[coreboot-gerrit] Change in coreboot[master]: WIP: guybrush: Call TPM Disable Deep Sleep when entering S0i3

4 Feb 2022

Raul Rangel has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/61640 )
Change subject: WIP: guybrush: Call TPM Disable Deep Sleep when entering S0i3
......................................................................
WIP: guybrush: Call TPM Disable Deep Sleep when entering S0i3
This is a WIP of calling the TPM from the S0i3 SMI handler.
Notes:
* We need to increase the SMM code size const since adding the TPM code
  into SMM pushes it over the limit.
* We should add a mainboard specific hook into elog/gsmi.c that can be
  used to call tlcl_cr50_disable_deep_sleep.
* We need to check if the I2C controller has been powered off via the
  AOAC registers. If it has, we should re-initialize it.
* Can this SMI handler get called while there is a TPM transaction in
  flight? Sharing hardware between the OS and FW is always very tricky.
* I disabled the AOAC for the UART so that the SMM logs get printed to
  the console. See b/217968734
BUG=b:214479456
TEST=Enter s0i3 on guybrush and see TPM error
Signed-off-by: Raul E Rangel rrangel@chromium.org
Change-Id: Ic8eb7ffbe1b5d58eba5c1f94dde8383cd04b1d69
---
M src/cpu/x86/smm/smm_module_loader.c
M src/drivers/elog/gsmi.c
M src/drivers/i2c/tpm/Makefile.inc
M src/security/tpm/Makefile.inc
M src/security/tpm/tss/vendor/cr50/Makefile.inc
M src/security/tpm/tss/vendor/cr50/cr50.c
M src/security/tpm/tss/vendor/cr50/cr50.h
M src/soc/amd/cezanne/acpi/mmio.asl
8 files changed, 45 insertions(+), 3 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/40/61640/1

