From 0e90dae584c506b06e7bf3d89064a64db04132bb Mon Sep 17 00:00:00 2001 From: Vladimir Serbinenko Date: Mon, 18 May 2015 10:29:06 +0200 Subject: Move TPM code out of chromeos This code is not specific to ChromeOS and is useful outside of it. Like with small modifications it can be used to disable TPM altogether. Change-Id: I8c6baf0a1f7c67141f30101a132ea039b0d09819 Signed-off-by: Vladimir Serbinenko Reviewed-on: http://review.coreboot.org/10269 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- src/cpu/intel/haswell/romstage.c | 8 +- src/drivers/pc80/tpm/Kconfig | 24 ++- src/drivers/pc80/tpm/Makefile.inc | 1 + src/drivers/pc80/tpm/romstage.c | 236 ++++++++++++++++++++++++++ src/include/tpm.h | 2 + src/mainboard/google/bolt/Kconfig | 1 + src/mainboard/google/butterfly/Kconfig | 1 + src/mainboard/google/falco/Kconfig | 1 + src/mainboard/google/link/Kconfig | 1 + src/mainboard/google/link/romstage.c | 11 +- src/mainboard/google/panther/Kconfig | 1 + src/mainboard/google/parrot/Kconfig | 1 + src/mainboard/google/parrot/romstage.c | 10 +- src/mainboard/google/peppy/Kconfig | 1 + src/mainboard/google/rambi/Kconfig | 1 + src/mainboard/google/samus/Kconfig | 1 + src/mainboard/google/slippy/Kconfig | 1 + src/mainboard/google/stout/Kconfig | 1 + src/mainboard/google/stout/romstage.c | 10 +- src/mainboard/intel/baskingridge/Kconfig | 1 + src/mainboard/intel/emeraldlake2/romstage.c | 10 +- src/mainboard/intel/wtm2/Kconfig | 1 + src/mainboard/samsung/lumpy/Kconfig | 1 + src/mainboard/samsung/lumpy/romstage.c | 10 +- src/mainboard/samsung/stumpy/Kconfig | 1 + src/mainboard/samsung/stumpy/romstage.c | 10 +- src/soc/intel/baytrail/romstage/romstage.c | 13 +- src/soc/intel/braswell/romstage/romstage.c | 13 +- src/soc/intel/broadwell/romstage/romstage.c | 13 +- src/vendorcode/google/chromeos/Kconfig | 2 + src/vendorcode/google/chromeos/Makefile.inc | 1 - src/vendorcode/google/chromeos/chromeos.h | 4 - src/vendorcode/google/chromeos/vboot.c | 248 ---------------------------- 33 files changed, 320 insertions(+), 321 deletions(-) create mode 100644 src/drivers/pc80/tpm/romstage.c delete mode 100644 src/vendorcode/google/chromeos/vboot.c diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c index 998f887f07..0f0890a104 100644 --- a/src/cpu/intel/haswell/romstage.c +++ b/src/cpu/intel/haswell/romstage.c @@ -45,7 +45,7 @@ #include "northbridge/intel/haswell/raminit.h" #include "southbridge/intel/lynxpoint/pch.h" #include "southbridge/intel/lynxpoint/me.h" - +#include static inline void reset_system(void) { @@ -276,9 +276,9 @@ void romstage_common(const struct romstage_params *params) printk(BIOS_DEBUG, "Romstage handoff structure not added!\n"); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(wake_from_s3); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig index 942b6e544a..fc9270be58 100644 --- a/src/drivers/pc80/tpm/Kconfig +++ b/src/drivers/pc80/tpm/Kconfig @@ -1,5 +1,12 @@ +config MAINBOARD_HAS_LPC_TPM + bool + default n + help + Board has TPM support + config LPC_TPM - bool + bool "Enable TPM support" + depends on MAINBOARD_HAS_LPC_TPM default n help Enable this option to enable LPC TPM support in coreboot. @@ -15,3 +22,18 @@ config TPM_TIS_BASE_ADDRESS The default is specified by the TCG PC Client Specific TPM Interface Specification 1.2 and should not be changed unless the TPM being used does not conform to TPM TIS 1.2. + +config TPM_INIT_FAILURE_IS_FATAL + bool + default n + depends on LPC_TPM + help + What to do if TPM init failed. If true, force a hard reset, + otherwise just log error message to console. + +config SKIP_TPM_STARTUP_ON_NORMAL_BOOT + bool + default n + depends on LPC_TPM + help + Skip TPM init on normal boot. Useful if payload does TPM init. diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc index c900fe8c1d..089d0677fa 100644 --- a/src/drivers/pc80/tpm/Makefile.inc +++ b/src/drivers/pc80/tpm/Makefile.inc @@ -1,2 +1,3 @@ romstage-$(CONFIG_LPC_TPM) += tpm.c ramstage-$(CONFIG_LPC_TPM) += tpm.c +romstage-$(CONFIG_LPC_TPM) += romstage.c diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c new file mode 100644 index 0000000000..5e29e3a14d --- /dev/null +++ b/src/drivers/pc80/tpm/romstage.c @@ -0,0 +1,236 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc. + */ + +#include +#include +#include +#include +#include +#include + +//#define EXTRA_LOGGING + +#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ + +#define TPM_SUCCESS ((u32)0x00000000) + +#define TPM_E_IOERROR ((u32)0x0000001f) +#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004) +#define TPM_E_NON_FATAL ((u32)0x00000800) +#define TPM_E_INVALID_POSTINIT ((u32)0x00000026) + +#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1)) +#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2)) + +static const struct { + u8 buffer[12]; +} tpm_resume_cmd = { + { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 } +}; + +static const struct { + u8 buffer[12]; +} tpm_startup_cmd = { + {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 } +}; + +static const struct { + u8 buffer[10]; +} tpm_continueselftest_cmd = { + { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 } +}; + +static inline void FromTpmUint32(const u8 * buffer, u32 * x) +{ + *x = ((buffer[0] << 24) | + (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]); +} + +static inline int TpmCommandSize(const u8 * buffer) +{ + u32 size; + FromTpmUint32(buffer + sizeof(u16), &size); + return (int)size; +} + +/* Gets the code field of a TPM command. */ +static inline int TpmCommandCode(const u8 * buffer) +{ + u32 code; + FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code); + return code; +} + +/* Gets the return code field of a TPM result. */ +static inline int TpmReturnCode(const u8 * buffer) +{ + return TpmCommandCode(buffer); +} + +/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or + * DOING_SELFTEST errors are returned. + */ +static u32 TlclSendReceiveNoRetry(const u8 * request, + u8 * response, int max_length) +{ + size_t response_length = max_length; + u32 result; + +#ifdef EXTRA_LOGGING + printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n", + request[0], request[1], + request[2], request[3], request[4], request[5], + request[6], request[7], request[8], request[9]); +#endif + + result = TPM_SUCCESS; + if (tis_sendrecv + (request, TpmCommandSize(request), response, &response_length)) + result = TPM_E_IOERROR; + + if (0 != result) { + /* Communication with TPM failed, so response is garbage */ + printk(BIOS_DEBUG, + "TPM: command 0x%x send/receive failed: 0x%x\n", + TpmCommandCode(request), result); + return TPM_E_COMMUNICATION_ERROR; + } + /* Otherwise, use the result code from the response */ + result = TpmReturnCode(response); + +/* TODO: add paranoia about returned response_length vs. max_length + * (and possibly expected length from the response header). See + * crosbug.com/17017 */ + +#ifdef EXTRA_LOGGING + printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n", + response[0], response[1], + response[2], response[3], response[4], response[5], + response[6], response[7], response[8], response[9]); +#endif + + printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n", + TpmCommandCode(request), result); + + return result; +} + +static inline u32 TlclContinueSelfTest(void) +{ + u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + printk(BIOS_DEBUG, "TPM: Continue self test\n"); + /* Call the No Retry version of SendReceive to avoid recursion. */ + return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer, + response, sizeof(response)); +} + +/* Sends a TPM command and gets a response. Returns 0 if success or the TPM + * error code if error. In the firmware, waits for the self test to complete + * if needed. In the host, reports the first error without retries. */ +static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length) +{ + u32 result = TlclSendReceiveNoRetry(request, response, max_length); + /* When compiling for the firmware, hide command failures due to the self + * test not having run or