OpenCloudOS-Kernel/drivers/char/tpm/tpm_tis_spi_cr50.c

346 lines
9.7 KiB
C

// SPDX-License-Identifier: GPL-2.0
/*
* Copyright (C) 2016 Google, Inc
*
* This device driver implements a TCG PTP FIFO interface over SPI for chips
* with Cr50 firmware.
* It is based on tpm_tis_spi driver by Peter Huewe and Christophe Ricard.
*/
#include <linux/completion.h>
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/of.h>
#include <linux/pm.h>
#include <linux/spi/spi.h>
#include <linux/wait.h>
#include "tpm_tis_core.h"
#include "tpm_tis_spi.h"
/*
* Cr50 timing constants:
* - can go to sleep not earlier than after CR50_SLEEP_DELAY_MSEC.
* - needs up to CR50_WAKE_START_DELAY_USEC to wake after sleep.
* - requires waiting for "ready" IRQ, if supported; or waiting for at least
* CR50_NOIRQ_ACCESS_DELAY_MSEC between transactions, if IRQ is not supported.
* - waits for up to CR50_FLOW_CONTROL for flow control 'ready' indication.
*/
#define CR50_SLEEP_DELAY_MSEC 1000
#define CR50_WAKE_START_DELAY_USEC 1000
#define CR50_NOIRQ_ACCESS_DELAY msecs_to_jiffies(2)
#define CR50_READY_IRQ_TIMEOUT msecs_to_jiffies(TPM2_TIMEOUT_A)
#define CR50_FLOW_CONTROL msecs_to_jiffies(TPM2_TIMEOUT_A)
#define MAX_IRQ_CONFIRMATION_ATTEMPTS 3
#define TPM_CR50_FW_VER(l) (0x0f90 | ((l) << 12))
#define TPM_CR50_MAX_FW_VER_LEN 64
/* Default quality for hwrng. */
#define TPM_CR50_DEFAULT_RNG_QUALITY 700
struct cr50_spi_phy {
struct tpm_tis_spi_phy spi_phy;
struct mutex time_track_mutex;
unsigned long last_access;
unsigned long access_delay;
unsigned int irq_confirmation_attempt;
bool irq_needs_confirmation;
bool irq_confirmed;
};
static inline struct cr50_spi_phy *to_cr50_spi_phy(struct tpm_tis_spi_phy *phy)
{
return container_of(phy, struct cr50_spi_phy, spi_phy);
}
/*
* The cr50 interrupt handler just signals waiting threads that the
* interrupt was asserted. It does not do any processing triggered
* by interrupts but is instead used to avoid fixed delays.
*/
static irqreturn_t cr50_spi_irq_handler(int dummy, void *dev_id)
{
struct cr50_spi_phy *cr50_phy = dev_id;
cr50_phy->irq_confirmed = true;
complete(&cr50_phy->spi_phy.ready);
return IRQ_HANDLED;
}
/*
* Cr50 needs to have at least some delay between consecutive
* transactions. Make sure we wait.
*/
static void cr50_ensure_access_delay(struct cr50_spi_phy *phy)
{
unsigned long allowed_access = phy->last_access + phy->access_delay;
unsigned long time_now = jiffies;
struct device *dev = &phy->spi_phy.spi_device->dev;
/*
* Note: There is a small chance, if Cr50 is not accessed in a few days,
* that time_in_range will not provide the correct result after the wrap
* around for jiffies. In this case, we'll have an unneeded short delay,
* which is fine.
*/
if (time_in_range_open(time_now, phy->last_access, allowed_access)) {
unsigned long remaining, timeout = allowed_access - time_now;
remaining = wait_for_completion_timeout(&phy->spi_phy.ready,
timeout);
if (!remaining && phy->irq_confirmed)
dev_warn(dev, "Timeout waiting for TPM ready IRQ\n");
}
if (phy->irq_needs_confirmation) {
unsigned int attempt = ++phy->irq_confirmation_attempt;
if (phy->irq_confirmed) {
phy->irq_needs_confirmation = false;
phy->access_delay = CR50_READY_IRQ_TIMEOUT;
dev_info(dev, "TPM ready IRQ confirmed on attempt %u\n",
attempt);
} else if (attempt > MAX_IRQ_CONFIRMATION_ATTEMPTS) {
phy->irq_needs_confirmation = false;
dev_warn(dev, "IRQ not confirmed - will use delays\n");
}
}
}
/*
* Cr50 might go to sleep if there is no SPI activity for some time and
* miss the first few bits/bytes on the bus. In such case, wake it up
* by asserting CS and give it time to start up.
*/
static bool cr50_needs_waking(struct cr50_spi_phy *phy)
{
/*
* Note: There is a small chance, if Cr50 is not accessed in a few days,
* that time_in_range will not provide the correct result after the wrap
* around for jiffies. In this case, we'll probably timeout or read
* incorrect value from TPM_STS and just retry the operation.
*/
return !time_in_range_open(jiffies, phy->last_access,
phy->spi_phy.wake_after);
}
static void cr50_wake_if_needed(struct cr50_spi_phy *cr50_phy)
{
struct tpm_tis_spi_phy *phy = &cr50_phy->spi_phy;
if (cr50_needs_waking(cr50_phy)) {
/* Assert CS, wait 1 msec, deassert CS */
struct spi_transfer spi_cs_wake = {
.delay = {
.value = 1000,
.unit = SPI_DELAY_UNIT_USECS
}
};
spi_sync_transfer(phy->spi_device, &spi_cs_wake, 1);
/* Wait for it to fully wake */
usleep_range(CR50_WAKE_START_DELAY_USEC,
CR50_WAKE_START_DELAY_USEC * 2);
}
/* Reset the time when we need to wake Cr50 again */
phy->wake_after = jiffies + msecs_to_jiffies(CR50_SLEEP_DELAY_MSEC);
}
/*
* Flow control: clock the bus and wait for cr50 to set LSB before
* sending/receiving data. TCG PTP spec allows it to happen during
* the last byte of header, but cr50 never does that in practice,
* and earlier versions had a bug when it was set too early, so don't
* check for it during header transfer.
