1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2005, 2006 IBM Corporation
4  * Copyright (C) 2014, 2015 Intel Corporation
5  *
6  * Authors:
7  * Leendert van Doorn <leendert@watson.ibm.com>
8  * Kylene Hall <kjhall@us.ibm.com>
9  *
10  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11  *
12  * Device driver for TCG/TCPA TPM (trusted platform module).
13  * Specifications at www.trustedcomputinggroup.org
14  *
15  * This device driver implements the TPM interface as defined in
16  * the TCG TPM Interface Spec version 1.2, revision 1.0.
17  */
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/pnp.h>
22 #include <linux/slab.h>
23 #include <linux/interrupt.h>
24 #include <linux/wait.h>
25 #include <linux/acpi.h>
26 #include <linux/freezer.h>
27 #include "tpm.h"
28 #include "tpm_tis_core.h"
29 
30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
31 
wait_for_tpm_stat_cond(struct tpm_chip * chip,u8 mask,bool check_cancel,bool * canceled)32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
33 					bool check_cancel, bool *canceled)
34 {
35 	u8 status = chip->ops->status(chip);
36 
37 	*canceled = false;
38 	if ((status & mask) == mask)
39 		return true;
40 	if (check_cancel && chip->ops->req_canceled(chip, status)) {
41 		*canceled = true;
42 		return true;
43 	}
44 	return false;
45 }
46 
wait_for_tpm_stat(struct tpm_chip * chip,u8 mask,unsigned long timeout,wait_queue_head_t * queue,bool check_cancel)47 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
48 		unsigned long timeout, wait_queue_head_t *queue,
49 		bool check_cancel)
50 {
51 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
52 	unsigned long stop;
53 	long rc;
54 	u8 status;
55 	bool canceled = false;
56 
57 	/* check current status */
58 	status = chip->ops->status(chip);
59 	if ((status & mask) == mask)
60 		return 0;
61 
62 	stop = jiffies + timeout;
63 
64 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
65 again:
66 		timeout = stop - jiffies;
67 		if ((long)timeout <= 0)
68 			return -ETIME;
69 		rc = wait_event_interruptible_timeout(*queue,
70 			wait_for_tpm_stat_cond(chip, mask, check_cancel,
71 					       &canceled),
72 			timeout);
73 		if (rc > 0) {
74 			if (canceled)
75 				return -ECANCELED;
76 			return 0;
77 		}
78 		if (rc == -ERESTARTSYS && freezing(current)) {
79 			clear_thread_flag(TIF_SIGPENDING);
80 			goto again;
81 		}
82 	} else {
83 		do {
84 			usleep_range(priv->timeout_min,
85 				     priv->timeout_max);
86 			status = chip->ops->status(chip);
87 			if ((status & mask) == mask)
88 				return 0;
89 		} while (time_before(jiffies, stop));
90 	}
91 	return -ETIME;
92 }
93 
94 /* Before we attempt to access the TPM we must see that the valid bit is set.
95  * The specification says that this bit is 0 at reset and remains 0 until the
96  * 'TPM has gone through its self test and initialization and has established
97  * correct values in the other bits.'
98  */
wait_startup(struct tpm_chip * chip,int l)99 static int wait_startup(struct tpm_chip *chip, int l)
100 {
101 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
102 	unsigned long stop = jiffies + chip->timeout_a;
103 
104 	do {
105 		int rc;
106 		u8 access;
107 
108 		rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
109 		if (rc < 0)
110 			return rc;
111 
112 		if (access & TPM_ACCESS_VALID)
113 			return 0;
114 		tpm_msleep(TPM_TIMEOUT);
115 	} while (time_before(jiffies, stop));
116 	return -1;
117 }
118 
check_locality(struct tpm_chip * chip,int l)119 static bool check_locality(struct tpm_chip *chip, int l)
120 {
121 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
122 	int rc;
123 	u8 access;
124 
125 	rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
126 	if (rc < 0)
127 		return false;
128 
129 	if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
130 		       | TPM_ACCESS_REQUEST_USE)) ==
131 	    (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
132 		priv->locality = l;
133 		return true;
134 	}
135 
136 	return false;
137 }
138 
release_locality(struct tpm_chip * chip,int l)139 static int release_locality(struct tpm_chip *chip, int l)
140 {
141 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
142 
143 	tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
144 
145 	return 0;
146 }
147 
request_locality(struct tpm_chip * chip,int l)148 static int request_locality(struct tpm_chip *chip, int l)
149 {
150 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
151 	unsigned long stop, timeout;
152 	long rc;
153 
154 	if (check_locality(chip, l))
