summaryrefslogtreecommitdiffstats
path: root/drivers/char/tpm/tpm_tis_spi_cr50.c
blob: f4937280e940615d5ad9c9dee61c31d1435e6304 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (C) 2016 Google, Inc
 *
 * This device driver implements a TCG PTP FIFO interface over SPI for chips
 * with Cr50 firmware.
 * It is based on tpm_tis_spi driver by Peter Huewe and Christophe Ricard.
 */

#include <linux/completion.h>
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/of.h>
#include <linux/pm.h>
#include <linux/spi/spi.h>
#include <linux/wait.h>

#include "tpm_tis_core.h"
#include "tpm_tis_spi.h"

/*
 * Cr50 timing constants:
 * - can go to sleep not earlier than after CR50_SLEEP_DELAY_MSEC.
 * - needs up to CR50_WAKE_START_DELAY_USEC to wake after sleep.
 * - requires waiting for "ready" IRQ, if supported; or waiting for at least
 *   CR50_NOIRQ_ACCESS_DELAY_MSEC between transactions, if IRQ is not supported.
 * - waits for up to CR50_FLOW_CONTROL for flow control 'ready' indication.
 */
#define CR50_SLEEP_DELAY_MSEC			1000
#define CR50_WAKE_START_DELAY_USEC		1000
#define CR50_NOIRQ_ACCESS_DELAY			msecs_to_jiffies(2)
#define CR50_READY_IRQ_TIMEOUT			msecs_to_jiffies(TPM2_TIMEOUT_A)
#define CR50_FLOW_CONTROL			msecs_to_jiffies(TPM2_TIMEOUT_A)
#define MAX_IRQ_CONFIRMATION_ATTEMPTS		3

#define TPM_CR50_FW_VER(l)			(0x0f90 | ((l) << 12))
#define TPM_CR50_MAX_FW_VER_LEN			64

/* Default quality for hwrng. */
#define TPM_CR50_DEFAULT_RNG_QUALITY		700

struct cr50_spi_phy {
	struct tpm_tis_spi_phy spi_phy;

	struct mutex time_track_mutex;
	unsigned long last_access;

	unsigned long access_delay;

	unsigned int irq_confirmation_attempt;
	bool irq_needs_confirmation;
	bool irq_confirmed;
};

static inline struct cr50_spi_phy *to_cr50_spi_phy(struct tpm_tis_spi_phy *phy)
{
	return container_of(phy, struct cr50_spi_phy, spi_phy);
}

/*
 * The cr50 interrupt handler just signals waiting threads that the
 * interrupt was asserted.  It does not do any processing triggered
 * by interrupts but is instead used to avoid fixed delays.
 */
static irqreturn_t cr50_spi_irq_handler(int dummy, void *dev_id)
{
	struct cr50_spi_phy *cr50_phy = dev_id;

	cr50_phy->irq_confirmed = true;
	complete(&cr50_phy->spi_phy.ready);

	return IRQ_HANDLED;
}

/*
 * Cr50 needs to have at least some delay between consecutive
 * transactions. Make sure we wait.
 */
static void cr50_ensure_access_delay(struct cr50_spi_phy *phy)
{
	unsigned long allowed_access = phy->last_access + phy->access_delay;
	unsigned long time_now = jiffies;
	struct device *dev = &phy->spi_phy.spi_device->dev;

	/*
	 * Note: There is a small chance, if Cr50 is not accessed in a few days,
	 * that time_in_range will not provide the correct result after the wrap
	 * around for jiffies. In this case, we'll have an unneeded short delay,
	 * which is fine.
	 */
	if (time_in_range_open(time_now, phy->last_access, allowed_access)) {
		unsigned long remaining, timeout = allowed_access - time_now;

		remaining = wait_for_completion_timeout(&phy->spi_phy.ready,
							timeout);
		if (!remaining && phy->irq_confirmed)
			dev_warn(dev, "Timeout waiting for TPM ready IRQ\n");
	}

	if (phy->irq_needs_confirmation) {
		unsigned int attempt = ++phy->irq_confirmation_attempt;

		if (phy->irq_confirmed) {
			phy->irq_needs_confirmation = false;
			phy->access_delay = CR50_READY_IRQ_TIMEOUT;
			dev_info(dev, "TPM ready IRQ confirmed on attempt %u\n",
				 attempt);
		} else if (attempt > MAX_IRQ_CONFIRMATION_ATTEMPTS) {
			phy->irq_needs_confirmation = false;
			dev_warn(dev, "IRQ not confirmed - will use delays\n");
		}
	}
}

