2 * tpm_tis.c - QEMU's TPM TIS interface emulator
4 * Copyright (C) 2006,2010-2013 IBM Corporation
12 * This work is licensed under the terms of the GNU GPL, version 2 or later.
13 * See the COPYING file in the top-level directory.
15 * Implementation of the TIS interface according to specs found at
16 * http://www.trustedcomputinggroup.org. This implementation currently
17 * supports version 1.21, revision 1.0.
18 * In the developers menu choose the PC Client section then find the TIS
22 #include "sysemu/tpm_backend.h"
24 #include "block/block.h"
25 #include "exec/address-spaces.h"
27 #include "hw/i386/pc.h"
28 #include "hw/pci/pci_ids.h"
30 #include "qemu-common.h"
31 #include "qemu/main-loop.h"
33 /*#define DEBUG_TIS */
36 #define DPRINTF(fmt, ...) \
37 do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
39 #define DPRINTF(fmt, ...) \
43 /* whether the STS interrupt is supported */
47 #define TPM_TIS_REG_ACCESS 0x00
48 #define TPM_TIS_REG_INT_ENABLE 0x08
49 #define TPM_TIS_REG_INT_VECTOR 0x0c
50 #define TPM_TIS_REG_INT_STATUS 0x10
51 #define TPM_TIS_REG_INTF_CAPABILITY 0x14
52 #define TPM_TIS_REG_STS 0x18
53 #define TPM_TIS_REG_DATA_FIFO 0x24
54 #define TPM_TIS_REG_DID_VID 0xf00
55 #define TPM_TIS_REG_RID 0xf04
57 /* vendor-specific registers */
58 #define TPM_TIS_REG_DEBUG 0xf90
60 #define TPM_TIS_STS_VALID (1 << 7)
61 #define TPM_TIS_STS_COMMAND_READY (1 << 6)
62 #define TPM_TIS_STS_TPM_GO (1 << 5)
63 #define TPM_TIS_STS_DATA_AVAILABLE (1 << 4)
64 #define TPM_TIS_STS_EXPECT (1 << 3)
65 #define TPM_TIS_STS_RESPONSE_RETRY (1 << 1)
67 #define TPM_TIS_BURST_COUNT_SHIFT 8
68 #define TPM_TIS_BURST_COUNT(X) \
69 ((X) << TPM_TIS_BURST_COUNT_SHIFT)
71 #define TPM_TIS_ACCESS_TPM_REG_VALID_STS (1 << 7)
72 #define TPM_TIS_ACCESS_ACTIVE_LOCALITY (1 << 5)
73 #define TPM_TIS_ACCESS_BEEN_SEIZED (1 << 4)
74 #define TPM_TIS_ACCESS_SEIZE (1 << 3)
75 #define TPM_TIS_ACCESS_PENDING_REQUEST (1 << 2)
76 #define TPM_TIS_ACCESS_REQUEST_USE (1 << 1)
77 #define TPM_TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0)
79 #define TPM_TIS_INT_ENABLED (1 << 31)
80 #define TPM_TIS_INT_DATA_AVAILABLE (1 << 0)
81 #define TPM_TIS_INT_STS_VALID (1 << 1)
82 #define TPM_TIS_INT_LOCALITY_CHANGED (1 << 2)
83 #define TPM_TIS_INT_COMMAND_READY (1 << 7)
85 #define TPM_TIS_INT_POLARITY_MASK (3 << 3)
86 #define TPM_TIS_INT_POLARITY_LOW_LEVEL (1 << 3)
90 #define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
91 TPM_TIS_INT_DATA_AVAILABLE | \
92 TPM_TIS_INT_COMMAND_READY)
96 #define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
97 TPM_TIS_INT_DATA_AVAILABLE | \
98 TPM_TIS_INT_STS_VALID | \
99 TPM_TIS_INT_COMMAND_READY)
103 #define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */
104 #define TPM_TIS_CAPABILITIES_SUPPORTED (TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
105 TPM_TIS_INTERRUPTS_SUPPORTED)
107 #define TPM_TIS_TPM_DID 0x0001
108 #define TPM_TIS_TPM_VID PCI_VENDOR_ID_IBM
109 #define TPM_TIS_TPM_RID 0x0001
111 #define TPM_TIS_NO_DATA_BYTE 0xff
113 /* local prototypes */
115 static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
118 /* utility functions */
120 static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
122 return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
125 static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb)
127 return be32_to_cpu(*(uint32_t *)&sb->buffer[2]);
130 static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string)
135 len = tpm_tis_get_size_from_buffer(sb);
136 DPRINTF("tpm_tis: %s length = %d\n", string, len);
137 for (i = 0; i < len; i++) {
138 if (i && !(i % 16)) {
141 DPRINTF("%.2X ", sb->buffer[i]);
148 * Send a request to the TPM.
