14ab6cb4cSMarc-André Lureau /* 24ab6cb4cSMarc-André Lureau * tpm_crb.c - QEMU's TPM CRB interface emulator 34ab6cb4cSMarc-André Lureau * 44ab6cb4cSMarc-André Lureau * Copyright (c) 2018 Red Hat, Inc. 54ab6cb4cSMarc-André Lureau * 64ab6cb4cSMarc-André Lureau * Authors: 74ab6cb4cSMarc-André Lureau * Marc-André Lureau <marcandre.lureau@redhat.com> 84ab6cb4cSMarc-André Lureau * 94ab6cb4cSMarc-André Lureau * This work is licensed under the terms of the GNU GPL, version 2 or later. 104ab6cb4cSMarc-André Lureau * See the COPYING file in the top-level directory. 114ab6cb4cSMarc-André Lureau * 124ab6cb4cSMarc-André Lureau * tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB) Interface 134ab6cb4cSMarc-André Lureau * as defined in TCG PC Client Platform TPM Profile (PTP) Specification 144ab6cb4cSMarc-André Lureau * Family “2.0” Level 00 Revision 01.03 v22 154ab6cb4cSMarc-André Lureau */ 164ab6cb4cSMarc-André Lureau 174ab6cb4cSMarc-André Lureau #include "qemu/osdep.h" 184ab6cb4cSMarc-André Lureau 194ab6cb4cSMarc-André Lureau #include "qemu-common.h" 204ab6cb4cSMarc-André Lureau #include "qapi/error.h" 214ab6cb4cSMarc-André Lureau #include "exec/address-spaces.h" 224ab6cb4cSMarc-André Lureau 234ab6cb4cSMarc-André Lureau #include "hw/qdev-core.h" 244ab6cb4cSMarc-André Lureau #include "hw/qdev-properties.h" 254ab6cb4cSMarc-André Lureau #include "hw/pci/pci_ids.h" 264ab6cb4cSMarc-André Lureau #include "hw/acpi/tpm.h" 274ab6cb4cSMarc-André Lureau #include "migration/vmstate.h" 284ab6cb4cSMarc-André Lureau #include "sysemu/tpm_backend.h" 29b8d44ab8SStefan Berger #include "sysemu/reset.h" 304ab6cb4cSMarc-André Lureau #include "tpm_int.h" 314ab6cb4cSMarc-André Lureau #include "tpm_util.h" 32ec427498SStefan Berger #include "trace.h" 334ab6cb4cSMarc-André Lureau 344ab6cb4cSMarc-André Lureau typedef struct CRBState { 354ab6cb4cSMarc-André Lureau DeviceState parent_obj; 364ab6cb4cSMarc-André Lureau 374ab6cb4cSMarc-André Lureau TPMBackend *tpmbe; 384ab6cb4cSMarc-André Lureau TPMBackendCmd cmd; 394ab6cb4cSMarc-André Lureau uint32_t regs[TPM_CRB_R_MAX]; 404ab6cb4cSMarc-André Lureau MemoryRegion mmio; 414ab6cb4cSMarc-André Lureau MemoryRegion cmdmem; 424ab6cb4cSMarc-André Lureau 434ab6cb4cSMarc-André Lureau size_t be_buffer_size; 444ab6cb4cSMarc-André Lureau } CRBState; 454ab6cb4cSMarc-André Lureau 464ab6cb4cSMarc-André Lureau #define CRB(obj) OBJECT_CHECK(CRBState, (obj), TYPE_TPM_CRB) 474ab6cb4cSMarc-André Lureau 484ab6cb4cSMarc-André Lureau #define CRB_INTF_TYPE_CRB_ACTIVE 0b1 494ab6cb4cSMarc-André Lureau #define CRB_INTF_VERSION_CRB 0b1 504ab6cb4cSMarc-André Lureau #define CRB_INTF_CAP_LOCALITY_0_ONLY 0b0 514ab6cb4cSMarc-André Lureau #define CRB_INTF_CAP_IDLE_FAST 0b0 524ab6cb4cSMarc-André Lureau #define CRB_INTF_CAP_XFER_SIZE_64 0b11 534ab6cb4cSMarc-André Lureau #define CRB_INTF_CAP_FIFO_NOT_SUPPORTED 0b0 544ab6cb4cSMarc-André Lureau #define CRB_INTF_CAP_CRB_SUPPORTED 0b1 554ab6cb4cSMarc-André Lureau #define CRB_INTF_IF_SELECTOR_CRB 0b1 564ab6cb4cSMarc-André Lureau 574ab6cb4cSMarc-André Lureau #define CRB_CTRL_CMD_SIZE (TPM_CRB_ADDR_SIZE - A_CRB_DATA_BUFFER) 584ab6cb4cSMarc-André Lureau 594ab6cb4cSMarc-André Lureau enum crb_loc_ctrl { 604ab6cb4cSMarc-André Lureau CRB_LOC_CTRL_REQUEST_ACCESS = BIT(0), 614ab6cb4cSMarc-André Lureau CRB_LOC_CTRL_RELINQUISH = BIT(1), 624ab6cb4cSMarc-André Lureau CRB_LOC_CTRL_SEIZE = BIT(2), 634ab6cb4cSMarc-André Lureau CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT = BIT(3), 644ab6cb4cSMarc-André Lureau }; 654ab6cb4cSMarc-André Lureau 664ab6cb4cSMarc-André Lureau enum crb_ctrl_req { 674ab6cb4cSMarc-André Lureau CRB_CTRL_REQ_CMD_READY = BIT(0), 684ab6cb4cSMarc-André Lureau CRB_CTRL_REQ_GO_IDLE = BIT(1), 694ab6cb4cSMarc-André Lureau }; 704ab6cb4cSMarc-André Lureau 714ab6cb4cSMarc-André Lureau enum crb_start { 724ab6cb4cSMarc-André Lureau CRB_START_INVOKE = BIT(0), 734ab6cb4cSMarc-André Lureau }; 744ab6cb4cSMarc-André Lureau 754ab6cb4cSMarc-André Lureau enum crb_cancel { 764ab6cb4cSMarc-André Lureau CRB_CANCEL_INVOKE = BIT(0), 774ab6cb4cSMarc-André Lureau }; 784ab6cb4cSMarc-André Lureau 794ab6cb4cSMarc-André Lureau static uint64_t tpm_crb_mmio_read(void *opaque, hwaddr addr, 804ab6cb4cSMarc-André Lureau unsigned size) 814ab6cb4cSMarc-André Lureau { 824ab6cb4cSMarc-André Lureau CRBState *s = CRB(opaque); 834ab6cb4cSMarc-André Lureau void *regs = (void *)&s->regs + (addr & ~3); 844ab6cb4cSMarc-André Lureau unsigned offset = addr & 3; 854ab6cb4cSMarc-André Lureau uint32_t val = *(uint32_t *)regs >> (8 * offset); 864ab6cb4cSMarc-André Lureau 87ec427498SStefan Berger trace_tpm_crb_mmio_read(addr, size, val); 88ec427498SStefan Berger 894ab6cb4cSMarc-André Lureau return val; 904ab6cb4cSMarc-André Lureau } 914ab6cb4cSMarc-André Lureau 924ab6cb4cSMarc-André Lureau static void tpm_crb_mmio_write(void *opaque, hwaddr addr, 934ab6cb4cSMarc-André Lureau uint64_t val, unsigned size) 944ab6cb4cSMarc-André Lureau { 954ab6cb4cSMarc-André Lureau CRBState *s = CRB(opaque); 96ec427498SStefan Berger 97ec427498SStefan Berger trace_tpm_crb_mmio_write(addr, size, val); 984ab6cb4cSMarc-André Lureau 994ab6cb4cSMarc-André Lureau switch (addr) { 1004ab6cb4cSMarc-André Lureau case A_CRB_CTRL_REQ: 1014ab6cb4cSMarc-André Lureau switch (val) { 1024ab6cb4cSMarc-André Lureau case CRB_CTRL_REQ_CMD_READY: 1034ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_CTRL_STS, 