summaryrefslogtreecommitdiff
path: root/src/drivers/spi/tpm/tpm.c
AgeCommit message (Collapse)Author
2024-06-14tpm: Add Ti50 OpenTitan DID_VIDJett Rink
The OpenTitan HW implements the same firmware interface as the Ti50 H1D3C hardware variant; it just has a different DID_VID. Allow this new DID_VID to be recognized correctly. BUG=b:324940153 Change-Id: Iaacf6d88bc6067948756c465aac1cd8b24ecae1f Signed-off-by: Jett Rink <jettrink@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/83033 Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-12-13drivers/ipmi to lib: Fix misspellings & capitalization issuesMartin Roth
Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I926ec4c1c00339209ef656995031026935e52558 Reviewed-on: https://review.coreboot.org/c/coreboot/+/77637 Reviewed-by: Eric Lai <ericllai@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to tpm_result_tJon Murphy
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to %#x hex printsJon Murphy
Convert hex print values to use the %#x qualifier to print 0x{value}. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: I0d1ac4b920530635fb758c5165a6a99c11b414c8 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78183 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-08-28drivers/spi/tpm: Remove space between function name and '('Elyes Haouas
Change-Id: I9804fcd9076b5a4813f099db0852a5af5ac36609 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77523 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-07-06drivers/tpm: Move tis_plat_irq_status to cr50 driverGrzegorz Bernacki
tis_plat_irq_status() function is used only by Google TPM. It should be moved to drivers/tpm/cr50.c. The name of the function was changed to cr50_plat_irq_status(). BUG=b:277787305 TEST=Build all affected platforms Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8 Signed-off-by: Grzegorz Bernacki <bernacki@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-12-21drivers/spi/tpm: verify device supports TPM2Sergii Dmytruk
This is to handle the situation when device ID is the same for TPM1 and TPM2 versions of a device. Change-Id: Ib2840a21b3be8928d39570281f86a0e26b38b5f9 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69022 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-09-14timer: Change timer util functions to 64-bitRob Barnes
Since mono_time is now 64-bit, the utility functions interfacing with mono_time should also be 64-bit so precision isn't lost. Fixed build errors related to printing the now int64_t result of stopwatch_duration_[m|u]secs in various places. BUG=b:237082996 BRANCH=All TEST=Boot dewatt Change-Id: I169588f5e14285557f2d03270f58f4c07c0154d5 Signed-off-by: Rob Barnes <robbarnes@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66170 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-06-08drivers/tpm/cr50: Add TPM IRQ timeout Kconfig optionYu-Ping Wu
The current 10ms timeout for SPI TPM IRQ is not enough for platforms using ti50 (such as corsola). Therefore, introduce a new Kconfig option 'GOOGLE_TPM_IRQ_TIMEOUT_MS'. For platforms using cr50, we need to support legacy pre-ready-IRQ cr50 factory images during the initial boot, so the timeout remains 100ms for I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50, the default timeout is increased to 750ms, as suggested by the ti50 team (apronin@google.com). BUG=b:232327704 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-04-24tpm: Allow separate handling of Google Ti50 TPMJes Klinke
A new iteration of Google's TPM implementation will advertize a new DID:VID, but otherwise follow the same protocol as the earlier design. This change makes use of Kconfigs TPM_GOOGLE_CR50 and TPM_GOOGLE_TI50 to be able to take slightly different code paths, when e.g. evaluating whether TPM firmware is new enough to support certain features. Change-Id: I1e1f8eb9b94fc2d5689656335dc1135b47880986 Signed-off-by: Jes B. Klinke <jbk@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63158 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-04-21tpm: Refactor TPM Kconfig dimensionsJes B. Klinke
Break TPM related Kconfig into the following dimensions: TPM transport support: config CRB_TPM config I2C_TPM config SPI_TPM config MEMORY_MAPPED_TPM (new) TPM brand, not defining any of these is valid, and result in "generic" support: config TPM_ATMEL (new) config TPM_GOOGLE (new) config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE) config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE) What protocol the TPM chip supports: config MAINBOARD_HAS_TPM1 config MAINBOARD_HAS_TPM2 What the user chooses to compile (restricted by the above): config NO_TPM config TPM1 config TPM2 The following Kconfigs will be replaced as indicated: config TPM_CR50 -> TPM_GOOGLE config MAINBOARD_HAS_CRB_TPM -> CRB_TPM config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE Signed-off-by: Jes B. Klinke <jbk@chromium.org> Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-09{drivers/security}: Replace `cb_err_t` with `enum cb_err`Subrata Banik
