Re: [PATCH 1/4] tpm: Add tpm_tis_i2c backend for tpm_tis_core

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07.04.2022 12:07, Jarkko Sakkinen wrote:
> On Mon, Apr 04, 2022 at 10:18:32AM +0200, Johannes Holland wrote:
>> Implement the TCG I2C Interface driver, as specified in the TCG PC
>> Client Platform TPM Profile (PTP) specification for TPM 2.0 v1.04
>> revision 14, section 8, I2C Interface Definition.
>>
>> This driver supports Guard Times. That is, if required by the TPM, the
>> driver has to wait by a vendor-specific time after each I2C read/write.
>> The specific time is read from the TPM_I2C_INTERFACE_CAPABILITY register.
>>
>> Unfortunately, the TCG specified almost but not quite compatible
>> register addresses. Therefore, the TIS register addresses need to be
>> mapped to I2C ones. The locality is stripped because for now, only
>> locality 0 is supported.
>>
>> Add a sanity check to I2C reads of e.g. TPM_ACCESS and TPM_STS. This is
>> to detect communication errors and issues due to non-standard behaviour
>> (E.g. the clock stretching quirk in the BCM2835, see 4dbfb5f4401f). In
>> case the sanity check fails, attempt a retry.
>>
>> The CRC over the FIFO register is not implemented here since a new call
>> has to be added to the API (tpm_tis_phy_ops).
>>
>> Signed-off-by: Johannes Holland <johannes.holland@xxxxxxxxxxxx>
>> ---
>>  drivers/char/tpm/Kconfig       |  12 ++
>>  drivers/char/tpm/Makefile      |   1 +
>>  drivers/char/tpm/tpm_tis_i2c.c | 365 +++++++++++++++++++++++++++++++++
>>  3 files changed, 378 insertions(+)
>>  create mode 100644 drivers/char/tpm/tpm_tis_i2c.c
>>
>> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
>> index 4a5516406c22..927088b2c3d3 100644
>> --- a/drivers/char/tpm/Kconfig
>> +++ b/drivers/char/tpm/Kconfig
>> @@ -74,6 +74,18 @@ config TCG_TIS_SPI_CR50
>>         If you have a H1 secure module running Cr50 firmware on SPI bus,
>>         say Yes and it will be accessible from within Linux.
>>
>> +config TCG_TIS_I2C
>> +     tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
>> +     depends on I2C
>> +     select CRC_CCITT
>> +     select TCG_TIS_CORE
>> +     help
>> +       If you have a TPM security chip, compliant with the TCG TPM PTP
>> +       (I2C interface) specification and connected to an I2C bus master,
>> +       say Yes and it will be accessible from within Linux.
>> +       To compile this driver as a module, choose M here;
>> +       the module will be called tpm_tis_i2c.
>> +
>>  config TCG_TIS_SYNQUACER
>>       tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
>>       depends on ARCH_SYNQUACER || COMPILE_TEST
>> diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
>> index 66d39ea6bd10..0222b1ddb310 100644
>> --- a/drivers/char/tpm/Makefile
>> +++ b/drivers/char/tpm/Makefile
>> @@ -29,6 +29,7 @@ tpm_tis_spi-$(CONFIG_TCG_TIS_SPI_CR50) += tpm_tis_spi_cr50.o
>>
>>  obj-$(CONFIG_TCG_TIS_I2C_CR50) += tpm_tis_i2c_cr50.o
>>
>> +obj-$(CONFIG_TCG_TIS_I2C) += tpm_tis_i2c.o
>>  obj-$(CONFIG_TCG_TIS_I2C_ATMEL) += tpm_i2c_atmel.o
>>  obj-$(CONFIG_TCG_TIS_I2C_INFINEON) += tpm_i2c_infineon.o
>>  obj-$(CONFIG_TCG_TIS_I2C_NUVOTON) += tpm_i2c_nuvoton.o
>> diff --git a/drivers/char/tpm/tpm_tis_i2c.c b/drivers/char/tpm/tpm_tis_i2c.c
>> new file mode 100644
>> index 000000000000..206406c97325
>> --- /dev/null
>> +++ b/drivers/char/tpm/tpm_tis_i2c.c
>> @@ -0,0 +1,365 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright (c) 2014-2021 Nuvoton Technology corporation
>> + * Copyright (C) 2019-2022 Infineon Technologies AG
>> + *
>> + * Authors:
>> + * Alexander Steffen <alexander.steffen@xxxxxxxxxxxx>
>> + * Amir Mizinski <amirmizi6@xxxxxxxxx>
>> + * Johannes Holland <johannes.holland@xxxxxxxxxxxx>
> 
> Please, use co-developed-by instead in the commit message:
> 
> https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html

Will do.