/*
 * Cr50 might go to sleep if there is no SPI activity for some time and
 * miss the first few bits/bytes on the bus. In such case, wake it up
 * by asserting CS and give it time to start up.
 */
static bool cr50_needs_waking(struct cr50_spi_phy *phy)
{
	/*
	 * Note: There is a small chance, if Cr50 is not accessed in a few days,
	 * that time_in_range will not provide the correct result after the wrap
	 * around for jiffies. In this case, we'll probably timeout or read
	 * incorrect value from TPM_STS and just retry the operation.
	 */
	return !time_in_range_open(jiffies, phy->last_access,
				   phy->spi_phy.wake_after);
}

static void cr50_wake_if_needed(struct cr50_spi_phy *cr50_phy)
{
	struct tpm_tis_spi_phy *phy = &cr50_phy->spi_phy;

	if (cr50_needs_waking(cr50_phy)) {
		/* Assert CS, wait 1 msec, deassert CS */
		struct spi_transfer spi_cs_wake = {
			.delay = {
				.value = 1000,
				.unit = SPI_DELAY_UNIT_USECS
			}
		};

		spi_sync_transfer(phy->spi_device, &spi_cs_wake, 1);
		/* Wait for it to fully wake */
		usleep_range(CR50_WAKE_START_DELAY_USEC,
			     CR50_WAKE_START_DELAY_USEC * 2);
	}

	/* Reset the time when we need to wake Cr50 again */
	phy->wake_after = jiffies + msecs_to_jiffies(CR50_SLEEP_DELAY_MSEC);
}

/*
 * Flow control: clock the bus and wait for cr50 to set LSB before
 * sending/receiving data. TCG PTP spec allows it to happen during
 * the last byte of header, but cr50 never does that in practice,
 * and earlier versions had a bug when it was set too early, so don't
 * check for it during header transfer.
 */
static int cr50_spi_flow_control(struct tpm_tis_spi_phy *phy,
				 struct spi_transfer *spi_xfer)
{
	struct device *dev = &phy->spi_device->dev;
	unsigned long timeout = jiffies + CR50_FLOW_CONTROL;
	struct spi_message m;
	int ret;

	spi_xfer->len = 1;

	do {
		spi_message_init(&m);
		spi_message_add_tail(spi_xfer, &m);
		ret = spi_sync_locked(phy->spi_device, &m);
		if (ret < 0)
			return ret;

		if (time_after(jiffies, timeout)) {
			dev_warn(dev, "Timeout during flow control\n");
			return -EBUSY;
		}
	} while (!(phy->iobuf[0] & 0x01));

	return 0;
}

static bool tpm_cr50_spi_is_firmware_power_managed(struct device *dev)
{
	u8 val;
	int ret;

	/* This flag should default true when the device property is not present */
	ret = device_property_read_u8(dev, "firmware-power-managed", &val);
	if (ret)
		return true;

	return val;
}

static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 len,
				     u8 *in, const u8 *out)
{
	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
	struct cr50_spi_phy *cr50_phy = to_cr50_spi_phy(phy);
	int ret;

	mutex_lock(&cr50_phy->time_track_mutex);
	/*
	 * Do this outside of spi_bus_lock in case cr50 is not the
	 * only device on that spi bus.
	 */
	cr50_ensure_access_delay(cr50_phy);
	cr50_wake_if_needed(cr50_phy);

	ret = tpm_tis_spi_transfer(data, addr, len, in, out);