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of `cb_err_t` instances. TEST=Able to build the brya. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-03-07drivers/tpm/spi: Refactor out some cr50-specific logicTim Wawrzynczak
Mainboards accessing the cr50 over an I2C bus may want to reuse some of the same firmware version and BOARD_CFG logic, therefore refactor this logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses the new tis_vendor_read/write() functions in order to access the cr50 regardless of the bus which is physically used. In order to leave SPI devices intact, the tis_vendor_* functions are added to the SPI driver. BUG=b:202246591 TEST=boot to OS on google/dratini, see the same FW version and board_cfg console prints as before the change. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2022-03-01drivers/tpm/spi: Convert static functions to enum cb_err return typesTim Wawrzynczak
Instead of using raw integers to indicate success/failure, enum cb_err can be used to makes things clearer, so this patch converts most functions to return that instead of int. TEST=boot to OS on google/dratini, no TPM errors seen Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ifb749c931fe008b16d42fcf157af820ec8fbf5ac Reviewed-on: https://review.coreboot.org/c/coreboot/+/61976 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-02-07treewide: Remove "ERROR: "/"WARN: " prefixes from log messagesJulius Werner
Now that the console system itself will clearly differentiate loglevels, it is no longer necessary to explicitly add "ERROR: " in front of every BIOS_ERR message to help it stand out more (and allow automated tooling to grep for it). Removing all these extra .rodata characters should save us a nice little amount of binary size. This patch was created by running find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';' and doing some cursory review/cleanup on the result. Then doing the same thing for BIOS_WARN with 's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi' Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Lance Zhao Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2021-10-05src/acpi to src/lib: Fix spelling errorsMartin Roth
These issues were found and fixed by codespell, a useful tool for finding spelling errors. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: I5b8ecdfe75d99028fee820a2034466a8ad1c5e63 Reviewed-on: https://review.coreboot.org/c/coreboot/+/58080 Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-01-19drivers/spi/tpm/tpm.c: Use __func__Elyes HAOUAS
Change-Id: I8a8b0575689d7b63fd37edc457abc42710a13e97 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49552 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-09-16drivers/spi/tpm: Improve error checkingCaveh Jalali
This adds error checking in paths that previously ignored TPM communication errors. We hit this case occasionally during "Checking cr50 for pending updates"; previously we would go down this path and eventually time out using MAX_STATUS_TIMEOUT, which is 2 minutes. Now, we detect the failure and return with an error indication instead of timing out after a long time. The root cause of the communication error is an open issue. BUG=b:168090038 TEST=booted on volteer, observed error handling when "Checking cr50 for pending updates" fails. Signed-off-by: Caveh Jalali <caveh@chromium.org> Change-Id: Ia8a1202000abce1857ee694b06b1478e6b045069 Reviewed-on: https://review.coreboot.org/c/coreboot/+/45232 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jes Klinke <jbk@chromium.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-08-22drivers/spi/tpm: Add helper to get cr50 firmware versionKarthikeyan Ramasubramanian
Introduce a helper to get the cached cr50 firmware version. This information is in turn used to identify the strap configuration supported by Cr50. BUG=None TEST=Ensure that Drawcia board boots to OS. Ensure that the version cached cr50 firmware version is returned. Change-Id: Id84b152993f253878a6c133cc433a0da2c990cf2 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44653 Reviewed-by: Edward O'Callaghan <quasisec@chromium.org> Reviewed-by: Sam McNally <sammc@google.com> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-20drivers/spi/tpm: Enable long cr50 ready pulses for Tiger Lake systemsJes Klinke
