Vladimir Serbinenko (phcoder@gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/10269
-gerrit
commit 839b4682c201675bea90c2f5f7e464fdcc436a30 Author: Vladimir Serbinenko phcoder@gmail.com Date: Mon May 18 10:29:06 2015 +0200
Move TPM code out of chromeos
This code is not specific to ChromeOS and is useful outside of it. Like with small modifications it can be used to disable TPM altogether.
Change-Id: I8c6baf0a1f7c67141f30101a132ea039b0d09819 Signed-off-by: Vladimir Serbinenko phcoder@gmail.com --- src/cpu/intel/haswell/romstage.c | 6 +- src/drivers/pc80/tpm/Kconfig | 24 ++- src/drivers/pc80/tpm/Makefile.inc | 1 + src/drivers/pc80/tpm/romstage.c | 236 ++++++++++++++++++++++++++ src/include/tpm.h | 2 + src/mainboard/google/bolt/Kconfig | 1 + src/mainboard/google/butterfly/Kconfig | 1 + src/mainboard/google/falco/Kconfig | 1 + src/mainboard/google/link/Kconfig | 1 + src/mainboard/google/link/romstage.c | 11 +- src/mainboard/google/panther/Kconfig | 1 + src/mainboard/google/parrot/Kconfig | 1 + src/mainboard/google/parrot/romstage.c | 10 +- src/mainboard/google/peppy/Kconfig | 1 + src/mainboard/google/rambi/Kconfig | 1 + src/mainboard/google/samus/Kconfig | 1 + src/mainboard/google/slippy/Kconfig | 1 + src/mainboard/google/stout/Kconfig | 1 + src/mainboard/google/stout/romstage.c | 10 +- src/mainboard/intel/baskingridge/Kconfig | 1 + src/mainboard/intel/emeraldlake2/romstage.c | 10 +- src/mainboard/intel/wtm2/Kconfig | 1 + src/mainboard/samsung/lumpy/Kconfig | 1 + src/mainboard/samsung/lumpy/romstage.c | 10 +- src/mainboard/samsung/stumpy/Kconfig | 1 + src/mainboard/samsung/stumpy/romstage.c | 10 +- src/soc/intel/baytrail/romstage/romstage.c | 13 +- src/soc/intel/braswell/romstage/romstage.c | 13 +- src/soc/intel/broadwell/romstage/romstage.c | 13 +- src/vendorcode/google/chromeos/Kconfig | 2 + src/vendorcode/google/chromeos/Makefile.inc | 1 - src/vendorcode/google/chromeos/chromeos.h | 4 - src/vendorcode/google/chromeos/vboot.c | 248 ---------------------------- 33 files changed, 319 insertions(+), 320 deletions(-)
diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c index 998f887..6d4141c 100644 --- a/src/cpu/intel/haswell/romstage.c +++ b/src/cpu/intel/haswell/romstage.c @@ -276,9 +276,9 @@ void romstage_common(const struct romstage_params *params) printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(wake_from_s3); + } timestamp_add_now(TS_END_ROMSTAGE); }
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig index 942b6e5..fc9270b 100644 --- a/src/drivers/pc80/tpm/Kconfig +++ b/src/drivers/pc80/tpm/Kconfig @@ -1,5 +1,12 @@ +config MAINBOARD_HAS_LPC_TPM + bool + default n + help + Board has TPM support + config LPC_TPM - bool + bool "Enable TPM support" + depends on MAINBOARD_HAS_LPC_TPM default n help Enable this option to enable LPC TPM support in coreboot. @@ -15,3 +22,18 @@ config TPM_TIS_BASE_ADDRESS The default is specified by the TCG PC Client Specific TPM Interface Specification 1.2 and should not be changed unless the TPM being used does not conform to TPM TIS 1.2. + +config TPM_INIT_FAILURE_IS_FATAL + bool + default n + depends on LPC_TPM + help + What to do if TPM init failed. If true, force a hard reset, + otherwise just log error message to console. + +config SKIP_TPM_STARTUP_ON_NORMAL_BOOT + bool + default n + depends on LPC_TPM + help + Skip TPM init on normal boot. Useful if payload does TPM init. diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc index c900fe8..089d067 100644 --- a/src/drivers/pc80/tpm/Makefile.inc +++ b/src/drivers/pc80/tpm/Makefile.inc @@ -1,2 +1,3 @@ romstage-$(CONFIG_LPC_TPM) += tpm.c ramstage-$(CONFIG_LPC_TPM) += tpm.c +romstage-$(CONFIG_LPC_TPM) += romstage.c diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c new file mode 100644 index 0000000..5e29e3a --- /dev/null +++ b/src/drivers/pc80/tpm/romstage.c @@ -0,0 +1,236 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc. + */ + +#include <types.h> +#include <console/cbmem_console.h> +#include <console/console.h> +#include <arch/acpi.h> +#include <tpm.h> +#include <reset.h> + +//#define EXTRA_LOGGING + +#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ + +#define TPM_SUCCESS ((u32)0x00000000) + +#define TPM_E_IOERROR ((u32)0x0000001f) +#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004) +#define