL_REQ_GO_IDLE, &priv->regs_t->ctrl_req);
202
203 rc = crb_try_pluton_doorbell(priv, true);
204 if (rc)
205 return rc;
206
207 if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_req,
208 CRB_CTRL_REQ_GO_IDLE/* mask */,
209 0, /* value */
210 TPM2_TIMEOUT_C)) {
211 dev_warn(dev, "goIdle timed out\n");
212 return -ETIME;
213 }
214
215 return 0;
216 }
217
crb_go_idle(struct tpm_chip * chip)218 static int crb_go_idle(struct tpm_chip *chip)
219 {
220 struct device *dev = &chip->dev;
221 struct crb_priv *priv = dev_get_drvdata(dev);
222
223 return __crb_go_idle(dev, priv);
224 }
225
226 /**
227 * __crb_cmd_ready - request tpm crb device to enter ready state
228 *
229 * @dev: crb device
230 * @priv: crb private data
231 *
232 * Write CRB_CTRL_REQ_CMD_READY to TPM_CRB_CTRL_REQ
233 * and poll till the device acknowledge it by clearing the bit.
234 * The device should respond within TIMEOUT_C.
235 *
236 * The function does nothing for devices with ACPI-start method
237 * or SMC-start method.
238 *
239 * Return: 0 on success -ETIME on timeout;
240 */
__crb_cmd_ready(struct device * dev,struct crb_priv * priv)241 static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv)
242 {
243 int rc;
244
245 if (!tpm_crb_has_idle(priv->sm))
246 return 0;
247
248 iowrite32(CRB_CTRL_REQ_CMD_READY, &priv->regs_t->ctrl_req);
249
250 rc = crb_try_pluton_doorbell(priv, true);
251 if (rc)
252 return rc;
253
254 if (!crb_wait_for_reg_32(&priv->regs_t->ctrl_req,
255 CRB_CTRL_REQ_CMD_READY /* mask */,
256 0, /* value */
257 TPM2_TIMEOUT_C)) {
258 dev_warn(dev, "cmdReady timed out\n");
259 return -ETIME;
260 }
261
262 return 0;
263 }
264
crb_cmd_ready(struct tpm_chip * chip)265 static int crb_cmd_ready(struct tpm_chip *chip)
266 {
267 struct device *dev = &chip->dev;
268 struct crb_priv *priv = dev_get_drvdata(dev);
269
270 return __crb_cmd_ready(dev, priv);
271 }
272
__crb_request_locality(struct device * dev,struct crb_priv * priv,int loc)273 static int __crb_request_locality(struct device *dev,
274 struct crb_priv *priv, int loc)
275 {
276 u32 value = CRB_LOC_STATE_LOC_ASSIGNED | CRB_LOC_STATE_TPM_REG_VALID_STS;
277 int rc;
278
279 if (!priv->regs_h)
280 return 0;
281
282 iowrite32(CRB_LOC_CTRL_REQUEST_ACCESS, &priv->regs_h->loc_ctrl);
283
284 if (priv->sm == ACPI_TPM2_CRB_WITH_ARM_FFA) {
285 rc = tpm_crb_ffa_start(CRB_FFA_START_TYPE_LOCALITY_REQUEST, loc);
286 if (rc)
287 return rc;
288 }
289
290 if (!crb_wait_for_reg_32(&priv->regs_h->loc_state, value, value,
291 TPM2_TIMEOUT_C)) {
292 dev_warn(dev, "TPM_LOC_STATE_x.requestAccess timed out\n");
293 return -ETIME;
294 }
295
296 return 0;
297 }
298
crb_request_locality(struct tpm_chip * chip,int loc)299 static int crb_request_locality(struct tpm_chip *chip, int loc)
300 {
301 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
302
303 return __crb_request_locality(&chip->dev, priv, loc);
304 }
305
