/*
* Update a CAR_GLOBAL variable var, originally pointing to CAR region,
* with the address in migrated CAR region in DRAM.
*/
void *car_sync_var_ptr(void *var)
{
void ** mig_var = car_get_var_ptr(var);
void * _car_start = &_car_data_start;
void * _car_end = &_car_data_end;
/* Not moved or migrated yet. */
if (mig_var == var)
return mig_var;
/*
* Migrate the cbmem console pointer for FSP 1.0 platforms. Otherwise,
* keep console buffer in CAR until cbmemc_reinit() moves it.
*/
if (*mig_var == _preram_cbmem_console) {
if (IS_ENABLED(CONFIG_PLATFORM_USES_FSP1_0))
*mig_var += (char *)mig_var - (char *)var;
return mig_var;
}
/* It's already pointing outside car.global_data. */
if (*mig_var < _car_start || *mig_var > _car_end)
return mig_var;
/* Move the pointer by the same amount the variable storing it was
* moved by.
*/
*mig_var += (char *)mig_var - (char *)var;
return mig_var;
}
/*
* Update a CAR_GLOBAL variable var, originally pointing to CAR region,
* with the address in migrated CAR region in DRAM.
*/
void *car_sync_var_ptr(void *var)
{
void ** mig_var = car_get_var_ptr(var);
void * _car_start = &_car_data_start;
void * _car_end = &_car_data_end;
/* Not moved or migrated yet. */
if (mig_var == var)
return mig_var;
/* It's already pointing outside car.global_data. */
if (*mig_var < _car_start || *mig_var > _car_end)
return mig_var;
#if !IS_ENABLED(CONFIG_PLATFORM_USES_FSP)
/* Keep console buffer in CAR until cbmemc_reinit() moves it. */
if (*mig_var == _car_end)
return mig_var;
#endif
/* Move the pointer by the same amount the variable storing it was
* moved by.
*/
*mig_var += (char *)mig_var - (char *)var;
return mig_var;
}
/* Fill power state structure from ACPI PM registers */
struct chipset_power_state *fill_power_state(void)
{
uint16_t tcobase;
uint8_t *pmc;
struct chipset_power_state *ps = car_get_var_ptr(&power_state);
tcobase = pmc_tco_regs();
ps->pm1_sts = inw(ACPI_BASE_ADDRESS + PM1_STS);
ps->pm1_en = inw(ACPI_BASE_ADDRESS + PM1_EN);
ps->pm1_cnt = inl(ACPI_BASE_ADDRESS + PM1_CNT);
ps->tco1_sts = inw(tcobase + TCO1_STS);
ps->tco2_sts = inw(tcobase + TCO2_STS);
ps->gpe0_sts[0] = inl(ACPI_BASE_ADDRESS + GPE0_STS(0));
ps->gpe0_sts[1] = inl(ACPI_BASE_ADDRESS + GPE0_STS(1));
ps->gpe0_sts[2] = inl(ACPI_BASE_ADDRESS + GPE0_STS(2));
ps->gpe0_sts[3] = inl(ACPI_BASE_ADDRESS + GPE0_STS(3));
ps->gpe0_en[0] = inl(ACPI_BASE_ADDRESS + GPE0_EN(0));
ps->gpe0_en[1] = inl(ACPI_BASE_ADDRESS + GPE0_EN(1));
ps->gpe0_en[2] = inl(ACPI_BASE_ADDRESS + GPE0_EN(2));
ps->gpe0_en[3] = inl(ACPI_BASE_ADDRESS + GPE0_EN(3));
ps->gen_pmcon_a = pci_read_config32(PCH_DEV_PMC, GEN_PMCON_A);
ps->gen_pmcon_b = pci_read_config32(PCH_DEV_PMC, GEN_PMCON_B);
pmc = pmc_mmio_regs();
ps->gblrst_cause[0] = read32(pmc + GBLRST_CAUSE0);
ps->gblrst_cause[1] = read32(pmc + GBLRST_CAUSE1);
ps->prev_sleep_state = prev_sleep_state(ps);
dump_power_state(ps);
return ps;
}
/*
* cr50_i2c_write() - write to TPM register
*
* @chip: TPM chip information
* @addr: register address to write to
* @buffer: data to write
* @len: number of bytes to write
*
* 1) prepend the provided address to the provided data
* 2) send the address+data to the TPM
* 3) wait for TPM to indicate it is done writing
*
* Returns -1 on error, 0 on success.
