1 // SPDX-License-Identifier: GPL-2.0
3 * Cr50 / H1 TPM support
5 * Copyright 2018 Google LLC
8 #define LOG_CATEGORY UCLASS_TPM
19 #include <asm/arch/iomap.h>
20 #include <asm/arch/pm.h>
21 #include <linux/delay.h>
24 TIMEOUT_INIT_MS = 30000, /* Very long timeout for TPM init */
25 TIMEOUT_LONG_US = 2 * 1000 * 1000,
26 TIMEOUT_SHORT_US = 2 * 1000,
27 TIMEOUT_NO_IRQ_US = 20 * 1000,
28 TIMEOUT_IRQ_US = 100 * 1000,
32 CR50_DID_VID = 0x00281ae0L
36 CR50_MAX_BUF_SIZE = 63,
40 * struct cr50_priv - Private driver data
42 * @ready_gpio: GPIO to use to check if the TPM is ready
43 * @irq: IRQ to use check if the TPM is ready (has priority over @ready_gpio)
44 * @locality: Currenttly claimed locality (-1 if none)
45 * @vendor: vendor: Vendor ID for TPM
46 * @use_irq: true to use @irq, false to use @ready if available
49 struct gpio_desc ready_gpio;
56 /* Wait for interrupt to indicate TPM is ready */
57 static int cr50_i2c_wait_tpm_ready(struct udevice *dev)
59 struct cr50_priv *priv = dev_get_priv(dev);
63 if (!priv->use_irq && !dm_gpio_is_valid(&priv->ready_gpio)) {
64 /* Fixed delay if interrupt not supported */
65 udelay(TIMEOUT_NO_IRQ_US);
69 base = timer_get_us();
70 timeout = base + TIMEOUT_IRQ_US;
73 while (priv->use_irq ? !irq_read_and_clear(&priv->irq) :
74 !dm_gpio_get_value(&priv->ready_gpio)) {
76 if ((int)(timer_get_us() - timeout) >= 0) {
77 log_warning("Timeout\n");
78 /* Use this instead of the -ETIMEDOUT used by i2c */
82 log_debug("i=%d\n", i);
87 /* Clear pending interrupts */
88 static void cr50_i2c_clear_tpm_irq(struct udevice *dev)
90 struct cr50_priv *priv = dev_get_priv(dev);
93 irq_read_and_clear(&priv->irq);
97 * cr50_i2c_read() - read from TPM register
99 * @dev: TPM chip information
100 * @addr: register address to read from
101 * @buffer: provided by caller
102 * @len: number of bytes to read
104 * 1) send register address byte 'addr' to the TPM
105 * 2) wait for TPM to indicate it is ready
106 * 3) read 'len' bytes of TPM response into the provided 'buffer'
108 * Return 0 on success. -ve on error
110 static int cr50_i2c_read(struct udevice *dev, u8 addr, u8 *buffer,
115 /* Clear interrupt before starting transaction */
116 cr50_i2c_clear_tpm_irq(dev);
118 /* Send the register address byte to the TPM */
119 ret = dm_i2c_write(dev, 0, &addr, 1);
121 log_err("Address write failed (err=%d)\n", ret);
125 /* Wait for TPM to be ready with response data */
126 ret = cr50_i2c_wait_tpm_ready(dev);
130 /* Read response data frrom the TPM */
131 ret = dm_i2c_read(dev, 0, buffer, len);
133 log_err("Read response failed (err=%d)\n", ret);
141 * cr50_i2c_write() - write to TPM register
143 * @dev: TPM chip information
144 * @addr: register address to write to
145 * @buffer: data to write
146 * @len: number of bytes to write
148 * 1) prepend the provided address to the provided data
149 * 2) send the address+data to the TPM
150 * 3) wait for TPM to indicate it is done writing
152 * Returns -1 on error, 0 on success.