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4 only if we know that the Cr50 is generating 100us interrupt pulses. We have to do so, because the SoC is not guaranteed to detect pulses shorter than 100us in S0i3.4 substate. A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code running in verstage, which will program a new Cr50 register, provided that Cr50 firmware is new enough to support the register. BUG=b:154333137 TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x Signed-off-by: Jes Bodi Klinke <jbk@chromium.org> Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-07-26src: Update bare access to BOOL CONFIG_ vals to CONFIG()Martin Roth
BOOL type Kconfig values should be used through the CONFIG() macro. These instances were not, so update them. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ie4706d82c12c487607bbf5ad8059922e0e586858 Reviewed-on: https://review.coreboot.org/c/coreboot/+/43825 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-07-26src: Change BOOL CONFIG_ to CONFIG() in comments & stringsMartin Roth
The Kconfig lint tool checks for cases of the code using BOOL type Kconfig options directly instead of with CONFIG() and will print out warnings about it. It gets confused by these references in comments and strings. To fix it so that it can find the real issues, just update these as we would with real issues. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: I5c37f0ee103721c97483d07a368c0b813e3f25c0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/43824 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-11treewide: Convert more license headers to SPDX stylePatrick Georgi
Change-Id: Ia3de79c7d71049da00ed108829eac6cb49ff3ed6 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41205 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-28drivers/spi/tpm: Add support for non CR50 SPI TPM2Patrick Rudolph
Add support for a STM SPI TPM2 by adding checks for CR50. Tested using ST33HTPH2E32. Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-23rules.h: Rename ENV_VERSTAGE to ENV_SEPARATE_VERSTAGEJulius Werner
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the appropriate calling stage (bootblock or romstage). This means that ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE are 1. This keeps tripping up people who are just trying to write a simple "are we in verstage (i.e. wherever the vboot init logic runs)" check, e.g. for TPM init functions which may run in "verstage" or ramstage depending on whether vboot is enabled. Those checks will not work as intended for CONFIG_SEPARATE_VERSTAGE=n. This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to clarify that this macro can really only be used to check whether code is running in a *separate* verstage, and clue people in that they may need to cover the linked-in verstage case as well. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-02src/: Remove g_ prefixes and _g suffixes from variablesPatrick Georgi
These were often used to distinguish CAR_GLOBAL variables that weren't directly usable. Since we're getting rid of this special case, also get rid of the marker. This change was created using coccinelle and the following script: @match@ type T; identifier old =~ "^(g_.*|.*_g)$"; @@ old @script:python global_marker@ old << match.old; new; @@ new = old if old[0:2] == "g_": new = new[2:] if new[-2:] == "_g": new = new[:-2] coccinelle.new = new @@ identifier match.old, global_marker.new; @@ - old + new @@ type T; identifier match.old, global_marker.new; @@ - T old; + T new; @@ type T; identifier match.old, global_marker.new; @@ - T old + T new = ...; There were some manual fixups: Some code still uses the global/local variable naming scheme, so keep g_* there, and some variable names weren't completely rewritten. Change-Id: I4936ff9780a0d3ed9b8b539772bc48887f8d5eed Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37358 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-29security/tpm: Drop CAR_GLOBAL_MIGRATION supportArthur Heymans
Change-Id: I1c09eda6164efb390de4626f52aafba59962f9c4 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37029 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-27src/[arch-lib]: change "unsigned" to "unsigned int"Martin Roth
Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ibb7b48a7a144421aff29acbb7ac30968ae5fe5ab Reviewed-on: https://review.coreboot.org/c/coreboot/+/36329 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-09-02src/drivers/spi/tpm: Fix typo & capitalize TPM and IRQElyes HAOUAS
Change-Id: Ifb1e024821153865dd4a27a100f8a9c61151e0e1 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/28387 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2018-04-24compiler.h: add __weak macroAaron Durbin
Instead of writing out '__attribute__((weak))' use a shorter form. Change-Id: If418a1d55052780077febd2d8f2089021f414b91 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25767 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-01-18security/tpm: Change TPM naming for different layers.Philipp Deppenwiese
