[J-u-boot.git] / drivers / tpm / tpm_tis_lpc.c

/*
 * Copyright (c) 2011 The Chromium OS Authors.
 *
 * SPDX-License-Identifier:	GPL-2.0+
 */

/*
 * The code in this file is based on the article "Writing a TPM Device Driver"
 * published on http://ptgmedia.pearsoncmg.com.
 *
 * One principal difference is that in the simplest config the other than 0
 * TPM localities do not get mapped by some devices (for instance, by Infineon
 * slb9635), so this driver provides access to locality 0 only.
 */

#include <common.h>
#include <asm/io.h>
#include <tis.h>
#include <tpm.h>

#define PREFIX "lpc_tpm: "

struct tpm_locality {
	u32 access;
	u8 padding0[4];
	u32 int_enable;
	u8 vector;
	u8 padding1[3];
	u32 int_status;
	u32 int_capability;
	u32 tpm_status;
	u8 padding2[8];
	u8 data;
	u8 padding3[3803];
	u32 did_vid;
	u8 rid;
	u8 padding4[251];
};

/*
 * This pointer refers to the TPM chip, 5 of its localities are mapped as an
 * array.
 */
#define TPM_TOTAL_LOCALITIES	5
static struct tpm_locality *lpc_tpm_dev =
	(struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS;

/* Some registers' bit field definitions */
#define TIS_STS_VALID                  (1 << 7) /* 0x80 */
#define TIS_STS_COMMAND_READY          (1 << 6) /* 0x40 */
#define TIS_STS_TPM_GO                 (1 << 5) /* 0x20 */
#define TIS_STS_DATA_AVAILABLE         (1 << 4) /* 0x10 */
#define TIS_STS_EXPECT                 (1 << 3) /* 0x08 */
#define TIS_STS_RESPONSE_RETRY         (1 << 1) /* 0x02 */

#define TIS_ACCESS_TPM_REG_VALID_STS   (1 << 7) /* 0x80 */
#define TIS_ACCESS_ACTIVE_LOCALITY     (1 << 5) /* 0x20 */
#define TIS_ACCESS_BEEN_SEIZED         (1 << 4) /* 0x10 */
#define TIS_ACCESS_SEIZE               (1 << 3) /* 0x08 */
#define TIS_ACCESS_PENDING_REQUEST     (1 << 2) /* 0x04 */
#define TIS_ACCESS_REQUEST_USE         (1 << 1) /* 0x02 */
#define TIS_ACCESS_TPM_ESTABLISHMENT   (1 << 0) /* 0x01 */

#define TIS_STS_BURST_COUNT_MASK       (0xffff)
#define TIS_STS_BURST_COUNT_SHIFT      (8)

/*
 * Error value returned if a tpm register does not enter the expected state
 * after continuous polling. No actual TPM register reading ever returns -1,
 * so this value is a safe error indication to be mixed with possible status
 * register values.
 */
#define TPM_TIMEOUT_ERR			(-1)

/* Error value returned on various TPM driver errors. */
#define TPM_DRIVER_ERR		(1)

 /* 1 second is plenty for anything TPM does. */
#define MAX_DELAY_US	(1000 * 1000)

/* Retrieve burst count value out of the status register contents. */
static u16 burst_count(u32 status)
{
	return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK;
}

/*
 * Structures defined below allow creating descriptions of TPM vendor/device
 * ID information for run time discovery. The only device the system knows
 * about at this time is Infineon slb9635.
 */
struct device_name {
	u16 dev_id;
	const char * const dev_name;
};

struct vendor_name {
	u16 vendor_id;
	const char *vendor_name;
	const struct device_name *dev_names;
};

static const struct device_name infineon_devices[] = {
	{0xb, "SLB9635 TT 1.2"},
	{0}
};

static const struct vendor_name vendor_names[] = {
	{0x15d1, "Infineon", infineon_devices},
};

/*
 * Cached vendor/device ID pair to indicate that the device has been already
 * discovered.
 */
static u32 vendor_dev_id;

/* TPM access wrappers to support tracing */
static u8 tpm_read_byte(const u8 *ptr)
{
	u8  ret = readb(ptr);
	debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
	return ret;
}

static u32 tpm_read_word(const u32 *ptr)
{
	u32  ret = readl(ptr);
	debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
	return ret;
}

static void tpm_write_byte(u8 value, u8 *ptr)
{
	debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
	writeb(value, ptr);
}

static void tpm_write_word(u32 value, u32 *ptr)
{
	debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
	      (u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
	writel(value, ptr);
}