TPM_E_NON_FATAL ((u32)0x00000800) +#define TPM_E_INVALID_POSTINIT ((u32)0x00000026) + +#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1)) +#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2)) + +static const struct { + u8 buffer[12]; +} tpm_resume_cmd = { + { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 } +}; + +static const struct { + u8 buffer[12]; +} tpm_startup_cmd = { + {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 } +}; + +static const struct { + u8 buffer[10]; +} tpm_continueselftest_cmd = { + { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 } +}; + +static inline void FromTpmUint32(const u8 * buffer, u32 * x) +{ + *x = ((buffer[0] << 24) | + (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]); +} + +static inline int TpmCommandSize(const u8 * buffer) +{ + u32 size; + FromTpmUint32(buffer + sizeof(u16), &size); + return (int)size; +} + +/* Gets the code field of a TPM command. */ +static inline int TpmCommandCode(const u8 * buffer) +{ + u32 code; + FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code); + return code; +} + +/* Gets the return code field of a TPM result. */ +static inline int TpmReturnCode(const u8 * buffer) +{ + return TpmCommandCode(buffer); +} + +/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or + * DOING_SELFTEST errors are returned. + */ +static u32 TlclSendReceiveNoRetry(const u8 * request, + u8 * response, int max_length) +{ + size_t response_length = max_length; + u32 result; + +#ifdef EXTRA_LOGGING + printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n", + request[0], request[1], + request[2], request[3], request[4], request[5], + request[6], request[7], request[8], request[9]); +#endif + + result = TPM_SUCCESS; + if (tis_sendrecv + (request, TpmCommandSize(request), response, &response_length)) + result = TPM_E_IOERROR; + + if (0 != result) { + /* Communication with TPM failed, so response is garbage */ + printk(BIOS_DEBUG, + "TPM: command 0x%x send/receive failed: 0x%x\n", + TpmCommandCode(request), result); + return TPM_E_COMMUNICATION_ERROR; + } + /* Otherwise, use the result code from the response */ + result = TpmReturnCode(response); + +/* TODO: add paranoia about returned response_length vs. max_length + * (and possibly expected length from the response header). See + * crosbug.com/17017 */ + +#ifdef EXTRA_LOGGING + printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n", + response[0], response[1], + response[2], response[3], response[4], response[5], + response[6], response[7], response[8], response[9]); +#endif + + printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n", + TpmCommandCode(request), result); + + return result; +} + +static inline u32 TlclContinueSelfTest(void) +{ + u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + printk(BIOS_DEBUG, "TPM: Continue self test\n"); + /* Call the No Retry version of SendReceive to avoid recursion. */ + return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer, + response, sizeof(response)); +} + +/* Sends a TPM command and gets a response. Returns 0 if success or the TPM + * error code if error. In the firmware, waits for the self test to complete + * if needed. In the host, reports the first error without retries. */ +static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length) +{ + u32 result = TlclSendReceiveNoRetry(request, response, max_length); + /* When compiling for the firmware, hide command failures due to the self + * test not having run or completed. */ + /* If the command fails because the self test has not completed, try it + * again after attempting to ensure that the self test has completed. */ + if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) { + result = TlclContinueSelfTest(); + if (result != TPM_SUCCESS) { + return result; + } +#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE) + /* Retry only once */ + result = TlclSendReceiveNoRetry(request, response, max_length); +#else + /* This needs serious testing. The TPM specification says: + * "iii. The caller MUST wait for the actions of + * TPM_ContinueSelfTest to complete before reissuing the + * command C1." But, if ContinueSelfTest is non-blocking, how + * do we know that the actions have