*/
static int cr50_i2c_write(struct tpm_chip *chip,
uint8_t addr, uint8_t *buffer, size_t len)
{
struct tpm_inf_dev *tpm_dev = car_get_var_ptr(&g_tpm_dev);
if (tpm_dev->addr == 0)
return -1;
if (len > CR50_MAX_BUFSIZE)
return -1;
/* Prepend the 'register address' to the buffer */
tpm_dev->buf[0] = addr;
memcpy(tpm_dev->buf + 1, buffer, len);
/* Clear interrupt before starting transaction */
tis_plat_irq_status();
/* Send write request buffer with address */
if (i2c_write_raw(tpm_dev->bus, tpm_dev->addr, tpm_dev->buf, len + 1)) {
printk(BIOS_ERR, "%s: Error writing to TPM\n", __func__);
return -1;
}
/* Wait for TPM to be ready */
return cr50_i2c_wait_tpm_ready(chip);
}
static void *tpm_process_command(TPM_CC command, void *command_body)
{
ssize_t out_size;
size_t in_size;
/* Command/response buffer. */
static uint8_t cr_buffer[TPM_BUFFER_SIZE] CAR_GLOBAL;
uint8_t *cr_buffer_ptr = car_get_var_ptr(cr_buffer);
out_size = tpm_marshal_command(command, command_body,
cr_buffer_ptr, sizeof(cr_buffer));
if (out_size < 0) {
printk(BIOS_ERR, "command %#x, cr size %zd\n",
command, out_size);
return NULL;
}
in_size = sizeof(cr_buffer);
if (tis_sendrecv(cr_buffer_ptr, out_size,
cr_buffer_ptr, &in_size)) {
printk(BIOS_ERR, "tpm transaction failed\n");
return NULL;
}
return tpm_unmarshal_response(command, cr_buffer_ptr, in_size);
}
/*
* cr50_i2c_read() - read from TPM register
*
* @chip: TPM chip information
* @addr: register address to read from
* @buffer: provided by caller
* @len: number of bytes to read
*
* 1) send register address byte 'addr' to the TPM
* 2) wait for TPM to indicate it is ready
* 3) read 'len' bytes of TPM response into the provided 'buffer'
*
* Return -1 on error, 0 on success.
*/
static int cr50_i2c_read(struct tpm_chip *chip, uint8_t addr,
uint8_t *buffer, size_t len)
{
struct tpm_inf_dev *tpm_dev = car_get_var_ptr(&g_tpm_dev);
if (tpm_dev->addr == 0)
return -1;
/* Clear interrupt before starting transaction */
tis_plat_irq_status();
/* Send the register address byte to the TPM */
if (i2c_write_raw(tpm_dev->bus, tpm_dev->addr, &addr, 1)) {
printk(BIOS_ERR, "%s: Address write failed\n", __func__);
return -1;
}
/* Wait for TPM to be ready with response data */
if (cr50_i2c_wait_tpm_ready(chip) < 0)
return -1;
/* Read response data from the TPM */
if (i2c_read_raw(tpm_dev->bus, tpm_dev->addr, buffer, len)) {
printk(BIOS_ERR, "%s: Read response failed\n", __func__);
return -1;
}
return 0;
}
int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr)
{
struct tpm_inf_dev *tpm_dev = car_get_var_ptr(&g_tpm_dev);
uint32_t did_vid = 0;
if (dev_addr == 0) {
printk(BIOS_ERR, "%s: missing device address\n", __func__);
return -1;
}
tpm_dev->bus = bus;
tpm_dev->addr = dev_addr;
cr50_vendor_init(chip);
if (cr50_i2c_probe(chip, &did_vid))
return -1;
if (ENV_VERSTAGE || ENV_BOOTBLOCK)
if (process_reset(chip))
return -1;
if (claim_locality(chip))
return -1;
printk(BIOS_DEBUG, "cr50 TPM 2.0 (i2c %u:0x%02x id 0x%x)\n",
bus, dev_addr, did_vid >> 16);
chip->is_open = 1;
return 0;
}
struct chipset_power_state *fill_power_state(void)
{
struct chipset_power_state *ps = car_get_var_ptr(&power_state);
ps->prev_sleep_state = ACPI_S0;
printk(BIOS_DEBUG, "prev_sleep_state %d\n", ps->prev_sleep_state);
return ps;
}
const struct spi_flash *boot_device_spi_flash(void)
{
boot_device_rw_init();
if (car_get_var(sfg_init_done) != true)
return NULL;
return car_get_var_ptr(&sfg);
}
/*
* To write a register, start transaction, transfer data to the TPM, deassert
* CS when done.
