xref: /freebsd/sys/dev/tpm/tpm.c (revision 911f0260390e18cf85f3dbf2c719b593efdc1e3c)
1 /*
2  * Copyright (c) 2008, 2009 Michael Shalayeff
3  * Copyright (c) 2009, 2010 Hans-Joerg Hoexer
4  * All rights reserved.
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
15  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
16  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 /* #define	TPM_DEBUG */
20 
21 #include <sys/cdefs.h>
22 __FBSDID("$FreeBSD$");
23 
24 #include <sys/param.h>
25 #include <sys/systm.h>
26 #include <sys/kernel.h>
27 #include <sys/malloc.h>
28 #include <sys/proc.h>
29 
30 #include <sys/module.h>
31 #include <sys/conf.h>
32 #include <sys/uio.h>
33 #include <sys/bus.h>
34 
35 #include <machine/bus.h>
36 #include <sys/rman.h>
37 #include <machine/resource.h>
38 
39 #include <machine/md_var.h>
40 
41 #include <isa/isareg.h>
42 #include <isa/isavar.h>
43 #include <dev/tpm/tpmvar.h>
44 
45 
46 #define	TPM_BUFSIZ	1024
47 
48 #define TPM_HDRSIZE	10
49 
50 #define TPM_PARAM_SIZE	0x0001
51 
52 #define IRQUNK	-1
53 
54 #define	TPM_ACCESS			0x0000	/* access register */
55 #define	TPM_ACCESS_ESTABLISHMENT	0x01	/* establishment */
56 #define	TPM_ACCESS_REQUEST_USE		0x02	/* request using locality */
57 #define	TPM_ACCESS_REQUEST_PENDING	0x04	/* pending request */
58 #define	TPM_ACCESS_SEIZE		0x08	/* request locality seize */
59 #define	TPM_ACCESS_SEIZED		0x10	/* locality has been seized */
60 #define	TPM_ACCESS_ACTIVE_LOCALITY	0x20	/* locality is active */
61 #define	TPM_ACCESS_VALID		0x80	/* bits are valid */
62 #define	TPM_ACCESS_BITS	\
63     "\020\01EST\02REQ\03PEND\04SEIZE\05SEIZED\06ACT\010VALID"
64 
65 #define	TPM_INTERRUPT_ENABLE	0x0008
66 #define	TPM_GLOBAL_INT_ENABLE	0x80000000	/* enable ints */
67 #define	TPM_CMD_READY_INT	0x00000080	/* cmd ready enable */
68 #define	TPM_INT_EDGE_FALLING	0x00000018
69 #define	TPM_INT_EDGE_RISING	0x00000010
70 #define	TPM_INT_LEVEL_LOW	0x00000008
71 #define	TPM_INT_LEVEL_HIGH	0x00000000
72 #define	TPM_LOCALITY_CHANGE_INT	0x00000004	/* locality change enable */
73 #define	TPM_STS_VALID_INT	0x00000002	/* int on TPM_STS_VALID is set */
74 #define	TPM_DATA_AVAIL_INT	0x00000001	/* int on TPM_STS_DATA_AVAIL is set */
75 #define	TPM_INTERRUPT_ENABLE_BITS \
76     "\020\040ENA\010RDY\03LOCH\02STSV\01DRDY"
77 
78 #define	TPM_INT_VECTOR		0x000c	/* 8 bit reg for 4 bit irq vector */
79 #define	TPM_INT_STATUS		0x0010	/* bits are & 0x87 from TPM_INTERRUPT_ENABLE */
80 
81 #define	TPM_INTF_CAPABILITIES		0x0014	/* capability register */
82 #define	TPM_INTF_BURST_COUNT_STATIC	0x0100	/* TPM_STS_BMASK static */
83 #define	TPM_INTF_CMD_READY_INT		0x0080	/* int on ready supported */
84 #define	TPM_INTF_INT_EDGE_FALLING	0x0040	/* falling edge ints supported */
85 #define	TPM_INTF_INT_EDGE_RISING	0x0020	/* rising edge ints supported */
86 #define	TPM_INTF_INT_LEVEL_LOW		0x0010	/* level-low ints supported */
87 #define	TPM_INTF_INT_LEVEL_HIGH		0x0008	/* level-high ints supported */
88 #define	TPM_INTF_LOCALITY_CHANGE_INT	0x0004	/* locality-change int (mb 1) */
89 #define	TPM_INTF_STS_VALID_INT		0x0002	/* TPM_STS_VALID int supported */
90 #define	TPM_INTF_DATA_AVAIL_INT		0x0001	/* TPM_STS_DATA_AVAIL int supported (mb 1) */
91 #define	TPM_CAPSREQ \
92   (TPM_INTF_DATA_AVAIL_INT|TPM_INTF_LOCALITY_CHANGE_INT|TPM_INTF_INT_LEVEL_LOW)
93 #define	TPM_CAPBITS \
94   "\020\01IDRDY\02ISTSV\03ILOCH\04IHIGH\05ILOW\06IEDGE\07IFALL\010IRDY\011BCST"
95 
96 #define	TPM_STS			0x0018		/* status register */
97 #define TPM_STS_MASK		0x000000ff	/* status bits */