completed other than trying + * again? */ + do { + result = + TlclSendReceiveNoRetry(request, response, + max_length); + } while (result == TPM_E_DOING_SELFTEST); +#endif + } + + return result; +} + +void init_tpm(int s3resume) +{ + u32 result; + u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + + /* Doing TPM startup when we're not coming in on the S3 resume path + * saves us roughly 20ms in boot time only. This does not seem to + * be worth an API change to vboot_reference-firmware right now, so + * let's keep the code around, but just bail out early: + */ + if (s3resume ? CONFIG_NO_TPM_RESUME + : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT) + return; + + printk(BIOS_DEBUG, "TPM initialization.\n"); + + printk(BIOS_SPEW, "TPM: Init\n"); + if (tis_init()) + return; + + printk(BIOS_SPEW, "TPM: Open\n"); + if (tis_open()) + return; + + + if (s3resume) { + /* S3 Resume */ + printk(BIOS_SPEW, "TPM: Resume\n"); + result = TlclSendReceive(tpm_resume_cmd.buffer, + response, sizeof(response)); + if (result == TPM_E_INVALID_POSTINIT) { + /* We're on a platform where the TPM maintains power + * in S3, so it's already initialized. + */ + printk(BIOS_DEBUG, "TPM: Already initialized.\n"); + return; + } + } else { + printk(BIOS_SPEW, "TPM: Startup\n"); + result = TlclSendReceive(tpm_startup_cmd.buffer, + response, sizeof(response)); + } + + if (result == TPM_SUCCESS) { + printk(BIOS_SPEW, "TPM: OK.\n"); + return; + } + + printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result); + + if (CONFIG_TPM_INIT_FAILURE_IS_FATAL) { + printk(BIOS_ERR, "Hard reset!\n"); + post_code(POST_TPM_FAILURE); + if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) + cbmem_dump_console(); + hard_reset(); + } +} diff --git a/src/include/tpm.h b/src/include/tpm.h index 464f32e..9b4db4a 100644 --- a/src/include/tpm.h +++ b/src/include/tpm.h @@ -66,4 +66,6 @@ int tis_close(void); int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, size_t *recv_len);
+void init_tpm(int s3resume); + #endif /* TPM_H_ */ diff --git a/src/mainboard/google/bolt/Kconfig b/src/mainboard/google/bolt/Kconfig index 2239f70..74e1edd 100644 --- a/src/mainboard/google/bolt/Kconfig +++ b/src/mainboard/google/bolt/Kconfig @@ -16,6 +16,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_INT15 select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig index 7472c06..b1a64ee 100644 --- a/src/mainboard/google/butterfly/Kconfig +++ b/src/mainboard/google/butterfly/Kconfig @@ -13,6 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_CMOS_DEFAULT select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/falco/Kconfig b/src/mainboard/google/falco/Kconfig index a8faaab..5b97259 100644 --- a/src/mainboard/google/falco/Kconfig +++ b/src/mainboard/google/falco/Kconfig @@ -17,6 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig index 316434f..0f70925 100644 --- a/src/mainboard/google/link/Kconfig +++ b/src/mainboard/google/link/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select SERIRQ_CONTINUOUS_MODE select MAINBOARD_HAS_NATIVE_VGA_INIT select CHROMEOS_VBNV_CMOS diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c index ca8c2bd..cda5011 100644 --- a/src/mainboard/google/link/romstage.c +++ b/src/mainboard/google/link/romstage.c @@ -41,9 +41,7 @@ #include <cpu/x86/msr.h> #include <halt.h> #include "gpio.h" -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif +#include <tpm.h> #include <cbfs.h>
#include <southbridge/intel/bd82x6x/chip.h> @@ -246,8 +244,9 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2);
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } + timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/google/panther/Kconfig b/src/mainboard/google/panther/Kconfig index 31062ed..37a8548 100644 --- a/src/mainboard/google/panther/Kconfig +++ b/src/mainboard/google/panther/Kconfig @@ -15,6 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_INT15 select PHYSICAL_REC_SWITCH diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig index 07405c6..9cf390a 100644 --- a/src/mainboard/google/parrot/Kconfig +++ b/src/mainboard/google/parrot/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c index d0fab67..e2373f9 100644 --- a/src/mainboard/google/parrot/romstage.c +++ b/src/mainboard/google/parrot/romstage.c @@ -39,10 +39,8 @@ #include <cpu/x86/msr.h> #include <halt.h> #include "gpio.h" -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif #include <cbfs.h> +#include <tpm.h> #include "ec/compal/ene932/ec.h"