*
* Returns one to indicate success, zero to indicate failure.
*/
static int tpm2_write_reg(unsigned reg_number, const void *buffer, size_t bytes)
{
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
trace_dump("W", reg_number, bytes, buffer, 0);
if (!start_transaction(false, bytes, reg_number))
return 0;
write_bytes(buffer, bytes);
spi_release_bus(spi_slave);
return 1;
}
int tis_close(void)
{
struct tpm_chip *chip = car_get_var_ptr(&g_chip);
if (chip->is_open) {
tpm_vendor_cleanup(chip);
chip->is_open = 0;
}
return 0;
}
/*
* Print out the contents of a buffer, if debug is enabled. Skip registers
* other than FIFO, unless debug_level_ is 2.
*/
static void trace_dump(const char *prefix, uint32_t reg,
size_t bytes, const uint8_t *buffer,
int force)
{
static char prev_prefix CAR_GLOBAL;
static unsigned prev_reg CAR_GLOBAL;
static int current_char CAR_GLOBAL;
const int BYTES_PER_LINE = 32;
int *current_char_ptr = car_get_var_ptr(¤t_char);
if (!force) {
if (!debug_level_)
return;
if ((debug_level_ < 2) && (reg != TPM_DATA_FIFO_REG))
return;
}
/*
* Do not print register address again if the last dump print was for
* that register.
*/
if ((car_get_var(prev_prefix) != *prefix) ||
(car_get_var(prev_reg) != reg)) {
car_set_var(prev_prefix, *prefix);
car_set_var(prev_reg, reg);
printk(BIOS_DEBUG, "\n%s %2.2x:", prefix, reg);
*current_char_ptr = 0;
}
if ((reg != TPM_DATA_FIFO_REG) && (bytes == 4)) {
/*
* This must be a regular register address, print the 32 bit
* value.
*/
printk(BIOS_DEBUG, " %8.8x", *(const uint32_t *)buffer);
} else {
int i;
/*
* Data read from or written to FIFO or not in 4 byte
* quantiites is printed byte at a time.
*/
for (i = 0; i < bytes; i++) {
if (*current_char_ptr &&
!(*current_char_ptr % BYTES_PER_LINE)) {
printk(BIOS_DEBUG, "\n ");
*current_char_ptr = 0;
}
(*current_char_ptr)++;
printk(BIOS_DEBUG, " %2.2x", buffer[i]);
}
}
}
/*
* To read a register, start transaction, transfer data from the TPM, deassert
* CS when done.
*
* Returns one to indicate success, zero to indicate failure. In case of
* failure zero out the user buffer.
*/
static int tpm2_read_reg(unsigned reg_number, void *buffer, size_t bytes)
{
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
if (!start_transaction(true, bytes, reg_number)) {
memset(buffer, 0, bytes);
return 0;
}
read_bytes(buffer, bytes);
spi_release_bus(spi_slave);
trace_dump("R", reg_number, bytes, buffer, 0);
return 1;
}
static ssize_t spi_writeat(const struct region_device *rd, const void *b,
size_t offset, size_t size)
{
struct spi_flash *sf = car_get_var_ptr(&sfg);
if (sf == NULL)
return -1;
if (spi_flash_write(sf, offset, size, b))
return -1;
return size;
}
static ssize_t spi_eraseat(const struct region_device *rd,
size_t offset, size_t size)
{
struct spi_flash *sf = car_get_var_ptr(&sfg);
if (sf == NULL)
return -1;
if (spi_flash_erase(sf, offset, size))
return -1;
