search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'pull-la-20220704' of https://gitlab.com/rth7680/qemu into staging
[qemu/rayw.git] / hw / tpm / tpm_tis_common.c
blob503be2a541d84ecaf17a69354d5f32c16565aea1
1 /*
2 * tpm_tis_common.c - QEMU's TPM TIS interface emulator
3 * device agnostic functions
4 *
5 * Copyright (C) 2006,2010-2013 IBM Corporation
6 *
7 * Authors:
8 * Stefan Berger <stefanb@us.ibm.com>
9 * David Safford <safford@us.ibm.com>
10 *
11 * Xen 4 support: Andrease Niederl <andreas.niederl@iaik.tugraz.at>
12 *
13 * This work is licensed under the terms of the GNU GPL, version 2 or later.
14 * See the COPYING file in the top-level directory.
15 *
16 * Implementation of the TIS interface according to specs found at
17 * http://www.trustedcomputinggroup.org. This implementation currently
18 * supports version 1.3, 21 March 2013
19 * In the developers menu choose the PC Client section then find the TIS
20 * specification.
21 *
22 * TPM TIS for TPM 2 implementation following TCG PC Client Platform
23 * TPM Profile (PTP) Specification, Familiy 2.0, Revision 00.43
24 */
25 #include "qemu/osdep.h"
26 #include "hw/irq.h"
27 #include "hw/isa/isa.h"
28 #include "qapi/error.h"
29 #include "qemu/module.h"
30
31 #include "hw/acpi/tpm.h"
32 #include "hw/pci/pci_ids.h"
33 #include "hw/qdev-properties.h"
34 #include "migration/vmstate.h"
35 #include "sysemu/tpm_backend.h"
36 #include "sysemu/tpm_util.h"
37 #include "tpm_ppi.h"
38 #include "trace.h"
39
40 #include "tpm_tis.h"
41
42 #define DEBUG_TIS 0
43
44 /* local prototypes */
45
46 static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
47 unsigned size);
48
49 /* utility functions */
50
51 static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
52 {
53 uint8_t locty;
54
55 locty = (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
56 assert(TPM_TIS_IS_VALID_LOCTY(locty));
57
58 return locty;
59 }
60
61
62 /*
63 * Set the given flags in the STS register by clearing the register but
64 * preserving the SELFTEST_DONE and TPM_FAMILY_MASK flags and then setting
65 * the new flags.
66 *
67 * The SELFTEST_DONE flag is acquired from the backend that determines it by
68 * peeking into TPM commands.
69 *
70 * A VM suspend/resume will preserve the flag by storing it into the VM
71 * device state, but the backend will not remember it when QEMU is started
72 * again. Therefore, we cache the flag here. Once set, it will not be unset
73 * except by a reset.
74 */
75 static void tpm_tis_sts_set(TPMLocality *l, uint32_t flags)
76 {
77 l->sts &= TPM_TIS_STS_SELFTEST_DONE | TPM_TIS_STS_TPM_FAMILY_MASK;
78 l->sts |= flags;
79 }
80
81 /*
82 * Send a request to the TPM.
