[J-u-boot.git] / drivers / tpm / tpm2_ftpm_tee.c

// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (C) Microsoft Corporation
 *
 * Authors:
 * Thirupathaiah Annapureddy <[email protected]>
 *
 * Description:
 * Device Driver for a firmware TPM as described here:
 * https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/
 *
 * A reference implementation is available here:
 * https://github.com/microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM/optee_ta/fTPM
 */

#include <common.h>
#include <dm.h>
#include <log.h>
#include <tpm-v2.h>
#include <tee.h>

#include "tpm_tis.h"
#include "tpm2_ftpm_tee.h"

/**
 * ftpm_tee_transceive() - send fTPM commands and retrieve fTPM response.
 * @sendbuf - address of the data to send, byte by byte
 * @send_size - length of the data to send
 * @recvbuf - address where to read the response, byte by byte.
 * @recv_len - pointer to the size of buffer
 *
 * Return:
 *	In case of success, returns 0.
 *	On failure, -errno
 */
static int ftpm_tee_transceive(struct udevice *dev, const u8 *sendbuf,
				size_t send_size, u8 *recvbuf,
				size_t *recv_len)
{
	struct ftpm_tee_private *context = dev_get_priv(dev);
	int rc = 0;
	size_t resp_len;
	u8 *resp_buf;
	struct tpm_output_header *resp_header;
	struct tee_invoke_arg transceive_args;
	struct tee_param command_params[4];
	struct tee_shm *shm;

	if (send_size > MAX_COMMAND_SIZE) {
		debug("%s:send_size=%zd exceeds MAX_COMMAND_SIZE\n",
			__func__, send_size);
		return -EIO;
	}

	shm = context->shm;
	memset(&transceive_args, 0, sizeof(transceive_args));
	memset(command_params, 0, sizeof(command_params));

	/* Invoke FTPM_OPTEE_TA_SUBMIT_COMMAND function of fTPM TA */
	transceive_args = (struct tee_invoke_arg) {
		.func = FTPM_OPTEE_TA_SUBMIT_COMMAND,
		.session = context->session,
	};

	/* Fill FTPM_OPTEE_TA_SUBMIT_COMMAND parameters */
	/* request */
	command_params[0] = (struct tee_param) {
		.attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT,
		.u.memref = {
			.shm = shm,
			.size = send_size,
			.shm_offs = 0,
		},
	};
	memset(command_params[0].u.memref.shm->addr, 0,
		(MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE));
	memcpy(command_params[0].u.memref.shm->addr, sendbuf, send_size);

	/* response */
	command_params[1] = (struct tee_param) {
		.attr = TEE_PARAM_ATTR_TYPE_MEMREF_INOUT,
		.u.memref = {
			.shm = shm,
			.size = MAX_RESPONSE_SIZE,
			.shm_offs = MAX_COMMAND_SIZE,
		},
	};

	rc = tee_invoke_func(context->tee_dev, &transceive_args, 4,
				command_params);
	if ((rc < 0) || (transceive_args.ret != 0)) {
		debug("%s:SUBMIT_COMMAND invoke error: 0x%x\n",
			__func__, transceive_args.ret);
		return (rc < 0) ? rc : transceive_args.ret;
	}

	resp_buf = command_params[1].u.memref.shm->addr +
		command_params[1].u.memref.shm_offs;
	resp_header = (struct tpm_output_header *)resp_buf;
	resp_len = be32_to_cpu(resp_header->length);

	/* sanity check resp_len*/
	if (resp_len < TPM_HEADER_SIZE) {
		debug("%s:tpm response header too small\n", __func__);
		return -EIO;
	}
	if (resp_len > MAX_RESPONSE_SIZE) {
		debug("%s:resp_len=%zd exceeds MAX_RESPONSE_SIZE\n",
			__func__, resp_len);
		return -EIO;
	}
	if (resp_len > *recv_len) {
		debug("%s:response length is bigger than receive buffer\n",
			__func__);
		return -EIO;
	}