154 static int cr50_i2c_write(struct udevice *dev, u8 addr, const u8 *buffer,
160 if (len > CR50_MAX_BUF_SIZE) {
161 log_err("Length %zd is too large\n", len);
165 /* Prepend the 'register address' to the buffer */
167 memcpy(buf + 1, buffer, len);
169 /* Clear interrupt before starting transaction */
170 cr50_i2c_clear_tpm_irq(dev);
172 /* Send write request buffer with address */
173 ret = dm_i2c_write(dev, 0, buf, len + 1);
175 log_err("Error writing to TPM (err=%d)\n", ret);
179 /* Wait for TPM to be ready */
180 return cr50_i2c_wait_tpm_ready(dev);
183 static inline u8 tpm_access(u8 locality)
185 return 0x0 | (locality << 4);
188 static inline u8 tpm_sts(u8 locality)
190 return 0x1 | (locality << 4);
193 static inline u8 tpm_data_fifo(u8 locality)
195 return 0x5 | (locality << 4);
198 static inline u8 tpm_did_vid(u8 locality)
200 return 0x6 | (locality << 4);
203 static int release_locality(struct udevice *dev, int force)
205 struct cr50_priv *priv = dev_get_priv(dev);
206 u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_REQUEST_PENDING;
207 u8 addr = tpm_access(priv->locality);
211 ret = cr50_i2c_read(dev, addr, &buf, 1);
215 if (force || (buf & mask) == mask) {
216 buf = TPM_ACCESS_ACTIVE_LOCALITY;
217 cr50_i2c_write(dev, addr, &buf, 1);
225 /* cr50 requires all 4 bytes of status register to be read */
226 static int cr50_i2c_status(struct udevice *dev)
228 struct cr50_priv *priv = dev_get_priv(dev);
232 ret = cr50_i2c_read(dev, tpm_sts(priv->locality), buf, sizeof(buf));
234 log_warning("%s: Failed to read status\n", __func__);
241 /* cr50 requires all 4 bytes of status register to be written */
242 static int cr50_i2c_ready(struct udevice *dev)
244 struct cr50_priv *priv = dev_get_priv(dev);
245 u8 buf[4] = { TPM_STS_COMMAND_READY };
248 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), buf, sizeof(buf));
252 udelay(TIMEOUT_SHORT_US);
257 static int cr50_i2c_wait_burststs(struct udevice *dev, u8 mask,
258 size_t *burst, int *status)
260 struct cr50_priv *priv = dev_get_priv(dev);
265 * cr50 uses bytes 3:2 of status register for burst count and all 4
268 timeout = timer_get_us() + TIMEOUT_LONG_US;
269 while (timer_get_us() < timeout) {
270 if (cr50_i2c_read(dev, tpm_sts(priv->locality),
271 (u8 *)&buf, sizeof(buf)) < 0) {
272 udelay(TIMEOUT_SHORT_US);
276 *status = buf & 0xff;
277 *burst = le16_to_cpu((buf >> 8) & 0xffff);
279 if ((*status & mask) == mask &&
280 *burst > 0 && *burst <= CR50_MAX_BUF_SIZE)
283 udelay(TIMEOUT_SHORT_US);
286 log_warning("Timeout reading burst and status\n");
291 static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len)
293 struct cr50_priv *priv = dev_get_priv(dev);
294 size_t burstcnt, expected, current, len;
295 u8 addr = tpm_data_fifo(priv->locality);
296 u8 mask = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
301 log_debug("%s: len=%x\n", __func__, buf_len);
302 if (buf_len < TPM_HEADER_SIZE)
305 ret = cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status);
307 log_warning("First chunk not available\n");
311 /* Read first chunk of burstcnt bytes */
312 if (cr50_i2c_read(dev, addr, buf, burstcnt) < 0) {
313 log_warning("Read failed\n");
317 /* Determine expected data in the return buffer */
318 memcpy(&expected_buf, buf + TPM_CMD_COUNT_OFFSET, sizeof(expected_buf));
319 expected = be32_to_cpu(expected_buf);
320 if (expected > buf_len) {
321 log_warning("Too much data: %zu > %zu\n", expected, buf_len);
325 /* Now read the rest of the data */
