1 /* 2 * Description: 3 * Device Driver for the Infineon Technologies 4 * SLD 9630 TT 1.1 and SLB 9635 TT 1.2 Trusted Platform Module 5 * Specifications at www.trustedcomputinggroup.org 6 * 7 * Copyright (C) 2005, Marcel Selhorst <selhorst@crypto.rub.de> 8 * Sirrix AG - security technologies, http://www.sirrix.com and 9 * Applied Data Security Group, Ruhr-University Bochum, Germany 10 * Project-Homepage: http://www.prosec.rub.de/tpm 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License as 14 * published by the Free Software Foundation, version 2 of the 15 * License. 16 */ 17 18 #include <linux/init.h> 19 #include <linux/pnp.h> 20 #include "tpm.h" 21 22 /* Infineon specific definitions */ 23 /* maximum number of WTX-packages */ 24 #define TPM_MAX_WTX_PACKAGES 50 25 /* msleep-Time for WTX-packages */ 26 #define TPM_WTX_MSLEEP_TIME 20 27 /* msleep-Time --> Interval to check status register */ 28 #define TPM_MSLEEP_TIME 3 29 /* gives number of max. msleep()-calls before throwing timeout */ 30 #define TPM_MAX_TRIES 5000 31 #define TPM_INFINEON_DEV_VEN_VALUE 0x15D1 32 33 /* These values will be filled after PnP-call */ 34 static int TPM_INF_DATA; 35 static int TPM_INF_ADDR; 36 static int TPM_INF_BASE; 37 static int TPM_INF_ADDR_LEN; 38 static int TPM_INF_PORT_LEN; 39 40 /* TPM header definitions */ 41 enum infineon_tpm_header { 42 TPM_VL_VER = 0x01, 43 TPM_VL_CHANNEL_CONTROL = 0x07, 44 TPM_VL_CHANNEL_PERSONALISATION = 0x0A, 45 TPM_VL_CHANNEL_TPM = 0x0B, 46 TPM_VL_CONTROL = 0x00, 47 TPM_INF_NAK = 0x15, 48 TPM_CTRL_WTX = 0x10, 49 TPM_CTRL_WTX_ABORT = 0x18, 50 TPM_CTRL_WTX_ABORT_ACK = 0x18, 51 TPM_CTRL_ERROR = 0x20, 52 TPM_CTRL_CHAININGACK = 0x40, 53 TPM_CTRL_CHAINING = 0x80, 54 TPM_CTRL_DATA = 0x04, 55 TPM_CTRL_DATA_CHA = 0x84, 56 TPM_CTRL_DATA_CHA_ACK = 0xC4 57 }; 58 59 enum infineon_tpm_register { 60 WRFIFO = 0x00, 61 RDFIFO = 0x01, 62 STAT = 0x02, 63 CMD = 0x03 64 }; 65 66 enum infineon_tpm_command_bits { 67 CMD_DIS = 0x00, 68 CMD_LP = 0x01, 69 CMD_RES = 0x02, 70 CMD_IRQC = 0x06 71 }; 72 73 enum infineon_tpm_status_bits { 74 STAT_XFE = 0x00, 75 STAT_LPA = 0x01, 76 STAT_FOK = 0x02, 77 STAT_TOK = 0x03, 78 STAT_IRQA = 0x06, 79 STAT_RDA = 0x07 80 }; 81 82 /* some outgoing values */ 83 enum infineon_tpm_values { 84 CHIP_ID1 = 0x20, 85 CHIP_ID2 = 0x21, 86 TPM_DAR = 0x30, 87 RESET_LP_IRQC_DISABLE = 0x41, 88 ENABLE_REGISTER_PAIR = 0x55, 89 IOLIMH = 0x60, 90 IOLIML = 0x61, 91 DISABLE_REGISTER_PAIR = 0xAA, 92 IDVENL = 0xF1, 93 IDVENH = 0xF2, 94 IDPDL = 0xF3, 95 IDPDH = 0xF4 96 }; 97 98 static int number_of_wtx; 99 100 static int empty_fifo(struct tpm_chip *chip, int clear_wrfifo) 101 { 102 int status; 103 int check = 0; 104 int i; 105 106 if (clear_wrfifo) { 107 for (i = 0; i < 4096; i++) { 108 status = inb(chip->vendor.base + WRFIFO); 109 if (status == 0xff) { 110 if (check == 5) 111 break; 112 else 113 check++; 114 } 115 } 116 } 117 /* Note: The values which are currently in the FIFO of the TPM 118 are thrown away since there is no usage for them. Usually, 119 this has nothing to say, since the TPM will give its answer 120 immediately or will be aborted anyway, so the data here is 121 usually garbage and useless. 