83 */
84 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
85 {
86 tpm_util_show_buffer(s->buffer, s->be_buffer_size, "To TPM");
87
88 /*
89 * rw_offset serves as length indicator for length of data;
90 * it's reset when the response comes back
91 */
92 s->loc[locty].state = TPM_TIS_STATE_EXECUTION;
93
94 s->cmd = (TPMBackendCmd) {
95 .locty = locty,
96 .in = s->buffer,
97 .in_len = s->rw_offset,
98 .out = s->buffer,
99 .out_len = s->be_buffer_size,
100 };
101
102 tpm_backend_deliver_request(s->be_driver, &s->cmd);
103 }
104
105 /* raise an interrupt if allowed */
106 static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
107 {
108 if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
109 return;
110 }
111
112 if ((s->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
113 (s->loc[locty].inte & irqmask)) {
114 trace_tpm_tis_raise_irq(irqmask);
115 qemu_irq_raise(s->irq);
116 s->loc[locty].ints |= irqmask;
117 }
118 }
119
120 static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty)
121 {
122 uint8_t l;
123
124 for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
125 if (l == locty) {
126 continue;
127 }
128 if ((s->loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
129 return 1;
130 }
131 }
132
133 return 0;
134 }
135
136 static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
137 {
138 bool change = (s->active_locty != new_active_locty);
139 bool is_seize;
140 uint8_t mask;
141
142 if (change && TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
143 is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
144 s->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
145
146 if (is_seize) {
147 mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
148 } else {
149 mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY|
150 TPM_TIS_ACCESS_REQUEST_USE);
151 }
152 /* reset flags on the old active locality */
153 s->loc[s->active_locty].access &= mask;
154
155 if (is_seize) {
156 s->loc[s->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
157 }
158 }
159
160 s->active_locty = new_active_locty;
161
162 trace_tpm_tis_new_active_locality(s->active_locty);
163
164 if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
165 /* set flags on the new active locality */
166 s->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
167 s->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
168 TPM_TIS_ACCESS_SEIZE);
169 }
170
171 if (change) {
172 tpm_tis_raise_irq(s, s->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);
173 }
174 }
175
176 /* abort -- this function switches the locality */
177 static void tpm_tis_abort(TPMState *s)
178 {
179 s->rw_offset = 0;
180
181 trace_tpm_tis_abort(s->next_locty);
182
183 /*
184 * Need to react differently depending on who's aborting now and
185 * which locality will become active afterwards.
186 */
187 if (s->aborting_locty == s->next_locty) {
188 s->loc[s->aborting_locty].state = TPM_TIS_STATE_READY;
189 tpm_tis_sts_set(&s->loc[s->aborting_locty],
190 TPM_TIS_STS_COMMAND_READY);
191 tpm_tis_raise_irq(s, s->aborting_locty, TPM_TIS_INT_COMMAND_READY);
192 }
193
194 /* locality after abort is another one than the current one */
195 tpm_tis_new_active_locality(s, s->next_locty);
196
197 s->next_locty = TPM_TIS_NO_LOCALITY;
198 /* nobody's aborting a command anymore */
199 s->aborting_locty = TPM_TIS_NO_LOCALITY;
200 }
201
202 /* prepare aborting current command */
203 static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty)
204 {
205 uint8_t busy_locty;
206
207 assert(TPM_TIS_IS_VALID_LOCTY(newlocty));
208
209 s->aborting_locty = locty; /* may also be TPM_TIS_NO_LOCALITY */
210 s->next_locty = newlocty; /* locality after successful abort */
211
212 /*
213 * only abort a command using an interrupt if currently executing
214 * a command AND if there's a valid connection to the vTPM.
215 */
216 for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) {
217 if (s->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) {
218 /*
219 * request the backend to cancel. Some backends may not
220 * support it
221 */
222 tpm_backend_cancel_cmd(s->be_driver);
223 return;
224 }
225 }
226
227 tpm_tis_abort(s);
228 }
229
230 /*
231 * Callback from the TPM to indicate that the response was received.
