Grunt (a amd-stoneyridge based platform) uses a GPIO to interface with
the tpm. This change allows devicetree entries to use a irq_gpio entry
to describe the interface with the TPM.
BUG=b:72655090
Change-Id: I08289891408d7176f68eb9c67f7a417a2448c2de
Signed-off-by: Justin TerAvest <teravest@chromium.org>
Reviewed-on: https://review.coreboot.org/23500
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
* Move code from src/lib and src/include into src/security/tpm
* Split TPM TSS 1.2 and 2.0
* Fix header includes
* Add a new directory structure with kconfig and makefile includes
Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
The Cr50 i2c driver provides separate entry points for probing and
initialization, but probing function does not really do much.
It also claims and releases locality on every coreboot stage, but
there is no need for this - locality should be definitely claimed
after reset and then it could be retained through the boot process.
On top of that the driver does not properly account for long time it
could take the Cr50 chip to come around to reset processing if TPM
reset request was posted during a lengthy TPM operation.
This patch addresses the issues as follows:
- tpm_vendor_probe() and tpm_vendor_cleanup() become noops, kept
around to conform to the expected driver API.
- tpm_vendor_init() invokes a function to process TPM reset only in
the first stage using TPM (typically verstage), the function
checks if locality is claimed and if so - waits for it to be
released, which indicates that TPM reset processing is over.
- before claiming locality check if it is already taken, and if so -
just proceed.
BRANCH=none
BUG=b:65867313, b:68729265
TEST=Verified that reef no longer hangs during EC reboot and
firmware_Cr50ClearTPMOwner (not yet merged) tests.
Change-Id: Iba8445caf1342e3a5fefcb2664b0759a1a8e84e3
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/22554
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
In case the TPM is doing a long crypto operation the initial probe
could be very delayed. Rather than end up in recovery make the delay
long enough to accommodate the (current) long crypto times.
BUG=b:65867313, b:68729265
TEST=Verified that Soraka no longer hangs during EC reboot test.
Change-Id: I3bccff70e001dfc065c24be8ad34ef239a144db1
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/22379
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Split `i2c.h` into three pieces to ease reuse of the generic defi-
nitions. No code is changed.
* `i2c.h` - keeps the generic definitions
* `i2c_simple.h` - holds the current, limited to one controller driver
per board, devicetree independent I2C interface
* `i2c_bus.h` - will become the devicetree compatible interface for
native I2C (e.g. non-SMBus) controllers
Change-Id: I382d45c70f9314588663e1284f264f877469c74d
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/20845
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Our current struct for I2C segments `i2c_seg` was close to being compa-
tible to the Linux version `i2c_msg`, close to being compatible to SMBus
and close to being readable (e.g. what was `chip` supposed to mean?) but
turned out to be hard to fix.
Instead of extending it in a backwards compatible way (and not touching
current controller drivers), replace it with a Linux source compatible
`struct i2c_msg` and patch all the drivers and users with Coccinelle.
The new `struct i2c_msg` should ease porting drivers from Linux and help
to write SMBus compatible controller drivers.
Beside integer type changes, the field `read` is replaced with a generic
field `flags` and `chip` is renamed to `slave`.
Patched with Coccinelle using the clumsy spatch below and some manual
changes:
* Nested struct initializers and one field access skipped by Coccinelle.
* Removed assumption in the code that I2C_M_RD is 1.
* In `i2c.h`, changed all occurences of `chip` to `slave`.