122 We have to clean this, because the next communication with 123 the TPM would be rubbish, if there is still some old data 124 in the Read FIFO. 125 */ 126 i = 0; 127 do { 128 status = inb(chip->vendor.base + RDFIFO); 129 status = inb(chip->vendor.base + STAT); 130 i++; 131 if (i == TPM_MAX_TRIES) 132 return -EIO; 133 } while ((status & (1 << STAT_RDA)) != 0); 134 return 0; 135 } 136 137 static int wait(struct tpm_chip *chip, int wait_for_bit) 138 { 139 int status; 140 int i; 141 for (i = 0; i < TPM_MAX_TRIES; i++) { 142 status = inb(chip->vendor.base + STAT); 143 /* check the status-register if wait_for_bit is set */ 144 if (status & 1 << wait_for_bit) 145 break; 146 msleep(TPM_MSLEEP_TIME); 147 } 148 if (i == TPM_MAX_TRIES) { /* timeout occurs */ 149 if (wait_for_bit == STAT_XFE) 150 dev_err(chip->dev, "Timeout in wait(STAT_XFE)\n"); 151 if (wait_for_bit == STAT_RDA) 152 dev_err(chip->dev, "Timeout in wait(STAT_RDA)\n"); 153 return -EIO; 154 } 155 return 0; 156 }; 157 158 static void wait_and_send(struct tpm_chip *chip, u8 sendbyte) 159 { 160 wait(chip, STAT_XFE); 161 outb(sendbyte, chip->vendor.base + WRFIFO); 162 } 163 164 /* Note: WTX means Waiting-Time-Extension. Whenever the TPM needs more 165 calculation time, it sends a WTX-package, which has to be acknowledged 166 or aborted. This usually occurs if you are hammering the TPM with key 167 creation. Set the maximum number of WTX-packages in the definitions 168 above, if the number is reached, the waiting-time will be denied 169 and the TPM command has to be resend. 170 */ 171 172 static void tpm_wtx(struct tpm_chip *chip) 173 { 174 number_of_wtx++; 175 dev_info(chip->dev, "Granting WTX (%02d / %02d)\n", 176 number_of_wtx, TPM_MAX_WTX_PACKAGES); 177 wait_and_send(chip, TPM_VL_VER); 178 wait_and_send(chip, TPM_CTRL_WTX); 179 wait_and_send(chip, 0x00); 180 wait_and_send(chip, 0x00); 181 msleep(TPM_WTX_MSLEEP_TIME); 182 } 183 184 static void tpm_wtx_abort(struct tpm_chip *chip) 185 { 186 dev_info(chip->dev, "Aborting WTX\n"); 187 wait_and_send(chip, TPM_VL_VER); 188 wait_and_send(chip, TPM_CTRL_WTX_ABORT); 189 wait_and_send(chip, 0x00); 190 wait_and_send(chip, 0x00); 191 number_of_wtx = 0; 192 msleep(TPM_WTX_MSLEEP_TIME); 193 } 194 195 static int tpm_inf_recv(struct tpm_chip *chip, u8 * buf, size_t count) 196 { 197 int i; 198 int ret; 199 u32 size = 0; 200 number_of_wtx = 0; 201 202 recv_begin: 203 /* start receiving header */ 204 for (i = 0; i < 4; i++) { 205 ret = wait(chip, STAT_RDA); 206 if (ret) 207 return -EIO; 208 buf[i] = inb(chip->vendor.base + RDFIFO); 209 } 210 211 if (buf[0] != TPM_VL_VER) { 212 dev_err(chip->dev, 213 "Wrong transport protocol implementation!