Make generic LPC TPM driver work properly.

After some experiments with the TPM and comparing the traces with
the existing i2c based implementation, it became clear that the
generic TPM driver needs to be reworked as follows:

 - byte registers reads must use the byte mode (otherwise FIFO
   returns 4 bytes in one access).

 - byte sequences returned by the TPM contain their length as a 4
   byte number in network byte order at offsets 2..5 in the
   message.

 - to improve robustness of the driver, it is important to verify
   that the device does not expect any more data after the
   command buffer is sent into the FIFO and has nothing more to
   return after the reply length bytes is read from the FIFO.

 - timeout granularity was reduced to 1 us (plus overhead) to
   avoid waisting excessive time at boot,

 - the code was cleaned up and commented.

BUG=chrome-os-partner:4547
TEST=manual

 . build the new coreboot image
 . run the 'vboot_twostep' command from the console
 . observe the system to bring up verified ChromeOS image successfully.

Change-Id: I89b4935a411663812271caed9ed3efdeffedad72
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6636
Reviewed-by: Stefan Reinauer <reinauer@google.com>

1 files changed, 213 insertions, 66 deletions

diff --git a/drivers/tpm/generic_lpc_tpm.c b/drivers/tpm/generic_lpc_tpm.c
index 2704cf6d81..6600f7600a 100644
--- a/drivers/tpm/generic_lpc_tpm.c
+++ b/drivers/tpm/generic_lpc_tpm.c
@@ -49,7 +49,7 @@
 #define TIS_REG_DID_VID                0xf00
 #define TIS_REG_RID                    0xf04
 
-/* some registers' bit field definitions */
+/* Some registers' bit field definitions */
 #define TIS_STS_VALID                  (1 << 7) /* 0x80 */
 #define TIS_STS_COMMAND_READY          (1 << 6) /* 0x40 */
 #define TIS_STS_TPM_GO                 (1 << 5) /* 0x20 */
@@ -65,8 +65,27 @@
 #define TIS_ACCESS_REQUEST_USE         (1 << 1) /* 0x02 */
 #define TIS_ACCESS_TPM_ESTABLISHMENT   (1 << 0) /* 0x01 */
 
-/* Maximal time to wait for the TPM chip to complete an operation */
-#define TPM_MAX_EXECUTION_DELAY_MS 1000
+#define TIS_STS_BURST_COUNT_MASK       (0xffff)
+#define TIS_STS_BURST_COUNT_SHIFT      (8)
+
+/*
+ * Error value returned if a tpm register does not enter the expected state
+ * after continuous polling. No actual TPM register reading ever returns ~0,
+ * so this value is a safe error indication to be mixed with possible status
+ * register values.
+ */
+#define TPM_TIMEOUT_ERR			(~0)
+
+/* Error value returned on various TPM driver errors */
+#define TPM_DRIVER_ERR		(~0)
+
+ /* 1 second is plenty for anything TPM does.*/
+#define MAX_DELAY_US	(1000 * 1000)
+
+/* Retrieve burst count value out of the status register contents. */
+#define BURST_COUNT(status) ((u16)(((status) >> TIS_STS_BURST_COUNT_SHIFT) & \
+				   TIS_STS_BURST_COUNT_MASK))
+
 /*
  * Structures defined below allow creating descriptions of TPM vendor/device
  * ID information for run time discovery. The only device the system knows
@@ -113,9 +132,15 @@ static int is_byte_reg(u32 reg)
 static u32 tpm_read(int locality, u32 reg)
 {
 	u32 value;
-	value = readl(TIS_REG(locality, reg));
+	/*
+	 * Data FIFO register must be read and written in byte access mode,
+	 * otherwise the FIFO values are returned 4 bytes at a time.
+	 */
 	if (is_byte_reg(reg))
-		value &= 0xff;
+		value = readb(TIS_REG(locality, reg));
+	else
+		value = readl(TIS_REG(locality, reg));
+
 	TPM_DEBUG("Read reg 0x%x returns 0x%x\n", reg, value);
 	return value;
 }
@@ -133,34 +158,35 @@ static void tpm_write(u32 value, int locality,  u32 reg)
 /*
  * tis_wait_reg()
  *
- * Wait for a register to change its state to match the expected state.
+ * Wait for at least a second for a register to change its state to match the
+ * expected state. Normally the transition happens within microseconds.
  *
  * @reg - the TPM register offset
  * @locality - locality
- * @time_ms - max time to wait, in ms
  * @mask - bitmask for the bitfield(s) to watch
  * @expected - value the field(s) are supposed to be set to
  *
- * Returns 0 in case the xpected value was present in the appropriate register
- * bits, or ~0 on timeout.
+ * Returns the register contents in case the expected value was found in the
+ * appropriate register bits, or TPM_TIMEOUT_ERR on timeout.
  */
-static u32 tis_wait_reg(u8 reg, u8 locality, u32 time_ms, u8 mask, u8 expected)
+static u32 tis_wait_reg(u8 reg, u8 locality, u8 mask, u8 expected)
 {
-	while (time_ms > 0) {
+	u32 time_us = MAX_DELAY_US;
+	while (time_us > 0) {
 		u32 value = tpm_read(locality, reg);
 		if ((value & mask) == expected)
-			return 0;
-		udelay(1000); /* 1 ms */
-		time_ms--;
+			return value;
+		udelay(1); /* 1 us */
+		time_us--;
 	}
-	return ~0;
+	return TPM_TIMEOUT_ERR;
 }
 