98 #define	TPM_STS_BMASK		0x00ffff00	/* ro io burst size */
99 #define	TPM_STS_VALID		0x00000080	/* ro other bits are valid */
100 #define	TPM_STS_CMD_READY	0x00000040	/* rw chip/signal ready */
101 #define	TPM_STS_GO		0x00000020	/* wo start the command */
102 #define	TPM_STS_DATA_AVAIL	0x00000010	/* ro data available */
103 #define	TPM_STS_DATA_EXPECT	0x00000008	/* ro more data to be written */
104 #define	TPM_STS_RESP_RETRY	0x00000002	/* wo resend the response */
105 #define	TPM_STS_BITS	"\020\010VALID\07RDY\06GO\05DRDY\04EXPECT\02RETRY"
106 
107 #define	TPM_DATA	0x0024
108 #define	TPM_ID		0x0f00
109 #define	TPM_REV		0x0f04
110 #define	TPM_SIZE	0x5000		/* five pages of the above */
111 
112 #define	TPM_ACCESS_TMO	2000		/* 2sec */
113 #define	TPM_READY_TMO	2000		/* 2sec */
114 #define	TPM_READ_TMO	120000		/* 2 minutes */
115 #define TPM_BURST_TMO	2000		/* 2sec */
116 
117 #define	TPM_LEGACY_BUSY	0x01
118 #define	TPM_LEGACY_ABRT	0x01
119 #define	TPM_LEGACY_DA	0x02
120 #define	TPM_LEGACY_RE	0x04
121 #define	TPM_LEGACY_LAST	0x04
122 #define	TPM_LEGACY_BITS	"\020\01BUSY\2DA\3RE\4LAST"
123 #define	TPM_LEGACY_TMO		(2*60)	/* sec */
124 #define	TPM_LEGACY_SLEEP	5	/* ticks */
125 #define	TPM_LEGACY_DELAY	100
126 
127 /* Set when enabling legacy interface in host bridge. */
128 int tpm_enabled;
129 
130 #define	TPMSOFTC(dev) \
131 	((struct tpm_softc *)dev->si_drv1)
132 
133 d_open_t	tpmopen;
134 d_close_t	tpmclose;
135 d_read_t	tpmread;
136 d_write_t	tpmwrite;
137 d_ioctl_t	tpmioctl;
138 
139 static struct cdevsw tpm_cdevsw = {
140 	.d_version =	D_VERSION,
141 	.d_flags =	D_NEEDGIANT,
142 	.d_open =	tpmopen,
143 	.d_close =	tpmclose,
144 	.d_read =	tpmread,
145 	.d_write =	tpmwrite,
146 	.d_ioctl =	tpmioctl,
147 	.d_name =	"tpm",
148 };
149 
150 const struct {
151 	u_int32_t devid;
152 	char name[32];
153 	int flags;
154 #define TPM_DEV_NOINTS	0x0001
155 } tpm_devs[] = {
156 	{ 0x000615d1, "IFX SLD 9630 TT 1.1", 0 },
157 	{ 0x000b15d1, "IFX SLB 9635 TT 1.2", 0 },
158 	{ 0x100214e4, "Broadcom BCM0102", TPM_DEV_NOINTS },
159 	{ 0x00fe1050, "WEC WPCT200", 0 },
160 	{ 0x687119fa, "SNS SSX35", 0 },
161 	{ 0x2e4d5453, "STM ST19WP18", 0 },
162 	{ 0x32021114, "ATML 97SC3203", TPM_DEV_NOINTS },
163 	{ 0x10408086, "INTEL INTC0102", 0 },
164 	{ 0, "", TPM_DEV_NOINTS },
165 };
166 
167 int tpm_tis12_irqinit(struct tpm_softc *, int, int);
168 int tpm_tis12_init(struct tpm_softc *, int, const char *);
169 int tpm_tis12_start(struct tpm_softc *, int);
170 int tpm_tis12_read(struct tpm_softc *, void *, int, size_t *, int);
171 int tpm_tis12_write(struct tpm_softc *, void *, int);
172 int tpm_tis12_end(struct tpm_softc *, int, int);
173 
174 void tpm_intr(void *);
175 
176 int tpm_waitfor_poll(struct tpm_softc *, u_int8_t, int, void *);
177 int tpm_waitfor_int(struct tpm_softc *, u_int8_t, int, void *, int);
178 int tpm_waitfor(struct tpm_softc *, u_int8_t, int, void *);
179 int tpm_request_locality(struct tpm_softc *, int);
180 int tpm_getburst(struct tpm_softc *);
181 u_int8_t tpm_status(struct tpm_softc *);
182 int tpm_tmotohz(int);
183 
184 int tpm_legacy_probe(bus_space_tag_t, bus_addr_t);
185 int tpm_legacy_init(struct tpm_softc *, int, const char *);
186 int tpm_legacy_start(struct tpm_softc *, int);
187 int tpm_legacy_read(struct tpm_softc *, void *, int, size_t *, int);
188 int tpm_legacy_write(struct tpm_softc *, void *, int);
189 int tpm_legacy_end(struct tpm_softc *, int, int);
190 
191 
192 /*
193  * FreeBSD specific code for probing and attaching TPM to device tree.