232 */
233 void tpm_tis_request_completed(TPMState *s, int ret)
234 {
235 uint8_t locty = s->cmd.locty;
236 uint8_t l;
237
238 assert(TPM_TIS_IS_VALID_LOCTY(locty));
239
240 if (s->cmd.selftest_done) {
241 for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
242 s->loc[l].sts |= TPM_TIS_STS_SELFTEST_DONE;
243 }
244 }
245
246 /* FIXME: report error if ret != 0 */
247 tpm_tis_sts_set(&s->loc[locty],
248 TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
249 s->loc[locty].state = TPM_TIS_STATE_COMPLETION;
250 s->rw_offset = 0;
251
252 tpm_util_show_buffer(s->buffer, s->be_buffer_size, "From TPM");
253
254 if (TPM_TIS_IS_VALID_LOCTY(s->next_locty)) {
255 tpm_tis_abort(s);
256 }
257
258 tpm_tis_raise_irq(s, locty,
259 TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
260 }
261
262 /*
263 * Read a byte of response data
264 */
265 static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty)
266 {
267 uint32_t ret = TPM_TIS_NO_DATA_BYTE;
268 uint16_t len;
269
270 if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
271 len = MIN(tpm_cmd_get_size(&s->buffer),
272 s->be_buffer_size);
273
274 ret = s->buffer[s->rw_offset++];
275 if (s->rw_offset >= len) {
276 /* got last byte */
277 tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
278 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
279 }
280 trace_tpm_tis_data_read(ret, s->rw_offset - 1);
281 }
282
283 return ret;
284 }
285
286 #ifdef DEBUG_TIS
287 static void tpm_tis_dump_state(TPMState *s, hwaddr addr)
288 {
289 static const unsigned regs[] = {
290 TPM_TIS_REG_ACCESS,
291 TPM_TIS_REG_INT_ENABLE,
292 TPM_TIS_REG_INT_VECTOR,
293 TPM_TIS_REG_INT_STATUS,
294 TPM_TIS_REG_INTF_CAPABILITY,
295 TPM_TIS_REG_STS,
296 TPM_TIS_REG_DID_VID,
297 TPM_TIS_REG_RID,
298 0xfff};
299 int idx;
300 uint8_t locty = tpm_tis_locality_from_addr(addr);
301 hwaddr base = addr & ~0xfff;
302
303 printf("tpm_tis: active locality : %d\n"
304 "tpm_tis: state of locality %d : %d\n"
305 "tpm_tis: register dump:\n",
306 s->active_locty,
307 locty, s->loc[locty].state);
308
309 for (idx = 0; regs[idx] != 0xfff; idx++) {
310 printf("tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
311 (int)tpm_tis_mmio_read(s, base + regs[idx], 4));
312 }
313
314 printf("tpm_tis: r/w offset : %d\n"
315 "tpm_tis: result buffer : ",
316 s->rw_offset);
317 for (idx = 0;
318 idx < MIN(tpm_cmd_get_size(&s->buffer), s->be_buffer_size);
319 idx++) {
320 printf("%c%02x%s",
321 s->rw_offset == idx ? '>' : ' ',
322 s->buffer[idx],
323 ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : "");
324 }
325 printf("\n");
326 }
327 #endif
328
329 /*
330 * Read a register of the TIS interface
331 * See specs pages 33-63 for description of the registers
332 */
333 static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
334 unsigned size)
335 {
336 TPMState *s = opaque;
337 uint16_t offset = addr & 0xffc;
338 uint8_t shift = (addr & 0x3) * 8;
339 uint32_t val = 0xffffffff;
340 uint8_t locty = tpm_tis_locality_from_addr(addr);
341 uint32_t avail;
342 uint8_t v;
343
344 if (tpm_backend_had_startup_error(s->be_driver)) {
345 return 0;
346 }
347
348 switch (offset) {
349 case TPM_TIS_REG_ACCESS:
350 /* never show the SEIZE flag even though we use it internally */
351 val = s->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE;
352 /* the pending flag is always calculated */
353 if (tpm_tis_check_request_use_except(s, locty)) {
354 val |= TPM_TIS_ACCESS_PENDING_REQUEST;
355 }
356 val |= !tpm_backend_get_tpm_established_flag(s->be_driver);
357 break;
358 case TPM_TIS_REG_INT_ENABLE:
359 val = s->loc[locty].inte;
360 break;
361 case TPM_TIS_REG_INT_VECTOR:
362 val = s->irq_num;
363 break;
364 case TPM_TIS_REG_INT_STATUS:
365 val = s->loc[locty].ints;
366 break;
367 case TPM_TIS_REG_INTF_CAPABILITY:
368 switch (s->be_tpm_version) {
369 case TPM_VERSION_UNSPEC:
370 val = 0;
371 break;
372 case TPM_VERSION_1_2:
373 val = TPM_TIS_CAPABILITIES_SUPPORTED1_3;
374 break;
375 case TPM_VERSION_2_0:
376 val = TPM_TIS_CAPABILITIES_SUPPORTED2_0;
377 break;
378 }
379 break;
380 case TPM_TIS_REG_STS:
381 if (s->active_locty == locty) {
382 if ((s->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) {
383 val = TPM_TIS_BURST_COUNT(
384 MIN(tpm_cmd_get_size(&s->buffer),
385 s->be_buffer_size)
386 - s->rw_offset) | s->loc[locty].sts;
387 } else {
388 avail = s->be_buffer_size - s->rw_offset;
389 /*
390 * byte-sized reads should not return 0x00 for 0x100
391 * available bytes.
