[U-Boot] [PATCH 1/2] spi: ST33ZP24 SPI TPM driver
Jean-Luc BLANC
stmicroelectronics.tpm at gmail.com
Wed Jul 9 00:05:44 CEST 2014
This driver add support for STMicroelectronics ST33ZP24 SPI TPM.
Driver support 2 SPI TPMs.
Driver support also hash in Locality 4 feature (the only way to
update PCR17).
---
README | 29 ++
common/cmd_tpm.c | 63 +++-
drivers/tpm/Makefile | 1 +
drivers/tpm/tpm_spi_stm_st33.c | 724 ++++++++++++++++++++++++++++++++++++++++
include/tis.h | 11 +-
include/tpm.h | 22 ++
lib/tpm.c | 26 ++
7 files changed, 874 insertions(+), 2 deletions(-)
create mode 100644 drivers/tpm/tpm_spi_stm_st33.c
diff --git a/README b/README
index a248ab5..a4aa28a 100644
--- a/README
+++ b/README
@@ -1397,6 +1397,35 @@ The following options need to be configured:
Define this to enable authorized functions in the TPM library.
Requires CONFIG_TPM and CONFIG_SHA1.
+ CONFIG_TPM_ST
+ Support additional hash in locality 4 command for
+ STMicroelectronics TPMs (SPI or I2C). Require CONFIG_CMD_TPM.
+
+ CONFIG_TPM_ST_SPI
+ Support SPI STMicroelectronics TPM. Require SPI support
+
+ TPM0_SPI_MAX_SPEED
+ Define SPI frequency for TPM, 10000000 Hz max
+
+ TPM0_SPI_BUS_NUM
+ Define SPI Bus ID connected to TPM
+
+ TPM0_SPI_CS
+ Define SPI Chip Select ID connected to TPM
+
+ CONFIG_TPM_ST_2TPM
+ Support additional STMicoelectronics SPI TPM.
+ Require CONFIG_TPM_ST_SPI
+
+ TPM1_SPI_MAX_SPEED
+ Define SPI frequency for TPM, 10000000 Hz max
+
+ TPM1_SPI_BUS_NUM
+ Define SPI Bus ID connected to TPM
+
+ TPM1_SPI_CS
+ Define SPI Chip Select ID connected to TPM
+
- USB Support:
At the moment only the UHCI host controller is
supported (PIP405, MIP405, MPC5200); define
diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c
index 0294952..63f52e4 100644
--- a/common/cmd_tpm.c
+++ b/common/cmd_tpm.c
@@ -334,6 +334,29 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
return convert_return_code(rc);
}
+#ifdef CONFIG_TPM_ST
+static int do_tpm_hash_loc4(cmd_tbl_t *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ uint32_t rc;
+ size_t count;
+ void *data;
+
+ if (argc != 2)
+ return CMD_RET_USAGE;
+
+ data = parse_byte_string(argv[1], NULL, &count);
+ if (!data) {
+ printf("Couldn't parse byte string %s\n", argv[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ rc = tpm_hash_loc4(data, count);
+ free(data);
+ return convert_return_code(rc);
+}
+#endif /* CONFIG_TPM_ST */
+
static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
@@ -355,6 +378,25 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag,
return convert_return_code(rc);
}
+#ifdef CONFIG_TPM_ST_2TPM
+static int do_tpm_spi_select(cmd_tbl_t *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ uint32_t rc, spi_number;
+
+ if (argc != 2)
+ return CMD_RET_USAGE;
+ spi_number = simple_strtoul(argv[1], NULL, 0);
+ if (spi_number < CONFIG_TPM_ST_2TPM) {
+ rc = tpm_spi_select(spi_number);
+ } else {
+ printf("Couldn't parse argument %s\n", argv[1]);
+ return CMD_RET_FAILURE;
+ }
+ return convert_return_code(rc);
+}
+#endif /* CONFIG_TPM_ST_2TPM */
+
static int do_tpm_tsc_physical_presence(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
@@ -629,8 +671,16 @@ static cmd_tbl_t tpm_commands[] = {
do_tpm_nv_write_value, "", ""),
U_BOOT_CMD_MKENT(extend, 0, 1,
do_tpm_extend, "", ""),
+#ifdef CONFIG_TPM_ST
+ U_BOOT_CMD_MKENT(hash_loc4, 0, 1,