* Rename tlcl* to tss* as tpm software stack layer. * Fix inconsistent naming. Change-Id: I206dd6a32dbd303a6d4d987e424407ebf5c518fa Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22104 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2018-01-18security/tpm: Move tpm TSS and TSPI layer to security sectionPhilipp Deppenwiese
* Move code from src/lib and src/include into src/security/tpm * Split TPM TSS 1.2 and 2.0 * Fix header includes * Add a new directory structure with kconfig and makefile includes Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22103 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2017-12-18spi/tpm: Clear pending irqs during tpm2_initShelley Chen
Seeing some instances were cr50 spi driver is starting a new transaction without getting a ready interrupt from cr50, which means that there are pending interrupts. Clearing these to be sure there are not any stale irqs for the next transaction. BUG=b:69567837 BRANCH=None TEST=run FAFT and see if any 0x2b recovery boots occur Change-Id: Ie099da9f2b3c4da417648ae10a5ba356b7a093ff Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://review.coreboot.org/22909 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2017-11-28spi/tpm.c do not waste time on wake pulses unless necessaryVadim Bendebury
The Cr50 secure chip implementation is guaranteed not to fall asleep for 1 second after any SPI slave activity. Let's not waste time on the wake up ping when it is not necessary. BRANCH=cr50 BUG=b:68012381 TEST=using a protocol analyzer verified that the wake pulses are generated only when the new coreboot stage or depthcharge start, not on every SPI slave transaction. Change-Id: Id8def1470ba3eab533075b9e7180f8a58e0b00b6 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/22321 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-11-21spi/tpm: claim locality just once during bootVadim Bendebury
All coreboot stages using TPM start with the same sequence: check if locality is claimed, if so, release it by writing 'active locality' bit, then try claiming it. This is actually not a proper procedure: section "5.5.2.3.1 Command Aborts" of "TCG PC Client Platform TPM Profile (PTP) Specification Level 00 Revision 00.430 Family 2" lists overwriting active locality status bit as a means of triggering TPM command abort. On top of that, none of the coreboot stages releases locality, it is enough to claim it once when device starts booting. In fact, locality being active when the device is in verstage is most likely due to delayed TPM reset processing by the Cr50 TPM: reset is an asynchronous event, and is processed once current command processing completes. The proper procedure is to wait if locality is active until it is released (which will happen when Cr50 processes reset) and then proceed to claim it. This needs to happen only during verstage, other stages using TPM are guaranteed has been claimed earlier. BRANCH=gru BUG=b:65867313 TEST=the new autotest triggering EC reset during key generation process does not cause boot failures on Fizz device any more. Below are times verstage had to wait: TPM ready after 3132 ms TPM ready after 22120 ms TPM ready after 4936 ms TPM ready after 6445 ms TPM ready after 11798 ms TPM ready after 27421 ms TPM ready after 4582 ms TPM ready after 7532 ms TPM ready after 27920 ms TPM ready after 3539 ms TPM ready after 12557 ms TPM ready after 6773 ms TPM ready after 1631 ms TPM ready after 197 ms TPM ready after 24330 ms TPM ready after 3241 ms Change-Id: Iaee04f009bcde03712483e5e03de4a3441ea32b1 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/22489 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2017-11-16drivers/spi/tpm: Poll TPM_VALID bit until validShelley Chen
In case the TPM is doing a long crypto operation the initial probe could be very delayed. Rather than end up in recovery make the delay long enough to accommodate the (current) long crypto times. This would add a maximum of 30 seconds to boot time. Mirroring changes done on i2c side in CL:756918 BUG=b:65867313, b:68729265 BRANCH=None TEST=Make sure fizz boots up Change-Id: Ie944bfb6fe33d6e9ee794439165716ab624be491 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://review.coreboot.org/22370 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-11-01spi/tpm: Make sure AP properly syncs up with Cr50Vadim Bendebury
When Cr50 TPM is being reset, it continues replying to the SPI bus requests, sends wrong register values in response to read requests. This patch makes sure that the TPM driver does not proceed unless proper value is read from the TPM device identification register. If the read value is still wrong after 10 retries taken with 10 ms intervals, the driver gives up and declares TPM broken/unavailable. BRANCH=cr50 BUG=b:68012381 TEST=ran a script resetting the Fizz device as soon as the "index 0x1007 return code 0" string shows up in the AP console output. The script keeps rebooting the Fizz indefinitely, before this script Fizz would fail to read TPM properly and fall into recovery after no more than four reboots. Change-Id: I7e67ec62c2bf31077b9ae558e09214d07eccf96b Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/22231 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-04-13drivers/spi/tpm: Clean up SPI TPM driverFurquan Shaikh
