drivers/char/tpm/tpm_infineon.c

   1 /*
   2  * Description:
   3  * Device Driver for the Infineon Technologies
   4  * SLD 9630 TT 1.1 and SLB 9635 TT 1.2 Trusted Platform Module
   5  * Specifications at www.trustedcomputinggroup.org
   6  *
   7  * Copyright (C) 2005, Marcel Selhorst <selhorst@crypto.rub.de>
   8  * Sirrix AG - security technologies, http://www.sirrix.com and
   9  * Applied Data Security Group, Ruhr-University Bochum, Germany
  10  * Project-Homepage: http://www.prosec.rub.de/tpm
  11  *
  12  * This program is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License as
  14  * published by the Free Software Foundation, version 2 of the
  15  * License.
  16  */
  17
  18 #include <linux/pnp.h>
  19 #include "tpm.h"
  20
  21 /* Infineon specific definitions */
  22 /* maximum number of WTX-packages */
  23 #define TPM_MAX_WTX_PACKAGES    50
  24 /* msleep-Time for WTX-packages */
  25 #define TPM_WTX_MSLEEP_TIME     20
  26 /* msleep-Time --> Interval to check status register */
  27 #define TPM_MSLEEP_TIME         3
  28 /* gives number of max. msleep()-calls before throwing timeout */
  29 #define TPM_MAX_TRIES           5000
  30 #define TPM_INFINEON_DEV_VEN_VALUE      0x15D1
  31
  32 /* These values will be filled after PnP-call */
  33 static int TPM_INF_DATA;
  34 static int TPM_INF_ADDR;
  35 static int TPM_INF_BASE;
  36 static int TPM_INF_ADDR_LEN;
  37 static int TPM_INF_PORT_LEN;
  38
  39 /* TPM header definitions */
  40 enum infineon_tpm_header {
  41         TPM_VL_VER = 0x01,
  42         TPM_VL_CHANNEL_CONTROL = 0x07,
  43         TPM_VL_CHANNEL_PERSONALISATION = 0x0A,
  44         TPM_VL_CHANNEL_TPM = 0x0B,
  45         TPM_VL_CONTROL = 0x00,
  46         TPM_INF_NAK = 0x15,
  47         TPM_CTRL_WTX = 0x10,
  48         TPM_CTRL_WTX_ABORT = 0x18,
  49         TPM_CTRL_WTX_ABORT_ACK = 0x18,
  50         TPM_CTRL_ERROR = 0x20,
  51         TPM_CTRL_CHAININGACK = 0x40,
  52         TPM_CTRL_CHAINING = 0x80,
  53         TPM_CTRL_DATA = 0x04,
  54         TPM_CTRL_DATA_CHA = 0x84,
  55         TPM_CTRL_DATA_CHA_ACK = 0xC4
  56 };
  57
  58 enum infineon_tpm_register {
  59         WRFIFO = 0x00,
  60         RDFIFO = 0x01,
  61         STAT = 0x02,
  62         CMD = 0x03
  63 };
  64
  65 enum infineon_tpm_command_bits {
  66         CMD_DIS = 0x00,
  67         CMD_LP = 0x01,
  68         CMD_RES = 0x02,
  69         CMD_IRQC = 0x06
  70 };
  71
  72 enum infineon_tpm_status_bits {
  73         STAT_XFE = 0x00,
  74         STAT_LPA = 0x01,
  75         STAT_FOK = 0x02,
  76         STAT_TOK = 0x03,
  77         STAT_IRQA = 0x06,
  78         STAT_RDA = 0x07
  79 };
  80
  81 /* some outgoing values */
  82 enum infineon_tpm_values {
  83         CHIP_ID1 = 0x20,
  84         CHIP_ID2 = 0x21,
  85         TPM_DAR = 0x30,
  86         RESET_LP_IRQC_DISABLE = 0x41,
  87         ENABLE_REGISTER_PAIR = 0x55,
  88         IOLIMH = 0x60,
  89         IOLIML = 0x61,
  90         DISABLE_REGISTER_PAIR = 0xAA,
  91         IDVENL = 0xF1,
  92         IDVENH = 0xF2,
  93         IDPDL = 0xF3,
  94         IDPDH = 0xF4
  95 };
  96
  97 static int number_of_wtx;
  98
  99 static int empty_fifo(struct tpm_chip *chip, int clear_wrfifo)
 100 {
 101         int status;
 102         int check = 0;
 103         int i;
 104
 105         if (clear_wrfifo) {
 106                 for (i = 0; i < 4096; i++) {
 107                         status = inb(chip->vendor->base + WRFIFO);
 108                         if (status == 0xff) {
 109                                 if (check == 5)
 110                                         break;
 111                                 else
 112                                         check++;
 113                         }
 114                 }
 115         }
 116         /* Note: The values which are currently in the FIFO of the TPM
 117            are thrown away since there is no usage for them. Usually,
 118            this has nothing to say, since the TPM will give its answer
 119            immediately or will be aborted anyway, so the data here is
 120            usually garbage and useless.