diff --git a/src/cpu/x86/smm/smm_module_loader.c b/src/cpu/x86/smm/smm_module_loader.c
index 101b7c5..4773021 100644
--- a/src/cpu/x86/smm/smm_module_loader.c
+++ b/src/cpu/x86/smm/smm_module_loader.c
@@ -10,7 +10,7 @@
 #include <security/intel/stm/SmmStm.h>
#define FXSAVE_SIZE 512
-#define SMM_CODE_SEGMENT_SIZE 0x10000
+#define SMM_CODE_SEGMENT_SIZE 0x20000
 /* FXSAVE area during relocation. While it may not be strictly needed the
    SMM stub code relies on the FXSAVE area being non-zero to enable SSE
    instructions within SMM mode. */
diff --git a/src/drivers/elog/gsmi.c b/src/drivers/elog/gsmi.c
index ebdde19..68bc02c 100644
--- a/src/drivers/elog/gsmi.c
+++ b/src/drivers/elog/gsmi.c
@@ -2,6 +2,7 @@
#include <console/console.h>
 #include <elog.h>
+#include <security/tpm/tss/vendor/cr50/cr50.h>
#define GSMI_RET_SUCCESS		0x00
 #define GSMI_RET_INVALID_PARAMETER	0x82
@@ -105,8 +106,11 @@
    case GSMI_CMD_LOG_S0IX_RESUME:
    	ret = GSMI_RET_SUCCESS;
-		if (command == GSMI_CMD_LOG_S0IX_SUSPEND)
+		if (command == GSMI_CMD_LOG_S0IX_SUSPEND) {
    		elog_add_event(ELOG_TYPE_S0IX_ENTER);
+			tlcl_cr50_disable_deep_sleep();
+			printk(BIOS_ERR, "RX: GOING INTO S0i3!!!");
+		}
    	else {
    		elog_add_event(ELOG_TYPE_S0IX_EXIT);
    		elog_gsmi_cb_platform_log_wake_source();
diff --git a/src/drivers/i2c/tpm/Makefile.inc b/src/drivers/i2c/tpm/Makefile.inc
index 51856fa..7b2be38 100644
--- a/src/drivers/i2c/tpm/Makefile.inc
+++ b/src/drivers/i2c/tpm/Makefile.inc
@@ -3,6 +3,7 @@
 verstage-$(CONFIG_DRIVER_TIS_DEFAULT) += tis.c
 bootblock-$(CONFIG_DRIVER_TIS_DEFAULT) += tis.c
 postcar-$(CONFIG_DRIVER_TIS_DEFAULT) += tis.c
+smm-$(CONFIG_DRIVER_TIS_DEFAULT) += tis.c
ramstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL) += tis_atmel.c
 romstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL) += tis_atmel.c
@@ -21,5 +22,6 @@
 verstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c
 bootblock-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c
 postcar-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c
+smm-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c
ramstage-$(CONFIG_DRIVER_I2C_TPM_ACPI) += chip.c
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index c36183d..eb07d74 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -37,6 +37,9 @@
 bootblock-y += tss/tcg-2.0/tss_marshaling.c
 bootblock-y += tss/tcg-2.0/tss.c
+smm-y += tss/tcg-2.0/tss_marshaling.c
+smm-y += tss/tcg-2.0/tss.c
+
 ## TSPI
ramstage-y += tspi/tspi.c
diff --git a/src/security/tpm/tss/vendor/cr50/Makefile.inc b/src/security/tpm/tss/vendor/cr50/Makefile.inc
index 8bacafd..a8b613c 100644
--- a/src/security/tpm/tss/vendor/cr50/Makefile.inc
+++ b/src/security/tpm/tss/vendor/cr50/Makefile.inc
@@ -1,5 +1,6 @@
 ramstage-y += cr50.c
 romstage-y += cr50.c
 postcar-y += cr50.c
+smm-y += cr50.c
verstage-$(CONFIG_VBOOT) += cr50.c
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c
index e38ca30..d499b1f 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.c
+++ b/src/security/tpm/tss/vendor/cr50/cr50.c
@@ -176,3 +176,27 @@
return TPM_SUCCESS;
 }
+
+uint32_t tlcl_cr50_disable_deep_sleep(void)
+{
+	struct tpm2_response *response;
+	uint16_t cmd = TPM2_CR50_SUB_CMD_DISABLE_DEEP_SLEEP;
+
+	printk(BIOS_DEBUG, "Disabling deep sleep\n");
+
+	response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &cmd);
+
+	if (!response)
+		return TPM_E_IOERROR;
+
+	if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
+	    response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND)
+		/* Explicitly inform caller when command is not supported */
+		return TPM_E_NO_SUCH_COMMAND;
+
+	if (response->hdr.tpm_code)
+		/* Unexpected return code from Cr50 */
+		return TPM_E_IOERROR;
+
+	return TPM_SUCCESS;
+}
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h
index 0028e80..f341db7 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.h
+++ b/src/security/tpm/tss/vendor/cr50/cr50.h
@@ -16,6 +16,7 @@
 #define TPM2_CR50_SUB_CMD_TPM_MODE (40)
 #define TPM2_CR50_SUB_CMD_GET_BOOT_MODE (52)
 #define TPM2_CR50_SUB_CMD_RESET_EC (53)
+#define TPM2_CR50_SUB_CMD_DISABLE_DEEP_SLEEP (59)
/* Cr50 vendor-specific error codes. */
 #define VENDOR_RC_ERR              0x00000500
@@ -104,4 +105,11 @@
  */
 uint32_t tlcl_cr50_reset_ec(void);
+/**
+ * CR50 specific TPM command sequence block entering deep sleep.
+ *
+ * Returns TPM_E_* for errors.
+ */
+uint32_t tlcl_cr50_disable_deep_sleep(void);
+
 #endif /* CR50_TSS_STRUCTURES_H_ */
diff --git a/src/soc/amd/cezanne/acpi/mmio.asl b/src/soc/amd/cezanne/acpi/mmio.asl
index 9e587b7..98f27af 100644
--- a/src/soc/amd/cezanne/acpi/mmio.asl
+++ b/src/soc/amd/cezanne/acpi/mmio.asl
@@ -88,7 +88,7 @@
    	}
    }
-	AOAC_DEVICE(FCH_AOAC_DEV_UART0, 0)
+	// AOAC_DEVICE(FCH_AOAC_DEV_UART0, 0)
 }
Device (FUR1) {
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/61640
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic8eb7ffbe1b5d58eba5c1f94dde8383cd04b1d69
Gerrit-Change-Number: 61640
Gerrit-PatchSet: 1
Gerrit-Owner: Raul Rangel rrangel@chromium.org
Gerrit-MessageType: newchange



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: WIP: guybrush: Call TPM Disable Deep Sleep when entering S0i3