1. Move common TIS macros to include/tpm.h. 2. Use common TIS macros while referring to status and access registers. 3. Add a new function claim_locality to properly check for required access bits and claim locality 0. BUG=b:36873582 Change-Id: I11bf3e8b6e1f50b7868c9fe4394a858488367287 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/19213 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2017-04-05drivers/spi/tpm: Make SPI TPM driver CAR-safeFurquan Shaikh
1. Use proper CAR semantics for global/static variables. 2. Use spi_* functions directly instead of using a global structure to store pointers to those functions. BUG=b:36873582 Change-Id: I1fc52ab797ef0cbd3793a387d68198efc5dde58c Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/19114 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-04-05drivers/spi/tpm: using tpm irq to sync tpm transactionJeffy Chen
BUG=b:35647967 TEST=boot from bob Change-Id: Ib64107b17fb6e93dbe626ce92f3bc9da8b84784e Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> Reviewed-on: https://chromium-review.googlesource.com/452284 Commit-Ready: Caesar Wang <wxt@rock-chips.com> Tested-by: Caesar Wang <wxt@rock-chips.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/19113 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-04-05drivers/spi/tpm: try to wake cr50 if it is asleepJeffy Chen
BUG=b:35775002 TEST=boot from bob Change-Id: I6324f3c02da55a8527f085ba463cbb1f4fb5dc2e Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> Reviewed-on: https://chromium-review.googlesource.com/452283 Commit-Ready: Caesar Wang <wxt@rock-chips.com> Tested-by: Caesar Wang <wxt@rock-chips.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/19112 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2017-04-03drivers/spi/tpm: make tpm_info object local to compilation unitAaron Durbin
The tpm_info object is a global, but its symbol does not need to be exposed to the world as its only used within tpm.c. BUG=b:36598499 Change-Id: Idded3dad8d0d1c3535bddfb359009210d3439703 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/19057 Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins)
2017-04-03drivers/spi/tpm: de-assert chip select on transaction errorAaron Durbin
In the case of start_transaction() failing the chip select is never deasserted. Correct that by deasserting the chip select when start_transaction() fails. BUG=b:36598499 Change-Id: I2c5200085eb357259edab39c1a0fa7b1d81ba7b2 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/19056 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-12-16tpm2: handle failures more gracefullyVadim Bendebury
When trying to bring up a device with a malfunctioning TPM2 chip, the driver currently gets stuck waiting for SPI flow control, causing bricked devices. This patch puts a 100 ms cap on the waiting time - this should be enough even for a longest NVRAM save operation which could be under way on the TPM device. BRANCH=gru BUG=chrome-os-partner:59807 TEST=with a matching change in depthcharge, now a gru with corrupted SPI TPM comes up to the recovery screen (it was not showing signs of life before this change). Change-Id: I63ef5dde8dddd9afeae91e396c157a1a37d47c80 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/17898 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2016-12-05spi: Pass pointer to spi_slave structure in spi_setup_slaveFurquan Shaikh
For spi_setup_slave, instead of making the platform driver return a pointer to spi_slave structure, pass in a structure pointer that can be filled in by the driver as required. This removes the need for platform drivers to maintain a slave structure in data/CAR section. BUG=chrome-os-partner:59832 BRANCH=None TEST=Compiles successfully Change-Id: Ia15a4f88ef4dcfdf616bb1c22261e7cb642a7573 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17683 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-12-05spi: Fix parameter types for spi functionsFurquan Shaikh
1. Use size_t instead of unsigned int for bytes_out and bytes_in. 2. Use const attribute for spi_slave structure passed into xfer, claim bus and release bus functions. BUG=chrome-os-partner:59832 BRANCH=None TEST=Compiles successfully Change-Id: Ie70b3520b51c42d750f907892545510c6058f85a Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17682 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-08-03spi/tpm: read TPM version in larger chunksVadim Bendebury
