[U-Boot] [PATCH 1/2] spi: ST33ZP24 SPI TPM driver

Jean-Luc BLANC stmicroelectronics.tpm at gmail.com
Wed Jul 9 00:05:44 CEST 2014


This driver add support for STMicroelectronics ST33ZP24 SPI TPM.
Driver support 2 SPI TPMs.
Driver support also hash in Locality 4 feature (the only way to
update PCR17).
---
 README                         |   29 ++
 common/cmd_tpm.c               |   63 +++-
 drivers/tpm/Makefile           |    1 +
 drivers/tpm/tpm_spi_stm_st33.c |  724 ++++++++++++++++++++++++++++++++++++++++
 include/tis.h                  |   11 +-
 include/tpm.h                  |   22 ++
 lib/tpm.c                      |   26 ++
 7 files changed, 874 insertions(+), 2 deletions(-)
 create mode 100644 drivers/tpm/tpm_spi_stm_st33.c

diff --git a/README b/README
index a248ab5..a4aa28a 100644
--- a/README
+++ b/README
@@ -1397,6 +1397,35 @@ The following options need to be configured:
 		Define this to enable authorized functions in the TPM library.
 		Requires CONFIG_TPM and CONFIG_SHA1.
 
+		CONFIG_TPM_ST
+		Support additional hash in locality 4 command for
+		STMicroelectronics TPMs (SPI or I2C). Require CONFIG_CMD_TPM.
+
+		CONFIG_TPM_ST_SPI
+		Support SPI STMicroelectronics TPM. Require SPI support
+
+			TPM0_SPI_MAX_SPEED
+			Define SPI frequency for TPM, 10000000 Hz max
+
+			TPM0_SPI_BUS_NUM
+			Define SPI Bus ID connected to TPM
+
+			TPM0_SPI_CS
+			Define SPI Chip Select ID connected to TPM
+
+		CONFIG_TPM_ST_2TPM
+		Support additional STMicoelectronics SPI TPM.
+		Require CONFIG_TPM_ST_SPI
+
+			TPM1_SPI_MAX_SPEED
+			Define SPI frequency for TPM, 10000000 Hz max
+
+			TPM1_SPI_BUS_NUM
+			Define SPI Bus ID connected to TPM
+
+			TPM1_SPI_CS
+			Define SPI Chip Select ID connected to TPM
+
 - USB Support:
 		At the moment only the UHCI host controller is
 		supported (PIP405, MIP405, MPC5200); define
diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c
index 0294952..63f52e4 100644
--- a/common/cmd_tpm.c
+++ b/common/cmd_tpm.c
@@ -334,6 +334,29 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
 	return convert_return_code(rc);
 }
 
+#ifdef CONFIG_TPM_ST
+static int do_tpm_hash_loc4(cmd_tbl_t *cmdtp, int flag,
+		int argc, char * const argv[])
+{
+	uint32_t rc;
+	size_t count;
+	void *data;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+
+	data = parse_byte_string(argv[1], NULL, &count);
+	if (!data) {
+		printf("Couldn't parse byte string %s\n", argv[1]);
+		return CMD_RET_FAILURE;
+	}
+
+	rc = tpm_hash_loc4(data, count);
+	free(data);
+	return convert_return_code(rc);
+}
+#endif /* CONFIG_TPM_ST */
+
 static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag,
 		int argc, char * const argv[])
 {
@@ -355,6 +378,25 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag,
 	return convert_return_code(rc);
 }
 
+#ifdef CONFIG_TPM_ST_2TPM
+static int do_tpm_spi_select(cmd_tbl_t *cmdtp, int flag,
+			     int argc, char * const argv[])
+{
+	uint32_t rc, spi_number;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+	spi_number = simple_strtoul(argv[1], NULL, 0);
+	if (spi_number < CONFIG_TPM_ST_2TPM) {
+		rc = tpm_spi_select(spi_number);
+	} else {
+		printf("Couldn't parse argument %s\n", argv[1]);
+		return CMD_RET_FAILURE;
+	}
+	return convert_return_code(rc);
+}
+#endif /* CONFIG_TPM_ST_2TPM */
+
 static int do_tpm_tsc_physical_presence(cmd_tbl_t *cmdtp, int flag,
 		int argc, char * const argv[])
 {
