Issue #433 has been updated by Julius Werner.
If we want to do major changes to the TPM API I would prefer to use that opportunity to rather redesign it from scratch instead of perpetuating a bunch of weird design choices that haven't made sense in a while (or ever, really). A lot of that code was haphazardly copied from U-Boot in the early prototyping phase for TPM support and then never cleaned up or reevaluated to check if it actually makes any sense for coreboot.
For example, why do we have tis_init(), tis_open() and tis_close()? init() and open() are always called right after each other, and nothing in coreboot ever calls close(). The tpm_chip structure also makes no sense when it's just a container for tpm_vendor_specific where all the relevant things are stored in (and which isn't actually vendor-specific in all cases). The name "tis" (which technically stands for TPM Interface Specification) is also used in places where that descriptor doesn't actually make sense (to distinguish from the things just prefixed "tpm_").
For coreboot, the unifying TPM layer we have is in src/security/tss, specifically tpm_process_command() and tlcl_lib_init(). I don't think we really need any more interface-independent layers beneath that, those two can directly call into an init() and a sendrecv() implemented by the individual drivers (and those drivers can just keep what information they need in global variables because they're never instantiated more than once, no need for some complicated partially-common/partially-driver-specific structure construction). If you want to be able to enable more then one driver, then tlcl_lib_init() could call the init function for all of them and have the one that succeeds return a function pointer that is then used for sendrecv() or something like that.
---------------------------------------- Feature #433: Unify TPM drivers in coreboot https://ticket.coreboot.org/issues/433#change-1223
* Author: Michał Żygowski * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-24 ---------------------------------------- Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The motivation is to not build multiple coreboot ROMs for each possible TPM supported by the platform.
The tasks would include: - runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID) - rename the TPM driver functions, make them static and expose them as a driver structure, e.g.
struct tpm_driver { void (*init)(void); int (*open)(void); int (*close)(void); int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len); }
- based on the detected TPM, hook the tpm_driver functions to provide the global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional API to get vendor/device name could also be considered.