xref: /linux/drivers/char/tpm/tpm_tis_core.c (revision bdd1a21b52557ea8f61d0a5dc2f77151b576eb70)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2005, 2006 IBM Corporation
4  * Copyright (C) 2014, 2015 Intel Corporation
5  *
6  * Authors:
7  * Leendert van Doorn <leendert@watson.ibm.com>
8  * Kylene Hall <kjhall@us.ibm.com>
9  *
10  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11  *
12  * Device driver for TCG/TCPA TPM (trusted platform module).
13  * Specifications at www.trustedcomputinggroup.org
14  *
15  * This device driver implements the TPM interface as defined in
16  * the TCG TPM Interface Spec version 1.2, revision 1.0.
17  */
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/moduleparam.h>
21 #include <linux/pnp.h>
22 #include <linux/slab.h>
23 #include <linux/interrupt.h>
24 #include <linux/wait.h>
25 #include <linux/acpi.h>
26 #include <linux/freezer.h>
27 #include "tpm.h"
28 #include "tpm_tis_core.h"
29 
30 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
31 
32 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
33 					bool check_cancel, bool *canceled)
34 {
35 	u8 status = chip->ops->status(chip);
36 
37 	*canceled = false;
38 	if ((status & mask) == mask)
39 		return true;
40 	if (check_cancel && chip->ops->req_canceled(chip, status)) {
41 		*canceled = true;
42 		return true;
43 	}
44 	return false;
45 }
46 
47 static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
48 		unsigned long timeout, wait_queue_head_t *queue,
49 		bool check_cancel)
50 {
51 	unsigned long stop;
52 	long rc;
53 	u8 status;
54 	bool canceled = false;
55 
56 	/* check current status */
57 	status = chip->ops->status(chip);
58 	if ((status & mask) == mask)
59 		return 0;
60 
61 	stop = jiffies + timeout;
62 
63 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
64 again:
65 		timeout = stop - jiffies;
66 		if ((long)timeout <= 0)
67 			return -ETIME;
68 		rc = wait_event_interruptible_timeout(*queue,
69 			wait_for_tpm_stat_cond(chip, mask, check_cancel,
70 					       &canceled),
71 			timeout);
72 		if (rc > 0) {
73 			if (canceled)
74 				return -ECANCELED;
75 			return 0;
76 		}
77 		if (rc == -ERESTARTSYS && freezing(current)) {
78 			clear_thread_flag(TIF_SIGPENDING);
79 			goto again;
80 		}
81 	} else {
82 		do {
83 			usleep_range(TPM_TIMEOUT_USECS_MIN,
84 				     TPM_TIMEOUT_USECS_MAX);
85 			status = chip->ops->status(chip);
86 			if ((status & mask) == mask)
87 				return 0;
88 		} while (time_before(jiffies, stop));
89 	}
90 	return -ETIME;
91 }
92 
93 /* Before we attempt to access the TPM we must see that the valid bit is set.
94  * The specification says that this bit is 0 at reset and remains 0 until the
95  * 'TPM has gone through its self test and initialization and has established
96  * correct values in the other bits.'
97  */
98 static int wait_startup(struct tpm_chip *chip, int l)
99 {
100 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
101 	unsigned long stop = jiffies + chip->timeout_a;
102 
103 	do {
104 		int rc;
105 		u8 access;
106 
107 		rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
108 		if (rc < 0)
109 			return rc;
110 
111 		if (access & TPM_ACCESS_VALID)
112 			return 0;
113 		tpm_msleep(TPM_TIMEOUT);
114 	} while (time_before(jiffies, stop));
115 	return -1;
116 }
117 
118 static bool check_locality(struct tpm_chip *chip, int l)
119 {
120 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
121 	int rc;
122 	u8 access;
123 
124 	rc = tpm_tis_read8(priv, TPM_ACCESS(l), &access);
125 	if (rc < 0)
126 		return false;
127 
128 	if ((access & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID
129 		       | TPM_ACCESS_REQUEST_USE)) ==
130 	    (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
131 		priv->locality = l;
132 		return true;
133 	}
134 
135 	return false;
136 }
137 
138 static int release_locality(struct tpm_chip *chip, int l)
139 {
140 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
141 
142 	tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_ACTIVE_LOCALITY);
143 
144 	return 0;
145 }
146 
147 static int request_locality(struct tpm_chip *chip, int l)
148 {
149 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
150 	unsigned long stop, timeout;
151 	long rc;
152 
153 	if (check_locality(chip, l))
154 		return l;
155 
156 	rc = tpm_tis_write8(priv, TPM_ACCESS(l), TPM_ACCESS_REQUEST_USE);
157 	if (rc < 0)
158 		return rc;
159 
160 	stop = jiffies + chip->timeout_a;
161 
162 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
163 again:
164 		timeout = stop - jiffies;
165 		if ((long)timeout <= 0)
166 			return -1;
167 		rc = wait_event_interruptible_timeout(priv->int_queue,
168 						      (check_locality
169 						       (chip, l)),
170 						      timeout);
171 		if (rc > 0)
172 			return l;
173 		if (rc == -ERESTARTSYS && freezing(current)) {
174 			clear_thread_flag(TIF_SIGPENDING);
175 			goto again;
176 		}
177 	} else {
178 		/* wait for burstcount */
179 		do {
180 			if (check_locality(chip, l))
181 				return l;
182 			tpm_msleep(TPM_TIMEOUT);
183 		} while (time_before(jiffies, stop));
184 	}
185 	return -1;
186 }
187 
188 static u8 tpm_tis_status(struct tpm_chip *chip)
189 {
190 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
191 	int rc;
192 	u8 status;
193 
194 	rc = tpm_tis_read8(priv, TPM_STS(priv->locality), &status);
195 	if (rc < 0)
196 		return 0;
197 
198 	if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
199 		if  (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
200 			/*
201 			 * If this trips, the chances are the read is
202 			 * returning 0xff because the locality hasn't been
203 			 * acquired.  Usually because tpm_try_get_ops() hasn't
204 			 * been called before doing a TPM operation.