150 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
152 TPMTISEmuState *tis = &s->s.tis;
154 tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM");
156 s->locty_number = locty;
157 s->locty_data = &tis->loc[locty];
160 * w_offset serves as length indicator for length of data;
161 * it's reset when the response comes back
163 tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
165 tpm_backend_deliver_request(s->be_driver);
168 /* raise an interrupt if allowed */
169 static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
171 TPMTISEmuState *tis = &s->s.tis;
173 if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
177 if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
178 (tis->loc[locty].inte & irqmask)) {
179 DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask);
180 qemu_irq_raise(s->s.tis.irq);
181 tis->loc[locty].ints |= irqmask;
185 static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
189 for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
193 if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
201 static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
203 TPMTISEmuState *tis = &s->s.tis;
204 bool change = (s->s.tis.active_locty != new_active_locty);
208 if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) {
209 is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
210 tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
213 mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
215 mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY|
216 TPM_TIS_ACCESS_REQUEST_USE);
218 /* reset flags on the old active locality */
219 tis->loc[s->s.tis.active_locty].access &= mask;
222 tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
226 tis->active_locty = new_active_locty;
228 DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty);
230 if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
231 /* set flags on the new active locality */
232 tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
233 tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
234 TPM_TIS_ACCESS_SEIZE);
238 tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
242 /* abort -- this function switches the locality */
243 static void tpm_tis_abort(TPMState *s, uint8_t locty)
245 TPMTISEmuState *tis = &s->s.tis;
247 tis->loc[locty].r_offset = 0;
248 tis->loc[locty].w_offset = 0;
250 DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty);
253 * Need to react differently depending on who's aborting now and
254 * which locality will become active afterwards.
256 if (tis->aborting_locty == tis->next_locty) {
257 tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY;
258 tis->loc[tis->aborting_locty].sts = TPM_TIS_STS_COMMAND_READY;
259 tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY);
262 /* locality after abort is another one than the current one */
263 tpm_tis_new_active_locality(s, tis->next_locty);
265 tis->next_locty = TPM_TIS_NO_LOCALITY;
266 /* nobody's aborting a command anymore */
267 tis->aborting_locty = TPM_TIS_NO_LOCALITY;
270 /* prepare aborting current command */
271 static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
273 TPMTISEmuState *tis = &s->s.tis;
276 tis->aborting_locty = locty;
277 tis->next_locty = newlocty; /* locality after successful abort */
280 * only abort a command using an interrupt if currently executing
281 * a command AND if there's a valid connection to the vTPM.
283 for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) {
284 if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
286 * request the backend to cancel. Some backends may not
289 tpm_backend_cancel_cmd(s->be_driver);
294 tpm_tis_abort(s, locty);
297 static void tpm_tis_receive_bh(void *opaque)
299 TPMState *s = opaque;
300 TPMTISEmuState *tis = &s->s.tis;
301 uint8_t locty = s->locty_number;
303 tis->loc[locty].sts = TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE;
304 tis->loc[locty].state = TPM_TIS_STATE_COMPLETION;
305 tis->loc[locty].r_offset = 0;
306 tis->loc[locty].w_offset = 0;
308 if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) {
309 tpm_tis_abort(s, locty);
312 #ifndef RAISE_STS_IRQ
313 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE);
315 tpm_tis_raise_irq(s, locty,
316 TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
321 * Callback from the TPM to indicate that the response was received.
