Age | Commit message (Collapse) | Author |
|
The OpenTitan HW implements the same firmware interface as the Ti50
H1D3C hardware variant; it just has a different DID_VID. Allow this new
DID_VID to be recognized correctly.
BUG=b:324940153
Change-Id: Iaacf6d88bc6067948756c465aac1cd8b24ecae1f
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83033
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Starting from here CONFIG_TPM1 and CONFIG_TPM2 are no longer mutually
exclusive.
Change-Id: I44c5a1d825afe414c2f5c2c90f4cfe41ba9bef5f
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69162
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Via an out parameter. This is needed to be able to dynamically pick TSS
implementation based on the information discovered on probing.
Change-Id: I5006e0cdfef76ff79ce9e1cf280fcd5515ae01b0
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69159
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Ib27894f0f1e03501583fffb2c759b493d6a7b945
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80588
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The .inc suffix is confusing to various tools as it's not specific to
Makefiles. This means that editors don't recognize the files, and don't
open them with highlighting and any other specific editor functionality.
This issue is also seen in the release notes generation script where
Makefiles get renamed before running cloc.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8cf3d2e2cd1b6ebe4e941ad64f27698379fef696
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80080
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I926ec4c1c00339209ef656995031026935e52558
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77637
Reviewed-by: Eric Lai <ericllai@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
init() was always followed by open() and after successful initialization
we only need send-receive function which is now returned by tis_probe()
on success, thus further reducing number of functions to export from
drivers.
This also removes check for opening TIS twice that seems to have no
value.
Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Convert TPM functions to return TPM error codes(referred to as
tpm_result_t) values to match the TCG standard.
BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None
Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Convert hex print values to use the %#x qualifier to print 0x{value}.
BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None
Change-Id: I0d1ac4b920530635fb758c5165a6a99c11b414c8
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78183
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I9804fcd9076b5a4813f099db0852a5af5ac36609
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77523
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
|
|
To help identify the licenses of the various files contained in the
coreboot source, we've added SPDX headers to the top of all of the
.c and .h files. This extends that practice to Makefiles.
Any file in the coreboot project without a specific license is bound
to the license of the overall coreboot project, GPL Version 2.
This patch adds the GPL V2 license identifier to the top of all
makefiles in the drivers directory that don't already have an SPDX
license line at the top.
Signed-off-by: Martin Roth <gaumless@gmail.com>
Change-Id: I8442bc18ce228eca88a084660be84bcd1c5de928
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68980
Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Tim Crawford <tcrawford@system76.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
|
|
tis_plat_irq_status() function is used only by Google TPM. It should
be moved to drivers/tpm/cr50.c. The name of the function was changed
to cr50_plat_irq_status().
BUG=b:277787305
TEST=Build all affected platforms
Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8
Signed-off-by: Grzegorz Bernacki <bernacki@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
This reverts commit d43154486d27323f64334203e9bc8baf08af6845.
From CB:68991: This causes CraterLake boot up process to die.
Investigation in progress.
Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Tested-by: siemens-bot
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
This is to handle the situation when device ID is the same for TPM1 and
TPM2 versions of a device.
Change-Id: Ib2840a21b3be8928d39570281f86a0e26b38b5f9
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69022
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Init was always followed by open and after successful initialization we
need only send-receive function, which is now returned by tis_probe on
success further reducing number of functions to export from drivers.
Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This function was never called from outside of drivers and
src/drivers/pc80/tpm/tis.c was the only one doing it in a questionable
way.
tpm_vendor_cleanup() also isn't needed as one of tis_close() functions
was its only caller.
Change-Id: I9df76adfc21fca9fa1d1af7c40635ec0684ceb0f
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68989
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Since mono_time is now 64-bit, the utility functions interfacing with
mono_time should also be 64-bit so precision isn't lost.
Fixed build errors related to printing the now int64_t result of
stopwatch_duration_[m|u]secs in various places.
BUG=b:237082996
BRANCH=All
TEST=Boot dewatt
Change-Id: I169588f5e14285557f2d03270f58f4c07c0154d5
Signed-off-by: Rob Barnes <robbarnes@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66170
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
BUG=none
TEST=See "[INFO ] Initialized TPM device TI50 revision 83"
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Change-Id: I3af5f4653b6b8ecd086f85ec573530a4e5c57211
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66786
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
Change-Id: Ic1b38e93d919c1286a8d130700a4a2bfd6b55258
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61557
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
|
|
The current 10ms timeout for SPI TPM IRQ is not enough for platforms
using ti50 (such as corsola). Therefore, introduce a new Kconfig option
'GOOGLE_TPM_IRQ_TIMEOUT_MS'.