__crb_relinquish_locality(struct device * dev,struct crb_priv * priv,int loc)306 static int __crb_relinquish_locality(struct device *dev,
307 struct crb_priv *priv, int loc)
308 {
309 u32 mask = CRB_LOC_STATE_LOC_ASSIGNED | CRB_LOC_STATE_TPM_REG_VALID_STS;
310 u32 value = CRB_LOC_STATE_TPM_REG_VALID_STS;
311 int rc;
312
313 if (!priv->regs_h)
314 return 0;
315
316 iowrite32(CRB_LOC_CTRL_RELINQUISH, &priv->regs_h->loc_ctrl);
317
318 if (priv->sm == ACPI_TPM2_CRB_WITH_ARM_FFA) {
319 rc = tpm_crb_ffa_start(CRB_FFA_START_TYPE_LOCALITY_REQUEST, loc);
320 if (rc)
321 return rc;
322 }
323
324 if (!crb_wait_for_reg_32(&priv->regs_h->loc_state, mask, value,
325 TPM2_TIMEOUT_C)) {
326 dev_warn(dev, "TPM_LOC_STATE_x.Relinquish timed out\n");
327 return -ETIME;
328 }
329
330 return 0;
331 }
332
crb_relinquish_locality(struct tpm_chip * chip,int loc)333 static int crb_relinquish_locality(struct tpm_chip *chip, int loc)
334 {
335 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
336
337 return __crb_relinquish_locality(&chip->dev, priv, loc);
338 }
339
crb_status(struct tpm_chip * chip)340 static u8 crb_status(struct tpm_chip *chip)
341 {
342 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
343 u8 sts = 0;
344
345 if ((ioread32(&priv->regs_t->ctrl_start) & CRB_START_INVOKE) !=
346 CRB_START_INVOKE)
347 sts |= CRB_DRV_STS_COMPLETE;
348
349 return sts;
350 }
351
crb_recv(struct tpm_chip * chip,u8 * buf,size_t count)352 static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count)
353 {
354 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
355 unsigned int expected;
356
357 /* A sanity check that the upper layer wants to get at least the header
358 * as that is the minimum size for any TPM response.
359 */
360 if (count < TPM_HEADER_SIZE)
361 return -EIO;
362
363 /* If this bit is set, according to the spec, the TPM is in
364 * unrecoverable condition.
365 */
366 if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR)
367 return -EIO;
368
369 /* Read the first 8 bytes in order to get the length of the response.
370 * We read exactly a quad word in order to make sure that the remaining
371 * reads will be aligned.
372 */
373 memcpy_fromio(buf, priv->rsp, 8);
374
375 expected = be32_to_cpup((__be32 *)&buf[2]);
376 if (expected > count || expected < TPM_HEADER_SIZE)
377 return -EIO;
378
379 memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8);
380
381 return expected;
382 }
383
crb_do_acpi_start(struct tpm_chip * chip)384 static int crb_do_acpi_start(struct tpm_chip *chip)
385 {
386 union acpi_object *obj;
387 int rc;
388
389 obj = acpi_evaluate_dsm(chip->acpi_dev_handle,
390 &crb_acpi_start_guid,
391 CRB_ACPI_START_REVISION_ID,
392 CRB_ACPI_START_INDEX,
393 NULL);
394 if (!obj)
395 return -ENXIO;
396 rc = obj->integer.value == 0 ? 0 : -ENXIO;
397 ACPI_FREE(obj);
398 return rc;
399 }
400
401 #ifdef CONFIG_ARM64
402 /*
403 * This is a TPM Command Response Buffer start method that invokes a
404 * Secure Monitor Call to requrest the firmware to execute or cancel
405 * a TPM 2.0 command.