 121            We have to clean this, because the next communication with
 122            the TPM would be rubbish, if there is still some old data
 123            in the Read FIFO.
 124          */
 125         i = 0;
 126         do {
 127                 status = inb(chip->vendor->base + RDFIFO);
 128                 status = inb(chip->vendor->base + STAT);
 129                 i++;
 130                 if (i == TPM_MAX_TRIES)
 131                         return -EIO;
 132         } while ((status & (1 << STAT_RDA)) != 0);
 133         return 0;
 134 }
 135
 136 static int wait(struct tpm_chip *chip, int wait_for_bit)
 137 {
 138         int status;
 139         int i;
 140         for (i = 0; i < TPM_MAX_TRIES; i++) {
 141                 status = inb(chip->vendor->base + STAT);
 142                 /* check the status-register if wait_for_bit is set */
 143                 if (status & 1 << wait_for_bit)
 144                         break;
 145                 msleep(TPM_MSLEEP_TIME);
 146         }
 147         if (i == TPM_MAX_TRIES) {       /* timeout occurs */
 148                 if (wait_for_bit == STAT_XFE)
 149                         dev_err(chip->dev, "Timeout in wait(STAT_XFE)\n");
 150                 if (wait_for_bit == STAT_RDA)
 151                         dev_err(chip->dev, "Timeout in wait(STAT_RDA)\n");
 152                 return -EIO;
 153         }
 154         return 0;
 155 };
 156
 157 static void wait_and_send(struct tpm_chip *chip, u8 sendbyte)
 158 {
 159         wait(chip, STAT_XFE);
 160         outb(sendbyte, chip->vendor->base + WRFIFO);
 161 }
 162
 163     /* Note: WTX means Waiting-Time-Extension. Whenever the TPM needs more
 164        calculation time, it sends a WTX-package, which has to be acknowledged
 165        or aborted. This usually occurs if you are hammering the TPM with key
 166        creation. Set the maximum number of WTX-packages in the definitions
 167        above, if the number is reached, the waiting-time will be denied
 168        and the TPM command has to be resend.
 169      */
 170
 171 static void tpm_wtx(struct tpm_chip *chip)
 172 {
 173         number_of_wtx++;
 174         dev_info(chip->dev, "Granting WTX (%02d / %02d)\n",
 175                  number_of_wtx, TPM_MAX_WTX_PACKAGES);
 176         wait_and_send(chip, TPM_VL_VER);
 177         wait_and_send(chip, TPM_CTRL_WTX);
 178         wait_and_send(chip, 0x00);
 179         wait_and_send(chip, 0x00);
 180         msleep(TPM_WTX_MSLEEP_TIME);
 181 }
 182
 183 static void tpm_wtx_abort(struct tpm_chip *chip)
 184 {
 185         dev_info(chip->dev, "Aborting WTX\n");
 186         wait_and_send(chip, TPM_VL_VER);
 187         wait_and_send(chip, TPM_CTRL_WTX_ABORT);
 188         wait_and_send(chip, 0x00);
 189         wait_and_send(chip, 0x00);
 190         number_of_wtx = 0;
 191         msleep(TPM_WTX_MSLEEP_TIME);
 192 }
 193
 194 static int tpm_inf_recv(struct tpm_chip *chip, u8 * buf, size_t count)
 195 {
 196         int i;
 197         int ret;
 198         u32 size = 0;
 199         number_of_wtx = 0;
 200
 201 recv_begin:
 202         /* start receiving header */
 203         for (i = 0; i < 4; i++) {
 204                 ret = wait(chip, STAT_RDA);
 205                 if (ret)
 206                         return -EIO;
 207                 buf[i] = inb(chip->vendor->base + RDFIFO);
 208         }
 209
 210         if (buf[0] != TPM_VL_VER) {
 211                 dev_err(chip->dev,
 212                         "Wrong transport protocol implementation!\n");
 213                 return -EIO;
 214         }
 215
 216         if (buf[1] == TPM_CTRL_DATA) {
 217                 /* size of the data received */