For platforms using cr50, we need to support legacy pre-ready-IRQ cr50
factory images during the initial boot, so the timeout remains 100ms for
I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50,
the default timeout is increased to 750ms, as suggested by the ti50 team
(apronin@google.com).
BUG=b:232327704
TEST=emerge-corsola coreboot
BRANCH=none
Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
A new iteration of Google's TPM implementation will advertize a new
DID:VID, but otherwise follow the same protocol as the earlier design.
This change makes use of Kconfigs TPM_GOOGLE_CR50 and TPM_GOOGLE_TI50
to be able to take slightly different code paths, when e.g. evaluating
whether TPM firmware is new enough to support certain features.
Change-Id: I1e1f8eb9b94fc2d5689656335dc1135b47880986
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63158
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Break TPM related Kconfig into the following dimensions:
TPM transport support:
config CRB_TPM
config I2C_TPM
config SPI_TPM
config MEMORY_MAPPED_TPM (new)
TPM brand, not defining any of these is valid, and result in "generic" support:
config TPM_ATMEL (new)
config TPM_GOOGLE (new)
config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE)
config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE)
What protocol the TPM chip supports:
config MAINBOARD_HAS_TPM1
config MAINBOARD_HAS_TPM2
What the user chooses to compile (restricted by the above):
config NO_TPM
config TPM1
config TPM2
The following Kconfigs will be replaced as indicated:
config TPM_CR50 -> TPM_GOOGLE
config MAINBOARD_HAS_CRB_TPM -> CRB_TPM
config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL
config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE
config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM
config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL
config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE
Signed-off-by: Jes B. Klinke <jbk@chromium.org>
Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit
hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of
`cb_err_t` instances.
TEST=Able to build the brya.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900
Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
Mainboards accessing the cr50 over an I2C bus may want to reuse some of
the same firmware version and BOARD_CFG logic, therefore refactor this
logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses
the new tis_vendor_read/write() functions in order to access the cr50
regardless of the bus which is physically used. In order to leave SPI
devices intact, the tis_vendor_* functions are added to the SPI driver.
BUG=b:202246591
TEST=boot to OS on google/dratini, see the same FW version and board_cfg
console prints as before the change.
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
|
|
Instead of using raw integers to indicate success/failure, enum cb_err
can be used to makes things clearer, so this patch converts most
functions to return that instead of int.
TEST=boot to OS on google/dratini, no TPM errors seen
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: Ifb749c931fe008b16d42fcf157af820ec8fbf5ac
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61976
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
|
|
Now that the console system itself will clearly differentiate loglevels,
it is no longer necessary to explicitly add "ERROR: " in front of every
BIOS_ERR message to help it stand out more (and allow automated tooling
to grep for it). Removing all these extra .rodata characters should save
us a nice little amount of binary size.
This patch was created by running
find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';'
and doing some cursory review/cleanup on the result. Then doing the same
thing for BIOS_WARN with
's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi'
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Lance Zhao
Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
|
|
These issues were found and fixed by codespell, a useful tool for
finding spelling errors.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I5b8ecdfe75d99028fee820a2034466a8ad1c5e63
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58080
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I8a8b0575689d7b63fd37edc457abc42710a13e97
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49552
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
|
|
Change-Id: I2941d4480a7c88b6c020a9da584135a0030fccfe
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/49551
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
|
|
Change-Id: I202e5d285612b9bf237b588ea3c006187623fdc3
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44609
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
|
|
This adds error checking in paths that previously ignored TPM
communication errors. We hit this case occasionally during "Checking
cr50 for pending updates"; previously we would go down this path and
eventually time out using MAX_STATUS_TIMEOUT, which is 2 minutes.
Now, we detect the failure and return with an error indication instead
of timing out after a long time. The root cause of the communication
error is an open issue.
BUG=b:168090038
TEST=booted on volteer, observed error handling when
"Checking cr50 for pending updates" fails.
Signed-off-by: Caveh Jalali <caveh@chromium.org>
Change-Id: Ia8a1202000abce1857ee694b06b1478e6b045069
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45232
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jes Klinke <jbk@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
|
Introduce a helper to get the cached cr50 firmware version. This
information is in turn used to identify the strap configuration
supported by Cr50.