static void pch_enable_lpc(void) @@ -197,8 +195,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2);
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/google/peppy/Kconfig b/src/mainboard/google/peppy/Kconfig index d6a208b..2c1560a 100644 --- a/src/mainboard/google/peppy/Kconfig +++ b/src/mainboard/google/peppy/Kconfig @@ -17,6 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig index 4c9e891..1130d11 100644 --- a/src/mainboard/google/rambi/Kconfig +++ b/src/mainboard/google/rambi/Kconfig @@ -12,6 +12,7 @@ config BOARD_SPECIFIC_OPTIONS select HAVE_OPTION_TABLE select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select ALWAYS_LOAD_OPROM select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/samus/Kconfig b/src/mainboard/google/samus/Kconfig index f655b29..06317e9 100644 --- a/src/mainboard/google/samus/Kconfig +++ b/src/mainboard/google/samus/Kconfig @@ -15,6 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select CHROMEOS_RAMOOPS_DYNAMIC select INTEL_INT15 diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig index fd4cb2f..cfbce5e 100644 --- a/src/mainboard/google/slippy/Kconfig +++ b/src/mainboard/google/slippy/Kconfig @@ -16,6 +16,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MMCONF_SUPPORT select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select EXTERNAL_MRC_BLOB select INTEL_DP select INTEL_DDI diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig index ec03d87..eca83da 100644 --- a/src/mainboard/google/stout/Kconfig +++ b/src/mainboard/google/stout/Kconfig @@ -13,6 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_CMOS_DEFAULT select HAVE_ACPI_RESUME select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c index ee6ca4f..b010791 100644 --- a/src/mainboard/google/stout/romstage.c +++ b/src/mainboard/google/stout/romstage.c @@ -40,9 +40,7 @@ #include <halt.h> #include "gpio.h" #include <bootmode.h> -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif +#include <tpm.h> #include <cbfs.h> #include <ec/quanta/it8518/ec.h> #include "ec.h" @@ -251,8 +249,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2);
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig index c3e3361..f916138 100644 --- a/src/mainboard/intel/baskingridge/Kconfig +++ b/src/mainboard/intel/baskingridge/Kconfig @@ -11,6 +11,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_ACPI_RESUME select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c index c9d5cf1..f15bc5a 100644 --- a/src/mainboard/intel/emeraldlake2/romstage.c +++ b/src/mainboard/intel/emeraldlake2/romstage.c @@ -39,10 +39,8 @@ #include <cpu/x86/bist.h> #include <cpu/x86/msr.h> #include <halt.h> +#include <tpm.h> #include "gpio.h" -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif
#define SIO_PORT 0x164e
@@ -255,8 +253,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2);
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig index 5a064d1..b8f616a 100644 --- a/src/mainboard/intel/wtm2/Kconfig +++ b/src/mainboard/intel/wtm2/Kconfig @@ -9,6 +9,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select HAVE_ACPI_RESUME select HAVE_SMI_HANDLER select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select MAINBOARD_HAS_NATIVE_VGA_INIT select INTEL_INT15
diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig index 7c9dce4..fed4610 100644 --- a/src/mainboard/samsung/lumpy/Kconfig +++ b/src/mainboard/samsung/lumpy/Kconfig @@ -5,6 +5,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SYSTEM_TYPE_LAPTOP select BOARD_ROMSIZE_KB_8192 select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select CPU_INTEL_SOCKET_RPGA989 select EC_SMSC_MEC1308 select HAVE_ACPI_RESUME diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c index 9b1a023..73a1037 100644 --- a/src/mainboard/samsung/lumpy/romstage.c +++ b/src/mainboard/samsung/lumpy/romstage.c @@ -32,6 +32,7 @@ #include <cbmem.h> #include <console/console.h> #include <bootmode.h> +#include <tpm.h> #include <northbridge/intel/sandybridge/sandybridge.h> #include <northbridge/intel/sandybridge/raminit.h> #include <southbridge/intel/bd82x6x/pch.h> @@ -45,9 +46,6 @@ #if CONFIG_DRIVERS_UART_8250IO #include <superio/smsc/lpc47n207/lpc47n207.h> #endif -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif
static void pch_enable_lpc(void) { @@ -273,8 +271,8 @@ void main(unsigned long bist) } northbridge_romstage_finalize(boot_mode==2); post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig index 1eda8eb..f749c39 100644 --- a/src/mainboard/samsung/stumpy/Kconfig +++ b/src/mainboard/samsung/stumpy/Kconfig @@ -4,6 +4,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy def_bool y select BOARD_ROMSIZE_KB_8192 select MAINBOARD_HAS_CHROMEOS + select MAINBOARD_HAS_LPC_TPM select CPU_INTEL_SOCKET_RPGA989 select HAVE_ACPI_RESUME select HAVE_ACPI_TABLES diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c index 6506c80..b155aee 100644 --- a/src/mainboard/samsung/stumpy/romstage.c +++ b/src/mainboard/samsung/stumpy/romstage.c @@ -41,13 +41,11 @@ #include <cpu/x86/bist.h> #include <cpu/x86/msr.h> #include <halt.h> +#include <tpm.h> #include "gpio.h" #if CONFIG_DRIVERS_UART_8250IO #include <superio/smsc/lpc47n207/lpc47n207.h> #endif -#if CONFIG_CHROMEOS -#include <vendorcode/google/chromeos/chromeos.h> -#endif
/* Stumpy USB Reset Disable defined in cmos.layout */ #if CONFIG_USE_OPTION_TABLE @@ -283,8 +281,8 @@ void main(unsigned long bist) northbridge_romstage_finalize(boot_mode==2);
post_code(0x3f); -#if CONFIG_CHROMEOS - init_chromeos(boot_mode); -#endif + if (CONFIG_LPC_TPM) { + init_tpm(bootmode == 2); + } timestamp_add_now(TS_END_ROMSTAGE); } diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c index bfc8678..a32db02 100644 --- a/src/soc/intel/baytrail/romstage/romstage.c +++ b/src/soc/intel/baytrail/romstage/romstage.c @@ -33,6 +33,7 @@ #include <romstage_handoff.h> #include <stage_cache.h> #include <timestamp.h> +#include <tpm.h> #include <vendorcode/google/chromeos/chromeos.h> #include <soc/gpio.h> #include <soc/iomap.h> @@ -211,14 +212,6 @@ static int chipset_prev_sleep_state(struct chipset_power_state *ps) return prev_sleep_state; }
-static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2. */ - init_chromeos(prev_sleep_state == 3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -250,7 +243,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
- chromeos_init(prev_sleep_state); + if (CONFIG_LPC_TPM) { + init_tpm(prev_sleep_state == 3); + } }
void asmlinkage romstage_after_car(void) diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c index 9c8bbc4..5e5b8be 100644 --- a/src/soc/intel/braswell/romstage/romstage.c +++ b/src/soc/intel/braswell/romstage/romstage.c @@ -43,6 +43,7 @@ #include <soc/romstage.h> #include <soc/smm.h> #include <soc/spi.h> +#include <tpm.h>
/* The cache-as-ram assembly file calls romstage_main() after setting up * cache-as-ram. romstage_main() will then call the mainboards's @@ -211,14 +212,6 @@ static int chipset_prev_sleep_state(struct chipset_power_state *ps) return prev_sleep_state; }
-static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2. */ - init_chromeos(prev_sleep_state == 3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -250,7 +243,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
- chromeos_init(prev_sleep_state); + if (CONFIG_LPC_TPM) { + init_tpm(prev_sleep_state == 3); + } }
void asmlinkage romstage_after_car(void) diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c index 50d5b24..e950b1e 100644 --- a/src/soc/intel/broadwell/romstage/romstage.c +++ b/src/soc/intel/broadwell/romstage/romstage.c @@ -29,6 +29,7 @@ #include <cbmem.h> #include <cpu/x86/mtrr.h> #include <elog.h> +#include <tpm.h> #include <romstage_handoff.h> #include <stage_cache.h> #include <timestamp.h> @@ -89,14 +90,6 @@ void * asmlinkage romstage_main(unsigned long bist, return setup_stack_and_mttrs(); }
-static inline void chromeos_init(int prev_sleep_state) -{ -#if CONFIG_CHROMEOS - /* Normalize the sleep state to what init_chromeos() wants for S3: 2 */ - init_chromeos(prev_sleep_state == SLEEP_STATE_S3 ? 2 : 0); -#endif -} - /* Entry from the mainboard. */ void romstage_common(struct romstage_params *params) { @@ -132,7 +125,9 @@ void romstage_common(struct romstage_params *params) else printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