/*
 * tis_wait_reg()
 *
 * Wait for at least a second for a register to change its state to match the
 * expected state. Normally the transition happens within microseconds.
 *
 * @reg - pointer to the TPM register
 * @mask - bitmask for the bitfield(s) to watch
 * @expected - value the field(s) are supposed to be set to
 *
 * Returns the register contents in case the expected value was found in the
 * appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
 */
static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected)
{
	u32 time_us = MAX_DELAY_US;

	while (time_us > 0) {
		u32 value = tpm_read_word(reg);
		if ((value & mask) == expected)
			return value;
		udelay(1); /* 1 us */
		time_us--;
	}
	return TPM_TIMEOUT_ERR;
}

/*
 * Probe the TPM device and try determining its manufacturer/device name.
 *
 * Returns 0 on success (the device is found or was found during an earlier
 * invocation) or TPM_DRIVER_ERR if the device is not found.
 */
int tis_init(void)
{
	u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid);
	int i;
	const char *device_name = "unknown";
	const char *vendor_name = device_name;
	u16 vid, did;

	if (vendor_dev_id)
		return 0;  /* Already probed. */

	if (!didvid || (didvid == 0xffffffff)) {
		printf("%s: No TPM device found\n", __func__);
		return TPM_DRIVER_ERR;
	}

	vendor_dev_id = didvid;

	vid = didvid & 0xffff;
	did = (didvid >> 16) & 0xffff;
	for (i = 0; i < ARRAY_SIZE(vendor_names); i++) {
		int j = 0;
		u16 known_did;

		if (vid == vendor_names[i].vendor_id)
			vendor_name = vendor_names[i].vendor_name;

		while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) {
			if (known_did == did) {
				device_name =
					vendor_names[i].dev_names[j].dev_name;
				break;
			}
			j++;
		}
		break;
	}

	printf("Found TPM %s by %s\n", device_name, vendor_name);
	return 0;
}

/*
 * tis_senddata()
 *
 * send the passed in data to the TPM device.
 *
 * @data - address of the data to send, byte by byte
 * @len - length of the data to send
 *
 * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
 * not accept the entire command).
 */
static u32 tis_senddata(const u8 * const data, u32 len)
{
	u32 offset = 0;
	u16 burst = 0;
	u32 max_cycles = 0;
	u8 locality = 0;
	u32 value;

	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
			     TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
	if (value == TPM_TIMEOUT_ERR) {
		printf("%s:%d - failed to get 'command_ready' status\n",
		       __FILE__, __LINE__);
		return TPM_DRIVER_ERR;
	}
	burst = burst_count(value);

	while (1) {
		unsigned count;

		/* Wait till the device is ready to accept more data. */
		while (!burst) {
			if (max_cycles++ == MAX_DELAY_US) {
				printf("%s:%d failed to feed %d bytes of %d\n",
				       __FILE__, __LINE__, len - offset, len);
				return TPM_DRIVER_ERR;
			}
			udelay(1);
			burst = burst_count(tpm_read_word(&lpc_tpm_dev
						     [locality].tpm_status));
		}

		max_cycles = 0;

		/*
		 * Calculate number of bytes the TPM is ready to accept in one
		 * shot.
		 *
		 * We want to send the last byte outside of the loop (hence
		 * the -1 below) to make sure that the 'expected' status bit
		 * changes to zero exactly after the last byte is fed into the
		 * FIFO.
		 */
		count = min((u32)burst, len - offset - 1);
		while (count--)
			tpm_write_byte(data[offset++],
				  &lpc_tpm_dev[locality].data);

		value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
				     TIS_STS_VALID, TIS_STS_VALID);

		if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) {
			printf("%s:%d TPM command feed overflow\n",
			       __FILE__, __LINE__);
			return TPM_DRIVER_ERR;
		}

		burst = burst_count(value);
		if ((offset == (len - 1)) && burst) {
			/*
			 * We need to be able to send the last byte to the
			 * device, so burst size must be nonzero before we
			 * break out.
			 */
			break;
		}
	}