155 		return l;
156 
157 	rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
158 	if (rc < 0)
159 		return rc;
160 
161 	stop = jiffies + chip->timeout_a;
162 
163 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
164 again:
165 		timeout = stop - jiffies;
166 		if ((long)timeout <= 0)
167 			return -1;
168 		rc = wait_event_interruptible_timeout(priv->int_queue,
169 						      (check_locality
170 						       (chip, l)),
171 						      timeout);
172 		if (rc > 0)
173 			return l;
174 		if (rc == -ERESTARTSYS && freezing(current)) {
175 			clear_thread_flag(TIF_SIGPENDING);
176 			goto again;
177 		}
178 	} else {
179 		/* wait for burstcount */
180 		do {
181 			if (check_locality(chip, l))
182 				return l;
183 			tpm_msleep(TPM_TIMEOUT);
184 		} while (time_before(jiffies, stop));
185 	}
186 	return -1;
187 }
188 
tpm_tis_status(struct tpm_chip * chip)189 static u8 tpm_tis_status(struct tpm_chip *chip)
190 {
191 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
192 	int rc;
193 	u8 status;
194 
195 	rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
196 	if (rc < 0)
197 		return 0;
198 
199 	if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
200 		if  (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
201 			/*
202 			 * If this trips, the chances are the read is
203 			 * returning 0xff because the locality hasn't been
204 			 * acquired.  Usually because tpm_try_get_ops() hasn't
205 			 * been called before doing a TPM operation.
206 			 */
207 			dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
208 				status);
209 
210 			/*
211 			 * Dump stack for forensics, as invalid TPM_STS.x could be
212 			 * potentially triggered by impaired tpm_try_get_ops() or
213 			 * tpm_find_get_ops().
214 			 */
215 			dump_stack();
216 		}
217 
218 		return 0;
219 	}
220 
221 	return status;
222 }
223 
tpm_tis_ready(struct tpm_chip * chip)224 static void tpm_tis_ready(struct tpm_chip *chip)
225 {
226 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
227 
228 	/* this causes the current command to be aborted */
229 	tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
230 }
231 
get_burstcount(struct tpm_chip * chip)232 static int get_burstcount(struct tpm_chip *chip)
233 {
234 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
235 	unsigned long stop;
236 	int burstcnt, rc;
237 	u32 value;
238 
239 	/* wait for burstcount */
240 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
241 		stop = jiffies + chip->timeout_a;
242 	else
243 		stop = jiffies + chip->timeout_d;
244 	do {
245 		rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
246 		if (rc < 0)
247 			return rc;
248 
249 		burstcnt = (value >> 8) & 0xFFFF;
250 		if (burstcnt)
251 			return burstcnt;
252 		usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX);
253 	} while (time_before(jiffies, stop));
254 	return -EBUSY;
255 }
256 
recv_data(struct tpm_chip * chip,u8 * buf,size_t count)257 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
258 {
259 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
260 	int size = 0, burstcnt, rc;
261 
262 	while (size < count) {
263 		rc = wait_for_tpm_stat(chip,
264 				 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
265 				 chip->timeout_c,
266 				 &priv->read_queue, true);
267 		if (rc < 0)
268 			return rc;
269 		burstcnt = get_burstcount(chip);
270 		if (burstcnt < 0) {
271 			dev_err(&chip->dev, "Unable to read burstcount\n");
272 			return burstcnt;
273 		}
274 		burstcnt = min_t(int, burstcnt, count - size);
275 
276 		rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
277 					burstcnt, buf + size);
278 		if (rc < 0)
279 			return rc;
280 
281 		size += burstcnt;
282 	}
283 	return size;
284 }
285 
tpm_tis_recv(struct tpm_chip * chip,u8 * buf,size_t count)286 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
287 {
288 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
289 	int size = 0;
290 	int status;
291 	u32 expected;
292 	int rc;
293 
294 	if (count < TPM_HEADER_SIZE) {
295 		size = -EIO;
296 		goto out;
297 	}
298 
299 	size = recv_data(chip, buf, TPM_HEADER_SIZE);
300 	/* read first 10 bytes, including tag, paramsize, and result */
301 	if (size < TPM_HEADER_SIZE) {
302 		dev_err(&chip->dev, "Unable to read header\n");
303 		goto out;
304 	}
305 
306 	expected = be32_to_cpu(*(__be32 *) (buf + 2));
307 	if (expected > count || expected < TPM_HEADER_SIZE) {
308 		size = -EIO;
309 		goto out;
310 	}
311 
312 	size += recv_data(chip, &buf[TPM_HEADER_SIZE],
313 			  expected - TPM_HEADER_SIZE);