BUG=None
TEST=Ensure that Drawcia board boots to OS. Ensure that the version
cached cr50 firmware version is returned.
Change-Id: Id84b152993f253878a6c133cc433a0da2c990cf2
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44653
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@google.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4
only if we know that the Cr50 is generating 100us interrupt pulses.
We have to do so, because the SoC is not guaranteed to detect pulses
shorter than 100us in S0i3.4 substate.
A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code
running in verstage, which will program a new Cr50 register, provided that
Cr50 firmware is new enough to support the register.
BUG=b:154333137
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x
Signed-off-by: Jes Bodi Klinke <jbk@chromium.org>
Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
BOOL type Kconfig values should be used through the CONFIG() macro.
These instances were not, so update them.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ie4706d82c12c487607bbf5ad8059922e0e586858
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43825
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
The Kconfig lint tool checks for cases of the code using BOOL type
Kconfig options directly instead of with CONFIG() and will print out
warnings about it. It gets confused by these references in comments
and strings. To fix it so that it can find the real issues, just
update these as we would with real issues.
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I5c37f0ee103721c97483d07a368c0b813e3f25c0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43824
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
Change-Id: Ia3de79c7d71049da00ed108829eac6cb49ff3ed6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41205
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Add support for a STM SPI TPM2 by adding checks for CR50.
Tested using ST33HTPH2E32.
Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the
appropriate calling stage (bootblock or romstage). This means that
ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE
are 1. This keeps tripping up people who are just trying to write a
simple "are we in verstage (i.e. wherever the vboot init logic runs)"
check, e.g. for TPM init functions which may run in "verstage" or
ramstage depending on whether vboot is enabled. Those checks will not
work as intended for CONFIG_SEPARATE_VERSTAGE=n.
This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to
clarify that this macro can really only be used to check whether code is
running in a *separate* verstage, and clue people in that they may need
to cover the linked-in verstage case as well.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
These were often used to distinguish CAR_GLOBAL variables that weren't
directly usable. Since we're getting rid of this special case, also get
rid of the marker.
This change was created using coccinelle and the following script:
@match@
type T;
identifier old =~ "^(g_.*|.*_g)$";
@@
old
@script:python global_marker@
old << match.old;
new;
@@
new = old
if old[0:2] == "g_":
new = new[2:]
if new[-2:] == "_g":
new = new[:-2]
coccinelle.new = new
@@
identifier match.old, global_marker.new;
@@
- old
+ new
@@
type T;
identifier match.old, global_marker.new;
@@
- T old;
+ T new;
@@
type T;
identifier match.old, global_marker.new;
@@
- T old
+ T new
= ...;
There were some manual fixups: Some code still uses the global/local
variable naming scheme, so keep g_* there, and some variable names
weren't completely rewritten.
Change-Id: I4936ff9780a0d3ed9b8b539772bc48887f8d5eed
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37358
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
|
|
Change-Id: I46e318333e68b999b2889f51fa2fbf140a27a54e
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37357
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
Change-Id: I1c09eda6164efb390de4626f52aafba59962f9c4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37029
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ibb7b48a7a144421aff29acbb7ac30968ae5fe5ab
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36329
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
|
Drop 'include <string.h>' when it is not used and
add it when it is missing.
Also extra lines removed, or added just before local includes.
Change-Id: Iccac4dbaa2dd4144fc347af36ecfc9747da3de20
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31966
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
|
|
Now postcar is a standalone stage, add
it as target to all TPM bus drivers.
This is a required for a measured boot.
Change-Id: I758185daf3941a29883c2256b900360e112275e1
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/29546
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Its spreading copies got out of sync. And as it is not a standard header
but used in commonlib code, it belongs into commonlib. While we are at
it, always include it via GCC's `-include` switch.
Some Windows and BSD quirk handling went into the util copies. We always
guard from redefinitions now to prevent further issues.
Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/28927
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Change-Id: Ifb1e024821153865dd4a27a100f8a9c61151e0e1
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/28387
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
|
|
* Remove 2nd software stack in pc80 drivers directory.
* Create TSPI interface for common usage.
* Refactor TSS / TIS code base.
* Add vendor tss (Cr50) directory.
* Change kconfig options for TPM to TPM1.