205 			 */
206 			dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
207 				status);
208 
209 			/*
210 			 * Dump stack for forensics, as invalid TPM_STS.x could be
211 			 * potentially triggered by impaired tpm_try_get_ops() or
212 			 * tpm_find_get_ops().
213 			 */
214 			dump_stack();
215 		}
216 
217 		return 0;
218 	}
219 
220 	return status;
221 }
222 
223 static void tpm_tis_ready(struct tpm_chip *chip)
224 {
225 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
226 
227 	/* this causes the current command to be aborted */
228 	tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_COMMAND_READY);
229 }
230 
231 static int get_burstcount(struct tpm_chip *chip)
232 {
233 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
234 	unsigned long stop;
235 	int burstcnt, rc;
236 	u32 value;
237 
238 	/* wait for burstcount */
239 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
240 		stop = jiffies + chip->timeout_a;
241 	else
242 		stop = jiffies + chip->timeout_d;
243 	do {
244 		rc = tpm_tis_read32(priv, TPM_STS(priv->locality), &value);
245 		if (rc < 0)
246 			return rc;
247 
248 		burstcnt = (value >> 8) & 0xFFFF;
249 		if (burstcnt)
250 			return burstcnt;
251 		usleep_range(TPM_TIMEOUT_USECS_MIN, TPM_TIMEOUT_USECS_MAX);
252 	} while (time_before(jiffies, stop));
253 	return -EBUSY;
254 }
255 
256 static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count)
257 {
258 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
259 	int size = 0, burstcnt, rc;
260 
261 	while (size < count) {
262 		rc = wait_for_tpm_stat(chip,
263 				 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
264 				 chip->timeout_c,
265 				 &priv->read_queue, true);
266 		if (rc < 0)
267 			return rc;
268 		burstcnt = get_burstcount(chip);
269 		if (burstcnt < 0) {
270 			dev_err(&chip->dev, "Unable to read burstcount\n");
271 			return burstcnt;
272 		}
273 		burstcnt = min_t(int, burstcnt, count - size);
274 
275 		rc = tpm_tis_read_bytes(priv, TPM_DATA_FIFO(priv->locality),
276 					burstcnt, buf + size);
277 		if (rc < 0)
278 			return rc;
279 
280 		size += burstcnt;
281 	}
282 	return size;
283 }
284 
285 static int tpm_tis_recv(struct tpm_chip *chip, u8 *buf, size_t count)
286 {
287 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
288 	int size = 0;
289 	int status;
290 	u32 expected;
291 
292 	if (count < TPM_HEADER_SIZE) {
293 		size = -EIO;
294 		goto out;
295 	}
296 
297 	size = recv_data(chip, buf, TPM_HEADER_SIZE);
298 	/* read first 10 bytes, including tag, paramsize, and result */
299 	if (size < TPM_HEADER_SIZE) {
300 		dev_err(&chip->dev, "Unable to read header\n");
301 		goto out;
302 	}
303 
304 	expected = be32_to_cpu(*(__be32 *) (buf + 2));
305 	if (expected > count || expected < TPM_HEADER_SIZE) {
306 		size = -EIO;
307 		goto out;
308 	}
309 
310 	size += recv_data(chip, &buf[TPM_HEADER_SIZE],
311 			  expected - TPM_HEADER_SIZE);
312 	if (size < expected) {
313 		dev_err(&chip->dev, "Unable to read remainder of result\n");
314 		size = -ETIME;
315 		goto out;
316 	}
317 
318 	if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
319 				&priv->int_queue, false) < 0) {
320 		size = -ETIME;
321 		goto out;
322 	}
323 	status = tpm_tis_status(chip);
324 	if (status & TPM_STS_DATA_AVAIL) {	/* retry? */
325 		dev_err(&chip->dev, "Error left over data\n");
326 		size = -EIO;
327 		goto out;
328 	}
329 
330 out:
331 	tpm_tis_ready(chip);
332 	return size;
333 }
334 
335 /*
336  * If interrupts are used (signaled by an irq set in the vendor structure)
337  * tpm.c can skip polling for the data to be available as the interrupt is
338  * waited for here
339  */
340 static int tpm_tis_send_data(struct tpm_chip *chip, const u8 *buf, size_t len)
341 {
342 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
