xref: /freebsd/sys/dev/tpm/tpm.c (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1 /*
2  * Copyright (c) 2008, 2009 Michael Shalayeff
3  * Copyright (c) 2009, 2010 Hans-Joerg Hoexer
4  * All rights reserved.
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
15  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
16  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 /* #define	TPM_DEBUG */
20 
21 #include <sys/param.h>
22 #include <sys/systm.h>
23 #include <sys/kernel.h>
24 #include <sys/malloc.h>
25 #include <sys/proc.h>
26 
27 #include <sys/module.h>
28 #include <sys/conf.h>
29 #include <sys/uio.h>
30 #include <sys/bus.h>
31 
32 #include <machine/bus.h>
33 #include <sys/rman.h>
34 #include <machine/resource.h>
35 
36 #include <machine/md_var.h>
37 
38 #include <isa/isareg.h>
39 #include <isa/isavar.h>
40 #include <dev/tpm/tpmvar.h>
41 
42 
43 #define	TPM_BUFSIZ	1024
44 
45 #define TPM_HDRSIZE	10
46 
47 #define TPM_PARAM_SIZE	0x0001
48 
49 #define IRQUNK	-1
50 
51 #define	TPM_ACCESS			0x0000	/* access register */
52 #define	TPM_ACCESS_ESTABLISHMENT	0x01	/* establishment */
53 #define	TPM_ACCESS_REQUEST_USE		0x02	/* request using locality */
54 #define	TPM_ACCESS_REQUEST_PENDING	0x04	/* pending request */
55 #define	TPM_ACCESS_SEIZE		0x08	/* request locality seize */
56 #define	TPM_ACCESS_SEIZED		0x10	/* locality has been seized */
57 #define	TPM_ACCESS_ACTIVE_LOCALITY	0x20	/* locality is active */
58 #define	TPM_ACCESS_VALID		0x80	/* bits are valid */
59 #define	TPM_ACCESS_BITS	\
60     "\020\01EST\02REQ\03PEND\04SEIZE\05SEIZED\06ACT\010VALID"
61 
62 #define	TPM_INTERRUPT_ENABLE	0x0008
63 #define	TPM_GLOBAL_INT_ENABLE	0x80000000	/* enable ints */
64 #define	TPM_CMD_READY_INT	0x00000080	/* cmd ready enable */
65 #define	TPM_INT_EDGE_FALLING	0x00000018
66 #define	TPM_INT_EDGE_RISING	0x00000010
67 #define	TPM_INT_LEVEL_LOW	0x00000008
68 #define	TPM_INT_LEVEL_HIGH	0x00000000
69 #define	TPM_LOCALITY_CHANGE_INT	0x00000004	/* locality change enable */
70 #define	TPM_STS_VALID_INT	0x00000002	/* int on TPM_STS_VALID is set */
71 #define	TPM_DATA_AVAIL_INT	0x00000001	/* int on TPM_STS_DATA_AVAIL is set */
72 #define	TPM_INTERRUPT_ENABLE_BITS \
73     "\020\040ENA\010RDY\03LOCH\02STSV\01DRDY"
74 
75 #define	TPM_INT_VECTOR		0x000c	/* 8 bit reg for 4 bit irq vector */
76 #define	TPM_INT_STATUS		0x0010	/* bits are & 0x87 from TPM_INTERRUPT_ENABLE */
77 
78 #define	TPM_INTF_CAPABILITIES		0x0014	/* capability register */
79 #define	TPM_INTF_BURST_COUNT_STATIC	0x0100	/* TPM_STS_BMASK static */
80 #define	TPM_INTF_CMD_READY_INT		0x0080	/* int on ready supported */
81 #define	TPM_INTF_INT_EDGE_FALLING	0x0040	/* falling edge ints supported */
82 #define	TPM_INTF_INT_EDGE_RISING	0x0020	/* rising edge ints supported */
83 #define	TPM_INTF_INT_LEVEL_LOW		0x0010	/* level-low ints supported */
84 #define	TPM_INTF_INT_LEVEL_HIGH		0x0008	/* level-high ints supported */
85 #define	TPM_INTF_LOCALITY_CHANGE_INT	0x0004	/* locality-change int (mb 1) */
86 #define	TPM_INTF_STS_VALID_INT		0x0002	/* TPM_STS_VALID int supported */
87 #define	TPM_INTF_DATA_AVAIL_INT		0x0001	/* TPM_STS_DATA_AVAIL int supported (mb 1) */
88 #define	TPM_CAPSREQ \
89   (TPM_INTF_DATA_AVAIL_INT|TPM_INTF_LOCALITY_CHANGE_INT|TPM_INTF_INT_LEVEL_LOW)
90 #define	TPM_CAPBITS \
91   "\020\01IDRDY\02ISTSV\03ILOCH\04IHIGH\05ILOW\06IEDGE\07IFALL\010IRDY\011BCST"
92 
93 #define	TPM_STS			0x0018		/* status register */
94 #define TPM_STS_MASK		0x000000ff	/* status bits */