* Add user / board configuration with:
* MAINBOARD_HAS_*_TPM # * BUS driver
* MAINBOARD_HAS_TPM1 or MAINBOARD_HAS_TPM2
* Add kconfig TPM user selection (e.g. pluggable TPMs)
* Fix existing headers and function calls.
* Fix vboot for interface usage and antirollback mode.
Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/24903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Instead of writing out '__attribute__((weak))' use a shorter form.
Change-Id: If418a1d55052780077febd2d8f2089021f414b91
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/25767
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Justin TerAvest <teravest@chromium.org>
|
|
* Rename tlcl* to tss* as tpm software stack layer.
* Fix inconsistent naming.
Change-Id: I206dd6a32dbd303a6d4d987e424407ebf5c518fa
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22104
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
* Move code from src/lib and src/include into src/security/tpm
* Split TPM TSS 1.2 and 2.0
* Fix header includes
* Add a new directory structure with kconfig and makefile includes
Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Seeing some instances were cr50 spi driver is starting a new
transaction without getting a ready interrupt from cr50, which means
that there are pending interrupts. Clearing these to be sure there
are not any stale irqs for the next transaction.
BUG=b:69567837
BRANCH=None
TEST=run FAFT and see if any 0x2b recovery boots occur
Change-Id: Ie099da9f2b3c4da417648ae10a5ba356b7a093ff
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://review.coreboot.org/22909
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
The Cr50 secure chip implementation is guaranteed not to fall asleep
for 1 second after any SPI slave activity.
Let's not waste time on the wake up ping when it is not necessary.
BRANCH=cr50
BUG=b:68012381
TEST=using a protocol analyzer verified that the wake pulses are
generated only when the new coreboot stage or depthcharge start,
not on every SPI slave transaction.
Change-Id: Id8def1470ba3eab533075b9e7180f8a58e0b00b6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/22321
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
All coreboot stages using TPM start with the same sequence: check if
locality is claimed, if so, release it by writing 'active locality'
bit, then try claiming it.
This is actually not a proper procedure: section "5.5.2.3.1 Command
Aborts" of "TCG PC Client Platform TPM Profile (PTP) Specification
Level 00 Revision 00.430 Family 2" lists overwriting active locality
status bit as a means of triggering TPM command abort.
On top of that, none of the coreboot stages releases locality, it is
enough to claim it once when device starts booting.
In fact, locality being active when the device is in verstage is most
likely due to delayed TPM reset processing by the Cr50 TPM: reset is
an asynchronous event, and is processed once current command
processing completes.
The proper procedure is to wait if locality is active until it is
released (which will happen when Cr50 processes reset) and then
proceed to claim it. This needs to happen only during verstage, other
stages using TPM are guaranteed has been claimed earlier.
BRANCH=gru
BUG=b:65867313
TEST=the new autotest triggering EC reset during key generation
process does not cause boot failures on Fizz device any more.
Below are times verstage had to wait:
TPM ready after 3132 ms
TPM ready after 22120 ms
TPM ready after 4936 ms
TPM ready after 6445 ms
TPM ready after 11798 ms
TPM ready after 27421 ms
TPM ready after 4582 ms
TPM ready after 7532 ms
TPM ready after 27920 ms
TPM ready after 3539 ms
TPM ready after 12557 ms
TPM ready after 6773 ms
TPM ready after 1631 ms
TPM ready after 197 ms
TPM ready after 24330 ms
TPM ready after 3241 ms
Change-Id: Iaee04f009bcde03712483e5e03de4a3441ea32b1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/22489
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
In case the TPM is doing a long crypto operation the initial probe
could be very delayed. Rather than end up in recovery make the delay
long enough to accommodate the (current) long crypto times. This would
add a maximum of 30 seconds to boot time.
Mirroring changes done on i2c side in CL:756918
BUG=b:65867313, b:68729265
BRANCH=None
TEST=Make sure fizz boots up
Change-Id: Ie944bfb6fe33d6e9ee794439165716ab624be491
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://review.coreboot.org/22370
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
When Cr50 TPM is being reset, it continues replying to the SPI bus
requests, sends wrong register values in response to read requests.
This patch makes sure that the TPM driver does not proceed unless
proper value is read from the TPM device identification register.
If the read value is still wrong after 10 retries taken with 10 ms
intervals, the driver gives up and declares TPM broken/unavailable.