\n"); 214 return -EIO; 215 } 216 217 if (buf[1] == TPM_CTRL_DATA) { 218 /* size of the data received */ 219 size = ((buf[2] << 8) | buf[3]); 220 221 for (i = 0; i < size; i++) { 222 wait(chip, STAT_RDA); 223 buf[i] = inb(chip->vendor.base + RDFIFO); 224 } 225 226 if ((size == 0x6D00) && (buf[1] == 0x80)) { 227 dev_err(chip->dev, "Error handling on vendor layer!\n"); 228 return -EIO; 229 } 230 231 for (i = 0; i < size; i++) 232 buf[i] = buf[i + 6]; 233 234 size = size - 6; 235 return size; 236 } 237 238 if (buf[1] == TPM_CTRL_WTX) { 239 dev_info(chip->dev, "WTX-package received\n"); 240 if (number_of_wtx < TPM_MAX_WTX_PACKAGES) { 241 tpm_wtx(chip); 242 goto recv_begin; 243 } else { 244 tpm_wtx_abort(chip); 245 goto recv_begin; 246 } 247 } 248 249 if (buf[1] == TPM_CTRL_WTX_ABORT_ACK) { 250 dev_info(chip->dev, "WTX-abort acknowledged\n"); 251 return size; 252 } 253 254 if (buf[1] == TPM_CTRL_ERROR) { 255 dev_err(chip->dev, "ERROR-package received:\n"); 256 if (buf[4] == TPM_INF_NAK) 257 dev_err(chip->dev, 258 "-> Negative acknowledgement" 259 " - retransmit command!\n"); 260 return -EIO; 261 } 262 return -EIO; 263 } 264 265 static int tpm_inf_send(struct tpm_chip *chip, u8 * buf, size_t count) 266 { 267 int i; 268 int ret; 269 u8 count_high, count_low, count_4, count_3, count_2, count_1; 270 271 /* Disabling Reset, LP and IRQC */ 272 outb(RESET_LP_IRQC_DISABLE, chip->vendor.base + CMD); 273 274 ret = empty_fifo(chip, 1); 275 if (ret) { 276 dev_err(chip->dev, "Timeout while clearing FIFO\n"); 277 return -EIO; 278 } 279 280 ret = wait(chip, STAT_XFE); 281 if (ret) 282 return -EIO; 283 284 count_4 = (count & 0xff000000) >> 24; 285 count_3 = (count & 0x00ff0000) >> 16; 286 count_2 = (count & 0x0000ff00) >> 8; 287 count_1 = (count & 0x000000ff); 288 count_high = ((count + 6) & 0xffffff00) >> 8; 289 count_low = ((count + 6) & 0x000000ff); 290 291 /* Sending Header */ 292 wait_and_send(chip, TPM_VL_VER); 293 wait_and_send(chip, TPM_CTRL_DATA); 294 wait_and_send(chip, count_high); 295 wait_and_send(chip, count_low); 296 297 /* Sending Data Header */ 298 wait_and_send(chip, TPM_VL_VER); 299 wait_and_send(chip, TPM_VL_CHANNEL_TPM); 300 wait_and_send(chip, count_4); 301 wait_and_send(chip, count_3); 302 wait_and_send(chip, count_2); 303 wait_and_send(chip, count_1); 304 305 /* Sending Data */ 306 for (i = 0; i < count; i++) { 307 wait_and_send(chip, buf[i]); 308 } 309 return count; 310 } 311 312 static void tpm_inf_cancel(struct tpm_chip *chip) 313 { 314 /* 315 Since we are using the legacy mode to communicate 316 with the TPM, we have no cancel functions, but have 317 a workaround for interrupting the TPM through WTX. 318 */ 319 } 320 321 static u8 tpm_inf_status(struct tpm_chip *chip) 322 { 323 return inb(chip->vendor.base + STAT); 324 } 325 326 static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL); 327 static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL); 328 static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL); 