95 #define	TPM_STS_BMASK		0x00ffff00	/* ro io burst size */
96 #define	TPM_STS_VALID		0x00000080	/* ro other bits are valid */
97 #define	TPM_STS_CMD_READY	0x00000040	/* rw chip/signal ready */
98 #define	TPM_STS_GO		0x00000020	/* wo start the command */
99 #define	TPM_STS_DATA_AVAIL	0x00000010	/* ro data available */
100 #define	TPM_STS_DATA_EXPECT	0x00000008	/* ro more data to be written */
101 #define	TPM_STS_RESP_RETRY	0x00000002	/* wo resend the response */
102 #define	TPM_STS_BITS	"\020\010VALID\07RDY\06GO\05DRDY\04EXPECT\02RETRY"
103 
104 #define	TPM_DATA	0x0024
105 #define	TPM_ID		0x0f00
106 #define	TPM_REV		0x0f04
107 #define	TPM_SIZE	0x5000		/* five pages of the above */
108 
109 #define	TPM_ACCESS_TMO	2000		/* 2sec */
110 #define	TPM_READY_TMO	2000		/* 2sec */
111 #define	TPM_READ_TMO	120000		/* 2 minutes */
112 #define TPM_BURST_TMO	2000		/* 2sec */
113 
114 #define	TPM_LEGACY_BUSY	0x01
115 #define	TPM_LEGACY_ABRT	0x01
116 #define	TPM_LEGACY_DA	0x02
117 #define	TPM_LEGACY_RE	0x04
118 #define	TPM_LEGACY_LAST	0x04
119 #define	TPM_LEGACY_BITS	"\020\01BUSY\2DA\3RE\4LAST"
120 #define	TPM_LEGACY_TMO		(2*60)	/* sec */
121 #define	TPM_LEGACY_SLEEP	5	/* ticks */
122 #define	TPM_LEGACY_DELAY	100
123 
124 /* Set when enabling legacy interface in host bridge. */
125 int tpm_enabled;
126 
127 #define	TPMSOFTC(dev) \
128 	((struct tpm_softc *)dev->si_drv1)
129 
130 d_open_t	tpmopen;
131 d_close_t	tpmclose;
132 d_read_t	tpmread;
133 d_write_t	tpmwrite;
134 d_ioctl_t	tpmioctl;
135 
136 static struct cdevsw tpm_cdevsw = {
137 	.d_version =	D_VERSION,
138 	.d_flags =	D_NEEDGIANT,
139 	.d_open =	tpmopen,
140 	.d_close =	tpmclose,
141 	.d_read =	tpmread,
142 	.d_write =	tpmwrite,
143 	.d_ioctl =	tpmioctl,
144 	.d_name =	"tpm",
145 };
146 
147 const struct {
148 	u_int32_t devid;
149 	char name[32];
150 	int flags;
151 #define TPM_DEV_NOINTS	0x0001
152 } tpm_devs[] = {
153 	{ 0x000615d1, "IFX SLD 9630 TT 1.1", 0 },
154 	{ 0x000b15d1, "IFX SLB 9635 TT 1.2", 0 },
155 	{ 0x100214e4, "Broadcom BCM0102", TPM_DEV_NOINTS },
156 	{ 0x00fe1050, "WEC WPCT200", 0 },
157 	{ 0x687119fa, "SNS SSX35", 0 },
158 	{ 0x2e4d5453, "STM ST19WP18", 0 },
159 	{ 0x32021114, "ATML 97SC3203", TPM_DEV_NOINTS },
160 	{ 0x10408086, "INTEL INTC0102", 0 },
161 	{ 0, "", TPM_DEV_NOINTS },
162 };
163 
164 int tpm_tis12_irqinit(struct tpm_softc *, int, int);
165 int tpm_tis12_init(struct tpm_softc *, int, const char *);
166 int tpm_tis12_start(struct tpm_softc *, int);
167 int tpm_tis12_read(struct tpm_softc *, void *, int, size_t *, int);
168 int tpm_tis12_write(struct tpm_softc *, void *, int);
169 int tpm_tis12_end(struct tpm_softc *, int, int);
170 
171 void tpm_intr(void *);
172 
173 int tpm_waitfor_poll(struct tpm_softc *, u_int8_t, int, void *);
174 int tpm_waitfor_int(struct tpm_softc *, u_int8_t, int, void *, int);
175 int tpm_waitfor(struct tpm_softc *, u_int8_t, int, void *);
176 int tpm_request_locality(struct tpm_softc *, int);
177 int tpm_getburst(struct tpm_softc *);
178 u_int8_t tpm_status(struct tpm_softc *);
179 int tpm_tmotohz(int);
180 
181 int tpm_legacy_probe(bus_space_tag_t, bus_addr_t);
182 int tpm_legacy_init(struct tpm_softc *, int, const char *);
183 int tpm_legacy_start(struct tpm_softc *, int);
184 int tpm_legacy_read(struct tpm_softc *, void *, int, size_t *, int);
185 int tpm_legacy_write(struct tpm_softc *, void *, int);
186 int tpm_legacy_end(struct tpm_softc *, int, int);
187 
188 
189 /*
190  * FreeBSD specific code for probing and attaching TPM to device tree.