 /*
  * Probe the TPM device and try determining its manufacturer/device name.
  *
  * Returns 0 on success (the device is found or was found during an earlier
- * invocation) or ~0 if the device is not found.
+ * invocation) or TPM_DRIVER_ERR if the device is not found.
  */
 static u32 tis_probe(void)
 {
@@ -175,7 +201,7 @@ static u32 tis_probe(void)
 
 	if (!didvid || (didvid == 0xffffffff)) {
 		printf("%s: No TPM device found\n", __FUNCTION__);
-		return ~0;
+		return TPM_DRIVER_ERR;
 	}
 
 	vendor_dev_id = didvid;
@@ -211,43 +237,93 @@ static u32 tis_probe(void)
  * @data - address of the data to send, byte by byte
  * @len - length of the data to send
  *
- * Returns 0 on success, ~0 on error (in case the device does not accept the
- * entire comand).
+ * Returns 0 on success, TPM_DRIVER_ERR on error (in case the device does
+ * not accept the entire command).
  */
 static u32 tis_senddata(const u8 * const data, u32 len)
 {
-	u32 rc = 0;
 	u32 offset = 0;
 	u16 burst = 0;
-	u32 ctr = 0;
+	u32 max_cycles = 0;
 	u8 locality = 0;
+	u32 value;
+
+	value = tis_wait_reg(TIS_REG_STS, locality, TIS_STS_COMMAND_READY,
+			     TIS_STS_COMMAND_READY);
+	if (value == TPM_TIMEOUT_ERR) {
+		printf("%s:%d - failed to get 'command_ready' status\n",
+		       __FILE__, __LINE__);
+		return TPM_DRIVER_ERR;
+	}
+	burst = BURST_COUNT(value);
 
 	while (1) {
-		while (!burst && (ctr < 2000)) {
-			burst = (u16) (tpm_read(locality, TIS_REG_STS) >> 8);
-			if (!burst) {
-				udelay(100);
-				ctr++;
+		unsigned count;
+
+		/* Wait till the device is ready to accept more data. */
+		while (!burst) {
+			if (max_cycles++ == MAX_DELAY_US) {
+				printf("%s:%d failed to feed %d bytes of %d\n",
+				       __FILE__, __LINE__, len - offset, len);
+				return TPM_DRIVER_ERR;
 			}
+			udelay(1);
+			burst = BURST_COUNT(tpm_read(locality, TIS_REG_STS));
 		}
 
-		if (!burst) {
-			rc = ~0;
-			break;
-		}
-
-		while (1) {
+		max_cycles = 0;
+
+		/*
+		 * Calculate number of bytes the TPM is ready to accept in one
+		 * shot.
+		 *
+		 * We want to send the last byte outside of the loop (hence
+		 * the -1 below) to make sure that the 'expected' status bit
+		 * changes to zero exactly after the last byte is fed into the
+		 * FIFO.
+		 */
+		count = min(burst, len - offset - 1);
+		while (count--)
 			tpm_write(data[offset++], locality, TIS_REG_DATA_FIFO);
-			burst--;
 
-			if (burst == 0 || offset == len)
-				break;
+		value = tis_wait_reg(TIS_REG_STS, locality,
+				     TIS_STS_VALID, TIS_STS_VALID);
+
+		if ((value == TPM_TIMEOUT_ERR) || !(value & TIS_STS_EXPECT)) {
+			printf("%s:%d TPM command feed overflow\n",
+			       __FILE__, __LINE__);
+			return TPM_DRIVER_ERR;
 		}
 