194  */
195 #if 0
196 static void
197 tpm_identify(driver_t *driver, device_t parent)
198 {
199 	BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
200 }
201 #endif
202 
203 int
204 tpm_attach(device_t dev)
205 {
206 	struct tpm_softc *sc = device_get_softc(dev);
207 	int irq;
208 
209 	sc->mem_rid = 0;
210 	sc->mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
211 	    RF_ACTIVE);
212 	if (sc->mem_res == NULL)
213 		return ENXIO;
214 
215 	sc->sc_bt = rman_get_bustag(sc->mem_res);
216 	sc->sc_bh = rman_get_bushandle(sc->mem_res);
217 
218 	sc->irq_rid = 0;
219 	sc->irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
220 	    RF_ACTIVE | RF_SHAREABLE);
221 	if (sc->irq_res != NULL)
222 		irq = rman_get_start(sc->irq_res);
223 	else
224 		irq = IRQUNK;
225 
226 	/* In case PnP probe this may contain some initialization. */
227 	tpm_tis12_probe(sc->sc_bt, sc->sc_bh);
228 
229 	if (tpm_legacy_probe(sc->sc_bt, sc->sc_bh)) {
230 		sc->sc_init = tpm_legacy_init;
231 		sc->sc_start = tpm_legacy_start;
232 		sc->sc_read = tpm_legacy_read;
233 		sc->sc_write = tpm_legacy_write;
234 		sc->sc_end = tpm_legacy_end;
235 	} else {
236 		sc->sc_init = tpm_tis12_init;
237 		sc->sc_start = tpm_tis12_start;
238 		sc->sc_read = tpm_tis12_read;
239 		sc->sc_write = tpm_tis12_write;
240 		sc->sc_end = tpm_tis12_end;
241 	}
242 
243 	printf("%s", device_get_name(dev));
244 	if ((sc->sc_init)(sc, irq, "tpm")) {
245 		tpm_detach(dev);
246 		return ENXIO;
247 	}
248 
249 	if (sc->sc_init == tpm_tis12_init && sc->irq_res != NULL &&
250 	    bus_setup_intr(dev, sc->irq_res, INTR_TYPE_TTY, NULL,
251 	    tpm_intr, sc, &sc->intr_cookie) != 0) {
252 		tpm_detach(dev);
253 		printf(": cannot establish interrupt\n");
254 		return 1;
255 	}
256 
257 	sc->sc_cdev = make_dev(&tpm_cdevsw, device_get_unit(dev),
258 			    UID_ROOT, GID_WHEEL, 0600, "tpm");
259 	sc->sc_cdev->si_drv1 = sc;
260 
261 	return 0;
262 }
263 
264 int
265 tpm_detach(device_t dev)
266 {
267 	struct tpm_softc * sc = device_get_softc(dev);
268 
269 	if(sc->intr_cookie){
270 		bus_teardown_intr(dev, sc->irq_res, sc->intr_cookie);
271 	}
272 
273 	if(sc->mem_res){
274 		bus_release_resource(dev, SYS_RES_MEMORY,
275 				     sc->mem_rid, sc->mem_res);
276 	}
277 
278 	if(sc->irq_res){
279 		bus_release_resource(dev, SYS_RES_IRQ,
280 				     sc->irq_rid, sc->irq_res);
281 	}
282 	if(sc->sc_cdev){
283 		destroy_dev(sc->sc_cdev);
284 	}
285 
286 	return 0;
287 }
288 
289 
290 /* Probe TPM using TIS 1.2 interface. */
291 int
292 tpm_tis12_probe(bus_space_tag_t bt, bus_space_handle_t bh)
293 {
294 	u_int32_t r;
295 	u_int8_t save, reg;
296 
297 	r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES);
298 	if (r == 0xffffffff)
299 		return 0;
300 
301 #ifdef TPM_DEBUG
302 	printf("tpm: caps=%b\n", r, TPM_CAPBITS);
303 #endif
304 	if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
305 	    !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
306 #ifdef TPM_DEBUG
307 		printf("tpm: caps too low (caps=%b)\n", r, TPM_CAPBITS);
308 #endif
309 		return 0;
310 	}
311 
312 	save = bus_space_read_1(bt, bh, TPM_ACCESS);
313 	bus_space_write_1(bt, bh, TPM_ACCESS, TPM_ACCESS_REQUEST_USE);
314 	reg = bus_space_read_1(bt, bh, TPM_ACCESS);
315 	if ((reg & TPM_ACCESS_VALID) && (reg & TPM_ACCESS_ACTIVE_LOCALITY) &&
316 	    bus_space_read_4(bt, bh, TPM_ID) != 0xffffffff)
317 		return 1;
318 
319 	bus_space_write_1(bt, bh, TPM_ACCESS, save);
320 	return 0;
321 }
322 
323 /*
324  * Setup interrupt vector if one is provided and interrupts are know to
325  * work on that particular chip.
326  */
327 int
328 tpm_tis12_irqinit(struct tpm_softc *sc, int irq, int idx)
329 {
330 	u_int32_t r;
331 
332 	if ((irq == IRQUNK) || (tpm_devs[idx].flags & TPM_DEV_NOINTS)) {
333 		sc->sc_vector = IRQUNK;
334 		return 0;
335 	}
336 
337 	/* Ack and disable all interrupts. */
338 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
339 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
340 	    ~TPM_GLOBAL_INT_ENABLE);
341 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS,
342 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS));
343 
344 	/* Program interrupt vector. */
345 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_INT_VECTOR, irq);
346 	sc->sc_vector = irq;
347 
348 	/* Program interrupt type. */
349 	if (sc->sc_capabilities & TPM_INTF_INT_EDGE_RISING)
350 		r = TPM_INT_EDGE_RISING;
351 	else if (sc->sc_capabilities & TPM_INTF_INT_LEVEL_HIGH)
352 		r = TPM_INT_LEVEL_HIGH;
353 	else
354 		r = TPM_INT_LEVEL_LOW;
355 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, r);
356 
357 	return 0;
358 }
359 
360 /* Setup TPM using TIS 1.2 interface. */
361 int
362 tpm_tis12_init(struct tpm_softc *sc, int irq, const char *name)
363 {
364 	u_int32_t r;
365 	int i;
366 
367 	r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES);
368 #ifdef TPM_DEBUG
369 	printf(" caps=%b ", r, TPM_CAPBITS);
370 #endif
371 	if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
372 	    !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
373 		printf(": capabilities too low (caps=%b)\n", r, TPM_CAPBITS);
374 		return 1;
375 	}
376 	sc->sc_capabilities = r;
377 
378 	sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID);
379 	sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV);
380 
381 	for (i = 0; tpm_devs[i].devid; i++)
382 		if (tpm_devs[i].devid == sc->sc_devid)
383 			break;
384 
385 	if (tpm_devs[i].devid)
386 		printf(": %s rev 0x%x\n", tpm_devs[i].name, sc->sc_rev);
387 	else
388 		printf(": device 0x%08x rev 0x%x\n", sc->sc_devid, sc->sc_rev);
389 
390 	if (tpm_tis12_irqinit(sc, irq, i))
391 		return 1;
392 
393 	if (tpm_request_locality(sc, 0))
394 		return 1;
395 
396 	/* Abort whatever it thought it was doing. */
397 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
398 
399 	return 0;
400 }
401 
402 int
403 tpm_request_locality(struct tpm_softc *sc, int l)
404 {
405 	u_int32_t r;
406 	int to, rv;
407 
408 	if (l != 0)
409 		return EINVAL;
410 
411 	if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
412 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) ==
413 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY))
414 		return 0;
415 
416 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS,
417 	    TPM_ACCESS_REQUEST_USE);
418 
419 	to = tpm_tmotohz(TPM_ACCESS_TMO);
420 
421 	while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
422 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
423 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) {
424 		rv = tsleep(sc->sc_init, PRIBIO | PCATCH, "tpm_locality", 1);
425 		if (rv &&  rv != EWOULDBLOCK) {
426 #ifdef TPM_DEBUG
427 			printf("tpm_request_locality: interrupted %d\n", rv);
428 #endif
429 			return rv;
430 		}
431 	}
432 
433 	if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
434 	    (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) {
435 #ifdef TPM_DEBUG
436 		printf("tpm_request_locality: access %b\n", r, TPM_ACCESS_BITS);
437 #endif
438 		return EBUSY;
439 	}
440 
441 	return 0;
442 }
443 
444 int
445 tpm_getburst(struct tpm_softc *sc)
446 {
447 	int burst, to, rv;
448 
449 	to = tpm_tmotohz(TPM_BURST_TMO);
450 
451 	burst = 0;
452 	while (burst == 0 && to--) {
453 		/*
454 		 * Burst count has to be read from bits 8 to 23 without
455 		 * touching any other bits, eg. the actual status bits 0
456 		 * to 7.