@@ @@
-struct i2c_seg
+struct i2c_msg
@@ identifier msg; expression e; @@
(
struct i2c_msg msg = {
- .read = 0,
+ .flags = 0,
};
|
struct i2c_msg msg = {
- .read = 1,
+ .flags = I2C_M_RD,
};
|
struct i2c_msg msg = {
- .chip = e,
+ .slave = e,
};
)
@@ struct i2c_msg msg; statement S1, S2; @@
(
-if (msg.read)
+if (msg.flags & I2C_M_RD)
S1 else S2
|
-if (msg.read)
+if (msg.flags & I2C_M_RD)
S1
)
@@ struct i2c_msg *msg; statement S1, S2; @@
(
-if (msg->read)
+if (msg->flags & I2C_M_RD)
S1 else S2
|
-if (msg->read)
+if (msg->flags & I2C_M_RD)
S1
)
@@ struct i2c_msg msg; expression e; @@
(
-msg.read = 0;
+msg.flags = 0;
|
-msg.read = 1;
+msg.flags = I2C_M_RD;
|
-msg.read = e;
+msg.flags = e ? I2C_M_RD : 0;
|
-!!(msg.read)
+(msg.flags & I2C_M_RD)
|
-(msg.read)
+(msg.flags & I2C_M_RD)
)
@@ struct i2c_msg *msg; expression e; @@
(
-msg->read = 0;
+msg->flags = 0;
|
-msg->read = 1;
+msg->flags = I2C_M_RD;
|
-msg->read = e;
+msg->flags = e ? I2C_M_RD : 0;
|
-!!(msg->read)
+(msg->flags & I2C_M_RD)
|
-(msg->read)
+(msg->flags & I2C_M_RD)
)
@@ struct i2c_msg msg; @@
-msg.chip
+msg.slave
@@ struct i2c_msg *msg; expression e; @@
-msg[e].chip
+msg[e].slave
@ slave disable ptr_to_array @ struct i2c_msg *msg; @@
-msg->chip
+msg->slave
Change-Id: Ifd7cabf0a18ffd7a1def25d1d7059b713d0b7ea9
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/20542
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
The vendor.irq field was originally intended for use as the TPM 1.2
"command complete" interrupt. However, all actual coreboot tpm drivers
and hardware use the vendor.status method of checking command completion
instead, and this irq field is not used.
Let's just remove this unused functionality to simplify the code.
BRANCH=none
BUG=b:36786804
TEST=Boot reef w/ serial enabled firmware, verify verstage sees
"cr50 TPM" and does not complain about lack of tis_plat_irq_status().
TEST=Boot eve w/ serial enabled firmware, verify verstage sees
"cr50 TPM" and does not complain about lack of tis_plat_irq_status().
Change-Id: I994c5bfbd18124af9cb81d9684117af766ab0124
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-on: https://review.coreboot.org/19396
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
The Cr50 TPM uses an IRQ to provide a "status" signal used for hand-shaking
the reception of commands. Real IRQs are not supported in firmware,
however firmware can still poll interrupt status registers for the same
effect.
Commit 94cc485338 ("drivers/i2c/tpm/cr50: Support interrupts for status")
added support for the Cr50 driver on X86 platforms to use a KConfig file
to supply an IRQ which it would poll using acpi_get_gpe. If the IRQ is
not supplied, the Cr50 driver inserts a 20 ms wait.
Unfortunately this doesn't work so well when using the i2c connected Cr50
on ARM platforms. Luckily, a more generic implementation to allow a
mainboard to supply a Cr50 IRQ status polling function was solved for SPI
connected Cr50s by commit 19e3d335bd ("drivers/spi/tpm: using tpm irq to
sync tpm transaction").
Let's refactor the i2c c50 driver to use this same approach, and change
eve and reef boards to make use of DRIVER_TPM_TIS_ACPI_INTERRUPT for
specifying the TPM flow control interrupt.
This essentially reverts these two commits:
48f708d199 drivers/i2c/tpm/cr50: Initialize IRQ status handler before probe
94cc485338 drivers/i2c/tpm/cr50: Support interrupts for status
And ports this commit to i2c/tpm/cr50:
19e3d335bd drivers/spi/tpm: using tpm irq to sync tpm transaction
As a side effect the tpm_vendor_specific IRQ field goes back to its
original usage as the "TPM 1.2 command complete" interrupt, instead of
being repurposed to hold the flow control IRQ.
BRANCH=none
BUG=b:36786804
TEST=Boot reef w/ serial enabled firmware, verify verstage sees
"cr50 TPM" and does not complain about lack of tis_plat_irq_status().
TEST=Boot eve w/ serial enabled firmware, verify verstage sees
"cr50 TPM" and does not complain about lack of tis_plat_irq_status().
Change-Id: I004329eae1d8aabda51c46b8504bf210484782b4
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-on: https://review.coreboot.org/19363
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
1. Move common TIS macros to include/tpm.h.
2. Use common TIS macros while referring to status and access registers.
3. Add a new function claim_locality to properly check for required
access bits and claim locality 0.