return size;
}
static struct timestamp_cache *timestamp_cache_get(void)
{
struct timestamp_cache *ts_cache = NULL;
if (TIMESTAMP_CACHE_IN_BSS) {
ts_cache = ×tamp_cache;
} else if (USE_TIMESTAMP_REGION) {
if (_timestamp_size < sizeof(*ts_cache))
BUG();
ts_cache = car_get_var_ptr((void *)_timestamp);
}
return ts_cache;
}
static void migrate_power_state(int is_recovery)
{
struct chipset_power_state *ps_cbmem;
struct chipset_power_state *ps_car;
ps_car = car_get_var_ptr(&power_state);
ps_cbmem = cbmem_add(CBMEM_ID_POWER_STATE, sizeof(*ps_cbmem));
if (ps_cbmem == NULL) {
printk(BIOS_DEBUG, "Not adding power state to cbmem!\n");
return;
}
memcpy(ps_cbmem, ps_car, sizeof(*ps_cbmem));
}
static void boot_device_rw_init(void)
{
const int bus = CONFIG_BOOT_DEVICE_SPI_FLASH_BUS;
const int cs = 0;
if (car_get_var(sfg_init_done) == true)
return;
/* Ensure any necessary setup is performed by the drivers. */
spi_init();
if (!spi_flash_probe(bus, cs, car_get_var_ptr(&sfg)))
car_set_var(sfg_init_done, true);
}
struct spi_slave *spi_setup_slave(unsigned int bus, unsigned int cs)
{
BOILERPLATE_CREATE_CTX(ctx);
/* This is special hardware. We expect bus 0 and CS line 0 here. */
if ((bus != 0) || (cs != 0))
return NULL;
struct spi_slave *slave = car_get_var_ptr(&boot_spi);
slave->bus = bus;
slave->cs = cs;
slave->programmer_specific_probe = nuclear_flash_probe;
slave->force_programmer_specific = 1;
return slave;
}
int tis_open(void)
{
struct tpm_chip *chip = car_get_var_ptr(&g_chip);
int rc;
if (chip->is_open) {
printk(BIOS_DEBUG, "tis_open() called twice.\n");
return -1;
}
rc = tpm_vendor_init(chip, CONFIG_DRIVER_TPM_I2C_BUS,
CONFIG_DRIVER_TPM_I2C_ADDR);
if (rc < 0)
chip->is_open = 0;
if (rc)
return -1;
return 0;
}
void platform_fsp_memory_init_params_cb(struct FSPM_UPD *mupd)
{
const struct mrc_saved_data *mrc_cache;
struct FSPM_ARCH_UPD *arch_upd = &mupd->FspmArchUpd;
struct chipset_power_state *ps = car_get_var_ptr(&power_state);
int prev_sleep_state = chipset_prev_sleep_state(ps);
fill_console_params(mupd);
mainboard_memory_init_params(mupd);
/* Do NOT let FSP do any GPIO pad configuration */
mupd->FspmConfig.PreMemGpioTablePtr = (uintptr_t) NULL;
/* Reserve enough memory under TOLUD to save CBMEM header */
mupd->FspmArchUpd.BootLoaderTolumSize = cbmem_overhead_size();
/*
* FSPM_UPD passed here is populated with default values provided by
* the blob itself. We let FSPM use top of CAR region of the size it
* requests.
* TODO: add checks to avoid overlap/conflict of CAR usage.
*/
mupd->FspmArchUpd.StackBase = _car_region_end -
mupd->FspmArchUpd.StackSize;
arch_upd->BootMode = FSP_BOOT_WITH_FULL_CONFIGURATION;
if (IS_ENABLED(CONFIG_CACHE_MRC_SETTINGS)) {
if (!mrc_cache_get_current_with_version(&mrc_cache, 0)) {
/* MRC cache found */
arch_upd->NvsBufferPtr = (void *)mrc_cache->data;
arch_upd->BootMode =
prev_sleep_state == SLEEP_STATE_S3 ?