314 	if (size < expected) {
315 		dev_err(&chip->dev, "Unable to read remainder of result\n");
316 		size = -ETIME;
317 		goto out;
318 	}
319 
320 	if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
321 				&priv->int_queue, false) < 0) {
322 		size = -ETIME;
323 		goto out;
324 	}
325 	status = tpm_tis_status(chip);
326 	if (status & TPM_STS_DATA_AVAIL) {	/* retry? */
327 		dev_err(&chip->dev, "Error left over data\n");
328 		size = -EIO;
329 		goto out;
330 	}
331 
332 	rc = tpm_tis_verify_crc(priv, (size_t)size, buf);
333 	if (rc < 0) {
334 		dev_err(&chip->dev, "CRC mismatch for response.\n");
335 		size = rc;
336 		goto out;
337 	}
338 
339 out:
340 	tpm_tis_ready(chip);
341 	return size;
342 }
343 
344 /*
345  * If interrupts are used (signaled by an irq set in the vendor structure)
346  * tpm.c can skip polling for the data to be available as the interrupt is
347  * waited for here
348  */
tpm_tis_send_data(struct tpm_chip * chip,const u8 * buf,size_t len)349 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
350 {
351 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
352 	int rc, status, burstcnt;
353 	size_t count = 0;
354 	bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
355 
356 	status = tpm_tis_status(chip);
357 	if ((status & TPM_STS_COMMAND_READY) == 0) {
358 		tpm_tis_ready(chip);
359 		if (wait_for_tpm_stat
360 		    (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
361 		     &priv->int_queue, false) < 0) {
362 			rc = -ETIME;
363 			goto out_err;
364 		}
365 	}
366 
367 	while (count < len - 1) {
368 		burstcnt = get_burstcount(chip);
369 		if (burstcnt < 0) {
370 			dev_err(&chip->dev, "Unable to read burstcount\n");
371 			rc = burstcnt;
372 			goto out_err;
373 		}
374 		burstcnt = min_t(int, burstcnt, len - count - 1);
375 		rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
376 					 burstcnt, buf + count);
377 		if (rc < 0)
378 			goto out_err;
379 
380 		count += burstcnt;
381 
382 		if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
383 					&priv->int_queue, false) < 0) {
384 			rc = -ETIME;
385 			goto out_err;
386 		}
387 		status = tpm_tis_status(chip);
388 		if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
389 			rc = -EIO;
390 			goto out_err;
391 		}
392 	}
393 
394 	/* write last byte */
395 	rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
396 	if (rc < 0)
397 		goto out_err;
398 
399 	if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
400 				&priv->int_queue, false) < 0) {
401 		rc = -ETIME;
402 		goto out_err;
403 	}
404 	status = tpm_tis_status(chip);
405 	if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
406 		rc = -EIO;
407 		goto out_err;
408 	}
409 
410 	return 0;
411 
412 out_err:
413 	tpm_tis_ready(chip);
414 	return rc;
415 }
416 
disable_interrupts(struct tpm_chip * chip)417 static void disable_interrupts(struct tpm_chip *chip)
418 {
419 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
420 	u32 intmask;
421 	int rc;
422 
423 	if (priv->irq == 0)
424 		return;
425 
426 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
427 	if (rc < 0)
428 		intmask = 0;
429 
430 	intmask &= ~TPM_GLOBAL_INT_ENABLE;
431 	rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
432 
433 	devm_free_irq(chip->dev.parent, priv->irq, chip);
434 	priv->irq = 0;
435 	chip->flags &= ~TPM_CHIP_FLAG_IRQ;
436 }
437 
438 /*
439  * If interrupts are used (signaled by an irq set in the vendor structure)
440  * tpm.c can skip polling for the data to be available as the interrupt is
441  * waited for here
442  */
tpm_tis_send_main(struct tpm_chip * chip,const u8 * buf,size_t len)443 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
444 {
445 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
446 	int rc;
447 	u32 ordinal;
448 	unsigned long dur;
449 
450 	rc = tpm_tis_send_data(chip, buf, len);
451 	if (rc < 0)
452 		return rc;
453 
454 	rc = tpm_tis_verify_crc(priv, len, buf);
455 	if (rc < 0) {
456 		dev_err(&chip->dev, "CRC mismatch for command.\n");
457 		return rc;
458 	}
459 
460 	/* go and do it */
461 	rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
462 	if (rc < 0)
463 		goto out_err;
464 
465 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
466 		ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
467 
468 		dur = tpm_calc_ordinal_duration(chip, ordinal);
469 		if (wait_for_tpm_stat
470 		    (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
471 		     &priv->read_queue, false) < 0) {
472 			rc = -ETIME;
473 			goto out_err;
474 		}
475 	}
476 	return 0;