@@ -629,8 +671,16 @@ static cmd_tbl_t tpm_commands[] = {
 			do_tpm_nv_write_value, "", ""),
 	U_BOOT_CMD_MKENT(extend, 0, 1,
 			do_tpm_extend, "", ""),
+#ifdef CONFIG_TPM_ST
+	U_BOOT_CMD_MKENT(hash_loc4, 0, 1,
+			 do_tpm_hash_loc4, "", ""),
+#endif /* CONFIG_TPM_ST */
 	U_BOOT_CMD_MKENT(pcr_read, 0, 1,
-			do_tpm_pcr_read, "", ""),
+			 do_tpm_pcr_read, "", ""),
+#ifdef CONFIG_TPM_ST_2TPM
+	U_BOOT_CMD_MKENT(spi_select, 0, 1,
+			 do_tpm_spi_select, "", ""),
+#endif /* CONFIG_TPM_ST_2TPM */
 	U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
 			do_tpm_tsc_physical_presence, "", ""),
 	U_BOOT_CMD_MKENT(read_pubek, 0, 1,
@@ -723,6 +773,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
 "  extend index digest_hex_string\n"
 "    - Add a new measurement to a PCR.  Update PCR <index> with the 20-bytes\n"
 "      <digest_hex_string>\n"
+#ifdef CONFIG_TPM_ST
+"  hash_loc4 digest_hex_string\n"
+"    - Add a mesurement in PCR17. Update PCR 17 with the digest\n"
+"      of <digest_hex_string>\n"
+#endif /* CONFIG_TPM_ST */
 "  pcr_read index addr count\n"
 "    - Read <count> bytes from PCR <index> to memory address <addr>.\n"
 #ifdef CONFIG_TPM_AUTH_SESSIONS
@@ -754,4 +809,10 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
 "    - Read from space <index> to environment variables <vars...>.\n"
 "  nv_write types_string index values...\n"
 "    - Write to space <index> from values <values...>.\n"
+#ifdef CONFIG_TPM_ST_2TPM
+"TPM Select Command:\n"
+"  spi_select <TPM_ID>\n"
+"    - In platform with multiple SPI TPM, activate <TPM_ID> for coming\n"
+"      TPM operations. 0 or 1 are recognized <TPM_ID>\n"
+#endif /* CONFIG_TPM_ST_2TPM */
 );
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index 150570e..1ee707e 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -9,3 +9,4 @@ obj-$(CONFIG_TPM_TIS_I2C) += tpm.o
 obj-$(CONFIG_TPM_TIS_I2C) += tpm_tis_i2c.o
 obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o
 obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
+obj-$(CONFIG_TPM_ST_SPI) += tpm_spi_stm_st33.o
diff --git a/drivers/tpm/tpm_spi_stm_st33.c b/drivers/tpm/tpm_spi_stm_st33.c
new file mode 100644
index 0000000..f65adff
--- /dev/null
+++ b/drivers/tpm/tpm_spi_stm_st33.c
@@ -0,0 +1,724 @@
+/*
+ * STMicroelectronics TPM SPI UBOOT Linux driver for TPM ST33ZP24
+ * Copyright (C) 2014  STMicroelectronics
+ *
+ *
+ * Description: Device driver for ST33ZP24 SPI TPM TCG.
+ *
+ * This device driver implements the TPM interface as defined in
+ * the TCG TPM Interface Spec version 1.21, revision 1.0 and the
+ * STMicroelectronics SPI Protocol Stack Specification version 1.2.0.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ *
+ * @Author: Jean-Luc BLANC <jean-luc.blanc at st.com>
+ *
+ * @File: tpm_spi_stm_st33.c
+ */
+
+#include <common.h>
+#include <spi.h>
+#include <linux/types.h>
+#include <tpm.h>
+#include <errno.h>
+#include <asm/unaligned.h>
+
+#define TPM_ACCESS		0x0
+#define TPM_STS			0x18
+#define TPM_HASH_END		0x20
+#define TPM_DATA_FIFO		0x24
+#define TPM_HASH_DATA		0x24
+#define TPM_HASH_START		0x28
+#define TPM_INTF_CAPABILITY	0x14
+#define TPM_INT_STATUS		0x10
+#define TPM_INT_ENABLE		0x08
+
+#define TPM_DUMMY_BYTE		0x00
+#define TPM_WRITE_DIRECTION	0x80
+#define TPM_HEADER_SIZE		10
+#define TPM_BUFSIZE		2048
+
+#define LOCALITY0		0
+#define LOCALITY1		1
+#define LOCALITY2		2
+#define LOCALITY3		3
+#define LOCALITY4		4