> 
>> + *
>> + * This device driver implements the TPM interface as defined in the TCG PC
>> + * Client Platform TPM Profile (PTP) Specification for TPM 2.0 v1.04
>> + * Revision 14.
>> + *
>> + * It is based on the tpm_tis_spi device driver.
>> + */
>> +
>> +#include <linux/init.h>
>> +#include <linux/module.h>
>> +#include <linux/moduleparam.h>
>> +#include <linux/slab.h>
>> +#include <linux/interrupt.h>
>> +#include <linux/wait.h>
>> +#include <linux/acpi.h>
>> +#include <linux/freezer.h>
>> +
>> +#include <linux/module.h>
>> +#include <linux/i2c.h>
>> +#include <linux/gpio.h>
>> +#include <linux/of_irq.h>
>> +#include <linux/of_gpio.h>
>> +#include <linux/tpm.h>
>> +#include "tpm_tis_core.h"
>> +
>> +/* TPM registers */
>> +#define TPM_I2C_LOC_SEL 0x00
>> +#define TPM_I2C_ACCESS 0x04
>> +#define TPM_I2C_INTERFACE_CAPABILITY 0x30
>> +#define TPM_I2C_DEVICE_ADDRESS 0x38
>> +#define TPM_I2C_DATA_CSUM_ENABLE 0x40
>> +#define TPM_I2C_DID_VID 0x48
>> +#define TPM_I2C_RID 0x4C
>> +
>> +/* TIS-compatible register address to avoid clash with TPM_ACCESS (0x00) */
>> +#define TPM_LOC_SEL 0x0FFF
>> +
>> +/* Mask to extract the I2C register from TIS register addresses */
>> +#define TPM_TIS_REGISTER_MASK 0x0FFF
>> +
>> +/*
>> + * Guard Time:
>> + * After each I2C operation, the TPM might require the master to wait.
>> + * The time period is vendor-specific and must be read from the
>> + * TPM_I2C_INTERFACE_CAPABILITY register.
>> + *
>> + * Before the Guard Time is read (or after the TPM failed to send an I2C NACK),
>> + * a Guard Time of 250µs applies.
>> + *
>> + * Various flags in the same register indicate if a guard time is needed:
>> + *  - SR: <I2C read with repeated start> <guard time> <I2C read>
>> + *  - RR: <I2C read> <guard time> <I2C read>
>> + *  - RW: <I2C read> <guard time> <I2C write>
>> + *  - WR: <I2C write> <guard time> <I2C read>
>> + *  - WW: <I2C write> <guard time> <I2C write>
>> + *
>> + * See TCG PC Client PTP Specification v1.04, 8.1.10 GUARD_TIME
>> + */
>> +
>> +/* Default Guard Time until interface capability register is read */
>> +#define GUARD_TIME_DEFAULT_MIN 250
>> +#define GUARD_TIME_DEFAULT_MAX 300
>> +
>> +/* Guard Time after I2C slave NACK */
>> +#define GUARD_TIME_ERR_MIN 250
>> +#define GUARD_TIME_ERR_MAX 300
>> +
>> +/* Guard Time bit masks; SR is repeated start, RW is read then write, etc. */
>> +#define TPM_GUARD_TIME_SR_MASK 0x40000000
>> +#define TPM_GUARD_TIME_RR_MASK 0x00100000
>> +#define TPM_GUARD_TIME_RW_MASK 0x00080000
>> +#define TPM_GUARD_TIME_WR_MASK 0x00040000
>> +#define TPM_GUARD_TIME_WW_MASK 0x00020000
>> +#define TPM_GUARD_TIME_MIN_MASK 0x0001FE00
>> +#define TPM_GUARD_TIME_MIN_SHIFT 9
>> +
>> +/* Masks with bits that must be read zero */
>> +#define TPM_ACCESS_READ_ZERO 0x48
>> +#define TPM_INT_ENABLE_ZERO 0x7FFFFF6
>> +#define TPM_STS_READ_ZERO 0x23
>> +#define TPM_INTF_CAPABILITY_ZERO 0x0FFFF000
>> +#define TPM_I2C_INTERFACE_CAPABILITY_ZERO 0x80000000
>> +
>> +struct tpm_tis_i2c_phy {
>> +     struct tpm_tis_data priv;
>> +     struct i2c_client *i2c_client;
>> +     bool guard_time_read;