457 		 */
458 		burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1);
459 		burst |= bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2)
460 		    << 8;
461 #ifdef TPM_DEBUG
462 		printf("tpm_getburst: read %d\n", burst);
463 #endif
464 		if (burst)
465 			return burst;
466 
467 		rv = tsleep(sc, PRIBIO | PCATCH, "tpm_getburst", 1);
468 		if (rv && rv != EWOULDBLOCK) {
469 			return 0;
470 		}
471 	}
472 
473 	return 0;
474 }
475 
476 u_int8_t
477 tpm_status(struct tpm_softc *sc)
478 {
479 	u_int8_t status;
480 
481 	status = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) &
482 	    TPM_STS_MASK;
483 
484 	return status;
485 }
486 
487 int
488 tpm_tmotohz(int tmo)
489 {
490 	struct timeval tv;
491 
492 	tv.tv_sec = tmo / 1000;
493 	tv.tv_usec = 1000 * (tmo % 1000);
494 
495 	return tvtohz(&tv);
496 }
497 
498 /* Save TPM state on suspend. */
499 int
500 tpm_suspend(device_t dev)
501 {
502 	struct tpm_softc *sc = device_get_softc(dev);
503 	int why = 1;
504 	u_int8_t command[] = {
505 	    0, 193,		/* TPM_TAG_RQU_COMMAND */
506 	    0, 0, 0, 10,	/* Length in bytes */
507 	    0, 0, 0, 156	/* TPM_ORD_SaveStates */
508 	};
509 
510 	/*
511 	 * Power down:  We have to issue the SaveStates command.
512 	 */
513 	sc->sc_write(sc, &command, sizeof(command));
514 	sc->sc_read(sc, &command, sizeof(command), NULL, TPM_HDRSIZE);
515 #ifdef TPM_DEBUG
516 	printf("tpm_suspend: power down: %d -> %d\n", sc->sc_suspend, why);
517 #endif
518 	sc->sc_suspend = why;
519 
520 	return 0;
521 }
522 
523 /*
524  * Handle resume event.  Actually nothing to do as the BIOS is supposed
525  * to restore the previously saved state.
526  */
527 int
528 tpm_resume(device_t dev)
529 {
530 	struct tpm_softc *sc = device_get_softc(dev);
531 	int why = 0;
532 #ifdef TPM_DEBUG
533 	printf("tpm_resume: resume: %d -> %d\n", sc->sc_suspend, why);
534 #endif
535 	sc->sc_suspend = why;
536 
537 	return 0;
538 }
539 
540 /* Dispatch suspend and resume events. */
541 
542 /* Wait for given status bits using polling. */
543 int
544 tpm_waitfor_poll(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c)
545 {
546 	int rv;
547 
548 	/*
549 	 * Poll until either the requested condition or a time out is
550 	 * met.
551 	 */
552 	while (((sc->sc_stat = tpm_status(sc)) & mask) != mask && tmo--) {
553 		rv = tsleep(c, PRIBIO | PCATCH, "tpm_poll", 1);
554 		if (rv && rv != EWOULDBLOCK) {
555 #ifdef TPM_DEBUG
556 			printf("tpm_waitfor_poll: interrupted %d\n", rv);
557 #endif
558 			return rv;
559 		}
560 	}
561 
562 	return 0;
563 }
564 
565 /* Wait for given status bits using interrupts. */
566 int
567 tpm_waitfor_int(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c,
568     int inttype)
569 {
570 	int rv, to;
571 
572 	/* Poll and return when condition is already met. */
573 	sc->sc_stat = tpm_status(sc);
574 	if ((sc->sc_stat & mask) == mask)
575 		return 0;
576 
577 	/*
578 	 * Enable interrupt on tpm chip.  Note that interrupts on our
579 	 * level (SPL_TTY) are disabled (see tpm{read,write} et al) and
580 	 * will not be delivered to the cpu until we call tsleep(9) below.
581 	 */
582 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
583 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
584 	    inttype);
585 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
586 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
587 	    TPM_GLOBAL_INT_ENABLE);
588 
589 	/*
590 	 * Poll once more to remedy the race between previous polling
591 	 * and enabling interrupts on the tpm chip.