+ do_tpm_hash_loc4, "", ""),
+#endif /* CONFIG_TPM_ST */
U_BOOT_CMD_MKENT(pcr_read, 0, 1,
- do_tpm_pcr_read, "", ""),
+ do_tpm_pcr_read, "", ""),
+#ifdef CONFIG_TPM_ST_2TPM
+ U_BOOT_CMD_MKENT(spi_select, 0, 1,
+ do_tpm_spi_select, "", ""),
+#endif /* CONFIG_TPM_ST_2TPM */
U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
do_tpm_tsc_physical_presence, "", ""),
U_BOOT_CMD_MKENT(read_pubek, 0, 1,
@@ -723,6 +773,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
" extend index digest_hex_string\n"
" - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n"
" <digest_hex_string>\n"
+#ifdef CONFIG_TPM_ST
+" hash_loc4 digest_hex_string\n"
+" - Add a mesurement in PCR17. Update PCR 17 with the digest\n"
+" of <digest_hex_string>\n"
+#endif /* CONFIG_TPM_ST */
" pcr_read index addr count\n"
" - Read <count> bytes from PCR <index> to memory address <addr>.\n"
#ifdef CONFIG_TPM_AUTH_SESSIONS
@@ -754,4 +809,10 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
" - Read from space <index> to environment variables <vars...>.\n"
" nv_write types_string index values...\n"
" - Write to space <index> from values <values...>.\n"
+#ifdef CONFIG_TPM_ST_2TPM
+"TPM Select Command:\n"
+" spi_select <TPM_ID>\n"
+" - In platform with multiple SPI TPM, activate <TPM_ID> for coming\n"
+" TPM operations. 0 or 1 are recognized <TPM_ID>\n"
+#endif /* CONFIG_TPM_ST_2TPM */
);
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index 150570e..1ee707e 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -9,3 +9,4 @@ obj-$(CONFIG_TPM_TIS_I2C) += tpm.o
obj-$(CONFIG_TPM_TIS_I2C) += tpm_tis_i2c.o
obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o
obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
+obj-$(CONFIG_TPM_ST_SPI) += tpm_spi_stm_st33.o
diff --git a/drivers/tpm/tpm_spi_stm_st33.c b/drivers/tpm/tpm_spi_stm_st33.c
new file mode 100644
index 0000000..f65adff
--- /dev/null
+++ b/drivers/tpm/tpm_spi_stm_st33.c
@@ -0,0 +1,724 @@
+/*
+ * STMicroelectronics TPM SPI UBOOT Linux driver for TPM ST33ZP24
+ * Copyright (C) 2014 STMicroelectronics
+ *
+ *
+ * Description: Device driver for ST33ZP24 SPI TPM TCG.
+ *
+ * This device driver implements the TPM interface as defined in
+ * the TCG TPM Interface Spec version 1.21, revision 1.0 and the
+ * STMicroelectronics SPI Protocol Stack Specification version 1.2.0.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ *
+ * @Author: Jean-Luc BLANC <jean-luc.blanc at st.com>
+ *
+ * @File: tpm_spi_stm_st33.c
+ */
+
+#include <common.h>
+#include <spi.h>
+#include <linux/types.h>
+#include <tpm.h>
+#include <errno.h>
+#include <asm/unaligned.h>
+
+#define TPM_ACCESS 0x0
+#define TPM_STS 0x18
+#define TPM_HASH_END 0x20
+#define TPM_DATA_FIFO 0x24
+#define TPM_HASH_DATA 0x24
+#define TPM_HASH_START 0x28
+#define TPM_INTF_CAPABILITY 0x14
+#define TPM_INT_STATUS 0x10
+#define TPM_INT_ENABLE 0x08
+
+#define TPM_DUMMY_BYTE 0x00
+#define TPM_WRITE_DIRECTION 0x80
+#define TPM_HEADER_SIZE 10
+#define TPM_BUFSIZE 2048
+
+#define LOCALITY0 0
+#define LOCALITY1 1
+#define LOCALITY2 2
+#define LOCALITY3 3
+#define LOCALITY4 4
+#define NB_LOCALITIES 5
+
+/* Index of Count field in TPM response buffer */
+#define TPM_RSP_SIZE_BYTE 2
+
+#define SPI_WRITE_HEADER_SIZE 4
+
+/**
+ * @latency: number of latency bytes TPM need to decode I2C register request