	/* sanity checks look good, copy the response */
	memcpy(recvbuf,  resp_buf,  resp_len);
	*recv_len  = resp_len;

	return 0;
}

static int ftpm_tee_open(struct udevice *dev)
{
	struct ftpm_tee_private *context = dev_get_priv(dev);

	if (context->is_open)
		return -EBUSY;

	context->is_open = 1;

	return 0;
}

static int ftpm_tee_close(struct udevice *dev)
{
	struct ftpm_tee_private *context = dev_get_priv(dev);

	if (context->is_open)
		context->is_open = 0;

	return 0;
}

static int ftpm_tee_desc(struct udevice *dev, char *buf, int size)
{
	if (size < 32)
		return -ENOSPC;

	return snprintf(buf, size, "Microsoft OP-TEE fTPM");
}

static int ftpm_tee_match(struct tee_version_data *vers, const void *data)
{
	debug("%s:vers->gen_caps =0x%x\n", __func__, vers->gen_caps);

	/*
	 * Currently this driver only support GP Complaint OPTEE based fTPM TA
	 */
	return vers->gen_caps & TEE_GEN_CAP_GP;
}

static int ftpm_tee_probe(struct udevice *dev)
{
	int rc;
	struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
	struct ftpm_tee_private *context = dev_get_priv(dev);
	struct tee_open_session_arg sess_arg;
	const struct tee_optee_ta_uuid uuid = TA_FTPM_UUID;

	memset(context, 0, sizeof(*context));

	/* Use the TPM v2 stack */
	priv->version = TPM_V2;
	priv->pcr_count = 24;
	priv->pcr_select_min = 3;

	/* Find TEE device */
	context->tee_dev = tee_find_device(NULL, ftpm_tee_match, NULL, NULL);
	if (!context->tee_dev) {
		debug("%s:tee_find_device failed\n", __func__);
		return -ENODEV;
	}

	/* Open a session with the fTPM TA */
	memset(&sess_arg, 0, sizeof(sess_arg));
	tee_optee_ta_uuid_to_octets(sess_arg.uuid, &uuid);

	rc = tee_open_session(context->tee_dev, &sess_arg, 0, NULL);
	if ((rc < 0) || (sess_arg.ret != 0)) {
		debug("%s:tee_open_session failed, err=%x\n",
			__func__, sess_arg.ret);
		return -EIO;
	}
	context->session = sess_arg.session;

	/* Allocate dynamic shared memory with fTPM TA */
	rc = tee_shm_alloc(context->tee_dev,
			MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE,
			0, &context->shm);
	if (rc) {
		debug("%s:tee_shm_alloc failed with rc = %d\n", __func__, rc);
		goto out_shm_alloc;
	}

	return 0;

out_shm_alloc:
	tee_close_session(context->tee_dev, context->session);

	return rc;
}

static int ftpm_tee_remove(struct udevice *dev)
{
	struct ftpm_tee_private *context = dev_get_priv(dev);
	int rc;

	/* tee_pre_remove frees any leftover TEE shared memory */

	/* close the existing session with fTPM TA*/
	rc = tee_close_session(context->tee_dev, context->session);
	debug("%s: tee_close_session - rc =%d\n", __func__, rc);

	return 0;
}

static const struct tpm_ops ftpm_tee_ops = {
	.open		= ftpm_tee_open,
	.close		= ftpm_tee_close,
	.get_desc	= ftpm_tee_desc,
	.xfer		= ftpm_tee_transceive,
};

static const struct udevice_id ftpm_tee_ids[] = {
	{ .compatible = "microsoft,ftpm" },
	{ }
};