343 	int rc, status, burstcnt;
344 	size_t count = 0;
345 	bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND;
346 
347 	status = tpm_tis_status(chip);
348 	if ((status & TPM_STS_COMMAND_READY) == 0) {
349 		tpm_tis_ready(chip);
350 		if (wait_for_tpm_stat
351 		    (chip, TPM_STS_COMMAND_READY, chip->timeout_b,
352 		     &priv->int_queue, false) < 0) {
353 			rc = -ETIME;
354 			goto out_err;
355 		}
356 	}
357 
358 	while (count < len - 1) {
359 		burstcnt = get_burstcount(chip);
360 		if (burstcnt < 0) {
361 			dev_err(&chip->dev, "Unable to read burstcount\n");
362 			rc = burstcnt;
363 			goto out_err;
364 		}
365 		burstcnt = min_t(int, burstcnt, len - count - 1);
366 		rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality),
367 					 burstcnt, buf + count);
368 		if (rc < 0)
369 			goto out_err;
370 
371 		count += burstcnt;
372 
373 		if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
374 					&priv->int_queue, false) < 0) {
375 			rc = -ETIME;
376 			goto out_err;
377 		}
378 		status = tpm_tis_status(chip);
379 		if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) {
380 			rc = -EIO;
381 			goto out_err;
382 		}
383 	}
384 
385 	/* write last byte */
386 	rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]);
387 	if (rc < 0)
388 		goto out_err;
389 
390 	if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c,
391 				&priv->int_queue, false) < 0) {
392 		rc = -ETIME;
393 		goto out_err;
394 	}
395 	status = tpm_tis_status(chip);
396 	if (!itpm && (status & TPM_STS_DATA_EXPECT) != 0) {
397 		rc = -EIO;
398 		goto out_err;
399 	}
400 
401 	return 0;
402 
403 out_err:
404 	tpm_tis_ready(chip);
405 	return rc;
406 }
407 
408 static void disable_interrupts(struct tpm_chip *chip)
409 {
410 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
411 	u32 intmask;
412 	int rc;
413 
414 	if (priv->irq == 0)
415 		return;
416 
417 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
418 	if (rc < 0)
419 		intmask = 0;
420 
421 	intmask &= ~TPM_GLOBAL_INT_ENABLE;
422 	rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
423 
424 	devm_free_irq(chip->dev.parent, priv->irq, chip);
425 	priv->irq = 0;
426 	chip->flags &= ~TPM_CHIP_FLAG_IRQ;
427 }
428 
429 /*
430  * If interrupts are used (signaled by an irq set in the vendor structure)
431  * tpm.c can skip polling for the data to be available as the interrupt is
432  * waited for here
433  */
434 static int tpm_tis_send_main(struct tpm_chip *chip, const u8 *buf, size_t len)
435 {
436 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
437 	int rc;
438 	u32 ordinal;
439 	unsigned long dur;
440 
441 	rc = tpm_tis_send_data(chip, buf, len);
442 	if (rc < 0)
443 		return rc;
444 
445 	/* go and do it */
446 	rc = tpm_tis_write8(priv, TPM_STS(priv->locality), TPM_STS_GO);
447 	if (rc < 0)
448 		goto out_err;
449 
450 	if (chip->flags & TPM_CHIP_FLAG_IRQ) {
451 		ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
452 
453 		dur = tpm_calc_ordinal_duration(chip, ordinal);
454 		if (wait_for_tpm_stat
455 		    (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur,
456 		     &priv->read_queue, false) < 0) {
457 			rc = -ETIME;
458 			goto out_err;
459 		}
460 	}
461 	return 0;
462 out_err:
463 	tpm_tis_ready(chip);
464 	return rc;
465 }
466 
467 static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
468 {
469 	int rc, irq;
470 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
471 
472 	if (!(chip->flags & TPM_CHIP_FLAG_IRQ) || priv->irq_tested)
473 		return tpm_tis_send_main(chip, buf, len);
474 
475 	/* Verify receipt of the expected IRQ */
476 	irq = priv->irq;
477 	priv->irq = 0;
478 	chip->flags &= ~TPM_CHIP_FLAG_IRQ;
479 	rc = tpm_tis_send_main(chip, buf, len);
480 	priv->irq = irq;
481 	chip->flags |= TPM_CHIP_FLAG_IRQ;
482 	if (!priv->irq_tested)