406 */
tpm_crb_smc_start(struct device * dev,unsigned long func_id)407 static int tpm_crb_smc_start(struct device *dev, unsigned long func_id)
408 {
409 struct arm_smccc_res res;
410
411 arm_smccc_smc(func_id, 0, 0, 0, 0, 0, 0, 0, &res);
412 if (res.a0 != 0) {
413 dev_err(dev,
414 FW_BUG "tpm_crb_smc_start() returns res.a0 = 0x%lx\n",
415 res.a0);
416 return -EIO;
417 }
418
419 return 0;
420 }
421 #else
tpm_crb_smc_start(struct device * dev,unsigned long func_id)422 static int tpm_crb_smc_start(struct device *dev, unsigned long func_id)
423 {
424 dev_err(dev, FW_BUG "tpm_crb: incorrect start method\n");
425 return -EINVAL;
426 }
427 #endif
428
crb_send(struct tpm_chip * chip,u8 * buf,size_t len)429 static int crb_send(struct tpm_chip *chip, u8 *buf, size_t len)
430 {
431 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
432 int rc = 0;
433
434 /* Zero the cancel register so that the next command will not get
435 * canceled.
436 */
437 iowrite32(0, &priv->regs_t->ctrl_cancel);
438
439 if (len > priv->cmd_size) {
440 dev_err(&chip->dev, "invalid command count value %zd %d\n",
441 len, priv->cmd_size);
442 return -E2BIG;
443 }
444
445 /* Seems to be necessary for every command */
446 if (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON)
447 __crb_cmd_ready(&chip->dev, priv);
448
449 memcpy_toio(priv->cmd, buf, len);
450
451 /* Make sure that cmd is populated before issuing start. */
452 wmb();
453
454 /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs
455 * report only ACPI start but in practice seems to require both
456 * CRB start, hence invoking CRB start method if hid == MSFT0101.
457 */
458 if (priv->sm == ACPI_TPM2_COMMAND_BUFFER ||
459 priv->sm == ACPI_TPM2_MEMORY_MAPPED ||
460 !strcmp(priv->hid, "MSFT0101"))
461 iowrite32(CRB_START_INVOKE, &priv->regs_t->ctrl_start);
462
463 if (priv->sm == ACPI_TPM2_START_METHOD ||
464 priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD)
465 rc = crb_do_acpi_start(chip);
466
467 if (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC) {
468 iowrite32(CRB_START_INVOKE, &priv->regs_t->ctrl_start);
469 rc = tpm_crb_smc_start(&chip->dev, priv->smc_func_id);
470 }
471
472 if (priv->sm == ACPI_TPM2_CRB_WITH_ARM_FFA) {
473 iowrite32(CRB_START_INVOKE, &priv->regs_t->ctrl_start);
474 rc = tpm_crb_ffa_start(CRB_FFA_START_TYPE_COMMAND, chip->locality);
475 }
476
477 if (rc)
478 return rc;
479
480 return crb_try_pluton_doorbell(priv, false);
481 }
482
crb_cancel(struct tpm_chip * chip)483 static void crb_cancel(struct tpm_chip *chip)
484 {
485 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
486 int rc;
487
488 iowrite32(CRB_CANCEL_INVOKE, &priv->regs_t->ctrl_cancel);
489
490 if ((priv->sm == ACPI_TPM2_START_METHOD ||
491 priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) &&
492 crb_do_acpi_start(chip))
493 dev_err(&chip->dev, "ACPI Start failed\n");
494
495 if (priv->sm == ACPI_TPM2_CRB_WITH_ARM_FFA) {
496 rc = tpm_crb_ffa_start(CRB_FFA_START_TYPE_COMMAND, chip->locality);
497 if (rc)
498 dev_err(&chip->dev, "FF-A Start failed\n");
499 }
500 }
501
crb_req_canceled(struct tpm_chip * chip,u8 status)502 static bool crb_req_canceled(struct tpm_chip *chip, u8 status)
503 {
504 struct crb_priv *priv = dev_get_drvdata(&chip->dev);
505 u32 cancel = ioread32(&priv->regs_t->ctrl_cancel);
506