592 	 */
593 	sc->sc_stat = tpm_status(sc);
594 	if ((sc->sc_stat & mask) == mask) {
595 		rv = 0;
596 		goto out;
597 	}
598 
599 	to = tpm_tmotohz(tmo);
600 #ifdef TPM_DEBUG
601 	printf("tpm_waitfor_int: sleeping for %d ticks on %p\n", to, c);
602 #endif
603 	/*
604 	 * tsleep(9) enables interrupts on the cpu and returns after
605 	 * wake up with interrupts disabled again.  Note that interrupts
606 	 * generated by the tpm chip while being at SPL_TTY are not lost
607 	 * but held and delivered as soon as the cpu goes below SPL_TTY.
608 	 */
609 	rv = tsleep(c, PRIBIO | PCATCH, "tpm_intr", to);
610 
611 	sc->sc_stat = tpm_status(sc);
612 #ifdef TPM_DEBUG
613 	printf("tpm_waitfor_int: woke up with rv %d stat %b\n", rv,
614 	    sc->sc_stat, TPM_STS_BITS);
615 #endif
616 	if ((sc->sc_stat & mask) == mask)
617 		rv = 0;
618 
619 	/* Disable interrupts on tpm chip again. */
620 out:	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
621 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
622 	    ~TPM_GLOBAL_INT_ENABLE);
623 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
624 	    bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
625 	    ~inttype);
626 
627 	return rv;
628 }
629 
630 /*
631  * Wait on given status bits, uses interrupts where possible, otherwise polls.
632  */
633 int
634 tpm_waitfor(struct tpm_softc *sc, u_int8_t b0, int tmo, void *c)
635 {
636 	u_int8_t b;
637 	int re, to, rv;
638 
639 #ifdef TPM_DEBUG
640 	printf("tpm_waitfor: b0 %b\n", b0, TPM_STS_BITS);
641 #endif
642 
643 	/*
644 	 * If possible, use interrupts, otherwise poll.
645 	 *
646 	 * We use interrupts for TPM_STS_VALID and TPM_STS_DATA_AVAIL (if
647 	 * the tpm chips supports them) as waiting for those can take
648 	 * really long.  The other TPM_STS* are not needed very often
649 	 * so we do not support them.
650 	 */
651 	if (sc->sc_vector != IRQUNK) {
652 		b = b0;
653 
654 		/*
655 		 * Wait for data ready.  This interrupt only occurs
656 		 * when both TPM_STS_VALID and TPM_STS_DATA_AVAIL are asserted.
657 		 * Thus we don't have to bother with TPM_STS_VALID
658 		 * separately and can just return.
659 		 *
660 		 * This only holds for interrupts!  When using polling
661 		 * both flags have to be waited for, see below.
662 		 */
663 		if ((b & TPM_STS_DATA_AVAIL) && (sc->sc_capabilities &
664 		    TPM_INTF_DATA_AVAIL_INT))
665 			return tpm_waitfor_int(sc, b, tmo, c,
666 			    TPM_DATA_AVAIL_INT);
667 
668 		/* Wait for status valid bit. */
669 		if ((b & TPM_STS_VALID) && (sc->sc_capabilities &
670 		    TPM_INTF_STS_VALID_INT)) {
671 			rv = tpm_waitfor_int(sc, b, tmo, c, TPM_STS_VALID_INT);
672 			if (rv != 0)
673 				return rv;
674 			else
675 				b = b0 & ~TPM_STS_VALID;
676 		}
677 
678 		/*
679 		 * When all flags are taken care of, return.  Otherwise
680 		 * use polling for eg. TPM_STS_CMD_READY.
681 		 */
682 		if (b == 0)
683 			return 0;
684 	}
685 
686 	re = 3;
687 restart:
688 	/*
689 	 * If requested wait for TPM_STS_VALID before dealing with
690 	 * any other flag.  Eg. when both TPM_STS_DATA_AVAIL and TPM_STS_VALID
691 	 * are requested, wait for the latter first.
692 	 */
693 	b = b0;
694 	if (b0 & TPM_STS_VALID)
695 		b = TPM_STS_VALID;
696 
697 	to = tpm_tmotohz(tmo);
698 again:
699 	if ((rv = tpm_waitfor_poll(sc, b, to, c)) != 0)
700 		return rv;
701 
702 	if ((b & sc->sc_stat) == TPM_STS_VALID) {
703 		/* Now wait for other flags. */
704 		b = b0 & ~TPM_STS_VALID;
705 		to++;
706 		goto again;
707 	}
708 
709 	if ((sc->sc_stat & b) != b) {
710 #ifdef TPM_DEBUG
711 		printf("tpm_waitfor: timeout: stat=%b b=%b\n",
712 		    sc->sc_stat, TPM_STS_BITS, b, TPM_STS_BITS);
713 #endif
714 		if (re-- && (b0 & TPM_STS_VALID)) {
715 			bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
716 			    TPM_STS_RESP_RETRY);
717 			goto restart;
718 		}
719 		return EIO;
720 	}
721 
722 	return 0;
723 }
724 
725 /* Start transaction. */
726 int
727 tpm_tis12_start(struct tpm_softc *sc, int flag)
728 {
729 	int rv;
730 
731 	if (flag == UIO_READ) {
732 		rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
733 		    TPM_READ_TMO, sc->sc_read);
734 		return rv;
735 	}
736 
737 	/* Own our (0th) locality. */
738 	if ((rv = tpm_request_locality(sc, 0)) != 0)
739 		return rv;
740 
741 	sc->sc_stat = tpm_status(sc);
742 	if (sc->sc_stat & TPM_STS_CMD_READY) {
743 #ifdef TPM_DEBUG
744 		printf("tpm_tis12_start: UIO_WRITE status %b\n", sc->sc_stat,
745 		   TPM_STS_BITS);
746 #endif
747 		return 0;