191  */
192 #if 0
193 static void
194 tpm_identify(driver_t *driver, device_t parent)
195 {
196 	BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
197 }
198 #endif
199 
200 int
201 tpm_attach(device_t dev)
202 {
203 	struct tpm_softc *sc = device_get_softc(dev);
204 	int irq;
205 
206 	sc->mem_rid = 0;
207 	sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
208 	    RF_ACTIVE);
209 	if (sc->mem_res == NULL)
210 		return ENXIO;
211 
212 	sc->sc_bt = rman_get_bustag(sc->mem_res);
213 	sc->sc_bh = rman_get_bushandle(sc->mem_res);
214 
215 	sc->irq_rid = 0;
216 	sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
217 	    RF_ACTIVE | RF_SHAREABLE);
218 	if (sc->irq_res != NULL)
219 		irq = rman_get_start(sc->irq_res);
220 	else
221 		irq = IRQUNK;
222 
223 	/* In case PnP probe this may contain some initialization. */
224 	tpm_tis12_probe(sc->sc_bt, sc->sc_bh);
225 
226 	if (tpm_legacy_probe(sc->sc_bt, sc->sc_bh)) {
227 		sc->sc_init = tpm_legacy_init;
228 		sc->sc_start = tpm_legacy_start;
229 		sc->sc_read = tpm_legacy_read;
230 		sc->sc_write = tpm_legacy_write;
231 		sc->sc_end = tpm_legacy_end;
232 	} else {
233 		sc->sc_init = tpm_tis12_init;
234 		sc->sc_start = tpm_tis12_start;
235 		sc->sc_read = tpm_tis12_read;
236 		sc->sc_write = tpm_tis12_write;
237 		sc->sc_end = tpm_tis12_end;
238 	}
239 
240 	printf("%s", device_get_name(dev));
241 	if ((sc->sc_init)(sc, irq, "tpm")) {
242 		tpm_detach(dev);
243 		return ENXIO;
244 	}
245 
246 	if (sc->sc_init == tpm_tis12_init && sc->irq_res != NULL &&
247 	    bus_setup_intr(dev, sc->irq_res, INTR_TYPE_TTY, NULL,
248 	    tpm_intr, sc, &sc->intr_cookie) != 0) {
249 		tpm_detach(dev);
250 		printf(": cannot establish interrupt\n");
251 		return 1;
252 	}
253 
254 	sc->sc_cdev = make_dev(&tpm_cdevsw, device_get_unit(dev),
255 			    UID_ROOT, GID_WHEEL, 0600, "tpm");
256 	sc->sc_cdev->si_drv1 = sc;
257 
258 	return 0;
259 }
260 
261 int
262 tpm_detach(device_t dev)
263 {
264 	struct tpm_softc * sc = device_get_softc(dev);
265 
266 	if(sc->intr_cookie){
267 		bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
268 	}
269 
270 	if(sc->mem_res){
271 		bus_release_resource(dev, SYS_RES_MEMORY,
272 				     sc->mem_rid, sc->mem_res);
273 	}
274 
275 	if(sc->irq_res){
276 		bus_release_resource(dev, SYS_RES_IRQ,
277 				     sc->irq_rid, sc->irq_res);
278 	}
279 	if(sc->sc_cdev){
280 		destroy_dev(sc->sc_cdev);
281 	}
282 
283 	return 0;
284 }
285 
286 
287 /* Probe TPM using TIS 1.2 interface. */
288 int
289 tpm_tis12_probe(bus_space_tag_t bt, bus_space_handle_t bh)
290 {
291 	u_int32_t r;
292 	u_int8_t save, reg;
293 
294 	r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES);
295 	if (r == 0xffffffff)
296 		return 0;
297 
298 #ifdef TPM_DEBUG
299 	printf("tpm: caps=%b\n", r, TPM_CAPBITS);
300 #endif
301 	if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
302 	    !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
303 #ifdef TPM_DEBUG
304 		printf("tpm: caps too low (caps=%b)\n", r, TPM_CAPBITS);
305 #endif
306 		return 0;
307 	}
308 
309 	save = bus_space_read_1(bt, bh, TPM_ACCESS);
310 	bus_space_write_1(bt, bh, TPM_ACCESS, TPM_ACCESS_REQUEST_USE);
311 	reg = bus_space_read_1(bt, bh, TPM_ACCESS);
312 	if ((reg & TPM_ACCESS_VALID) && (reg & TPM_ACCESS_ACTIVE_LOCALITY) &&
313 	    bus_space_read_4(bt, bh, TPM_ID) != 0xffffffff)
314 		return 1;
315 
316 	bus_space_write_1(bt, bh, TPM_ACCESS, save);
317 	return 0;
318 }
319 
320 /*
321  * Setup interrupt vector if one is provided and interrupts are know to
322  * work on that particular chip.
323  */
324 int
325 tpm_tis12_irqinit(struct tpm_softc *sc, int irq, int idx)
326 {
327 	u_int32_t r;
328 
329 	if ((irq == IRQUNK) || (tpm_devs[idx].flags & TPM_DEV_NOINTS)) {
330 		sc->sc_vector = IRQUNK;
331 		return 0;
332 	}
333 
334 	/* Ack and disable all interrupts. */
335 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
336 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
337 	    ~TPM_GLOBAL_INT_ENABLE);
338 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS,
339 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS));
340 
341 	/* Program interrupt vector. */
342 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_INT_VECTOR, irq);
343 	sc->sc_vector = irq;
344 
345 	/* Program interrupt type. */
346 	if (sc->sc_capabilities & TPM_INTF_INT_EDGE_RISING)
347 		r = TPM_INT_EDGE_RISING;
348 	else if (sc->sc_capabilities & TPM_INTF_INT_LEVEL_HIGH)
349 		r = TPM_INT_LEVEL_HIGH;
350 	else
351 		r = TPM_INT_LEVEL_LOW;
352 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, r);
353 
354 	return 0;
355 }
356 
357 /* Setup TPM using TIS 1.2 interface. */
358 int
359 tpm_tis12_init(struct tpm_softc *sc, int irq, const char *name)
360 {
361 	u_int32_t r;
362 	int i;
363 
364 	r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES);
365 #ifdef TPM_DEBUG
366 	printf(" caps=%b ", r, TPM_CAPBITS);
367 #endif
368 	if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
369 	    !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
370 		printf(": capabilities too low (caps=%b)\n", r, TPM_CAPBITS);
371 		return 1;
372 	}
373 	sc->sc_capabilities = r;
374 
375 	sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID);
376 	sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV);
377 
378 	for (i = 0; tpm_devs[i].devid; i++)
379 		if (tpm_devs[i].devid == sc->sc_devid)
380 			break;
381 
382 	if (tpm_devs[i].devid)
383 		printf(": %s rev 0x%x\n", tpm_devs[i].name, sc->sc_rev);
384 	else
385 		printf(": device 0x%08x rev 0x%x\n", sc->sc_devid, sc->sc_rev);
386 
387 	if (tpm_tis12_irqinit(sc, irq, i))
388 		return 1;
389 
390 	if (tpm_request_locality(sc, 0))
391 		return 1;
392 
393 	/* Abort whatever it thought it was doing. */
394 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
395 
396 	return 0;
397 }
398 
399 int
400 tpm_request_locality(struct tpm_softc *sc, int l)
401 {
402 	u_int32_t r;
403 	int to, rv;
404 
405 	if (l != 0)
406 		return EINVAL;
407 
408 	if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
409 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) ==
410 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY))
411 		return 0;
412 
413 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS,
414 	    TPM_ACCESS_REQUEST_USE);
415 
416 	to = tpm_tmotohz(TPM_ACCESS_TMO);
417 
418 	while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
419 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
420 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) {
421 		rv = tsleep(sc->sc_init, PRIBIO | PCATCH, "tpm_locality", 1);
422 		if (rv &&  rv != EWOULDBLOCK) {
423 #ifdef TPM_DEBUG
424 			printf("tpm_request_locality: interrupted %d\n", rv);
425 #endif
426 			return rv;
427 		}
428 	}
429 
430 	if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
431 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) {
432 #ifdef TPM_DEBUG
433 		printf("tpm_request_locality: access %b\n", r, TPM_ACCESS_BITS);
434 #endif
435 		return EBUSY;
436 	}
437 
438 	return 0;
439 }
440 
441 int
442 tpm_getburst(struct tpm_softc *sc)
443 {
444 	int burst, to, rv;
445 
446 	to = tpm_tmotohz(TPM_BURST_TMO);
447 
448 	burst = 0;
449 	while (burst == 0 && to--) {
450 		/*
451 		 * Burst count has to be read from bits 8 to 23 without
452 		 * touching any other bits, eg. the actual status bits 0
453 		 * to 7.