+#define NB_LOCALITIES		5
+
+/* Index of Count field in TPM response buffer */
+#define TPM_RSP_SIZE_BYTE	2
+
+#define SPI_WRITE_HEADER_SIZE	4
+
+/**
+ * @latency: number of latency bytes TPM need to decode I2C register request
+ *           and provide answer
+ * @is_open: TPM connection establishment information
+ * @locality: active locality of the TPM (0 to 4)
+ * @buf: command/response buffer
+ * @timeout_*: timeouts for TPM states changes
+ * @duration: maximum time for a TPM command processing
+ */
+struct tpm_chip {
+	int latency;
+	int is_open;
+	int locality;
+	u8 buf[TPM_BUFSIZE];
+	unsigned long timeout_a, timeout_b, timeout_c, timeout_d; /* msec */
+	unsigned long duration; /* msec */
+	struct spi_slave *tpm_dev_spi_info;
+};
+
+#ifdef CONFIG_TPM_ST_2TPM			/* 2 TPM on board */
+struct tpm_chip tpm_st33_spi_board_info[CONFIG_TPM_ST_2TPM];
+#else						/* Only 1 TPM on board */
+struct tpm_chip tpm_st33_spi_board_info[1];
+#endif
+
+struct tpm_chip *active_tpm;
+
+/* Maximum command duration */
+#define TPM_MAX_COMMAND_DURATION_MS	120000
+
+enum stm33zp24_access {
+	TPM_ACCESS_VALID = 0x80,
+	TPM_ACCESS_ACTIVE_LOCALITY = 0x20,
+	TPM_ACCESS_REQUEST_PENDING = 0x04,
+	TPM_ACCESS_REQUEST_USE = 0x02,
+};
+
+enum stm33zp24_status {
+	TPM_STS_VALID = 0x80,
+	TPM_STS_COMMAND_READY = 0x40,
+	TPM_STS_GO = 0x20,
+	TPM_STS_DATA_AVAIL = 0x10,
+	TPM_STS_DATA_EXPECT = 0x08,
+};
+
+enum stm33zp24_int_flags {
+	TPM_GLOBAL_INT_ENABLE = 0x80,
+	TPM_INTF_CMD_READY_INT = 0x80,
+	TPM_INTF_FIFO_AVALAIBLE_INT = 0x40,
+	TPM_INTF_WAKE_UP_READY_INT = 0x20,
+	TPM_INTF_LOC4SOFTRELEASE_INT = 0x08,
+	TPM_INTF_LOCALITY_CHANGE_INT = 0x04,
+	TPM_INTF_STS_VALID_INT = 0x02,
+	TPM_INTF_DATA_AVAIL_INT = 0x01,
+};
+
+enum tis_defaults {
+	TIS_SHORT_TIMEOUT_MS = 750, /* ms */
+	TIS_LONG_TIMEOUT_MS = 2000, /* 2 sec */
+};
+
+/*
+ * spi_write8_reg - Send byte to the TIS register according to the ST33ZP24
+ *                  SPI protocol.
+ * @tpm, the chip description
+ * @tpm_register, the tpm tis register where the data should be written
+ * @tpm_data, the tpm_data to write inside the tpm_register
+ * @tpm_size, The length of the data
+ * @return: should be zero if success else a negative error code.
+ */
+static int spi_write8_reg(struct tpm_chip *tpm, u8 tpm_register,
+		const u8 *tpm_data, u16 tpm_size)
+{
+	u8 data = 0;
+	int total_length = 0, nbr_dummy_bytes = 0;
+	int ret = 0;
+	u8 tx_buffer[TPM_BUFSIZE + SPI_WRITE_HEADER_SIZE];
+
+	data = TPM_WRITE_DIRECTION | tpm->locality;
+	memcpy(tx_buffer + total_length, &data, sizeof(data));
+	total_length++;
+	tx_buffer[total_length++] = tpm_register;
+
+	if (tpm_size > 0 &&
+	    ((tpm_register == TPM_DATA_FIFO) ||
+	    (tpm_register == TPM_HASH_DATA))) {
+		tx_buffer[total_length++] = tpm_size >> 8;
+		tx_buffer[total_length++] = tpm_size;
+	}
+	memcpy(tx_buffer + total_length, tpm_data, tpm_size);
+	total_length += tpm_size;
+	nbr_dummy_bytes = tpm->latency + 1;
+	memset(tx_buffer + total_length, TPM_DUMMY_BYTE, nbr_dummy_bytes);
+
+	/* spi_claim_bus() always return 0 ! */
+	spi_claim_bus(tpm->tpm_dev_spi_info);
+	ret = spi_xfer(tpm->tpm_dev_spi_info,
+		       (total_length + nbr_dummy_bytes) * 8,
+		       tx_buffer, tx_buffer, SPI_XFER_BEGIN | SPI_XFER_END);
+	spi_release_bus(tpm->tpm_dev_spi_info);
+
+	return ret;
+}
+
+/*
+ * spi_read8_reg - Recv byte from the TIS register according to the ST33ZP24
+ *                 SPI protocol.