323 static void tpm_tis_receive_cb(TPMState *s, uint8_t locty)
325 TPMTISEmuState *tis = &s->s.tis;
327 assert(s->locty_number == locty);
329 qemu_bh_schedule(tis->bh);
333 * Read a byte of response data
335 static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
337 TPMTISEmuState *tis = &s->s.tis;
338 uint32_t ret = TPM_TIS_NO_DATA_BYTE;
341 if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
342 len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
344 ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++];
345 if (tis->loc[locty].r_offset >= len) {
347 tis->loc[locty].sts = TPM_TIS_STS_VALID;
349 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
352 DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x [%d]\n",
353 ret, tis->loc[locty].r_offset-1);
360 static void tpm_tis_dump_state(void *opaque, hwaddr addr)
362 static const unsigned regs[] = {
364 TPM_TIS_REG_INT_ENABLE,
365 TPM_TIS_REG_INT_VECTOR,
366 TPM_TIS_REG_INT_STATUS,
367 TPM_TIS_REG_INTF_CAPABILITY,
373 uint8_t locty = tpm_tis_locality_from_addr(addr);
374 hwaddr base = addr & ~0xfff;
375 TPMState *s = opaque;
376 TPMTISEmuState *tis = &s->s.tis;
378 DPRINTF("tpm_tis: active locality : %d\n"
379 "tpm_tis: state of locality %d : %d\n"
380 "tpm_tis: register dump:\n",
382 locty, tis->loc[locty].state);
384 for (idx = 0; regs[idx] != 0xfff; idx++) {
385 DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
386 (uint32_t)tpm_tis_mmio_read(opaque, base + regs[idx], 4));
389 DPRINTF("tpm_tis: read offset : %d\n"
390 "tpm_tis: result buffer : ",
391 tis->loc[locty].r_offset);
393 idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer);
396 tis->loc[locty].r_offset == idx ? '>' : ' ',
397 tis->loc[locty].r_buffer.buffer[idx],
398 ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : "");
401 "tpm_tis: write offset : %d\n"
402 "tpm_tis: request buffer: ",
403 tis->loc[locty].w_offset);
405 idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
408 tis->loc[locty].w_offset == idx ? '>' : ' ',
409 tis->loc[locty].w_buffer.buffer[idx],
410 ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : "");
417 * Read a register of the TIS interface
418 * See specs pages 33-63 for description of the registers
420 static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
423 TPMState *s = opaque;
424 TPMTISEmuState *tis = &s->s.tis;
425 uint16_t offset = addr & 0xffc;
426 uint8_t shift = (addr & 0x3) * 8;
427 uint32_t val = 0xffffffff;
428 uint8_t locty = tpm_tis_locality_from_addr(addr);
431 if (tpm_backend_had_startup_error(s->be_driver)) {
436 case TPM_TIS_REG_ACCESS:
437 /* never show the SEIZE flag even though we use it internally */
438 val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
439 /* the pending flag is always calculated */
440 if (tpm_tis_check_request_use_except(s, locty)) {
441 val |= TPM_TIS_ACCESS_PENDING_REQUEST;
443 val |= !tpm_backend_get_tpm_established_flag(s->be_driver);
445 case TPM_TIS_REG_INT_ENABLE:
446 val = tis->loc[locty].inte;
448 case TPM_TIS_REG_INT_VECTOR:
451 case TPM_TIS_REG_INT_STATUS:
452 val = tis->loc[locty].ints;
454 case TPM_TIS_REG_INTF_CAPABILITY:
455 val = TPM_TIS_CAPABILITIES_SUPPORTED;
457 case TPM_TIS_REG_STS:
458 if (tis->active_locty == locty) {
459 if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
460 val = TPM_TIS_BURST_COUNT(
461 tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer)
462 - tis->loc[locty].r_offset) | tis->loc[locty].sts;