completed. */ + /* If the command fails because the self test has not completed, try it + * again after attempting to ensure that the self test has completed. */ + if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) { + result = TlclContinueSelfTest(); + if (result != TPM_SUCCESS) { + return result; + } +#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE) + /* Retry only once */ + result = TlclSendReceiveNoRetry(request, response, max_length); +#else + /* This needs serious testing. The TPM specification says: + * "iii. The caller MUST wait for the actions of + * TPM_ContinueSelfTest to complete before reissuing the + * command C1." But, if ContinueSelfTest is non-blocking, how + * do we know that the actions have completed other than trying + * again? */ + do { + result = + TlclSendReceiveNoRetry(request, response, + max_length); + } while (result == TPM_E_DOING_SELFTEST); +#endif + } + + return result; +} + +void init_tpm(int s3resume) +{ + u32 result; + u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + + /* Doing TPM startup when we're not coming in on the S3 resume path + * saves us roughly 20ms in boot time only. This does not seem to + * be worth an API change to vboot_reference-firmware right now, so + * let's keep the code around, but just bail out early: + */ + if (s3resume ? CONFIG_NO_TPM_RESUME + : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT) + return; + + printk(BIOS_DEBUG, "TPM initialization.\n"); + + printk(BIOS_SPEW, "TPM: Init\n"); + if (tis_init()) + return; + + printk(BIOS_SPEW, "TPM: Open\n"); + if (tis_open()) + return; + + + if (s3resume) { + /* S3 Resume */ + printk(BIOS_SPEW, "TPM: Resume\n"); + result = TlclSendReceive(tpm_resume_cmd.buffer, + response, sizeof(response)); + if (result == TPM_E_INVALID_POSTINIT) { + /* We're on a platform where the TPM maintains power + * in S3, so it's already initialized. + */ + printk(BIOS_DEBUG, "TPM: Already initialized.\n"); + return; + } + } else { + printk(BIOS_SPEW, "TPM: Startup\n"); + result = TlclSendReceive(tpm_startup_cmd.buffer, + response, sizeof(response)); + } + + if (result == TPM_SUCCESS) { + printk(BIOS_SPEW, "TPM: OK.\n"); + return; + } + + printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result); + + if (CONFIG_TPM_INIT_FAILURE_IS_FATAL) { + printk(BIOS_ERR, "Hard reset!\n"); + post_code(POST_TPM_FAILURE); + if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) + cbmem_dump_console(); + hard_reset(); + } +} diff --git a/src/include/tpm.h b/src/include/tpm.h index 464f32ed8a..9b4db4ab8d 100644 --- a/src/include/tpm.h +++ b/src/include/tpm.h @@ -66,4 +66,6 @@ int tis_close(void); int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, size_t *recv_len); +void init_tpm(int s3resume); + #endif /* TPM_H_ */ diff --git a/src/mainboard/google/bolt/Kconfig b/src/mainboard/google/bolt/Kconfig index 2239f70a8d..74e1edda5f 100644 --- a/src/mainboard/google/bolt/Kconfig +++ b/src/mainboard/google/bolt/Kconfig @@ -16,6 +16,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig index 7472c0668e..b1a64eebad 100644 --- a/src/mainboard/google/butterfly/Kconfig +++ b/src/mainboard/google/butterfly/Kconfig @@ -13,6 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_CMOS_DEFAULT select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/falco/Kconfig b/src/mainboard/google/falco/Kconfig index a8faaab3a6..5b97259217 100644 --- a/src/mainboard/google/falco/Kconfig +++ b/src/mainboard/google/falco/Kconfig @@ -17,6 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig index 316434fbb8..0f709255d2 100644 --- a/src/mainboard/google/link/Kconfig +++ b/src/mainboard/google/link/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select SERIRQ_CONTINUOUS_MODE select MAINBOARD_HAS_NATIVE_VGA_INIT select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c index ca8c2bd5ec..b345d5ec3e 100644 --- a/src/mainboard/google/link/romstage.c +++ b/src/mainboard/google/link/romstage.c @@ -41,9 +41,7 @@ #include #include #include "gpio.h" -#if CONFIG_CHROMEOS -#include -#endif +#include #include #include @@ -246,8 +244,9 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } + timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/google/panther/Kconfig b/src/mainboard/google/panther/Kconfig index 31062edac2..37a8548f0a 100644 --- a/src/mainboard/google/panther/Kconfig +++ b/src/mainboard/google/panther/Kconfig @@ -15,6 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_INT15 select PHYSICAL_REC_SWITCH diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig index 07405c6098..9cf390ac79 100644 --- a/src/mainboard/google/parrot/Kconfig +++ b/src/mainboard/google/parrot/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c index d0fab67edb..a947c48666 100644 --- a/src/mainboard/google/parrot/romstage.c +++ b/src/mainboard/google/parrot/romstage.c @@ -39,10 +39,8 @@ #include #include #include "gpio.h" -#if CONFIG_CHROMEOS -#include -#endif #include +#include #include "ec/compal/ene932/ec.h" static void pch_enable_lpc(void) @@ -197,8 +195,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/google/peppy/Kconfig b/src/mainboard/google/peppy/Kconfig index d6a208bcbe..2c1560aad4 100644 --- a/src/mainboard/google/peppy/Kconfig +++ b/src/mainboard/google/peppy/Kconfig @@ -17,6 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig index 4c9e89144c..1130d11096 100644 --- a/src/mainboard/google/rambi/Kconfig +++ b/src/mainboard/google/rambi/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select ALWAYS_LOAD_OPROM select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/samus/Kconfig b/src/mainboard/google/samus/Kconfig index f655b2969b..06317e9468 100644 --- a/src/mainboard/google/samus/Kconfig +++ b/src/mainboard/google/samus/Kconfig @@ -15,6 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select CHROMEOS_RAMOOPS_DYNAMIC select INTEL_INT15 diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig index fd4cb2f588..cfbce5e4a3 100644 --- a/src/mainboard/google/slippy/Kconfig +++ b/src/mainboard/google/slippy/Kconfig @@ -16,6 +16,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_DP select INTEL_DDI diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig index ec03d8761e..eca83da637 100644 --- a/src/mainboard/google/stout/Kconfig +++ b/src/mainboard/google/stout/Kconfig @@ -13,6 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_CMOS_DEFAULT select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c index ee6ca4f520..31b61e2d72 100644 --- a/src/mainboard/google/stout/romstage.c +++ b/src/mainboard/google/stout/romstage.c @@ -40,9 +40,7 @@ #include #include "gpio.h" #include -#if CONFIG_CHROMEOS -#include -#endif +#include #include #include #include "ec.h" @@ -251,8 +249,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig index c3e336115e..f9161388dc 100644 --- a/src/mainboard/intel/baskingridge/Kconfig +++ b/src/mainboard/intel/baskingridge/Kconfig @@ -11,6 +11,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_ACPI_RESUME select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c index c9d5cf1f78..bcf498b7a4 100644 --- a/src/mainboard/intel/emeraldlake2/romstage.c +++ b/src/mainboard/intel/emeraldlake2/romstage.c @@ -39,10 +39,8 @@ #include #include #include +#include #include "gpio.h" -#if CONFIG_CHROMEOS -#include -#endif #define SIO_PORT 0x164e @@ -255,8 +253,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig index 5a064d1237..b8f616a1e8 100644 --- a/src/mainboard/intel/wtm2/Kconfig +++ b/src/mainboard/intel/wtm2/Kconfig @@ -9,6 +9,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_ACPI_RESUME select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select MAINBOARD_HAS_NATIVE_VGA_INIT select INTEL_INT15 diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig index 7c9dce4ba7..fed4610533 100644 --- a/src/mainboard/samsung/lumpy/Kconfig +++ b/src/mainboard/samsung/lumpy/Kconfig @@ -5,6 +5,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SYSTEM_TYPE_LAPTOP select BOARD_ROMSIZE_KB_8192 select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select CPU_INTEL_SOCKET_RPGA989 select EC_SMSC_MEC1308 select HAVE_ACPI_RESUME diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c index 9b1a023bfd..ce064bbe8b 100644 --- a/src/mainboard/samsung/lumpy/romstage.c +++ b/src/mainboard/samsung/lumpy/romstage.