U_BOOT_DRIVER(ftpm_tee) = {
	.name   = "ftpm_tee",
	.id     = UCLASS_TPM,
	.of_match = ftpm_tee_ids,
	.ops    = &ftpm_tee_ops,
	.probe	= ftpm_tee_probe,
	.remove	= ftpm_tee_remove,
	.flags	= DM_FLAG_OS_PREPARE,
	.priv_auto	= sizeof(struct ftpm_tee_private),
};
Commit	Line	Data
8d73be7a TA	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* Copyright (C) Microsoft Corporation
	4	*
	5	* Authors:
	6	* Thirupathaiah Annapureddy <[email protected]>
	7	*
	8	* Description:
	9	* Device Driver for a firmware TPM as described here:
	10	* https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/
	11	*
	12	* A reference implementation is available here:
	13	* https://github.com/microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM/optee_ta/fTPM
	14	*/
	15
	16	#include <common.h>
	17	#include <dm.h>
f7ae49fc	18	#include <log.h>
8d73be7a TA	19	#include <tpm-v2.h>
	20	#include <tee.h>
	21
	22	#include "tpm_tis.h"
	23	#include "tpm2_ftpm_tee.h"
	24
	25	/**
	26	* ftpm_tee_transceive() - send fTPM commands and retrieve fTPM response.
	27	* @sendbuf - address of the data to send, byte by byte
	28	* @send_size - length of the data to send
	29	* @recvbuf - address where to read the response, byte by byte.
	30	* @recv_len - pointer to the size of buffer
	31	*
	32	* Return:
	33	* In case of success, returns 0.
	34	* On failure, -errno
	35	*/
	36	static int ftpm_tee_transceive(struct udevice dev, const u8 sendbuf,
	37	size_t send_size, u8 *recvbuf,
	38	size_t *recv_len)
	39	{
	40	struct ftpm_tee_private *context = dev_get_priv(dev);
	41	int rc = 0;
	42	size_t resp_len;
	43	u8 *resp_buf;
	44	struct tpm_output_header *resp_header;
	45	struct tee_invoke_arg transceive_args;
	46	struct tee_param command_params[4];
	47	struct tee_shm *shm;
	48
	49	if (send_size > MAX_COMMAND_SIZE) {
	50	debug("%s:send_size=%zd exceeds MAX_COMMAND_SIZE\n",
	51	__func__, send_size);
	52	return -EIO;
	53	}
	54
	55	shm = context->shm;
	56	memset(&transceive_args, 0, sizeof(transceive_args));
	57	memset(command_params, 0, sizeof(command_params));
	58
	59	/* Invoke FTPM_OPTEE_TA_SUBMIT_COMMAND function of fTPM TA */
	60	transceive_args = (struct tee_invoke_arg) {
	61	.func = FTPM_OPTEE_TA_SUBMIT_COMMAND,
	62	.session = context->session,
	63	};
	64
	65	/* Fill FTPM_OPTEE_TA_SUBMIT_COMMAND parameters */
	66	/* request */
	67	command_params[0] = (struct tee_param) {
	68	.attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT,
	69	.u.memref = {
	70	.shm = shm,
	71	.size = send_size,
	72	.shm_offs = 0,
	73	},
	74	};
	75	memset(command_params[0].u.memref.shm->addr, 0,
	76	(MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE));
	77	memcpy(command_params[0].u.memref.shm->addr, sendbuf, send_size);
	78
	79	/* response */
	80	command_params[1] = (struct tee_param) {
	81	.attr = TEE_PARAM_ATTR_TYPE_MEMREF_INOUT,
	82	.u.memref = {
83	.shm = shm,
84	.size = MAX_RESPONSE_SIZE,
85	.shm_offs = MAX_COMMAND_SIZE,
86	},
87	};
88
89	rc = tee_invoke_func(context->tee_dev, &transceive_args, 4,
90	command_params);
91	if ((rc < 0) \|\| (transceive_args.ret != 0)) {
92	debug("%s:SUBMIT_COMMAND invoke error: 0x%x\n",
93	__func__, transceive_args.ret);
94	return (rc < 0) ? rc : transceive_args.ret;
95	}
96
97	resp_buf = command_params[1].u.memref.shm->addr +
98	command_params[1].u.memref.shm_offs;
99	resp_header = (struct tpm_output_header *)resp_buf;
100	resp_len = be32_to_cpu(resp_header->length);
101
102	/* sanity check resp_len*/
103	if (resp_len < TPM_HEADER_SIZE) {
104	debug("%s:tpm response header too small\n", __func__);
105	return -EIO;
106	}
107	if (resp_len > MAX_RESPONSE_SIZE) {
108	debug("%s:resp_len=%zd exceeds MAX_RESPONSE_SIZE\n",
109	__func__, resp_len);
