tpm_tis_spi_cr50.c source code [linux/drivers/char/tpm/tpm_tis_spi_cr50.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Copyright (C) 2016 Google, Inc
4	*
5	* This device driver implements a TCG PTP FIFO interface over SPI for chips
6	* with Cr50 firmware.
7	* It is based on tpm_tis_spi driver by Peter Huewe and Christophe Ricard.
8	*/
9
10	#include <linux/completion.h>
11	#include <linux/interrupt.h>
12	#include <linux/module.h>
13	#include <linux/of.h>
14	#include <linux/pm.h>
15	#include <linux/spi/spi.h>
16	#include <linux/wait.h>
17
18	#include "tpm_tis_core.h"
19	#include "tpm_tis_spi.h"
20
21	/*
22	* Cr50 timing constants:
23	* - can go to sleep not earlier than after CR50_SLEEP_DELAY_MSEC.
24	* - needs up to CR50_WAKE_START_DELAY_USEC to wake after sleep.
25	* - requires waiting for "ready" IRQ, if supported; or waiting for at least
26	* CR50_NOIRQ_ACCESS_DELAY_MSEC between transactions, if IRQ is not supported.
27	* - waits for up to CR50_FLOW_CONTROL for flow control 'ready' indication.
28	*/
29	#define CR50_SLEEP_DELAY_MSEC 1000
30	#define CR50_WAKE_START_DELAY_USEC 1000
31	#define CR50_NOIRQ_ACCESS_DELAY msecs_to_jiffies(2)
32	#define CR50_READY_IRQ_TIMEOUT msecs_to_jiffies(TPM2_TIMEOUT_A)
33	#define CR50_FLOW_CONTROL msecs_to_jiffies(TPM2_TIMEOUT_A)
34	#define MAX_IRQ_CONFIRMATION_ATTEMPTS 3
35
36	#define TPM_CR50_FW_VER(l) (0x0f90 \| ((l) << 12))
37	#define TPM_CR50_MAX_FW_VER_LEN 64
38
39	/ Default quality for hwrng. /
40	#define TPM_CR50_DEFAULT_RNG_QUALITY 700
41
42	struct cr50_spi_phy {
43	struct tpm_tis_spi_phy spi_phy;
44
45	struct mutex time_track_mutex;
46	unsigned long last_access;
47
48	unsigned long access_delay;
49
50	unsigned int irq_confirmation_attempt;
51	bool irq_needs_confirmation;
52	bool irq_confirmed;
53	};
54
55	static inline struct cr50_spi_phy to_cr50_spi_phy(struct* tpm_tis_spi_phy *phy)
56	{
57	return container_of(phy, struct cr50_spi_phy, spi_phy);
58	}
59
60	/*
61	* The cr50 interrupt handler just signals waiting threads that the
62	* interrupt was asserted. It does not do any processing triggered
63	* by interrupts but is instead used to avoid fixed delays.
64	*/
65	static irqreturn_t cr50_spi_irq_handler(int dummy, void *dev_id)
66	{
67	struct cr50_spi_phy *cr50_phy = dev_id;
68
69	cr50_phy->irq_confirmed = true;
70	complete(&cr50_phy->spi_phy.ready);
71
72	return IRQ_HANDLED;
73	}
74
75	/*
76	* Cr50 needs to have at least some delay between consecutive
77	* transactions. Make sure we wait.
78	*/
79	static void cr50_ensure_access_delay(struct cr50_spi_phy *phy)
80	{
81	unsigned long allowed_access = phy->last_access + phy->access_delay;
82	unsigned long time_now = jiffies;
83	struct device *dev = &phy->spi_phy.spi_device->dev;
84
85	/*
86	* Note: There is a small chance, if Cr50 is not accessed in a few days,
87	* that time_in_range will not provide the correct result after the wrap
88	* around for jiffies. In this case, we'll have an unneeded short delay,
89	* which is fine.
90	*/
91	if (time_in_range_open(time_now, phy->last_access, allowed_access)) {
92	unsigned long remaining, timeout = allowed_access - time_now;
93
94	remaining = wait_for_completion_timeout(x: &phy->spi_phy.ready,
95	timeout);
96	if (!remaining && phy->irq_confirmed)
97	dev_warn(dev, "Timeout waiting for TPM ready IRQ\n");
98	}
99
100	if (phy->irq_needs_confirmation) {
101	unsigned int attempt = ++phy->irq_confirmation_attempt;
102
103	if (phy->irq_confirmed) {
104	phy->irq_needs_confirmation = false;
105	phy->access_delay = CR50_READY_IRQ_TIMEOUT;
106	dev_info(dev, "TPM ready IRQ confirmed on attempt %u\n",
107	attempt);
108	} else if (attempt > MAX_IRQ_CONFIRMATION_ATTEMPTS) {
109	phy->irq_needs_confirmation = false;
110	dev_warn(dev, "IRQ not confirmed - will use delays\n");
111	}
112	}
113	}
114
115	/*
116	* Cr50 might go to sleep if there is no SPI activity for some time and
117	* miss the first few bits/bytes on the bus. In such case, wake it up
118	* by asserting CS and give it time to start up.