- chromeos_init(params->power_state->prev_sleep_state); +#if CONFIG_LPC_TPM + init_tpm(prev_sleep_state == SLEEP_STATE_S3); +#endif }
void asmlinkage romstage_after_car(void) diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 4e7fdac..0b0b862 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -26,6 +26,8 @@ config CHROMEOS bool "Build for ChromeOS" default n select TPM + select TPM_INIT_FAILURE_IS_FATAL + select SKIP_TPM_STARTUP_ON_NORMAL_BOOT select BOOTMODE_STRAPS select ELOG help diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 67beaba..df24435 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -32,7 +32,6 @@ verstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c romstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c ramstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c
-romstage-$(CONFIG_ARCH_ROMSTAGE_X86_32) += vboot.c ramstage-$(CONFIG_ELOG) += elog.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += gnvs.c ramstage-$(CONFIG_CHROMEOS_RAMOOPS) += ramoops.c diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h index e495a11..c7048dd 100644 --- a/src/vendorcode/google/chromeos/chromeos.h +++ b/src/vendorcode/google/chromeos/chromeos.h @@ -39,9 +39,6 @@ void read_vbnv(uint8_t *vbnv_copy); void save_vbnv(const uint8_t *vbnv_copy);
#if CONFIG_CHROMEOS -/* functions implemented in vboot.c */ -void init_chromeos(int bootmode); - /* functions implemented in elog.c */ void elog_add_boot_reason(void);
@@ -53,7 +50,6 @@ int vboot_enable_developer(void); int vboot_enable_recovery(void); int vboot_skip_display_init(void); #else -static inline void init_chromeos(int bootmode) { } static inline void elog_add_boot_reason(void) { return; } static inline void elog_add_watchdog_reset(void) { return; } static inline void reboot_from_watchdog(void) { return; } diff --git a/src/vendorcode/google/chromeos/vboot.c b/src/vendorcode/google/chromeos/vboot.c deleted file mode 100644 index 6678aaa..0000000 --- a/src/vendorcode/google/chromeos/vboot.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc. - */ - -#include <types.h> -#include <console/cbmem_console.h> -#include <console/console.h> -#include <arch/acpi.h> -#include <tpm.h> -#include <reset.h> -#include "chromeos.h" - -//#define EXTRA_LOGGING -#define UBOOT_DOES_TPM_STARTUP - -#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ - -#define TPM_SUCCESS ((u32)0x00000000) - -#define TPM_E_IOERROR ((u32)0x0000001f) -#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004) -#define TPM_E_NON_FATAL ((u32)0x00000800) -#define TPM_E_INVALID_POSTINIT ((u32)0x00000026) - -#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1)) -#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2)) - -#if CONFIG_NO_TPM_RESUME -static void init_vboot(int bootmode) -{ -} -#else -static const struct { - u8 buffer[12]; -} tpm_resume_cmd = { - { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 } -}; - -static const struct { - u8 buffer[12]; -} tpm_startup_cmd = { - {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 } -}; - -static const struct { - u8 buffer[10]; -} tpm_continueselftest_cmd = { - { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 } -}; - -static inline void FromTpmUint32(const u8 * buffer, u32 * x) -{ - *x = ((buffer[0] << 24) | - (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]); -} - -static inline int TpmCommandSize(const u8 * buffer) -{ - u32 size; - FromTpmUint32(buffer + sizeof(u16), &size); - return (int)size; -} - -/* Gets the code field of a TPM command. */ -static inline int TpmCommandCode(const u8 * buffer) -{ - u32 code; - FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code); - return code; -} - -/* Gets the return code field of a TPM result. */ -static inline int TpmReturnCode(const u8 * buffer) -{ - return TpmCommandCode(buffer); -} - -/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or - * DOING_SELFTEST errors are returned. - */ -static u32 TlclSendReceiveNoRetry(const u8 * request, - u8 * response, int max_length) -{ - size_t response_length = max_length; - u32 result; - -#ifdef EXTRA_LOGGING - printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n", - request[0], request[1], - request[2], request[3], request[4], request[5], - request[6], request[7], request[8], request[9]); -#endif - - result = TPM_SUCCESS; - if (tis_sendrecv - (request, TpmCommandSize(request), response, &response_length)) - result = TPM_E_IOERROR; - - if (0 != result) { - /* Communication with TPM failed, so response is garbage */ - printk(BIOS_DEBUG, - "TPM: command 0x%x send/receive failed: 0x%x\n", - TpmCommandCode(request), result); - return TPM_E_COMMUNICATION_ERROR; - } - /* Otherwise, use the result code from the response */ - result = TpmReturnCode(response); - -/* TODO: add paranoia about returned response_length vs. max_length - * (and possibly expected length from the response header). See - * crosbug.com/17017 */ - -#ifdef EXTRA_LOGGING - printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n", - response[0], response[1], - response[2], response[3], response[4], response[5], - response[6], response[7], response[8], response[9]); -#endif - - printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n", - TpmCommandCode(request), result); - - return result; -} - -static inline u32 TlclContinueSelfTest(void) -{ - u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; - printk(BIOS_DEBUG, "TPM: Continue self test\n"); - /* Call the No Retry version of SendReceive to avoid recursion. */ - return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer, - response, sizeof(response)); -} - -/* Sends a TPM command and gets a response. Returns 0 if success or the TPM - * error code if error. In the firmware, waits for the self test to complete - * if needed. In the host, reports the first error without retries. */ -static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length) -{ - u32 result = TlclSendReceiveNoRetry(request, response, max_length); - /* When compiling for the firmware, hide command failures due to the self - * test not having run or completed. */ - /* If the command fails because the self test has not completed, try it - * again after attempting to ensure that the self test has completed. */ - if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) { - result = TlclContinueSelfTest(); - if (result != TPM_SUCCESS) { - return result; - } -#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE) - /* Retry only once */ - result = TlclSendReceiveNoRetry(request, response, max_length); -#else - /* This needs serious testing. The TPM specification says: - * "iii. The caller MUST wait for the actions of - * TPM_ContinueSelfTest to complete before reissuing the - * command C1." But, if ContinueSelfTest is non-blocking, how - * do we know that the actions have completed other than trying - * again? */ - do { - result = - TlclSendReceiveNoRetry(request, response, - max_length); - } while (result == TPM_E_DOING_SELFTEST); -#endif - } - - return result; -} - -static void init_vboot(int bootmode) -{ - u32 result; - u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; - -#ifdef UBOOT_DOES_TPM_STARTUP - /* Doing TPM startup when we're not coming in on the S3 resume path - * saves us roughly 20ms in boot time only. This does not seem to - * be worth an API change to vboot_reference-firmware right now, so - * let's keep the code around, but just bail out early: - */ - if (bootmode != 2) - return; -#endif - - printk(BIOS_DEBUG, "Verified boot TPM initialization.\n"); - - printk(BIOS_SPEW, "TPM: Init\n"); - if (tis_init()) - return; - - printk(BIOS_SPEW, "TPM: Open\n"); - if (tis_open()) - return; - - - if (bootmode == 2) { - /* S3 Resume */ - printk(BIOS_SPEW, "TPM: Resume\n"); - result = TlclSendReceive(tpm_resume_cmd.buffer, - response, sizeof(response)); - if (result == TPM_E_INVALID_POSTINIT) { - /* We're on a platform where the TPM maintains power - * in S3, so it's already initialized. - */ - printk(BIOS_DEBUG, "TPM: Already initialized.\n"); - return; - } - } else { - printk(BIOS_SPEW, "TPM: Startup\n"); - result = TlclSendReceive(tpm_startup_cmd.buffer, - response, sizeof(response)); - } - - if (result == TPM_SUCCESS) { - printk(BIOS_SPEW, "TPM: OK.\n"); - return; - } - -#if !MOCK_TPM - printk(BIOS_ERR, "TPM: Error code 0x%x. Hard reset!\n", result); - post_code(POST_TPM_FAILURE); - if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) - cbmem_dump_console(); - hard_reset(); -#endif -} -#endif - -void init_chromeos(int bootmode) -{ - init_vboot(bootmode); -}