summaryrefslogtreecommitdiff
path: root/src/drivers/i2c/tpm
diff options
context:
space:
mode:
authorDuncan Laurie <dlaurie@google.com>2017-11-07 09:13:19 -0800
committerVadim Bendebury <vbendeb@chromium.org>2017-11-22 15:18:03 +0000
commit2bc6ad3ff1a376ca6f67e2aca2440f34acdf9b99 (patch)
tree0d78212676b312bd54b5c4d83536218bba452048 /src/drivers/i2c/tpm
parent8727e644ea9c53d066f2f289766920b7380dff83 (diff)
drivers/i2c/tpm/cr50: Simplify and increase init delay to 30 seconds
The Cr50 i2c driver provides separate entry points for probing and initialization, but probing function does not really do much. It also claims and releases locality on every coreboot stage, but there is no need for this - locality should be definitely claimed after reset and then it could be retained through the boot process. On top of that the driver does not properly account for long time it could take the Cr50 chip to come around to reset processing if TPM reset request was posted during a lengthy TPM operation. This patch addresses the issues as follows: - tpm_vendor_probe() and tpm_vendor_cleanup() become noops, kept around to conform to the expected driver API. - tpm_vendor_init() invokes a function to process TPM reset only in the first stage using TPM (typically verstage), the function checks if locality is claimed and if so - waits for it to be released, which indicates that TPM reset processing is over. - before claiming locality check if it is already taken, and if so - just proceed. BRANCH=none BUG=b:65867313, b:68729265 TEST=Verified that reef no longer hangs during EC reboot and firmware_Cr50ClearTPMOwner (not yet merged) tests. Change-Id: Iba8445caf1342e3a5fefcb2664b0759a1a8e84e3 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/22554 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/drivers/i2c/tpm')
-rw-r--r--src/drivers/i2c/tpm/cr50.c148
1 files changed, 73 insertions, 75 deletions
diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c
index 9cc9e95ffb..8b0ea32269 100644
--- a/src/drivers/i2c/tpm/cr50.c
+++ b/src/drivers/i2c/tpm/cr50.c
@@ -170,57 +170,88 @@ static int cr50_i2c_write(struct tpm_chip *chip,
return cr50_i2c_wait_tpm_ready(chip);
}
-static int check_locality(struct tpm_chip *chip, int loc)
+/*
+ * Cr50 processes reset requests asynchronously and consceivably could be busy
+ * executing a long command and not reacting to the reset pulse for a while.
+ *
+ * This function will make sure that the AP does not proceed with boot until
+ * TPM finished reset processing.
+ */
+static int process_reset(struct tpm_chip *chip)
{
- uint8_t mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
- uint8_t buf;
+ struct stopwatch sw;
+ uint8_t access;
+
+ /*
+ * Locality is released by TPM reset.
+ *
+ * If locality is taken at this point, this could be due to the fact
+ * that the TPM is performing a long operation and has not processed
+ * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
+ * it releases locality when reset is processed.
+ */
+ stopwatch_init_msecs_expire(&sw, CR50_TIMEOUT_INIT_MS);
+ do {
+ int rv;
+ const uint8_t mask =
+ TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
+
+ rv = cr50_i2c_read(chip, TPM_ACCESS(0),
+ &access, sizeof(access));
+ if (rv || ((access & mask) == mask)) {
+ /*
+ * Don't bombard the chip with traffic, let it keep
+ * processing the command.
+ */
+ mdelay(2);
+ continue;
+ }
- if (cr50_i2c_read(chip, TPM_ACCESS(loc), &buf, 1) < 0)
- return -1;
+ printk(BIOS_INFO, "TPM ready after %ld ms\n",
+ stopwatch_duration_msecs(&sw));
- if ((buf & mask) == mask) {
- chip->vendor.locality = loc;
- return loc;
- }
+ return 0;
+ } while (!stopwatch_expired(&sw));
+
+ printk(BIOS_ERR,
+ "TPM failed to reset after %ld ms, status: %#x\n",
+ stopwatch_duration_msecs(&sw), access);
return -1;
}
-static void release_locality(struct tpm_chip *chip, int force)
+/*
+ * Locality could be already claimed (if this is a later coreboot stage and
+ * the RO did not release it), or not yet claimed, if this is verstage or the
+ * older RO did release it.
