security/tpm/: turn tis_{init,open} into tis_probe

init() was always followed by open() and after successful initialization we only need send-receive function which is now returned by tis_probe() on success, thus further reducing number of functions to export from drivers. This also removes check for opening TIS twice that seems to have no value. Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
author: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> 2022-10-29 20:42:28 +0300
committer: Felix Held <felix-coreboot@felixheld.de> 2023-11-13 14:17:38 +0000
commit: 963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 (patch)
tree: 514b17f5c5395dac6e9030d518459bf363bcebc6
parent: bf0b06d9bd71b9e188e2a1c509f7b90ca395e164 (diff)
11 files changed, 121 insertions, 159 deletions
diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c
index cdb0dbb612..2c9128e5d7 100644
--- a/src/drivers/crb/tis.c
+++ b/src/drivers/crb/tis.c
@@ -14,8 +14,6 @@
 #include "tpm.h"
 #include "chip.h"
 
-static unsigned int tpm_is_open;
-
 static const struct {
 	uint16_t vid;
 	uint16_t did;
@@ -35,52 +33,41 @@ static const char *tis_get_dev_name(struct tpm2_info *info)
 	return "Unknown";
 }
 
-tpm_result_t tis_open(void)
+static tpm_result_t crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf,
+				     size_t *rbuf_len)
 {
-	if (tpm_is_open) {
-		printk(BIOS_ERR, "%s called twice.\n", __func__);
+	int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
+
+	if (len == 0)
 		return TPM_CB_FAIL;
-	}
 
-	if (CONFIG(HAVE_INTEL_PTT)) {
-		if (!ptt_active()) {
-			printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
-			return TPM_CB_FAIL;
-		}
-		printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
-	}
+	*rbuf_len = len;
 
 	return TPM_SUCCESS;
 }
 
-tpm_result_t tis_init(void)
+tis_sendrecv_fn tis_probe(void)
 {
 	struct tpm2_info info;
 
-	// Wake TPM up (if necessary)
-	tpm_result_t rc = tpm2_init();
-	if (rc)
-		return rc;
+	/* Wake TPM up (if necessary) */
+	if (tpm2_init())
+		return NULL;
 
 	tpm2_get_info(&info);
 
 	printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info),
 	       info.revision);
 
-	return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
-					uint8_t *recvbuf, size_t *rbuf_len)
-{
-	int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
-
-	if (len == 0)
-		return TPM_CB_FAIL;
-
-	*rbuf_len = len;
+	if (CONFIG(HAVE_INTEL_PTT)) {
+		if (!ptt_active()) {
+			printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
+			return NULL;
+		}
+		printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
+	}
 
-	return TPM_SUCCESS;
+	return &crb_tpm_sendrecv;
 }
 
 static void crb_tpm_fill_ssdt(const struct device *dev)
diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c
index 3351ca2700..8462198410 100644
--- a/src/drivers/i2c/tpm/cr50.c
+++ b/src/drivers/i2c/tpm/cr50.c
@@ -505,7 +505,6 @@ tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t d
                 cr50_set_board_cfg();
 	}
 
-	chip->is_open = 1;
 	return TPM_SUCCESS;
 }
 
diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c
index a5c3b8fdf3..6cb05f0dd7 100644
--- a/src/drivers/i2c/tpm/tis.c
+++ b/src/drivers/i2c/tpm/tis.c
@@ -19,29 +19,6 @@ static struct tpm_chip chip;
 #define TPM_CMD_COUNT_BYTE 2
 #define TPM_CMD_ORDINAL_BYTE 6
 
-tpm_result_t tis_open(void)
-{
-	tpm_result_t rc;
-
-	if (chip.is_open) {
-		printk(BIOS_DEBUG, "%s() called twice.\n", __func__);
-		return TPM_CB_FAIL;
-	}
-
-	rc = tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS,
-			     CONFIG_DRIVER_TPM_I2C_ADDR);
-	if (rc != TPM_SUCCESS)
-		chip.is_open = 0;
-
-	return rc;
-}
-
-tpm_result_t tis_init(void)
-{
-	return tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS,
-				CONFIG_DRIVER_TPM_I2C_ADDR);
-}
-
 static ssize_t tpm_transmit(const uint8_t *sbuf, size_t sbufsiz, void *rbuf,
 			size_t rbufsiz)
 {
@@ -103,8 +80,8 @@ out:
 	return rc;
 }
 