477 out_err:
478 	tpm_tis_ready(chip);
479 	return rc;
480 }
481 
tpm_tis_send(struct tpm_chip * chip,u8 * buf,size_t len)482 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
483 {
484 	int rc, irq;
485 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
486 
487 	if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
488 		return tpm_tis_send_main(chip, buf, len);
489 
490 	/* Verify receipt of the expected IRQ */
491 	irq = priv->irq;
492 	priv->irq = 0;
493 	chip->flags &= ~TPM_CHIP_FLAG_IRQ;
494 	rc = tpm_tis_send_main(chip, buf, len);
495 	priv->irq = irq;
496 	chip->flags |= TPM_CHIP_FLAG_IRQ;
497 	if (!priv->irq_tested)
498 		tpm_msleep(1);
499 	if (!priv->irq_tested)
500 		disable_interrupts(chip);
501 	priv->irq_tested = true;
502 	return rc;
503 }
504 
505 struct tis_vendor_durations_override {
506 	u32 did_vid;
507 	struct tpm1_version version;
508 	unsigned long durations[3];
509 };
510 
511 static const struct  tis_vendor_durations_override vendor_dur_overrides[] = {
512 	/* STMicroelectronics 0x104a */
513 	{ 0x0000104a,
514 	  { 1, 2, 8, 28 },
515 	  { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } },
516 };
517 
tpm_tis_update_durations(struct tpm_chip * chip,unsigned long * duration_cap)518 static void tpm_tis_update_durations(struct tpm_chip *chip,
519 				     unsigned long *duration_cap)
520 {
521 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
522 	struct tpm1_version *version;
523 	u32 did_vid;
524 	int i, rc;
525 	cap_t cap;
526 
527 	chip->duration_adjusted = false;
528 
529 	if (chip->ops->clk_enable != NULL)
530 		chip->ops->clk_enable(chip, true);
531 
532 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
533 	if (rc < 0) {
534 		dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n",
535 			 __func__, rc);
536 		goto out;
537 	}
538 
539 	/* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */
540 	rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap,
541 			 "attempting to determine the 1.2 version",
542 			 sizeof(cap.version2));
543 	if (!rc) {
544 		version = &cap.version2.version;
545 	} else {
546 		rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap,
547 				 "attempting to determine the 1.1 version",
548 				 sizeof(cap.version1));
549 
550 		if (rc)
551 			goto out;
552 
553 		version = &cap.version1;
554 	}
555 
556 	for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) {
557 		if (vendor_dur_overrides[i].did_vid != did_vid)
558 			continue;
559 
560 		if ((version->major ==
561 		     vendor_dur_overrides[i].version.major) &&
562 		    (version->minor ==
563 		     vendor_dur_overrides[i].version.minor) &&
564 		    (version->rev_major ==
565 		     vendor_dur_overrides[i].version.rev_major) &&
566 		    (version->rev_minor ==
567 		     vendor_dur_overrides[i].version.rev_minor)) {
568 
569 			memcpy(duration_cap,
570 			       vendor_dur_overrides[i].durations,
571 			       sizeof(vendor_dur_overrides[i].durations));
572 
573 			chip->duration_adjusted = true;
574 			goto out;
575 		}
576 	}
577 
578 out:
579 	if (chip->ops->clk_enable != NULL)
580 		chip->ops->clk_enable(chip, false);
581 }
582 
583 struct tis_vendor_timeout_override {
584 	u32 did_vid;
585 	unsigned long timeout_us[4];
586 };
587 
588 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
589 	/* Atmel 3204 */
590 	{ 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
591 			(TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
592 };
593 
tpm_tis_update_timeouts(struct tpm_chip * chip,unsigned long * timeout_cap)594 static void tpm_tis_update_timeouts(struct tpm_chip *chip,
595 				    unsigned long *timeout_cap)
596 {
597 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
598 	int i, rc;
599 	u32 did_vid;
600 
601 	chip->timeout_adjusted = false;
602 
603 	if (chip->ops->clk_enable != NULL)
604 		chip->ops->clk_enable(chip, true);
605 
606 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
607 	if (rc < 0) {
608 		dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n",
609 			 __func__, rc);
610 		goto out;
611 	}
612 
613 	for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
614 		if (vendor_timeout_overrides[i].did_vid != did_vid)
615 			continue;
616 		memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
617 		       sizeof(vendor_timeout_overrides[i].timeout_us));
618 		chip->timeout_adjusted = true;
619 	}
620 
621 out:
622 	if (chip->ops->clk_enable != NULL)
623 		chip->ops->clk_enable(chip, false);
624 
625 	return;
626 }
627 
628 /*
629  * Early probing for iTPM with STS_DATA_EXPECT flaw.