	/* Send the last byte. */
	tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data);
	/*
	 * Verify that TPM does not expect any more data as part of this
	 * command.
	 */
	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
			     TIS_STS_VALID, TIS_STS_VALID);
	if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) {
		printf("%s:%d unexpected TPM status 0x%x\n",
		       __FILE__, __LINE__, value);
		return TPM_DRIVER_ERR;
	}

	/* OK, sitting pretty, let's start the command execution. */
	tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status);
	return 0;
}

/*
 * tis_readresponse()
 *
 * read the TPM device response after a command was issued.
 *
 * @buffer - address where to read the response, byte by byte.
 * @len - pointer to the size of buffer
 *
 * On success stores the number of received bytes to len and returns 0. On
 * errors (misformatted TPM data or synchronization problems) returns
 * TPM_DRIVER_ERR.
 */
static u32 tis_readresponse(u8 *buffer, u32 *len)
{
	u16 burst;
	u32 value;
	u32 offset = 0;
	u8 locality = 0;
	const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID;
	u32 expected_count = *len;
	int max_cycles = 0;

	/* Wait for the TPM to process the command. */
	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
			      has_data, has_data);
	if (value == TPM_TIMEOUT_ERR) {
		printf("%s:%d failed processing command\n",
		       __FILE__, __LINE__);
		return TPM_DRIVER_ERR;
	}

	do {
		while ((burst = burst_count(value)) == 0) {
			if (max_cycles++ == MAX_DELAY_US) {
				printf("%s:%d TPM stuck on read\n",
				       __FILE__, __LINE__);
				return TPM_DRIVER_ERR;
			}
			udelay(1);
			value = tpm_read_word(&lpc_tpm_dev
					      [locality].tpm_status);
		}

		max_cycles = 0;

		while (burst-- && (offset < expected_count)) {
			buffer[offset++] = tpm_read_byte(&lpc_tpm_dev
							 [locality].data);

			if (offset == 6) {
				/*
				 * We got the first six bytes of the reply,
				 * let's figure out how many bytes to expect
				 * total - it is stored as a 4 byte number in
				 * network order, starting with offset 2 into
				 * the body of the reply.
				 */
				u32 real_length;
				memcpy(&real_length,
				       buffer + 2,
				       sizeof(real_length));
				expected_count = be32_to_cpu(real_length);

				if ((expected_count < offset) ||
				    (expected_count > *len)) {
					printf("%s:%d bad response size %d\n",
					       __FILE__, __LINE__,
					       expected_count);
					return TPM_DRIVER_ERR;
				}
			}
		}

		/* Wait for the next portion. */
		value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
				     TIS_STS_VALID, TIS_STS_VALID);
		if (value == TPM_TIMEOUT_ERR) {
			printf("%s:%d failed to read response\n",
			       __FILE__, __LINE__);
			return TPM_DRIVER_ERR;
		}

		if (offset == expected_count)
			break;	/* We got all we needed. */

	} while ((value & has_data) == has_data);

	/*
	 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
	 * known to be set.
	 */
	if (value & TIS_STS_DATA_AVAILABLE) {
		printf("%s:%d wrong receive status %x\n",
		       __FILE__, __LINE__, value);
		return TPM_DRIVER_ERR;
	}

	/* Tell the TPM that we are done. */
	tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev
		  [locality].tpm_status);
	*len = offset;
	return 0;
}

int tis_open(void)
{
	u8 locality = 0; /* we use locality zero for everything. */

	/* now request access to locality. */
	tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access);

	/* did we get a lock? */
	if (tis_wait_reg(&lpc_tpm_dev[locality].access,
			 TIS_ACCESS_ACTIVE_LOCALITY,
			 TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) {
		printf("%s:%d - failed to lock locality %d\n",
		       __FILE__, __LINE__, locality);
		return TPM_DRIVER_ERR;
	}

	tpm_write_word(TIS_STS_COMMAND_READY,
		       &lpc_tpm_dev[locality].tpm_status);
	return 0;
}

int tis_close(void)
{
	u8 locality = 0;

	if (tpm_read_word(&lpc_tpm_dev[locality].access) &
	    TIS_ACCESS_ACTIVE_LOCALITY) {
		tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY,
			       &lpc_tpm_dev[locality].access);