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
-		uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+				     uint8_t *recvbuf, size_t *rbuf_len)
 {
 	ASSERT(sbuf_size >= 10);
 
@@ -140,3 +117,14 @@ tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
 
 	return TPM_SUCCESS;
 }
+
+tis_sendrecv_fn tis_probe(void)
+{
+	if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
+		return NULL;
+
+	if (tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
+		return NULL;
+
+	return &i2c_tpm_sendrecv;
+}
diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c
index 91ed6a99e3..0a29049d95 100644
--- a/src/drivers/i2c/tpm/tis_atmel.c
+++ b/src/drivers/i2c/tpm/tis_atmel.c
@@ -22,18 +22,8 @@ struct tpm_output_header {
 	uint32_t return_code;
 } __packed;
 
-tpm_result_t tis_open(void)
-{
-	return TPM_SUCCESS;
-}
-
-tpm_result_t tis_init(void)
-{
-	return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
-		uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+				     uint8_t *recvbuf, size_t *rbuf_len)
 {
 	size_t hdr_bytes;
 	struct tpm_output_header *header;
@@ -116,3 +106,8 @@ tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
 	/* Successful transfer */
 	return TPM_SUCCESS;
 }
+
+tis_sendrecv_fn tis_probe(void)
+{
+	return &i2c_tis_sendrecv;
+}
diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c
index 91c310b8f3..541eb3aaa0 100644
--- a/src/drivers/i2c/tpm/tpm.c
+++ b/src/drivers/i2c/tpm/tpm.c
@@ -507,8 +507,6 @@ tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t d
 	tpm_dev.sleep_short = SLEEP_DURATION;
 	tpm_dev.sleep_long = SLEEP_DURATION_LONG;
 
-	chip->is_open = 1;
-
 	chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
 	chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
 	chip->req_canceled = TPM_STS_COMMAND_READY;
diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h
index fb9837789d..628ad4dc69 100644
--- a/src/drivers/i2c/tpm/tpm.h
+++ b/src/drivers/i2c/tpm/tpm.h
@@ -39,7 +39,6 @@ enum tpm_timeout {
 #define	TPM_DID_VID(l)			(0x0006 | ((l) << 4))
 
 struct tpm_chip {
-	int is_open;
 	uint8_t req_complete_mask;
 	uint8_t req_complete_val;
 	uint8_t req_canceled;
diff --git a/src/drivers/pc80/tpm/tis.c b/src/drivers/pc80/tpm/tis.c
index 3f2d6bd7a2..019e4a1fe9 100644
--- a/src/drivers/pc80/tpm/tis.c
+++ b/src/drivers/pc80/tpm/tis.c
@@ -356,14 +356,14 @@ static tpm_result_t tis_command_ready(u8 locality)
 }
 
 /*
- * tis_init()
+ * pc80_tis_probe()
  *
  * Probe the TPM device and try determining its manufacturer/device name.
  *
  * Returns TPM_SUCCESS on success (the device is found or was found during
  * an earlier invocation) or TPM_CB_FAIL if the device is not found.
  */
-tpm_result_t tis_init(void)
+static tpm_result_t pc80_tis_probe(void)
 {
 	const char *device_name = "unknown";
 	const char *vendor_name = device_name;
@@ -607,13 +607,13 @@ static tpm_result_t tis_readresponse(u8 *buffer, size_t *len)
 }
 
 /*
- * tis_open()
+ * pc80_tis_open()
  *
  * Requests access to locality 0 for the caller.
  *
  * Returns TPM_SUCCESS on success, TSS Error on failure.
  */
-tpm_result_t tis_open(void)
+static tpm_result_t pc80_tis_open(void)
 {
 	u8 locality = 0; /* we use locality zero for everything */
 	tpm_result_t rc = TPM_SUCCESS;
@@ -650,8 +650,8 @@ tpm_result_t tis_open(void)
  * Returns TPM_SUCCESS on success (and places the number of response bytes
  * at recv_len) or TPM_CB_FAIL on failure.
  */
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
-		 uint8_t *recvbuf, size_t *recv_len)
+static tpm_result_t pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size,
+				      uint8_t *recvbuf, size_t *recv_len)
 {
 	tpm_result_t rc = tis_senddata(sendbuf, send_size);
 	if (rc) {
@@ -664,6 +664,23 @@ tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
 }
 