329 static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 330 331 static struct attribute *inf_attrs[] = { 332 &dev_attr_pubek.attr, 333 &dev_attr_pcrs.attr, 334 &dev_attr_caps.attr, 335 &dev_attr_cancel.attr, 336 NULL, 337 }; 338 339 static struct attribute_group inf_attr_grp = {.attrs = inf_attrs }; 340 341 static const struct file_operations inf_ops = { 342 .owner = THIS_MODULE, 343 .llseek = no_llseek, 344 .open = tpm_open, 345 .read = tpm_read, 346 .write = tpm_write, 347 .release = tpm_release, 348 }; 349 350 static const struct tpm_vendor_specific tpm_inf = { 351 .recv = tpm_inf_recv, 352 .send = tpm_inf_send, 353 .cancel = tpm_inf_cancel, 354 .status = tpm_inf_status, 355 .req_complete_mask = 0, 356 .req_complete_val = 0, 357 .attr_group = &inf_attr_grp, 358 .miscdev = {.fops = &inf_ops,}, 359 }; 360 361 static const struct pnp_device_id tpm_pnp_tbl[] = { 362 /* Infineon TPMs */ 363 {"IFX0101", 0}, 364 {"IFX0102", 0}, 365 {"", 0} 366 }; 367 368 MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl); 369 370 static int __devinit tpm_inf_pnp_probe(struct pnp_dev *dev, 371 const struct pnp_device_id *dev_id) 372 { 373 int rc = 0; 374 u8 iol, ioh; 375 int vendorid[2]; 376 int version[2]; 377 int productid[2]; 378 char chipname[20]; 379 struct tpm_chip *chip; 380 381 /* read IO-ports through PnP */ 382 if (pnp_port_valid(dev, 0) && pnp_port_valid(dev, 1) && 383 !(pnp_port_flags(dev, 0) & IORESOURCE_DISABLED)) { 384 TPM_INF_ADDR = pnp_port_start(dev, 0); 385 TPM_INF_ADDR_LEN = pnp_port_len(dev, 0); 386 TPM_INF_DATA = (TPM_INF_ADDR + 1); 387 TPM_INF_BASE = pnp_port_start(dev, 1); 388 TPM_INF_PORT_LEN = pnp_port_len(dev, 1); 389 if ((TPM_INF_PORT_LEN < 4) || (TPM_INF_ADDR_LEN < 2)) { 390 rc = -EINVAL; 391 goto err_last; 392 } 393 dev_info(&dev->dev, "Found %s with ID %s\n", 394 dev->name, dev_id->id); 395 if (!((TPM_INF_BASE >> 8) & 0xff)) { 396 rc = -EINVAL; 397 goto err_last; 398 } 399 /* publish my base address and request region */ 400 if (request_region 401 (TPM_INF_BASE, TPM_INF_PORT_LEN, "tpm_infineon0") == NULL) { 402 rc = -EINVAL; 403 goto err_last; 404 } 405 if (request_region 406 (TPM_INF_ADDR, TPM_INF_ADDR_LEN, "tpm_infineon0") == NULL) { 407 rc = -EINVAL; 408 goto err_last; 409 } 410 } else { 411 rc = -EINVAL; 412 goto err_last; 413 } 414 415 /* query chip for its vendor, its version number a.s.o. */ 416 outb(ENABLE_REGISTER_PAIR, TPM_INF_ADDR); 417 outb(IDVENL, TPM_INF_ADDR); 418 vendorid[1] = inb(TPM_INF_DATA); 419 outb(IDVENH, TPM_INF_ADDR); 420 vendorid[0] = inb(TPM_INF_DATA); 421 outb(IDPDL, TPM_INF_ADDR); 422 productid[1] = inb(TPM_INF_DATA); 423 outb(IDPDH, TPM_INF_ADDR); 424 productid[0] = inb(TPM_INF_DATA); 425 outb(CHIP_ID1, TPM_INF_ADDR); 426 version[1] = inb(TPM_INF_DATA); 427 outb(CHIP_ID2, TPM_INF_ADDR); 428 version[0] = inb(TPM_INF_DATA); 429 430 switch ((productid[0] << 8) | productid[1]) { 431 case 6: 432 snprintf(chipname, sizeof(chipname), " (SLD 