FSP_BOOT_ON_S3_RESUME:
FSP_BOOT_ASSUMING_NO_CONFIGURATION_CHANGES;
printk(BIOS_DEBUG, "MRC cache found, size %x bootmode:%d\n",
mrc_cache->size, arch_upd->BootMode);
} else
printk(BIOS_DEBUG, "MRC cache was not found\n");
}
}
static struct chipset_power_state *fill_power_state(void)
{
struct chipset_power_state *ps = car_get_var_ptr(&power_state);
ps->pm1_sts = inw(ACPI_BASE_ADDRESS + PM1_STS);
ps->pm1_en = inw(ACPI_BASE_ADDRESS + PM1_EN);
ps->pm1_cnt = inl(ACPI_BASE_ADDRESS + PM1_CNT);
ps->gpe0_sts = inl(ACPI_BASE_ADDRESS + GPE0_STS);
ps->gpe0_en = inl(ACPI_BASE_ADDRESS + GPE0_EN);
ps->tco_sts = inl(ACPI_BASE_ADDRESS + TCO_STS);
ps->prsts = read32((u32 *)(PMC_BASE_ADDRESS + PRSTS));
ps->gen_pmcon1 = read32((u32 *)(PMC_BASE_ADDRESS + GEN_PMCON1));
ps->gen_pmcon2 = read32((u32 *)(PMC_BASE_ADDRESS + GEN_PMCON2));
printk(BIOS_DEBUG, "pm1_sts: %04x pm1_en: %04x pm1_cnt: %08x\n",
ps->pm1_sts, ps->pm1_en, ps->pm1_cnt);
printk(BIOS_DEBUG, "gpe0_sts: %08x gpe0_en: %08x tco_sts: %08x\n",
ps->gpe0_sts, ps->gpe0_en, ps->tco_sts);
printk(BIOS_DEBUG, "prsts: %08x gen_pmcon1: %08x gen_pmcon2: %08x\n",
ps->prsts, ps->gen_pmcon1, ps->gen_pmcon2);
return ps;
}
/*
* We can't use FDOC and FDOD to read FLCOMP, as previous platforms did.
* For details see:
* Ch 31, SPI: p. 194
* The size of the flash component is always taken from density field in the
* SFDP table. FLCOMP.C0DEN is no longer used by the Flash Controller.
*/
static struct spi_flash *nuclear_flash_probe(struct spi_slave *spi)
{
BOILERPLATE_CREATE_CTX(ctx);
struct spi_flash *flash;
uint32_t flash_bits;
flash = car_get_var_ptr(&boot_flash);
/*
* bytes = (bits + 1) / 8;
* But we need to do the addition in a way which doesn't overflow for
* 4 Gbit devices (flash_bits == 0xffffffff).
*/
/* FIXME: Don't hardcode 0x04 ? */
flash_bits = read_spi_sfdp_param(ctx, 0x04);
flash->size = (flash_bits >> 3) + 1;
flash->spi = spi;
flash->name = "Apollolake hardware sequencer";
/* Can erase both 4 KiB and 64 KiB chunks. Declare the smaller size. */
flash->sector_size = 4 * KiB;
/*
* FIXME: Get erase+cmd, and status_cmd from SFDP.
*
* flash->erase_cmd = ???
* flash->status_cmd = ???
*/
flash->write = nuclear_spi_write;
flash->erase = nuclear_spi_erase;
flash->read = nuclear_spi_read;
flash->status = nuclear_spi_status;
return flash;
}
struct chipset_power_state *get_power_state(void)
{
return (struct chipset_power_state *)car_get_var_ptr(&power_state);
}
/*
* Once transaction is initiated and the TPM indicated that it is ready to go,
* write the actual bytes to the register.
*/
static void write_bytes(const void *buffer, size_t bytes)
{
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
spi_xfer(spi_slave, buffer, bytes, NULL, 0);
}
/*
* Once transaction is initiated and the TPM indicated that it is ready to go,
* read the actual bytes from the register.
*/
static void read_bytes(void *buffer, size_t bytes)
{
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
spi_xfer(spi_slave, NULL, 0, buffer, bytes);
}
size_t tpm2_process_command(const void *tpm2_command, size_t command_size,
void *tpm2_response, size_t max_response)
{
uint32_t status;
uint32_t expected_status_bits;
size_t payload_size;
size_t bytes_to_go;
const uint8_t *cmd_body = tpm2_command;
uint8_t *rsp_body = tpm2_response;
union fifo_transfer_buffer fifo_buffer;
const int HEADER_SIZE = 6;
struct tpm2_info *tpm_info = car_get_var_ptr(&g_tpm_info);
/* Do not try using an uninitialized TPM. */
if (!tpm_info->vendor_id)
return 0;
/* Skip the two byte tag, read the size field. */
payload_size = read_be32(cmd_body + 2);
/* Sanity check. */
if (payload_size != command_size) {
printk(BIOS_ERR,
"Command size mismatch: encoded %zd != requested %zd\n",
payload_size, command_size);
trace_dump("W", TPM_DATA_FIFO_REG, command_size, cmd_body, 1);
printk(BIOS_DEBUG, "\n");
return 0;
}
/* Let the TPM know that the command is coming. */
write_tpm_sts(TPM_STS_COMMAND_READY);
/*
* TPM commands and responses written to and read from the FIFO
* register (0x24) are datagrams of variable size, prepended by a 6
* byte header.
