security/tpm: support compiling in multiple TPM drivers

Starting from here CONFIG_TPM1 and CONFIG_TPM2 are no longer mutually exclusive. Change-Id: I44c5a1d825afe414c2f5c2c90f4cfe41ba9bef5f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69162 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-01 00:48:43 +02:00
parent 7c75f8e5b2
commit 3e5cefcc45
12 changed files with 53 additions and 28 deletions
--- a/src/drivers/crb/tis.c
+++ b/src/drivers/crb/tis.c
@@ -46,7 +46,7 @@ static tpm_result_t crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, u
 	return TPM_SUCCESS;
 }

-tis_sendrecv_fn tis_probe(enum tpm_family *family)
+tis_sendrecv_fn crb_tis_probe(enum tpm_family *family)
 {
 	struct crb_tpm_info info;

--- a/src/drivers/crb/tpm.h
+++ b/src/drivers/crb/tpm.h
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause */
 /* This is a driver for a Command Response Buffer Interface */

+#include <security/tpm/tis.h>
 #include <security/tpm/tss_errors.h>

 /* CRB driver */
@@ -65,3 +66,5 @@ void crb_tpm_get_info(struct crb_tpm_info *crb_tpm_info);
 size_t crb_tpm_process_command(const void *tpm2_command, size_t command_size,
 			       void *tpm2_response, size_t max_response);
 bool crb_tpm_is_active(void);
+
+tis_sendrecv_fn crb_tis_probe(enum tpm_family *family);
--- a/src/drivers/i2c/tpm/tis.c
+++ b/src/drivers/i2c/tpm/tis.c
@@ -118,7 +118,7 @@ static tpm_result_t i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
 	return TPM_SUCCESS;
 }

-tis_sendrecv_fn tis_probe(enum tpm_family *family)
+tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family)
 {
 	if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR, family))
 		return NULL;
--- a/src/drivers/i2c/tpm/tis_atmel.c
+++ b/src/drivers/i2c/tpm/tis_atmel.c
@@ -12,6 +12,8 @@
 #include <timer.h>
 #include <types.h>

+#include "tpm.h"
+
 #define RECV_TIMEOUT            (1 * 1000)  /* 1 second */
 #define XMIT_TIMEOUT            (1 * 1000)  /* 1 second */
 #define SLEEP_DURATION          1000        /* microseconds */
@@ -107,7 +109,7 @@ static tpm_result_t i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
 	return TPM_SUCCESS;
 }

-tis_sendrecv_fn tis_probe(enum tpm_family *family)
+tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family)
 {
 	/*
 	 * Can't query version or really anything as the device doesn't support
--- a/src/drivers/i2c/tpm/tpm.h
+++ b/src/drivers/i2c/tpm/tpm.h
@@ -56,4 +56,6 @@ tpm_result_t tpm_vendor_probe(unsigned int bus, uint32_t addr, enum tpm_family *

 tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr);

+tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family);
+
 #endif /* __DRIVERS_TPM_SLB9635_I2C_TPM_H__ */
--- a/src/drivers/pc80/tpm/tis.c
+++ b/src/drivers/pc80/tpm/tis.c
@@ -24,7 +24,9 @@
 #include <device/pnp.h>
 #include <drivers/tpm/tpm_ppi.h>
 #include <timer.h>
+
 #include "chip.h"
+#include "tpm.h"

 #define PREFIX "lpc_tpm: "

@@ -374,7 +376,7 @@ static tpm_result_t tis_command_ready(u8 locality)
 * Returns TPM_SUCCESS on success (the device is found or was found during
 * an earlier invocation) or TPM_CB_FAIL if the device is not found.
 */
-static tpm_result_t pc80_tis_probe(enum tpm_family *family)
+static tpm_result_t pc80_tpm_probe(enum tpm_family *family)
 {
 	static enum tpm_family tpm_family;

@@ -718,7 +720,7 @@ static tpm_result_t pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size,
 }

 /*
- * tis_probe()
+ * pc80_tis_probe()
 *
 * Probe for the TPM device and set it up for use within locality 0.
 *
@@ -726,9 +728,9 @@ static tpm_result_t pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size,
 *
 * Returns pointer to send-receive function on success or NULL on failure.
 */
-tis_sendrecv_fn tis_probe(enum tpm_family *family)
+tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family)
 {
-	if (pc80_tis_probe(family))
+	if (pc80_tpm_probe(family))
 		return NULL;

 	if (pc80_tis_open())
--- a/src/drivers/pc80/tpm/tpm.h
+++ b/src/drivers/pc80/tpm/tpm.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#ifndef DRIVERS_PC80_TPM_TPM_H
+#define DRIVERS_PC80_TPM_TPM_H
+
+#include <security/tpm/tis.h>
+
+tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family);
+
+#endif /* DRIVERS_PC80_TPM_TPM_H */
--- a/src/drivers/spi/tpm/tis.c
+++ b/src/drivers/spi/tpm/tis.c
@@ -40,7 +40,7 @@ static tpm_result_t tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
 	return TPM_SUCCESS;
 }

-tis_sendrecv_fn tis_probe(enum tpm_family *family)
+tis_sendrecv_fn spi_tis_probe(enum tpm_family *family)
 {
 	struct spi_slave spi;
 	struct tpm2_info info;
--- a/src/drivers/spi/tpm/tpm.h
+++ b/src/drivers/spi/tpm/tpm.h
@@ -4,6 +4,7 @@
 #define __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H