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -45,9 +46,6 @@ #if CONFIG_DRIVERS_UART_8250IO #include #endif -#if CONFIG_CHROMEOS -#include -#endif static void pch_enable_lpc(void) { @@ -273,8 +271,8 @@ void main(unsigned long bist) } northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig index 1eda8eb569..f749c3972f 100644 --- a/src/mainboard/samsung/stumpy/Kconfig +++ b/src/mainboard/samsung/stumpy/Kconfig @@ -4,6 +4,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy def_bool y select BOARD_ROMSIZE_KB_8192 select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select CPU_INTEL_SOCKET_RPGA989 select HAVE_ACPI_RESUME select HAVE_ACPI_TABLES diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c index 6506c80a60..161c8d1f2d 100644 --- a/src/mainboard/samsung/stumpy/romstage.c +++ b/src/mainboard/samsung/stumpy/romstage.c @@ -41,13 +41,11 @@ #include #include #include +#include #include "gpio.h" #if CONFIG_DRIVERS_UART_8250IO #include #endif -#if CONFIG_CHROMEOS -#include -#endif /* Stumpy USB Reset Disable defined in cmos.layout */ #if CONFIG_USE_OPTION_TABLE @@ -283,8 +281,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(boot_mode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c index bfc86785a3..a32db02df5 100644 --- a/src/soc/intel/baytrail/romstage/romstage.c +++ b/src/soc/intel/baytrail/romstage/romstage.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -211,14 +212,6 @@ static int chipset_prev_sleep_state(struct chipset_power_state *ps) return prev_sleep_state; } -static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2. */ - init_chromeos(prev_sleep_state == 3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -250,7 +243,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n"); - chromeos_init(prev_sleep_state); + if (CONFIG_LPC_TPM) { + init_tpm(prev_sleep_state == 3); + } } void asmlinkage romstage_after_car(void) diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c index 9c8bbc40ce..5e5b8be196 100644 --- a/src/soc/intel/braswell/romstage/romstage.c +++ b/src/soc/intel/braswell/romstage/romstage.c @@ -43,6 +43,7 @@ #include #include #include +#include /* The cache-as-ram assembly file calls romstage_main() after setting up * cache-as-ram. romstage_main() will then call the mainboards's @@ -211,14 +212,6 @@ static int chipset_prev_sleep_state(struct chipset_power_state *ps) return prev_sleep_state; } -static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2. */ - init_chromeos(prev_sleep_state == 3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -250,7 +243,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n"); - chromeos_init(prev_sleep_state); + if (CONFIG_LPC_TPM) { + init_tpm(prev_sleep_state == 3); + } } void asmlinkage romstage_after_car(void) diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c index 50d5b24405..e950b1ec6f 100644 --- a/src/soc/intel/broadwell/romstage/romstage.c +++ b/src/soc/intel/broadwell/romstage/romstage.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -89,14 +90,6 @@ void * asmlinkage romstage_main(unsigned long bist, return setup_stack_and_mttrs(); } -static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2 */ - init_chromeos(prev_sleep_state == SLEEP_STATE_S3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -132,7 +125,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n"); - chromeos_init(params->power_state->prev_sleep_state); +#if CONFIG_LPC_TPM + init_tpm(prev_sleep_state == SLEEP_STATE_S3); +#endif } void asmlinkage romstage_after_car(void) diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 4e7fdac5e2..0b0b86222d 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -26,6 +26,8 @@ config CHROMEOS bool "Build for ChromeOS" default n select TPM + select TPM_INIT_FAILURE_IS_FATAL + select SKIP_TPM_STARTUP_ON_NORMAL_BOOT select BOOTMODE_STRAPS select ELOG help diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 67beabac1e..df244358cc 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -32,7 +32,6 @@ verstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c romstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c ramstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c -romstage-$(CONFIG_ARCH_ROMSTAGE_X86_32) += vboot.c ramstage-$(CONFIG_ELOG) += elog.