xref: /linux/drivers/char/tpm/tpm_infineon.c (revision 13abf8130139c2ccd4962a7e5a8902be5e6cb5a7) 
1 /*
2  * Description:
3  * Device Driver for the Infineon Technologies
4  * SLD 9630 TT 1.1 and SLB 9635 TT 1.2 Trusted Platform Module
5  * Specifications at www.trustedcomputinggroup.org
6  *
7  * Copyright (C) 2005, Marcel Selhorst <selhorst@crypto.rub.de>
8  * Applied Data Security Group, Ruhr-University Bochum, Germany
9  * Project-Homepage: http://www.prosec.rub.de/tpm
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License as
13  * published by the Free Software Foundation, version 2 of the
14  * License.
15  */
16 
17 #include <linux/pnp.h>
18 #include "tpm.h"
19 
20 /* Infineon specific definitions */
21 /* maximum number of WTX-packages */
22 #define	TPM_MAX_WTX_PACKAGES 	50
23 /* msleep-Time for WTX-packages */
24 #define	TPM_WTX_MSLEEP_TIME 	20
25 /* msleep-Time --> Interval to check status register */
26 #define	TPM_MSLEEP_TIME 	3
27 /* gives number of max. msleep()-calls before throwing timeout */
28 #define	TPM_MAX_TRIES		5000
29 #define	TPM_INFINEON_DEV_VEN_VALUE	0x15D1
30 
31 /* These values will be filled after PnP-call */
32 static int TPM_INF_DATA = 0;
33 static int TPM_INF_ADDR = 0;
34 static int pnp_registered = 0;
35 
36 /* TPM header definitions */
37 enum infineon_tpm_header {
38 	TPM_VL_VER = 0x01,
39 	TPM_VL_CHANNEL_CONTROL = 0x07,
40 	TPM_VL_CHANNEL_PERSONALISATION = 0x0A,
41 	TPM_VL_CHANNEL_TPM = 0x0B,
42 	TPM_VL_CONTROL = 0x00,
43 	TPM_INF_NAK = 0x15,
44 	TPM_CTRL_WTX = 0x10,
45 	TPM_CTRL_WTX_ABORT = 0x18,
46 	TPM_CTRL_WTX_ABORT_ACK = 0x18,
47 	TPM_CTRL_ERROR = 0x20,
48 	TPM_CTRL_CHAININGACK = 0x40,
49 	TPM_CTRL_CHAINING = 0x80,
50 	TPM_CTRL_DATA = 0x04,
51 	TPM_CTRL_DATA_CHA = 0x84,
52 	TPM_CTRL_DATA_CHA_ACK = 0xC4
53 };
54 
55 enum infineon_tpm_register {
56 	WRFIFO = 0x00,
57 	RDFIFO = 0x01,
58 	STAT = 0x02,
59 	CMD = 0x03
60 };
61 
62 enum infineon_tpm_command_bits {
63 	CMD_DIS = 0x00,
64 	CMD_LP = 0x01,
65 	CMD_RES = 0x02,
66 	CMD_IRQC = 0x06
67 };
68 
69 enum infineon_tpm_status_bits {
70 	STAT_XFE = 0x00,
71 	STAT_LPA = 0x01,
72 	STAT_FOK = 0x02,
73 	STAT_TOK = 0x03,
74 	STAT_IRQA = 0x06,
75 	STAT_RDA = 0x07
76 };
77 
78 /* some outgoing values */
79 enum infineon_tpm_values {
80 	CHIP_ID1 = 0x20,
81 	CHIP_ID2 = 0x21,
82 	TPM_DAR = 0x30,
83 	RESET_LP_IRQC_DISABLE = 0x41,
84 	ENABLE_REGISTER_PAIR = 0x55,
85 	IOLIMH = 0x60,
86 	IOLIML = 0x61,
87 	DISABLE_REGISTER_PAIR = 0xAA,
88 	IDVENL = 0xF1,
89 	IDVENH = 0xF2,
90 	IDPDL = 0xF3,
91 	IDPDH = 0xF4
92 };
93 
94 static int number_of_wtx;
95 
96 static int empty_fifo(struct tpm_chip *chip, int clear_wrfifo)
97 {
98 	int status;
99 	int check = 0;
100 	int i;
101 
102 	if (clear_wrfifo) {
103 		for (i = 0; i < 4096; i++) {
104 			status = inb(chip->vendor->base + WRFIFO);
105 			if (status == 0xff) {
106 				if (check == 5)
107 					break;
108 				else
109 					check++;
110 			}
111 		}
112 	}
113 	/* Note: The values which are currently in the FIFO of the TPM
114 	   are thrown away since there is no usage for them. Usually,
115 	   this has nothing to say, since the TPM will give its answer
116 	   immediately or will be aborted anyway, so the data here is
117 	   usually garbage and useless.