*
* The specification description of the state machine is a bit vague,
* but from experience it looks like there is no need to wait for the
* sts.expect bit to be set, at least with the 9670 and cr50 devices.
* Just write the command into FIFO, making sure not to exceed the
* burst count or the maximum PDU size, whatever is smaller.
*/
fifo_buffer.tx_buffer = cmd_body;
fifo_transfer(command_size, fifo_buffer, fifo_transmit);
/* Now tell the TPM it can start processing the command. */
write_tpm_sts(TPM_STS_GO);
/* Now wait for it to report that the response is ready. */
expected_status_bits = TPM_STS_VALID | TPM_STS_DATA_AVAIL;
if (!wait_for_status(expected_status_bits, expected_status_bits)) {
/*
* If timed out, which should never happen, let's at least
* print out the offending command.
*/
trace_dump("W", TPM_DATA_FIFO_REG, command_size, cmd_body, 1);
printk(BIOS_DEBUG, "\n");
return 0;
}
/*
* The response is ready, let's read it. First we read the FIFO
* payload header, to see how much data to expect. The response header
* size is fixed to six bytes, the total payload size is stored in
* network order in the last four bytes.
*/
tpm2_read_reg(TPM_DATA_FIFO_REG, rsp_body, HEADER_SIZE);
/* Find out the total payload size, skipping the two byte tag. */
payload_size = read_be32(rsp_body + 2);
if (payload_size > max_response) {
/*
* TODO(vbendeb): at least drain the FIFO here or somehow let
* the TPM know that the response can be dropped.
*/
printk(BIOS_ERR, " TPM response too long (%zd bytes)",
payload_size);
return 0;
}
/*
* Now let's read all but the last byte in the FIFO to make sure the
* status register is showing correct flow control bits: 'more data'
* until the last byte and then 'no more data' once the last byte is
* read.
*/
bytes_to_go = payload_size - 1 - HEADER_SIZE;
fifo_buffer.rx_buffer = rsp_body + HEADER_SIZE;
fifo_transfer(bytes_to_go, fifo_buffer, fifo_receive);
/* Verify that there is still data to read. */
read_tpm_sts(&status);
if ((status & expected_status_bits) != expected_status_bits) {
printk(BIOS_ERR, "unexpected intermediate status %#x\n",
status);
return 0;
}
/* Read the last byte of the PDU. */
tpm2_read_reg(TPM_DATA_FIFO_REG, rsp_body + payload_size - 1, 1);
/* Terminate the dump, if enabled. */
if (debug_level_)
printk(BIOS_DEBUG, "\n");
/* Verify that 'data available' is not asseretd any more. */
read_tpm_sts(&status);
if ((status & expected_status_bits) != TPM_STS_VALID) {
printk(BIOS_ERR, "unexpected final status %#x\n", status);
return 0;
}
/* Move the TPM back to idle state. */
write_tpm_sts(TPM_STS_COMMAND_READY);
return payload_size;
}
int tpm2_init(struct spi_slave *spi_if)
{
uint32_t did_vid, status;
uint8_t cmd;
int retries;
struct tpm2_info *tpm_info = car_get_var_ptr(&g_tpm_info);
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
memcpy(spi_slave, spi_if, sizeof(*spi_if));
/* clear any pending IRQs */
tis_plat_irq_status();
/*
* 150 ms should be enough to synchronize with the TPM even under the
* worst nested reset request conditions. In vast majority of cases
* there would be no wait at all.
*/
printk(BIOS_INFO, "Probing TPM: ");
for (retries = 15; retries > 0; retries--) {
int i;
/* In case of failure to read div_vid is set to zero. */
tpm2_read_reg(TPM_DID_VID_REG, &did_vid, sizeof(did_vid));
for (i = 0; i < ARRAY_SIZE(supported_did_vids); i++)
if (did_vid == supported_did_vids[i])
break; /* TPM is up and ready. */
if (i < ARRAY_SIZE(supported_did_vids))
break;
/* TPM might be resetting, let's retry in a bit. */
mdelay(10);
printk(BIOS_INFO, ".");
}
if (!retries) {
printk(BIOS_ERR, "\n%s: Failed to connect to the TPM\n",
__func__);
return -1;
}
printk(BIOS_INFO, " done!\n");
if (ENV_VERSTAGE || ENV_BOOTBLOCK)
/*
* Claim locality 0, do it only during the first
* initialization after reset.