BUG=b:36873582
Change-Id: I11bf3e8b6e1f50b7868c9fe4394a858488367287
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19213
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
The tis.c module is needlessly copying data to/from a 1260 byte
buffer on the stack. Each device's transport implementation (cr50.c
or tpm.c) maintains its own buffer, if needed, for framing purposes.
Therefore, remove the duplicated buffer.
BUG=b:36598499
Change-Id: I478fb57cb65509b5d74bdd871f1a231f8080bc2f
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/19061
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
The I2C interface for the Atmel AT97SC3204 TPM varies greatly from the
existing I2C TPM support. The Atmel part just passes the commands and
responses from the TIS layer across the I2C interface.
TEST=Build and run on Galileo Gen2 with Crypto Shield and vboot enabled
Change-Id: Ib2ef0ffdfc12b2fc11fe4c55b6414924d4b676dd
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18800
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Add debugging support for the TIS transactions for the I2C TPM chips.
TEST=Build and run on reef
Change-Id: Ibc7e26fca781316d625f4da080f34749f18e4f9b
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18799
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
Fix the following warnings detected by checkpatch.pl:
WARNING: Prefer 'unsigned int' to bare use of 'unsigned'
WARNING: braces {} are not necessary for single statement blocks
WARNING: Unnecessary parentheses - maybe == should be = ?
WARNING: line over 80 characters
WARNING: missing space after return type
TEST=Build and run on Galileo Gen2
Change-Id: I56f915f6c1975cce123fd38043bad2638717d88c
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18832
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
We've found that the SLB9645 TPM sometimes seems to randomly start
returning 0xFF bytes for all requests. The exact cause is yet unknown,
but we should try to write our TIS code such that it avoids bad
interactions with this kind of response (e.g. any wait_for_status()
immediately succeeds because all "status bits" are set in the response).
At least for status and burstCount readings we can say for sure that the
value is nonsensical and we're already reading those in a loop until we
get valid results anyway, so let's add code to explicitly discount 0xFF
bytes.
BRANCH=oak
BUG=chrome-os-partner:55764
TEST=None
Change-Id: I934d42c36d6847a22a185795cea49d282fa113d9
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420470
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://review.coreboot.org/18006
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Increase the IRQ timeout to prevent issues if there is a delay
in the TPM responding to a command. Split the no-IRQ case out
so it doesn't suffer unnecessarily.
BUG=chrome-os-partner:59191
TEST=suspend/resume testing on eve board
Change-Id: I1ea7859bc7a056a450b2b0ee32153ae43ee8699f
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/17204
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Kconfig hex values don't need to be in quotes, and should start with
'0x'. If the default value isn't set this way, Kconfig will add the
0x to the start, and the entry can be added unnecessarily to the
defconfig since it's "different" than what was set by the default.
A check for this has been added to the Kconfig lint tool.
Change-Id: I86f37340682771700011b6285e4b4af41b7e9968
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/16834
Tested-by: build bot (Jenkins)
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Support reading the ACPI GPE status (on x86) to determine when
the cr50 is ready to return response data or is done processing
written data. If the interrupt is not defined by Kconfig then
it will continue to use the safe delay.
This was tested with reef hardware and a modified cr50 image
that generates interrupts at the intended points.
BUG=chrome-os-partner:53336
Change-Id: Ic8f805159650c45382cacac8840450a1f8b4d7a1
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16672
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Unify the function names to be consistent throughout the driver
and improve the handling while waiting for data available and
data expected flags from the TPM.
BUG=chrome-os-partner:53336
Change-Id: Ie2dfb7ede1bcda0e77070df945c47c1428115907
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16668
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Clean up the mask and timeout handling in the locality functions
that were copied from the original driver.
BUG=chrome-os-partner:53336
Change-Id: Ifdcb3be0036b2c02bfbd1bcd326e9519d3726ee0
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16667
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Rename the low-level functions from iic_tpm_read/write to
cr50_i2c_read/write to better match the driver name, and pass in the
tpm_chip structure to the low-level read/write functions as it will
be needed in future changes.