+ * and provide answer
+ * @is_open: TPM connection establishment information
+ * @locality: active locality of the TPM (0 to 4)
+ * @buf: command/response buffer
+ * @timeout_*: timeouts for TPM states changes
+ * @duration: maximum time for a TPM command processing
+ */
+struct tpm_chip {
+ int latency;
+ int is_open;
+ int locality;
+ u8 buf[TPM_BUFSIZE];
+ unsigned long timeout_a, timeout_b, timeout_c, timeout_d; /* msec */
+ unsigned long duration; /* msec */
+ struct spi_slave *tpm_dev_spi_info;
+};
+
+#ifdef CONFIG_TPM_ST_2TPM /* 2 TPM on board */
+struct tpm_chip tpm_st33_spi_board_info[CONFIG_TPM_ST_2TPM];
+#else /* Only 1 TPM on board */
+struct tpm_chip tpm_st33_spi_board_info[1];
+#endif
+
+struct tpm_chip *active_tpm;
+
+/* Maximum command duration */
+#define TPM_MAX_COMMAND_DURATION_MS 120000
+
+enum stm33zp24_access {
+ TPM_ACCESS_VALID = 0x80,
+ TPM_ACCESS_ACTIVE_LOCALITY = 0x20,
+ TPM_ACCESS_REQUEST_PENDING = 0x04,
+ TPM_ACCESS_REQUEST_USE = 0x02,
+};
+
+enum stm33zp24_status {
+ TPM_STS_VALID = 0x80,
+ TPM_STS_COMMAND_READY = 0x40,
+ TPM_STS_GO = 0x20,
+ TPM_STS_DATA_AVAIL = 0x10,
+ TPM_STS_DATA_EXPECT = 0x08,
+};
+
+enum stm33zp24_int_flags {
+ TPM_GLOBAL_INT_ENABLE = 0x80,
+ TPM_INTF_CMD_READY_INT = 0x80,
+ TPM_INTF_FIFO_AVALAIBLE_INT = 0x40,
+ TPM_INTF_WAKE_UP_READY_INT = 0x20,
+ TPM_INTF_LOC4SOFTRELEASE_INT = 0x08,
+ TPM_INTF_LOCALITY_CHANGE_INT = 0x04,
+ TPM_INTF_STS_VALID_INT = 0x02,
+ TPM_INTF_DATA_AVAIL_INT = 0x01,
+};
+
+enum tis_defaults {
+ TIS_SHORT_TIMEOUT_MS = 750, /* ms */
+ TIS_LONG_TIMEOUT_MS = 2000, /* 2 sec */
+};
+
+/*
+ * spi_write8_reg - Send byte to the TIS register according to the ST33ZP24
+ * SPI protocol.
+ * @tpm, the chip description
+ * @tpm_register, the tpm tis register where the data should be written
+ * @tpm_data, the tpm_data to write inside the tpm_register
+ * @tpm_size, The length of the data
+ * @return: should be zero if success else a negative error code.
+ */
+static int spi_write8_reg(struct tpm_chip *tpm, u8 tpm_register,
+ const u8 *tpm_data, u16 tpm_size)
+{
+ u8 data = 0;
+ int total_length = 0, nbr_dummy_bytes = 0;
+ int ret = 0;
+ u8 tx_buffer[TPM_BUFSIZE + SPI_WRITE_HEADER_SIZE];
+
+ data = TPM_WRITE_DIRECTION | tpm->locality;
+ memcpy(tx_buffer + total_length, &data, sizeof(data));
+ total_length++;
+ tx_buffer[total_length++] = tpm_register;
+
+ if (tpm_size > 0 &&
+ ((tpm_register == TPM_DATA_FIFO) ||
+ (tpm_register == TPM_HASH_DATA))) {
+ tx_buffer[total_length++] = tpm_size >> 8;
+ tx_buffer[total_length++] = tpm_size;
+ }
+ memcpy(tx_buffer + total_length, tpm_data, tpm_size);
+ total_length += tpm_size;
+ nbr_dummy_bytes = tpm->latency + 1;
+ memset(tx_buffer + total_length, TPM_DUMMY_BYTE, nbr_dummy_bytes);
+
+ /* spi_claim_bus() always return 0 ! */
+ spi_claim_bus(tpm->tpm_dev_spi_info);
+ ret = spi_xfer(tpm->tpm_dev_spi_info,
+ (total_length + nbr_dummy_bytes) * 8,
+ tx_buffer, tx_buffer, SPI_XFER_BEGIN | SPI_XFER_END);
+ spi_release_bus(tpm->tpm_dev_spi_info);
+
+ return ret;
+}
+
+/*
+ * spi_read8_reg - Recv byte from the TIS register according to the ST33ZP24
+ * SPI protocol.
+ * @tpm, the chip description
+ * @tpm_loc, the locality to read register from
+ * @tpm_register, the tpm tis register where the data should be read
+ * @tpm_data, the TPM response
+ * @tpm_size, TPM response size to read.