The TPM version string has become much longer recently, and the TPM_FW_VER register available on VID 1ae0 devices supports reading in arbitrary size quantities. Let's read 50 bytes at a time to reduce the SPI register read wrapper overhead, and increase the length limit to 300 bytes to accommodate longer version strings. TEST=verified on the Kevin device: localhost ~ # grep cr50 /sys/firmware/log Firmware version: RO_A: 0.0.1/84e2dde7 RO_B:* 0.0.2/13eda43f RW_A:* cr50_v1.1.5005-444ddb7 RW_B: cr50_v1.1.5005-5aac83c cr50_v1.1.5005-444ddb7 private-cr51:v0.0.66-bd9a0fe tpm2:v0.0.259-8f3d735 cryptoc:v0.0.4-5319e83 2016-07-31 10:58:05 vbendeb@kvasha Change-Id: Ifaf28c1a9a3990372a9cec108c098edbe50d3243 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/16000 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-12tpm: report firmware versionVadim Bendebury
Some devices allow to retrieve firmware version by reading the same 4 byte register repeatedly until the entire version string is read. Let's print out TPM firmware version when available. Just in case something goes wrong limit the version string length to 200 bytes. CQ-DEPEND=CL:355701 BRANCH=none BUG=chrome-os-partner:54723 TEST=built the new firmware and ran it on Gru, observed the following in the coreboot console log: Connected to device vid:did:rid of 1ae0:0028:00 Firmware version: cr50_v1.1.4792-7a44484 Original-Commit-Id: 1f54a30cebe808abf1b09478b47924bb722a0ca6 Original-Change-Id: Idb069dabb80d34a0efdf04c3c40a42ab0c8a3f94 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/355704 Original-Reviewed-by: Scott Collyer <scollyer@chromium.org> Squashed with: tpm: use 4 byte quantities when retrieving firmware version The CR50 device is capable of reporting its firmware version in 4 byte quantities, but the recently introduced code retrieves the version one byte at a time. With this fix the version is retrieved in 4 byte chunks. BRANCH=none BUG=none TEST=the version is still reported properly, as reported by the AP firmware console log: localhost ~ # grep cr50 /sys/firmware/log Firmware version: cr50_v1.1.4804-c64cf24 localhost ~ # Original-Commit-Id: 3111537e7b66d8507b6608ef665e4cde76403818 Original-Change-Id: I04116881a30001e35e989e51ec1567263f9149a6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/356542 Original-Reviewed-by: Andrey Pronin <apronin@chromium.org> Change-Id: Ia9f13a5bf1c34292b866f57c0d14470fe6ca9853 Signed-off-by: Martin Roth <martinroth@chromium.org> Reviewed-on: https://review.coreboot.org/15573 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-07-11tpm: use proper locality zero SPI bus addressesVadim Bendebury
The "PC Client Protection Profile for TPM 2.0" document defines SPI bus addresses for different localities. That definition is not honored in the cr50 implementation, this patch fixes it: locality zero register file is based off 0xd40000. BRANCH=none BUG=chrome-os-partner:54720 TEST=with the fixed cr50 image and the rest of TPM2 initialization patches applied factory initialization sequence on Gru succeeds. Change-Id: I49b7ed55f0360448b9a6602ebd31a3a531608da3 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 43344fff5d58ec235e50030413fc38c98dd0a9a1 Original-Change-Id: I2de6fa6c05d3eca989d6785228d5adde1f2a7ab7 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/355620 Original-Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://review.coreboot.org/15568 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-06-23tpm2: add SPI TPM driverVadim Bendebury
This introduces a SPI TPM driver compliant with the TCG issued "TPM Profile (PTP) Specification Revision 00.43" which can be found by googling its title. The driver implements both the hardware flow control protocol and the TPM state machine. The hardware flow control allows to map SPI based TPM devices to the LPC address space on x86 platforms, on all other platforms it needs to be implemented in the driver software. The tis layer is somewhat superficial, it might have to be expanded later. A lot more implementation details can be found in the code comments. Also, it is worth mentioning that this is not a complete version of the driver: its robustness needs to be improved, delay loops need to be bound, error conditions need to propagate up the call stack. BRANCH=none BUG=chrome-os-partner:52132, chrome-os-partner:50645, chrome-os-partner:54141 TEST=with the rest of the patches applied coreboot is able complete Chrome OS factory initialization of the TPM2 device. Change-Id: I967bc5c689f6e6f345755f08cb088ad37abd5d1c Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 5611c6f7d7fe6d37da668f337f0e70263913d63e Original-Change-Id: I17d732e66bd231c2289ec289994dd819c6276855 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/350124 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15298 Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com> Tested-by: build bot (Jenkins)