118 	   We have to clean this, because the next communication with
119 	   the TPM would be rubbish, if there is still some old data
120 	   in the Read FIFO.
121 	 */
122 	i = 0;
123 	do {
124 		status = inb(chip->vendor->base + RDFIFO);
125 		status = inb(chip->vendor->base + STAT);
126 		i++;
127 		if (i == TPM_MAX_TRIES)
128 			return -EIO;
129 	} while ((status & (1 << STAT_RDA)) != 0);
130 	return 0;
131 }
132 
133 static int wait(struct tpm_chip *chip, int wait_for_bit)
134 {
135 	int status;
136 	int i;
137 	for (i = 0; i < TPM_MAX_TRIES; i++) {
138 		status = inb(chip->vendor->base + STAT);
139 		/* check the status-register if wait_for_bit is set */
140 		if (status & 1 << wait_for_bit)
141 			break;
142 		msleep(TPM_MSLEEP_TIME);
143 	}
144 	if (i == TPM_MAX_TRIES) {	/* timeout occurs */
145 		if (wait_for_bit == STAT_XFE)
146 			dev_err(&chip->pci_dev->dev,
147 				"Timeout in wait(STAT_XFE)\n");
148 		if (wait_for_bit == STAT_RDA)
149 			dev_err(&chip->pci_dev->dev,
150 				"Timeout in wait(STAT_RDA)\n");
151 		return -EIO;
152 	}
153 	return 0;
154 };
155 
156 static void wait_and_send(struct tpm_chip *chip, u8 sendbyte)
157 {
158 	wait(chip, STAT_XFE);
159 	outb(sendbyte, chip->vendor->base + WRFIFO);
160 }
161 
162     /* Note: WTX means Waiting-Time-Extension. Whenever the TPM needs more
163        calculation time, it sends a WTX-package, which has to be acknowledged
164        or aborted. This usually occurs if you are hammering the TPM with key
165        creation. Set the maximum number of WTX-packages in the definitions
166        above, if the number is reached, the waiting-time will be denied
167        and the TPM command has to be resend.
168      */
169 
170 static void tpm_wtx(struct tpm_chip *chip)
171 {
172 	number_of_wtx++;
173 	dev_info(&chip->pci_dev->dev, "Granting WTX (%02d / %02d)\n",
174 		 number_of_wtx, TPM_MAX_WTX_PACKAGES);
175 	wait_and_send(chip, TPM_VL_VER);
176 	wait_and_send(chip, TPM_CTRL_WTX);
177 	wait_and_send(chip, 0x00);
178 	wait_and_send(chip, 0x00);
179 	msleep(TPM_WTX_MSLEEP_TIME);
180 }
181 
182 static void tpm_wtx_abort(struct tpm_chip *chip)
183 {
184 	dev_info(&chip->pci_dev->dev, "Aborting WTX\n");
185 	wait_and_send(chip, TPM_VL_VER);
186 	wait_and_send(chip, TPM_CTRL_WTX_ABORT);
187 	wait_and_send(chip, 0x00);
188 	wait_and_send(chip, 0x00);
189 	number_of_wtx = 0;
190 	msleep(TPM_WTX_MSLEEP_TIME);
191 }
192 
193 static int tpm_inf_recv(struct tpm_chip *chip, u8 * buf, size_t count)
194 {
195 	int i;
196 	int ret;
197 	u32 size = 0;
198 
199 recv_begin:
200 	/* start receiving header */
201 	for (i = 0; i < 4; i++) {
202 		ret = wait(chip, STAT_RDA);
203 		if (ret)
204 			return -EIO;
205 		buf[i] = inb(chip->vendor->base + RDFIFO);
206 	}
207 
208 	if (buf[0] != TPM_VL_VER) {
209 		dev_err(&chip->pci_dev->dev,
210 			"Wrong transport protocol implementation!\n");