+ * @return: should be zero if success else a negative error code.
+ */
+static u8 spi_read8_reg(struct tpm_chip *tpm, u8 tpm_loc, u8 tpm_register,
+ u8 *tpm_data, u16 tpm_size)
+{
+ u8 data = 0;
+ int total_length = 0, nbr_dummy_bytes;
+ int value = 0;
+ u8 *data_buffer;
+
+ data_buffer = tpm_data;
+ /* SPI read message is : locality & direction */
+ data = tpm_loc;
+ memcpy(data_buffer + total_length, &data, sizeof(data));
+ total_length++;
+ /* + TPM target register */
+ data = tpm_register;
+ memcpy(data_buffer + total_length, &data, sizeof(data));
+ total_length++;
+ /* + TPM latency (2B) + Status byte (1B) + Nb to read (tpm_size) */
+ nbr_dummy_bytes = tpm->latency + 1 + tpm_size;
+ memset(&data_buffer[total_length], TPM_DUMMY_BYTE, nbr_dummy_bytes);
+
+ spi_claim_bus(tpm->tpm_dev_spi_info);
+ value = spi_xfer(tpm->tpm_dev_spi_info,
+ (total_length + nbr_dummy_bytes) * 8, data_buffer,
+ tpm_data, SPI_XFER_BEGIN | SPI_XFER_END);
+ spi_release_bus(tpm->tpm_dev_spi_info);
+
+ if (tpm_size > 0 && value == 0) {
+ if (tpm_data[tpm->latency + 2] == 0x5A)
+ memcpy(tpm_data,
+ tpm_data + total_length + nbr_dummy_bytes
+ - tpm_size, tpm_size);
+ else {
+ error("%s:%d - In TPM command, TPM status byte = ",
+ __FILE__, __LINE__);
+ error("%x\n", tpm_data[tpm->latency + tpm_size + 1]);
+ value = -EIO;
+ }
+ }
+ return value;
+}
+
+/*
+ * tpm_stm_spi_cancel_or_command_ready, cancel command or move TPM inError
+ * Command Ready state
+ * @chip, the tpm chip description as specified in
+ * driver/char/tpm/tpm.h.
+ */
+static void tpm_stm_spi_cancel_or_command_ready(struct tpm_chip *chip)
+{
+ u8 data = TPM_STS_COMMAND_READY;
+
+ spi_write8_reg(chip, TPM_STS, &data, 1);
+}
+
+/*
+ * tpm_stm_spi_status return the TPM_STS register
+ * @chip, the tpm chip description
+ * @return: the TPM_STS register value.
+ */
+static u8 tpm_stm_spi_status(struct tpm_chip *chip)
+{
+ spi_read8_reg(chip, active_tpm->locality, TPM_STS, active_tpm->buf, 1);
+ return active_tpm->buf[0];
+}
+
+/*
+ * check_locality if the locality is active
+ * @chip, the tpm chip description
+ * @return: the active locality or negative error code.
+ */
+static int check_locality(struct tpm_chip *chip)
+{
+ u8 status;
+ int ret, loc_to_check = 0;
+
+ do {
+ status = spi_read8_reg(chip, loc_to_check, TPM_ACCESS,
+ active_tpm->buf, 1);
+ if ((status == 0) &&
+ (active_tpm->buf[0] &
+ (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID))
+ == (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID))
+ break;
+ loc_to_check++;
+ } while (loc_to_check < NB_LOCALITIES);
+ if (loc_to_check == NB_LOCALITIES)
+ ret = -EPERM;
+ else
+ ret = loc_to_check;
+ return ret;
+}
+
+/*
+ * request_locality request the TPM locality
+ * @param: chip, the chip description
+ * @return: the active locality or negative error code.
+ */
+static int request_locality(struct tpm_chip *chip)
+{
+ unsigned long start, stop;
+ int rc;
+ u8 data = 0;
+
+ /* Check locality */
+ if (check_locality(chip) == chip->locality)
+ return chip->locality;
+ /* Request locality */
+ data = TPM_ACCESS_REQUEST_USE;
+ rc = spi_write8_reg(chip, TPM_ACCESS, &data, 1);
+ if (rc < 0)
+ goto end;
+ /* wait for locality activated */
+ start = get_timer(0);
+ stop = chip->timeout_a;
+ do {
+ if (check_locality(chip) == chip->locality)
+ return chip->locality;
+ } while (get_timer(start) < stop);
+ rc = -ETIMEDOUT;
+end:
+ return rc;
+}
+
+/*
+ * release_locality release the active locality
+ * @chip, the tpm chip description.