392 */
393 if (size == 1 && avail > 0xff) {
394 avail = 0xff;
395 }
396 val = TPM_TIS_BURST_COUNT(avail) | s->loc[locty].sts;
397 }
398 }
399 break;
400 case TPM_TIS_REG_DATA_FIFO:
401 case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
402 if (s->active_locty == locty) {
403 if (size > 4 - (addr & 0x3)) {
404 /* prevent access beyond FIFO */
405 size = 4 - (addr & 0x3);
406 }
407 val = 0;
408 shift = 0;
409 while (size > 0) {
410 switch (s->loc[locty].state) {
411 case TPM_TIS_STATE_COMPLETION:
412 v = tpm_tis_data_read(s, locty);
413 break;
414 default:
415 v = TPM_TIS_NO_DATA_BYTE;
416 break;
417 }
418 val |= (v << shift);
419 shift += 8;
420 size--;
421 }
422 shift = 0; /* no more adjustments */
423 }
424 break;
425 case TPM_TIS_REG_INTERFACE_ID:
426 val = s->loc[locty].iface_id;
427 break;
428 case TPM_TIS_REG_DID_VID:
429 val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID;
430 break;
431 case TPM_TIS_REG_RID:
432 val = TPM_TIS_TPM_RID;
433 break;
434 #ifdef DEBUG_TIS
435 case TPM_TIS_REG_DEBUG:
436 tpm_tis_dump_state(s, addr);
437 break;
438 #endif
439 }
440
441 if (shift) {
442 val >>= shift;
443 }
444
445 trace_tpm_tis_mmio_read(size, addr, val);
446
447 return val;
448 }
449
450 /*
451 * Write a value to a register of the TIS interface
452 * See specs pages 33-63 for description of the registers
453 */
454 static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
455 uint64_t val, unsigned size)
456 {
457 TPMState *s = opaque;
458 uint16_t off = addr & 0xffc;
459 uint8_t shift = (addr & 0x3) * 8;
460 uint8_t locty = tpm_tis_locality_from_addr(addr);
461 uint8_t active_locty, l;
462 int c, set_new_locty = 1;
463 uint16_t len;
464 uint32_t mask = (size == 1) ? 0xff : ((size == 2) ? 0xffff : ~0);
465
466 trace_tpm_tis_mmio_write(size, addr, val);
467
468 if (locty == 4) {
469 trace_tpm_tis_mmio_write_locty4();
470 return;
471 }
472
473 if (tpm_backend_had_startup_error(s->be_driver)) {
474 return;
475 }
476
477 val &= mask;
478
479 if (shift) {
480 val <<= shift;
481 mask <<= shift;
482 }
483
484 mask ^= 0xffffffff;
485
486 switch (off) {
487 case TPM_TIS_REG_ACCESS:
488
489 if ((val & TPM_TIS_ACCESS_SEIZE)) {
490 val &= ~(TPM_TIS_ACCESS_REQUEST_USE |
491 TPM_TIS_ACCESS_ACTIVE_LOCALITY);
492 }
493
494 active_locty = s->active_locty;
495
496 if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) {
497 /* give up locality if currently owned */
498 if (s->active_locty == locty) {
499 trace_tpm_tis_mmio_write_release_locty(locty);
500
501 uint8_t newlocty = TPM_TIS_NO_LOCALITY;
502 /* anybody wants the locality ? */
503 for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) {
504 if ((s->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) {
505 trace_tpm_tis_mmio_write_locty_req_use(c);
506 newlocty = c;
507 break;
508 }
509 }
510 trace_tpm_tis_mmio_write_next_locty(newlocty);
511
512 if (TPM_TIS_IS_VALID_LOCTY(newlocty)) {
513 set_new_locty = 0;
514 tpm_tis_prep_abort(s, locty, newlocty);
515 } else {
516 active_locty = TPM_TIS_NO_LOCALITY;
517 }
518 } else {
519 /* not currently the owner; clear a pending request */
520 s->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE;
521 }
522 }
523