483 		tpm_msleep(1);
484 	if (!priv->irq_tested)
485 		disable_interrupts(chip);
486 	priv->irq_tested = true;
487 	return rc;
488 }
489 
490 struct tis_vendor_durations_override {
491 	u32 did_vid;
492 	struct tpm1_version version;
493 	unsigned long durations[3];
494 };
495 
496 static const struct  tis_vendor_durations_override vendor_dur_overrides[] = {
497 	/* STMicroelectronics 0x104a */
498 	{ 0x0000104a,
499 	  { 1, 2, 8, 28 },
500 	  { (2 * 60 * HZ), (2 * 60 * HZ), (2 * 60 * HZ) } },
501 };
502 
503 static void tpm_tis_update_durations(struct tpm_chip *chip,
504 				     unsigned long *duration_cap)
505 {
506 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
507 	struct tpm1_version *version;
508 	u32 did_vid;
509 	int i, rc;
510 	cap_t cap;
511 
512 	chip->duration_adjusted = false;
513 
514 	if (chip->ops->clk_enable != NULL)
515 		chip->ops->clk_enable(chip, true);
516 
517 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
518 	if (rc < 0) {
519 		dev_warn(&chip->dev, "%s: failed to read did_vid. %d\n",
520 			 __func__, rc);
521 		goto out;
522 	}
523 
524 	/* Try to get a TPM version 1.2 or 1.1 TPM_CAP_VERSION_INFO */
525 	rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap,
526 			 "attempting to determine the 1.2 version",
527 			 sizeof(cap.version2));
528 	if (!rc) {
529 		version = &cap.version2.version;
530 	} else {
531 		rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap,
532 				 "attempting to determine the 1.1 version",
533 				 sizeof(cap.version1));
534 
535 		if (rc)
536 			goto out;
537 
538 		version = &cap.version1;
539 	}
540 
541 	for (i = 0; i != ARRAY_SIZE(vendor_dur_overrides); i++) {
542 		if (vendor_dur_overrides[i].did_vid != did_vid)
543 			continue;
544 
545 		if ((version->major ==
546 		     vendor_dur_overrides[i].version.major) &&
547 		    (version->minor ==
548 		     vendor_dur_overrides[i].version.minor) &&
549 		    (version->rev_major ==
550 		     vendor_dur_overrides[i].version.rev_major) &&
551 		    (version->rev_minor ==
552 		     vendor_dur_overrides[i].version.rev_minor)) {
553 
554 			memcpy(duration_cap,
555 			       vendor_dur_overrides[i].durations,
556 			       sizeof(vendor_dur_overrides[i].durations));
557 
558 			chip->duration_adjusted = true;
559 			goto out;
560 		}
561 	}
562 
563 out:
564 	if (chip->ops->clk_enable != NULL)
565 		chip->ops->clk_enable(chip, false);
566 }
567 
568 struct tis_vendor_timeout_override {
569 	u32 did_vid;
570 	unsigned long timeout_us[4];
571 };
572 
573 static const struct tis_vendor_timeout_override vendor_timeout_overrides[] = {
574 	/* Atmel 3204 */
575 	{ 0x32041114, { (TIS_SHORT_TIMEOUT*1000), (TIS_LONG_TIMEOUT*1000),
576 			(TIS_SHORT_TIMEOUT*1000), (TIS_SHORT_TIMEOUT*1000) } },
577 };
578 
579 static void tpm_tis_update_timeouts(struct tpm_chip *chip,
580 				    unsigned long *timeout_cap)
581 {
582 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
583 	int i, rc;
584 	u32 did_vid;
585 
586 	chip->timeout_adjusted = false;
587 
588 	if (chip->ops->clk_enable != NULL)
589 		chip->ops->clk_enable(chip, true);
590 
591 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
592 	if (rc < 0) {
593 		dev_warn(&chip->dev, "%s: failed to read did_vid: %d\n",
594 			 __func__, rc);
595 		goto out;
596 	}
597 
598 	for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
599 		if (vendor_timeout_overrides[i].did_vid != did_vid)
600 			continue;
601 		memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
602 		       sizeof(vendor_timeout_overrides[i].timeout_us));
603 		chip->timeout_adjusted = true;
604 	}
605 
606 out:
607 	if (chip->ops->clk_enable != NULL)
608 		chip->ops->clk_enable(chip, false);
609 
610 	return;
611 }
612 
613 /*
614  * Early probing for iTPM with STS_DATA_EXPECT flaw.