 /*
+ * tis_probe()
+ *
+ * Probe for the TPM device and set it up for use within locality 0. Returns
+ * pointer to send-receive function on success or NULL on failure.
+ */
+tis_sendrecv_fn tis_probe(void)
+{
+	if (pc80_tis_probe())
+		return NULL;
+
+	if (pc80_tis_open())
+		return NULL;
+
+	return &pc80_tpm_sendrecv;
+}
+
+/*
  * tis_setup_interrupt()
  *
  * Set up the interrupt vector and polarity for locality 0 and
diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c
index 6fa6c82848..90d7f59ba9 100644
--- a/src/drivers/spi/tpm/tis.c
+++ b/src/drivers/spi/tpm/tis.c
@@ -5,8 +5,6 @@
 
 #include "tpm.h"
 
-static unsigned int tpm_is_open;
-
 static const struct {
 	uint16_t vid;
 	uint16_t did;
@@ -29,31 +27,33 @@ static const char *tis_get_dev_name(struct tpm2_info *info)
 	return "Unknown";
 }
 
-tpm_result_t tis_open(void)
+static tpm_result_t tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+				 uint8_t *recvbuf, size_t *rbuf_len)
 {
-	if (tpm_is_open) {
-		printk(BIOS_ERR, "%s() called twice.\n", __func__);
+	int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
+
+	if (len == 0)
 		return TPM_CB_FAIL;
-	}
+
+	*rbuf_len = len;
+
 	return TPM_SUCCESS;
 }
 
-tpm_result_t tis_init(void)
+tis_sendrecv_fn tis_probe(void)
 {
 	struct spi_slave spi;
 	struct tpm2_info info;
-	tpm_result_t rc = TPM_SUCCESS;
 
 	if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS,
 			    CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) {
 		printk(BIOS_ERR, "Failed to setup TPM SPI slave\n");
-		return TPM_CB_FAIL;
+		return NULL;
 	}
 
-	rc = tpm2_init(&spi);
-	if (rc) {
+	if (tpm2_init(&spi)) {
 		printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n");
-		return rc;
+		return NULL;
 	}
 
 	tpm2_get_info(&info);
@@ -61,18 +61,5 @@ tpm_result_t tis_init(void)
 	printk(BIOS_INFO, "Initialized TPM device %s revision %d\n",
 	       tis_get_dev_name(&info), info.revision);
 
-	return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
-		 uint8_t *recvbuf, size_t *rbuf_len)
-{
-	int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
-
-	if (len == 0)
-		return TPM_CB_FAIL;
-
-	*rbuf_len = len;
-
-	return TPM_SUCCESS;
+	return &tpm_sendrecv;
 }
diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h
index 34dc8e8bd7..ac07bfb5c6 100644
--- a/src/security/tpm/tis.h
+++ b/src/security/tpm/tis.h
@@ -33,23 +33,6 @@ enum tis_status {
 };
 
 /*
- * tis_init()
- *
- * Initialize the TPM device.
- * Returns TSS Return Code from TCG TPM Structures.  See tss_errors.h
- */
-tpm_result_t tis_init(void);
-
-/*
- * tis_open()
- *
- * Requests access to locality 0 for the caller.
- *
- * Returns TSS Return Code from TCG TPM Structures.  See tss_errors.h
- */
-tpm_result_t tis_open(void);
-
-/*
  * tis_sendrecv()
  *
  * Send the requested data to the TPM and then try to get its response
@@ -61,8 +44,19 @@ tpm_result_t tis_open(void);
  *
  * Returns TSS Return Code from TCG TPM Structures.  See tss_errors.h
  */
-tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
-			size_t *recv_len);
+typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
+					size_t *recv_len);
+
+/*
+ * tis_probe()
+ *
+ * Probe for the TPM device and set it up for use within locality 0. Returns
+ * pointer to send-receive function on success or NULL on failure.
+ *
+ * Do not call this explicitly, it's meant to be used exclusively by TSS
+ * implementation (tlcl_lib_init() function to be specific).
+ */
+tis_sendrecv_fn tis_probe(void);
 