+ * @return: should be zero if success else a negative error code.
+ */
+static int release_locality(struct tpm_chip *chip)
+{
+ u8 data = 0;
+
+ data = TPM_ACCESS_ACTIVE_LOCALITY;
+ return spi_write8_reg(chip, TPM_ACCESS, &data, 1);
+}
+
+/*
+ * get_burstcount return the burstcount address 0x19 0x1A
+ * @chip, the chip description
+ * @return: the burstcount or negative error code.
+ */
+static int get_burstcount(struct tpm_chip *chip)
+{
+ unsigned long start, stop;
+ u32 burstcnt;
+ u8 tpm_reg;
+ long status = 0;
+ int ret;
+
+ /* wait for burstcount */
+ start = get_timer(0);
+ stop = chip->timeout_d;
+ do {
+ tpm_reg = TPM_STS + 1;
+ status = spi_read8_reg(chip, active_tpm->locality, tpm_reg,
+ active_tpm->buf, 1);
+ if (status < 0)
+ return -EBUSY;
+ burstcnt = active_tpm->buf[0];
+ status = spi_read8_reg(chip, active_tpm->locality, ++tpm_reg,
+ active_tpm->buf, 1);
+ if (status < 0)
+ return -EBUSY;
+ burstcnt |= active_tpm->buf[0] << 8;
+ if (burstcnt) {
+ ret = burstcnt;
+ goto end;
+ }
+ } while (get_timer(start) < stop);
+ ret = -ETIME;
+end:
+ return ret;
+}
+
+/*
+ * wait_for_stat wait for a TPM_STS value
+ * @chip, the tpm chip description
+ * @mask, the value mask to wait
+ * @timeout, the timeout
+ * @queue, the wait queue.
+ * @return: 0 if success or negative error code.
+ */
+static int wait_for_stat(struct tpm_chip *chip, u8 mask,
+ unsigned long timeout)
+{
+ unsigned long start, stop;
+ u8 status;
+
+ /* check current status */
+ status = tpm_stm_spi_status(chip);
+ if ((status & mask) == mask)
+ return 0;
+ start = get_timer(0);
+ stop = timeout;
+ do {
+ status = tpm_stm_spi_status(chip);
+ if ((status & mask) == mask)
+ return 0;
+ } while (get_timer(start) < stop);
+ return -ETIME;
+}
+
+/*
+ * recv_data receive data
+ * @chip, the tpm chip description
+ * @buf, the buffer where the data are received
+ * @count, the number of data to receive
+ * @return: number of byte read on success, minus error code otherwise.
+ */
+static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
+{
+ int size = 0, burstcnt, len;
+ long status = 0;
+
+ while (size < count &&
+ wait_for_stat(chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+ chip->timeout_c) == 0) {
+ burstcnt = get_burstcount(chip);
+ len = min(burstcnt, count - size);
+ status = spi_read8_reg(chip, active_tpm->locality,
+ TPM_DATA_FIFO, buf + size, len);
+ if (status < 0)
+ return status;
+ size += len;
+ }
+ return size;
+}
+
+/*
+ * tpm_stm_spi_send send TPM commands through the SPI bus.
+ * @chip, the tpm chip description
+ * @buf, the tpm command buffer
+ * @len, the tpm command size
+ * @return: 0 if success else the negative error code.
+ */
+static int tpm_stm_spi_send(struct tpm_chip *chip, const unsigned char *buf,
+ size_t len)
+{
+ u32 burstcnt = 0, i, size = 0;
+ u8 data = 0;
+ long status = 0, ret = 0;
+
+ if (chip == NULL)
+ return -EINVAL;
+ if (len < TPM_HEADER_SIZE)
+ return -EINVAL;
+ ret = request_locality(chip);
+ if (ret < 0)
+ return ret;
+ status = tpm_stm_spi_status(chip);
+ if ((status & TPM_STS_COMMAND_READY) == 0) {
+ tpm_stm_spi_cancel_or_command_ready(chip);
+ if (wait_for_stat(chip, TPM_STS_COMMAND_READY, chip->timeout_b)
+ < 0) {
+ ret = -ETIME;
+ goto out_err;
+ }
+ }
+ for (i = 0; i < len - 1;) {
+ burstcnt = get_burstcount(chip);
+ size = min(len - i - 1, burstcnt);
+ ret = spi_write8_reg(chip, TPM_DATA_FIFO, buf, size);
+ if (ret < 0)
+ goto out_err;
+ i += size;
+ }
+ status = tpm_stm_spi_status(chip);
+ if ((status & TPM_STS_DATA_EXPECT) == 0) {
+ ret = -EIO;
+ goto out_err;
+ }
+
+ /* write last byte */
+ spi_write8_reg(chip, TPM_DATA_FIFO, buf + len - 1, 1);
+ status = tpm_stm_spi_status(chip);
+ if ((status & TPM_STS_DATA_EXPECT) != 0) {
+ ret = -EIO;
+ goto out_err;
+ }
+ /* go and do it */
+ data = TPM_STS_GO;
+ ret = spi_write8_reg(chip, TPM_STS, &data, 1);
+ if (ret < 0)
+ goto out_err;
+ return len;
+out_err:
+ tpm_stm_spi_cancel_or_command_ready(chip);
+ release_locality(chip);
+ return ret;
+}
+
+/*
+ * tpm_stm_spi_send_hash send TPM locality 4 hash datas through the SPI bus
+ * to update the PCR[17].