110	return -EIO;
111	}
112	if (resp_len > *recv_len) {
113	debug("%s:response length is bigger than receive buffer\n",
114	__func__);
115	return -EIO;
116	}
117
118	/* sanity checks look good, copy the response */
119	memcpy(recvbuf, resp_buf, resp_len);
120	*recv_len = resp_len;
121
122	return 0;
123	}
124
125	static int ftpm_tee_open(struct udevice *dev)
126	{
127	struct ftpm_tee_private *context = dev_get_priv(dev);
128
129	if (context->is_open)
130	return -EBUSY;
131
132	context->is_open = 1;
133
134	return 0;
135	}
136
137	static int ftpm_tee_close(struct udevice *dev)
138	{
139	struct ftpm_tee_private *context = dev_get_priv(dev);
140
141	if (context->is_open)
142	context->is_open = 0;
143
144	return 0;
145	}
146
147	static int ftpm_tee_desc(struct udevice dev, char buf, int size)
148	{
149	if (size < 32)
150	return -ENOSPC;
151
152	return snprintf(buf, size, "Microsoft OP-TEE fTPM");
153	}
154
155	static int ftpm_tee_match(struct tee_version_data vers, const void data)
156	{
157	debug("%s:vers->gen_caps =0x%x\n", __func__, vers->gen_caps);
158
159	/*
160	* Currently this driver only support GP Complaint OPTEE based fTPM TA
161	*/
162	return vers->gen_caps & TEE_GEN_CAP_GP;
163	}
164
165	static int ftpm_tee_probe(struct udevice *dev)
166	{
167	int rc;
168	struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
169	struct ftpm_tee_private *context = dev_get_priv(dev);
170	struct tee_open_session_arg sess_arg;
171	const struct tee_optee_ta_uuid uuid = TA_FTPM_UUID;
172
173	memset(context, 0, sizeof(*context));
174
175	/* Use the TPM v2 stack */
176	priv->version = TPM_V2;
177	priv->pcr_count = 24;
178	priv->pcr_select_min = 3;
179
180	/* Find TEE device */
181	context->tee_dev = tee_find_device(NULL, ftpm_tee_match, NULL, NULL);
182	if (!context->tee_dev) {
183	debug("%s:tee_find_device failed\n", __func__);
184	return -ENODEV;
185	}
186
187	/* Open a session with the fTPM TA */
188	memset(&sess_arg, 0, sizeof(sess_arg));
189	tee_optee_ta_uuid_to_octets(sess_arg.uuid, &uuid);
190
191	rc = tee_open_session(context->tee_dev, &sess_arg, 0, NULL);
192	if ((rc < 0) \|\| (sess_arg.ret != 0)) {
193	debug("%s:tee_open_session failed, err=%x\n",
194	__func__, sess_arg.ret);
195	return -EIO;
196	}
197	context->session = sess_arg.session;
198
199	/* Allocate dynamic shared memory with fTPM TA */
200	rc = tee_shm_alloc(context->tee_dev,
201	MAX_COMMAND_SIZE + MAX_RESPONSE_SIZE,
202	0, &context->shm);
203	if (rc) {
204	debug("%s:tee_shm_alloc failed with rc = %d\n", __func__, rc);
205	goto out_shm_alloc;
206	}
207
208	return 0;
209
210	out_shm_alloc:
211	tee_close_session(context->tee_dev, context->session);
212
213	return rc;
214	}
215
216	static int ftpm_tee_remove(struct udevice *dev)
217	{
218	struct ftpm_tee_private *context = dev_get_priv(dev);
219	int rc;
220
221	/* tee_pre_remove frees any leftover TEE shared memory */
222
223	/* close the existing session with fTPM TA*/
224	rc = tee_close_session(context->tee_dev, context->session);
225	debug("%s: tee_close_session - rc =%d\n", __func__, rc);
226
227	return 0;
228	}
229
230	static const struct tpm_ops ftpm_tee_ops = {
231	.open = ftpm_tee_open,
232	.close = ftpm_tee_close,
233	.get_desc = ftpm_tee_desc,
234	.xfer = ftpm_tee_transceive,
235	};
236
237	static const struct udevice_id ftpm_tee_ids[] = {
238	{ .compatible = "microsoft,ftpm" },
239	{ }
240	};
241
242	U_BOOT_DRIVER(ftpm_tee) = {
243	.name = "ftpm_tee",
244	.id = UCLASS_TPM,
245	.of_match = ftpm_tee_ids,
246	.ops = &ftpm_tee_ops,
247	.probe = ftpm_tee_probe,
248	.remove = ftpm_tee_remove,
249	.flags = DM_FLAG_OS_PREPARE,
41575d8e	250	.priv_auto = sizeof(struct ftpm_tee_private),
8d73be7a	251	};