211 		return -EIO;
212 	}
213 
214 	if (buf[1] == TPM_CTRL_DATA) {
215 		/* size of the data received */
216 		size = ((buf[2] << 8) | buf[3]);
217 
218 		for (i = 0; i < size; i++) {
219 			wait(chip, STAT_RDA);
220 			buf[i] = inb(chip->vendor->base + RDFIFO);
221 		}
222 
223 		if ((size == 0x6D00) && (buf[1] == 0x80)) {
224 			dev_err(&chip->pci_dev->dev,
225 				"Error handling on vendor layer!\n");
226 			return -EIO;
227 		}
228 
229 		for (i = 0; i < size; i++)
230 			buf[i] = buf[i + 6];
231 
232 		size = size - 6;
233 		return size;
234 	}
235 
236 	if (buf[1] == TPM_CTRL_WTX) {
237 		dev_info(&chip->pci_dev->dev, "WTX-package received\n");
238 		if (number_of_wtx < TPM_MAX_WTX_PACKAGES) {
239 			tpm_wtx(chip);
240 			goto recv_begin;
241 		} else {
242 			tpm_wtx_abort(chip);
243 			goto recv_begin;
244 		}
245 	}
246 
247 	if (buf[1] == TPM_CTRL_WTX_ABORT_ACK) {
248 		dev_info(&chip->pci_dev->dev, "WTX-abort acknowledged\n");
249 		return size;
250 	}
251 
252 	if (buf[1] == TPM_CTRL_ERROR) {
253 		dev_err(&chip->pci_dev->dev, "ERROR-package received:\n");
254 		if (buf[4] == TPM_INF_NAK)
255 			dev_err(&chip->pci_dev->dev,
256 				"-> Negative acknowledgement"
257 				" - retransmit command!\n");
258 		return -EIO;
259 	}
260 	return -EIO;
261 }
262 
263 static int tpm_inf_send(struct tpm_chip *chip, u8 * buf, size_t count)
264 {
265 	int i;
266 	int ret;
267 	u8 count_high, count_low, count_4, count_3, count_2, count_1;
268 
269 	/* Disabling Reset, LP and IRQC */
270 	outb(RESET_LP_IRQC_DISABLE, chip->vendor->base + CMD);
271 
272 	ret = empty_fifo(chip, 1);
273 	if (ret) {
274 		dev_err(&chip->pci_dev->dev, "Timeout while clearing FIFO\n");
275 		return -EIO;
276 	}
277 
278 	ret = wait(chip, STAT_XFE);
279 	if (ret)
280 		return -EIO;
281 
282 	count_4 = (count & 0xff000000) >> 24;
283 	count_3 = (count & 0x00ff0000) >> 16;
284 	count_2 = (count & 0x0000ff00) >> 8;
285 	count_1 = (count & 0x000000ff);
286 	count_high = ((count + 6) & 0xffffff00) >> 8;
287 	count_low = ((count + 6) & 0x000000ff);
288 
289 	/* Sending Header */
290 	wait_and_send(chip, TPM_VL_VER);
291 	wait_and_send(chip, TPM_CTRL_DATA);
292 	wait_and_send(chip, count_high);
293 	wait_and_send(chip, count_low);
294 
295 	/* Sending Data Header */
296 	wait_and_send(chip, TPM_VL_VER);
297 	wait_and_send(chip, TPM_VL_CHANNEL_TPM);
298 	wait_and_send(chip, count_4);
299 	wait_and_send(chip, count_3);
300 	wait_and_send(chip, count_2);
301 	wait_and_send(chip, count_1);
302 
303 	/* Sending Data */
304 	for (i = 0; i < count; i++) {
305 		wait_and_send(chip, buf[i]);
306 	}
307 	return count;
308 }
309 
310 static void tpm_inf_cancel(struct tpm_chip *chip)
311 {
312 	/*
313 	   Since we are using the legacy mode to communicate
314 	   with the TPM, we have no cancel functions, but have
315 	   a workaround for interrupting the TPM through WTX.