615  * Try sending command without itpm flag set and if that
616  * fails, repeat with itpm flag set.
617  */
618 static int probe_itpm(struct tpm_chip *chip)
619 {
620 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
621 	int rc = 0;
622 	static const u8 cmd_getticks[] = {
623 		0x00, 0xc1, 0x00, 0x00, 0x00, 0x0a,
624 		0x00, 0x00, 0x00, 0xf1
625 	};
626 	size_t len = sizeof(cmd_getticks);
627 	u16 vendor;
628 
629 	if (priv->flags & TPM_TIS_ITPM_WORKAROUND)
630 		return 0;
631 
632 	rc = tpm_tis_read16(priv, TPM_DID_VID(0), &vendor);
633 	if (rc < 0)
634 		return rc;
635 
636 	/* probe only iTPMS */
637 	if (vendor != TPM_VID_INTEL)
638 		return 0;
639 
640 	if (request_locality(chip, 0) != 0)
641 		return -EBUSY;
642 
643 	rc = tpm_tis_send_data(chip, cmd_getticks, len);
644 	if (rc == 0)
645 		goto out;
646 
647 	tpm_tis_ready(chip);
648 
649 	priv->flags |= TPM_TIS_ITPM_WORKAROUND;
650 
651 	rc = tpm_tis_send_data(chip, cmd_getticks, len);
652 	if (rc == 0)
653 		dev_info(&chip->dev, "Detected an iTPM.\n");
654 	else {
655 		priv->flags &= ~TPM_TIS_ITPM_WORKAROUND;
656 		rc = -EFAULT;
657 	}
658 
659 out:
660 	tpm_tis_ready(chip);
661 	release_locality(chip, priv->locality);
662 
663 	return rc;
664 }
665 
666 static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status)
667 {
668 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
669 
670 	switch (priv->manufacturer_id) {
671 	case TPM_VID_WINBOND:
672 		return ((status == TPM_STS_VALID) ||
673 			(status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)));
674 	case TPM_VID_STM:
675 		return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY));
676 	default:
677 		return (status == TPM_STS_COMMAND_READY);
678 	}
679 }
680 
681 static irqreturn_t tis_int_handler(int dummy, void *dev_id)
682 {
683 	struct tpm_chip *chip = dev_id;
684 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
685 	u32 interrupt;
686 	int i, rc;
687 
688 	rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
689 	if (rc < 0)
690 		return IRQ_NONE;
691 
692 	if (interrupt == 0)
693 		return IRQ_NONE;
694 
695 	priv->irq_tested = true;
696 	if (interrupt & TPM_INTF_DATA_AVAIL_INT)
697 		wake_up_interruptible(&priv->read_queue);
698 	if (interrupt & TPM_INTF_LOCALITY_CHANGE_INT)
699 		for (i = 0; i < 5; i++)
700 			if (check_locality(chip, i))
701 				break;
702 	if (interrupt &
703 	    (TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_STS_VALID_INT |
704 	     TPM_INTF_CMD_READY_INT))
705 		wake_up_interruptible(&priv->int_queue);
706 
707 	/* Clear interrupts handled with TPM_EOI */
708 	rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), interrupt);
709 	if (rc < 0)
710 		return IRQ_NONE;
711 
712 	tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &interrupt);
713 	return IRQ_HANDLED;
714 }
715 
716 static int tpm_tis_gen_interrupt(struct tpm_chip *chip)
717 {
718 	const char *desc = "attempting to generate an interrupt";
719 	u32 cap2;
720 	cap_t cap;
721 	int ret;
722 
723 	ret = request_locality(chip, 0);
724 	if (ret < 0)
725 		return ret;
726 
727 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
728 		ret = tpm2_get_tpm_pt(chip, 0x100, &cap2, desc);
729 	else
730 		ret = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 0);
731 
732 	release_locality(chip, 0);
733 
734 	return ret;
735 }
736 
737 /* Register the IRQ and issue a command that will cause an interrupt. If an
738  * irq is seen then leave the chip setup for IRQ operation, otherwise reverse
739  * everything and leave in polling mode. Returns 0 on success.