+ * @chip, the tpm_chip description.
+ * @buf, the data buffer to send.
+ * @len, the number of bytes to send.
+ * @return: 0 in case of success else the negative error code.
+ */
+static int tpm_stm_spi_send_hash(struct tpm_chip *chip, const uint8_t *buf,
+ size_t len)
+{
+ int ret = 0;
+ int hash_ret = 0;
+ u8 data;
+
+ if (chip == NULL)
+ return -EBUSY;
+ release_locality(chip);
+ chip->locality = LOCALITY4;
+ if (request_locality(chip) != LOCALITY4) {
+ error("Failed to select locality 4, hash abort\n");
+ return -EIO;
+ }
+ data = TPM_DUMMY_BYTE;
+ hash_ret = spi_write8_reg(chip, TPM_HASH_START, &data, 1);
+ if (ret != 0)
+ goto end;
+ hash_ret = spi_write8_reg(chip, TPM_DATA_FIFO, buf, len);
+ if (ret != 0)
+ goto end;
+ hash_ret = spi_write8_reg(chip, TPM_HASH_END, &data, 1);
+ if (ret != 0)
+ goto end;
+
+end: release_locality(chip);
+ chip->locality = LOCALITY0;
+ ret = request_locality(chip);
+ if (hash_ret < 0)
+ ret = hash_ret;
+ return ret;
+}
+
+/*
+ * tpm_stm_spi_recv received TPM response through the SPI bus.
+ * @chip, the tpm chip description
+ * @buf, the tpm command buffer
+ * @len, the tpm command size
+ * @return: 0 if success else the negative error code.
+ */
+static int tpm_stm_spi_recv(struct tpm_chip *chip, unsigned char *buf,
+ size_t count)
+{
+ int size = 0;
+ int expected;
+ u8 rx_buffer[TPM_BUFSIZE];
+
+ if (chip == NULL)
+ return -EINVAL;
+ if (count < TPM_HEADER_SIZE) {
+ size = -EIO;
+ goto out;
+ }
+ size = recv_data(chip, buf, TPM_HEADER_SIZE);
+ /* read first 10 bytes, including tag, paramsize, and result */
+ if (size < TPM_HEADER_SIZE) {
+ error("%s:%d - Unable to read header\n",
+ __FILE__, __LINE__);
+ goto out;
+ }
+ memcpy(rx_buffer, buf, TPM_HEADER_SIZE);
+ expected = get_unaligned_be32(rx_buffer + TPM_RSP_SIZE_BYTE);
+ if (expected > count) {
+ size = -EIO;
+ goto out;
+ }
+ size += recv_data(chip, buf, expected - TPM_HEADER_SIZE);
+ if (size < expected) {
+ error("%s:%d - Unable to read remaining bytes of result\n",
+ __FILE__, __LINE__);
+ size = -ETIME;
+ goto out;
+ }
+ memcpy(rx_buffer + TPM_HEADER_SIZE, buf, expected - TPM_HEADER_SIZE);
+ memcpy(buf, rx_buffer, expected);
+out:
+ tpm_stm_spi_cancel_or_command_ready(chip);
+ release_locality(chip);
+ return size;
+}
+
+/*
+ * tis_open() - Setup TPM attributes and verify TPM presence on bus.
+ * @return: 0 on success (the device is found or was found during an earlier
+ * function call) or -EIO if the device is not found.