316 	 */
317 }
318 
319 static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
320 static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
321 static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
322 static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
323 
324 static struct attribute *inf_attrs[] = {
325 	&dev_attr_pubek.attr,
326 	&dev_attr_pcrs.attr,
327 	&dev_attr_caps.attr,
328 	&dev_attr_cancel.attr,
329 	NULL,
330 };
331 
332 static struct attribute_group inf_attr_grp = {.attrs = inf_attrs };
333 
334 static struct file_operations inf_ops = {
335 	.owner = THIS_MODULE,
336 	.llseek = no_llseek,
337 	.open = tpm_open,
338 	.read = tpm_read,
339 	.write = tpm_write,
340 	.release = tpm_release,
341 };
342 
343 static struct tpm_vendor_specific tpm_inf = {
344 	.recv = tpm_inf_recv,
345 	.send = tpm_inf_send,
346 	.cancel = tpm_inf_cancel,
347 	.req_complete_mask = 0,
348 	.req_complete_val = 0,
349 	.attr_group = &inf_attr_grp,
350 	.miscdev = {.fops = &inf_ops,},
351 };
352 
353 static const struct pnp_device_id tpm_pnp_tbl[] = {
354 	/* Infineon TPMs */
355 	{"IFX0101", 0},
356 	{"IFX0102", 0},
357 	{"", 0}
358 };
359 MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl);
360 
361 static int __devinit tpm_inf_pnp_probe(struct pnp_dev *dev,
362 					const struct pnp_device_id *dev_id)
363 {
364 	if (pnp_port_valid(dev, 0)) {
365 		TPM_INF_ADDR = (pnp_port_start(dev, 0) & 0xff);
366 		TPM_INF_DATA = ((TPM_INF_ADDR + 1) & 0xff);
367 		tpm_inf.base = pnp_port_start(dev, 1);
368 		dev_info(&dev->dev, "Found %s with ID %s\n",
369 		dev->name, dev_id->id);
370 		return 0;
371 	}
372 	return -ENODEV;
373 }
374 
375 static struct pnp_driver tpm_inf_pnp = {
376 	.name = "tpm_inf_pnp",
377 	.id_table = tpm_pnp_tbl,
378 	.probe = tpm_inf_pnp_probe,
379 };
380 
381 static int __devinit tpm_inf_probe(struct pci_dev *pci_dev,
382 				   const struct pci_device_id *pci_id)
383 {
384 	int rc = 0;
385 	u8 iol, ioh;
386 	int vendorid[2];
387 	int version[2];
388 	int productid[2];
389 	char chipname[20];
390 
391 	rc = pci_enable_device(pci_dev);
392 	if (rc)
393 		return rc;
394 
395 	dev_info(&pci_dev->dev, "LPC-bus found at 0x%x\n", pci_id->device);
396 
397 	/* read IO-ports from PnP */
398 	rc = pnp_register_driver(&tpm_inf_pnp);
399 	if (rc < 0) {
400 		dev_err(&pci_dev->dev,
401 			"Error %x from pnp_register_driver!\n",rc);
402 		goto error2;
403 	}
404 	if (!rc) {
405 		dev_info(&pci_dev->dev, "No Infineon TPM found!\n");
406 		goto error;
407 	} else {
408 		pnp_registered = 1;
409 	}
410 
411 	/* Make sure, we have received valid config ports */
412 	if (!TPM_INF_ADDR) {
413 		dev_err(&pci_dev->dev, "No valid IO-ports received!\n");
414 		goto error;
415 	}
416 
417 	/* query chip for its vendor, its version number a.s.o. */
418 	outb(ENABLE_REGISTER_PAIR, TPM_INF_ADDR);
419 	outb(IDVENL, TPM_INF_ADDR);
420 	vendorid[1] = inb(TPM_INF_DATA);
421 	outb(IDVENH, TPM_INF_ADDR);
422 	vendorid[0] = inb(TPM_INF_DATA);
423 	outb(IDPDL, TPM_INF_ADDR);
424 	productid[1] = inb(TPM_INF_DATA);
425 	outb(IDPDH, TPM_INF_ADDR);
426 	productid[0] = inb(TPM_INF_DATA);
427 	outb(CHIP_ID1, TPM_INF_ADDR);
428 	version[1] = inb(TPM_INF_DATA);
429 	outb(CHIP_ID2, TPM_INF_ADDR);
430 	version[0] = inb(TPM_INF_DATA);
431 
432 	switch ((productid[0] << 8) | productid[1]) {
433 	case 6:
434 		snprintf(chipname, sizeof(chipname), " (SLD 9630 TT 1.1)");
435 		break;
436 	case 11:
437 		snprintf(chipname, sizeof(chipname), " (SLB 9635 TT 1.2)");
438 		break;
439 	default:
440 		snprintf(chipname, sizeof(chipname), " (unknown chip)");
441 		break;
442 	}
443 
444 	if ((vendorid[0] << 8 | vendorid[1]) == (TPM_INFINEON_DEV_VEN_VALUE)) {
445 
446 		if (tpm_inf.base == 0) {
447 			dev_err(&pci_dev->dev, "No IO-ports found!\n");
448 			goto error;
449 		}
450 		/* configure TPM with IO-ports */
451 		outb(IOLIMH, TPM_INF_ADDR);
452 		outb(((tpm_inf.base >> 8) & 0xff), TPM_INF_DATA);
453 		outb(IOLIML, TPM_INF_ADDR);
454 		outb((tpm_inf.base & 0xff), TPM_INF_DATA);
455 
456 		/* control if IO-ports are set correctly */
457 		outb(IOLIMH, TPM_INF_ADDR);
458 		ioh = inb(TPM_INF_DATA);
459 		outb(IOLIML, TPM_INF_ADDR);
460 		iol = inb(TPM_INF_DATA);
461 
462 		if ((ioh << 8 | iol) != tpm_inf.base) {
463 			dev_err(&pci_dev->dev,
464 				"Could not set IO-ports to %04x\n",
465 				tpm_inf.base);
466 			goto error;
467 		}
468 
469 		/* activate register */
470 		outb(TPM_DAR, TPM_INF_ADDR);
471 		outb(0x01, TPM_INF_DATA);
472 		outb(DISABLE_REGISTER_PAIR, TPM_INF_ADDR);
473 
474 		/* disable RESET, LP and IRQC */
475 		outb(RESET_LP_IRQC_DISABLE, tpm_inf.base + CMD);
476 
477 		/* Finally, we're done, print some infos */
478 		dev_info(&pci_dev->dev, "TPM found: "
479 			 "config base 0x%x, "
480 			 "io base 0x%x, "
481 			 "chip version %02x%02x, "
482 			 "vendor id %x%x (Infineon), "
483 			 "product id %02x%02x"
484 			 "%s\n",
485 			 TPM_INF_ADDR,
486 			 tpm_inf.base,
487 			 version[0], version[1],
488 			 vendorid[0], vendorid[1],
489 			 productid[0], productid[1], chipname);
490 
491 		rc = tpm_register_hardware(pci_dev, &tpm_inf);
492 		if (rc < 0)
493 			goto error;
494 		return 0;
495 	} else {
496 		dev_info(&pci_dev->dev, "No Infineon TPM found!\n");
497 error:
498 		pnp_unregister_driver(&tpm_inf_pnp);
499 error2:
500 		pci_disable_device(pci_dev);
501 		pnp_registered = 0;
502 		return -ENODEV;
503 	}
504 }
505 
506 static struct pci_device_id tpm_pci_tbl[] __devinitdata = {
507 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801BA_0)},
508 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801CA_12)},
509 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801DB_0)},
510 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801DB_12)},
511 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801EB_0)},
512 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_0)},
513 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_1)},
514 	{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_2)},
515 	{0,}
516 };
517 
518 MODULE_DEVICE_TABLE(pci, tpm_pci_tbl);
519 
520 static struct pci_driver inf_pci_driver = {
521 	.name = "tpm_inf",
522 	.id_table = tpm_pci_tbl,
523 	.probe = tpm_inf_probe,
524 	.remove = __devexit_p(tpm_remove),
525 	.suspend = tpm_pm_suspend,
526 	.resume = tpm_pm_resume,
527 };
528 
529 static int __init init_inf(void)
530 {
531 	return pci_register_driver(&inf_pci_driver);
532 }
533 
534 static void __exit cleanup_inf(void)
535 {
536 	if (pnp_registered)
537 		pnp_unregister_driver(&tpm_inf_pnp);
538 	pci_unregister_driver(&inf_pci_driver);
539 }
540 
541 module_init(init_inf);
542 module_exit(cleanup_inf);
543 
544 MODULE_AUTHOR("Marcel Selhorst <selhorst@crypto.rub.de>");
545 MODULE_DESCRIPTION("Driver for Infineon TPM SLD 9630 TT 1.1 / SLB 9635 TT 1.2");
546 MODULE_VERSION("1.5");
547 MODULE_LICENSE("GPL");
548