Martin L Roth has submitted this change. ( https://review.coreboot.org/c/coreboot/+/63158 )
Change subject: tpm: Allow separate handling of Google Ti50 TPM ......................................................................
tpm: Allow separate handling of Google Ti50 TPM
A new iteration of Google's TPM implementation will advertize a new DID:VID, but otherwise follow the same protocol as the earlier design.
This change makes use of Kconfigs TPM_GOOGLE_CR50 and TPM_GOOGLE_TI50 to be able to take slightly different code paths, when e.g. evaluating whether TPM firmware is new enough to support certain features.
Change-Id: I1e1f8eb9b94fc2d5689656335dc1135b47880986 Signed-off-by: Jes B. Klinke jbk@chromium.org Reviewed-on: https://review.coreboot.org/c/coreboot/+/63158 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Julius Werner jwerner@chromium.org --- M src/drivers/i2c/tpm/Kconfig M src/drivers/i2c/tpm/cr50.c M src/drivers/spi/tpm/tpm.c M src/drivers/tpm/cr50.c M src/drivers/tpm/cr50.h M src/mainboard/google/brya/Kconfig 6 files changed, 32 insertions(+), 39 deletions(-)
Approvals: build bot (Jenkins): Verified Julius Werner: Looks good to me, approved
diff --git a/src/drivers/i2c/tpm/Kconfig b/src/drivers/i2c/tpm/Kconfig index 8efcbaf..0e7856d 100644 --- a/src/drivers/i2c/tpm/Kconfig +++ b/src/drivers/i2c/tpm/Kconfig @@ -3,15 +3,6 @@ help I2C TPM driver is enabled!
-config MAINBOARD_NEEDS_I2C_TI50_WORKAROUND - bool - default n - help - Ti50 FW versions below 0.15 don't support the firmware_version or board_cfg registers, - and trying to access them causes I2C errors. This config will skip accesses to these - registers, and should be selected for boards using Ti50 chips with FW < 0.15. The config - will be removed once all Ti50 stocks are updated to 0.15 or higher. - config DRIVER_TIS_DEFAULT bool depends on I2C_TPM diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c index 7eb066d..0130b93 100644 --- a/src/drivers/i2c/tpm/cr50.c +++ b/src/drivers/i2c/tpm/cr50.c @@ -36,6 +36,7 @@ #define CR50_TIMEOUT_NOIRQ_MS 20 /* Timeout for TPM ready without IRQ */ #define CR50_TIMEOUT_IRQ_MS 100 /* Timeout for TPM ready with IRQ */ #define CR50_DID_VID 0x00281ae0L +#define TI50_DID_VID 0x504a6666L
struct tpm_inf_dev { int bus; @@ -455,7 +456,7 @@ rc = cr50_i2c_read(TPM_DID_VID(0), (uint8_t *)did_vid, 4);
/* Exit once DID and VID verified */ - if (!rc && (*did_vid == CR50_DID_VID)) { + if (!rc && (*did_vid == CR50_DID_VID || *did_vid == TI50_DID_VID)) { printk(BIOS_INFO, "done! DID_VID 0x%08x\n", *did_vid); return 0; } @@ -474,7 +475,6 @@
int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr) { - struct cr50_firmware_version ver; uint32_t did_vid = 0;
if (dev_addr == 0) { @@ -500,12 +500,10 @@ printk(BIOS_DEBUG, "cr50 TPM 2.0 (i2c %u:0x%02x id 0x%x)\n", bus, dev_addr, did_vid >> 16);
- /* Ti50 FW version under 0.15 doesn't support board cfg command - TODO: remove this flag after all stocks Ti50 uprev to 0.15 or above */ - if (!CONFIG(MAINBOARD_NEEDS_I2C_TI50_WORKAROUND) && tpm_first_access_this_boot()) { + if (tpm_first_access_this_boot()) { /* This is called for the side-effect of printing the version string. */ - cr50_get_firmware_version(&ver); - cr50_set_board_cfg(); + cr50_get_firmware_version(NULL); + cr50_set_board_cfg(); }
chip->is_open = 1; diff --git a/src/drivers/spi/tpm/tpm.c b/src/drivers/spi/tpm/tpm.c index 1462dd9..8625a79 100644 --- a/src/drivers/spi/tpm/tpm.c +++ b/src/drivers/spi/tpm/tpm.c @@ -419,6 +419,7 @@ /* Device/vendor ID values of the TPM devices this driver supports. */ static const uint32_t supported_did_vids[] = { 0x00281ae0, /* H1 based Cr50 security chip. */ + 0x504a6666, /* H1D3C based Ti50 security chip. */ 0x0000104a /* ST33HTPH2E32 */ };
@@ -496,15 +497,13 @@ printk(BIOS_INFO, "Connected to device vid:did:rid of %4.4x:%4.4x:%2.2x\n", tpm_info.vendor_id, tpm_info.device_id, tpm_info.revision);
- /* Do some cr50-specific things here. */ - if (CONFIG(TPM_GOOGLE) && tpm_info.vendor_id == 0x1ae0) { - struct cr50_firmware_version ver; - + /* Do some GSC-specific things here. */ + if (CONFIG(TPM_GOOGLE)) { if (tpm_first_access_this_boot()) { /* This is called for the side-effect of printing the firmware version string */ - cr50_get_firmware_version(&ver); - cr50_set_board_cfg(); + cr50_get_firmware_version(NULL); + cr50_set_board_cfg(); } } return 0; diff --git a/src/drivers/tpm/cr50.c b/src/drivers/tpm/cr50.c index 4ab01fb..22ca3dd 100644 --- a/src/drivers/tpm/cr50.c +++ b/src/drivers/tpm/cr50.c @@ -5,6 +5,9 @@ #include <string.h> #include <types.h>