 218                 size = ((buf[2] << 8) | buf[3]);
 219
 220                 for (i = 0; i < size; i++) {
 221                         wait(chip, STAT_RDA);
 222                         buf[i] = inb(chip->vendor->base + RDFIFO);
 223                 }
 224
 225                 if ((size == 0x6D00) && (buf[1] == 0x80)) {
 226                         dev_err(chip->dev, "Error handling on vendor layer!\n");
 227                         return -EIO;
 228                 }
 229
 230                 for (i = 0; i < size; i++)
 231                         buf[i] = buf[i + 6];
 232
 233                 size = size - 6;
 234                 return size;
 235         }
 236
 237         if (buf[1] == TPM_CTRL_WTX) {
 238                 dev_info(chip->dev, "WTX-package received\n");
 239                 if (number_of_wtx < TPM_MAX_WTX_PACKAGES) {
 240                         tpm_wtx(chip);
 241                         goto recv_begin;
 242                 } else {
 243                         tpm_wtx_abort(chip);
 244                         goto recv_begin;
 245                 }
 246         }
 247
 248         if (buf[1] == TPM_CTRL_WTX_ABORT_ACK) {
 249                 dev_info(chip->dev, "WTX-abort acknowledged\n");
 250                 return size;
 251         }
 252
 253         if (buf[1] == TPM_CTRL_ERROR) {
 254                 dev_err(chip->dev, "ERROR-package received:\n");
 255                 if (buf[4] == TPM_INF_NAK)
 256                         dev_err(chip->dev,
 257                                 "-> Negative acknowledgement"
 258                                 " - retransmit command!\n");
 259                 return -EIO;
 260         }
 261         return -EIO;
 262 }
 263
 264 static int tpm_inf_send(struct tpm_chip *chip, u8 * buf, size_t count)
 265 {
 266         int i;
 267         int ret;
 268         u8 count_high, count_low, count_4, count_3, count_2, count_1;
 269
 270         /* Disabling Reset, LP and IRQC */
 271         outb(RESET_LP_IRQC_DISABLE, chip->vendor->base + CMD);
 272
 273         ret = empty_fifo(chip, 1);
 274         if (ret) {
 275                 dev_err(chip->dev, "Timeout while clearing FIFO\n");
 276                 return -EIO;
 277         }
 278
 279         ret = wait(chip, STAT_XFE);
 280         if (ret)
 281                 return -EIO;
 282
 283         count_4 = (count & 0xff000000) >> 24;
 284         count_3 = (count & 0x00ff0000) >> 16;
 285         count_2 = (count & 0x0000ff00) >> 8;
 286         count_1 = (count & 0x000000ff);
 287         count_high = ((count + 6) & 0xffffff00) >> 8;
 288         count_low = ((count + 6) & 0x000000ff);
 289
 290         /* Sending Header */
 291         wait_and_send(chip, TPM_VL_VER);
 292         wait_and_send(chip, TPM_CTRL_DATA);
 293         wait_and_send(chip, count_high);
 294         wait_and_send(chip, count_low);
 295
 296         /* Sending Data Header */
 297         wait_and_send(chip, TPM_VL_VER);
 298         wait_and_send(chip, TPM_VL_CHANNEL_TPM);
 299         wait_and_send(chip, count_4);
 300         wait_and_send(chip, count_3);
 301         wait_and_send(chip, count_2);
 302         wait_and_send(chip, count_1);
 303
 304         /* Sending Data */
 305         for (i = 0; i < count; i++) {
 306                 wait_and_send(chip, buf[i]);
 307         }
 308         return count;
 309 }
 310
 311 static void tpm_inf_cancel(struct tpm_chip *chip)
 312 {
 313         /*
 314            Since we are using the legacy mode to communicate
 315            with the TPM, we have no cancel functions, but have
 316            a workaround for interrupting the TPM through WTX.
