On Thu, Jul 08, 2021 at 11:42:29AM +0200, Heinrich Schuchardt wrote:
> On 08.07.21 10:23, Ilias Apalodimas wrote:
> > Add support for devices that expose a TPMv2 though MMIO.
> > Apart from those devices, we can use the driver in our QEMU setups and
> > test TPM related code which is difficult to achieve using the sandbox
> > driver (e.g test the EFI TCG2 protocol).
> >
> > It's worth noting that a previous patch added TPMv2 TIS core functions,
> > which the current driver is consuming.
> >
> > Signed-off-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
>
> There should be a defconfig using the driver to ensure that it is built
> in CI. As you want to use the driver for testing with QEMU let that be
> qemu_arm64_defconfig and qemu_arm_defconfig (we should build both 64bit
> and 32bit).
>
> A paragraph in doc/board/emulation/qemu-arm.rst indicating how to
> emulate a TPM would be helpful.
>
> I think information like the following is needed:
>
> To emulate a TPM the swtpm package may be used. It can be built from the
> following repositories:
>
> https://github.com/stefanberger/libtpms.git
> https://github.com/stefanberger/swtpm.git
>
> Swtpm provides a socket for the TPM emulation which can be consumed by QEMU.
>
> In a first console invoke swtpm:
>
> swtpm socket --tpmstate dir=/tmp/mytpm1 \
> --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock --log level=20
>
> In a second console invoke qemu-system-aarch64 with
>
> -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> -tpmdev emulator,id=tpm0,chardev=chrtpm \
> -device tpm-tis-device,tpmdev=tpm0
>
> To use the TPM emulation U-Boot must be compiled with
>
> ???
Text looks good to me. I'll send a v4 with the defconfigs + help included
Thanks
/Ilias
>
> Best regards
>
> Heinrich
>
> > ---
> > drivers/tpm/Kconfig | 9 +++
> > drivers/tpm/Makefile | 1 +
> > drivers/tpm/tpm2_tis_mmio.c | 156 ++++++++++++++++++++++++++++++++++++
> > 3 files changed, 166 insertions(+)
> > create mode 100644 drivers/tpm/tpm2_tis_mmio.c
> >
> > diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> > index 9eebab5cfd90..406ee8716e1e 100644
> > --- a/drivers/tpm/Kconfig
> > +++ b/drivers/tpm/Kconfig
> > @@ -161,6 +161,15 @@ config TPM2_FTPM_TEE
> > help
> > This driver supports firmware TPM running in TEE.
> >
> > +config TPM2_MMIO
> > + bool "MMIO based TPM2 Interface"
> > + depends on TPM_V2
> > + help
> > + This driver supports firmware TPM2.0 MMIO interface.
> > + The usual TPM operations and the 'tpm' command can be used to talk
> > + to the device using the standard TPM Interface Specification (TIS)
> > + protocol.
> > +
> > endif # TPM_V2
> >
> > endmenu
> > diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
> > index f64d20067f88..1065c1874f58 100644
> > --- a/drivers/tpm/Makefile
> > +++ b/drivers/tpm/Makefile
> > @@ -14,3 +14,4 @@ obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o
> > obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o
> > obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
> > obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o
> > +obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o
> > diff --git a/drivers/tpm/tpm2_tis_mmio.c b/drivers/tpm/tpm2_tis_mmio.c
> > new file mode 100644
> > index 000000000000..2183a2807162
> > --- /dev/null
> > +++ b/drivers/tpm/tpm2_tis_mmio.c
> > @@ -0,0 +1,156 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * driver for mmio TCG/TIS TPM (trusted platform module).