		if (tis_wait_reg(&lpc_tpm_dev[locality].access,
				 TIS_ACCESS_ACTIVE_LOCALITY, 0) ==
		    TPM_TIMEOUT_ERR) {
			printf("%s:%d - failed to release locality %d\n",
			       __FILE__, __LINE__, locality);
			return TPM_DRIVER_ERR;
		}
	}
	return 0;
}

int tis_sendrecv(const u8 *sendbuf, size_t send_size,
		 u8 *recvbuf, size_t *recv_len)
{
	if (tis_senddata(sendbuf, send_size)) {
		printf("%s:%d failed sending data to TPM\n",
		       __FILE__, __LINE__);
		return TPM_DRIVER_ERR;
	}

	return tis_readresponse(recvbuf, (u32 *)recv_len);
}
Commit	Line	Data
5e124724 VB	1	/*
	2	* Copyright (c) 2011 The Chromium OS Authors.
	3	*
1a459660	4	* SPDX-License-Identifier: GPL-2.0+
5e124724 VB	5	*/
	6
	7	/*
	8	* The code in this file is based on the article "Writing a TPM Device Driver"
	9	* published on http://ptgmedia.pearsoncmg.com.
	10	*
	11	* One principal difference is that in the simplest config the other than 0
	12	* TPM localities do not get mapped by some devices (for instance, by Infineon
	13	* slb9635), so this driver provides access to locality 0 only.
	14	*/
	15
	16	#include <common.h>
	17	#include <asm/io.h>
f255d31f	18	#include <tis.h>
5e124724 VB	19	#include <tpm.h>
	20
	21	#define PREFIX "lpc_tpm: "
	22
	23	struct tpm_locality {
	24	u32 access;
	25	u8 padding0[4];
	26	u32 int_enable;
	27	u8 vector;
	28	u8 padding1[3];
	29	u32 int_status;
	30	u32 int_capability;
	31	u32 tpm_status;
	32	u8 padding2[8];
	33	u8 data;
	34	u8 padding3[3803];
	35	u32 did_vid;
	36	u8 rid;
	37	u8 padding4[251];
	38	};
	39
	40	/*
	41	* This pointer refers to the TPM chip, 5 of its localities are mapped as an
	42	* array.
	43	*/
	44	#define TPM_TOTAL_LOCALITIES 5
	45	static struct tpm_locality *lpc_tpm_dev =
	46	(struct tpm_locality *)CONFIG_TPM_TIS_BASE_ADDRESS;
	47
	48	/* Some registers' bit field definitions */
	49	#define TIS_STS_VALID (1 << 7) /* 0x80 */
	50	#define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
	51	#define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
	52	#define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
	53	#define TIS_STS_EXPECT (1 << 3) /* 0x08 */
	54	#define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
	55
	56	#define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
	57	#define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
	58	#define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
	59	#define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
	60	#define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
	61	#define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
	62	#define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
	63
	64	#define TIS_STS_BURST_COUNT_MASK (0xffff)
	65	#define TIS_STS_BURST_COUNT_SHIFT (8)
	66
	67	/*
	68	* Error value returned if a tpm register does not enter the expected state
	69	* after continuous polling. No actual TPM register reading ever returns -1,
	70	* so this value is a safe error indication to be mixed with possible status
	71	* register values.
	72	*/
	73	#define TPM_TIMEOUT_ERR (-1)
	74
	75	/* Error value returned on various TPM driver errors. */
	76	#define TPM_DRIVER_ERR (1)
	77
	78	/* 1 second is plenty for anything TPM does. */
	79	#define MAX_DELAY_US (1000 * 1000)
	80
	81	/* Retrieve burst count value out of the status register contents. */
	82	static u16 burst_count(u32 status)
83	{
84	return (status >> TIS_STS_BURST_COUNT_SHIFT) & TIS_STS_BURST_COUNT_MASK;
85	}
86
87	/*
88	* Structures defined below allow creating descriptions of TPM vendor/device
89	* ID information for run time discovery. The only device the system knows
