Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/69162?usp=email )
Change subject: security/tpm: support compiling in multiple TPM drivers ......................................................................
security/tpm: support compiling in multiple TPM drivers
Starting from here CONFIG_TPM1 and CONFIG_TPM2 are no longer mutually exclusive.
Change-Id: I44c5a1d825afe414c2f5c2c90f4cfe41ba9bef5f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk sergii.dmytruk@3mdeb.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/69162 Reviewed-by: Julius Werner jwerner@chromium.org Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/drivers/crb/tis.c M src/drivers/crb/tpm.h M src/drivers/i2c/tpm/tis.c M src/drivers/i2c/tpm/tis_atmel.c M src/drivers/i2c/tpm/tpm.h M src/drivers/pc80/tpm/tis.c A src/drivers/pc80/tpm/tpm.h M src/drivers/spi/tpm/tis.c M src/drivers/spi/tpm/tpm.h M src/security/tpm/Kconfig M src/security/tpm/tis.h M src/security/tpm/tss/tss.c 12 files changed, 53 insertions(+), 28 deletions(-)
Approvals: build bot (Jenkins): Verified Julius Werner: Looks good to me, approved
diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c index 1b398f7..3893917 100644 --- a/src/drivers/crb/tis.c +++ b/src/drivers/crb/tis.c @@ -46,7 +46,7 @@ return TPM_SUCCESS; }
-tis_sendrecv_fn tis_probe(enum tpm_family *family) +tis_sendrecv_fn crb_tis_probe(enum tpm_family *family) { struct crb_tpm_info info;
diff --git a/src/drivers/crb/tpm.h b/src/drivers/crb/tpm.h index fbe3901..aaf63a4 100644 --- a/src/drivers/crb/tpm.h +++ b/src/drivers/crb/tpm.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause */ /* This is a driver for a Command Response Buffer Interface */
+#include <security/tpm/tis.h> #include <security/tpm/tss_errors.h>
/* CRB driver */ @@ -65,3 +66,5 @@ size_t crb_tpm_process_command(const void *tpm2_command, size_t command_size, void *tpm2_response, size_t max_response); bool crb_tpm_is_active(void); + +tis_sendrecv_fn crb_tis_probe(enum tpm_family *family); diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c index fd09240..1fba61a 100644 --- a/src/drivers/i2c/tpm/tis.c +++ b/src/drivers/i2c/tpm/tis.c @@ -118,7 +118,7 @@ return TPM_SUCCESS; }
-tis_sendrecv_fn tis_probe(enum tpm_family *family) +tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) { if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR, family)) return NULL; diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c index a0bbf33..ad5e7f3 100644 --- a/src/drivers/i2c/tpm/tis_atmel.c +++ b/src/drivers/i2c/tpm/tis_atmel.c @@ -12,6 +12,8 @@ #include <timer.h> #include <types.h>
+#include "tpm.h" + #define RECV_TIMEOUT (1 * 1000) /* 1 second */ #define XMIT_TIMEOUT (1 * 1000) /* 1 second */ #define SLEEP_DURATION 1000 /* microseconds */ @@ -107,7 +109,7 @@ return TPM_SUCCESS; }
-tis_sendrecv_fn tis_probe(enum tpm_family *family) +tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family) { /* * Can't query version or really anything as the device doesn't support diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h index 46935e24..ba78a42 100644 --- a/src/drivers/i2c/tpm/tpm.h +++ b/src/drivers/i2c/tpm/tpm.h @@ -56,4 +56,6 @@
tpm_result_t tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr);
+tis_sendrecv_fn i2c_tis_probe(enum tpm_family *family); + #endif /* __DRIVERS_TPM_SLB9635_I2C_TPM_H__ */ diff --git a/src/drivers/pc80/tpm/tis.c b/src/drivers/pc80/tpm/tis.c index 568065c6..f922714 100644 --- a/src/drivers/pc80/tpm/tis.c +++ b/src/drivers/pc80/tpm/tis.c @@ -24,7 +24,9 @@ #include <device/pnp.h> #include <drivers/tpm/tpm_ppi.h> #include <timer.h> + #include "chip.h" +#include "tpm.h"
#define PREFIX "lpc_tpm: "
@@ -374,7 +376,7 @@ * Returns TPM_SUCCESS on success (the device is found or was found during * an earlier invocation) or TPM_CB_FAIL if the device is not found. */ -static tpm_result_t pc80_tis_probe(enum tpm_family *family) +static tpm_result_t pc80_tpm_probe(enum tpm_family *family) { static enum tpm_family tpm_family;
@@ -718,7 +720,7 @@ }
/* - * tis_probe() + * pc80_tis_probe() * * Probe for the TPM device and set it up for use within locality 0. * @@ -726,9 +728,9 @@ * * Returns pointer to send-receive function on success or NULL on failure. */ -tis_sendrecv_fn tis_probe(enum tpm_family *family) +tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family) { - if (pc80_tis_probe(family)) + if (pc80_tpm_probe(family)) return NULL;
if (pc80_tis_open()) diff --git a/src/drivers/pc80/tpm/tpm.h b/src/drivers/pc80/tpm/tpm.h new file mode 100644 index 0000000..db71e03 --- /dev/null +++ b/src/drivers/pc80/tpm/tpm.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef DRIVERS_PC80_TPM_TPM_H +#define DRIVERS_PC80_TPM_TPM_H + +#include <security/tpm/tis.h> + +tis_sendrecv_fn pc80_tis_probe(enum tpm_family *family); + +#endif /* DRIVERS_PC80_TPM_TPM_H */ diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c index 89ea985..b954a12 100644 --- a/src/drivers/spi/tpm/tis.c +++ b/src/drivers/spi/tpm/tis.c @@ -40,7 +40,7 @@ return TPM_SUCCESS; }