>> +     bool guard_time_write;
>> +     u16 guard_time_min;
>> +     u16 guard_time_max;
>> +     u8 *io_buf;
>> +};
>> +
>> +static inline struct tpm_tis_i2c_phy *
>> +to_tpm_tis_i2c_phy(struct tpm_tis_data *data)
>> +{
>> +     return container_of(data, struct tpm_tis_i2c_phy, priv);
>> +}
>> +
>> +static u8 address_to_register(u32 addr)
>> +{
>> +     addr &= TPM_TIS_REGISTER_MASK;
>> +
>> +     switch (addr) {
>> +     case TPM_ACCESS(0):
>> +             return TPM_I2C_ACCESS;
>> +     case TPM_LOC_SEL:
>> +             return TPM_I2C_LOC_SEL;
>> +     case TPM_DID_VID(0):
>> +             return TPM_I2C_DID_VID;
>> +     case TPM_RID(0):
>> +             return TPM_I2C_RID;
>> +     default:
>> +             return addr;
>> +     }
>> +}
>> +
>> +static int retry_i2c_transfer_until_ack(struct tpm_tis_data *data,
>> +                                     struct i2c_msg *msg)
>> +{
>> +     struct tpm_tis_i2c_phy *phy = to_tpm_tis_i2c_phy(data);
>> +     bool guard_time;
>> +     int i = 0;
>> +     int ret;
>> +
>> +     if (msg->flags & I2C_M_RD)
>> +             guard_time = phy->guard_time_read;
>> +     else
>> +             guard_time = phy->guard_time_write;
>> +
>> +     do {
>> +             ret = i2c_transfer(phy->i2c_client->adapter, msg, 1);
>> +             if (ret < 0)
>> +                     usleep_range(GUARD_TIME_ERR_MIN, GUARD_TIME_ERR_MAX);
>> +             else if (guard_time)
>> +                     usleep_range(phy->guard_time_min, phy->guard_time_max);
>> +             /* retry on TPM NACK */
>> +     } while (ret < 0 && i++ < TPM_RETRY);
>> +
>> +     return ret;
>> +}
>> +
>> +/* Check that bits which must be read zero are not set */
>> +static int sanity_check_read(u8 reg, u16 len, u8 *buf)
>> +{
>> +     u32 value;
>> +     u32 zero_mask;
>> +
>> +     switch (len) {
>> +     case sizeof(u8):
>> +             value = buf[0];
>> +             break;
>> +     case sizeof(u16):
>> +             value = le16_to_cpup((__le16 *)buf);
>> +             break;
>> +     case sizeof(u32):
>> +             value = le32_to_cpup((__le32 *)buf);
>> +             break;
>> +     default:
>> +             return 0;
>> +     }
>> +
>> +     switch (reg) {
>> +     case TPM_I2C_ACCESS:
>> +             zero_mask = TPM_ACCESS_READ_ZERO;
>> +             break;
>> +     case TPM_INT_ENABLE(0) & TPM_TIS_REGISTER_MASK:
>> +             zero_mask = TPM_INT_ENABLE_ZERO;
>> +             break;
>> +     case TPM_STS(1) & TPM_TIS_REGISTER_MASK:
>> +             zero_mask = TPM_STS_READ_ZERO;
>> +             break;
>> +     case TPM_INTF_CAPS(0) & TPM_TIS_REGISTER_MASK:
>> +             zero_mask = TPM_INTF_CAPABILITY_ZERO;
>> +             break;
>> +     case TPM_I2C_INTERFACE_CAPABILITY:
>> +             zero_mask = TPM_I2C_INTERFACE_CAPABILITY_ZERO;
>> +             break;
>> +     default:
>> +             return 0;
>> +     }
>> +
>> +     if (unlikely((value & zero_mask) != 0x00)) {
>> +             pr_debug("TPM I2C read of register 0x%02x failed sanity check: 0x%x\n", reg, value);
>> +             return -EIO;
>> +     }
>> +