+ * @tpm, the chip description
+ * @tpm_loc, the locality to read register from
+ * @tpm_register, the tpm tis register where the data should be read
+ * @tpm_data, the TPM response
+ * @tpm_size, TPM response size to read.
+ * @return: should be zero if success else a negative error code.
+ */
+static u8 spi_read8_reg(struct tpm_chip *tpm, u8 tpm_loc, u8 tpm_register,
+		u8 *tpm_data, u16 tpm_size)
+{
+	u8 data = 0;
+	int total_length = 0, nbr_dummy_bytes;
+	int value = 0;
+	u8 *data_buffer;
+
+	data_buffer = tpm_data;
+	/* SPI read  message is : locality & direction */
+	data = tpm_loc;
+	memcpy(data_buffer + total_length, &data, sizeof(data));
+	total_length++;
+	/* + TPM target register */
+	data = tpm_register;
+	memcpy(data_buffer + total_length, &data, sizeof(data));
+	total_length++;
+	/* + TPM latency (2B) + Status byte (1B) + Nb to read (tpm_size) */
+	nbr_dummy_bytes = tpm->latency + 1 + tpm_size;
+	memset(&data_buffer[total_length], TPM_DUMMY_BYTE, nbr_dummy_bytes);
+
+	spi_claim_bus(tpm->tpm_dev_spi_info);
+	value = spi_xfer(tpm->tpm_dev_spi_info,
+			 (total_length + nbr_dummy_bytes) * 8, data_buffer,
+			 tpm_data, SPI_XFER_BEGIN | SPI_XFER_END);
+	spi_release_bus(tpm->tpm_dev_spi_info);
+
+	if (tpm_size > 0 && value == 0) {
+		if (tpm_data[tpm->latency + 2] == 0x5A)
+			memcpy(tpm_data,
+			       tpm_data + total_length + nbr_dummy_bytes
+			       - tpm_size, tpm_size);
+		else {
+			error("%s:%d - In TPM command, TPM status byte = ",
+			      __FILE__, __LINE__);
+			error("%x\n", tpm_data[tpm->latency + tpm_size + 1]);
+			value = -EIO;
+		}
+	}
+	return value;
+}
+
+/*
+ * tpm_stm_spi_cancel_or_command_ready, cancel command or move TPM inError
+ * Command Ready state
+ * @chip, the tpm chip description as specified in
+ * driver/char/tpm/tpm.h.
+ */
+static void tpm_stm_spi_cancel_or_command_ready(struct tpm_chip *chip)
+{
+	u8 data = TPM_STS_COMMAND_READY;
+
+	spi_write8_reg(chip, TPM_STS, &data, 1);
+}
+
+/*
+ * tpm_stm_spi_status return the TPM_STS register
+ * @chip, the tpm chip description
+ * @return: the TPM_STS register value.
+ */
+static u8 tpm_stm_spi_status(struct tpm_chip *chip)
+{
+	spi_read8_reg(chip, active_tpm->locality, TPM_STS, active_tpm->buf, 1);
+	return active_tpm->buf[0];
+}
+
+/*
+ * check_locality if the locality is active
+ * @chip, the tpm chip description
+ * @return: the active locality or negative error code.
+ */
+static int check_locality(struct tpm_chip *chip)
+{
+	u8 status;
+	int ret, loc_to_check = 0;
+
+	do {
+		status = spi_read8_reg(chip, loc_to_check, TPM_ACCESS,
+				active_tpm->buf, 1);
+		if ((status == 0) &&
+		    (active_tpm->buf[0] &
+		    (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID))
+		    == (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID))
+			break;
+		loc_to_check++;
+	} while (loc_to_check < NB_LOCALITIES);
+	if (loc_to_check == NB_LOCALITIES)
+		ret = -EPERM;
+	else
+		ret = loc_to_check;
+	return ret;
+}
+
+/*
+ * request_locality request the TPM locality
+ * @param: chip, the chip description
+ * @return: the active locality or negative error code.
+ */
+static int request_locality(struct tpm_chip *chip)
+{
+	unsigned long start, stop;
+	int rc;
+	u8 data = 0;
+
+	/* Check locality */
+	if (check_locality(chip) == chip->locality)
+		return chip->locality;
+	/* Request locality */
+	data = TPM_ACCESS_REQUEST_USE;
+	rc = spi_write8_reg(chip, TPM_ACCESS, &data, 1);
+	if (rc < 0)
+		goto end;
+	/* wait for locality activated */
+	start = get_timer(0);
+	stop = chip->timeout_a;
+	do {
+		if (check_locality(chip) == chip->locality)
+			return chip->locality;
+	} while (get_timer(start) < stop);
+	rc = -ETIMEDOUT;
+end:
+	return rc;
+}
+
+/*
+ * release_locality release the active locality
+ * @chip, the tpm chip description.