464 avail = tis->loc[locty].w_buffer.size
465 - tis->loc[locty].w_offset;
467 * byte-sized reads should not return 0x00 for 0x100
470 if (size == 1 && avail > 0xff) {
473 val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts;
477 case TPM_TIS_REG_DATA_FIFO:
478 if (tis->active_locty == locty) {
479 switch (tis->loc[locty].state) {
480 case TPM_TIS_STATE_COMPLETION:
481 val = tpm_tis_data_read(s, locty);
484 val = TPM_TIS_NO_DATA_BYTE;
489 case TPM_TIS_REG_DID_VID:
490 val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID;
492 case TPM_TIS_REG_RID:
493 val = TPM_TIS_TPM_RID;
496 case TPM_TIS_REG_DEBUG:
497 tpm_tis_dump_state(opaque, addr);
506 DPRINTF("tpm_tis: read.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val);
512 * Write a value to a register of the TIS interface
513 * See specs pages 33-63 for description of the registers
515 static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr,
516 uint64_t val, unsigned size,
519 TPMState *s = opaque;
520 TPMTISEmuState *tis = &s->s.tis;
521 uint16_t off = addr & 0xfff;
522 uint8_t locty = tpm_tis_locality_from_addr(addr);
523 uint8_t active_locty, l;
524 int c, set_new_locty = 1;
527 DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val);
529 if (locty == 4 && !hw_access) {
530 DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n");
534 if (tpm_backend_had_startup_error(s->be_driver)) {
539 case TPM_TIS_REG_ACCESS:
541 if ((val & TPM_TIS_ACCESS_SEIZE)) {
542 val &= ~(TPM_TIS_ACCESS_REQUEST_USE |
543 TPM_TIS_ACCESS_ACTIVE_LOCALITY);
546 active_locty = tis->active_locty;
548 if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) {
549 /* give up locality if currently owned */
550 if (tis->active_locty == locty) {
551 DPRINTF("tpm_tis: Releasing locality %d\n", locty);
553 uint8_t newlocty = TPM_TIS_NO_LOCALITY;
554 /* anybody wants the locality ? */
555 for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) {
556 if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
557 DPRINTF("tpm_tis: Locality %d requests use.\n", c);
562 DPRINTF("tpm_tis: TPM_TIS_ACCESS_ACTIVE_LOCALITY: "
563 "Next active locality: %d\n",
566 if (TPM_TIS_IS_VALID_LOCTY(newlocty)) {
568 tpm_tis_prep_abort(s, locty, newlocty);
570 active_locty = TPM_TIS_NO_LOCALITY;
573 /* not currently the owner; clear a pending request */
574 tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
578 if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) {
579 tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
582 if ((val & TPM_TIS_ACCESS_SEIZE)) {
584 * allow seize if a locality is active and the requesting
585 * locality is higher than the one that's active
587 * allow seize for requesting locality if no locality is
590 while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) &&
591 locty > tis->active_locty) ||
592 !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
593 bool higher_seize = FALSE;
595 /* already a pending SEIZE ? */
596 if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
600 /* check for ongoing seize by a higher locality */
601 for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
602 if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
612 /* cancel any seize by a lower locality */
613 for (l = 0; l < locty - 1; l++) {
614 tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
617 tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
618 DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: "
619 "Locality %d seized from locality %d\n",