 317          */
 318 }
 319
 320 static u8 tpm_inf_status(struct tpm_chip *chip)
 321 {
 322         return inb(chip->vendor->base + STAT);
 323 }
 324
 325 static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
 326 static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
 327 static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
 328 static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
 329
 330 static struct attribute *inf_attrs[] = {
 331         &dev_attr_pubek.attr,
 332         &dev_attr_pcrs.attr,
 333         &dev_attr_caps.attr,
 334         &dev_attr_cancel.attr,
 335         NULL,
 336 };
 337
 338 static struct attribute_group inf_attr_grp = {.attrs = inf_attrs };
 339
 340 static struct file_operations inf_ops = {
 341         .owner = THIS_MODULE,
 342         .llseek = no_llseek,
 343         .open = tpm_open,
 344         .read = tpm_read,
 345         .write = tpm_write,
 346         .release = tpm_release,
 347 };
 348
 349 static struct tpm_vendor_specific tpm_inf = {
 350         .recv = tpm_inf_recv,
 351         .send = tpm_inf_send,
 352         .cancel = tpm_inf_cancel,
 353         .status = tpm_inf_status,
 354         .req_complete_mask = 0,
 355         .req_complete_val = 0,
 356         .attr_group = &inf_attr_grp,
 357         .miscdev = {.fops = &inf_ops,},
 358 };
 359
 360 static const struct pnp_device_id tpm_pnp_tbl[] = {
 361         /* Infineon TPMs */
 362         {"IFX0101", 0},
 363         {"IFX0102", 0},
 364         {"", 0}
 365 };
 366
 367 MODULE_DEVICE_TABLE(pnp, tpm_pnp_tbl);
 368
 369 static int __devinit tpm_inf_pnp_probe(struct pnp_dev *dev,
 370                                        const struct pnp_device_id *dev_id)
 371 {
 372         int rc = 0;
 373         u8 iol, ioh;
 374         int vendorid[2];
 375         int version[2];
 376         int productid[2];
 377         char chipname[20];
 378
 379         /* read IO-ports through PnP */
 380         if (pnp_port_valid(dev, 0) && pnp_port_valid(dev, 1) &&
 381             !(pnp_port_flags(dev, 0) & IORESOURCE_DISABLED)) {
 382                 TPM_INF_ADDR = pnp_port_start(dev, 0);
 383                 TPM_INF_ADDR_LEN = pnp_port_len(dev, 0);
 384                 TPM_INF_DATA = (TPM_INF_ADDR + 1);
 385                 TPM_INF_BASE = pnp_port_start(dev, 1);
 386                 TPM_INF_PORT_LEN = pnp_port_len(dev, 1);
 387                 if ((TPM_INF_PORT_LEN < 4) || (TPM_INF_ADDR_LEN < 2)) {
 388                         rc = -EINVAL;
 389                         goto err_last;
 390                 }
 391                 dev_info(&dev->dev, "Found %s with ID %s\n",
 392                          dev->name, dev_id->id);
 393                 if (!((TPM_INF_BASE >> 8) & 0xff)) {
 394                         rc = -EINVAL;
 395                         goto err_last;
 396                 }
 397                 /* publish my base address and request region */
 398                 tpm_inf.base = TPM_INF_BASE;
 399                 if (request_region
 400                     (tpm_inf.base, TPM_INF_PORT_LEN, "tpm_infineon0") == NULL) {
 401                         rc = -EINVAL;
 402                         goto err_last;
 403                 }
 404                 if (request_region(TPM_INF_ADDR, TPM_INF_ADDR_LEN,
 405                                 "tpm_infineon0") == NULL) {
 406                         rc = -EINVAL;
 407                         goto err_last;
 408                 }
 409         } else {
 410                 rc = -EINVAL;
 411                 goto err_last;
 412         }
 413
 414         /* query chip for its vendor, its version number a.s.o. */
 415         outb(ENABLE_REGISTER_PAIR, TPM_INF_ADDR);
 416         outb(IDVENL, TPM_INF_ADDR);
 417         vendorid[1] = inb(TPM_INF_DATA);
 418         outb(IDVENH, TPM_INF_ADDR);
 419         vendorid[0] = inb(TPM_INF_DATA);
 420         outb(IDPDL, TPM_INF_ADDR);
 421         productid[1] = inb(TPM_INF_DATA);
 422         outb(IDPDH, TPM_INF_ADDR);
 423         productid[0] = inb(TPM_INF_DATA);
 424         outb(CHIP_ID1, TPM_INF_ADDR);
 425         version[1] = inb(TPM_INF_DATA);
 426         outb(CHIP_ID2, TPM_INF_ADDR);
 427         version[0] = inb(TPM_INF_DATA);
 428