+ * @return: should be zero if success else a negative error code.
+ */
+static int release_locality(struct tpm_chip *chip)
+{
+	u8 data = 0;
+
+	data = TPM_ACCESS_ACTIVE_LOCALITY;
+	return spi_write8_reg(chip, TPM_ACCESS, &data, 1);
+}
+
+/*
+ * get_burstcount return the burstcount address 0x19 0x1A
+ * @chip, the chip description
+ * @return: the burstcount or negative error code.
+ */
+static int get_burstcount(struct tpm_chip *chip)
+{
+	unsigned long start, stop;
+	u32 burstcnt;
+	u8 tpm_reg;
+	long status = 0;
+	int ret;
+
+	/* wait for burstcount */
+	start = get_timer(0);
+	stop = chip->timeout_d;
+	do {
+		tpm_reg = TPM_STS + 1;
+		status = spi_read8_reg(chip, active_tpm->locality, tpm_reg,
+				       active_tpm->buf, 1);
+		if (status < 0)
+			return -EBUSY;
+		burstcnt = active_tpm->buf[0];
+		status = spi_read8_reg(chip, active_tpm->locality, ++tpm_reg,
+				       active_tpm->buf, 1);
+		if (status < 0)
+			return -EBUSY;
+		burstcnt |= active_tpm->buf[0] << 8;
+		if (burstcnt) {
+			ret = burstcnt;
+			goto end;
+		}
+	} while (get_timer(start) < stop);
+	ret = -ETIME;
+end:
+	return ret;
+}
+
+/*
+ * wait_for_stat wait for a TPM_STS value
+ * @chip, the tpm chip description
+ * @mask, the value mask to wait
+ * @timeout, the timeout
+ * @queue, the wait queue.
+ * @return: 0 if success or negative error code.
+ */
+static int wait_for_stat(struct tpm_chip *chip, u8 mask,
+			 unsigned long timeout)
+{
+	unsigned long start, stop;
+	u8 status;
+
+	/* check current status */
+	status = tpm_stm_spi_status(chip);
+	if ((status & mask) == mask)
+		return 0;
+	start = get_timer(0);
+	stop = timeout;
+	do {
+		status = tpm_stm_spi_status(chip);
+		if ((status & mask) == mask)
+			return 0;
+	} while (get_timer(start) < stop);
+	return -ETIME;
+}
+
+/*
+ * recv_data receive data
+ * @chip, the tpm chip description
+ * @buf, the buffer where the data are received
+ * @count, the number of data to receive
+ * @return: number of byte read on success, minus error code otherwise.
+ */
+static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
+{
+	int size = 0, burstcnt, len;
+	long status = 0;
+
+	while (size < count &&
+	       wait_for_stat(chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+			     chip->timeout_c) == 0) {
+		burstcnt = get_burstcount(chip);
+		len = min(burstcnt, count - size);
+		status = spi_read8_reg(chip, active_tpm->locality,
+		TPM_DATA_FIFO, buf + size, len);
+		if (status < 0)
+			return status;
+		size += len;
+	}
+	return size;
+}
+
+/*
+ * tpm_stm_spi_send send TPM commands through the SPI bus.
+ * @chip, the tpm chip description
+ * @buf, the tpm command buffer
+ * @len, the tpm command size
+ * @return: 0 if success else the negative error code.