90	* about at this time is Infineon slb9635.
91	*/
92	struct device_name {
93	u16 dev_id;
94	const char * const dev_name;
95	};
96
97	struct vendor_name {
98	u16 vendor_id;
99	const char *vendor_name;
100	const struct device_name *dev_names;
101	};
102
103	static const struct device_name infineon_devices[] = {
104	{0xb, "SLB9635 TT 1.2"},
105	{0}
106	};
107
108	static const struct vendor_name vendor_names[] = {
109	{0x15d1, "Infineon", infineon_devices},
110	};
111
112	/*
113	* Cached vendor/device ID pair to indicate that the device has been already
114	* discovered.
115	*/
116	static u32 vendor_dev_id;
117
118	/* TPM access wrappers to support tracing */
119	static u8 tpm_read_byte(const u8 *ptr)
120	{
121	u8 ret = readb(ptr);
122	debug(PREFIX "Read reg 0x%4.4x returns 0x%2.2x\n",
af98a70a	123	(u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
5e124724 VB	124	return ret;
	125	}
	126
	127	static u32 tpm_read_word(const u32 *ptr)
	128	{
	129	u32 ret = readl(ptr);
	130	debug(PREFIX "Read reg 0x%4.4x returns 0x%8.8x\n",
af98a70a	131	(u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, ret);
5e124724 VB	132	return ret;
	133	}
	134
	135	static void tpm_write_byte(u8 value, u8 *ptr)
	136	{
	137	debug(PREFIX "Write reg 0x%4.4x with 0x%2.2x\n",
af98a70a	138	(u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
5e124724 VB	139	writeb(value, ptr);
	140	}
	141
	142	static void tpm_write_word(u32 value, u32 *ptr)
	143	{
	144	debug(PREFIX "Write reg 0x%4.4x with 0x%8.8x\n",
af98a70a	145	(u32)(uintptr_t)ptr - (u32)(uintptr_t)lpc_tpm_dev, value);
5e124724 VB	146	writel(value, ptr);
	147	}
	148
	149	/*
	150	* tis_wait_reg()
	151	*
	152	* Wait for at least a second for a register to change its state to match the
	153	* expected state. Normally the transition happens within microseconds.
	154	*
	155	* @reg - pointer to the TPM register
	156	* @mask - bitmask for the bitfield(s) to watch
	157	* @expected - value the field(s) are supposed to be set to
	158	*
	159	* Returns the register contents in case the expected value was found in the
	160	* appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
	161	*/
	162	static u32 tis_wait_reg(u32 *reg, u8 mask, u8 expected)
	163	{
	164	u32 time_us = MAX_DELAY_US;
	165
	166	while (time_us > 0) {
	167	u32 value = tpm_read_word(reg);
	168	if ((value & mask) == expected)
	169	return value;
	170	udelay(1); /* 1 us */
	171	time_us--;
	172	}
	173	return TPM_TIMEOUT_ERR;
	174	}
	175
	176	/*
	177	* Probe the TPM device and try determining its manufacturer/device name.
	178	*
	179	* Returns 0 on success (the device is found or was found during an earlier
	180	* invocation) or TPM_DRIVER_ERR if the device is not found.
	181	*/
	182	int tis_init(void)
	183	{
	184	u32 didvid = tpm_read_word(&lpc_tpm_dev[0].did_vid);
	185	int i;
	186	const char *device_name = "unknown";
	187	const char *vendor_name = device_name;
	188	u16 vid, did;
	189
	190	if (vendor_dev_id)
	191	return 0; /* Already probed. */
	192
	193	if (!didvid \|\| (didvid == 0xffffffff)) {
	194	printf("%s: No TPM device found\n", __func__);
	195	return TPM_DRIVER_ERR;
	196	}
	197
	198	vendor_dev_id = didvid;
	199
	200	vid = didvid & 0xffff;
	201	did = (didvid >> 16) & 0xffff;
	202	for (i = 0; i < ARRAY_SIZE(vendor_names); i++) {
	203	int j = 0;
	204	u16 known_did;
	205
	206	if (vid == vendor_names[i].vendor_id)
	207	vendor_name = vendor_names[i].vendor_name;
	208
	209	while ((known_did = vendor_names[i].dev_names[j].dev_id) != 0) {
210	if (known_did == did) {
211	device_name =
212	vendor_names[i].dev_names[j].dev_name;
213	break;
214	}
215	j++;
216	}
217	break;
218	}
219