-		if (offset == len)
+		burst = BURST_COUNT(value);
+		if ((offset == (len - 1)) && burst)
+			/*
+			 * We need to be able to send the last byte to the
+			 * device, so burst size must be nonzero before we
+			 * break out.
+			 */
 			break;
 	}
-	return rc;
+
+	/* Send the last byte. */
+	tpm_write(data[offset++], locality, TIS_REG_DATA_FIFO);
+
+	/*
+	 * Verify that TPM does not expect any more data as part of this
+	 * command.
+	 */
+	value = tis_wait_reg(TIS_REG_STS, locality,
+			     TIS_STS_VALID, TIS_STS_VALID);
+	if ((value == TPM_TIMEOUT_ERR) || (value & TIS_STS_EXPECT)) {
+		printf("%s:%d unexpected TPM status 0x%x\n",
+		       __FILE__, __LINE__, value);
+		return TPM_DRIVER_ERR;
+	}
+
+	/* OK, sitting pretty, let's start the command execution. */
+	tpm_write(TIS_STS_TPM_GO, locality, TIS_REG_STS);
+
+	return 0;
 }
 
 /*
@@ -258,17 +334,94 @@ static u32 tis_senddata(const u8 * const data, u32 len)
  * @buffer - address where to read the response, byte by byte.
  * @len - pointer to the size of buffer
  *
- * Does not yet generate any errors, always returns 0. len is used to report
- * the number of actually read response bytes.
+ * On success stores the number of received bytes to len and returns 0. On
+ * errors (misformatted TPM data or synchronization problems) returns
+ * TPM_DRIVER_ERR.
  */
 static u32 tis_readresponse(u8 *buffer, u32 *len)
 {
+	u16 burst_count;
+	u32 status;
 	u32 offset = 0;
 	u8 locality = 0;
+	const u32 has_data = TIS_STS_DATA_AVAILABLE | TIS_STS_VALID;
+	u32 expected_count = *len;
+	int max_cycles = 0;
+
+	/* Wait for the TPM to process the command */
+	status = tis_wait_reg(TIS_REG_STS, locality, has_data, has_data);
+	if (status == TPM_TIMEOUT_ERR) {
+		printf("%s:%d failed processing command\n",
+		       __FILE__, __LINE__);
+		return TPM_DRIVER_ERR;
+	}
+
+	do {
+		while ((burst_count = BURST_COUNT(status)) == 0) {
+			if (max_cycles++ == MAX_DELAY_US) {
+				printf("%s:%d TPM stuck on read\n",
+				       __FILE__, __LINE__);
+				return TPM_DRIVER_ERR;
+			}
+			udelay(1);
+			status = tpm_read(locality, TIS_REG_STS);
+		}
+
+		max_cycles = 0;
+
+		while (burst_count-- && (offset < expected_count)) {
+			buffer[offset++] = (u8) tpm_read(locality,
+							 TIS_REG_DATA_FIFO);
+			if (offset == 6) {
+				/*
+				 * We got the first six bytes of the reply,
+				 * let's figure out how many bytes to expect
+				 * total - it is stored as a 4 byte number in
+				 * network order, starting with offset 2 into
+				 * the body of the reply.
+				 */
+				u32 real_length;
+				memcpy(&real_length,
+				       buffer + 2,
+				       sizeof(real_length));
+				expected_count = be32_to_cpu(real_length);
+
+				if ((expected_count < offset) ||
+				    (expected_count > *len)) {
+					printf("%s:%d bad response size %d\n",
+					       __FILE__, __LINE__,
+					       expected_count);
+					return TPM_DRIVER_ERR;
+				}
+			}
+		}
+
+		/* Wait for the next portion */
+		status = tis_wait_reg(TIS_REG_STS, locality,
+				      TIS_STS_VALID, TIS_STS_VALID);
+		if (status == TPM_TIMEOUT_ERR) {
+			printf("%s:%d failed to read response\n",
+			       __FILE__, __LINE__);
+			return TPM_DRIVER_ERR;
+		}
 
-	while ((tpm_read(locality, TIS_REG_STS) & TIS_STS_DATA_AVAILABLE) &&
-		(offset < *len))
-		buffer[offset++] = (u8) tpm_read(locality, TIS_REG_DATA_FIFO);
+		if (offset == expected_count)
+			break;	/* We got all we need */
+
+	} while ((status & has_data) == has_data);
+
+	/*
+	 * Make sure we indeed read all there was. The TIS_STS_VALID bit is
+	 * known to be set.
+	 */
+	if (status & TIS_STS_DATA_AVAILABLE) {
+		printf("%s:%d wrong receive status %x\n",
+		       __FILE__, __LINE__, status);
+		return TPM_DRIVER_ERR;
+	}
+
+	/* Tell the TPM that we are done. */
+	tpm_write(TIS_STS_COMMAND_READY, locality, TIS_REG_STS);
 