 /*
  * tis_vendor_write()
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index e73db388e8..f0d28dfe3f 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -24,13 +24,22 @@
 #include <console/console.h>
 #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
 
+static tis_sendrecv_fn tis_sendrecv;
+
 static tpm_result_t tpm_send_receive(const uint8_t *request,
-				uint32_t request_length,
-				uint8_t *response,
-				uint32_t *response_length)
+				     uint32_t request_length,
+				     uint8_t *response,
+				     uint32_t *response_length)
 {
 	size_t len = *response_length;
-	tpm_result_t rc = tis_sendrecv(request, request_length, response, &len);
+	tpm_result_t rc;
+
+	if (tis_sendrecv == NULL) {
+		printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n");
+		return TPM_FAIL;
+	}
+
+	rc = tis_sendrecv(request, request_length, response, &len);
 	if (rc)
 		return rc;
 	/* check 64->32bit overflow and (re)check response buffer overflow */
@@ -142,23 +151,16 @@ static tpm_result_t send(const uint8_t *command)
 
 /* Exported functions. */
 
-static uint8_t tlcl_init_done;
-
 tpm_result_t tlcl_lib_init(void)
 {
-	tpm_result_t rc = TPM_SUCCESS;
-	if (tlcl_init_done)
-		return rc;
-	rc = tis_init();
-	if (rc)
-		return rc;
-	rc = tis_open();
-	if (rc)
-		return rc;
+	if (tis_sendrecv != NULL)
+		return TPM_SUCCESS;
 
-	tlcl_init_done = 1;
+	tis_sendrecv = tis_probe();
+	if (tis_sendrecv == NULL)
+		return TPM_CB_NO_DEVICE;
 
-	return rc;
+	return TPM_SUCCESS;
 }
 
 tpm_result_t tlcl_startup(void)
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index e23a0d280d..135d2964e6 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -16,6 +16,8 @@
  * TPM2 specification.
  */
 
+static tis_sendrecv_fn tis_sendrecv;
+
 void *tpm_process_command(TPM_CC command, void *command_body)
 {
 	struct obuf ob;
@@ -26,6 +28,11 @@ void *tpm_process_command(TPM_CC command, void *command_body)
 	/* Command/response buffer. */
 	static uint8_t cr_buffer[TPM_BUFFER_SIZE];
 
+	if (tis_sendrecv == NULL) {
+		printk(BIOS_ERR, "Attempted use of uninitialized TSS 2.0 stack\n");
+		return NULL;
+	}
+
 	obuf_init(&ob, cr_buffer, sizeof(cr_buffer));
 
 	if (tpm_marshal_command(command, command_body, &ob) < 0) {
@@ -201,30 +208,19 @@ tpm_result_t tlcl_clear_control(bool disable)
 	return TPM_SUCCESS;
 }
 
-static uint8_t tlcl_init_done;
-
 /* This function is called directly by vboot, uses vboot return types. */
 tpm_result_t tlcl_lib_init(void)
 {
-	tpm_result_t rc = TPM_SUCCESS;
-	if (tlcl_init_done)
-		return rc;
-
-	rc = tis_init();
-	if (rc) {
-		printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc);
-		return rc;
-	}
-	rc = tis_open();
-	if (rc) {
-		printk(BIOS_ERR, "%s: tis_open returned error %d\n"
-			, __func__, rc);
-		return rc;
-	}
+	if (tis_sendrecv != NULL)
+		return TPM_SUCCESS;
 
-	tlcl_init_done = 1;
+	tis_sendrecv = tis_probe();
+	if (tis_sendrecv == NULL) {
+		printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__);
+		return TPM_CB_NO_DEVICE;
+	}
 
-	return rc;
+	return TPM_SUCCESS;
 }
 
 tpm_result_t tlcl_physical_presence_cmd_enable(void)
author	Sergii Dmytruk <sergii.dmytruk@3mdeb.com>	2022-10-29 20:42:28 +0300
committer	Felix Held <felix-coreboot@felixheld.de>	2023-11-13 14:17:38 +0000
commit	963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 (patch)
tree	514b17f5c5395dac6e9030d518459bf363bcebc6
parent	bf0b06d9bd71b9e188e2a1c509f7b90ca395e164 (diff)