507 return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE;
508 }
509
510 static const struct tpm_class_ops tpm_crb = {
511 .flags = TPM_OPS_AUTO_STARTUP,
512 .status = crb_status,
513 .recv = crb_recv,
514 .send = crb_send,
515 .cancel = crb_cancel,
516 .req_canceled = crb_req_canceled,
517 .go_idle = crb_go_idle,
518 .cmd_ready = crb_cmd_ready,
519 .request_locality = crb_request_locality,
520 .relinquish_locality = crb_relinquish_locality,
521 .req_complete_mask = CRB_DRV_STS_COMPLETE,
522 .req_complete_val = CRB_DRV_STS_COMPLETE,
523 };
524
crb_check_resource(struct acpi_resource * ares,void * data)525 static int crb_check_resource(struct acpi_resource *ares, void *data)
526 {
527 struct resource *iores_array = data;
528 struct resource_win win;
529 struct resource *res = &(win.res);
530 int i;
531
532 if (acpi_dev_resource_memory(ares, res) ||
533 acpi_dev_resource_address_space(ares, &win)) {
534 for (i = 0; i < TPM_CRB_MAX_RESOURCES + 1; ++i) {
535 if (resource_type(iores_array + i) != IORESOURCE_MEM) {
536 iores_array[i] = *res;
537 iores_array[i].name = NULL;
538 break;
539 }
540 }
541 }
542
543 return 1;
544 }
545
crb_map_res(struct device * dev,struct resource * iores,void __iomem ** iobase_ptr,u64 start,u32 size)546 static void __iomem *crb_map_res(struct device *dev, struct resource *iores,
547 void __iomem **iobase_ptr, u64 start, u32 size)
548 {
549 struct resource new_res = {
550 .start = start,
551 .end = start + size - 1,
552 .flags = IORESOURCE_MEM,
553 };
554
555 /* Detect a 64 bit address on a 32 bit system */
556 if (start != new_res.start)
557 return IOMEM_ERR_PTR(-EINVAL);
558
559 if (!iores)
560 return devm_ioremap_resource(dev, &new_res);
561
562 if (!*iobase_ptr) {
563 *iobase_ptr = devm_ioremap_resource(dev, iores);
564 if (IS_ERR(*iobase_ptr))
565 return *iobase_ptr;
566 }
567
568 return *iobase_ptr + (new_res.start - iores->start);
569 }
570
571 /*
572 * Work around broken BIOSs that return inconsistent values from the ACPI
573 * region vs the registers. Trust the ACPI region. Such broken systems
574 * probably cannot send large TPM commands since the buffer will be truncated.
575 */
crb_fixup_cmd_size(struct device * dev,struct resource * io_res,u64 start,u64 size)576 static u64 crb_fixup_cmd_size(struct device *dev, struct resource *io_res,
577 u64 start, u64 size)
578 {
579 if (io_res->start > start || io_res->end < start)
580 return size;
581
582 if (start + size - 1 <= io_res->end)
583 return size;
584
585 dev_err(dev,
586 FW_BUG "ACPI region does not cover the entire command/response buffer. %pr vs %llx %llx\n",
587 io_res, start, size);
588
589 return io_res->end - start + 1;
590 }
591
crb_map_io(struct acpi_device * device,struct crb_priv * priv,struct acpi_table_tpm2 * buf)592 static int crb_map_io(struct acpi_device *device, struct crb_priv *priv,
593 struct acpi_table_tpm2 *buf)
594 {
595 struct list_head acpi_resource_list;
596 struct resource iores_array[TPM_CRB_MAX_RESOURCES + 1] = { {0} };
597 void __iomem *iobase_array[TPM_CRB_MAX_RESOURCES] = {NULL};
598 struct device *dev = &device->dev;
599 struct resource *iores;
600 void __iomem **iobase_ptr;
601 int i;
602 u32 pa_high, pa_low;
603 u64 cmd_pa;
604 u32 cmd_size;
605 __le64 __rsp_pa;
606 u64 rsp_pa;
607 u32 rsp_size;
608 int ret;
609
610 /*
611 * Pluton sometimes does not define ACPI memory regions.