620 locty, tis->active_locty);
621 DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n");
623 tpm_tis_prep_abort(s, tis->active_locty, locty);
628 if ((val & TPM_TIS_ACCESS_REQUEST_USE)) {
629 if (tis->active_locty != locty) {
630 if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) {
631 tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
633 /* no locality active -> make this one active now */
634 active_locty = locty;
640 tpm_tis_new_active_locality(s, active_locty);
644 case TPM_TIS_REG_INT_ENABLE:
645 if (tis->active_locty != locty) {
649 tis->loc[locty].inte = (val & (TPM_TIS_INT_ENABLED |
650 TPM_TIS_INT_POLARITY_MASK |
651 TPM_TIS_INTERRUPTS_SUPPORTED));
653 case TPM_TIS_REG_INT_VECTOR:
654 /* hard wired -- ignore */
656 case TPM_TIS_REG_INT_STATUS:
657 if (tis->active_locty != locty) {
661 /* clearing of interrupt flags */
662 if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
663 (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
664 tis->loc[locty].ints &= ~val;
665 if (tis->loc[locty].ints == 0) {
666 qemu_irq_lower(tis->irq);
667 DPRINTF("tpm_tis: Lowering IRQ\n");
670 tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
672 case TPM_TIS_REG_STS:
673 if (tis->active_locty != locty) {
677 val &= (TPM_TIS_STS_COMMAND_READY | TPM_TIS_STS_TPM_GO |
678 TPM_TIS_STS_RESPONSE_RETRY);
680 if (val == TPM_TIS_STS_COMMAND_READY) {
681 switch (tis->loc[locty].state) {
683 case TPM_TIS_STATE_READY:
684 tis->loc[locty].w_offset = 0;
685 tis->loc[locty].r_offset = 0;
688 case TPM_TIS_STATE_IDLE:
689 tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY;
690 tis->loc[locty].state = TPM_TIS_STATE_READY;
691 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
694 case TPM_TIS_STATE_EXECUTION:
695 case TPM_TIS_STATE_RECEPTION:
696 /* abort currently running command */
697 DPRINTF("tpm_tis: %s: Initiating abort.\n",
699 tpm_tis_prep_abort(s, locty, locty);
702 case TPM_TIS_STATE_COMPLETION:
703 tis->loc[locty].w_offset = 0;
704 tis->loc[locty].r_offset = 0;
705 /* shortcut to ready state with C/R set */
706 tis->loc[locty].state = TPM_TIS_STATE_READY;
707 if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
708 tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY;
709 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
711 tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
715 } else if (val == TPM_TIS_STS_TPM_GO) {
716 switch (tis->loc[locty].state) {
717 case TPM_TIS_STATE_RECEPTION:
718 if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
719 tpm_tis_tpm_send(s, locty);
726 } else if (val == TPM_TIS_STS_RESPONSE_RETRY) {
727 switch (tis->loc[locty].state) {
728 case TPM_TIS_STATE_COMPLETION:
729 tis->loc[locty].r_offset = 0;
730 tis->loc[locty].sts = TPM_TIS_STS_VALID |
731 TPM_TIS_STS_DATA_AVAILABLE;
739 case TPM_TIS_REG_DATA_FIFO:
741 if (tis->active_locty != locty) {
745 if (tis->loc[locty].state == TPM_TIS_STATE_IDLE ||
746 tis->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
747 tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
750 DPRINTF("tpm_tis: Byte to send to TPM: %02x\n", (uint8_t)val);
751 if (tis->loc[locty].state == TPM_TIS_STATE_READY) {
752 tis->loc[locty].state = TPM_TIS_STATE_RECEPTION;
753 tis->loc[locty].sts = TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID;
756 if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
757 if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) {
758 tis->loc[locty].w_buffer.