BRANCH=cr50
BUG=b:68012381
TEST=ran a script resetting the Fizz device as soon as the "index
0x1007 return code 0" string shows up in the AP console output.
The script keeps rebooting the Fizz indefinitely, before this
script Fizz would fail to read TPM properly and fall into
recovery after no more than four reboots.
Change-Id: I7e67ec62c2bf31077b9ae558e09214d07eccf96b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/22231
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
MAINBOARD_HAS_SPI_TPM_CR50 describes a capability of the board and SPI_TPM
is only on if we actually want to compile in the TPM code. For example,
in src/drivers/i2c/tpm/Kconfig MAINBOARD_HAS_I2C_TPM_CR50 also doesn't
depend on SPI_TPM.
This problem manifests itself as the following build issue when building
with MAINBOARD_HAS_I2C_TPM_CR50 but without an explict "select TPM2":
src/Kconfig:296:error: recursive dependency detected!
src/Kconfig:296: symbol MAINBOARD_HAS_TPM2 is selected by MAINBOARD_HAS_TPM_CR50
src/Kconfig:408: symbol MAINBOARD_HAS_TPM_CR50 depends on MAINBOARD_HAS_SPI_TPM_CR50
src/drivers/spi/tpm/Kconfig:15: symbol MAINBOARD_HAS_SPI_TPM_CR50 depends on SPI_TPM
src/drivers/spi/tpm/Kconfig:1: symbol SPI_TPM depends on TPM2
src/Kconfig:396: symbol TPM2 is selected by MAINBOARD_HAS_TPM2
MAINBOARD_HAS_SPI_TPM_CR50 shouldn't depend on SPI_TPM.
BRANCH=none
BUG=b:36786804
TEST=Boot rowan w/ serial enabled, verify coreboot and depthcharge are
configured to use IRQ flow control when talking to the Cr50 TPM.
Change-Id: I0cb3f6d3aa4159bad563a6a4b006d7f4825e04b4
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Suggested-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/19411
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
1. Move common TIS macros to include/tpm.h.
2. Use common TIS macros while referring to status and access registers.
3. Add a new function claim_locality to properly check for required
access bits and claim locality 0.
BUG=b:36873582
Change-Id: I11bf3e8b6e1f50b7868c9fe4394a858488367287
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19213
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
|
In order to be able to use SPI TPM on x86, allow TPM_SPI to be used
with PC80_SYSTEM.
BUG=b:35583330
Change-Id: Ibe626a192d45cf2624368db42d369202a4003123
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19093
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
1. Use proper CAR semantics for global/static variables.
2. Use spi_* functions directly instead of using a global structure to
store pointers to those functions.
BUG=b:36873582
Change-Id: I1fc52ab797ef0cbd3793a387d68198efc5dde58c
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19114
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
BUG=b:35647967
TEST=boot from bob
Change-Id: Ib64107b17fb6e93dbe626ce92f3bc9da8b84784e
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Reviewed-on: https://chromium-review.googlesource.com/452284
Commit-Ready: Caesar Wang <wxt@rock-chips.com>
Tested-by: Caesar Wang <wxt@rock-chips.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/19113
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
BUG=b:35775002
TEST=boot from bob
Change-Id: I6324f3c02da55a8527f085ba463cbb1f4fb5dc2e
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Reviewed-on: https://chromium-review.googlesource.com/452283
Commit-Ready: Caesar Wang <wxt@rock-chips.com>
Tested-by: Caesar Wang <wxt@rock-chips.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/19112
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
|
|
These files are required to support recovery MRC cache hash
save/restore in romtage/ramstage.
BUG=b:35583330
Change-Id: Idd0a4ee1c5f8f861caf40d841053b83a9d7aaef8
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/19092
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
The spi tis_sendrecv() implementation was always returning success
for all transactions. Correct this by returning -1 on error when
tpm2_process_command() returns 0 since that's its current failure
return code.
BUG=b:36598499
Change-Id: I8bfb5a09198ae4c293330e770271773a185d5061
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/19058
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
|
|
The tpm_info object is a global, but its symbol does not need to
be exposed to the world as its only used within tpm.c.
BUG=b:36598499
Change-Id: Idded3dad8d0d1c3535bddfb359009210d3439703
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/19057
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
|
|
In the case of start_transaction() failing the chip select is never
deasserted. Correct that by deasserting the chip select when
start_transaction() fails.