454 		 */
455 		burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1);
456 		burst |= bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2)
457 		    << 8;
458 #ifdef TPM_DEBUG
459 		printf("tpm_getburst: read %d\n", burst);
460 #endif
461 		if (burst)
462 			return burst;
463 
464 		rv = tsleep(sc, PRIBIO | PCATCH, "tpm_getburst", 1);
465 		if (rv && rv != EWOULDBLOCK) {
466 			return 0;
467 		}
468 	}
469 
470 	return 0;
471 }
472 
473 u_int8_t
474 tpm_status(struct tpm_softc *sc)
475 {
476 	u_int8_t status;
477 
478 	status = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) &
479 	    TPM_STS_MASK;
480 
481 	return status;
482 }
483 
484 int
485 tpm_tmotohz(int tmo)
486 {
487 	struct timeval tv;
488 
489 	tv.tv_sec = tmo / 1000;
490 	tv.tv_usec = 1000 * (tmo % 1000);
491 
492 	return tvtohz(&tv);
493 }
494 
495 /* Save TPM state on suspend. */
496 int
497 tpm_suspend(device_t dev)
498 {
499 	struct tpm_softc *sc = device_get_softc(dev);
500 	int why = 1;
501 	u_int8_t command[] = {
502 	    0, 193,		/* TPM_TAG_RQU_COMMAND */
503 	    0, 0, 0, 10,	/* Length in bytes */
504 	    0, 0, 0, 156	/* TPM_ORD_SaveStates */
505 	};
506 
507 	/*
508 	 * Power down:  We have to issue the SaveStates command.
509 	 */
510 	sc->sc_write(sc, &command, sizeof(command));
511 	sc->sc_read(sc, &command, sizeof(command), NULL, TPM_HDRSIZE);
512 #ifdef TPM_DEBUG
513 	printf("tpm_suspend: power down: %d -> %d\n", sc->sc_suspend, why);
514 #endif
515 	sc->sc_suspend = why;
516 
517 	return 0;
518 }
519 
520 /*
521  * Handle resume event.  Actually nothing to do as the BIOS is supposed
522  * to restore the previously saved state.
523  */
524 int
525 tpm_resume(device_t dev)
526 {
527 	struct tpm_softc *sc = device_get_softc(dev);
528 	int why = 0;
529 #ifdef TPM_DEBUG
530 	printf("tpm_resume: resume: %d -> %d\n", sc->sc_suspend, why);
531 #endif
532 	sc->sc_suspend = why;
533 
534 	return 0;
535 }
536 
537 /* Dispatch suspend and resume events. */
538 
539 /* Wait for given status bits using polling. */
540 int
541 tpm_waitfor_poll(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c)
542 {
543 	int rv;
544 
545 	/*
546 	 * Poll until either the requested condition or a time out is
547 	 * met.
548 	 */
549 	while (((sc->sc_stat = tpm_status(sc)) & mask) != mask && tmo--) {
550 		rv = tsleep(c, PRIBIO | PCATCH, "tpm_poll", 1);
551 		if (rv && rv != EWOULDBLOCK) {
552 #ifdef TPM_DEBUG
553 			printf("tpm_waitfor_poll: interrupted %d\n", rv);
554 #endif
555 			return rv;
556 		}
557 	}
558 
559 	return 0;
560 }
561 
562 /* Wait for given status bits using interrupts. */
563 int
564 tpm_waitfor_int(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c,
565     int inttype)
566 {
567 	int rv, to;
568 
569 	/* Poll and return when condition is already met. */
570 	sc->sc_stat = tpm_status(sc);
571 	if ((sc->sc_stat & mask) == mask)
572 		return 0;
573 
574 	/*
575 	 * Enable interrupt on tpm chip.  Note that interrupts on our
576 	 * level (SPL_TTY) are disabled (see tpm{read,write} et al) and
577 	 * will not be delivered to the cpu until we call tsleep(9) below.
578 	 */
579 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
580 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
581 	    inttype);
582 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
583 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
584 	    TPM_GLOBAL_INT_ENABLE);
585 
586 	/*
587 	 * Poll once more to remedy the race between previous polling
588 	 * and enabling interrupts on the tpm chip.
589 	 */
590 	sc->sc_stat = tpm_status(sc);
591 	if ((sc->sc_stat & mask) == mask) {
592 		rv = 0;
593 		goto out;
594 	}
595 
596 	to = tpm_tmotohz(tmo);
597 #ifdef TPM_DEBUG
598 	printf("tpm_waitfor_int: sleeping for %d ticks on %p\n", to, c);
599 #endif
600 	/*
601 	 * tsleep(9) enables interrupts on the cpu and returns after
602 	 * wake up with interrupts disabled again.  Note that interrupts
603 	 * generated by the tpm chip while being at SPL_TTY are not lost
604 	 * but held and delivered as soon as the cpu goes below SPL_TTY.