+ */
+static int tpm_stm_spi_send(struct tpm_chip *chip, const unsigned char *buf,
+		size_t len)
+{
+	u32 burstcnt = 0, i, size = 0;
+	u8 data = 0;
+	long status = 0, ret = 0;
+
+	if (chip == NULL)
+		return -EINVAL;
+	if (len < TPM_HEADER_SIZE)
+		return -EINVAL;
+	ret = request_locality(chip);
+	if (ret < 0)
+		return ret;
+	status = tpm_stm_spi_status(chip);
+	if ((status & TPM_STS_COMMAND_READY) == 0) {
+		tpm_stm_spi_cancel_or_command_ready(chip);
+		if (wait_for_stat(chip, TPM_STS_COMMAND_READY, chip->timeout_b)
+		    < 0) {
+			ret = -ETIME;
+			goto out_err;
+		}
+	}
+	for (i = 0; i < len - 1;) {
+		burstcnt = get_burstcount(chip);
+		size = min(len - i - 1, burstcnt);
+		ret = spi_write8_reg(chip, TPM_DATA_FIFO, buf, size);
+		if (ret < 0)
+			goto out_err;
+		i += size;
+	}
+	status = tpm_stm_spi_status(chip);
+	if ((status & TPM_STS_DATA_EXPECT) == 0) {
+		ret = -EIO;
+		goto out_err;
+	}
+
+	/* write last byte */
+	spi_write8_reg(chip, TPM_DATA_FIFO, buf + len - 1, 1);
+	status = tpm_stm_spi_status(chip);
+	if ((status & TPM_STS_DATA_EXPECT) != 0) {
+		ret = -EIO;
+		goto out_err;
+	}
+	/* go and do it */
+	data = TPM_STS_GO;
+	ret = spi_write8_reg(chip, TPM_STS, &data, 1);
+	if (ret < 0)
+		goto out_err;
+	return len;
+out_err:
+	tpm_stm_spi_cancel_or_command_ready(chip);
+	release_locality(chip);
+	return ret;
+}
+
+/*
+ * tpm_stm_spi_send_hash send TPM locality 4 hash datas through the SPI bus
+ * to update the PCR[17].
+ * @chip, the tpm_chip description.
+ * @buf,	the data buffer to send.
+ * @len, the number of bytes to send.
+ * @return: 0 in case of success else the negative error code.
+ */
+static int tpm_stm_spi_send_hash(struct tpm_chip *chip, const uint8_t *buf,
+				 size_t len)
+{
+	int ret = 0;
+	int hash_ret = 0;
+	u8 data;
+
+	if (chip == NULL)
+		return -EBUSY;
+	release_locality(chip);
+	chip->locality = LOCALITY4;
+	if (request_locality(chip) != LOCALITY4) {
+		error("Failed to select locality 4, hash abort\n");
+		return -EIO;
+	}
+	data = TPM_DUMMY_BYTE;
+	hash_ret = spi_write8_reg(chip, TPM_HASH_START, &data, 1);
+	if (ret != 0)
+		goto end;
+	hash_ret = spi_write8_reg(chip, TPM_DATA_FIFO, buf, len);
+	if (ret != 0)
+		goto end;
+	hash_ret = spi_write8_reg(chip, TPM_HASH_END, &data, 1);
+	if (ret != 0)
+		goto end;
+
+end:	release_locality(chip);
+	chip->locality = LOCALITY0;
+	ret = request_locality(chip);
+	if (hash_ret < 0)
+		ret = hash_ret;
+	return ret;
+}
+
+/*
+ * tpm_stm_spi_recv received TPM response through the SPI bus.
+ * @chip, the tpm chip description
+ * @buf, the tpm command buffer
+ * @len, the tpm command size
+ * @return: 0 if success else the negative error code.
+ */
+static int tpm_stm_spi_recv(struct tpm_chip *chip, unsigned char *buf,
+			    size_t count)
+{
+	int size = 0;
+	int expected;
+	u8 rx_buffer[TPM_BUFSIZE];
+
+	if (chip == NULL)
+		return -EINVAL;
+	if (count < TPM_HEADER_SIZE) {
+		size = -EIO;
+		goto out;
+	}
+	size = recv_data(chip, buf, TPM_HEADER_SIZE);
+	/* read first 10 bytes, including tag, paramsize, and result */
+	if (size < TPM_HEADER_SIZE) {
+		error("%s:%d - Unable to read header\n",
+		      __FILE__, __LINE__);
+		goto out;
+	}
+	memcpy(rx_buffer, buf, TPM_HEADER_SIZE);
+	expected = get_unaligned_be32(rx_buffer + TPM_RSP_SIZE_BYTE);
+	if (expected > count) {
+		size = -EIO;
+		goto out;
+	}
+	size += recv_data(chip, buf, expected - TPM_HEADER_SIZE);
+	if (size < expected) {
+		error("%s:%d - Unable to read remaining bytes of result\n",
+		      __FILE__, __LINE__);
+		size = -ETIME;
+		goto out;
+	}
+	memcpy(rx_buffer + TPM_HEADER_SIZE, buf, expected - TPM_HEADER_SIZE);
+	memcpy(buf, rx_buffer, expected);
+out:
+	tpm_stm_spi_cancel_or_command_ready(chip);
+	release_locality(chip);
+	return size;
+}
+
+/*
+ * tis_open() - Setup TPM attributes and verify TPM presence on bus.
+ * @return: 0 on success (the device is found or was found during an earlier
+ * function call) or -EIO if the device is not found.