1044ab6cb4cSMarc-André Lureau tpmIdle, 0); 1054ab6cb4cSMarc-André Lureau break; 1064ab6cb4cSMarc-André Lureau case CRB_CTRL_REQ_GO_IDLE: 1074ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_CTRL_STS, 1084ab6cb4cSMarc-André Lureau tpmIdle, 1); 1094ab6cb4cSMarc-André Lureau break; 1104ab6cb4cSMarc-André Lureau } 1114ab6cb4cSMarc-André Lureau break; 1124ab6cb4cSMarc-André Lureau case A_CRB_CTRL_CANCEL: 1134ab6cb4cSMarc-André Lureau if (val == CRB_CANCEL_INVOKE && 1144ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_START] & CRB_START_INVOKE) { 1154ab6cb4cSMarc-André Lureau tpm_backend_cancel_cmd(s->tpmbe); 1164ab6cb4cSMarc-André Lureau } 1174ab6cb4cSMarc-André Lureau break; 1184ab6cb4cSMarc-André Lureau case A_CRB_CTRL_START: 1194ab6cb4cSMarc-André Lureau if (val == CRB_START_INVOKE && 1204ab6cb4cSMarc-André Lureau !(s->regs[R_CRB_CTRL_START] & CRB_START_INVOKE)) { 1214ab6cb4cSMarc-André Lureau void *mem = memory_region_get_ram_ptr(&s->cmdmem); 1224ab6cb4cSMarc-André Lureau 1234ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_START] |= CRB_START_INVOKE; 1244ab6cb4cSMarc-André Lureau s->cmd = (TPMBackendCmd) { 1254ab6cb4cSMarc-André Lureau .in = mem, 1264ab6cb4cSMarc-André Lureau .in_len = MIN(tpm_cmd_get_size(mem), s->be_buffer_size), 1274ab6cb4cSMarc-André Lureau .out = mem, 1284ab6cb4cSMarc-André Lureau .out_len = s->be_buffer_size, 1294ab6cb4cSMarc-André Lureau }; 1304ab6cb4cSMarc-André Lureau 1314ab6cb4cSMarc-André Lureau tpm_backend_deliver_request(s->tpmbe, &s->cmd); 1324ab6cb4cSMarc-André Lureau } 1334ab6cb4cSMarc-André Lureau break; 1344ab6cb4cSMarc-André Lureau case A_CRB_LOC_CTRL: 1354ab6cb4cSMarc-André Lureau switch (val) { 1364ab6cb4cSMarc-André Lureau case CRB_LOC_CTRL_RESET_ESTABLISHMENT_BIT: 1374ab6cb4cSMarc-André Lureau /* not loc 3 or 4 */ 1384ab6cb4cSMarc-André Lureau break; 1394ab6cb4cSMarc-André Lureau case CRB_LOC_CTRL_RELINQUISH: 1404ab6cb4cSMarc-André Lureau break; 1414ab6cb4cSMarc-André Lureau case CRB_LOC_CTRL_REQUEST_ACCESS: 1424ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_LOC_STS, 1434ab6cb4cSMarc-André Lureau Granted, 1); 1444ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_LOC_STS, 1454ab6cb4cSMarc-André Lureau beenSeized, 0); 1464ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_LOC_STATE, 1474ab6cb4cSMarc-André Lureau locAssigned, 1); 1484ab6cb4cSMarc-André Lureau break; 1494ab6cb4cSMarc-André Lureau } 1504ab6cb4cSMarc-André Lureau break; 1514ab6cb4cSMarc-André Lureau } 1524ab6cb4cSMarc-André Lureau } 1534ab6cb4cSMarc-André Lureau 1544ab6cb4cSMarc-André Lureau static const MemoryRegionOps tpm_crb_memory_ops = { 1554ab6cb4cSMarc-André