+ */
+int tpm_open(struct spi_slave *slave, int tpm_number)
+{
+ active_tpm = &tpm_st33_spi_board_info[tpm_number];
+ active_tpm->timeout_a = TIS_SHORT_TIMEOUT_MS;
+ active_tpm->timeout_b = TIS_LONG_TIMEOUT_MS;
+ active_tpm->timeout_c = TIS_SHORT_TIMEOUT_MS;
+ active_tpm->timeout_d = TIS_SHORT_TIMEOUT_MS;
+ active_tpm->locality = LOCALITY0;
+ active_tpm->duration = TPM_MAX_COMMAND_DURATION_MS;
+ active_tpm->tpm_dev_spi_info = slave;
+ active_tpm->latency = 2;
+ active_tpm->is_open = 1;
+ if (spi_read8_reg(active_tpm, active_tpm->locality,
+ TPM_ACCESS, active_tpm->buf, 1) != 0) {
+ active_tpm->is_open = 0;
+ return -EIO;
+ }
+ debug("%s:%d - STMicroelectronics ST33ZP24 SPI TPM[%d] found\n",
+ __FILE__, __LINE__, tpm_number);
+ return 0;
+}
+
+/*
+ * tis_init() - Setup the SPI bus and check TPM(s) presence on the bus.
+ * Upon exit, TPM0 is the one active if present.
+ * @return: 0 on success (the device is found or was found during an earlier
+ * function call) or -ENODEV if the device is not found.
+ */
+int tis_init(void)
+{
+ int rc = 0;
+ struct spi_slave *slave;
+
+ slave = spi_setup_slave(TPM0_SPI_BUS_NUM, TPM0_SPI_CS,
+ TPM0_SPI_MAX_SPEED, SPI_MODE_0);
+ if (!slave) {
+ error("%s-%d - ST33ZP24 SPI TPM NOT found\n",
+ __FILE__, __LINE__);
+ return -ENXIO;
+ }
+ rc = tpm_open(slave, 0);
+ if (rc != 0)
+ goto out_err;
+#ifdef CONFIG_TPM_ST_2TPM
+ slave = spi_setup_slave(TPM1_SPI_BUS_NUM, TPM1_SPI_CS,
+ TPM1_SPI_MAX_SPEED, SPI_MODE_0);
+ if (!slave) {
+ error("%s:%d - ST33ZP24 2nd SPI TPM NOT found\n",
+ __FILE__, __LINE__);
+ return -ENXIO;
+ }
+ rc = tpm_open(slave, 1);
+#endif
+ active_tpm = &tpm_st33_spi_board_info[0];
+out_err:
+ return rc;
+}
+
+/*
+ * tis_sendrecv() send the requested data to the TPM and then try read response
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @recvbuf - memory to save the response to
+ * @recv_len - pointer to the size of the response buffer
+ * @return: 0 on success (and places the number of response bytes at recv_len)
+ * or negative value on failure.
+ */
+int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf,
+ size_t *rbuf_len)
+{
+ int len;
+
+ if (active_tpm->is_open == 0)
+ return -EPERM;
+ if (sizeof(active_tpm->buf) < sbuf_size)
+ return -EPERM;
+ len = tpm_stm_spi_send(active_tpm, sendbuf, sbuf_size);
+ if (len < sbuf_size) {
+ error("%s:%d - TPM error, command not fully transmitted",
+ __FILE__, __LINE__);
+ error(", only %d sent where expect %d\n", len, sbuf_size);
+ return -EPERM;
+ }
+ if (wait_for_stat(active_tpm, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+ active_tpm->timeout_c) != 0)
+ return -EIO;
+ len = tpm_stm_spi_recv(active_tpm, active_tpm->buf,
+ sizeof(active_tpm->buf));
+ if (len < 10) {
+ *rbuf_len = 0;
+ return -EIO;
+ }
+ if (recvbuf != NULL) {
+ memcpy(recvbuf, active_tpm->buf, len);
+ *rbuf_len = len;
+ } else {
+ error("%s:%d - recvbuf is NULL, drop the TPM answer\n",
+ __FILE__, __LINE__);
+ }
+
+ return 0;
+}
+
+/*
+ * tis_sendhashloc4() perform a hash in locality 4 in order to extend PCR17
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @return: 0 on success or negative value on failure.
+ */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size)
+{
+ int ret;
+
+ if (active_tpm->is_open == 0) {
+ error("%s:%d - TPM not yet initialized.\n",
+ __FILE__, __LINE__);
+ error(" Perform \"tpm init\" first.\n");
+ return -EPERM;
+ }
+ ret = tpm_stm_spi_send_hash(active_tpm, sendbuf, sbuf_size);
+ return ret;
+}
+
+/*
+ * tis_open() requests access to locality 0. After all commands have been
+ * completed the caller is supposed to call tis_close().