-tis_sendrecv_fn tis_probe(enum tpm_family *family) +tis_sendrecv_fn spi_tis_probe(enum tpm_family *family) { struct spi_slave spi; struct tpm2_info info; diff --git a/src/drivers/spi/tpm/tpm.h b/src/drivers/spi/tpm/tpm.h index 0d238e8..d6e0e74 100644 --- a/src/drivers/spi/tpm/tpm.h +++ b/src/drivers/spi/tpm/tpm.h @@ -4,6 +4,7 @@ #define __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H
#include <drivers/tpm/cr50.h> +#include <security/tpm/tis.h> #include <security/tpm/tss_errors.h> #include <stddef.h> #include <spi-generic.h> @@ -44,4 +45,6 @@ /* Get information about previously initialized TPM device. */ void tpm2_get_info(struct tpm2_info *info);
+tis_sendrecv_fn spi_tis_probe(enum tpm_family *family); + #endif /* ! __COREBOOT_SRC_DRIVERS_SPI_TPM_TPM_H */ diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index 5eb5837..ea13fa4 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -4,14 +4,9 @@
menu "Trusted Platform Module"
-choice - prompt "Trusted Platform Module" - default TPM2 if MAINBOARD_HAS_TPM2 - default TPM1 if MAINBOARD_HAS_TPM1 - default NO_TPM - config NO_TPM - bool "No TPM" + bool + default y if !TPM1 && !TPM2 help No TPM support. Select this option if your system doesn't have a TPM, or if you don't want coreboot to communicate with your TPM in any way. @@ -21,19 +16,17 @@ config TPM1 bool "TPM 1.2" depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM - depends on !MAINBOARD_HAS_TPM2 + default y if MAINBOARD_HAS_TPM1 help Select this option if your TPM uses the older TPM 1.2 protocol.
config TPM2 bool "TPM 2.0" depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM - depends on !MAINBOARD_HAS_TPM1 + default y if MAINBOARD_HAS_TPM2 help Select this option if your TPM uses the newer TPM 2.0 protocol.
-endchoice - config TPM bool default y @@ -52,7 +45,7 @@ always uses the 2.0 protocol, and that it should be on by default.
config TPM_DEACTIVATE - bool "Deactivate TPM" + bool "Deactivate TPM (for TPM1)" default n depends on !VBOOT depends on TPM1 @@ -106,13 +99,13 @@ Custom coreboot-specific format of the log derived from TPM1 log format. config TPM_LOG_TPM1 bool "TPM 1.2 format" - depends on TPM1 + depends on TPM1 && !TPM2 help Log per TPM 1.2 specification. See "TCG PC Client Specific Implementation Specification for Conventional BIOS". config TPM_LOG_TPM2 bool "TPM 2.0 format" - depends on TPM2 + depends on TPM1 || TPM2 help Log per TPM 2.0 specification. See "TCG PC Client Platform Firmware Profile Specification". diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h index 4a8dc14..67ba911 100644 --- a/src/security/tpm/tis.h +++ b/src/security/tpm/tis.h @@ -54,8 +54,6 @@ size_t *recv_len);
/* - * tis_probe() - * * Probe for the TPM device and set it up for use within locality 0. * * @family - pointer which is set to TPM family of the device @@ -65,7 +63,7 @@ * Do not call this explicitly, it's meant to be used exclusively by TSS * implementation (tlcl_lib_init() function to be specific). */ -tis_sendrecv_fn tis_probe(enum tpm_family *family); +typedef tis_sendrecv_fn (*tis_probe_fn)(enum tpm_family *family);
/* * tis_vendor_write() diff --git a/src/security/tpm/tss/tss.c b/src/security/tpm/tss/tss.c index bd0e985..8e52de7 100644 --- a/src/security/tpm/tss/tss.c +++ b/src/security/tpm/tss/tss.c @@ -1,6 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */
#include <console/console.h> +#include <drivers/crb/tpm.h> +#include <drivers/i2c/tpm/tpm.h> +#include <drivers/pc80/tpm/tpm.h> +#include <drivers/spi/tpm/tpm.h> #include <security/tpm/tis.h> #include <security/tpm/tss.h>
@@ -24,13 +28,21 @@ /* Set right away to make recursion impossible. */ init_done = true;
- tlcl_tis_sendrecv = tis_probe(&tlcl_tpm_family); + tlcl_tis_sendrecv = NULL; + if (CONFIG(CRB_TPM)) + tlcl_tis_sendrecv = crb_tis_probe(&tlcl_tpm_family); + if (CONFIG(MEMORY_MAPPED_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = pc80_tis_probe(&tlcl_tpm_family); + if (CONFIG(I2C_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = i2c_tis_probe(&tlcl_tpm_family); + if (CONFIG(SPI_TPM) && tlcl_tis_sendrecv == NULL) + tlcl_tis_sendrecv = spi_tis_probe(&tlcl_tpm_family);
if (tlcl_tis_sendrecv == NULL) { - printk(BIOS_ERR, "%s: tis_probe failed\n", __func__); + printk(BIOS_ERR, "%s: TIS probe failed\n", __func__); tlcl_tpm_family = TPM_UNKNOWN; } else if (tlcl_tpm_family != TPM_1 && tlcl_tpm_family != TPM_2) { - printk(BIOS_ERR, "%s: tis_probe returned incorrect TPM family: %d\n", __func__, + printk(BIOS_ERR, "%s: TIS probe returned incorrect TPM family: %d\n", __func__, tlcl_tpm_family); tlcl_tpm_family = TPM_UNKNOWN; }