524 if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) {
525 s->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED;
526 }
527
528 if ((val & TPM_TIS_ACCESS_SEIZE)) {
529 /*
530 * allow seize if a locality is active and the requesting
531 * locality is higher than the one that's active
532 * OR
533 * allow seize for requesting locality if no locality is
534 * active
535 */
536 while ((TPM_TIS_IS_VALID_LOCTY(s->active_locty) &&
537 locty > s->active_locty) ||
538 !TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
539 bool higher_seize = false;
540
541 /* already a pending SEIZE ? */
542 if ((s->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) {
543 break;
544 }
545
546 /* check for ongoing seize by a higher locality */
547 for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) {
548 if ((s->loc[l].access & TPM_TIS_ACCESS_SEIZE)) {
549 higher_seize = true;
550 break;
551 }
552 }
553
554 if (higher_seize) {
555 break;
556 }
557
558 /* cancel any seize by a lower locality */
559 for (l = 0; l < locty; l++) {
560 s->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
561 }
562
563 s->loc[locty].access |= TPM_TIS_ACCESS_SEIZE;
564
565 trace_tpm_tis_mmio_write_locty_seized(locty, s->active_locty);
566 trace_tpm_tis_mmio_write_init_abort();
567
568 set_new_locty = 0;
569 tpm_tis_prep_abort(s, s->active_locty, locty);
570 break;
571 }
572 }
573
574 if ((val & TPM_TIS_ACCESS_REQUEST_USE)) {
575 if (s->active_locty != locty) {
576 if (TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
577 s->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE;
578 } else {
579 /* no locality active -> make this one active now */
580 active_locty = locty;
581 }
582 }
583 }
584
585 if (set_new_locty) {
586 tpm_tis_new_active_locality(s, active_locty);
587 }
588
589 break;
590 case TPM_TIS_REG_INT_ENABLE:
591 if (s->active_locty != locty) {
592 break;
593 }
594
595 s->loc[locty].inte &= mask;
596 s->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
597 TPM_TIS_INT_POLARITY_MASK |
598 TPM_TIS_INTERRUPTS_SUPPORTED));
599 break;
600 case TPM_TIS_REG_INT_VECTOR:
601 /* hard wired -- ignore */
602 break;
603 case TPM_TIS_REG_INT_STATUS:
604 if (s->active_locty != locty) {
605 break;
606 }
607
608 /* clearing of interrupt flags */
609 if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
610 (s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
611 s->loc[locty].ints &= ~val;
612 if (s->loc[locty].ints == 0) {
613 qemu_irq_lower(s->irq);
614 trace_tpm_tis_mmio_write_lowering_irq();
615 }
616 }
617 s->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED);
618 break;
619 case TPM_TIS_REG_STS:
620 if (s->active_locty != locty) {
621 break;
622 }
623
624 if (s->be_tpm_version == TPM_VERSION_2_0) {
625 /* some flags that are only supported for TPM 2 */
626 if (val & TPM_TIS_STS_COMMAND_CANCEL) {
627 if (s->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
628 /*
629 * request the backend to cancel. Some backends may not
630 * support it
631 */
632 tpm_backend_cancel_cmd(s->be_driver);
633 }
634 }
635
636 if (val & TPM_TIS_STS_RESET_ESTABLISHMENT_BIT) {
637 if (locty == 3 || locty == 4) {