119	*/
120	static bool cr50_needs_waking(struct cr50_spi_phy *phy)
121	{
122	/*
123	* Note: There is a small chance, if Cr50 is not accessed in a few days,
124	* that time_in_range will not provide the correct result after the wrap
125	* around for jiffies. In this case, we'll probably timeout or read
126	* incorrect value from TPM_STS and just retry the operation.
127	*/
128	return !time_in_range_open(jiffies, phy->last_access,
129	phy->spi_phy.wake_after);
130	}
131
132	static void cr50_wake_if_needed(struct cr50_spi_phy *cr50_phy)
133	{
134	struct tpm_tis_spi_phy *phy = &cr50_phy->spi_phy;
135
136	if (cr50_needs_waking(phy: cr50_phy)) {
137	/ Assert CS, wait 1 msec, deassert CS /
138	struct spi_transfer spi_cs_wake = {
139	.delay = {
140	.value = `1000`,
141	.unit = SPI_DELAY_UNIT_USECS
142	}
143	};
144
145	spi_sync_transfer(spi: phy->spi_device, xfers: &spi_cs_wake, num_xfers: `1`);
146	/ Wait for it to fully wake /
147	usleep_range(CR50_WAKE_START_DELAY_USEC,
148	CR50_WAKE_START_DELAY_USEC * `2`);
149	}
150
151	/ Reset the time when we need to wake Cr50 again /
152	phy->wake_after = jiffies + msecs_to_jiffies(CR50_SLEEP_DELAY_MSEC);
153	}
154
155	/*
156	* Flow control: clock the bus and wait for cr50 to set LSB before
157	* sending/receiving data. TCG PTP spec allows it to happen during
158	* the last byte of header, but cr50 never does that in practice,
159	* and earlier versions had a bug when it was set too early, so don't
160	* check for it during header transfer.
161	*/
162	static int cr50_spi_flow_control(struct tpm_tis_spi_phy *phy,
163	struct spi_transfer *spi_xfer)
164	{
165	struct device *dev = &phy->spi_device->dev;
166	unsigned long timeout = jiffies + CR50_FLOW_CONTROL;
167	struct spi_message m;
168	int ret;
169
170	spi_xfer->len = `1`;
171
172	do {
173	spi_message_init(m: &m);
174	spi_message_add_tail(t: spi_xfer, m: &m);
175	ret = spi_sync_locked(spi: phy->spi_device, message: &m);
176	if (ret < `0`)
177	return ret;
178
179	if (time_after(jiffies, timeout)) {
180	dev_warn(dev, "Timeout during flow control\n");
181	return -EBUSY;
182	}
183	} while (!(phy->iobuf[`0`] & `0x01`));
184
185	return `0`;
186	}
187
188	static bool tpm_cr50_spi_is_firmware_power_managed(struct device *dev)
189	{
190	u8 val;
191	int ret;
192
193	/ This flag should default true when the device property is not present /
194	ret = device_property_read_u8(dev, propname: "firmware-power-managed", val: &val);
195	if (ret)
196	return true;
197
198	return val;
199	}
200
201	static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 len,
202	u8 in, const* u8 *out)
203	{
204	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
205	struct cr50_spi_phy *cr50_phy = to_cr50_spi_phy(phy);
206	int ret;
207
208	mutex_lock(&cr50_phy->time_track_mutex);
209	/*
210	* Do this outside of spi_bus_lock in case cr50 is not the
211	* only device on that spi bus.