327 while (current < expected) {
328 /* Read updated burst count and check status */
329 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0) {
330 log_warning("- burst failure1\n");
334 len = min(burstcnt, expected - current);
335 if (cr50_i2c_read(dev, addr, buf + current, len) != 0) {
336 log_warning("Read failed\n");
343 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt,
345 log_warning("- burst failure2\n");
348 if (status & TPM_STS_DATA_AVAIL) {
349 log_warning("Data still available\n");
356 /* Abort current transaction if still pending */
357 ret = cr50_i2c_status(dev);
360 if (ret & TPM_STS_COMMAND_READY) {
361 ret = cr50_i2c_ready(dev);
369 static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len)
371 struct cr50_priv *priv = dev_get_priv(dev);
374 size_t burstcnt, limit, sent = 0;
375 u8 tpm_go[4] = { TPM_STS_GO };
379 log_debug("%s: len=%x\n", __func__, len);
380 timeout = timer_get_us() + TIMEOUT_LONG_US;
382 ret = cr50_i2c_status(dev);
385 if (ret & TPM_STS_COMMAND_READY)
388 if (timer_get_us() > timeout)
391 ret = cr50_i2c_ready(dev);
397 u8 mask = TPM_STS_VALID;
399 /* Wait for data if this is not the first chunk */
401 mask |= TPM_STS_DATA_EXPECT;
403 if (cr50_i2c_wait_burststs(dev, mask, &burstcnt, &status) < 0)
407 * Use burstcnt - 1 to account for the address byte
408 * that is inserted by cr50_i2c_write()
410 limit = min(burstcnt - 1, len);
411 if (cr50_i2c_write(dev, tpm_data_fifo(priv->locality),
412 &buf[sent], limit) != 0) {
413 log_warning("Write failed\n");
421 /* Ensure TPM is not expecting more data */
422 if (cr50_i2c_wait_burststs(dev, TPM_STS_VALID, &burstcnt, &status) < 0)
424 if (status & TPM_STS_DATA_EXPECT) {
425 log_warning("Data still expected\n");
429 /* Start the TPM command */
430 ret = cr50_i2c_write(dev, tpm_sts(priv->locality), tpm_go,
433 log_warning("Start command failed\n");
440 /* Abort current transaction if still pending */
441 ret = cr50_i2c_status(dev);
443 if (ret < 0 || (ret & TPM_STS_COMMAND_READY)) {
444 ret = cr50_i2c_ready(dev);
453 * process_reset() - Wait for the Cr50 to reset
455 * Cr50 processes reset requests asynchronously and conceivably could be busy
456 * executing a long command and not reacting to the reset pulse for a while.
458 * This function will make sure that the AP does not proceed with boot until
459 * TPM finished reset processing.
462 * @return 0 if OK, -EPERM if locality could not be taken
464 static int process_reset(struct udevice *dev)
471 * Locality is released by TPM reset.
473 * If locality is taken at this point, this could be due to the fact
474 * that the TPM is performing a long operation and has not processed
475 * reset request yet. We'll wait up to CR50_TIMEOUT_INIT_MS and see if
476 * it releases locality when reset is processed.
478 start = get_timer(0);
480 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
483 ret = cr50_i2c_read(dev, tpm_access(loc),
484 &access, sizeof(access));
485 if (ret || ((access & mask) == mask)) {
487 * Don't bombard the chip with traffic; let it keep
488 * processing the command.
494 log_warning("TPM ready after %ld ms\n", get_timer(start));
497 } while (get_timer(start) < TIMEOUT_INIT_MS);
499 log_warning("TPM failed to reset after %ld ms, status: %#x\n",
500 get_timer(start), access);
506 * Locality could be already claimed (if this is a later U-Boot phase and the
507 * read-only U-Boot did not release it), or not yet claimed, if this is TPL or
508 * the older read-only U-Boot did release it.