 #include <drivers/tpm/cr50.h>
+#include <security/tpm/tis.h>
 #include <security/tpm/tss_errors.h>
 #include <stddef.h>
 #include <spi-generic.h>
@@ -44,4 +45,6 @@ size_t tpm2_process_command(const void *tpm2_command, size_t command_size,
 /* Get information about previously initialized TPM device. */
 void tpm2_get_info(struct tpm2_info *info);

+tis_sendrecv_fn spi_tis_probe(enum tpm_family *family);
+
 #endif  /* ! __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H */
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -4,14 +4,9 @@ source "src/security/tpm/tss/vendor/cr50/Kconfig"

 menu "Trusted Platform Module"

-choice
-	prompt "Trusted Platform Module"
-	default TPM2 if MAINBOARD_HAS_TPM2
-	default TPM1 if MAINBOARD_HAS_TPM1
-	default NO_TPM
-
 config NO_TPM
-	bool "No TPM"
+	bool
+	default y if !TPM1 && !TPM2
 	help
 	  No TPM support. Select this option if your system doesn't have a TPM,
 	  or if you don't want coreboot to communicate with your TPM in any way.
@@ -21,19 +16,17 @@ config NO_TPM
 config TPM1
 	bool "TPM 1.2"
 	depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
-	depends on !MAINBOARD_HAS_TPM2
+	default y if MAINBOARD_HAS_TPM1
 	help
 	  Select this option if your TPM uses the older TPM 1.2 protocol.

 config TPM2
 	bool "TPM 2.0"
 	depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
-	depends on !MAINBOARD_HAS_TPM1
+	default y if MAINBOARD_HAS_TPM2
 	help
 	  Select this option if your TPM uses the newer TPM 2.0 protocol.

-endchoice
-
 config TPM
 	bool
 	default y
@@ -52,7 +45,7 @@ config MAINBOARD_HAS_TPM2
 	  always uses the 2.0 protocol, and that it should be on by default.

 config TPM_DEACTIVATE
-	bool "Deactivate TPM"
+	bool "Deactivate TPM (for TPM1)"
 	default n
 	depends on !VBOOT
 	depends on TPM1
@@ -106,13 +99,13 @@ config TPM_LOG_CB
 	  Custom coreboot-specific format of the log derived from TPM1 log format.
 config TPM_LOG_TPM1
 	bool "TPM 1.2 format"
-	depends on TPM1
+	depends on TPM1 && !TPM2
 	help
 	  Log per TPM 1.2 specification.
 	  See "TCG PC Client Specific Implementation Specification for Conventional BIOS".
 config TPM_LOG_TPM2
 	bool "TPM 2.0 format"
-	depends on TPM2
+	depends on TPM1 || TPM2
 	help
 	  Log per TPM 2.0 specification.
 	  See "TCG PC Client Platform Firmware Profile Specification".
--- a/src/security/tpm/tis.h
+++ b/src/security/tpm/tis.h
@@ -54,8 +54,6 @@ typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8
 					size_t *recv_len);

 /*
- * tis_probe()
- *
 * Probe for the TPM device and set it up for use within locality 0.
 *
 * @family - pointer which is set to TPM family of the device
@@ -65,7 +63,7 @@ typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8
 * Do not call this explicitly, it's meant to be used exclusively by TSS
 * implementation (tlcl_lib_init() function to be specific).
 */
-tis_sendrecv_fn tis_probe(enum tpm_family *family);
+typedef tis_sendrecv_fn (*tis_probe_fn)(enum tpm_family *family);

 /*
 * tis_vendor_write()
--- a/src/security/tpm/tss/tss.c
+++ b/src/security/tpm/tss/tss.c
@@ -1,6 +1,10 @@
 /* SPDX-License-Identifier: BSD-3-Clause */

 #include <console/console.h>
+#include <drivers/crb/tpm.h>
+#include <drivers/i2c/tpm/tpm.h>
+#include <drivers/pc80/tpm/tpm.h>
+#include <drivers/spi/tpm/tpm.h>
 #include <security/tpm/tis.h>
 #include <security/tpm/tss.h>

@@ -24,13 +28,21 @@ tpm_result_t tlcl_lib_init(void)
 	/* Set right away to make recursion impossible. */
 	init_done = true;

-	tlcl_tis_sendrecv = tis_probe(&tlcl_tpm_family);
+	tlcl_tis_sendrecv = NULL;
+	if (CONFIG(CRB_TPM))
+		tlcl_tis_sendrecv = crb_tis_probe(&tlcl_tpm_family);
+	if (CONFIG(MEMORY_MAPPED_TPM) && tlcl_tis_sendrecv == NULL)
+		tlcl_tis_sendrecv = pc80_tis_probe(&tlcl_tpm_family);
+	if (CONFIG(I2C_TPM) && tlcl_tis_sendrecv == NULL)
+		tlcl_tis_sendrecv = i2c_tis_probe(&tlcl_tpm_family);
+	if (CONFIG(SPI_TPM) && tlcl_tis_sendrecv == NULL)
+		tlcl_tis_sendrecv = spi_tis_probe(&tlcl_tpm_family);

 	if (tlcl_tis_sendrecv == NULL) {
-		printk(BIOS_ERR, "%s: tis_probe failed\n", __func__);
+		printk(BIOS_ERR, "%s: TIS probe failed\n", __func__);
 		tlcl_tpm_family = TPM_UNKNOWN;
 	} else if (tlcl_tpm_family != TPM_1 && tlcl_tpm_family != TPM_2) {
-		printk(BIOS_ERR, "%s: tis_probe returned incorrect TPM family: %d\n", __func__,
+		printk(BIOS_ERR, "%s: TIS probe returned incorrect TPM family: %d\n", __func__,
 		       tlcl_tpm_family);
 		tlcl_tpm_family = TPM_UNKNOWN;
 	}