630  * Try sending command without itpm flag set and if that
631  * fails, repeat with itpm flag set.
632  */
probe_itpm(struct tpm_chip * chip)633 static int probe_itpm(struct tpm_chip *chip)
634 {
635 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
636 	int rc = 0;
637 	static const u8 cmd_getticks[] = {
638 		0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
639 		0x00, 0x00, 0x00, 0xf1
640 	};
641 	size_t len = sizeof(cmd_getticks);
642 	u16 vendor;
643 
644 	if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
645 		return 0;
646 
647 	rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
648 	if (rc < 0)
649 		return rc;
650 
651 	/* probe only iTPMS */
652 	if (vendor != TPM_VID_INTEL)
653 		return 0;
654 
655 	if (request_locality(chip, 0) != 0)
656 		return -EBUSY;
657 
658 	rc = tpm_tis_send_data(chip, cmd_getticks, len);
659 	if (rc == 0)
660 		goto out;
661 
662 	tpm_tis_ready(chip);
663 
664 	priv->flags |= TPM_TIS_ITPM_WORKAROUND;
665 
666 	rc = tpm_tis_send_data(chip, cmd_getticks, len);
667 	if (rc == 0)
668 		dev_info(&chip->dev, "Detected an iTPM.\n");
669 	else {
670 		priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
671 		rc = -EFAULT;
672 	}
673 
674 out:
675 	tpm_tis_ready(chip);
676 	release_locality(chip, priv->locality);
677 
678 	return rc;
679 }
680 
tpm_tis_req_canceled(struct tpm_chip * chip,u8 status)681 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
682 {
683 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
684 
685 	if (!test_bit(TPM_TIS_DEFAULT_CANCELLATION, &priv->flags)) {
686 		switch (priv->manufacturer_id) {
687 		case TPM_VID_WINBOND:
688 			return ((status == TPM_STS_VALID) ||
689 				(status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
690 		case TPM_VID_STM:
691 			return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
692 		default:
693 			break;
694 		}
695 	}
696 
697 	return status == TPM_STS_COMMAND_READY;
698 }
699 
tis_int_handler(int dummy,void * dev_id)700 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
701 {
702 	struct tpm_chip *chip = dev_id;
703 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
704 	u32 interrupt;
705 	int i, rc;
706 
707 	rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
708 	if (rc < 0)
709 		return IRQ_NONE;
710 
711 	if (interrupt == 0)
712 		return IRQ_NONE;
713 
714 	priv->irq_tested = true;
715 	if (interrupt & TPM_INTF_DATA_AVAIL_INT)
716 		wake_up_interruptible(&priv->read_queue);
717 	if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
718 		for (i = 0; i < 5; i++)
719 			if (check_locality(chip, i))
720 				break;
721 	if (interrupt &
722 	    (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
723 	     TPM_INTF_CMD_READY_INT))
724 		wake_up_interruptible(&priv->int_queue);
725 
726 	/* Clear interrupts handled with TPM_EOI */
727 	rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
728 	if (rc < 0)
729 		return IRQ_NONE;
730 
731 	tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
732 	return IRQ_HANDLED;
733 }
734 
tpm_tis_gen_interrupt(struct tpm_chip * chip)735 static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
736 {
737 	const char *desc = "attempting to generate an interrupt";
738 	u32 cap2;
739 	cap_t cap;
740 	int ret;
741 
742 	ret = request_locality(chip, 0);
743 	if (ret < 0)
744 		return ret;
745 
746 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
747 		ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
748 	else
749 		ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
750 
751 	release_locality(chip, 0);
752 
753 	return ret;
754 }
755 
756 /* Register the IRQ and issue a command that will cause an interrupt. If an
757  * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
758  * everything and leave in polling mode. Returns 0 on success.