510 static int claim_locality(struct udevice *dev, int loc)
512 const u8 mask = TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY;
513 struct cr50_priv *priv = dev_get_priv(dev);
517 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
519 return log_msg_ret("read1", ret);
521 if ((access & mask) == mask) {
522 log_warning("Locality already claimed\n");
526 access = TPM_ACCESS_REQUEST_USE;
527 ret = cr50_i2c_write(dev, tpm_access(loc), &access, sizeof(access));
529 return log_msg_ret("write", ret);
531 ret = cr50_i2c_read(dev, tpm_access(loc), &access, sizeof(access));
533 return log_msg_ret("read2", ret);
535 if ((access & mask) != mask) {
536 log_err("Failed to claim locality\n");
539 log_info("Claimed locality %d\n", loc);
540 priv->locality = loc;
545 static int cr50_i2c_get_desc(struct udevice *dev, char *buf, int size)
547 struct dm_i2c_chip *chip = dev_get_parent_platdata(dev);
548 struct cr50_priv *priv = dev_get_priv(dev);
550 return snprintf(buf, size, "cr50 TPM 2.0 (i2c %02x id %x) irq=%d",
551 chip->chip_addr, priv->vendor >> 16, priv->use_irq);
554 static int cr50_i2c_open(struct udevice *dev)
559 ret = process_reset(dev);
561 return log_msg_ret("reset", ret);
563 ret = claim_locality(dev, 0);
565 return log_msg_ret("claim", ret);
567 cr50_i2c_get_desc(dev, buf, sizeof(buf));
568 log_debug("%s\n", buf);
573 static int cr50_i2c_cleanup(struct udevice *dev)
575 struct cr50_priv *priv = dev_get_priv(dev);
577 printf("%s: cleanup %d\n", __func__, priv->locality);
578 if (priv->locality != -1)
579 release_locality(dev, 1);
586 SHORT_TIMEOUT_MS = 750,
587 LONG_TIMEOUT_MS = 2000,
590 static int cr50_i2c_ofdata_to_platdata(struct udevice *dev)
592 struct tpm_chip_priv *upriv = dev_get_uclass_priv(dev);
593 struct cr50_priv *priv = dev_get_priv(dev);
597 upriv->version = TPM_V2;
598 upriv->duration_ms[TPM_SHORT] = SHORT_TIMEOUT_MS;
599 upriv->duration_ms[TPM_MEDIUM] = LONG_TIMEOUT_MS;
600 upriv->duration_ms[TPM_LONG] = LONG_TIMEOUT_MS;
601 upriv->retry_time_ms = TPM_TIMEOUT_MS;
603 upriv->pcr_count = 32;
604 upriv->pcr_select_min = 2;
606 /* Optional GPIO to track when cr50 is ready */
607 ret = irq_get_by_index(dev, 0, &irq);
610 priv->use_irq = true;
612 ret = gpio_request_by_name(dev, "ready-gpios", 0,
613 &priv->ready_gpio, GPIOD_IS_IN);
615 log_warning("Cr50 does not have an ready GPIO/interrupt (err=%d)\n",
623 static int cr50_i2c_probe(struct udevice *dev)
625 struct cr50_priv *priv = dev_get_priv(dev);
630 * 150ms should be enough to synchronise with the TPM even under the
631 * worst nested-reset-request conditions. In the vast majority of cases
632 * there will be no wait at all.
634 start = get_timer(0);
635 while (get_timer(start) < 150) {
638 /* Exit once DID and VID verified */
639 ret = cr50_i2c_read(dev, tpm_did_vid(0), (u8 *)&vendor, 4);
640 if (!ret && vendor == CR50_DID_VID)
643 /* TPM might be resetting; let's retry in a bit */
646 if (vendor != CR50_DID_VID) {
647 log_debug("DID_VID %08x not recognised\n", vendor);
648 return log_msg_ret("vendor-id", -EXDEV);
650 priv->vendor = vendor;
656 static const struct tpm_ops cr50_i2c_ops = {
657 .open = cr50_i2c_open,
658 .get_desc = cr50_i2c_get_desc,
659 .send = cr50_i2c_send,
660 .recv = cr50_i2c_recv,
661 .cleanup = cr50_i2c_cleanup,
664 static const struct udevice_id cr50_i2c_ids[] = {
665 { .compatible = "google,cr50" },
669 U_BOOT_DRIVER(cr50_i2c) = {
672 .of_match = cr50_i2c_ids,
673 .ops = &cr50_i2c_ops,
674 .ofdata_to_platdata = cr50_i2c_ofdata_to_platdata,
675 .probe = cr50_i2c_probe,
676 .remove = cr50_i2c_cleanup,
677 .priv_auto_alloc_size = sizeof(struct cr50_priv),
678 .flags = DM_FLAG_OS_PREPARE,