748 	}
749 
750 #ifdef TPM_DEBUG
751 	printf("tpm_tis12_start: UIO_WRITE readying chip\n");
752 #endif
753 
754 	/* Abort previous and restart. */
755 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
756 	if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READY_TMO,
757 	    sc->sc_write))) {
758 #ifdef TPM_DEBUG
759 		printf("tpm_tis12_start: UIO_WRITE readying failed %d\n", rv);
760 #endif
761 		return rv;
762 	}
763 
764 #ifdef TPM_DEBUG
765 	printf("tpm_tis12_start: UIO_WRITE readying done\n");
766 #endif
767 
768 	return 0;
769 }
770 
771 int
772 tpm_tis12_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
773     int flags)
774 {
775 	u_int8_t *p = buf;
776 	size_t cnt;
777 	int rv, n, bcnt;
778 
779 #ifdef TPM_DEBUG
780 	printf("tpm_tis12_read: len %d\n", len);
781 #endif
782 	cnt = 0;
783 	while (len > 0) {
784 		if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
785 		    TPM_READ_TMO, sc->sc_read)))
786 			return rv;
787 
788 		bcnt = tpm_getburst(sc);
789 		n = MIN(len, bcnt);
790 #ifdef TPM_DEBUG
791 		printf("tpm_tis12_read: fetching %d, burst is %d\n", n, bcnt);
792 #endif
793 		for (; n--; len--) {
794 			*p++ = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA);
795 			cnt++;
796 		}
797 
798 		if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6)
799 			break;
800 	}
801 #ifdef TPM_DEBUG
802 	printf("tpm_tis12_read: read %zd bytes, len %d\n", cnt, len);
803 #endif
804 
805 	if (count)
806 		*count = cnt;
807 
808 	return 0;
809 }
810 
811 int
812 tpm_tis12_write(struct tpm_softc *sc, void *buf, int len)
813 {
814 	u_int8_t *p = buf;
815 	size_t cnt;
816 	int rv, r;
817 
818 #ifdef TPM_DEBUG
819 	printf("tpm_tis12_write: sc %p buf %p len %d\n", sc, buf, len);
820 #endif
821 
822 	if ((rv = tpm_request_locality(sc, 0)) != 0)
823 		return rv;
824 
825 	cnt = 0;
826 	while (cnt < len - 1) {
827 		for (r = tpm_getburst(sc); r > 0 && cnt < len - 1; r--) {
828 			bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
829 			cnt++;
830 		}
831 		if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
832 #ifdef TPM_DEBUG
833 			printf("tpm_tis12_write: failed burst rv %d\n", rv);
834 #endif
835 			return rv;
836 		}
837 		sc->sc_stat = tpm_status(sc);
838 		if (!(sc->sc_stat & TPM_STS_DATA_EXPECT)) {
839 #ifdef TPM_DEBUG
840 			printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
841 			    sc->sc_stat, TPM_STS_BITS);
842 #endif
843 			return EIO;
844 		}
845 	}
846 
847 	bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
848 	cnt++;
849 
850 	if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
851 #ifdef TPM_DEBUG
852 		printf("tpm_tis12_write: failed last byte rv %d\n", rv);
853 #endif
854 		return rv;
855 	}
856 	if ((sc->sc_stat & TPM_STS_DATA_EXPECT) != 0) {
857 #ifdef TPM_DEBUG
858 		printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
859 		    sc->sc_stat, TPM_STS_BITS);
860 #endif
861 		return EIO;
862 	}
863 
864 #ifdef TPM_DEBUG
865 	printf("tpm_tis12_write: wrote %d byte\n", cnt);
866 #endif
867 
868 	return 0;
869 }
870 
871 /* Finish transaction. */
872 int
873 tpm_tis12_end(struct tpm_softc *sc, int flag, int err)
874 {
875 	int rv = 0;
876 
877 	if (flag == UIO_READ) {
878 		if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO,
879 		    sc->sc_read)))
880 			return rv;
881 
882 		/* Still more data? */
883 		sc->sc_stat = tpm_status(sc);
884 		if (!err && ((sc->sc_stat & TPM_STS_DATA_AVAIL) == TPM_STS_DATA_AVAIL)) {
885 #ifdef TPM_DEBUG
886 			printf("tpm_tis12_end: read failed stat=%b\n",
887 			    sc->sc_stat, TPM_STS_BITS);
888 #endif
889 			rv = EIO;
890 		}
891 
892 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
893 		    TPM_STS_CMD_READY);
894 
895 		/* Release our (0th) locality. */
896 		bus_space_write_1(sc->sc_bt, sc->sc_bh,TPM_ACCESS,
897 		    TPM_ACCESS_ACTIVE_LOCALITY);
898 	} else {
899 		/* Hungry for more? */
900 		sc->sc_stat = tpm_status(sc);
901 		if (!err && (sc->sc_stat & TPM_STS_DATA_EXPECT)) {
902 #ifdef TPM_DEBUG
903 			printf("tpm_tis12_end: write failed stat=%b\n",
904 			    sc->sc_stat, TPM_STS_BITS);
905 #endif
906 			rv = EIO;
907 		}
908 
909 		bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
910 		    err ? TPM_STS_CMD_READY : TPM_STS_GO);
911 	}
912 
913 	return rv;
914 }
915 
916 void
917 tpm_intr(void *v)
918 {
919 	struct tpm_softc *sc = v;
920 	u_int32_t r;
921 #ifdef TPM_DEBUG
922 	static int cnt = 0;
923 #endif
924 
925 	r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS);