759  */
tpm_tis_probe_irq_single(struct tpm_chip * chip,u32 intmask,int flags,int irq)760 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
761 				    int flags, int irq)
762 {
763 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
764 	u8 original_int_vec;
765 	int rc;
766 	u32 int_status;
767 
768 	if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
769 			     dev_name(&chip->dev), chip) != 0) {
770 		dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
771 			 irq);
772 		return -1;
773 	}
774 	priv->irq = irq;
775 
776 	rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
777 			   &original_int_vec);
778 	if (rc < 0)
779 		return rc;
780 
781 	rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
782 	if (rc < 0)
783 		return rc;
784 
785 	rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
786 	if (rc < 0)
787 		return rc;
788 
789 	/* Clear all existing */
790 	rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
791 	if (rc < 0)
792 		return rc;
793 
794 	/* Turn on */
795 	rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
796 			     intmask | TPM_GLOBAL_INT_ENABLE);
797 	if (rc < 0)
798 		return rc;
799 
800 	priv->irq_tested = false;
801 
802 	/* Generate an interrupt by having the core call through to
803 	 * tpm_tis_send
804 	 */
805 	rc = tpm_tis_gen_interrupt(chip);
806 	if (rc < 0)
807 		return rc;
808 
809 	/* tpm_tis_send will either confirm the interrupt is working or it
810 	 * will call disable_irq which undoes all of the above.
811 	 */
812 	if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
813 		rc = tpm_tis_write8(priv, original_int_vec,
814 				TPM_INT_VECTOR(priv->locality));
815 		if (rc < 0)
816 			return rc;
817 
818 		return 1;
819 	}
820 
821 	return 0;
822 }
823 
824 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
825  * do not have ACPI/etc. We typically expect the interrupt to be declared if
826  * present.
827  */
tpm_tis_probe_irq(struct tpm_chip * chip,u32 intmask)828 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
829 {
830 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
831 	u8 original_int_vec;
832 	int i, rc;
833 
834 	rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
835 			   &original_int_vec);
836 	if (rc < 0)
837 		return;
838 
839 	if (!original_int_vec) {
840 		if (IS_ENABLED(CONFIG_X86))
841 			for (i = 3; i <= 15; i++)
842 				if (!tpm_tis_probe_irq_single(chip, intmask, 0,
843 							      i))
844 					return;
845 	} else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
846 					     original_int_vec))
847 		return;
848 }
849 
tpm_tis_remove(struct tpm_chip * chip)850 void tpm_tis_remove(struct tpm_chip *chip)
851 {
852 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
853 	u32 reg = TPM_INT_ENABLE(priv->locality);
854 	u32 interrupt;
855 	int rc;
856 
857 	tpm_tis_clkrun_enable(chip, true);
858 
859 	rc = tpm_tis_read32(priv, reg, &interrupt);
860 	if (rc < 0)
861 		interrupt = 0;
862 
863 	tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
864 
865 	tpm_tis_clkrun_enable(chip, false);
866 
867 	if (priv->ilb_base_addr)
868 		iounmap(priv->ilb_base_addr);
869 }
870 EXPORT_SYMBOL_GPL(tpm_tis_remove);
871 
872 /**
873  * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
874  *                           of a single TPM command
875  * @chip:	TPM chip to use
876  * @value:	1 - Disable CLKRUN protocol, so that clocks are free running
877  *		0 - Enable CLKRUN protocol
878  * Call this function directly in tpm_tis_remove() in error or driver removal
879  * path, since the chip->ops is set to NULL in tpm_chip_unregister().
880  */
tpm_tis_clkrun_enable(struct tpm_chip * chip,bool value)881 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
882 {
883 	struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
884 	u32 clkrun_val;
885 
886 	if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
887 	    !data->ilb_base_addr)
888 		return;
889 
890 	if (value) {
891 		data->clkrun_enabled++;
892 		if (data->clkrun_enabled > 1)
893 			return;
894 		clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
895 
896 		/* Disable LPC CLKRUN# */
897 		clkrun_val &= ~LPC_CLKRUN_EN;
898 		iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
899 
900 		/*
901 		 * Write any random value on port 0x80 which is on LPC, to make
902 		 * sure LPC clock is running before sending any TPM command.
903 		 */
904 		outb(0xCC, 0x80);
905 	} else {
906 		data->clkrun_enabled--;
907 		if (data->clkrun_enabled)
908 			return;
909 
910 		clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
911 
912 		/* Enable LPC CLKRUN# */
913 		clkrun_val |= LPC_CLKRUN_EN;
914 		iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
915 
916 		/*
917 		 * Write any random value on port 0x80 which is on LPC, to make
918 		 * sure LPC clock is running before sending any TPM command.