 	*len = offset;
 	return 0;
@@ -277,13 +430,13 @@ static u32 tis_readresponse(u8 *buffer, u32 *len)
 /*
  * tis_init()
  *
- * Initialize the TPM device. Returns 0 on success or ~0 on failure (in case
- * device probing did not succeed).
+ * Initialize the TPM device. Returns 0 on success or TPM_DRIVER_ERR on
+ * failure (in case device probing did not succeed).
  */
 int tis_init(void)
 {
 	if (tis_probe())
-		return ~0;
+		return TPM_DRIVER_ERR;
 	return 0;
 }
 
@@ -293,43 +446,38 @@ int tis_init(void)
  * Requests access to locality 0 for the caller. After all commands have been
  * completed the caller is supposed to call tis_close().
  *
- * Returns 0 on success, ~0 on failure.
+ * Returns 0 on success, TPM_DRIVER_ERR on failure.
  */
 int tis_open(void)
 {
 	u8 locality = 0; /* we use locality zero for everything */
 
 	if (tis_close())
-		return ~0;
+		return TPM_DRIVER_ERR;
 
 	/* now request access to locality */
 	tpm_write(TIS_ACCESS_REQUEST_USE, locality, TIS_REG_ACCESS);
 
 	/* did we get a lock? */
-	if (tis_wait_reg(TIS_REG_ACCESS, locality, TPM_MAX_EXECUTION_DELAY_MS,
+	if (tis_wait_reg(TIS_REG_ACCESS, locality,
 			 TIS_ACCESS_ACTIVE_LOCALITY,
-			 TIS_ACCESS_ACTIVE_LOCALITY)) {
+			 TIS_ACCESS_ACTIVE_LOCALITY) == TPM_TIMEOUT_ERR) {
 		printf("%s:%d - failed to lock locality %d\n",
 		       __FILE__, __LINE__, locality);
-		return ~0;
+		return TPM_DRIVER_ERR;
 	}
 
 	tpm_write(TIS_STS_COMMAND_READY, locality, TIS_REG_STS);
-	if (tis_wait_reg(TIS_REG_STS, locality, TPM_MAX_EXECUTION_DELAY_MS,
-			 TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY)) {
-		printf("%s:%d - failed to get 'command_ready' status\n",
-		       __FILE__, __LINE__);
-		return ~0;
-	}
+
 	return 0;
 }
 
 /*
  * tis_close()
  *
- * terminate the currect session with the TPM bu releasing the locked
- * locality. Returns 0 on success of ~0 on failure (in case lock removal did
- * not succeed).
+ * terminate the currect session with the TPM by releasing the locked
+ * locality. Returns 0 on success of TPM_DRIVER_ERR on failure (in case lock
+ * removal did not succeed).
  */
 int tis_close(void)
 {
@@ -339,11 +487,11 @@ int tis_close(void)
 		tpm_write(TIS_ACCESS_ACTIVE_LOCALITY, locality, TIS_REG_ACCESS);
 
 		if (tis_wait_reg(TIS_REG_ACCESS, locality,
-				 TPM_MAX_EXECUTION_DELAY_MS,
-				 TIS_ACCESS_ACTIVE_LOCALITY, 0)) {
+				 TIS_ACCESS_ACTIVE_LOCALITY, 0) ==
+		    TPM_TIMEOUT_ERR) {
 			printf("%s:%d - failed to release locality %d\n",
 			       __FILE__, __LINE__, locality);
-			return ~0;
+			return TPM_DRIVER_ERR;
 		}
 	}
 	return 0;
@@ -360,7 +508,7 @@ int tis_close(void)
  * @recv_len - pointer to the size of the response buffer
  *
  * Returns 0 on success (and places the number of response bytes at recv_len)
- * or ~0 on failure.
+ * or TPM_DRIVER_ERR on failure.
  */
 int tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
 		 uint8_t *recvbuf, size_t *recv_len)
@@ -368,9 +516,8 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
 	if (tis_senddata(sendbuf, send_size)) {
 		printf("%s:%d failed sending data to TPM\n",
 		       __FILE__, __LINE__);
-		return ~0;
+		return TPM_DRIVER_ERR;
 	}
 
-	tis_readresponse(recvbuf, recv_len);
-	return 0;
+	return tis_readresponse(recvbuf, recv_len);
 }