612 * Mapping is then done in crb_map_pluton
613 */
614 if (priv->sm != ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON) {
615 INIT_LIST_HEAD(&acpi_resource_list);
616 ret = acpi_dev_get_resources(device, &acpi_resource_list,
617 crb_check_resource, iores_array);
618 if (ret < 0)
619 return ret;
620 acpi_dev_free_resource_list(&acpi_resource_list);
621
622 if (resource_type(iores_array) != IORESOURCE_MEM) {
623 dev_err(dev, FW_BUG "TPM2 ACPI table does not define a memory resource\n");
624 return -EINVAL;
625 } else if (resource_type(iores_array + TPM_CRB_MAX_RESOURCES) ==
626 IORESOURCE_MEM) {
627 dev_warn(dev, "TPM2 ACPI table defines too many memory resources\n");
628 memset(iores_array + TPM_CRB_MAX_RESOURCES,
629 0, sizeof(*iores_array));
630 iores_array[TPM_CRB_MAX_RESOURCES].flags = 0;
631 }
632 }
633
634 iores = NULL;
635 iobase_ptr = NULL;
636 for (i = 0; resource_type(iores_array + i) == IORESOURCE_MEM; ++i) {
637 if (buf->control_address >= iores_array[i].start &&
638 buf->control_address + sizeof(struct crb_regs_tail) - 1 <=
639 iores_array[i].end) {
640 iores = iores_array + i;
641 iobase_ptr = iobase_array + i;
642 break;
643 }
644 }
645
646 priv->regs_t = crb_map_res(dev, iores, iobase_ptr, buf->control_address,
647 sizeof(struct crb_regs_tail));
648
649 if (IS_ERR(priv->regs_t))
650 return PTR_ERR(priv->regs_t);
651
652 /* The ACPI IO region starts at the head area and continues to include
653 * the control area, as one nice sane region except for some older
654 * stuff that puts the control area outside the ACPI IO region.
655 */
656 if (priv->sm == ACPI_TPM2_COMMAND_BUFFER ||
657 priv->sm == ACPI_TPM2_CRB_WITH_ARM_FFA ||
658 priv->sm == ACPI_TPM2_MEMORY_MAPPED) {
659 if (iores &&
660 buf->control_address == iores->start +
661 sizeof(*priv->regs_h))
662 priv->regs_h = *iobase_ptr;
663 else
664 dev_warn(dev, FW_BUG "Bad ACPI memory layout");
665 }
666
667 ret = __crb_request_locality(dev, priv, 0);
668 if (ret)
669 return ret;
670
671 /*
672 * PTT HW bug w/a: wake up the device to access
673 * possibly not retained registers.
674 */
675 ret = __crb_cmd_ready(dev, priv);
676 if (ret)
677 goto out_relinquish_locality;
678
679 pa_high = ioread32(&priv->regs_t->ctrl_cmd_pa_high);
680 pa_low = ioread32(&priv->regs_t->ctrl_cmd_pa_low);
681 cmd_pa = ((u64)pa_high << 32) | pa_low;
682 cmd_size = ioread32(&priv->regs_t->ctrl_cmd_size);
683
684 iores = NULL;
685 iobase_ptr = NULL;
686 for (i = 0; iores_array[i].end; ++i) {
687 if (cmd_pa >= iores_array[i].start &&
688 cmd_pa <= iores_array[i].end) {
689 iores = iores_array + i;
690 iobase_ptr = iobase_array + i;
691 break;
692 }
693 }
694
695 if (iores)
696 cmd_size = crb_fixup_cmd_size(dev, iores, cmd_pa, cmd_size);
697
698 dev_dbg(dev, "cmd_hi = %X cmd_low = %X cmd_size %X\n",
699 pa_high, pa_low, cmd_size);
700
701 priv->cmd = crb_map_res(dev, iores, iobase_ptr, cmd_pa, cmd_size);
702 if (IS_ERR(priv->cmd)) {
703 ret = PTR_ERR(priv->cmd);
704 goto out;
705 }
706
707 memcpy_fromio(&__rsp_pa, &priv->regs_t->ctrl_rsp_pa, 8);
708 rsp_pa = le64_to_cpu(__rsp_pa);
709 rsp_size = ioread32(&priv->regs_t->ctrl_rsp_size);
710
711 iores = NULL;
712 iobase_ptr = NULL;
713 for (i = 0; resource_type(iores_array + i) == IORESOURCE_MEM; ++i) {
714 if (rsp_pa >= iores_array[i].start &&
715 rsp_pa <= iores_array[i].end) {
716 iores = iores_array + i;
717 iobase_ptr = iobase_array + i;
718 break;
719 }
720 }
721
722 if (iores)
723 rsp_size = crb_fixup_cmd_size(dev, iores, rsp_pa, rsp_size);
724
725 if (cmd_pa != rsp_pa) {
726 priv->rsp = crb_map_res(dev, iores, iobase_ptr,
727 rsp_pa, rsp_size);
728 ret = PTR_ERR_OR_ZERO(priv->rsp);
729 goto out;
730 }
731
732 /* According to the PTP specification, overlapping command and response
733 * buffer sizes must be identical.