759 buffer[tis->loc[locty].w_offset++] = (uint8_t)val;
761 tis->loc[locty].sts = TPM_TIS_STS_VALID;
765 /* check for complete packet */
766 if (tis->loc[locty].w_offset > 5 &&
767 (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
768 /* we have a packet length - see if we have all of it */
770 bool needIrq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
772 len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer);
773 if (len > tis->loc[locty].w_offset) {
774 tis->loc[locty].sts = TPM_TIS_STS_EXPECT |
777 /* packet complete */
778 tis->loc[locty].sts = TPM_TIS_STS_VALID;
782 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
791 static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
792 uint64_t val, unsigned size)
794 return tpm_tis_mmio_write_intern(opaque, addr, val, size, false);
797 static const MemoryRegionOps tpm_tis_memory_ops = {
798 .read = tpm_tis_mmio_read,
799 .write = tpm_tis_mmio_write,
800 .endianness = DEVICE_LITTLE_ENDIAN,
802 .min_access_size = 1,
803 .max_access_size = 4,
807 static int tpm_tis_do_startup_tpm(TPMState *s)
809 return tpm_backend_startup_tpm(s->be_driver);
813 * This function is called when the machine starts, resets or due to
816 static void tpm_tis_reset(DeviceState *dev)
818 TPMState *s = TPM(dev);
819 TPMTISEmuState *tis = &s->s.tis;
822 tpm_backend_reset(s->be_driver);
824 tis->active_locty = TPM_TIS_NO_LOCALITY;
825 tis->next_locty = TPM_TIS_NO_LOCALITY;
826 tis->aborting_locty = TPM_TIS_NO_LOCALITY;
828 for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) {
829 tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
831 tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
832 tis->loc[c].ints = 0;
833 tis->loc[c].state = TPM_TIS_STATE_IDLE;
835 tis->loc[c].w_offset = 0;
836 tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].w_buffer);
837 tis->loc[c].r_offset = 0;
838 tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].r_buffer);
841 tpm_tis_do_startup_tpm(s);
844 static const VMStateDescription vmstate_tpm_tis = {
849 static Property tpm_tis_properties[] = {
850 DEFINE_PROP_UINT32("irq", TPMState,
851 s.tis.irq_num, TPM_TIS_IRQ),
852 DEFINE_PROP_STRING("tpmdev", TPMState, backend),
853 DEFINE_PROP_END_OF_LIST(),
856 static void tpm_tis_realizefn(DeviceState *dev, Error **errp)
858 TPMState *s = TPM(dev);
859 TPMTISEmuState *tis = &s->s.tis;
861 s->be_driver = qemu_find_tpm(s->backend);
863 error_setg(errp, "tpm_tis: backend driver with id %s could not be "
864 "found", s->backend);
868 s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
870 if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) {
871 error_setg(errp, "tpm_tis: backend driver with id %s could not be "
872 "initialized", s->backend);
876 if (tis->irq_num > 15) {
877 error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range "
878 "of 0 to 15.\n", tis->irq_num);
882 tis->bh = qemu_bh_new(tpm_tis_receive_bh, s);
884 isa_init_irq(&s->busdev, &tis->irq, tis->irq_num);
887 static void tpm_tis_initfn(Object *obj)
889 ISADevice *dev = ISA_DEVICE(obj);
890 TPMState *s = TPM(obj);
892 memory_region_init_io(&s->mmio, OBJECT(s), &tpm_tis_memory_ops,
894 TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT);
895 memory_region_add_subregion(isa_address_space(dev), TPM_TIS_ADDR_BASE,
899 static void tpm_tis_uninitfn(Object *obj)
901 TPMState *s = TPM(obj);
903 memory_region_del_subregion(get_system_memory(), &s->mmio);
904 memory_region_destroy(&s->mmio);
907 static void tpm_tis_class_init(ObjectClass *klass, void *data)
909 DeviceClass *dc = DEVICE_CLASS(klass);
911 dc->realize = tpm_tis_realizefn;
912 dc->props = tpm_tis_properties;
913 dc->reset = tpm_tis_reset;
914 dc->vmsd = &vmstate_tpm_tis;
917 static const TypeInfo tpm_tis_info = {
918 .name = TYPE_TPM_TIS,
919 .parent = TYPE_ISA_DEVICE,
920 .instance_size = sizeof(TPMState),
921 .instance_init = tpm_tis_initfn,
922 .instance_finalize = tpm_tis_uninitfn,
923 .class_init = tpm_tis_class_init,
926 static void tpm_tis_register(void)
928 type_register_static(&tpm_tis_info);
929 tpm_register_model(TPM_MODEL_TPM_TIS);
932 type_init(tpm_tis_register)
projects / qemu.git / blob