605 	 */
606 	rv = tsleep(c, PRIBIO | PCATCH, "tpm_intr", to);
607 
608 	sc->sc_stat = tpm_status(sc);
609 #ifdef TPM_DEBUG
610 	printf("tpm_waitfor_int: woke up with rv %d stat %b\n", rv,
611 	    sc->sc_stat, TPM_STS_BITS);
612 #endif
613 	if ((sc->sc_stat & mask) == mask)
614 		rv = 0;
615 
616 	/* Disable interrupts on tpm chip again. */
617 out:	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
618 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
619 	    ~TPM_GLOBAL_INT_ENABLE);
620 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
621 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
622 	    ~inttype);
623 
624 	return rv;
625 }
626 
627 /*
628  * Wait on given status bits, uses interrupts where possible, otherwise polls.
629  */
630 int
631 tpm_waitfor(struct tpm_softc *sc, u_int8_t b0, int tmo, void *c)
632 {
633 	u_int8_t b;
634 	int re, to, rv;
635 
636 #ifdef TPM_DEBUG
637 	printf("tpm_waitfor: b0 %b\n", b0, TPM_STS_BITS);
638 #endif
639 
640 	/*
641 	 * If possible, use interrupts, otherwise poll.
642 	 *
643 	 * We use interrupts for TPM_STS_VALID and TPM_STS_DATA_AVAIL (if
644 	 * the tpm chips supports them) as waiting for those can take
645 	 * really long.  The other TPM_STS* are not needed very often
646 	 * so we do not support them.
647 	 */
648 	if (sc->sc_vector != IRQUNK) {
649 		b = b0;
650 
651 		/*
652 		 * Wait for data ready.  This interrupt only occurs
653 		 * when both TPM_STS_VALID and TPM_STS_DATA_AVAIL are asserted.
654 		 * Thus we don't have to bother with TPM_STS_VALID
655 		 * separately and can just return.
656 		 *
657 		 * This only holds for interrupts!  When using polling
658 		 * both flags have to be waited for, see below.
659 		 */
660 		if ((b & TPM_STS_DATA_AVAIL) && (sc->sc_capabilities &
661 		    TPM_INTF_DATA_AVAIL_INT))
662 			return tpm_waitfor_int(sc, b, tmo, c,
663 			    TPM_DATA_AVAIL_INT);
664 
665 		/* Wait for status valid bit. */
666 		if ((b & TPM_STS_VALID) && (sc->sc_capabilities &
667 		    TPM_INTF_STS_VALID_INT)) {
668 			rv = tpm_waitfor_int(sc, b, tmo, c, TPM_STS_VALID_INT);
669 			if (rv != 0)
670 				return rv;
671 			else
672 				b = b0 & ~TPM_STS_VALID;
673 		}
674 
675 		/*
676 		 * When all flags are taken care of, return.  Otherwise
677 		 * use polling for eg. TPM_STS_CMD_READY.
678 		 */
679 		if (b == 0)
680 			return 0;
681 	}
682 
683 	re = 3;
684 restart:
685 	/*
686 	 * If requested wait for TPM_STS_VALID before dealing with
687 	 * any other flag.  Eg. when both TPM_STS_DATA_AVAIL and TPM_STS_VALID
688 	 * are requested, wait for the latter first.
689 	 */
690 	b = b0;
691 	if (b0 & TPM_STS_VALID)
692 		b = TPM_STS_VALID;
693 
694 	to = tpm_tmotohz(tmo);
695 again:
696 	if ((rv = tpm_waitfor_poll(sc, b, to, c)) != 0)
697 		return rv;
698 
699 	if ((b & sc->sc_stat) == TPM_STS_VALID) {
700 		/* Now wait for other flags. */
701 		b = b0 & ~TPM_STS_VALID;
702 		to++;
703 		goto again;
704 	}
705 
706 	if ((sc->sc_stat & b) != b) {
707 #ifdef TPM_DEBUG
708 		printf("tpm_waitfor: timeout: stat=%b b=%b\n",
709 		    sc->sc_stat, TPM_STS_BITS, b, TPM_STS_BITS);
710 #endif
711 		if (re-- && (b0 & TPM_STS_VALID)) {
712 			bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
713 			    TPM_STS_RESP_RETRY);
714 			goto restart;
715 		}
716 		return EIO;
717 	}
718 
719 	return 0;
720 }
721 
722 /* Start transaction. */
723 int
724 tpm_tis12_start(struct tpm_softc *sc, int flag)
725 {
726 	int rv;
727 
728 	if (flag == UIO_READ) {
729 		rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
730 		    TPM_READ_TMO, sc->sc_read);
731 		return rv;
732 	}
733 
734 	/* Own our (0th) locality. */
735 	if ((rv = tpm_request_locality(sc, 0)) != 0)
736 		return rv;
737 
738 	sc->sc_stat = tpm_status(sc);
739 	if (sc->sc_stat & TPM_STS_CMD_READY) {
740 #ifdef TPM_DEBUG
741 		printf("tpm_tis12_start: UIO_WRITE status %b\n", sc->sc_stat,
742 		   TPM_STS_BITS);
743 #endif
744 		return 0;
745 	}
746 
747 #ifdef TPM_DEBUG
748 	printf("tpm_tis12_start: UIO_WRITE readying chip\n");
749 #endif
750 
751 	/* Abort previous and restart. */
752 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
753 	if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READY_TMO,
754 	    sc->sc_write))) {
755 #ifdef TPM_DEBUG
756 		printf("tpm_tis12_start: UIO_WRITE readying failed %d\n", rv);
757 #endif