BUG=b:36598499
Change-Id: I2c5200085eb357259edab39c1a0fa7b1d81ba7b2
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/19056
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
Going forward it's important to note when a CR50 is expected
to be present in the system. Additionally, this Kconfig addition
provides symmetry with the equivalent i2c Kconfig option.
BUG=b:35775104
Change-Id: Ifbd42b8a22f407534b23459713558c77cde6935d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18680
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins)
|
|
When trying to bring up a device with a malfunctioning TPM2 chip, the
driver currently gets stuck waiting for SPI flow control, causing
bricked devices.
This patch puts a 100 ms cap on the waiting time - this should be
enough even for a longest NVRAM save operation which could be under
way on the TPM device.
BRANCH=gru
BUG=chrome-os-partner:59807
TEST=with a matching change in depthcharge, now a gru with corrupted
SPI TPM comes up to the recovery screen (it was not showing signs
of life before this change).
Change-Id: I63ef5dde8dddd9afeae91e396c157a1a37d47c80
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/17898
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
|
|
For spi_setup_slave, instead of making the platform driver return a
pointer to spi_slave structure, pass in a structure pointer that can be
filled in by the driver as required. This removes the need for platform
drivers to maintain a slave structure in data/CAR section.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: Ia15a4f88ef4dcfdf616bb1c22261e7cb642a7573
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17683
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
1. Use size_t instead of unsigned int for bytes_out and bytes_in.
2. Use const attribute for spi_slave structure passed into xfer, claim
bus and release bus functions.
BUG=chrome-os-partner:59832
BRANCH=None
TEST=Compiles successfully
Change-Id: Ie70b3520b51c42d750f907892545510c6058f85a
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17682
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Kconfig hex values don't need to be in quotes, and should start with
'0x'. If the default value isn't set this way, Kconfig will add the
0x to the start, and the entry can be added unnecessarily to the
defconfig since it's "different" than what was set by the default.
A check for this has been added to the Kconfig lint tool.
Change-Id: I86f37340682771700011b6285e4b4af41b7e9968
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/16834
Tested-by: build bot (Jenkins)
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
|
|
Fixed "intierface" typo.
Change-Id: I65f0156ee059a8bed96c900ca3da3a06f45901e8
Signed-off-by: Robert Foss <robert.foss@collabora.com>
Reviewed-on: https://review.coreboot.org/16252
Tested-by: build bot (Jenkins)
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
The TPM version string has become much longer recently, and the
TPM_FW_VER register available on VID 1ae0 devices supports reading in
arbitrary size quantities.
Let's read 50 bytes at a time to reduce the SPI register read wrapper
overhead, and increase the length limit to 300 bytes to accommodate
longer version strings.
TEST=verified on the Kevin device:
localhost ~ # grep cr50 /sys/firmware/log
Firmware version: RO_A: 0.0.1/84e2dde7 RO_B:* 0.0.2/13eda43f RW_A:* cr50_v1.1.5005-444ddb7 RW_B: cr50_v1.1.5005-5aac83c
cr50_v1.1.5005-444ddb7 private-cr51:v0.0.66-bd9a0fe tpm2:v0.0.259-8f3d735 cryptoc:v0.0.4-5319e83 2016-07-31 10:58:05 vbendeb@kvasha
Change-Id: Ifaf28c1a9a3990372a9cec108c098edbe50d3243
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/16000
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Change-Id: I7930d5cded290f2605d0c92a9c465a3f0c1291a2
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/15974
Tested-by: build bot (Jenkins)
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
|
|
Some devices allow to retrieve firmware version by reading the same 4
byte register repeatedly until the entire version string is read.
Let's print out TPM firmware version when available. Just in case
something goes wrong limit the version string length to 200 bytes.
CQ-DEPEND=CL:355701
BRANCH=none
BUG=chrome-os-partner:54723
TEST=built the new firmware and ran it on Gru, observed the following
in the coreboot console log:
Connected to device vid:did:rid of 1ae0:0028:00
Firmware version: cr50_v1.1.4792-7a44484
Original-Commit-Id: 1f54a30cebe808abf1b09478b47924bb722a0ca6
Original-Change-Id: Idb069dabb80d34a0efdf04c3c40a42ab0c8a3f94
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/355704
Original-Reviewed-by: Scott Collyer <scollyer@chromium.org>
Squashed with:
tpm: use 4 byte quantities when retrieving firmware version
The CR50 device is capable of reporting its firmware version in 4 byte
quantities, but the recently introduced code retrieves the version one
byte at a time.