Lureau .read = tpm_crb_mmio_read, 1564ab6cb4cSMarc-André Lureau .write = tpm_crb_mmio_write, 1574ab6cb4cSMarc-André Lureau .endianness = DEVICE_LITTLE_ENDIAN, 1584ab6cb4cSMarc-André Lureau .valid = { 1594ab6cb4cSMarc-André Lureau .min_access_size = 1, 1604ab6cb4cSMarc-André Lureau .max_access_size = 4, 1614ab6cb4cSMarc-André Lureau }, 1624ab6cb4cSMarc-André Lureau }; 1634ab6cb4cSMarc-André Lureau 1644ab6cb4cSMarc-André Lureau static void tpm_crb_request_completed(TPMIf *ti, int ret) 1654ab6cb4cSMarc-André Lureau { 1664ab6cb4cSMarc-André Lureau CRBState *s = CRB(ti); 1674ab6cb4cSMarc-André Lureau 1684ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_START] &= ~CRB_START_INVOKE; 1694ab6cb4cSMarc-André Lureau if (ret != 0) { 1704ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_CTRL_STS, 1714ab6cb4cSMarc-André Lureau tpmSts, 1); /* fatal error */ 1724ab6cb4cSMarc-André Lureau } 1734ab6cb4cSMarc-André Lureau } 1744ab6cb4cSMarc-André Lureau 1754ab6cb4cSMarc-André Lureau static enum TPMVersion tpm_crb_get_version(TPMIf *ti) 1764ab6cb4cSMarc-André Lureau { 1774ab6cb4cSMarc-André Lureau CRBState *s = CRB(ti); 1784ab6cb4cSMarc-André Lureau 1794ab6cb4cSMarc-André Lureau return tpm_backend_get_tpm_version(s->tpmbe); 1804ab6cb4cSMarc-André Lureau } 1814ab6cb4cSMarc-André Lureau 1824ab6cb4cSMarc-André Lureau static int tpm_crb_pre_save(void *opaque) 1834ab6cb4cSMarc-André Lureau { 1844ab6cb4cSMarc-André Lureau CRBState *s = opaque; 1854ab6cb4cSMarc-André Lureau 1864ab6cb4cSMarc-André Lureau tpm_backend_finish_sync(s->tpmbe); 1874ab6cb4cSMarc-André Lureau 1884ab6cb4cSMarc-André Lureau return 0; 1894ab6cb4cSMarc-André Lureau } 1904ab6cb4cSMarc-André Lureau 1914ab6cb4cSMarc-André Lureau static const VMStateDescription vmstate_tpm_crb = { 1924ab6cb4cSMarc-André Lureau .name = "tpm-crb", 1934ab6cb4cSMarc-André Lureau .pre_save = tpm_crb_pre_save, 1944ab6cb4cSMarc-André Lureau .fields = (VMStateField[]) { 1954ab6cb4cSMarc-André Lureau VMSTATE_UINT32_ARRAY(regs, CRBState, TPM_CRB_R_MAX), 1964ab6cb4cSMarc-André Lureau VMSTATE_END_OF_LIST(), 1974ab6cb4cSMarc-André Lureau } 1984ab6cb4cSMarc-André Lureau }; 1994ab6cb4cSMarc-André Lureau 2004ab6cb4cSMarc-André Lureau static Property tpm_crb_properties[] = { 2014ab6cb4cSMarc-André Lureau DEFINE_PROP_TPMBE("tpmdev", CRBState, tpmbe), 2024ab6cb4cSMarc-André Lureau DEFINE_PROP_END_OF_LIST(), 2034ab6cb4cSMarc-André Lureau }; 2044ab6cb4cSMarc-André Lureau 205b8d44ab8SStefan Berger static void tpm_crb_reset(void *dev) 2064ab6cb4cSMarc-André Lureau { 2074ab6cb4cSMarc-André Lureau CRBState *s = CRB(dev); 2084ab6cb4cSMarc-André Lureau 2094ab6cb4cSMarc-André Lureau tpm_backend_reset(s->tpmbe); 