740  */
741 static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
742 				    int flags, int irq)
743 {
744 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
745 	u8 original_int_vec;
746 	int rc;
747 	u32 int_status;
748 
749 	if (devm_request_irq(chip->dev.parent, irq, tis_int_handler, flags,
750 			     dev_name(&chip->dev), chip) != 0) {
751 		dev_info(&chip->dev, "Unable to request irq: %d for probe\n",
752 			 irq);
753 		return -1;
754 	}
755 	priv->irq = irq;
756 
757 	rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
758 			   &original_int_vec);
759 	if (rc < 0)
760 		return rc;
761 
762 	rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), irq);
763 	if (rc < 0)
764 		return rc;
765 
766 	rc = tpm_tis_read32(priv, TPM_INT_STATUS(priv->locality), &int_status);
767 	if (rc < 0)
768 		return rc;
769 
770 	/* Clear all existing */
771 	rc = tpm_tis_write32(priv, TPM_INT_STATUS(priv->locality), int_status);
772 	if (rc < 0)
773 		return rc;
774 
775 	/* Turn on */
776 	rc = tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality),
777 			     intmask | TPM_GLOBAL_INT_ENABLE);
778 	if (rc < 0)
779 		return rc;
780 
781 	priv->irq_tested = false;
782 
783 	/* Generate an interrupt by having the core call through to
784 	 * tpm_tis_send
785 	 */
786 	rc = tpm_tis_gen_interrupt(chip);
787 	if (rc < 0)
788 		return rc;
789 
790 	/* tpm_tis_send will either confirm the interrupt is working or it
791 	 * will call disable_irq which undoes all of the above.
792 	 */
793 	if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
794 		rc = tpm_tis_write8(priv, original_int_vec,
795 				TPM_INT_VECTOR(priv->locality));
796 		if (rc < 0)
797 			return rc;
798 
799 		return 1;
800 	}
801 
802 	return 0;
803 }
804 
805 /* Try to find the IRQ the TPM is using. This is for legacy x86 systems that
806  * do not have ACPI/etc. We typically expect the interrupt to be declared if
807  * present.
808  */
809 static void tpm_tis_probe_irq(struct tpm_chip *chip, u32 intmask)
810 {
811 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
812 	u8 original_int_vec;
813 	int i, rc;
814 
815 	rc = tpm_tis_read8(priv, TPM_INT_VECTOR(priv->locality),
816 			   &original_int_vec);
817 	if (rc < 0)
818 		return;
819 
820 	if (!original_int_vec) {
821 		if (IS_ENABLED(CONFIG_X86))
822 			for (i = 3; i <= 15; i++)
823 				if (!tpm_tis_probe_irq_single(chip, intmask, 0,
824 							      i))
825 					return;
826 	} else if (!tpm_tis_probe_irq_single(chip, intmask, 0,
827 					     original_int_vec))
828 		return;
829 }
830 
831 void tpm_tis_remove(struct tpm_chip *chip)
832 {
833 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
834 	u32 reg = TPM_INT_ENABLE(priv->locality);
835 	u32 interrupt;
836 	int rc;
837 
838 	tpm_tis_clkrun_enable(chip, true);
839 
840 	rc = tpm_tis_read32(priv, reg, &interrupt);
841 	if (rc < 0)
842 		interrupt = 0;
843 
844 	tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
845 
846 	tpm_tis_clkrun_enable(chip, false);
847 
848 	if (priv->ilb_base_addr)
849 		iounmap(priv->ilb_base_addr);
850 }
851 EXPORT_SYMBOL_GPL(tpm_tis_remove);
852 
853 /**
854  * tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
855  *                           of a single TPM command
856  * @chip:	TPM chip to use
857  * @value:	1 - Disable CLKRUN protocol, so that clocks are free running
858  *		0 - Enable CLKRUN protocol
859  * Call this function directly in tpm_tis_remove() in error or driver removal
860  * path, since the chip->ops is set to NULL in tpm_chip_unregister().
861  */
862 static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
863 {
864 	struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
865 	u32 clkrun_val;
866 
867 	if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
868 	    !data->ilb_base_addr)
869 		return;
870 
871 	if (value) {
872 		data->clkrun_enabled++;
873 		if (data->clkrun_enabled > 1)
874 			return;
875 		clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
876 
877 		/* Disable LPC CLKRUN# */
878 		clkrun_val &= ~LPC_CLKRUN_EN;
879 		iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
880 
881 		/*
882 		 * Write any random value on port 0x80 which is on LPC, to make
883 		 * sure LPC clock is running before sending any TPM command.
884 		 */
885 		outb(0xCC, 0x80);
886 	} else {
887 		data->clkrun_enabled--;
888 		if (data->clkrun_enabled)
889 			return;
890 
891 		clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
892 
893 		/* Enable LPC CLKRUN# */
894 		clkrun_val |= LPC_CLKRUN_EN;
895 		iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
896 
897 		/*
898 		 * Write any random value on port 0x80 which is on LPC, to make
899 		 * sure LPC clock is running before sending any TPM command.