 429         switch ((productid[0] << 8) | productid[1]) {
 430         case 6:
 431                 snprintf(chipname, sizeof(chipname), " (SLD 9630 TT 1.1)");
 432                 break;
 433         case 11:
 434                 snprintf(chipname, sizeof(chipname), " (SLB 9635 TT 1.2)");
 435                 break;
 436         default:
 437                 snprintf(chipname, sizeof(chipname), " (unknown chip)");
 438                 break;
 439         }
 440
 441         if ((vendorid[0] << 8 | vendorid[1]) == (TPM_INFINEON_DEV_VEN_VALUE)) {
 442
 443                 /* configure TPM with IO-ports */
 444                 outb(IOLIMH, TPM_INF_ADDR);
 445                 outb(((tpm_inf.base >> 8) & 0xff), TPM_INF_DATA);
 446                 outb(IOLIML, TPM_INF_ADDR);
 447                 outb((tpm_inf.base & 0xff), TPM_INF_DATA);
 448
 449                 /* control if IO-ports are set correctly */
 450                 outb(IOLIMH, TPM_INF_ADDR);
 451                 ioh = inb(TPM_INF_DATA);
 452                 outb(IOLIML, TPM_INF_ADDR);
 453                 iol = inb(TPM_INF_DATA);
 454
 455                 if ((ioh << 8 | iol) != tpm_inf.base) {
 456                         dev_err(&dev->dev,
 457                                 "Could not set IO-ports to 0x%lx\n",
 458                                 tpm_inf.base);
 459                         rc = -EIO;
 460                         goto err_release_region;
 461                 }
 462
 463                 /* activate register */
 464                 outb(TPM_DAR, TPM_INF_ADDR);
 465                 outb(0x01, TPM_INF_DATA);
 466                 outb(DISABLE_REGISTER_PAIR, TPM_INF_ADDR);
 467
 468                 /* disable RESET, LP and IRQC */
 469                 outb(RESET_LP_IRQC_DISABLE, tpm_inf.base + CMD);
 470
 471                 /* Finally, we're done, print some infos */
 472                 dev_info(&dev->dev, "TPM found: "
 473                          "config base 0x%x, "
 474                          "io base 0x%x, "
 475                          "chip version %02x%02x, "
 476                          "vendor id %x%x (Infineon), "
 477                          "product id %02x%02x"
 478                          "%s\n",
 479                          TPM_INF_ADDR,
 480                          TPM_INF_BASE,
 481                          version[0], version[1],
 482                          vendorid[0], vendorid[1],
 483                          productid[0], productid[1], chipname);
 484
 485                 rc = tpm_register_hardware(&dev->dev, &tpm_inf);
 486                 if (rc < 0) {
 487                         rc = -ENODEV;
 488                         goto err_release_region;
 489                 }
 490                 return 0;
 491         } else {
 492                 rc = -ENODEV;
 493                 goto err_release_region;
 494         }
 495
 496 err_release_region:
 497         release_region(tpm_inf.base, TPM_INF_PORT_LEN);
 498         release_region(TPM_INF_ADDR, TPM_INF_ADDR_LEN);
 499
 500 err_last:
 501         return rc;
 502 }
 503
 504 static __devexit void tpm_inf_pnp_remove(struct pnp_dev *dev)
 505 {
 506         struct tpm_chip *chip = pnp_get_drvdata(dev);
 507
 508         if (chip) {
 509                 release_region(chip->vendor->base, TPM_INF_PORT_LEN);
 510                 tpm_remove_hardware(chip->dev);
 511         }
 512 }
 513
 514 static struct pnp_driver tpm_inf_pnp = {
 515         .name = "tpm_inf_pnp",
 516         .driver = {
 517                 .owner = THIS_MODULE,
 518                 .suspend = tpm_pm_suspend,
 519                 .resume = tpm_pm_resume,
 520         },
 521         .id_table = tpm_pnp_tbl,
 522         .probe = tpm_inf_pnp_probe,
 523         .remove = tpm_inf_pnp_remove,
 524 };
 525
 526 static int __init init_inf(void)
 527 {
 528         return pnp_register_driver(&tpm_inf_pnp);
 529 }
 530
 531 static void __exit cleanup_inf(void)
 532 {
 533         pnp_unregister_driver(&tpm_inf_pnp);
 534 }
 535
 536 module_init(init_inf);
 537 module_exit(cleanup_inf);
 538
 539 MODULE_AUTHOR("Marcel Selhorst <selhorst@crypto.rub.de>");
 540 MODULE_DESCRIPTION("Driver for Infineon TPM SLD 9630 TT 1.1 / SLB 9635 TT 1.2");
 541 MODULE_VERSION("1.7");
 542 MODULE_LICENSE("GPL");