758 		return rv;
759 	}
760 
761 #ifdef TPM_DEBUG
762 	printf("tpm_tis12_start: UIO_WRITE readying done\n");
763 #endif
764 
765 	return 0;
766 }
767 
768 int
769 tpm_tis12_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
770     int flags)
771 {
772 	u_int8_t *p = buf;
773 	size_t cnt;
774 	int rv, n, bcnt;
775 
776 #ifdef TPM_DEBUG
777 	printf("tpm_tis12_read: len %d\n", len);
778 #endif
779 	cnt = 0;
780 	while (len > 0) {
781 		if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
782 		    TPM_READ_TMO, sc->sc_read)))
783 			return rv;
784 
785 		bcnt = tpm_getburst(sc);
786 		n = MIN(len, bcnt);
787 #ifdef TPM_DEBUG
788 		printf("tpm_tis12_read: fetching %d, burst is %d\n", n, bcnt);
789 #endif
790 		for (; n--; len--) {
791 			*p++ = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA);
792 			cnt++;
793 		}
794 
795 		if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6)
796 			break;
797 	}
798 #ifdef TPM_DEBUG
799 	printf("tpm_tis12_read: read %zd bytes, len %d\n", cnt, len);
800 #endif
801 
802 	if (count)
803 		*count = cnt;
804 
805 	return 0;
806 }
807 
808 int
809 tpm_tis12_write(struct tpm_softc *sc, void *buf, int len)
810 {
811 	u_int8_t *p = buf;
812 	size_t cnt;
813 	int rv, r;
814 
815 #ifdef TPM_DEBUG
816 	printf("tpm_tis12_write: sc %p buf %p len %d\n", sc, buf, len);
817 #endif
818 
819 	if ((rv = tpm_request_locality(sc, 0)) != 0)
820 		return rv;
821 
822 	cnt = 0;
823 	while (cnt < len - 1) {
824 		for (r = tpm_getburst(sc); r > 0 && cnt < len - 1; r--) {
825 			bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
826 			cnt++;
827 		}
828 		if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
829 #ifdef TPM_DEBUG
830 			printf("tpm_tis12_write: failed burst rv %d\n", rv);
831 #endif
832 			return rv;
833 		}
834 		sc->sc_stat = tpm_status(sc);
835 		if (!(sc->sc_stat & TPM_STS_DATA_EXPECT)) {
836 #ifdef TPM_DEBUG
837 			printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
838 			    sc->sc_stat, TPM_STS_BITS);
839 #endif
840 			return EIO;
841 		}
842 	}
843 
844 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
845 	cnt++;
846 
847 	if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
848 #ifdef TPM_DEBUG
849 		printf("tpm_tis12_write: failed last byte rv %d\n", rv);
850 #endif
851 		return rv;
852 	}
853 	if ((sc->sc_stat & TPM_STS_DATA_EXPECT) != 0) {
854 #ifdef TPM_DEBUG
855 		printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
856 		    sc->sc_stat, TPM_STS_BITS);
857 #endif
858 		return EIO;
859 	}
860 
861 #ifdef TPM_DEBUG
862 	printf("tpm_tis12_write: wrote %d byte\n", cnt);
863 #endif
864 
865 	return 0;
866 }
867 
868 /* Finish transaction. */
869 int
870 tpm_tis12_end(struct tpm_softc *sc, int flag, int err)
871 {
872 	int rv = 0;
873 
874 	if (flag == UIO_READ) {
875 		if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO,
876 		    sc->sc_read)))
877 			return rv;
878 
879 		/* Still more data? */
880 		sc->sc_stat = tpm_status(sc);
881 		if (!err && ((sc->sc_stat & TPM_STS_DATA_AVAIL) == TPM_STS_DATA_AVAIL)) {
882 #ifdef TPM_DEBUG
883 			printf("tpm_tis12_end: read failed stat=%b\n",
884 			    sc->sc_stat, TPM_STS_BITS);
885 #endif
886 			rv = EIO;
887 		}
888 
889 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
890 		    TPM_STS_CMD_READY);
891 
892 		/* Release our (0th) locality. */
893 		bus_space_write_1(sc->sc_bt, sc->sc_bh,TPM_ACCESS,
894 		    TPM_ACCESS_ACTIVE_LOCALITY);
895 	} else {
896 		/* Hungry for more? */
897 		sc->sc_stat = tpm_status(sc);
898 		if (!err && (sc->sc_stat & TPM_STS_DATA_EXPECT)) {
899 #ifdef TPM_DEBUG
900 			printf("tpm_tis12_end: write failed stat=%b\n",
901 			    sc->sc_stat, TPM_STS_BITS);
902 #endif
903 			rv = EIO;
904 		}
905 
906 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
907 		    err ? TPM_STS_CMD_READY : TPM_STS_GO);
908 	}
909 
910 	return rv;
911 }
912 
913 void
914 tpm_intr(void *v)
915 {
916 	struct tpm_softc *sc = v;
917 	u_int32_t r;
918 #ifdef TPM_DEBUG
919 	static int cnt = 0;
920 #endif
921 
922 	r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS);
923 #ifdef TPM_DEBUG
924 	if (r != 0)
925 		printf("tpm_intr: int=%b (%d)\n", r, TPM_INTERRUPT_ENABLE_BITS,
926 		    cnt);
927 	else
928 		cnt++;
929 #endif
930 	if (!(r & (TPM_CMD_READY_INT | TPM_LOCALITY_CHANGE_INT |
931 	    TPM_STS_VALID_INT | TPM_DATA_AVAIL_INT)))