900 		 */
901 		outb(0xCC, 0x80);
902 	}
903 }
904 
905 static const struct tpm_class_ops tpm_tis = {
906 	.flags = TPM_OPS_AUTO_STARTUP,
907 	.status = tpm_tis_status,
908 	.recv = tpm_tis_recv,
909 	.send = tpm_tis_send,
910 	.cancel = tpm_tis_ready,
911 	.update_timeouts = tpm_tis_update_timeouts,
912 	.update_durations = tpm_tis_update_durations,
913 	.req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
914 	.req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
915 	.req_canceled = tpm_tis_req_canceled,
916 	.request_locality = request_locality,
917 	.relinquish_locality = release_locality,
918 	.clk_enable = tpm_tis_clkrun_enable,
919 };
920 
921 int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
922 		      const struct tpm_tis_phy_ops *phy_ops,
923 		      acpi_handle acpi_dev_handle)
924 {
925 	u32 vendor;
926 	u32 intfcaps;
927 	u32 intmask;
928 	u32 clkrun_val;
929 	u8 rid;
930 	int rc, probe;
931 	struct tpm_chip *chip;
932 
933 	chip = tpmm_chip_alloc(dev, &tpm_tis);
934 	if (IS_ERR(chip))
935 		return PTR_ERR(chip);
936 
937 #ifdef CONFIG_ACPI
938 	chip->acpi_dev_handle = acpi_dev_handle;
939 #endif
940 
941 	chip->hwrng.quality = priv->rng_quality;
942 
943 	/* Maximum timeouts */
944 	chip->timeout_a = msecs_to_jiffies(TIS_TIMEOUT_A_MAX);
945 	chip->timeout_b = msecs_to_jiffies(TIS_TIMEOUT_B_MAX);
946 	chip->timeout_c = msecs_to_jiffies(TIS_TIMEOUT_C_MAX);
947 	chip->timeout_d = msecs_to_jiffies(TIS_TIMEOUT_D_MAX);
948 	priv->phy_ops = phy_ops;
949 	dev_set_drvdata(&chip->dev, priv);
950 
951 	if (is_bsw()) {
952 		priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
953 					ILB_REMAP_SIZE);
954 		if (!priv->ilb_base_addr)
955 			return -ENOMEM;
956 
957 		clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
958 		/* Check if CLKRUN# is already not enabled in the LPC bus */
959 		if (!(clkrun_val & LPC_CLKRUN_EN)) {
960 			iounmap(priv->ilb_base_addr);
961 			priv->ilb_base_addr = NULL;
962 		}
963 	}
964 
965 	if (chip->ops->clk_enable != NULL)
966 		chip->ops->clk_enable(chip, true);
967 
968 	if (wait_startup(chip, 0) != 0) {
969 		rc = -ENODEV;
970 		goto out_err;
971 	}
972 
973 	/* Take control of the TPM's interrupt hardware and shut it off */
974 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
975 	if (rc < 0)
976 		goto out_err;
977 
978 	intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
979 		   TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
980 	intmask &= ~TPM_GLOBAL_INT_ENABLE;
981 	tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
982 
983 	rc = tpm_chip_start(chip);
984 	if (rc)
985 		goto out_err;
986 	rc = tpm2_probe(chip);
987 	tpm_chip_stop(chip);
988 	if (rc)
989 		goto out_err;
990 
991 	rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
992 	if (rc < 0)
993 		goto out_err;
994 
995 	priv->manufacturer_id = vendor;
996 
997 	rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
998 	if (rc < 0)
999 		goto out_err;
1000 
1001 	dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
1002 		 (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
1003 		 vendor >> 16, rid);
1004 
1005 	probe = probe_itpm(chip);
1006 	if (probe < 0) {
1007 		rc = -ENODEV;
1008 		goto out_err;
1009 	}
1010 
1011 	/* Figure out the capabilities */
1012 	rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
1013 	if (rc < 0)
1014 		goto out_err;
1015 
1016 	dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
1017 		intfcaps);
1018 	if (intfcaps & TPM_INTF_BURST_COUNT_STATIC)
1019 		dev_dbg(dev, "\tBurst Count Static\n");
1020 	if (intfcaps & TPM_INTF_CMD_READY_INT)
1021 		dev_dbg(dev, "\tCommand Ready Int Support\n");
1022 	if (intfcaps & TPM_INTF_INT_EDGE_FALLING)
1023 		dev_dbg(dev, "\tInterrupt Edge Falling\n");
1024 	if (intfcaps & TPM_INTF_INT_EDGE_RISING)
1025 		dev_dbg(dev, "\tInterrupt Edge Rising\n");
1026 	if (intfcaps & TPM_INTF_INT_LEVEL_LOW)
1027 		dev_dbg(dev, "\tInterrupt Level Low\n");
1028 	if (intfcaps & TPM_INTF_INT_LEVEL_HIGH)
1029 		dev_dbg(dev, "\tInterrupt Level High\n");
1030 	if (intfcaps & TPM_INTF_LOCALITY_CHANGE_INT)
1031 		dev_dbg(dev, "\tLocality Change Int Support\n");
1032 	if (intfcaps & TPM_INTF_STS_VALID_INT)
1033 		dev_dbg(dev, "\tSts Valid Int Support\n");
1034 	if (intfcaps & TPM_INTF_DATA_AVAIL_INT)
1035 		dev_dbg(dev, "\tData Avail Int Support\n");
1036 
1037 	/* INTERRUPT Setup */
1038 	init_waitqueue_head(&priv->read_queue);
1039 	init_waitqueue_head(&priv->int_queue);
1040 	if (irq != -1) {
1041 		/*
1042 		 * Before doing irq testing issue a command to the TPM in polling mode
1043 		 * to make sure it works. May as well use that command to set the
1044 		 * proper timeouts for the driver.