734 */
735 if (cmd_size != rsp_size) {
736 dev_err(dev, FW_BUG "overlapping command and response buffer sizes are not identical");
737 ret = -EINVAL;
738 goto out;
739 }
740
741 priv->rsp = priv->cmd;
742
743 out:
744 if (!ret)
745 priv->cmd_size = cmd_size;
746
747 __crb_go_idle(dev, priv);
748
749 out_relinquish_locality:
750
751 __crb_relinquish_locality(dev, priv, 0);
752
753 return ret;
754 }
755
crb_map_pluton(struct device * dev,struct crb_priv * priv,struct acpi_table_tpm2 * buf,struct tpm2_crb_pluton * crb_pluton)756 static int crb_map_pluton(struct device *dev, struct crb_priv *priv,
757 struct acpi_table_tpm2 *buf, struct tpm2_crb_pluton *crb_pluton)
758 {
759 priv->pluton_start_addr = crb_map_res(dev, NULL, NULL,
760 crb_pluton->start_addr, 4);
761 if (IS_ERR(priv->pluton_start_addr))
762 return PTR_ERR(priv->pluton_start_addr);
763
764 priv->pluton_reply_addr = crb_map_res(dev, NULL, NULL,
765 crb_pluton->reply_addr, 4);
766 if (IS_ERR(priv->pluton_reply_addr))
767 return PTR_ERR(priv->pluton_reply_addr);
768
769 return 0;
770 }
771
crb_acpi_add(struct acpi_device * device)772 static int crb_acpi_add(struct acpi_device *device)
773 {
774 struct acpi_table_tpm2 *buf;
775 struct crb_priv *priv;
776 struct tpm_chip *chip;
777 struct device *dev = &device->dev;
778 struct tpm2_crb_smc *crb_smc;
779 struct tpm2_crb_ffa *crb_ffa;
780 struct tpm2_crb_pluton *crb_pluton;
781 acpi_status status;
782 u32 sm;
783 int rc;
784
785 status = acpi_get_table(ACPI_SIG_TPM2, 1,
786 (struct acpi_table_header **) &buf);
787 if (ACPI_FAILURE(status) || buf->header.length < sizeof(*buf)) {
788 dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n");
789 return -EINVAL;
790 }
791
792 /* Should the FIFO driver handle this? */
793 sm = buf->start_method;
794 if (sm == ACPI_TPM2_MEMORY_MAPPED) {
795 rc = -ENODEV;
796 goto out;
797 }
798
799 priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL);
800 if (!priv) {
801 rc = -ENOMEM;
802 goto out;
803 }
804
805 if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC) {
806 if (buf->header.length < (sizeof(*buf) + sizeof(*crb_smc))) {
807 dev_err(dev,
808 FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n",
809 buf->header.length,
810 ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC);
811 rc = -EINVAL;
812 goto out;
813 }
814 crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf));
815 priv->smc_func_id = crb_smc->smc_func_id;
816 }
817
818 if (sm == ACPI_TPM2_CRB_WITH_ARM_FFA) {
819 if (buf->header.length < (sizeof(*buf) + sizeof(*crb_ffa))) {
820 dev_err(dev,
821 FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n",
822 buf->header.length,
823 ACPI_TPM2_CRB_WITH_ARM_FFA);
824 rc = -EINVAL;
825 goto out;
826 }