9630 TT 1.1)"); 433 break; 434 case 11: 435 snprintf(chipname, sizeof(chipname), " (SLB 9635 TT 1.2)"); 436 break; 437 default: 438 snprintf(chipname, sizeof(chipname), " (unknown chip)"); 439 break; 440 } 441 442 if ((vendorid[0] << 8 | vendorid[1]) == (TPM_INFINEON_DEV_VEN_VALUE)) { 443 444 /* configure TPM with IO-ports */ 445 outb(IOLIMH, TPM_INF_ADDR); 446 outb(((TPM_INF_BASE >> 8) & 0xff), TPM_INF_DATA); 447 outb(IOLIML, TPM_INF_ADDR); 448 outb((TPM_INF_BASE & 0xff), TPM_INF_DATA); 449 450 /* control if IO-ports are set correctly */ 451 outb(IOLIMH, TPM_INF_ADDR); 452 ioh = inb(TPM_INF_DATA); 453 outb(IOLIML, TPM_INF_ADDR); 454 iol = inb(TPM_INF_DATA); 455 456 if ((ioh << 8 | iol) != TPM_INF_BASE) { 457 dev_err(&dev->dev, 458 "Could not set IO-ports to 0x%x\n", 459 TPM_INF_BASE); 460 rc = -EIO; 461 goto err_release_region; 462 } 463 464 /* activate register */ 465 outb(TPM_DAR, TPM_INF_ADDR); 466 outb(0x01, TPM_INF_DATA); 467 outb(DISABLE_REGISTER_PAIR, TPM_INF_ADDR); 468 469 /* disable RESET, LP and IRQC */ 470 outb(RESET_LP_IRQC_DISABLE, TPM_INF_BASE + CMD); 471 472 /* Finally, we're done, print some infos */ 473 dev_info(&dev->dev, "TPM found: " 474 "config base 0x%x, " 475 "io base 0x%x, " 476 "chip version 0x%02x%02x, " 477 "vendor id 0x%x%x (Infineon), " 478 "product id 0x%02x%02x" 479 "%s\n", 480 TPM_INF_ADDR, 481 TPM_INF_BASE, 482 version[0], version[1], 483 vendorid[0], vendorid[1], 484 productid[0], productid[1], chipname); 485 486 if (!(chip = tpm_register_hardware(&dev->dev, &tpm_inf))) { 487 goto err_release_region; 488 } 489 chip->vendor.base = TPM_INF_BASE; 490 return 0; 491 } else { 492 rc = -ENODEV; 493 goto err_release_region; 494 } 495 496 err_release_region: 497 release_region(TPM_INF_BASE, TPM_INF_PORT_LEN); 498 release_region(TPM_INF_ADDR, TPM_INF_ADDR_LEN); 499 500 err_last: 501 return rc; 502 } 503 504 static __devexit void tpm_inf_pnp_remove(struct pnp_dev *dev) 505 { 506 struct tpm_chip *chip = pnp_get_drvdata(dev); 507 508 if (chip) { 509 release_region(TPM_INF_BASE, TPM_INF_PORT_LEN); 510 release_region(TPM_INF_ADDR, TPM_INF_ADDR_LEN); 511 tpm_remove_hardware(chip->dev); 512 } 513 } 514 515 static struct pnp_driver tpm_inf_pnp = { 516 .name = "tpm_inf_pnp", 517 .driver = { 518 .owner = THIS_MODULE, 519 .suspend = tpm_pm_suspend, 520 .resume = tpm_pm_resume, 521 }, 522 .id_table = tpm_pnp_tbl, 523 .probe = tpm_inf_pnp_probe, 524 .remove = __devexit_p(tpm_inf_pnp_remove), 525 }; 526 527 static int __init init_inf(void) 528 { 529 return pnp_register_driver(&tpm_inf_pnp); 530 } 531 532 static void __exit cleanup_inf(void) 533 { 534 pnp_unregister_driver(&tpm_inf_pnp); 535 } 536 537 module_init(init_inf); 538 module_exit(cleanup_inf); 539 540 MODULE_AUTHOR("Marcel Selhorst <selhorst@crypto.rub.de>"); 541 MODULE_DESCRIPTION("Driver for Infineon TPM SLD 9630 TT 1.1 / SLB 9635 TT 1.2"); 542 MODULE_VERSION("1.8"); 543 MODULE_LICENSE("GPL"); 544