926 #ifdef TPM_DEBUG
927 	if (r != 0)
928 		printf("tpm_intr: int=%b (%d)\n", r, TPM_INTERRUPT_ENABLE_BITS,
929 		    cnt);
930 	else
931 		cnt++;
932 #endif
933 	if (!(r & (TPM_CMD_READY_INT | TPM_LOCALITY_CHANGE_INT |
934 	    TPM_STS_VALID_INT | TPM_DATA_AVAIL_INT)))
935 		return;
936 	if (r & TPM_STS_VALID_INT)
937 		wakeup(sc);
938 
939 	if (r & TPM_CMD_READY_INT)
940 		wakeup(sc->sc_write);
941 
942 	if (r & TPM_DATA_AVAIL_INT)
943 		wakeup(sc->sc_read);
944 
945 	if (r & TPM_LOCALITY_CHANGE_INT)
946 		wakeup(sc->sc_init);
947 
948 	bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, r);
949 
950 	return;
951 }
952 
953 /* Read single byte using legacy interface. */
954 static inline u_int8_t
955 tpm_legacy_in(bus_space_tag_t iot, bus_space_handle_t ioh, int reg)
956 {
957 	bus_space_write_1(iot, ioh, 0, reg);
958 	return bus_space_read_1(iot, ioh, 1);
959 }
960 
961 #if 0
962 /* Write single byte using legacy interface. */
963 static inline void
964 tpm_legacy_out(bus_space_tag_t iot, bus_space_handle_t ioh, int reg, u_int8_t v)
965 {
966 	bus_space_write_1(iot, ioh, 0, reg);
967 	bus_space_write_1(iot, ioh, 1, v);
968 }
969 #endif
970 
971 /* Probe for TPM using legacy interface. */
972 int
973 tpm_legacy_probe(bus_space_tag_t iot, bus_addr_t iobase)
974 {
975 	bus_space_handle_t ioh;
976 	u_int8_t r, v;
977 	int i, rv = 0;
978 	char id[8];
979 
980 	if (!tpm_enabled || iobase == -1)
981 		return 0;
982 
983 	if (bus_space_map(iot, iobase, 2, 0, &ioh))
984 		return 0;
985 
986 	v = bus_space_read_1(iot, ioh, 0);
987 	if (v == 0xff) {
988 		bus_space_unmap(iot, ioh, 2);
989 		return 0;
990 	}
991 	r = bus_space_read_1(iot, ioh, 1);
992 
993 	for (i = sizeof(id); i--; )
994 		id[i] = tpm_legacy_in(iot, ioh, TPM_ID + i);
995 
996 #ifdef TPM_DEBUG
997 	printf("tpm_legacy_probe %.4s %d.%d.%d.%d\n",
998 	    &id[4], id[0], id[1], id[2], id[3]);
999 #endif
1000 	/*
1001 	 * The only chips using the legacy interface we are aware of are
1002 	 * by Atmel.  For other chips more signature would have to be added.
1003 	 */
1004 	if (!bcmp(&id[4], "ATML", 4))
1005 		rv = 1;
1006 
1007 	if (!rv) {
1008 		bus_space_write_1(iot, ioh, r, 1);
1009 		bus_space_write_1(iot, ioh, v, 0);
1010 	}
1011 	bus_space_unmap(iot, ioh, 2);
1012 
1013 	return rv;
1014 }
1015 
1016 /* Setup TPM using legacy interface. */
1017 int
1018 tpm_legacy_init(struct tpm_softc *sc, int irq, const char *name)
1019 {
1020 	char id[8];
1021 	int i;
1022 
1023 	if ((i = bus_space_map(sc->sc_batm, tpm_enabled, 2, 0, &sc->sc_bahm))) {
1024 		printf(": cannot map tpm registers (%d)\n", i);
1025 		tpm_enabled = 0;
1026 		return 1;
1027 	}
1028 
1029 	for (i = sizeof(id); i--; )
1030 		id[i] = tpm_legacy_in(sc->sc_bt, sc->sc_bh, TPM_ID + i);
1031 
1032 	printf(": %.4s %d.%d @0x%x\n", &id[4], id[0], id[1], tpm_enabled);
1033 	tpm_enabled = 0;
1034 
1035 	return 0;
1036 }
1037 
1038 /* Start transaction. */
1039 int
1040 tpm_legacy_start(struct tpm_softc *sc, int flag)
1041 {
1042 	struct timeval tv;
1043 	u_int8_t bits, r;
1044 	int to, rv;
1045 
1046 	bits = flag == UIO_READ ? TPM_LEGACY_DA : 0;
1047 	tv.tv_sec = TPM_LEGACY_TMO;
1048 	tv.tv_usec = 0;
1049 	to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
1050 	while (((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
1051 	    (TPM_LEGACY_BUSY|bits)) != bits && to--) {
1052 		rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_start",
1053 		    TPM_LEGACY_SLEEP);
1054 		if (rv && rv != EWOULDBLOCK)
1055 			return rv;
1056 	}
1057 
1058 	if ((r & (TPM_LEGACY_BUSY|bits)) != bits)
1059 		return EIO;
1060 
1061 	return 0;
1062 }
1063 
1064 int
1065 tpm_legacy_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
1066     int flags)
1067 {
1068 	u_int8_t *p;
1069 	size_t cnt;
1070 	int to, rv;
1071 
1072 	cnt = rv = 0;
1073 	for (p = buf; !rv && len > 0; len--) {
1074 		for (to = 1000;
1075 		    !(bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1) &
1076 		    TPM_LEGACY_DA); DELAY(1))
1077 			if (!to--)
1078 				return EIO;
1079 
1080 		DELAY(TPM_LEGACY_DELAY);
1081 		*p++ = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 0);
1082 		cnt++;
1083 	}
1084 
1085 	*count = cnt;
1086 	return 0;
1087 }
1088 
1089 int
1090 tpm_legacy_write(struct tpm_softc *sc, void *buf, int len)
1091 {
1092 	u_int8_t *p;
1093 	int n;
1094 
1095 	for (p = buf, n = len; n--; DELAY(TPM_LEGACY_DELAY)) {
1096 		if (!n && len != TPM_BUFSIZ) {
1097 			bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1,