+ * @chip_number, the tpm chip to activate (0 or 1)
+ * @return: 0 on success, -EIO if an error occur
+ */
+int tis_open(void)
+{
+ if (tis_close())
+ return -EIO;
+ /* now request access to locality. */
+ if (request_locality(active_tpm) != 0) {
+ error("%s:%d - failed to lock locality 0\n",
+ __FILE__, __LINE__);
+ return -EIO;
+ }
+ return 0;
+}
+
+/*
+ * tis_close() terminate the current session with the TPM by releasing the
+ * locked locality.
+ * @return: Returns 0 on success or negative value on failure (in case lock
+ * removal did not succeed).
+ */
+int tis_close(void)
+{
+ return release_locality(active_tpm);
+}
+
+#ifdef CONFIG_TPM_ST_2TPM
+/*
+ * tis_select_tpm() switch the active TPM to "chip_number"
+ * removal did not succeed).
+ * @chip_number, TPM chip to activate (0 or 1)
+ * @return: 0 on success, negative value if an error occur
+ */
+int tis_select_tpm(int chip_number)
+{
+ if (chip_number > CONFIG_TPM_ST_2TPM - 1) {
+ error("%s:%d - Trying selected TPM number does not exist\n",
+ __FILE__, __LINE__);
+ return -EPERM;
+ }
+ active_tpm = &tpm_st33_spi_board_info[chip_number];
+ return 0;
+}
+#endif
diff --git a/include/tis.h b/include/tis.h
index 40a1f86..f2b2df3 100644
--- a/include/tis.h
+++ b/include/tis.h
@@ -53,5 +53,14 @@ int tis_close(void);
*/
int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf,
size_t *recv_len);
-
+#ifdef CONFIG_TPM_ST
+/*
+ * tis_sendhashloc4() perform a hash in locality 4 in order to extend PCR17
+ * @param: sendbuf - buffer of the data to send
+ * @param: send_size size of the data to send
+ *
+ * @return: 0 on success or -TPM_DRIVER_ERR on failure.
+ */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size);
+#endif /* CONFIG_TPM_ST */
#endif /* __TIS_H */
diff --git a/include/tpm.h b/include/tpm.h
index 88aeba2..90ae922 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -229,6 +229,18 @@ uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length);
*/
uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
+#ifdef CONFIG_TPM_ST
+/**
+ * Issue a TPM hash in locality4 command.
+ *
+ * @param in_digest any size value representing the event to be
+ * recorded
+ * @param length length of data bytes of input buffer
+ * @return 0 if success, otherwise means an error occurs.
+ */
+uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length);
+#endif /* CONFIG_TPM_ST */
+
/**
* Issue a TPM_PCRRead command.
*
@@ -239,6 +251,16 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
*/
uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count);
+#ifdef CONFIG_TPM_ST_2TPM
+/**
+ * On platform with 2 declared SPI TPM, select one or the other.
+ *
+ * @param TPM ID to select (0 or 1)
+ * @return 0 if success, otherwise means an error occurs.
+ */
+uint32_t tpm_spi_select(int selected_tpm);
+#endif /* CONFIG_TPM_ST_2TPM */
+
/**
* Issue a TSC_PhysicalPresence command. TPM physical presence flag
* is bit-wise OR'ed of flags listed in enum tpm_physical_presence.
diff --git a/lib/tpm.c b/lib/tpm.c
index 967c8e6..ea574f4 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -431,6 +431,19 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest)
return 0;
}
+#ifdef CONFIG_TPM_ST
+uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length)
+{
+ uint32_t err;
+
+ err = tis_sendhashloc4(in_digest, length);
+ if (err)
+ return err;
+
+ return 0;
+}
+#endif /* CONFIG_TPM_ST */
+
uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
{
const uint8_t command[14] = {
@@ -459,6 +472,19 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
return 0;
}
+#ifdef CONFIG_TPM_ST_2TPM
+uint32_t tpm_spi_select(int selected_tpm)
+{
+ uint32_t err;
+
+ err = tis_select_tpm(selected_tpm);
+ if (err)
+ return err;
+
+ return 0;
+}
+#endif /* CONFIG_TPM_ST_2TPM */
+
uint32_t tpm_tsc_physical_presence(uint16_t presence)
{
const uint8_t command[12] = {
--
1.7.9.5
More information about the U-Boot
mailing list