220	printf("Found TPM %s by %s\n", device_name, vendor_name);
221	return 0;
222	}
223
224	/*
225	* tis_senddata()
226	*
227	* send the passed in data to the TPM device.
228	*
229	* @data - address of the data to send, byte by byte
230	* @len - length of the data to send
231	*
232	* Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
233	* not accept the entire command).
234	*/
235	static u32 tis_senddata(const u8 * const data, u32 len)
236	{
237	u32 offset = 0;
238	u16 burst = 0;
239	u32 max_cycles = 0;
240	u8 locality = 0;
241	u32 value;
242
243	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
244	TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
245	if (value == TPM_TIMEOUT_ERR) {
246	printf("%s:%d - failed to get 'command_ready' status\n",
247	__FILE__, __LINE__);
248	return TPM_DRIVER_ERR;
249	}
250	burst = burst_count(value);
251
252	while (1) {
253	unsigned count;
254
255	/* Wait till the device is ready to accept more data. */
256	while (!burst) {
257	if (max_cycles++ == MAX_DELAY_US) {
258	printf("%s:%d failed to feed %d bytes of %d\n",
259	__FILE__, __LINE__, len - offset, len);
260	return TPM_DRIVER_ERR;
261	}
262	udelay(1);
263	burst = burst_count(tpm_read_word(&lpc_tpm_dev
264	[locality].tpm_status));
265	}
266
267	max_cycles = 0;
268
269	/*
270	* Calculate number of bytes the TPM is ready to accept in one
271	* shot.
272	*
273	* We want to send the last byte outside of the loop (hence
274	* the -1 below) to make sure that the 'expected' status bit
275	* changes to zero exactly after the last byte is fed into the
276	* FIFO.
277	*/
b4141195	278	count = min((u32)burst, len - offset - 1);
5e124724 VB	279	while (count--)
	280	tpm_write_byte(data[offset++],
	281	&lpc_tpm_dev[locality].data);
	282
	283	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
	284	TIS_STS_VALID, TIS_STS_VALID);
	285
	286	if ((value == TPM_TIMEOUT_ERR) \|\| !(value & TIS_STS_EXPECT)) {
	287	printf("%s:%d TPM command feed overflow\n",
	288	__FILE__, __LINE__);
	289	return TPM_DRIVER_ERR;
	290	}
	291
	292	burst = burst_count(value);
	293	if ((offset == (len - 1)) && burst) {
	294	/*
	295	* We need to be able to send the last byte to the
	296	* device, so burst size must be nonzero before we
	297	* break out.
	298	*/
	299	break;
	300	}
	301	}
	302
	303	/* Send the last byte. */
	304	tpm_write_byte(data[offset++], &lpc_tpm_dev[locality].data);
	305	/*
	306	* Verify that TPM does not expect any more data as part of this
	307	* command.
	308	*/
	309	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
	310	TIS_STS_VALID, TIS_STS_VALID);
	311	if ((value == TPM_TIMEOUT_ERR) \|\| (value & TIS_STS_EXPECT)) {
	312	printf("%s:%d unexpected TPM status 0x%x\n",
	313	__FILE__, __LINE__, value);
	314	return TPM_DRIVER_ERR;
	315	}
	316
	317	/* OK, sitting pretty, let's start the command execution. */
	318	tpm_write_word(TIS_STS_TPM_GO, &lpc_tpm_dev[locality].tpm_status);
	319	return 0;
	320	}
	321
	322	/*
	323	* tis_readresponse()
	324	*
	325	* read the TPM device response after a command was issued.
	326	*
	327	* @buffer - address where to read the response, byte by byte.
	328	* @len - pointer to the size of buffer
	329	*
	330	* On success stores the number of received bytes to len and returns 0. On
	331	* errors (misformatted TPM data or synchronization problems) returns
	332	* TPM_DRIVER_ERR.
	333	*/
	334	static u32 tis_readresponse(u8 buffer, u32 len)
	335	{
	336	u16 burst;
	337	u32 value;
	338	u32 offset = 0;
	339	u8 locality = 0;
	340	const u32 has_data = TIS_STS_DATA_AVAILABLE \| TIS_STS_VALID;
	341	u32 expected_count = *len;
	342	int max_cycles = 0;
343
344	/* Wait for the TPM to process the command. */