2104ab6cb4cSMarc-André Lureau 211*be052a3bSStefan Berger ARRAY_FIELD_DP32(s->regs, CRB_LOC_STATE, 212*be052a3bSStefan Berger tpmRegValidSts, 1); 2134ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2144ab6cb4cSMarc-André Lureau InterfaceType, CRB_INTF_TYPE_CRB_ACTIVE); 2154ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2164ab6cb4cSMarc-André Lureau InterfaceVersion, CRB_INTF_VERSION_CRB); 2174ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2184ab6cb4cSMarc-André Lureau CapLocality, CRB_INTF_CAP_LOCALITY_0_ONLY); 2194ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2204ab6cb4cSMarc-André Lureau CapCRBIdleBypass, CRB_INTF_CAP_IDLE_FAST); 2214ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2224ab6cb4cSMarc-André Lureau CapDataXferSizeSupport, CRB_INTF_CAP_XFER_SIZE_64); 2234ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2244ab6cb4cSMarc-André Lureau CapFIFO, CRB_INTF_CAP_FIFO_NOT_SUPPORTED); 2254ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2264ab6cb4cSMarc-André Lureau CapCRB, CRB_INTF_CAP_CRB_SUPPORTED); 2274ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2284ab6cb4cSMarc-André Lureau InterfaceSelector, CRB_INTF_IF_SELECTOR_CRB); 2294ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID, 2304ab6cb4cSMarc-André Lureau RID, 0b0000); 2314ab6cb4cSMarc-André Lureau ARRAY_FIELD_DP32(s->regs, CRB_INTF_ID2, 2324ab6cb4cSMarc-André Lureau VID, PCI_VENDOR_ID_IBM); 2334ab6cb4cSMarc-André Lureau 2344ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_CMD_SIZE] = CRB_CTRL_CMD_SIZE; 2354ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_CMD_LADDR] = TPM_CRB_ADDR_BASE + A_CRB_DATA_BUFFER; 2364ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_RSP_SIZE] = CRB_CTRL_CMD_SIZE; 2374ab6cb4cSMarc-André Lureau s->regs[R_CRB_CTRL_RSP_ADDR] = TPM_CRB_ADDR_BASE + A_CRB_DATA_BUFFER; 2384ab6cb4cSMarc-André Lureau 2394ab6cb4cSMarc-André Lureau s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->tpmbe), 2404ab6cb4cSMarc-André Lureau CRB_CTRL_CMD_SIZE); 2414ab6cb4cSMarc-André Lureau 2424ab6cb4cSMarc-André Lureau tpm_backend_startup_tpm(s->tpmbe, s->be_buffer_size); 2434ab6cb4cSMarc-André Lureau } 2444ab6cb4cSMarc-André Lureau 245b8d44ab8SStefan Berger static void tpm_crb_realize(DeviceState *dev, Error **errp) 246b8d44ab8SStefan Berger { 247b8d44ab8SStefan Berger CRBState *s = CRB(dev); 248b8d44ab8SStefan Berger 249b8d44ab8SStefan Berger if (!tpm_find()) { 250b8d44ab8SStefan Berger error_setg(errp, "at most one TPM device is permitted"); 251b8d44ab8SStefan Berger return; 252b8d44ab8SStefan Berger } 253b8d44ab8SStefan Berger if (!s->tpmbe) { 254b8d44ab8SStefan Berger error_setg(errp, "'tpmdev' property