+#define CR50_DID_VID 0x00281ae0L +#define TI50_DID_VID 0x504a6666L + #define CR50_BOARD_CFG_LOCKBIT_MASK 0x80000000U #define CR50_BOARD_CFG_FEATUREBITS_MASK 0x3FFFFFFFU
@@ -84,7 +87,7 @@ const enum cb_err ret = tis_vendor_read(get_reg_addr(CR50_BOARD_CFG_REG), &value, sizeof(value)); if (ret != CB_SUCCESS) { - printk(BIOS_INFO, "Error reading from cr50\n"); + printk(BIOS_ERR, "Error reading from Cr50\n"); return 0; }
@@ -96,6 +99,11 @@ */ enum cb_err cr50_set_board_cfg(void) { + /* If we get here and we aren't cr50, then we must be ti50 which does + * not currently need to support a board_cfg register. */ + if (!CONFIG(TPM_GOOGLE_CR50)) + return CB_SUCCESS; + struct cr50_firmware_version ver; enum cb_err ret; uint32_t value; @@ -109,7 +117,7 @@ /* Set the CR50_BOARD_CFG register, for e.g. asking cr50 to use longer ready pulses. */ ret = tis_vendor_read(get_reg_addr(CR50_BOARD_CFG_REG), &value, sizeof(value)); if (ret != CB_SUCCESS) { - printk(BIOS_INFO, "Error reading from cr50\n"); + printk(BIOS_ERR, "Error reading from Cr50\n"); return CB_ERR; }
@@ -142,19 +150,15 @@
bool cr50_is_long_interrupt_pulse_enabled(void) { - /* - * Ti50 FW versions under 0.15 don't support the board cfg register, - * and all Ti50 versions only support long IRQ pulses. - * TODO: Remove this after all Ti50 stocks uprev to 0.15 or above. - */ - if (CONFIG(MAINBOARD_NEEDS_I2C_TI50_WORKAROUND)) - return true; + if (CONFIG(TPM_GOOGLE_CR50)) + return !!(cr50_get_board_cfg() & CR50_BOARD_CFG_100US_READY_PULSE);
- return !!(cr50_get_board_cfg() & CR50_BOARD_CFG_100US_READY_PULSE); + /* Ti50 and future GSCs will support only long interrupt pulses. */ + return true; }
static enum cb_err cr50_parse_fw_version(const char *version_str, - struct cr50_firmware_version *ver) + struct cr50_firmware_version *ver) { int epoch, major, minor;
@@ -219,6 +223,7 @@ }
success: - *version = cr50_firmware_version; + if (version) + *version = cr50_firmware_version; return CB_SUCCESS; } diff --git a/src/drivers/tpm/cr50.h b/src/drivers/tpm/cr50.h index f754e13..b39d744 100644 --- a/src/drivers/tpm/cr50.h +++ b/src/drivers/tpm/cr50.h @@ -5,7 +5,7 @@
#include <types.h>
-/* Structure describing the elements of Cr50 firmware version. */ +/* Structure describing the elements of GSC firmware version. */ struct cr50_firmware_version { int epoch; int major; @@ -15,7 +15,7 @@ /* Indicates whether Cr50 ready pulses are guaranteed to be at least 100us. */ bool cr50_is_long_interrupt_pulse_enabled(void);
-/* Get the Cr50 firmware version information. */ +/* Get the GSC firmware version information. */ enum cb_err cr50_get_firmware_version(struct cr50_firmware_version *version);
/* Set the BOARD_CFG register depending on Cr50 Kconfigs */ diff --git a/src/mainboard/google/brya/Kconfig b/src/mainboard/google/brya/Kconfig index 1a3cb55..5263323 100644 --- a/src/mainboard/google/brya/Kconfig +++ b/src/mainboard/google/brya/Kconfig @@ -1,7 +1,6 @@ config BOARD_GOOGLE_BRYA_COMMON def_bool n select BOARD_ROMSIZE_KB_32768 - select CR50_USE_LONG_INTERRUPT_PULSES select DRIVERS_GENERIC_ALC1015 select DRIVERS_GENERIC_GPIO_KEYS select DRIVERS_GENERIC_MAX98357A @@ -37,7 +36,6 @@ select SOC_INTEL_CSE_LITE_SKU select SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES if SOC_INTEL_ALDERLAKE_PCH_P select SOC_INTEL_COMMON_BASECODE_DEBUG_FEATURE - select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_BRYA def_bool n @@ -46,6 +44,7 @@ select MEMORY_SOLDERDOWN if !BOARD_GOOGLE_BANSHEE select SOC_INTEL_ALDERLAKE_PCH_P select SYSTEM_TYPE_LAPTOP + select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_BRASK def_bool n @@ -57,16 +56,17 @@ select RT8168_GET_MAC_FROM_VPD select RT8168_SET_LED_MODE select SOC_INTEL_ALDERLAKE_PCH_P + select TPM_GOOGLE_CR50
config BOARD_GOOGLE_BASEBOARD_NISSA def_bool n select BOARD_GOOGLE_BRYA_COMMON select CHROMEOS_DRAM_PART_NUMBER_IN_CBI if CHROMEOS - select MAINBOARD_NEEDS_I2C_TI50_WORKAROUND select MEMORY_SOLDERDOWN select SOC_INTEL_ALDERLAKE_PCH_N select SOC_INTEL_CSE_LITE_COMPRESS_ME_RW select SYSTEM_TYPE_LAPTOP + select TPM_GOOGLE_TI50
if BOARD_GOOGLE_BRYA_COMMON