932 		return;
933 	if (r & TPM_STS_VALID_INT)
934 		wakeup(sc);
935 
936 	if (r & TPM_CMD_READY_INT)
937 		wakeup(sc->sc_write);
938 
939 	if (r & TPM_DATA_AVAIL_INT)
940 		wakeup(sc->sc_read);
941 
942 	if (r & TPM_LOCALITY_CHANGE_INT)
943 		wakeup(sc->sc_init);
944 
945 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, r);
946 
947 	return;
948 }
949 
950 /* Read single byte using legacy interface. */
951 static inline u_int8_t
952 tpm_legacy_in(bus_space_tag_t iot, bus_space_handle_t ioh, int reg)
953 {
954 	bus_space_write_1(iot, ioh, 0, reg);
955 	return bus_space_read_1(iot, ioh, 1);
956 }
957 
958 #if 0
959 /* Write single byte using legacy interface. */
960 static inline void
961 tpm_legacy_out(bus_space_tag_t iot, bus_space_handle_t ioh, int reg, u_int8_t v)
962 {
963 	bus_space_write_1(iot, ioh, 0, reg);
964 	bus_space_write_1(iot, ioh, 1, v);
965 }
966 #endif
967 
968 /* Probe for TPM using legacy interface. */
969 int
970 tpm_legacy_probe(bus_space_tag_t iot, bus_addr_t iobase)
971 {
972 	bus_space_handle_t ioh;
973 	u_int8_t r, v;
974 	int i, rv = 0;
975 	char id[8];
976 
977 	if (!tpm_enabled || iobase == -1)
978 		return 0;
979 
980 	if (bus_space_map(iot, iobase, 2, 0, &ioh))
981 		return 0;
982 
983 	v = bus_space_read_1(iot, ioh, 0);
984 	if (v == 0xff) {
985 		bus_space_unmap(iot, ioh, 2);
986 		return 0;
987 	}
988 	r = bus_space_read_1(iot, ioh, 1);
989 
990 	for (i = sizeof(id); i--; )
991 		id[i] = tpm_legacy_in(iot, ioh, TPM_ID + i);
992 
993 #ifdef TPM_DEBUG
994 	printf("tpm_legacy_probe %.4s %d.%d.%d.%d\n",
995 	    &id[4], id[0], id[1], id[2], id[3]);
996 #endif
997 	/*
998 	 * The only chips using the legacy interface we are aware of are
999 	 * by Atmel.  For other chips more signature would have to be added.
1000 	 */
1001 	if (!bcmp(&id[4], "ATML", 4))
1002 		rv = 1;
1003 
1004 	if (!rv) {
1005 		bus_space_write_1(iot, ioh, r, 1);
1006 		bus_space_write_1(iot, ioh, v, 0);
1007 	}
1008 	bus_space_unmap(iot, ioh, 2);
1009 
1010 	return rv;
1011 }
1012 
1013 /* Setup TPM using legacy interface. */
1014 int
1015 tpm_legacy_init(struct tpm_softc *sc, int irq, const char *name)
1016 {
1017 	char id[8];
1018 	int i;
1019 
1020 	if ((i = bus_space_map(sc->sc_batm, tpm_enabled, 2, 0, &sc->sc_bahm))) {
1021 		printf(": cannot map tpm registers (%d)\n", i);
1022 		tpm_enabled = 0;
1023 		return 1;
1024 	}
1025 
1026 	for (i = sizeof(id); i--; )
1027 		id[i] = tpm_legacy_in(sc->sc_bt, sc->sc_bh, TPM_ID + i);
1028 
1029 	printf(": %.4s %d.%d @0x%x\n", &id[4], id[0], id[1], tpm_enabled);
1030 	tpm_enabled = 0;
1031 
1032 	return 0;
1033 }
1034 
1035 /* Start transaction. */
1036 int
1037 tpm_legacy_start(struct tpm_softc *sc, int flag)
1038 {
1039 	struct timeval tv;
1040 	u_int8_t bits, r;
1041 	int to, rv;
1042 
1043 	bits = flag == UIO_READ ? TPM_LEGACY_DA : 0;
1044 	tv.tv_sec = TPM_LEGACY_TMO;
1045 	tv.tv_usec = 0;
1046 	to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
1047 	while (((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
1048 	    (TPM_LEGACY_BUSY|bits)) != bits && to--) {
1049 		rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_start",
1050 		    TPM_LEGACY_SLEEP);
1051 		if (rv && rv != EWOULDBLOCK)
1052 			return rv;
1053 	}
1054 
1055 	if ((r & (TPM_LEGACY_BUSY|bits)) != bits)
1056 		return EIO;
1057 
1058 	return 0;
1059 }
1060 
1061 int
1062 tpm_legacy_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
1063     int flags)
1064 {
1065 	u_int8_t *p;
1066 	size_t cnt;
1067 	int to, rv;
1068 
1069 	cnt = rv = 0;
1070 	for (p = buf; !rv && len > 0; len--) {
1071 		for (to = 1000;
1072 		    !(bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1) &
1073 		    TPM_LEGACY_DA); DELAY(1))
1074 			if (!to--)
1075 				return EIO;
1076 
1077 		DELAY(TPM_LEGACY_DELAY);
1078 		*p++ = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 0);
1079 		cnt++;
1080 	}
1081 
1082 	*count = cnt;
1083 	return 0;
1084 }
1085 
1086 int
1087 tpm_legacy_write(struct tpm_softc *sc, void *buf, int len)
1088 {
1089 	u_int8_t *p;
1090 	int n;
1091 
1092 	for (p = buf, n = len; n--; DELAY(TPM_LEGACY_DELAY)) {
1093 		if (!n && len != TPM_BUFSIZ) {
1094 			bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1,
1095 			    TPM_LEGACY_LAST);
1096 			DELAY(TPM_LEGACY_DELAY);
1097 		}
1098 		bus_space_write_1(sc->sc_batm, sc->sc_bahm, 0, *p++);