BUG=chrome-os-partner:53336
Change-Id: I826a7f024f8d137453af86ba920e0a3a734f7349
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16666
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Use two different timeouts in the driver. The 2ms timeout is needed
to be safe for cr50 to cover the extended timeout that is seen with
some commands. The other at 2 seconds which is a TPM spec timeout.
BUG=chrome-os-partner:53336
Change-Id: Ia396fc48b8fe6e56e7071db9d74561de02b5b50e
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16665
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reduce the static buffer size from the generic default 1260
down to 64 to match the max FIFO size for the cr50 hardware
and reduce the footprint of the driver.
BUG=chrome-os-partner:53336
Change-Id: I6f9f71d501b60299edad4b16cc553a85391a1866
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16664
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Originally I thought it would be cleaner to keep this code in one
place, but as things continue to diverge it ends up being easier
to split this into its own driver. This way the different drivers
in coreboot, depthcharge, and the kernel, can all be standalone
and if one is changed it is easier to modify the others.
This change splits out the cr50 driver and brings along the basic
elements from the existing driver with no real change in
functionality. The following commits will modify the code to make
it consistent so it can all be shared with depthcharge and the
linux kernel drivers.
BUG=chrome-os-partner:53336
Change-Id: I3b62b680773d23cc5a7d2217b9754c6c28bccfa7
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16663
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Move the common enums and variables to tpm.h so it can be
used by multiple drivers.
BUG=chrome-os-partner:53336
Change-Id: Ie749f13562be753293448fee2c2d643797bf8049
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16662
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Support reading the ACPI GPE status (on x86) to determine when
the cr50 is ready to return response data or is done processing
written data. If the interrupt is not defined by Kconfig then
it will continue to use the safe delay.
This was tested with reef hardware and a modified cr50 image
that generates interrupts at the intended points.
BUG=chrome-os-partner:53336
Change-Id: I9f78f520fd089cb4471d8826a8cfecff67398bf8
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Unify the function names to be consistent throughout the driver
and improve the handling while waiting for data available and
data expected flags from the TPM.
BUG=chrome-os-partner:53336
Change-Id: I7e3912fb8d8c6ad17d1af2d2a7189bf7c0c52c8e
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Clean up the mask and timeout handling in the locality functions
that were copied from the original driver.
BUG=chrome-os-partner:53336
Change-Id: Ifa1445224b475aec38c2ac56e15cb7ba7fcd21ea
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Rename the low-level functions from iic_tpm_read/write to
cr50_i2c_read/write to better match the driver name, and pass in the
tpm_chip structure to the low-level read/write functions as it will
be needed in future changes.
BUG=chrome-os-partner:53336
Change-Id: Ib4a68ce1b3a83ea7c4bcefb9c6f002f6dd4aac1f
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Use two different timeouts in the driver. The 2ms timeout is needed
to be safe for cr50 to cover the extended timeout that is seen with
some commands. The other at 2 seconds which is a TPM spec timeout.
BUG=chrome-os-partner:53336
Change-Id: I77fdd7ea646b8b2fef449f07e3a08bcce174fe8b
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reduce the static buffer size from the generic default 1260
down to 64 to match the max FIFO size for the cr50 hardware
and reduce the footprint of the driver.
BUG=chrome-os-partner:53336
Change-Id: Ia88facca607f3fd5072d0d986323fde075f15855
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Originally I thought it would be cleaner to keep this code in one
place, but as things continue to diverge it ends up being easier
to split this into its own driver. This way the different drivers
in coreboot, depthcharge, and the kernel, can all be standalone
and if one is changed it is easier to modify the others.
This change splits out the cr50 driver and brings along the basic
elements from the existing driver with no real change in
functionality. The following commits will modify the code to make
it consistent so it can all be shared with depthcharge and the
linux kernel drivers.
BUG=chrome-os-partner:53336
Change-Id: Ia9a65e72519b95f5739e3b7a16b9c2431d64ebe2
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Move the common enums and variables to tpm.h so it can be
used by multiple drivers.
BUG=chrome-os-partner:53336
Change-Id: I0febe98620d0ddd4ec6b46cd3073e48c12926266
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