*/
static int cr50_spi_flow_control(struct tpm_tis_spi_phy *phy,
struct spi_transfer *spi_xfer)
{
struct device *dev = &phy->spi_device->dev;
unsigned long timeout = jiffies + CR50_FLOW_CONTROL;
struct spi_message m;
int ret;
spi_xfer->len = 1;
do {
spi_message_init(&m);
spi_message_add_tail(spi_xfer, &m);
ret = spi_sync_locked(phy->spi_device, &m);
if (ret < 0)
return ret;
if (time_after(jiffies, timeout)) {
dev_warn(dev, "Timeout during flow control\n");
return -EBUSY;
}
} while (!(phy->iobuf[0] & 0x01));
return 0;
}
static bool tpm_cr50_spi_is_firmware_power_managed(struct device *dev)
{
u8 val;
int ret;
/* This flag should default true when the device property is not present */
ret = device_property_read_u8(dev, "firmware-power-managed", &val);
if (ret)
return true;
return val;
}
static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 len,
u8 *in, const u8 *out)
{
struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
struct cr50_spi_phy *cr50_phy = to_cr50_spi_phy(phy);
int ret;
mutex_lock(&cr50_phy->time_track_mutex);
/*
* Do this outside of spi_bus_lock in case cr50 is not the
* only device on that spi bus.
*/
cr50_ensure_access_delay(cr50_phy);
cr50_wake_if_needed(cr50_phy);
ret = tpm_tis_spi_transfer(data, addr, len, in, out);
cr50_phy->last_access = jiffies;
mutex_unlock(&cr50_phy->time_track_mutex);
return ret;
}
static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr,
u16 len, u8 *result)
{
return tpm_tis_spi_cr50_transfer(data, addr, len, result, NULL);
}
static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr,
u16 len, const u8 *value)
{
return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, value);
}
static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = {
.read_bytes = tpm_tis_spi_cr50_read_bytes,
.write_bytes = tpm_tis_spi_cr50_write_bytes,
.read16 = tpm_tis_spi_read16,
.read32 = tpm_tis_spi_read32,
.write32 = tpm_tis_spi_write32,
};
static void cr50_print_fw_version(struct tpm_tis_data *data)
{
struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
int i, len = 0;
char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1];
char fw_ver_block[4];
/*
* Write anything to TPM_CR50_FW_VER to start from the beginning
* of the version string
*/
tpm_tis_write8(data, TPM_CR50_FW_VER(data->locality), 0);
/* Read the string, 4 bytes at a time, until we get '\0' */
do {
tpm_tis_read_bytes(data, TPM_CR50_FW_VER(data->locality), 4,
fw_ver_block);
for (i = 0; i < 4 && fw_ver_block[i]; ++len, ++i)
fw_ver[len] = fw_ver_block[i];
} while (i == 4 && len < TPM_CR50_MAX_FW_VER_LEN);
fw_ver[len] = '\0';
dev_info(&phy->spi_device->dev, "Cr50 firmware version: %s\n", fw_ver);
}
int cr50_spi_probe(struct spi_device *spi)
{
struct tpm_tis_spi_phy *phy;
struct cr50_spi_phy *cr50_phy;
int ret;
struct tpm_chip *chip;
cr50_phy = devm_kzalloc(&spi->dev, sizeof(*cr50_phy), GFP_KERNEL);
if (!cr50_phy)
return -ENOMEM;
phy = &cr50_phy->spi_phy;
phy->flow_control = cr50_spi_flow_control;
phy->wake_after = jiffies;
phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY;
init_completion(&phy->ready);
cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY;
cr50_phy->last_access = jiffies;
mutex_init(&cr50_phy->time_track_mutex);
if (spi->irq > 0) {
ret = devm_request_irq(&spi->dev, spi->irq,
cr50_spi_irq_handler,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
"cr50_spi", cr50_phy);
if (ret < 0) {
if (ret == -EPROBE_DEFER)
return ret;
dev_warn(&spi->dev, "Requesting IRQ %d failed: %d\n",
spi->irq, ret);
/*
* This is not fatal, the driver will fall back to
* delays automatically, since ready will never
* be completed without a registered irq handler.
* So, just fall through.
*/
} else {
/*
* IRQ requested, let's verify that it is actually
* triggered, before relying on it.
*/
cr50_phy->irq_needs_confirmation = true;
}
} else {
dev_warn(&spi->dev,
"No IRQ - will use delays between transactions.\n");
}
ret = tpm_tis_spi_init(spi, phy, -1, &tpm_spi_cr50_phy_ops);
if (ret)
return ret;
cr50_print_fw_version(&phy->priv);
chip = dev_get_drvdata(&spi->dev);
if (tpm_cr50_spi_is_firmware_power_managed(&spi->dev))
chip->flags |= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED;
return 0;
}
#ifdef CONFIG_PM_SLEEP
int tpm_tis_spi_resume(struct device *dev)
{
struct tpm_chip *chip = dev_get_drvdata(dev);
struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
/*
* Jiffies not increased during suspend, so we need to reset
* the time to wake Cr50 after resume.
*/
phy->wake_after = jiffies;
return tpm_tis_resume(dev);
}
#endif