638 tpm_backend_reset_tpm_established_flag(s->be_driver, locty);
639 }
640 }
641 }
642
643 val &= (TPM_TIS_STS_COMMAND_READY | TPM_TIS_STS_TPM_GO |
644 TPM_TIS_STS_RESPONSE_RETRY);
645
646 if (val == TPM_TIS_STS_COMMAND_READY) {
647 switch (s->loc[locty].state) {
648
649 case TPM_TIS_STATE_READY:
650 s->rw_offset = 0;
651 break;
652
653 case TPM_TIS_STATE_IDLE:
654 tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_COMMAND_READY);
655 s->loc[locty].state = TPM_TIS_STATE_READY;
656 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
657 break;
658
659 case TPM_TIS_STATE_EXECUTION:
660 case TPM_TIS_STATE_RECEPTION:
661 /* abort currently running command */
662 trace_tpm_tis_mmio_write_init_abort();
663 tpm_tis_prep_abort(s, locty, locty);
664 break;
665
666 case TPM_TIS_STATE_COMPLETION:
667 s->rw_offset = 0;
668 /* shortcut to ready state with C/R set */
669 s->loc[locty].state = TPM_TIS_STATE_READY;
670 if (!(s->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) {
671 tpm_tis_sts_set(&s->loc[locty],
672 TPM_TIS_STS_COMMAND_READY);
673 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY);
674 }
675 s->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE);
676 break;
677
678 }
679 } else if (val == TPM_TIS_STS_TPM_GO) {
680 switch (s->loc[locty].state) {
681 case TPM_TIS_STATE_RECEPTION:
682 if ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) {
683 tpm_tis_tpm_send(s, locty);
684 }
685 break;
686 default:
687 /* ignore */
688 break;
689 }
690 } else if (val == TPM_TIS_STS_RESPONSE_RETRY) {
691 switch (s->loc[locty].state) {
692 case TPM_TIS_STATE_COMPLETION:
693 s->rw_offset = 0;
694 tpm_tis_sts_set(&s->loc[locty],
695 TPM_TIS_STS_VALID|
696 TPM_TIS_STS_DATA_AVAILABLE);
697 break;
698 default:
699 /* ignore */
700 break;
701 }
702 }
703 break;
704 case TPM_TIS_REG_DATA_FIFO:
705 case TPM_TIS_REG_DATA_XFIFO ... TPM_TIS_REG_DATA_XFIFO_END:
706 /* data fifo */
707 if (s->active_locty != locty) {
708 break;
709 }
710
711 if (s->loc[locty].state == TPM_TIS_STATE_IDLE ||
712 s->loc[locty].state == TPM_TIS_STATE_EXECUTION ||
713 s->loc[locty].state == TPM_TIS_STATE_COMPLETION) {
714 /* drop the byte */
715 } else {
716 trace_tpm_tis_mmio_write_data2send(val, size);
717 if (s->loc[locty].state == TPM_TIS_STATE_READY) {
718 s->loc[locty].state = TPM_TIS_STATE_RECEPTION;
719 tpm_tis_sts_set(&s->loc[locty],
720 TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
721 }
722
723 val >>= shift;
724 if (size > 4 - (addr & 0x3)) {
725 /* prevent access beyond FIFO */
726 size = 4 - (addr & 0x3);
727 }
728
729 while ((s->loc[locty].sts & TPM_TIS_STS_EXPECT) && size > 0) {
730 if (s->rw_offset < s->be_buffer_size) {
731 s->buffer[s->rw_offset++] =
732 (uint8_t)val;
733 val >>= 8;
734 size--;
735 } else {
736 tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
737 }
738 }
739
740 /* check for complete packet */
741 if (s->rw_offset > 5 &&
742 (s->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
743 /* we have a packet length - see if we have all of it */
744 bool need_irq = !(s->loc[locty].sts & TPM_TIS_STS_VALID);
745
746 len = tpm_cmd_get_size(&s->buffer);
747 if (len > s->rw_offset) {
748 tpm_tis_sts_set(&s->loc[locty],