827 crb_ffa = ACPI_ADD_PTR(struct tpm2_crb_ffa, buf, sizeof(*buf));
828 priv->ffa_flags = crb_ffa->flags;
829 priv->ffa_attributes = crb_ffa->attributes;
830 rc = tpm_crb_ffa_init();
831 if (rc) {
832 /* If FF-A driver is not available yet, request probe retry */
833 if (rc == -ENOENT)
834 rc = -EPROBE_DEFER;
835 goto out;
836 }
837 }
838
839 if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON) {
840 if (buf->header.length < (sizeof(*buf) + sizeof(*crb_pluton))) {
841 dev_err(dev,
842 FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n",
843 buf->header.length,
844 ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON);
845 rc = -EINVAL;
846 goto out;
847 }
848 crb_pluton = ACPI_ADD_PTR(struct tpm2_crb_pluton, buf, sizeof(*buf));
849 rc = crb_map_pluton(dev, priv, buf, crb_pluton);
850 if (rc)
851 goto out;
852 }
853
854 priv->sm = sm;
855 priv->hid = acpi_device_hid(device);
856
857 rc = crb_map_io(device, priv, buf);
858 if (rc)
859 goto out;
860
861 chip = tpmm_chip_alloc(dev, &tpm_crb);
862 if (IS_ERR(chip)) {
863 rc = PTR_ERR(chip);
864 goto out;
865 }
866
867 dev_set_drvdata(&chip->dev, priv);
868 chip->acpi_dev_handle = device->handle;
869 chip->flags = TPM_CHIP_FLAG_TPM2;
870
871 rc = tpm_chip_bootstrap(chip);
872 if (rc)
873 goto out;
874
875 #ifdef CONFIG_X86
876 /* A quirk for https://www.amd.com/en/support/kb/faq/pa-410 */
877 if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
878 priv->sm != ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON) {
879 dev_info(dev, "Disabling hwrng\n");
880 chip->flags |= TPM_CHIP_FLAG_HWRNG_DISABLED;
881 }
882 #endif /* CONFIG_X86 */
883
884 rc = tpm_chip_register(chip);
885
886 out:
887 acpi_put_table((struct acpi_table_header *)buf);
888 return rc;
889 }
890
crb_acpi_remove(struct acpi_device * device)891 static void crb_acpi_remove(struct acpi_device *device)
892 {
893 struct device *dev = &device->dev;
894 struct tpm_chip *chip = dev_get_drvdata(dev);
895
896 tpm_chip_unregister(chip);
897 }
898
899 static const struct dev_pm_ops crb_pm = {
900 SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume)
901 };
902
903 static const struct acpi_device_id crb_device_ids[] = {
904 {"MSFT0101", 0},
905 {"", 0},
906 };
907 MODULE_DEVICE_TABLE(acpi, crb_device_ids);
908
909 static struct acpi_driver crb_acpi_driver = {
910 .name = "tpm_crb",
911 .ids = crb_device_ids,
912 .ops = {
913 .add = crb_acpi_add,
914 .remove = crb_acpi_remove,
915 },
916 .drv = {
917 .pm = &crb_pm,
918 },
919 };
920
921 module_acpi_driver(crb_acpi_driver);
922 MODULE_AUTHOR("Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>");
923 MODULE_DESCRIPTION("TPM2 Driver");
924 MODULE_VERSION("0.1");
925 MODULE_LICENSE("GPL");
926