	cr50_phy->last_access = jiffies;
	mutex_unlock(&cr50_phy->time_track_mutex);

	return ret;
}

static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr,
				       u16 len, u8 *result, enum tpm_tis_io_mode io_mode)
{
	return tpm_tis_spi_cr50_transfer(data, addr, len, result, NULL);
}

static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr,
					u16 len, const u8 *value, enum tpm_tis_io_mode io_mode)
{
	return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, value);
}

static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = {
	.read_bytes = tpm_tis_spi_cr50_read_bytes,
	.write_bytes = tpm_tis_spi_cr50_write_bytes,
};

static void cr50_print_fw_version(struct tpm_tis_data *data)
{
	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
	int i, len = 0;
	char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1];
	char fw_ver_block[4];

	/*
	 * Write anything to TPM_CR50_FW_VER to start from the beginning
	 * of the version string
	 */
	tpm_tis_write8(data, TPM_CR50_FW_VER(data->locality), 0);

	/* Read the string, 4 bytes at a time, until we get '\0' */
	do {
		tpm_tis_read_bytes(data, TPM_CR50_FW_VER(data->locality), 4,
				   fw_ver_block);
		for (i = 0; i < 4 && fw_ver_block[i]; ++len, ++i)
			fw_ver[len] = fw_ver_block[i];
	} while (i == 4 && len < TPM_CR50_MAX_FW_VER_LEN);
	fw_ver[len] = '\0';

	dev_info(&phy->spi_device->dev, "Cr50 firmware version: %s\n", fw_ver);
}

int cr50_spi_probe(struct spi_device *spi)
{
	struct tpm_tis_spi_phy *phy;
	struct cr50_spi_phy *cr50_phy;
	int ret;
	struct tpm_chip *chip;

	cr50_phy = devm_kzalloc(&spi->dev, sizeof(*cr50_phy), GFP_KERNEL);
	if (!cr50_phy)
		return -ENOMEM;

	phy = &cr50_phy->spi_phy;
	phy->flow_control = cr50_spi_flow_control;
	phy->wake_after = jiffies;
	phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY;
	init_completion(&phy->ready);

	cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY;
	cr50_phy->last_access = jiffies;
	mutex_init(&cr50_phy->time_track_mutex);

	if (spi->irq > 0) {
		ret = devm_request_irq(&spi->dev, spi->irq,
				       cr50_spi_irq_handler,
				       IRQF_TRIGGER_RISING | IRQF_ONESHOT,
				       "cr50_spi", cr50_phy);
		if (ret < 0) {
			if (ret == -EPROBE_DEFER)
				return ret;
			dev_warn(&spi->dev, "Requesting IRQ %d failed: %d\n",
				 spi->irq, ret);
			/*
			 * This is not fatal, the driver will fall back to
			 * delays automatically, since ready will never
			 * be completed without a registered irq handler.
			 * So, just fall through.
			 */
		} else {
			/*
			 * IRQ requested, let's verify that it is actually
			 * triggered, before relying on it.
			 */
			cr50_phy->irq_needs_confirmation = true;
		}
	} else {
		dev_warn(&spi->dev,
			 "No IRQ - will use delays between transactions.\n");
	}

	ret = tpm_tis_spi_init(spi, phy, -1, &tpm_spi_cr50_phy_ops);
	if (ret)
		return ret;

	cr50_print_fw_version(&phy->priv);

	chip = dev_get_drvdata(&spi->dev);
	if (tpm_cr50_spi_is_firmware_power_managed(&spi->dev))
		chip->flags |= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED;

	return 0;
}

#ifdef CONFIG_PM_SLEEP
int tpm_tis_spi_resume(struct device *dev)
{
	struct tpm_chip *chip = dev_get_drvdata(dev);
	struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
	struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
	/*
	 * Jiffies not increased during suspend, so we need to reset
	 * the time to wake Cr50 after resume.
	 */
	phy->wake_after = jiffies;

	return tpm_tis_resume(dev);
}
#endif