749 TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID);
750 } else {
751 /* packet complete */
752 tpm_tis_sts_set(&s->loc[locty], TPM_TIS_STS_VALID);
753 }
754 if (need_irq) {
755 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
756 }
757 }
758 }
759 break;
760 case TPM_TIS_REG_INTERFACE_ID:
761 if (val & TPM_TIS_IFACE_ID_INT_SEL_LOCK) {
762 for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
763 s->loc[l].iface_id |= TPM_TIS_IFACE_ID_INT_SEL_LOCK;
764 }
765 }
766 break;
767 }
768 }
769
770 const MemoryRegionOps tpm_tis_memory_ops = {
771 .read = tpm_tis_mmio_read,
772 .write = tpm_tis_mmio_write,
773 .endianness = DEVICE_LITTLE_ENDIAN,
774 .valid = {
775 .min_access_size = 1,
776 .max_access_size = 4,
777 },
778 };
779
780 /*
781 * Get the TPMVersion of the backend device being used
782 */
783 enum TPMVersion tpm_tis_get_tpm_version(TPMState *s)
784 {
785 if (tpm_backend_had_startup_error(s->be_driver)) {
786 return TPM_VERSION_UNSPEC;
787 }
788
789 return tpm_backend_get_tpm_version(s->be_driver);
790 }
791
792 /*
793 * This function is called when the machine starts, resets or due to
794 * S3 resume.
795 */
796 void tpm_tis_reset(TPMState *s)
797 {
798 int c;
799
800 s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver);
801 s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->be_driver),
802 TPM_TIS_BUFFER_MAX);
803
804 if (s->ppi_enabled) {
805 tpm_ppi_reset(&s->ppi);
806 }
807 tpm_backend_reset(s->be_driver);
808
809 s->active_locty = TPM_TIS_NO_LOCALITY;
810 s->next_locty = TPM_TIS_NO_LOCALITY;
811 s->aborting_locty = TPM_TIS_NO_LOCALITY;
812
813 for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) {
814 s->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS;
815 switch (s->be_tpm_version) {
816 case TPM_VERSION_UNSPEC:
817 break;
818 case TPM_VERSION_1_2:
819 s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY1_2;
820 s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
821 break;
822 case TPM_VERSION_2_0:
823 s->loc[c].sts = TPM_TIS_STS_TPM_FAMILY2_0;
824 s->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS2_0;
825 break;
826 }
827 s->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL;
828 s->loc[c].ints = 0;
829 s->loc[c].state = TPM_TIS_STATE_IDLE;
830
831 s->rw_offset = 0;
832 }
833
834 if (tpm_backend_startup_tpm(s->be_driver, s->be_buffer_size) < 0) {
835 exit(1);
836 }
837 }
838
839 /* persistent state handling */
840
841 int tpm_tis_pre_save(TPMState *s)
842 {
843 uint8_t locty = s->active_locty;
844
845 trace_tpm_tis_pre_save(locty, s->rw_offset);
846
847 if (DEBUG_TIS) {
848 tpm_tis_dump_state(s, 0);
849 }
850
851 /*
852 * Synchronize with backend completion.
853 */
854 tpm_backend_finish_sync(s->be_driver);
855
856 return 0;
857 }
858
859 const VMStateDescription vmstate_locty = {
860 .name = "tpm-tis/locty",
861 .version_id = 0,
862 .fields = (VMStateField[]) {
863 VMSTATE_UINT32(state, TPMLocality),
864 VMSTATE_UINT32(inte, TPMLocality),
865 VMSTATE_UINT32(ints, TPMLocality),
866 VMSTATE_UINT8(access, TPMLocality),
867 VMSTATE_UINT32(sts, TPMLocality),
868 VMSTATE_UINT32(iface_id, TPMLocality),
869 VMSTATE_END_OF_LIST(),
870 }
871 };
872
Ray Wang's QEMU Repository