>> +     return 0;
>> +}
>> +
>> +static int tpm_tis_i2c_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len,
>> +                               u8 *result, enum tpm_tis_io_mode io_mode)
>> +{
>> +     struct tpm_tis_i2c_phy *phy = to_tpm_tis_i2c_phy(data);
>> +     struct i2c_msg msg = { .addr = phy->i2c_client->addr };
>> +     u8 reg = address_to_register(addr);
>> +     int i = 0;
>> +     int ret;
>> +
>> +     do {
>> +             /* write register */
>> +             msg.len = sizeof(reg);
>> +             msg.buf = &reg;
>> +             msg.flags = 0;
>> +             retry_i2c_transfer_until_ack(data, &msg);
>> +             if (ret < 0)
>> +                     return ret;
>> +
>> +             /* read data */
>> +             msg.buf = result;
>> +             msg.len = len;
>> +             msg.flags = I2C_M_RD;
>> +             retry_i2c_transfer_until_ack(data, &msg);
>> +             if (ret < 0)
>> +                     return ret;
>> +
>> +             ret = sanity_check_read(reg, len, result);
>> +             if (ret == 0)
>> +                     return 0;
>> +
>> +             usleep_range(GUARD_TIME_ERR_MIN, GUARD_TIME_ERR_MAX);
>> +     } while (i++ < TPM_RETRY);
>> +
>> +     return ret;
>> +}
>> +
>> +static int tpm_tis_i2c_write_bytes(struct tpm_tis_data *data, u32 addr, u16 len,
>> +                                const u8 *value,
>> +                                enum tpm_tis_io_mode io_mode)
>> +{
>> +     struct tpm_tis_i2c_phy *phy = to_tpm_tis_i2c_phy(data);
>> +     struct i2c_msg msg = { .addr = phy->i2c_client->addr };
>> +     u8 reg = address_to_register(addr);
>> +     int ret = 0;
>> +
>> +     if (len > TPM_BUFSIZE - 1)
>> +             return -EIO;
>> +
>> +     /* write register and data in one go */
>> +     phy->io_buf[0] = reg;
>> +     memcpy(phy->io_buf + sizeof(reg), value, len);
>> +
>> +     msg.len = sizeof(reg) + len;
>> +     msg.buf = phy->io_buf;
>> +     retry_i2c_transfer_until_ack(data, &msg);
>> +     if (ret < 0)
>> +             return ret;
>> +
>> +     return 0;
>> +}
>> +
>> +static int init_guard_time(struct tpm_tis_i2c_phy *phy)
>> +{
>> +     u32 i2c_caps;
>> +     int ret;
>> +
>> +     phy->guard_time_read = true;
>> +     phy->guard_time_write = true;
>> +     phy->guard_time_min = GUARD_TIME_DEFAULT_MIN;
>> +     phy->guard_time_max = GUARD_TIME_DEFAULT_MAX;
>> +
>> +     ret = tpm_tis_i2c_read_bytes(&phy->priv, TPM_I2C_INTERFACE_CAPABILITY,
>> +                                  sizeof(i2c_caps), (u8 *)&i2c_caps,
>> +                                  TPM_TIS_PHYS_32);
>> +     if (ret)
>> +             return ret;
>> +
>> +     phy->guard_time_read = (i2c_caps & TPM_GUARD_TIME_RR_MASK) ||
>> +                            (i2c_caps & TPM_GUARD_TIME_RW_MASK);
>> +     phy->guard_time_write = (i2c_caps & TPM_GUARD_TIME_WR_MASK) ||
>> +                             (i2c_caps & TPM_GUARD_TIME_WW_MASK);
>> +     phy->guard_time_min = (i2c_caps & TPM_GUARD_TIME_MIN_MASK) >>
>> +                           TPM_GUARD_TIME_MIN_SHIFT;
>> +     /* guard_time_max = guard_time_min * 1.2 */