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += gnvs.c ramstage-$(CONFIG_CHROMEOS_RAMOOPS) += ramoops.c diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h index e495a11c91..c7048ddcd8 100644 --- a/src/vendorcode/google/chromeos/chromeos.h +++ b/src/vendorcode/google/chromeos/chromeos.h @@ -39,9 +39,6 @@ void read_vbnv(uint8_t *vbnv_copy); void save_vbnv(const uint8_t *vbnv_copy); #if CONFIG_CHROMEOS -/* functions implemented in vboot.c */ -void init_chromeos(int bootmode); - /* functions implemented in elog.c */ void elog_add_boot_reason(void); @@ -53,7 +50,6 @@ int vboot_enable_developer(void); int vboot_enable_recovery(void); int vboot_skip_display_init(void); #else -static inline void init_chromeos(int bootmode) { } static inline void elog_add_boot_reason(void) { return; } static inline void elog_add_watchdog_reset(void) { return; } static inline void reboot_from_watchdog(void) { return; } diff --git a/src/vendorcode/google/chromeos/vboot.c b/src/vendorcode/google/chromeos/vboot.c deleted file mode 100644 index 6678aaabca..0000000000 --- a/src/vendorcode/google/chromeos/vboot.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc. - */ - -#include -#include -#include -#include -#include -#include -#include "chromeos.h" - -//#define EXTRA_LOGGING -#define UBOOT_DOES_TPM_STARTUP - -#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ - -#define TPM_SUCCESS ((u32)0x00000000) - -#define TPM_E_IOERROR ((u32)0x0000001f) -#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004) -#define TPM_E_NON_FATAL ((u32)0x00000800) -#define TPM_E_INVALID_POSTINIT ((u32)0x00000026) - -#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1)) -#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2)) - -#if CONFIG_NO_TPM_RESUME -static void init_vboot(int bootmode) -{ -} -#else -static const struct { - u8 buffer[12]; -} tpm_resume_cmd = { - { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 } -}; - -static const struct { - u8 buffer[12]; -} tpm_startup_cmd = { - {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 } -}; - -static const struct { - u8 buffer[10]; -} tpm_continueselftest_cmd = { - { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 } -}; - -static inline void FromTpmUint32(const u8 * buffer, u32 * x) -{ - *x = ((buffer[0] << 24) | - (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]); -} - -static inline int TpmCommandSize(const u8 * buffer) -{ - u32 size; - FromTpmUint32(buffer + sizeof(u16), &size); - return (int)size; -} - -/* Gets the code field of a TPM command. */ -static inline int TpmCommandCode(const u8 * buffer) -{ - u32 code; - FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code); - return code; -} - -/* Gets the return code field of a TPM result. */ -static inline int TpmReturnCode(const u8 * buffer) -{ - return TpmCommandCode(buffer); -} - -/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or - * DOING_SELFTEST errors are returned. - */ -static u32 TlclSendReceiveNoRetry(const u8 * request, - u8 * response, int max_length) -{ - size_t response_length = max_length; - u32 result; - -#ifdef EXTRA_LOGGING - printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n", - request[0], request[1], - request[2], request[3], request[4], request[5], - request[6], request[7], request[8], request[9]); -#endif - - result = TPM_SUCCESS; - if (tis_sendrecv - (request, TpmCommandSize(request), response, &response_length)) - result = TPM_E_IOERROR; - - if (0 != result) { - /* Communication with TPM failed, so response is garbage */ - printk(BIOS_DEBUG, - "TPM: command 0x%x send/receive failed: 0x%x\n", - TpmCommandCode(request), result); - return TPM_E_COMMUNICATION_ERROR; - } - /* Otherwise, use the result code from the response */ - result = TpmReturnCode(response); - -/* TODO: add paranoia about returned response_length vs. max_length - * (and possibly expected length from the response header). See - * crosbug.com/17017 */ - -#ifdef EXTRA_LOGGING - printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n", - response[0], response[1], - response[2], response[3], response[4], response[5], - response[6], response[7], response[8], response[9]); -#endif - - printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n", - TpmCommandCode(request), result); - - return result; -} - -static inline u32 TlclContinueSelfTest(void) -{ - u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; - printk(BIOS_DEBUG, "TPM: Continue self test\n"); - /* Call the No Retry version of SendReceive to avoid recursion. */ - return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer, - response, sizeof(response)); -} - -/* Sends a TPM command and gets a response. Returns 0 if success or the TPM - * error code if error. In the firmware, waits for the self test to complete - * if needed. In the host, reports the first error without retries. */ -static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length) -{ - u32 result = TlclSendReceiveNoRetry(request, response, max_length); - /* When compiling for the firmware, hide command failures due to the self - * test not having run or completed. */ - /* If the command fails because the self test has not completed, try it - * again after attempting to ensure that the self test has completed. */ - if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) { - result = TlclContinueSelfTest(); - if (result != TPM_SUCCESS) { - return result; - } -#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE) - /* Retry only once */ - result = TlclSendReceiveNoRetry(request, response, max_length); -#else - /* This needs serious testing. The TPM specification says: - * "iii. The caller MUST wait for the actions of - * TPM_ContinueSelfTest to complete before reissuing the - * command C1." But, if ContinueSelfTest is non-blocking, how - * do we know that the actions have completed other than trying - * again? */ - do { - result = - TlclSendReceiveNoRetry(request, response, - max_length); - } while (result == TPM_E_DOING_SELFTEST); -#endif - } - - return result; -} - -static void init_vboot(int bootmode) -{ - u32 result; - u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; - -#ifdef UBOOT_DOES_TPM_STARTUP - /* Doing TPM startup when we're not coming in on the S3 resume path - * saves us roughly 20ms in boot time only. This does not seem to - * be worth an API change to vboot_reference-firmware right now, so - * let's keep the code around, but just bail out early: - */ - if (bootmode != 2) - return; -#endif - - printk(BIOS_DEBUG, "Verified boot TPM initialization.\n"); - - printk(BIOS_SPEW, "TPM: Init\n"); - if (tis_init()) - return; - - printk(BIOS_SPEW, "TPM: Open\n"); - if (tis_open()) - return; - - - if (bootmode == 2) { - /* S3 Resume */ - printk(BIOS_SPEW, "TPM: Resume\n"); - result = TlclSendReceive(tpm_resume_cmd.buffer, - response, sizeof(response)); - if (result == TPM_E_INVALID_POSTINIT) { - /* We're on a platform where the TPM maintains power - * in S3, so it's already initialized. - */ - printk(BIOS_DEBUG, "TPM: Already initialized.\n"); - return; - } - } else { - printk(BIOS_SPEW, "TPM: Startup\n"); - result = TlclSendReceive(tpm_startup_cmd.buffer, - response, sizeof(response)); - } - - if (result == TPM_SUCCESS) { - printk(BIOS_SPEW, "TPM: OK.\n"); - return; - } - -#if !MOCK_TPM - printk(BIOS_ERR, "TPM: Error code 0x%x. Hard reset!\n", result); - post_code(POST_TPM_FAILURE); - if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) - cbmem_dump_console(); - hard_reset(); -#endif -} -#endif - -void init_chromeos(int bootmode) -{ - init_vboot(bootmode); -} -- cgit v1.2.3