is required"); 255b8d44ab8SStefan Berger return; 256b8d44ab8SStefan Berger } 257b8d44ab8SStefan Berger 258b8d44ab8SStefan Berger memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s, 259b8d44ab8SStefan Berger "tpm-crb-mmio", sizeof(s->regs)); 260b8d44ab8SStefan Berger memory_region_init_ram(&s->cmdmem, OBJECT(s), 261b8d44ab8SStefan Berger "tpm-crb-cmd", CRB_CTRL_CMD_SIZE, errp); 262b8d44ab8SStefan Berger 263b8d44ab8SStefan Berger memory_region_add_subregion(get_system_memory(), 264b8d44ab8SStefan Berger TPM_CRB_ADDR_BASE, &s->mmio); 265b8d44ab8SStefan Berger memory_region_add_subregion(get_system_memory(), 266b8d44ab8SStefan Berger TPM_CRB_ADDR_BASE + sizeof(s->regs), &s->cmdmem); 267b8d44ab8SStefan Berger 268b8d44ab8SStefan Berger qemu_register_reset(tpm_crb_reset, dev); 269b8d44ab8SStefan Berger } 270b8d44ab8SStefan Berger 2714ab6cb4cSMarc-André Lureau static void tpm_crb_class_init(ObjectClass *klass, void *data) 2724ab6cb4cSMarc-André Lureau { 2734ab6cb4cSMarc-André Lureau DeviceClass *dc = DEVICE_CLASS(klass); 2744ab6cb4cSMarc-André Lureau TPMIfClass *tc = TPM_IF_CLASS(klass); 2754ab6cb4cSMarc-André Lureau 2764ab6cb4cSMarc-André Lureau dc->realize = tpm_crb_realize; 2774ab6cb4cSMarc-André Lureau dc->props = tpm_crb_properties; 2784ab6cb4cSMarc-André Lureau dc->vmsd = &vmstate_tpm_crb; 2794ab6cb4cSMarc-André Lureau dc->user_creatable = true; 2804ab6cb4cSMarc-André Lureau tc->model = TPM_MODEL_TPM_CRB; 2814ab6cb4cSMarc-André Lureau tc->get_version = tpm_crb_get_version; 2824ab6cb4cSMarc-André Lureau tc->request_completed = tpm_crb_request_completed; 2834ab6cb4cSMarc-André Lureau 2844ab6cb4cSMarc-André Lureau set_bit(DEVICE_CATEGORY_MISC, dc->categories); 2854ab6cb4cSMarc-André Lureau } 2864ab6cb4cSMarc-André Lureau 2874ab6cb4cSMarc-André Lureau static const TypeInfo tpm_crb_info = { 2884ab6cb4cSMarc-André Lureau .name = TYPE_TPM_CRB, 2894ab6cb4cSMarc-André Lureau /* could be TYPE_SYS_BUS_DEVICE (or LPC etc) */ 2904ab6cb4cSMarc-André Lureau .parent = TYPE_DEVICE, 2914ab6cb4cSMarc-André Lureau .instance_size = sizeof(CRBState), 2924ab6cb4cSMarc-André Lureau .class_init = tpm_crb_class_init, 2934ab6cb4cSMarc-André Lureau .interfaces = (InterfaceInfo[]) { 2944ab6cb4cSMarc-André Lureau { TYPE_TPM_IF }, 2954ab6cb4cSMarc-André Lureau { } 2964ab6cb4cSMarc-André Lureau } 2974ab6cb4cSMarc-André Lureau }; 2984ab6cb4cSMarc-André Lureau 2994ab6cb4cSMarc-André Lureau static void tpm_crb_register(void) 3004ab6cb4cSMarc-André Lureau { 3014ab6cb4cSMarc-André Lureau type_register_static(&tpm_crb_info); 3024ab6cb4cSMarc-André Lureau } 3034ab6cb4cSMarc-André Lureau 3044ab6cb4cSMarc-André Lureau type_init(tpm_crb_register) 305