*/
if (!tpm2_claim_locality())
return -1;
read_tpm_sts(&status);
if ((status & TPM_STS_FAMILY_MASK) != TPM_STS_FAMILY_TPM_2_0) {
printk(BIOS_ERR, "unexpected TPM family value, status: %#x\n",
status);
return -1;
}
/*
* Locality claimed, read the revision value and set up the tpm_info
* structure.
*/
tpm2_read_reg(TPM_RID_REG, &cmd, sizeof(cmd));
tpm_info->vendor_id = did_vid & 0xffff;
tpm_info->device_id = did_vid >> 16;
tpm_info->revision = cmd;
printk(BIOS_INFO, "Connected to device vid:did:rid of %4.4x:%4.4x:%2.2x\n",
tpm_info->vendor_id, tpm_info->device_id, tpm_info->revision);
/* Let's report device FW version if available. */
if (tpm_info->vendor_id == 0x1ae0) {
int chunk_count = 0;
size_t chunk_size;
/*
* let's read 50 bytes at a time; leave room for the trailing
* zero.
*/
char vstr[51];
chunk_size = sizeof(vstr) - 1;
printk(BIOS_INFO, "Firmware version: ");
/*
* Does not really matter what's written, this just makes sure
* the version is reported from the beginning.
*/
tpm2_write_reg(TPM_FW_VER, &chunk_size, 1);
/* Print it out in sizeof(vstr) - 1 byte chunks. */
vstr[chunk_size] = 0;
do {
tpm2_read_reg(TPM_FW_VER, vstr, chunk_size);
printk(BIOS_INFO, "%s", vstr);
/*
* While string is not over, and is no longer than 300
* characters.
*/
} while (vstr[chunk_size - 1] &&
(chunk_count++ < (300 / chunk_size)));
printk(BIOS_INFO, "\n");
}
return 0;
}
/* Initialize the UPD parameters for MemoryInit */
void soc_memory_init_params(struct romstage_params *params,
MEMORY_INIT_UPD *upd)
{
const struct device *dev;
const struct soc_intel_quark_config *config;
struct chipset_power_state *ps = car_get_var_ptr(&power_state);
char *rmu_file;
size_t rmu_file_len;
/* Locate the configuration data from devicetree.cb */
dev = dev_find_slot(0, LPC_DEV_FUNC);
if (!dev) {
printk(BIOS_ERR,
"Error! Device (PCI:0:%02x.%01x) not found, "
"soc_memory_init_params!\n", PCI_DEVICE_NUMBER_QNC_LPC,
PCI_FUNCTION_NUMBER_QNC_LPC);
return;
}
config = dev->chip_info;
/* Display the ROM shadow data */
hexdump((void *)0x000ffff0, 0x10);
/* Clear SMI and wake events */
if (ps->prev_sleep_state != ACPI_S3) {
printk(BIOS_SPEW, "Clearing SMI interrupts and wake events\n");
reg_script_run_on_dev(LPC_BDF, clear_smi_and_wake_events);
}
/* Locate the RMU data file in flash */
rmu_file = cbfs_boot_map_with_leak("rmu.bin", CBFS_TYPE_RAW,
&rmu_file_len);
if (!rmu_file)
die("Microcode file (rmu.bin) not found.");
/* Update the UPD data for MemoryInit */
printk(BIOS_DEBUG, "Updating UPD values for MemoryInit: 0x%p\n", upd);
upd->AddrMode = config->AddrMode;
upd->ChanMask = config->ChanMask;
upd->ChanWidth = config->ChanWidth;
upd->DramDensity = config->DramDensity;
upd->DramRonVal = config->DramRonVal;
upd->DramRttNomVal = config->DramRttNomVal;
upd->DramRttWrVal = config->DramRttWrVal;
upd->DramSpeed = config->DramSpeed;
upd->DramType = config->DramType;
upd->DramWidth = config->DramWidth;
upd->EccScrubBlkSize = config->EccScrubBlkSize;
upd->EccScrubInterval = config->EccScrubInterval;
upd->Flags = config->Flags;
upd->FspReservedMemoryLength = config->FspReservedMemoryLength;
upd->RankMask = config->RankMask;
upd->RmuBaseAddress = (uintptr_t)rmu_file;
upd->RmuLength = rmu_file_len;
upd->SerialPortBaseAddress = UART_BASE_ADDRESS;
upd->SmmTsegSize = IS_ENABLED(CONFIG_HAVE_SMI_HANDLER) ?
