drivers/char/tpm/tpm_tis_spi_cr50.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright (C) 2016 Google, Inc
   4  *
   5  * This device driver implements a TCG PTP FIFO interface over SPI for chips
   6  * with Cr50 firmware.
   7  * It is based on tpm_tis_spi driver by Peter Huewe and Christophe Ricard.
   8  */
   9
  10 #include <linux/completion.h>
  11 #include <linux/interrupt.h>
  12 #include <linux/module.h>
  13 #include <linux/of.h>
  14 #include <linux/pm.h>
  15 #include <linux/spi/spi.h>
  16 #include <linux/wait.h>
  17
  18 #include "tpm_tis_core.h"
  19 #include "tpm_tis_spi.h"
  20
  21 /*
  22  * Cr50 timing constants:
  23  * - can go to sleep not earlier than after CR50_SLEEP_DELAY_MSEC.
  24  * - needs up to CR50_WAKE_START_DELAY_USEC to wake after sleep.
  25  * - requires waiting for "ready" IRQ, if supported; or waiting for at least
  26  *   CR50_NOIRQ_ACCESS_DELAY_MSEC between transactions, if IRQ is not supported.
  27  * - waits for up to CR50_FLOW_CONTROL for flow control 'ready' indication.
  28  */
  29 #define CR50_SLEEP_DELAY_MSEC                   1000
  30 #define CR50_WAKE_START_DELAY_USEC              1000
  31 #define CR50_NOIRQ_ACCESS_DELAY                 msecs_to_jiffies(2)
  32 #define CR50_READY_IRQ_TIMEOUT                  msecs_to_jiffies(TPM2_TIMEOUT_A)
  33 #define CR50_FLOW_CONTROL                       msecs_to_jiffies(TPM2_TIMEOUT_A)
  34 #define MAX_IRQ_CONFIRMATION_ATTEMPTS           3
  35
  36 #define TPM_CR50_FW_VER(l)                      (0x0f90 | ((l) << 12))
  37 #define TPM_CR50_MAX_FW_VER_LEN                 64
  38
  39 /* Default quality for hwrng. */
  40 #define TPM_CR50_DEFAULT_RNG_QUALITY            700
  41
  42 struct cr50_spi_phy {
  43         struct tpm_tis_spi_phy spi_phy;
  44
  45         struct mutex time_track_mutex;
  46         unsigned long last_access;
  47
  48         unsigned long access_delay;
  49
  50         unsigned int irq_confirmation_attempt;
  51         bool irq_needs_confirmation;
  52         bool irq_confirmed;
  53 };
  54
  55 static inline struct cr50_spi_phy *to_cr50_spi_phy(struct tpm_tis_spi_phy *phy)
  56 {
  57         return container_of(phy, struct cr50_spi_phy, spi_phy);
  58 }
  59
  60 /*
  61  * The cr50 interrupt handler just signals waiting threads that the
  62  * interrupt was asserted.  It does not do any processing triggered
  63  * by interrupts but is instead used to avoid fixed delays.
  64  */
  65 static irqreturn_t cr50_spi_irq_handler(int dummy, void *dev_id)
  66 {
  67         struct cr50_spi_phy *cr50_phy = dev_id;
  68
  69         cr50_phy->irq_confirmed = true;
  70         complete(&cr50_phy->spi_phy.ready);
  71
  72         return IRQ_HANDLED;
  73 }
  74
  75 /*
  76  * Cr50 needs to have at least some delay between consecutive
  77  * transactions. Make sure we wait.
  78  */
  79 static void cr50_ensure_access_delay(struct cr50_spi_phy *phy)
  80 {
  81         unsigned long allowed_access = phy->last_access + phy->access_delay;
  82         unsigned long time_now = jiffies;
  83         struct device *dev = &phy->spi_phy.spi_device->dev;
  84
  85         /*
  86          * Note: There is a small chance, if Cr50 is not accessed in a few days,
  87          * that time_in_range will not provide the correct result after the wrap
  88          * around for jiffies. In this case, we'll have an unneeded short delay,
  89          * which is fine.
  90          */
  91         if (time_in_range_open(time_now, phy->last_access, allowed_access)) {
  92                 unsigned long remaining, timeout = allowed_access - time_now;
  93
  94                 remaining = wait_for_completion_timeout(&phy->spi_phy.ready,
  95                                                         timeout);
  96                 if (!remaining && phy->irq_confirmed)
  97                         dev_warn(dev, "Timeout waiting for TPM ready IRQ\n");
  98         }
  99
 100         if (phy->irq_needs_confirmation) {
 101                 unsigned int attempt = ++phy->irq_confirmation_attempt;
 102
 103                 if (phy->irq_confirmed) {
 104                         phy->irq_needs_confirmation = false;
 105                         phy->access_delay = CR50_READY_IRQ_TIMEOUT;
 106                         dev_info(dev, "TPM ready IRQ confirmed on attempt %u\n",
 107                                  attempt);
 108                 } else if (attempt > MAX_IRQ_CONFIRMATION_ATTEMPTS) {
 109                         phy->irq_needs_confirmation = false;
 110                         dev_warn(dev, "IRQ not confirmed - will use delays\n");
 111                 }
 112         }
 113 }
 114
 115 /*
 116  * Cr50 might go to sleep if there is no SPI activity for some time and
 117  * miss the first few bits/bytes on the bus. In such case, wake it up
 118  * by asserting CS and give it time to start up.