1045 		 */
1046 
1047 		rc = request_locality(chip, 0);
1048 		if (rc < 0)
1049 			goto out_err;
1050 
1051 		rc = tpm_get_timeouts(chip);
1052 
1053 		release_locality(chip, 0);
1054 
1055 		if (rc) {
1056 			dev_err(dev, "Could not get TPM timeouts and durations\n");
1057 			rc = -ENODEV;
1058 			goto out_err;
1059 		}
1060 
1061 		if (irq) {
1062 			tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
1063 						 irq);
1064 			if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
1065 				dev_err(&chip->dev, FW_BUG
1066 					"TPM interrupt not working, polling instead\n");
1067 
1068 				disable_interrupts(chip);
1069 			}
1070 		} else {
1071 			tpm_tis_probe_irq(chip, intmask);
1072 		}
1073 	}
1074 
1075 	rc = tpm_chip_register(chip);
1076 	if (rc)
1077 		goto out_err;
1078 
1079 	if (chip->ops->clk_enable != NULL)
1080 		chip->ops->clk_enable(chip, false);
1081 
1082 	return 0;
1083 out_err:
1084 	if (chip->ops->clk_enable != NULL)
1085 		chip->ops->clk_enable(chip, false);
1086 
1087 	tpm_tis_remove(chip);
1088 
1089 	return rc;
1090 }
1091 EXPORT_SYMBOL_GPL(tpm_tis_core_init);
1092 
1093 #ifdef CONFIG_PM_SLEEP
1094 static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
1095 {
1096 	struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev);
1097 	u32 intmask;
1098 	int rc;
1099 
1100 	if (chip->ops->clk_enable != NULL)
1101 		chip->ops->clk_enable(chip, true);
1102 
1103 	/* reenable interrupts that device may have lost or
1104 	 * BIOS/firmware may have disabled
1105 	 */
1106 	rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
1107 	if (rc < 0)
1108 		goto out;
1109 
1110 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
1111 	if (rc < 0)
1112 		goto out;
1113 
1114 	intmask |= TPM_INTF_CMD_READY_INT
1115 	    | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
1116 	    | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
1117 
1118 	tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
1119 
1120 out:
1121 	if (chip->ops->clk_enable != NULL)
1122 		chip->ops->clk_enable(chip, false);
1123 
1124 	return;
1125 }
1126 
1127 int tpm_tis_resume(struct device *dev)
1128 {
1129 	struct tpm_chip *chip = dev_get_drvdata(dev);
1130 	int ret;
1131 
1132 	if (chip->flags & TPM_CHIP_FLAG_IRQ)
1133 		tpm_tis_reenable_interrupts(chip);
1134 
1135 	ret = tpm_pm_resume(dev);
1136 	if (ret)
1137 		return ret;
1138 
1139 	/*
1140 	 * TPM 1.2 requires self-test on resume. This function actually returns
1141 	 * an error code but for unknown reason it isn't handled.
1142 	 */
1143 	if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
1144 		ret = request_locality(chip, 0);
1145 		if (ret < 0)
1146 			return ret;
1147 
1148 		tpm1_do_selftest(chip);
1149 
1150 		release_locality(chip, 0);
1151 	}
1152 
1153 	return 0;
1154 }
1155 EXPORT_SYMBOL_GPL(tpm_tis_resume);
1156 #endif
1157 
1158 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1159 MODULE_DESCRIPTION("TPM Driver");
1160 MODULE_VERSION("2.0");
1161 MODULE_LICENSE("GPL");
1162