1098 			    TPM_LEGACY_LAST);
1099 			DELAY(TPM_LEGACY_DELAY);
1100 		}
1101 		bus_space_write_1(sc->sc_batm, sc->sc_bahm, 0, *p++);
1102 	}
1103 
1104 	return 0;
1105 }
1106 
1107 /* Finish transaction. */
1108 int
1109 tpm_legacy_end(struct tpm_softc *sc, int flag, int rv)
1110 {
1111 	struct timeval tv;
1112 	u_int8_t r;
1113 	int to;
1114 
1115 	if (rv || flag == UIO_READ)
1116 		bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, TPM_LEGACY_ABRT);
1117 	else {
1118 		tv.tv_sec = TPM_LEGACY_TMO;
1119 		tv.tv_usec = 0;
1120 		to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
1121 		while(((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
1122 		    TPM_LEGACY_BUSY) && to--) {
1123 			rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_end",
1124 			    TPM_LEGACY_SLEEP);
1125 			if (rv && rv != EWOULDBLOCK)
1126 				return rv;
1127 		}
1128 
1129 		if (r & TPM_LEGACY_BUSY)
1130 			return EIO;
1131 
1132 		if (r & TPM_LEGACY_RE)
1133 			return EIO;	/* XXX Retry the loop? */
1134 	}
1135 
1136 	return rv;
1137 }
1138 
1139 int
1140 tpmopen(struct cdev *dev, int flag, int mode, struct thread *td)
1141 {
1142 	struct tpm_softc *sc = TPMSOFTC(dev);
1143 
1144 	if (!sc)
1145 		return ENXIO;
1146 
1147 	if (sc->sc_flags & TPM_OPEN)
1148 		return EBUSY;
1149 
1150 	sc->sc_flags |= TPM_OPEN;
1151 
1152 	return 0;
1153 }
1154 
1155 int
1156 tpmclose(struct cdev *dev, int flag, int mode, struct thread *td)
1157 {
1158 	struct tpm_softc *sc = TPMSOFTC(dev);
1159 
1160 	if (!sc)
1161 		return ENXIO;
1162 
1163 	if (!(sc->sc_flags & TPM_OPEN))
1164 		return EINVAL;
1165 
1166 	sc->sc_flags &= ~TPM_OPEN;
1167 
1168 	return 0;
1169 }
1170 
1171 int
1172 tpmread(struct cdev *dev, struct uio *uio, int flags)
1173 {
1174 	struct tpm_softc *sc = TPMSOFTC(dev);
1175 	u_int8_t buf[TPM_BUFSIZ], *p;
1176 	size_t cnt;
1177 	int n, len, rv, s;
1178 
1179 	if (!sc)
1180 		return ENXIO;
1181 
1182 	s = spltty();
1183 	if ((rv = (sc->sc_start)(sc, UIO_READ))) {
1184 		splx(s);
1185 		return rv;
1186 	}
1187 
1188 #ifdef TPM_DEBUG
1189 	printf("tpmread: getting header\n");
1190 #endif
1191 	if ((rv = (sc->sc_read)(sc, buf, TPM_HDRSIZE, &cnt, 0))) {
1192 		(sc->sc_end)(sc, UIO_READ, rv);
1193 		splx(s);
1194 		return rv;
1195 	}
1196 
1197 	len = (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8) | buf[5];
1198 #ifdef TPM_DEBUG
1199 	printf("tpmread: len %d, io count %d\n", len, uio->uio_resid);
1200 #endif
1201 	if (len > uio->uio_resid) {
1202 		rv = EIO;
1203 		(sc->sc_end)(sc, UIO_READ, rv);
1204 #ifdef TPM_DEBUG
1205 		printf("tpmread: bad residual io count 0x%x\n", uio->uio_resid);
1206 #endif
1207 		splx(s);
1208 		return rv;
1209 	}
1210 
1211 	/* Copy out header. */
1212 	if ((rv = uiomove((caddr_t)buf, cnt, uio))) {
1213 		(sc->sc_end)(sc, UIO_READ, rv);
1214 		splx(s);
1215 		return rv;
1216 	}
1217 
1218 	/* Get remaining part of the answer (if anything is left). */
1219 	for (len -= cnt, p = buf, n = sizeof(buf); len > 0; p = buf, len -= n,
1220 	    n = sizeof(buf)) {
1221 		n = MIN(n, len);
1222 #ifdef TPM_DEBUG
1223 		printf("tpmread: n %d len %d\n", n, len);
1224 #endif
1225 		if ((rv = (sc->sc_read)(sc, p, n, NULL, TPM_PARAM_SIZE))) {
1226 			(sc->sc_end)(sc, UIO_READ, rv);
1227 			splx(s);
1228 			return rv;
1229 		}
1230 		p += n;
1231 		if ((rv = uiomove((caddr_t)buf, p - buf, uio))) {
1232 			(sc->sc_end)(sc, UIO_READ, rv);
1233 			splx(s);
1234 			return rv;
1235 		}
1236 	}
1237 
1238 	rv = (sc->sc_end)(sc, UIO_READ, rv);
1239 	splx(s);
1240 	return rv;
1241 }
1242 
1243 int
1244 tpmwrite(struct cdev *dev, struct uio *uio, int flags)
1245 {
1246 	struct tpm_softc *sc = TPMSOFTC(dev);
1247 	u_int8_t buf[TPM_BUFSIZ];
1248 	int n, rv, s;
1249 
1250 	if (!sc)
1251 		return ENXIO;
1252 
1253 	s = spltty();
1254 
1255 #ifdef TPM_DEBUG
1256 	printf("tpmwrite: io count %d\n", uio->uio_resid);
1257 #endif
1258 
1259 	n = MIN(sizeof(buf), uio->uio_resid);
1260 	if ((rv = uiomove((caddr_t)buf, n, uio))) {
1261 		splx(s);
1262 		return rv;
1263 	}
1264 
1265 	if ((rv = (sc->sc_start)(sc, UIO_WRITE))) {
1266 		splx(s);
1267 		return rv;
1268 	}
1269 
1270 	if ((rv = (sc->sc_write(sc, buf, n)))) {
1271 		splx(s);
1272 		return rv;
1273 	}
1274 
1275 	rv = (sc->sc_end)(sc, UIO_WRITE, rv);
1276 	splx(s);
1277 	return rv;
1278 }
1279 
1280 int
1281 tpmioctl(struct cdev *dev, u_long cmd, caddr_t data, int flags,
1282     struct thread *td)
1283 {
1284 	return ENOTTY;
1285 }
1286