+ */
+int tpm_open(struct spi_slave *slave, int tpm_number)
+{
+	active_tpm = &tpm_st33_spi_board_info[tpm_number];
+	active_tpm->timeout_a = TIS_SHORT_TIMEOUT_MS;
+	active_tpm->timeout_b = TIS_LONG_TIMEOUT_MS;
+	active_tpm->timeout_c = TIS_SHORT_TIMEOUT_MS;
+	active_tpm->timeout_d = TIS_SHORT_TIMEOUT_MS;
+	active_tpm->locality = LOCALITY0;
+	active_tpm->duration = TPM_MAX_COMMAND_DURATION_MS;
+	active_tpm->tpm_dev_spi_info = slave;
+	active_tpm->latency = 2;
+	active_tpm->is_open = 1;
+	if (spi_read8_reg(active_tpm, active_tpm->locality,
+			  TPM_ACCESS, active_tpm->buf, 1) != 0) {
+		active_tpm->is_open = 0;
+		return -EIO;
+	}
+	debug("%s:%d - STMicroelectronics ST33ZP24 SPI TPM[%d] found\n",
+	      __FILE__, __LINE__, tpm_number);
+	return 0;
+}
+
+/*
+ * tis_init() - Setup the SPI bus and check TPM(s) presence on the bus.
+ * Upon exit, TPM0 is the one active if present.
+ * @return: 0 on success (the device is found or was found during an earlier
+ * function call) or -ENODEV if the device is not found.
+ */
+int tis_init(void)
+{
+	int rc = 0;
+	struct spi_slave *slave;
+
+	slave = spi_setup_slave(TPM0_SPI_BUS_NUM, TPM0_SPI_CS,
+				TPM0_SPI_MAX_SPEED, SPI_MODE_0);
+	if (!slave) {
+		error("%s-%d - ST33ZP24 SPI TPM NOT found\n",
+		      __FILE__, __LINE__);
+		return -ENXIO;
+	}
+	rc = tpm_open(slave, 0);
+	if (rc != 0)
+		goto out_err;
+#ifdef CONFIG_TPM_ST_2TPM
+	slave = spi_setup_slave(TPM1_SPI_BUS_NUM, TPM1_SPI_CS,
+				TPM1_SPI_MAX_SPEED, SPI_MODE_0);
+	if (!slave) {
+		error("%s:%d - ST33ZP24 2nd SPI TPM NOT found\n",
+		      __FILE__, __LINE__);
+		return -ENXIO;
+	}
+	rc = tpm_open(slave, 1);
+#endif
+	active_tpm = &tpm_st33_spi_board_info[0];
+out_err:
+	return rc;
+}
+
+/*
+ * tis_sendrecv() send the requested data to the TPM and then try read response
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @recvbuf - memory to save the response to
+ * @recv_len - pointer to the size of the response buffer
+ * @return: 0 on success (and places the number of response bytes at recv_len)
+ * or negative value on failure.
+ */
+int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf,
+		size_t *rbuf_len)
+{
+	int len;
+
+	if (active_tpm->is_open == 0)
+		return -EPERM;
+	if (sizeof(active_tpm->buf) < sbuf_size)
+		return -EPERM;
+	len = tpm_stm_spi_send(active_tpm, sendbuf, sbuf_size);
+	if (len < sbuf_size) {
+		error("%s:%d - TPM error, command not fully transmitted",
+		      __FILE__, __LINE__);
+		error(", only %d sent where expect %d\n", len, sbuf_size);
+		return -EPERM;
+	}
+	if (wait_for_stat(active_tpm, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+			  active_tpm->timeout_c) != 0)
+		return -EIO;
+	len = tpm_stm_spi_recv(active_tpm, active_tpm->buf,
+			       sizeof(active_tpm->buf));
+	if (len < 10) {
+		*rbuf_len = 0;
+		return -EIO;
+	}
+	if (recvbuf != NULL) {
+		memcpy(recvbuf, active_tpm->buf, len);
+		*rbuf_len = len;
+	} else {
+		error("%s:%d - recvbuf is NULL, drop the TPM answer\n",
+		      __FILE__, __LINE__);
+	}
+
+	return 0;
+}
+
+/*
+ * tis_sendhashloc4() perform a hash in locality 4 in order to extend PCR17
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @return: 0 on success or negative value on failure.
+ */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size)
+{
+	int ret;
+
+	if (active_tpm->is_open == 0) {
+		error("%s:%d - TPM not yet initialized.\n",
+		      __FILE__, __LINE__);
+		error(" Perform \"tpm init\" first.\n");
+		return -EPERM;
+	}
+	ret = tpm_stm_spi_send_hash(active_tpm, sendbuf, sbuf_size);
+	return ret;
+}
+
+/*
+ * tis_open() requests access to locality 0. After all commands have been
+ * completed the caller is supposed to call tis_close().