With this fix the version is retrieved in 4 byte chunks.
BRANCH=none
BUG=none
TEST=the version is still reported properly, as reported by the AP
firmware console log:
localhost ~ # grep cr50 /sys/firmware/log
Firmware version: cr50_v1.1.4804-c64cf24
localhost ~ #
Original-Commit-Id: 3111537e7b66d8507b6608ef665e4cde76403818
Original-Change-Id: I04116881a30001e35e989e51ec1567263f9149a6
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/356542
Original-Reviewed-by: Andrey Pronin <apronin@chromium.org>
Change-Id: Ia9f13a5bf1c34292b866f57c0d14470fe6ca9853
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://review.coreboot.org/15573
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
The "PC Client Protection Profile for TPM 2.0" document defines SPI
bus addresses for different localities. That definition is not honored
in the cr50 implementation, this patch fixes it: locality zero
register file is based off 0xd40000.
BRANCH=none
BUG=chrome-os-partner:54720
TEST=with the fixed cr50 image and the rest of TPM2 initialization
patches applied factory initialization sequence on Gru succeeds.
Change-Id: I49b7ed55f0360448b9a6602ebd31a3a531608da3
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 43344fff5d58ec235e50030413fc38c98dd0a9a1
Original-Change-Id: I2de6fa6c05d3eca989d6785228d5adde1f2a7ab7
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/355620
Original-Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://review.coreboot.org/15568
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
To fully define TPM attachment to a SPI interface both bus and CS
(chip select) settings are required. Add the missing CS configuration
option.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied it is possible to compile in
and run TPM2 SPI driver.
Change-Id: If297df8e5b9526f156ed1414eb9db317d6af5b33
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/353913
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15299
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
This introduces a SPI TPM driver compliant with the TCG issued "TPM
Profile (PTP) Specification Revision 00.43" which can be found by
googling its title.
The driver implements both the hardware flow control protocol and the
TPM state machine.
The hardware flow control allows to map SPI based TPM devices to the
LPC address space on x86 platforms, on all other platforms it needs to
be implemented in the driver software.
The tis layer is somewhat superficial, it might have to be expanded
later.
A lot more implementation details can be found in the code comments.
Also, it is worth mentioning that this is not a complete version of
the driver: its robustness needs to be improved, delay loops need to
be bound, error conditions need to propagate up the call stack.
BRANCH=none
BUG=chrome-os-partner:52132, chrome-os-partner:50645, chrome-os-partner:54141
TEST=with the rest of the patches applied coreboot is able complete
Chrome OS factory initialization of the TPM2 device.
Change-Id: I967bc5c689f6e6f345755f08cb088ad37abd5d1c
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 5611c6f7d7fe6d37da668f337f0e70263913d63e
Original-Change-Id: I17d732e66bd231c2289ec289994dd819c6276855
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/350124
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15298
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Tested-by: build bot (Jenkins)
|
|
Until now it was assumed that all TPM devices were of the same type
(TCG 1.2 spec compliant) and x86 based boards had LPC connected TPMs
and all other boards had I2C connected TPMs.
With the advent of TPM2 specification there is a need to be able to
configure different combinations of TPM types (TPM or TPM2) and
interfaces (LPC, I2C and SPI).
This patch allows to do it. Picking Chrome OS still assumes that the
board has a TPM device, but adding MAINBOARD_HAS_TPM2 to the board's
Kconfig will trigger including of TPM2 instead.
MAINBOARD_HAS_LPC_TPM forces the interface to be set to LPC, adding
SPI_TPM to the board config switches interface choice to SPI, and if
neither of the two is defined, the interface is assumed to be I2C.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that none of the generated board configurations change
as a result of this patch. With the rest of the stack in place it
is possible to configure different combinations of TPM types and
interfaces for ARM and x86 boards.
Change-Id: I24f2e3ee63636566bf2a867c51ed80a622672f07
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 5a25c1070560cd2734519f87dfbf401c135088d1
Original-Change-Id: I659e9301a4a4fe065ca6537ef1fa824a08d36321
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/349850
Original-Reviewed-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://review.coreboot.org/15294
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|