919 		 */
920 		outb(0xCC, 0x80);
921 	}
922 }
923 
924 static const struct tpm_class_ops tpm_tis = {
925 	.flags = TPM_OPS_AUTO_STARTUP,
926 	.status = tpm_tis_status,
927 	.recv = tpm_tis_recv,
928 	.send = tpm_tis_send,
929 	.cancel = tpm_tis_ready,
930 	.update_timeouts = tpm_tis_update_timeouts,
931 	.update_durations = tpm_tis_update_durations,
932 	.req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
933 	.req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
934 	.req_canceled = tpm_tis_req_canceled,
935 	.request_locality = request_locality,
936 	.relinquish_locality = release_locality,
937 	.clk_enable = tpm_tis_clkrun_enable,
938 };
939 
tpm_tis_core_init(struct device * dev,struct tpm_tis_data * priv,int irq,const struct tpm_tis_phy_ops * phy_ops,acpi_handle acpi_dev_handle)940 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
941 		      const struct tpm_tis_phy_ops *phy_ops,
942 		      acpi_handle acpi_dev_handle)
943 {
944 	u32 vendor;
945 	u32 intfcaps;
946 	u32 intmask;
947 	u32 clkrun_val;
948 	u8 rid;
949 	int rc, probe;
950 	struct tpm_chip *chip;
951 
952 	chip = tpmm_chip_alloc(dev, &tpm_tis);
953 	if (IS_ERR(chip))
954 		return PTR_ERR(chip);
955 
956 #ifdef CONFIG_ACPI
957 	chip->acpi_dev_handle = acpi_dev_handle;
958 #endif
959 
960 	chip->hwrng.quality = priv->rng_quality;
961 
962 	/* Maximum timeouts */
963 	chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
964 	chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
965 	chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
966 	chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
967 	priv->timeout_min = TPM_TIMEOUT_USECS_MIN;
968 	priv->timeout_max = TPM_TIMEOUT_USECS_MAX;
969 	priv->phy_ops = phy_ops;
970 
971 	dev_set_drvdata(&chip->dev, priv);
972 
973 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
974 	if (rc < 0)
975 		return rc;
976 
977 	priv->manufacturer_id = vendor;
978 
979 	if (priv->manufacturer_id == TPM_VID_ATML &&
980 		!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
981 		priv->timeout_min = TIS_TIMEOUT_MIN_ATML;
982 		priv->timeout_max = TIS_TIMEOUT_MAX_ATML;
983 	}
984 
985 	if (is_bsw()) {
986 		priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
987 					ILB_REMAP_SIZE);
988 		if (!priv->ilb_base_addr)
989 			return -ENOMEM;
990 
991 		clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
992 		/* Check if CLKRUN# is already not enabled in the LPC bus */
993 		if (!(clkrun_val & LPC_CLKRUN_EN)) {
994 			iounmap(priv->ilb_base_addr);
995 			priv->ilb_base_addr = NULL;
996 		}
997 	}
998 
999 	if (chip->ops->clk_enable != NULL)
1000 		chip->ops->clk_enable(chip, true);
1001 
1002 	if (wait_startup(chip, 0) != 0) {
1003 		rc = -ENODEV;
1004 		goto out_err;
1005 	}
1006 
1007 	/* Take control of the TPM's interrupt hardware and shut it off */
1008 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1009 	if (rc < 0)
1010 		goto out_err;
1011 
1012 	intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
1013 		   TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
1014 	intmask &= ~TPM_GLOBAL_INT_ENABLE;
1015 
1016 	rc = request_locality(chip, 0);
1017 	if (rc < 0) {
1018 		rc = -ENODEV;
1019 		goto out_err;
1020 	}
1021 
1022 	tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1023 	release_locality(chip, 0);
1024 
1025 	rc = tpm_chip_start(chip);
1026 	if (rc)
1027 		goto out_err;
1028 	rc = tpm2_probe(chip);
1029 	tpm_chip_stop(chip);
1030 	if (rc)
1031 		goto out_err;
1032 
1033 	rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
1034 	if (rc < 0)
1035 		goto out_err;
1036 
1037 	dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1038 		 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1039 		 vendor >> 16, rid);
1040 
1041 	probe = probe_itpm(chip);
1042 	if (probe < 0) {
1043 		rc = -ENODEV;
1044 		goto out_err;
1045 	}
1046 
1047 	/* Figure out the capabilities */
1048 	rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1049 	if (rc < 0)
1050 		goto out_err;
1051 
1052 	dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1053 		intfcaps);
1054 	if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
1055 		dev_dbg(dev, "\tBurst Count Static\n");
1056 	if (intfcaps & TPM_INTF_CMD_READY_INT)
1057 		dev_dbg(dev, "\tCommand Ready Int Support\n");
1058 	if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
1059 		dev_dbg(dev, "\tInterrupt Edge Falling\n");
1060 	if (intfcaps & TPM_INTF_INT_EDGE_RISING)
1061 		dev_dbg(dev, "\tInterrupt Edge Rising\n");
1062 	if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
1063 		dev_dbg(dev, "\tInterrupt Level Low\n");
1064 	if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
1065 		dev_dbg(dev, "\tInterrupt Level High\n");
1066 	if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT)
1067 		dev_dbg(dev, "\tLocality Change Int Support\n");
1068 	if (intfcaps & TPM_INTF_STS_VALID_INT)
1069 		dev_dbg(dev, "\tSts Valid Int Support\n");
1070 	if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
1071 		dev_dbg(dev, "\tData Avail Int Support\n");
1072 
1073 	/* INTERRUPT Setup */
1074 	init_waitqueue_head(&priv->read_queue);
1075 	init_waitqueue_head(&priv->int_queue);
1076 	if (irq != -1) {
1077 		/*
1078 		 * Before doing irq testing issue a command to the TPM in polling mode
1079 		 * to make sure it works. May as well use that command to set the
1080 		 * proper timeouts for the driver.