 119  */
 120 static bool cr50_needs_waking(struct cr50_spi_phy *phy)
 121 {
 122         /*
 123          * Note: There is a small chance, if Cr50 is not accessed in a few days,
 124          * that time_in_range will not provide the correct result after the wrap
 125          * around for jiffies. In this case, we'll probably timeout or read
 126          * incorrect value from TPM_STS and just retry the operation.
 127          */
 128         return !time_in_range_open(jiffies, phy->last_access,
 129                                    phy->spi_phy.wake_after);
 130 }
 131
 132 static void cr50_wake_if_needed(struct cr50_spi_phy *cr50_phy)
 133 {
 134         struct tpm_tis_spi_phy *phy = &cr50_phy->spi_phy;
 135
 136         if (cr50_needs_waking(cr50_phy)) {
 137                 /* Assert CS, wait 1 msec, deassert CS */
 138                 struct spi_transfer spi_cs_wake = {
 139                         .delay = {
 140                                 .value = 1000,
 141                                 .unit = SPI_DELAY_UNIT_USECS
 142                         }
 143                 };
 144
 145                 spi_sync_transfer(phy->spi_device, &spi_cs_wake, 1);
 146                 /* Wait for it to fully wake */
 147                 usleep_range(CR50_WAKE_START_DELAY_USEC,
 148                              CR50_WAKE_START_DELAY_USEC * 2);
 149         }
 150
 151         /* Reset the time when we need to wake Cr50 again */
 152         phy->wake_after = jiffies + msecs_to_jiffies(CR50_SLEEP_DELAY_MSEC);
 153 }
 154
 155 /*
 156  * Flow control: clock the bus and wait for cr50 to set LSB before
 157  * sending/receiving data. TCG PTP spec allows it to happen during
 158  * the last byte of header, but cr50 never does that in practice,
 159  * and earlier versions had a bug when it was set too early, so don't
 160  * check for it during header transfer.
 161  */
 162 static int cr50_spi_flow_control(struct tpm_tis_spi_phy *phy,
 163                                  struct spi_transfer *spi_xfer)
 164 {
 165         struct device *dev = &phy->spi_device->dev;
 166         unsigned long timeout = jiffies + CR50_FLOW_CONTROL;
 167         struct spi_message m;
 168         int ret;
 169
 170         spi_xfer->len = 1;
 171
 172         do {
 173                 spi_message_init(&m);
 174                 spi_message_add_tail(spi_xfer, &m);
 175                 ret = spi_sync_locked(phy->spi_device, &m);
 176                 if (ret < 0)
 177                         return ret;
 178
 179                 if (time_after(jiffies, timeout)) {
 180                         dev_warn(dev, "Timeout during flow control\n");
 181                         return -EBUSY;
 182                 }
 183         } while (!(phy->iobuf[0] & 0x01));
 184
 185         return 0;
 186 }
 187
 188 static bool tpm_cr50_spi_is_firmware_power_managed(struct device *dev)
 189 {
 190         u8 val;
 191         int ret;
 192
 193         /* This flag should default true when the device property is not present */
 194         ret = device_property_read_u8(dev, "firmware-power-managed", &val);
 195         if (ret)
 196                 return true;
 197
 198         return val;
 199 }
 200
 201 static int tpm_tis_spi_cr50_transfer(struct tpm_tis_data *data, u32 addr, u16 len,
 202                                      u8 *in, const u8 *out)
 203 {
 204         struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
 205         struct cr50_spi_phy *cr50_phy = to_cr50_spi_phy(phy);
 206         int ret;
 207
 208         mutex_lock(&cr50_phy->time_track_mutex);
 209         /*
 210          * Do this outside of spi_bus_lock in case cr50 is not the
 211          * only device on that spi bus.