212	*/
213	cr50_ensure_access_delay(phy: cr50_phy);
214	cr50_wake_if_needed(cr50_phy);
215
216	ret = tpm_tis_spi_transfer(data, addr, len, in, out);
217
218	cr50_phy->last_access = jiffies;
219	mutex_unlock(lock: &cr50_phy->time_track_mutex);
220
221	return ret;
222	}
223
224	static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr,
225	u16 len, u8 result, enum* tpm_tis_io_mode io_mode)
226	{
227	return tpm_tis_spi_cr50_transfer(data, addr, len, in: result, NULL);
228	}
229
230	static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr,
231	u16 len, const u8 value, enum* tpm_tis_io_mode io_mode)
232	{
233	return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, out: value);
234	}
235
236	static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = {
237	.read_bytes = tpm_tis_spi_cr50_read_bytes,
238	.write_bytes = tpm_tis_spi_cr50_write_bytes,
239	};
240
241	static void cr50_print_fw_version(struct tpm_tis_data *data)
242	{
243	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
244	int i, len = `0`;
245	char fw_ver[TPM_CR50_MAX_FW_VER_LEN + `1`];
246	char fw_ver_block[`4`];
247
248	/*
249	* Write anything to TPM_CR50_FW_VER to start from the beginning
250	* of the version string
251	*/
252	tpm_tis_write8(data, TPM_CR50_FW_VER(data->locality), value: `0`);
253
254	/ Read the string, 4 bytes at a time, until we get '\0' /
255	do {
256	tpm_tis_read_bytes(data, TPM_CR50_FW_VER(data->locality), len: `4`,
257	result: fw_ver_block);
258	for (i = `0`; i < `4` && fw_ver_block[i]; ++len, ++i)
259	fw_ver[len] = fw_ver_block[i];
260	} while (i == `4` && len < TPM_CR50_MAX_FW_VER_LEN);
261	fw_ver[len] = `'\0'`;
262
263	dev_info(&phy->spi_device->dev, "Cr50 firmware version: %s\n", fw_ver);
264	}
265
266	int cr50_spi_probe(struct spi_device *spi)
267	{
268	struct tpm_tis_spi_phy *phy;
269	struct cr50_spi_phy *cr50_phy;
270	int ret;
271	struct tpm_chip *chip;
272
273	cr50_phy = devm_kzalloc(dev: &spi->dev, size: sizeof(*cr50_phy), GFP_KERNEL);
274	if (!cr50_phy)
275	return -ENOMEM;
276
277	phy = &cr50_phy->spi_phy;
278	phy->flow_control = cr50_spi_flow_control;
279	phy->wake_after = jiffies;
280	phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY;
281	init_completion(x: &phy->ready);
282
283	cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY;
284	cr50_phy->last_access = jiffies;
285	mutex_init(&cr50_phy->time_track_mutex);
286
287	if (spi->irq > `0`) {
288	ret = devm_request_irq(dev: &spi->dev, irq: spi->irq,
289	handler: cr50_spi_irq_handler,
290	IRQF_TRIGGER_RISING \| IRQF_ONESHOT,
291	devname: "cr50_spi", dev_id: cr50_phy);
292	if (ret < `0`) {
293	if (ret == -EPROBE_DEFER)
294	return ret;
295	dev_warn(&spi->dev, "Requesting IRQ %d failed: %d\n",
296	spi->irq, ret);
297	/*
298	* This is not fatal, the driver will fall back to
299	* delays automatically, since ready will never
300	* be completed without a registered irq handler.
301	* So, just fall through.
302	*/
303	} else {
304	/*
305	* IRQ requested, let's verify that it is actually
306	* triggered, before relying on it.
307	*/
308	cr50_phy->irq_needs_confirmation = true;
309	}
310	} else {
311	dev_warn(&spi->dev,
312	"No IRQ - will use delays between transactions.\n");
313	}
314
315	ret = tpm_tis_spi_init(spi, phy, irq: -`1`, phy_ops: &tpm_spi_cr50_phy_ops);
316	if (ret)
317	return ret;
318
319	cr50_print_fw_version(data: &phy->priv);
320
321	chip = dev_get_drvdata(dev: &spi->dev);
322	if (tpm_cr50_spi_is_firmware_power_managed(dev: &spi->dev))
323	chip->flags \|= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED;
324
325	return `0`;
326	}
327
328	#ifdef CONFIG_PM_SLEEP
329	int tpm_tis_spi_resume(struct device *dev)
330	{
331	struct tpm_chip *chip = dev_get_drvdata(dev);
332	struct tpm_tis_data *data = dev_get_drvdata(dev: &chip->dev);
333	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
334	/*
335	* Jiffies not increased during suspend, so we need to reset
336	* the time to wake Cr50 after resume.
337	*/
338	phy->wake_after = jiffies;
339
340	return tpm_tis_resume(dev);
341	}
342	#endif
343

source code of linux/drivers/char/tpm/tpm_tis_spi_cr50.c