1099 	}
1100 
1101 	return 0;
1102 }
1103 
1104 /* Finish transaction. */
1105 int
1106 tpm_legacy_end(struct tpm_softc *sc, int flag, int rv)
1107 {
1108 	struct timeval tv;
1109 	u_int8_t r;
1110 	int to;
1111 
1112 	if (rv || flag == UIO_READ)
1113 		bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, TPM_LEGACY_ABRT);
1114 	else {
1115 		tv.tv_sec = TPM_LEGACY_TMO;
1116 		tv.tv_usec = 0;
1117 		to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
1118 		while(((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
1119 		    TPM_LEGACY_BUSY) && to--) {
1120 			rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_end",
1121 			    TPM_LEGACY_SLEEP);
1122 			if (rv && rv != EWOULDBLOCK)
1123 				return rv;
1124 		}
1125 
1126 		if (r & TPM_LEGACY_BUSY)
1127 			return EIO;
1128 
1129 		if (r & TPM_LEGACY_RE)
1130 			return EIO;	/* XXX Retry the loop? */
1131 	}
1132 
1133 	return rv;
1134 }
1135 
1136 int
1137 tpmopen(struct cdev *dev, int flag, int mode, struct thread *td)
1138 {
1139 	struct tpm_softc *sc = TPMSOFTC(dev);
1140 
1141 	if (!sc)
1142 		return ENXIO;
1143 
1144 	if (sc->sc_flags & TPM_OPEN)
1145 		return EBUSY;
1146 
1147 	sc->sc_flags |= TPM_OPEN;
1148 
1149 	return 0;
1150 }
1151 
1152 int
1153 tpmclose(struct cdev *dev, int flag, int mode, struct thread *td)
1154 {
1155 	struct tpm_softc *sc = TPMSOFTC(dev);
1156 
1157 	if (!sc)
1158 		return ENXIO;
1159 
1160 	if (!(sc->sc_flags & TPM_OPEN))
1161 		return EINVAL;
1162 
1163 	sc->sc_flags &= ~TPM_OPEN;
1164 
1165 	return 0;
1166 }
1167 
1168 int
1169 tpmread(struct cdev *dev, struct uio *uio, int flags)
1170 {
1171 	struct tpm_softc *sc = TPMSOFTC(dev);
1172 	u_int8_t buf[TPM_BUFSIZ], *p;
1173 	size_t cnt;
1174 	int n, len, rv, s;
1175 
1176 	if (!sc)
1177 		return ENXIO;
1178 
1179 	s = spltty();
1180 	if ((rv = (sc->sc_start)(sc, UIO_READ))) {
1181 		splx(s);
1182 		return rv;
1183 	}
1184 
1185 #ifdef TPM_DEBUG
1186 	printf("tpmread: getting header\n");
1187 #endif
1188 	if ((rv = (sc->sc_read)(sc, buf, TPM_HDRSIZE, &cnt, 0))) {
1189 		(sc->sc_end)(sc, UIO_READ, rv);
1190 		splx(s);
1191 		return rv;
1192 	}
1193 
1194 	len = (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8) | buf[5];
1195 #ifdef TPM_DEBUG
1196 	printf("tpmread: len %d, io count %d\n", len, uio->uio_resid);
1197 #endif
1198 	if (len > uio->uio_resid) {
1199 		rv = EIO;
1200 		(sc->sc_end)(sc, UIO_READ, rv);
1201 #ifdef TPM_DEBUG
1202 		printf("tpmread: bad residual io count 0x%x\n", uio->uio_resid);
1203 #endif
1204 		splx(s);
1205 		return rv;
1206 	}
1207 
1208 	/* Copy out header. */
1209 	if ((rv = uiomove((caddr_t)buf, cnt, uio))) {
1210 		(sc->sc_end)(sc, UIO_READ, rv);
1211 		splx(s);
1212 		return rv;
1213 	}
1214 
1215 	/* Get remaining part of the answer (if anything is left). */
1216 	for (len -= cnt, p = buf, n = sizeof(buf); len > 0; p = buf, len -= n,
1217 	    n = sizeof(buf)) {
1218 		n = MIN(n, len);
1219 #ifdef TPM_DEBUG
1220 		printf("tpmread: n %d len %d\n", n, len);
1221 #endif
1222 		if ((rv = (sc->sc_read)(sc, p, n, NULL, TPM_PARAM_SIZE))) {
1223 			(sc->sc_end)(sc, UIO_READ, rv);
1224 			splx(s);
1225 			return rv;
1226 		}
1227 		p += n;
1228 		if ((rv = uiomove((caddr_t)buf, p - buf, uio))) {
1229 			(sc->sc_end)(sc, UIO_READ, rv);
1230 			splx(s);
1231 			return rv;
1232 		}
1233 	}
1234 
1235 	rv = (sc->sc_end)(sc, UIO_READ, rv);
1236 	splx(s);
1237 	return rv;
1238 }
1239 
1240 int
1241 tpmwrite(struct cdev *dev, struct uio *uio, int flags)
1242 {
1243 	struct tpm_softc *sc = TPMSOFTC(dev);
1244 	u_int8_t buf[TPM_BUFSIZ];
1245 	int n, rv, s;
1246 
1247 	if (!sc)
1248 		return ENXIO;
1249 
1250 	s = spltty();
1251 
1252 #ifdef TPM_DEBUG
1253 	printf("tpmwrite: io count %d\n", uio->uio_resid);
1254 #endif
1255 
1256 	n = MIN(sizeof(buf), uio->uio_resid);
1257 	if ((rv = uiomove((caddr_t)buf, n, uio))) {
1258 		splx(s);
1259 		return rv;
1260 	}
1261 
1262 	if ((rv = (sc->sc_start)(sc, UIO_WRITE))) {
1263 		splx(s);
1264 		return rv;
1265 	}
1266 
1267 	if ((rv = (sc->sc_write(sc, buf, n)))) {
1268 		splx(s);
1269 		return rv;
1270 	}
1271 
1272 	rv = (sc->sc_end)(sc, UIO_WRITE, rv);
1273 	splx(s);
1274 	return rv;
1275 }
1276 
1277 int
1278 tpmioctl(struct cdev *dev, u_long cmd, caddr_t data, int flags,
1279     struct thread *td)
1280 {
1281 	return ENOTTY;
1282 }
1283