1081 		 */
1082 
1083 		rc = request_locality(chip, 0);
1084 		if (rc < 0)
1085 			goto out_err;
1086 
1087 		rc = tpm_get_timeouts(chip);
1088 
1089 		release_locality(chip, 0);
1090 
1091 		if (rc) {
1092 			dev_err(dev, "Could not get TPM timeouts and durations\n");
1093 			rc = -ENODEV;
1094 			goto out_err;
1095 		}
1096 
1097 		if (irq) {
1098 			tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1099 						 irq);
1100 			if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
1101 				dev_err(&chip->dev, FW_BUG
1102 					"TPM interrupt not working, polling instead\n");
1103 
1104 				disable_interrupts(chip);
1105 			}
1106 		} else {
1107 			tpm_tis_probe_irq(chip, intmask);
1108 		}
1109 	}
1110 
1111 	rc = tpm_chip_register(chip);
1112 	if (rc)
1113 		goto out_err;
1114 
1115 	if (chip->ops->clk_enable != NULL)
1116 		chip->ops->clk_enable(chip, false);
1117 
1118 	return 0;
1119 out_err:
1120 	if (chip->ops->clk_enable != NULL)
1121 		chip->ops->clk_enable(chip, false);
1122 
1123 	tpm_tis_remove(chip);
1124 
1125 	return rc;
1126 }
1127 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
1128 
1129 #ifdef CONFIG_PM_SLEEP
tpm_tis_reenable_interrupts(struct tpm_chip * chip)1130 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
1131 {
1132 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
1133 	u32 intmask;
1134 	int rc;
1135 
1136 	if (chip->ops->clk_enable != NULL)
1137 		chip->ops->clk_enable(chip, true);
1138 
1139 	/* reenable interrupts that device may have lost or
1140 	 * BIOS/firmware may have disabled
1141 	 */
1142 	rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
1143 	if (rc < 0)
1144 		goto out;
1145 
1146 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1147 	if (rc < 0)
1148 		goto out;
1149 
1150 	intmask |= TPM_INTF_CMD_READY_INT
1151 	    | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
1152 	    | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
1153 
1154 	tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1155 
1156 out:
1157 	if (chip->ops->clk_enable != NULL)
1158 		chip->ops->clk_enable(chip, false);
1159 
1160 	return;
1161 }
1162 
tpm_tis_resume(struct device * dev)1163 int tpm_tis_resume(struct device *dev)
1164 {
1165 	struct tpm_chip *chip = dev_get_drvdata(dev);
1166 	int ret;
1167 
1168 	if (chip->flags & TPM_CHIP_FLAG_IRQ)
1169 		tpm_tis_reenable_interrupts(chip);
1170 
1171 	ret = tpm_pm_resume(dev);
1172 	if (ret)
1173 		return ret;
1174 
1175 	/*
1176 	 * TPM 1.2 requires self-test on resume. This function actually returns
1177 	 * an error code but for unknown reason it isn't handled.
1178 	 */
1179 	if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
1180 		ret = request_locality(chip, 0);
1181 		if (ret < 0)
1182 			return ret;
1183 
1184 		tpm1_do_selftest(chip);
1185 
1186 		release_locality(chip, 0);
1187 	}
1188 
1189 	return 0;
1190 }
1191 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1192 #endif
1193 
1194 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1195 MODULE_DESCRIPTION("TPM Driver");
1196 MODULE_VERSION("2.0");
1197 MODULE_LICENSE("GPL");
1198