config->SmmTsegSize : 0;
upd->SocRdOdtVal = config->SocRdOdtVal;
upd->SocWrRonVal = config->SocWrRonVal;
upd->SocWrSlewRate = config->SocWrSlewRate;
upd->SrInt = config->SrInt;
upd->SrTemp = config->SrTemp;
upd->tCL = config->tCL;
upd->tFAW = config->tFAW;
upd->tRAS = config->tRAS;
upd->tRRD = config->tRRD;
upd->tWTR = config->tWTR;
}
/*
* Each TPM2 SPI transaction starts the same: CS is asserted, the 4 byte
* header is sent to the TPM, the master waits til TPM is ready to continue.
*
* Returns 1 on success, 0 on failure (TPM SPI flow control timeout.)
*/
static int start_transaction(int read_write, size_t bytes, unsigned addr)
{
spi_frame_header header;
uint8_t byte;
int i;
struct stopwatch sw;
static int tpm_sync_needed CAR_GLOBAL;
static struct stopwatch wake_up_sw CAR_GLOBAL;
struct spi_slave *spi_slave = car_get_var_ptr(&g_spi_slave);
/*
* First Cr50 access in each coreboot stage where TPM is used will be
* prepended by a wake up pulse on the CS line.
*/
int wakeup_needed = 1;
/* Wait for TPM to finish previous transaction if needed */
if (car_get_var(tpm_sync_needed)) {
tpm_sync();
/*
* During the first invocation of this function on each stage
* this if () clause code does not run (as tpm_sync_needed
* value is zero), during all following invocations the
* stopwatch below is guaranteed to be started.
*/
if (!stopwatch_expired(car_get_var_ptr(&wake_up_sw)))
wakeup_needed = 0;
} else {
car_set_var(tpm_sync_needed, 1);
}
if (wakeup_needed) {
/* Just in case Cr50 is asleep. */
spi_claim_bus(spi_slave);
udelay(1);
spi_release_bus(spi_slave);
udelay(100);
}
/*
* The Cr50 on H1 does not go to sleep for 1 second after any
* SPI slave activity, let's be conservative and limit the
* window to 900 ms.
*/
stopwatch_init_msecs_expire(car_get_var_ptr(&wake_up_sw), 900);
/*
* The first byte of the frame header encodes the transaction type
* (read or write) and transfer size (set to lentgh - 1), limited to
* 64 bytes.
*/
header.body[0] = (read_write ? 0x80 : 0) | 0x40 | (bytes - 1);
/* The rest of the frame header is the TPM register address. */
for (i = 0; i < 3; i++)
header.body[i + 1] = (addr >> (8 * (2 - i))) & 0xff;
/* CS assert wakes up the slave. */
spi_claim_bus(spi_slave);
/*
* The TCG TPM over SPI specification introduces the notion of SPI
* flow control (Section "6.4.5 Flow Control").
*
* Again, the slave (TPM device) expects each transaction to start
* with a 4 byte header trasmitted by master. The header indicates if
* the master needs to read or write a register, and the register
* address.
*
* If the slave needs to stall the transaction (for instance it is not
* ready to send the register value to the master), it sets the MOSI
* line to 0 during the last clock of the 4 byte header. In this case
* the master is supposed to start polling the SPI bus, one byte at
* time, until the last bit in the received byte (transferred during
* the last clock of the byte) is set to 1.
*
* Due to some SPI controllers' shortcomings (Rockchip comes to
* mind...) we trasmit the 4 byte header without checking the byte
* transmitted by the TPM during the transaction's last byte.
*
* We know that cr50 is guaranteed to set the flow control bit to 0
* during the header transfer, but real TPM2 might be fast enough not
* to require to stall the master, this would present an issue.
* crosbug.com/p/52132 has been opened to track this.
*/
spi_xfer(spi_slave, header.body, sizeof(header.body), NULL, 0);
/*
* Now poll the bus until TPM removes the stall bit. Give it up to 100
* ms to sort it out - it could be saving stuff in nvram at some
* point.
*/
stopwatch_init_msecs_expire(&sw, 100);
do {
if (stopwatch_expired(&sw)) {
printk(BIOS_ERR, "TPM flow control failure\n");
spi_release_bus(spi_slave);
return 0;
}
spi_xfer(spi_slave, NULL, 0, &byte, 1);
} while (!(byte & 1));
return 1;
}