345	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
346	has_data, has_data);
347	if (value == TPM_TIMEOUT_ERR) {
348	printf("%s:%d failed processing command\n",
349	__FILE__, __LINE__);
350	return TPM_DRIVER_ERR;
351	}
352
353	do {
354	while ((burst = burst_count(value)) == 0) {
355	if (max_cycles++ == MAX_DELAY_US) {
356	printf("%s:%d TPM stuck on read\n",
357	__FILE__, __LINE__);
358	return TPM_DRIVER_ERR;
359	}
360	udelay(1);
361	value = tpm_read_word(&lpc_tpm_dev
362	[locality].tpm_status);
363	}
364
365	max_cycles = 0;
366
367	while (burst-- && (offset < expected_count)) {
368	buffer[offset++] = tpm_read_byte(&lpc_tpm_dev
369	[locality].data);
370
371	if (offset == 6) {
372	/*
373	* We got the first six bytes of the reply,
374	* let's figure out how many bytes to expect
375	* total - it is stored as a 4 byte number in
376	* network order, starting with offset 2 into
377	* the body of the reply.
378	*/
379	u32 real_length;
380	memcpy(&real_length,
381	buffer + 2,
382	sizeof(real_length));
383	expected_count = be32_to_cpu(real_length);
384
385	if ((expected_count < offset) \|\|
386	(expected_count > *len)) {
387	printf("%s:%d bad response size %d\n",
388	__FILE__, __LINE__,
389	expected_count);
390	return TPM_DRIVER_ERR;
391	}
392	}
393	}
394
395	/* Wait for the next portion. */
396	value = tis_wait_reg(&lpc_tpm_dev[locality].tpm_status,
397	TIS_STS_VALID, TIS_STS_VALID);
398	if (value == TPM_TIMEOUT_ERR) {
399	printf("%s:%d failed to read response\n",
400	__FILE__, __LINE__);
401	return TPM_DRIVER_ERR;
402	}
403
404	if (offset == expected_count)
405	break; /* We got all we needed. */
406
407	} while ((value & has_data) == has_data);
408
409	/*
410	* Make sure we indeed read all there was. The TIS_STS_VALID bit is
411	* known to be set.
412	*/
413	if (value & TIS_STS_DATA_AVAILABLE) {
414	printf("%s:%d wrong receive status %x\n",
415	__FILE__, __LINE__, value);
416	return TPM_DRIVER_ERR;
417	}
418
419	/* Tell the TPM that we are done. */
420	tpm_write_word(TIS_STS_COMMAND_READY, &lpc_tpm_dev
421	[locality].tpm_status);
422	*len = offset;
423	return 0;
424	}
425
426	int tis_open(void)
427	{
428	u8 locality = 0; /* we use locality zero for everything. */
429
5e124724 VB	430	/* now request access to locality. */
	431	tpm_write_word(TIS_ACCESS_REQUEST_USE, &lpc_tpm_dev[locality].access);
	432
	433	/* did we get a lock? */
	434	if (tis_wait_reg(&lpc_tpm_dev[locality].access,
	435	TIS_ACCESS_ACTIVE_LOCALITY,
	436	TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) {
	437	printf("%s:%d - failed to lock locality %d\n",
	438	__FILE__, __LINE__, locality);
	439	return TPM_DRIVER_ERR;
	440	}
	441
	442	tpm_write_word(TIS_STS_COMMAND_READY,
	443	&lpc_tpm_dev[locality].tpm_status);
	444	return 0;
	445	}
	446
	447	int tis_close(void)
	448	{
	449	u8 locality = 0;
	450
	451	if (tpm_read_word(&lpc_tpm_dev[locality].access) &
	452	TIS_ACCESS_ACTIVE_LOCALITY) {
	453	tpm_write_word(TIS_ACCESS_ACTIVE_LOCALITY,
	454	&lpc_tpm_dev[locality].access);
	455
	456	if (tis_wait_reg(&lpc_tpm_dev[locality].access,
	457	TIS_ACCESS_ACTIVE_LOCALITY, 0) ==
	458	TPM_TIMEOUT_ERR) {
	459	printf("%s:%d - failed to release locality %d\n",
	460	__FILE__, __LINE__, locality);
	461	return TPM_DRIVER_ERR;
	462	}
	463	}
	464	return 0;
	465	}
	466
	467	int tis_sendrecv(const u8 *sendbuf, size_t send_size,
	468	u8 recvbuf, size_t recv_len)
	469	{
	470	if (tis_senddata(sendbuf, send_size)) {
	471	printf("%s:%d failed sending data to TPM\n",
	472	__FILE__, __LINE__);
	473	return TPM_DRIVER_ERR;
	474	}
	475
af98a70a	476	return tis_readresponse(recvbuf, (u32 *)recv_len);
5e124724	477	}