+ * @chip_number, the tpm chip to activate (0 or 1)
+ * @return: 0 on success, -EIO if an error occur
+ */
+int tis_open(void)
+{
+	if (tis_close())
+		return -EIO;
+	/* now request access to locality. */
+	if (request_locality(active_tpm) != 0) {
+		error("%s:%d - failed to lock locality 0\n",
+		      __FILE__, __LINE__);
+		return -EIO;
+	}
+	return 0;
+}
+
+/*
+ * tis_close() terminate the current session with the TPM by releasing the
+ * locked locality.
+ * @return: Returns 0 on success or negative value on failure (in case lock
+ * removal did not succeed).
+ */
+int tis_close(void)
+{
+	return release_locality(active_tpm);
+}
+
+#ifdef CONFIG_TPM_ST_2TPM
+/*
+ * tis_select_tpm() switch the active TPM to "chip_number"
+ * removal did not succeed).
+ * @chip_number, TPM chip to activate (0 or 1)
+ * @return: 0 on success, negative value if an error occur
+ */
+int tis_select_tpm(int chip_number)
+{
+	if (chip_number > CONFIG_TPM_ST_2TPM - 1) {
+		error("%s:%d - Trying selected TPM number does not exist\n",
+		      __FILE__, __LINE__);
+		return -EPERM;
+	}
+	active_tpm = &tpm_st33_spi_board_info[chip_number];
+	return 0;
+}
+#endif
diff --git a/include/tis.h b/include/tis.h
index 40a1f86..f2b2df3 100644
--- a/include/tis.h
+++ b/include/tis.h
@@ -53,5 +53,14 @@ int tis_close(void);
  */
 int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf,
 			size_t *recv_len);
-
+#ifdef CONFIG_TPM_ST
+/*
+ * tis_sendhashloc4() perform a hash in locality 4 in order to extend PCR17
+ * @param: sendbuf - buffer of the data to send
+ * @param: send_size size of the data to send
+ *
+ * @return: 0 on success or -TPM_DRIVER_ERR on failure.
+ */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size);
+#endif /* CONFIG_TPM_ST */
 #endif /* __TIS_H */
diff --git a/include/tpm.h b/include/tpm.h
index 88aeba2..90ae922 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -229,6 +229,18 @@ uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length);
  */
 uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
 
+#ifdef CONFIG_TPM_ST
+/**
+ * Issue a TPM hash in locality4 command.
+ *
+ * @param in_digest	any size value representing the event to be
+ *			recorded
+ * @param length	length of data bytes of input buffer
+ * @return 0 if success, otherwise means an error occurs.
+ */
+uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length);
+#endif /* CONFIG_TPM_ST */
+
 /**
  * Issue a TPM_PCRRead command.
  *
@@ -239,6 +251,16 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
  */
 uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count);
 
+#ifdef CONFIG_TPM_ST_2TPM
+/**
+ * On platform with 2 declared SPI TPM, select one or the other.
+ *
+ * @param TPM ID to select (0 or 1)
+ * @return 0 if success, otherwise means an error occurs.
+ */
+uint32_t tpm_spi_select(int selected_tpm);
+#endif /* CONFIG_TPM_ST_2TPM */
+
 /**
  * Issue a TSC_PhysicalPresence command.  TPM physical presence flag
  * is bit-wise OR'ed of flags listed in enum tpm_physical_presence.
diff --git a/lib/tpm.c b/lib/tpm.c
index 967c8e6..ea574f4 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -431,6 +431,19 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest)
 	return 0;
 }
 
+#ifdef CONFIG_TPM_ST
+uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length)
+{
+	uint32_t err;
+
+	err = tis_sendhashloc4(in_digest, length);
+	if (err)
+		return err;
+
+	return 0;
+}
+#endif /* CONFIG_TPM_ST */
+
 uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
 {
 	const uint8_t command[14] = {
@@ -459,6 +472,19 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
 	return 0;
 }
 
+#ifdef CONFIG_TPM_ST_2TPM
+uint32_t tpm_spi_select(int selected_tpm)
+{
+	uint32_t err;
+
+	err = tis_select_tpm(selected_tpm);
+	if (err)
+		return err;
+
+	return 0;
+}
+#endif /* CONFIG_TPM_ST_2TPM */
+
 uint32_t tpm_tsc_physical_presence(uint16_t presence)
 {
 	const uint8_t command[12] = {
-- 
1.7.9.5



More information about the U-Boot mailing list