>> +     phy->guard_time_max = phy->guard_time_min + phy->guard_time_min / 5;
>> +
>> +     return 0;
>> +}
>> +
>> +static SIMPLE_DEV_PM_OPS(tpm_tis_pm, tpm_pm_suspend, tpm_tis_resume);
>> +
>> +static const struct tpm_tis_phy_ops tpm_i2c_phy_ops = {
>> +     .read_bytes = tpm_tis_i2c_read_bytes,
>> +     .write_bytes = tpm_tis_i2c_write_bytes,
>> +};
>> +
>> +static int tpm_tis_i2c_probe(struct i2c_client *dev,
>> +                          const struct i2c_device_id *id)
>> +{
>> +     struct tpm_tis_i2c_phy *phy;
>> +     const u8 locality = 0;
>> +     int ret;
>> +
>> +     phy = devm_kzalloc(&dev->dev, sizeof(struct tpm_tis_i2c_phy),
>> +                        GFP_KERNEL);
>> +     if (!phy)
>> +             return -ENOMEM;
>> +
>> +     phy->io_buf = devm_kzalloc(&dev->dev, TPM_BUFSIZE, GFP_KERNEL);
>> +     if (!phy->io_buf)
>> +             return -ENOMEM;
>> +
>> +     phy->i2c_client = dev;
>> +
>> +     /* must precede all communication with the tpm */
>> +     ret = init_guard_time(phy);
>> +     if (ret)
>> +             return ret;
>> +
>> +     ret = tpm_tis_i2c_write_bytes(&phy->priv, TPM_LOC_SEL, sizeof(locality),
>> +                                   &locality, TPM_TIS_PHYS_8);
>> +     if (ret)
>> +             return ret;
>> +
>> +     return tpm_tis_core_init(&dev->dev, &phy->priv, -1, &tpm_i2c_phy_ops,
>> +                              NULL);
>> +}
>> +
>> +static int tpm_tis_i2c_remove(struct i2c_client *client)
>> +{
>> +     struct tpm_chip *chip = i2c_get_clientdata(client);
>> +
>> +     tpm_chip_unregister(chip);
>> +     tpm_tis_remove(chip);
>> +     return 0;
>> +}
>> +
>> +static const struct i2c_device_id tpm_tis_i2c_id[] = {
>> +     { "tpm_tis_i2c", 0 },
>> +     {}
>> +};
>> +MODULE_DEVICE_TABLE(i2c, tpm_tis_i2c_id);
>> +
>> +static const struct of_device_id of_tis_i2c_match[] = {
>> +     { .compatible = "infineon,slb9673", },
>> +     { .compatible = "nuvoton,npct75x", },
>> +     { .compatible = "tcg,tpm-tis-i2c", },
>> +     {}
>> +};
>> +MODULE_DEVICE_TABLE(of, of_tis_i2c_match);
>> +
>> +static struct i2c_driver tpm_tis_i2c_driver = {
>> +     .driver = {
>> +             .owner = THIS_MODULE,
>> +             .name = "tpm_tis_i2c",
>> +             .pm = &tpm_tis_pm,
>> +             .of_match_table = of_match_ptr(of_tis_i2c_match),
>> +     },
>> +     .probe = tpm_tis_i2c_probe,
>> +     .remove = tpm_tis_i2c_remove,
>> +     .id_table = tpm_tis_i2c_id,
>> +};
>> +module_i2c_driver(tpm_tis_i2c_driver);
>> +
>> +MODULE_DESCRIPTION("TPM Driver for native I2C access");
>> +MODULE_LICENSE("GPL");
>> --
>> 2.31.1.windows.1
>>
> 
> Quality looks quite solid. Have you tried:
> 
> - TPM2 kselftest

Yes, kselftest runs successfully. However, it can time out.
I will fix this in a subsequent patch. Basically:

echo timeout=1500 > tools/testing/selftests/tpm2/settings

The line coverage for tpm_tis_i2c.c is 98.1%.

> - rmmod + modprobe (sanity check)

Ran that in a loop. No errors.

> 
> BR, Jarkko

Thanks, Johannes



[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]


  Powered by Linux