> > + *
> > + * Specifications at www.trustedcomputinggroup.org
> > + */
> > +
> > +#include <common.h>
> > +#include <dm.h>
> > +#include <log.h>
> > +#include <tpm-v2.h>
> > +#include <linux/bitops.h>
> > +#include <linux/compiler.h>
> > +#include <linux/delay.h>
> > +#include <linux/errno.h>
> > +#include <linux/types.h>
> > +#include <linux/io.h>
> > +#include <linux/unaligned/be_byteshift.h>
> > +#include "tpm_tis.h"
> > +#include "tpm_internal.h"
> > +
> > +struct tpm_tis_chip_data {
> > + unsigned int pcr_count;
> > + unsigned int pcr_select_min;
> > + unsigned int time_before_first_cmd_ms;
> > + void __iomem *iobase;
> > +};
> > +
> > +static int mmio_read_bytes(struct udevice *udev, u32 addr, u16 len,
> > + u8 *result)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + while (len--)
> > + *result++ = ioread8(drv_data->iobase + addr);
> > + return 0;
> > +}
> > +
> > +static int mmio_write_bytes(struct udevice *udev, u32 addr, u16 len,
> > + const u8 *value)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + while (len--)
> > + iowrite8(*value++, drv_data->iobase + addr);
> > + return 0;
> > +}
> > +
> > +static int mmio_read16(struct udevice *udev, u32 addr, u16 *result)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + *result = ioread16(drv_data->iobase + addr);
> > + return 0;
> > +}
> > +
> > +static int mmio_read32(struct udevice *udev, u32 addr, u32 *result)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + *result = ioread32(drv_data->iobase + addr);
> > + return 0;
> > +}
> > +
> > +static int mmio_write32(struct udevice *udev, u32 addr, u32 value)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + iowrite32(value, drv_data->iobase + addr);
> > + return 0;
> > +}
> > +
> > +static struct tpm_tis_phy_ops phy_ops = {
> > + .read_bytes = mmio_read_bytes,
> > + .write_bytes = mmio_write_bytes,
> > + .read16 = mmio_read16,
> > + .read32 = mmio_read32,
> > + .write32 = mmio_write32,
> > +};
> > +
> > +static int tpm_tis_probe(struct udevice *udev)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > + struct tpm_chip_priv *priv = dev_get_uclass_priv(udev);
> > + int ret = 0;
> > + fdt_addr_t ioaddr;
> > + u64 sz;
> > +
> > + ioaddr = dev_read_addr(udev);
> > + if (ioaddr == FDT_ADDR_T_NONE)
> > + return -EINVAL;
> > +
> > + ret = dev_read_u64(udev, "reg", &sz);
> > + if (ret)
> > + return -EINVAL;
> > +
> > + drv_data->iobase = ioremap(ioaddr, sz);
> > + log_info("Remapped TPM2 base: 0x%llx size: 0x%llx\n", ioaddr, sz);
> > + tpm_tis_ops_register(udev, &phy_ops);
> > + ret = tpm_tis_init(udev);
> > + if (ret)
> > + goto iounmap;
> > +
> > + priv->pcr_count = drv_data->pcr_count;
> > + priv->pcr_select_min = drv_data->pcr_select_min;
> > + /*
> > + * Although the driver probably works with a TPMv1 our Kconfig
> > + * limits the driver to TPMv2 only
> > + */
> > + priv->version = TPM_V2;
> > +
> > + return ret;
> > +iounmap:
> > + iounmap(drv_data->iobase);
> > + return -EINVAL;
> > +}
> > +
> > +static int tpm_tis_remove(struct udevice *udev)
> > +{
> > + struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > + iounmap(drv_data->iobase);
> > + return tpm_tis_cleanup(udev);
> > +}
> > +
> > +static const struct tpm_ops tpm_tis_ops = {
> > + .open = tpm_tis_open,
> > + .close = tpm_tis_close,
> > + .get_desc = tpm_tis_get_desc,
> > + .send = tpm_tis_send,
> > + .recv = tpm_tis_recv,
> > + .cleanup = tpm_tis_cleanup,
> > +};
> > +
> > +static const struct tpm_tis_chip_data tpm_tis_std_chip_data = {
> > + .pcr_count = 24,
> > + .pcr_select_min = 3,
> > +};
> > +
> > +static const struct udevice_id tpm_tis_ids[] = {
> > + {
> > + .compatible = "tcg,tpm-tis-mmio",
> > + .data = (ulong)&tpm_tis_std_chip_data,
> > + },
> > + { }
> > +};
> > +
> > +U_BOOT_DRIVER(tpm_tis_mmio) = {
> > + .name = "tpm_tis_mmio",
> > + .id = UCLASS_TPM,
> > + .of_match = tpm_tis_ids,
> > + .ops = &tpm_tis_ops,
> > + .probe = tpm_tis_probe,
> > + .remove = tpm_tis_remove,
> > + .priv_auto = sizeof(struct tpm_chip),
> > +};
> >