 212          */
 213         cr50_ensure_access_delay(cr50_phy);
 214         cr50_wake_if_needed(cr50_phy);
 215
 216         ret = tpm_tis_spi_transfer(data, addr, len, in, out);
 217
 218         cr50_phy->last_access = jiffies;
 219         mutex_unlock(&cr50_phy->time_track_mutex);
 220
 221         return ret;
 222 }
 223
 224 static int tpm_tis_spi_cr50_read_bytes(struct tpm_tis_data *data, u32 addr,
 225                                        u16 len, u8 *result, enum tpm_tis_io_mode io_mode)
 226 {
 227         return tpm_tis_spi_cr50_transfer(data, addr, len, result, NULL);
 228 }
 229
 230 static int tpm_tis_spi_cr50_write_bytes(struct tpm_tis_data *data, u32 addr,
 231                                         u16 len, const u8 *value, enum tpm_tis_io_mode io_mode)
 232 {
 233         return tpm_tis_spi_cr50_transfer(data, addr, len, NULL, value);
 234 }
 235
 236 static const struct tpm_tis_phy_ops tpm_spi_cr50_phy_ops = {
 237         .read_bytes = tpm_tis_spi_cr50_read_bytes,
 238         .write_bytes = tpm_tis_spi_cr50_write_bytes,
 239 };
 240
 241 static void cr50_print_fw_version(struct tpm_tis_data *data)
 242 {
 243         struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
 244         int i, len = 0;
 245         char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1];
 246         char fw_ver_block[4];
 247
 248         /*
 249          * Write anything to TPM_CR50_FW_VER to start from the beginning
 250          * of the version string
 251          */
 252         tpm_tis_write8(data, TPM_CR50_FW_VER(data->locality), 0);
 253
 254         /* Read the string, 4 bytes at a time, until we get '\0' */
 255         do {
 256                 tpm_tis_read_bytes(data, TPM_CR50_FW_VER(data->locality), 4,
 257                                    fw_ver_block);
 258                 for (i = 0; i < 4 && fw_ver_block[i]; ++len, ++i)
 259                         fw_ver[len] = fw_ver_block[i];
 260         } while (i == 4 && len < TPM_CR50_MAX_FW_VER_LEN);
 261         fw_ver[len] = '\0';
 262
 263         dev_info(&phy->spi_device->dev, "Cr50 firmware version: %s\n", fw_ver);
 264 }
 265
 266 int cr50_spi_probe(struct spi_device *spi)
 267 {
 268         struct tpm_tis_spi_phy *phy;
 269         struct cr50_spi_phy *cr50_phy;
 270         int ret;
 271         struct tpm_chip *chip;
 272
 273         cr50_phy = devm_kzalloc(&spi->dev, sizeof(*cr50_phy), GFP_KERNEL);
 274         if (!cr50_phy)
 275                 return -ENOMEM;
 276
 277         phy = &cr50_phy->spi_phy;
 278         phy->flow_control = cr50_spi_flow_control;
 279         phy->wake_after = jiffies;
 280         phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY;
 281         init_completion(&phy->ready);
 282
 283         cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY;
 284         cr50_phy->last_access = jiffies;
 285         mutex_init(&cr50_phy->time_track_mutex);
 286
 287         if (spi->irq > 0) {
 288                 ret = devm_request_irq(&spi->dev, spi->irq,
 289                                        cr50_spi_irq_handler,
 290                                        IRQF_TRIGGER_RISING | IRQF_ONESHOT,
 291                                        "cr50_spi", cr50_phy);
 292                 if (ret < 0) {
 293                         if (ret == -EPROBE_DEFER)
 294                                 return ret;
 295                         dev_warn(&spi->dev, "Requesting IRQ %d failed: %d\n",
 296                                  spi->irq, ret);
 297                         /*
 298                          * This is not fatal, the driver will fall back to
 299                          * delays automatically, since ready will never
 300                          * be completed without a registered irq handler.
 301                          * So, just fall through.
 302                          */
 303                 } else {
 304                         /*
 305                          * IRQ requested, let's verify that it is actually
 306                          * triggered, before relying on it.
 307                          */
 308                         cr50_phy->irq_needs_confirmation = true;
 309                 }
 310         } else {
 311                 dev_warn(&spi->dev,
 312                          "No IRQ - will use delays between transactions.\n");
 313         }
 314
 315         ret = tpm_tis_spi_init(spi, phy, -1, &tpm_spi_cr50_phy_ops);
 316         if (ret)
 317                 return ret;
 318
 319         cr50_print_fw_version(&phy->priv);
 320
 321         chip = dev_get_drvdata(&spi->dev);
 322         if (tpm_cr50_spi_is_firmware_power_managed(&spi->dev))
 323                 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED;
 324
 325         return 0;
 326 }
 327
 328 #ifdef CONFIG_PM_SLEEP
 329 int tpm_tis_spi_resume(struct device *dev)
 330 {
 331         struct tpm_chip *chip = dev_get_drvdata(dev);
 332         struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
 333         struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
 334         /*
 335          * Jiffies not increased during suspend, so we need to reset
 336          * the time to wake Cr50 after resume.
 337          */
 338         phy->wake_after = jiffies;
 339
 340         return tpm_tis_resume(dev);
 341 }
 342 #endif