+ */
+static int claim_locality(struct tpm_chip *chip)
{
- uint8_t mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
- uint8_t addr = TPM_ACCESS(chip->vendor.locality);
- uint8_t buf;
+ uint8_t access;
+ const uint8_t mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
- if (cr50_i2c_read(chip, addr, &buf, 1) < 0)
- return;
+ if (cr50_i2c_read(chip, TPM_ACCESS(0), &access, sizeof(access)))
+ return -1;
- if (force || (buf & mask) == mask) {
- buf = TPM_ACCESS_ACTIVE_LOCALITY;
- cr50_i2c_write(chip, addr, &buf, 1);
+ if ((access & mask) == mask) {
+ printk(BIOS_INFO, "Locality already claimed\n");
+ return 0;
}
- chip->vendor.locality = 0;
-}
-
-static int request_locality(struct tpm_chip *chip, int loc)
-{
- uint8_t buf = TPM_ACCESS_REQUEST_USE;
- struct stopwatch sw;
-
- if (check_locality(chip, loc) >= 0)
- return loc;
+ access = TPM_ACCESS_REQUEST_USE;
+ if (cr50_i2c_write(chip, TPM_ACCESS(0),
+ &access, sizeof(access)))
+ return -1;
- if (cr50_i2c_write(chip, TPM_ACCESS(loc), &buf, 1) < 0)
+ if (cr50_i2c_read(chip, TPM_ACCESS(0), &access, sizeof(access)))
return -1;
- stopwatch_init_msecs_expire(&sw, CR50_TIMEOUT_LONG_MS);
- while (check_locality(chip, loc) < 0) {
- if (stopwatch_expired(&sw))
- return -1;
- mdelay(CR50_TIMEOUT_SHORT_MS);
+ if ((access & mask) != mask) {
+ printk(BIOS_INFO, "Failed to claim locality.\n");
+ return -1;
}
- return loc;
+
+ return 0;
}
/* cr50 requires all 4 bytes of status register to be read */
@@ -419,38 +450,6 @@ static void cr50_vendor_init(struct tpm_chip *chip)
int tpm_vendor_probe(unsigned int bus, uint32_t addr)
{
- struct tpm_inf_dev *tpm_dev = car_get_var_ptr(&g_tpm_dev);
- struct tpm_chip probe_chip;
- struct stopwatch sw;
- uint8_t buf = 0;
- int ret;
- long sw_run_duration = CR50_TIMEOUT_INIT_MS;
-
- tpm_dev->bus = bus;
- tpm_dev->addr = addr;
-
- cr50_vendor_init(&probe_chip);
-
- /* Wait for TPM_ACCESS register ValidSts bit to be set */
- stopwatch_init_msecs_expire(&sw, sw_run_duration);
- do {
- ret = cr50_i2c_read(&probe_chip, TPM_ACCESS(0), &buf, 1);
- if (!ret && (buf & TPM_STS_VALID)) {
- sw_run_duration = stopwatch_duration_msecs(&sw);
- break;
- }
- mdelay(CR50_TIMEOUT_SHORT_MS);
- } while (!stopwatch_expired(&sw));
-
- printk(BIOS_INFO,
- "%s: ValidSts bit %s(%d) in TPM_ACCESS register after %ld ms\n",
- __func__, (buf & TPM_STS_VALID) ? "set" : "clear",
- (buf & TPM_STS_VALID) >> 7, sw_run_duration);
-
- /* Claim failure if the ValidSts (bit 7) is clear */
- if (!(buf & TPM_STS_VALID))
- return -1;
-
return 0;
}
@@ -469,16 +468,20 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
cr50_vendor_init(chip);
- if (request_locality(chip, 0) != 0)
+ if (ENV_VERSTAGE || ENV_BOOTBLOCK)
+ if (process_reset(chip))
+ return -1;
+
+ if (claim_locality(chip))
return -1;
/* Read four bytes from DID_VID register */
if (cr50_i2c_read(chip, TPM_DID_VID(0), (uint8_t *)&vendor, 4) < 0)
- goto out_err;
+ return -1;
if (vendor != CR50_DID_VID) {
printk(BIOS_DEBUG, "Vendor ID 0x%08x not recognized\n", vendor);
- goto out_err;
+ return -1;
}
printk(BIOS_DEBUG, "cr50 TPM 2.0 (i2c %u:0x%02x id 0x%x)\n",
@@ -486,13 +489,8 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
chip->is_open = 1;
return 0;
-
-out_err:
- release_locality(chip, 1);
- return -1;
}
void tpm_vendor_cleanup(struct tpm_chip *chip)
{
- release_locality(chip, 1);
}