Update this to use log_debug() instead of the old debug().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present the security chip is not used in these U-Boot phases. Update
the Makefile to exclude it.
Fix a few logging statements while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use CONFIG_IS_ENABLED() macro, which provides more convenient
way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs
for both SPL and U-Boot proper.
CONFIG_IS_ENABLED(DM_I2C) expands to:
- 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y',
- 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y',
- 0 otherwise.
All occurences were replaced automatically using these bash cmds:
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Update the TPM description to include the interrupt mechanicm since this
is useful to know. Also add a warning if the TPM cannot be found and a
debug line if it succeeds.
Signed-off-by: Simon Glass <sjg@chromium.org>
When the Cr50 starts up it doesn't have a valid locality. The driver sets
it to -1 to indicate that. Tracking this allows cr50_i2c_cleanup() to
avoid releasing a locality that was not claimed.
However the helper functions that generate the flags use a u8 type which
cannot support -1, so they return a locality of 0xff.
Fix this by updating the type. With this, 'tpm startup TPM2_SU_CLEAR'
works as expected.
Signed-off-by: Simon Glass <sjg@chromium.org>
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.
Signed-off-by: Simon Glass <sjg@chromium.org>
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is no need for GD to be used and priv variable is unused.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When using OF_PLATDATA, the bind process between devices and drivers
is performed trying to match compatible string with driver names.
However driver names are not strictly defined, and also there are different
names used when declaring a driver with U_BOOT_DRIVER, the name of the
symbol used in the linker list and the used in the struct driver_info.
In order to make things a bit more clear, rename the drivers names. This
will also help for further OF_PLATDATA improvements, such as checking
for valid driver names.
Signed-off-by: Walter Lozano <walter.lozano@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a fix for sandbox of-platdata to avoid using an invalid ANSI colour:
Signed-off-by: Simon Glass <sjg@chromium.org>
tpm_tis_spi.c directly includes tpm_tis.h and tpm-v2.h which both
define the same enums (see e.g. TPM_ACCESS_VALID). Add an #ifndef to
prevent redeclaration errors.
Signed-off-by: Johannes Holland <johannes.holland@infineon.com>
This solves a compatibility issue with Linux device trees
that contain TPMv2.x hardware. So it's easier to import DTS
from upstream kernel when migrating board init from C code
to DTS.
The issue is that fallback binding is different between Linux
and u-Boot.
Linux: "tcg,tpm_tis-spi"
U-Boot: "tis,tpm2-spi"
As there are currently no in-tree users of the U-Boot binding,
it makes sense to use Linux fallback binding.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present the cleanup() method is called on every transfer. It should
only be called on failing transfers. Fix this and tidy up the error
handling a little.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This device should use ready-gpios rather than ready-gpio. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present the cr50 driver claims the locality and does not release it for
Linux. This causes problems. Fix this by tracking what is claimed, and
adding a 'remove' method.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl48iogACgkQfxc6PpAI
reaVzAf/an3/yKe6r3CVWlcRV6H/dVg1ApnnLpX7jS0p0b++oCVvOiy7z1WPXj3k
b1SSgENDeeZ/8EHio+Gf7ZidH/TGEj7L6YEFwd1t60GMkZiWEkNf4Z53tw482YG+
96hoPD+ySTW+ddIdVHWAFG2I4aEiKHANJAp/ItNdD+rLbrEwNQy+eiK5JTOk80B6
/X8AJCLZeAC1s7vs+2+WolgjT78QGzA9HHalMiublcqh0ivKKk0QeQiOKKPe8JYJ
om5YY1TxayQ60Xmo5f39/SBfzEEklxw83sU9o1tBeYzyVUpu7fQdkxiDbWdsij77
DgwLdeYQJGbN+hdSWE0gjTqyhW+lWA==
=KRoA
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-6feb20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm
sandbox conversion to SDL2
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
H1 is a Google security chip present in recent Chromebooks, Pixel phones
and other devices. Cr50 is the name of the software that runs on H1 in
Chromebooks.
This chip is used to handle TPM-like functionality and also has quite a
few additional features.
Add a driver for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present if CONFIG_SPL_GPIO_SUPPORT is enabled then the GPIO uclass
is included in SPL/TPL without any control for boards. Some boards may
want to disable this to reduce code size where GPIOs are not needed in
SPL or TPL.
Add a new Kconfig option to permit this. Default it to 'y' so that
existing boards work correctly.
Change existing uses of CONFIG_DM_GPIO to CONFIG_IS_ENABLED(DM_GPIO) to
preserve the current behaviour. Also update the 74x164 GPIO driver since
it cannot build with SPL.
This allows us to remove the hacks in config_uncmd_spl.h and
Makefile.uncmd_spl (eventually those files should be removed).
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The reset function sets the pin to 0 then 1 but if the pin is marked
ACTIVE_LOW in the DT it gets inverted and leaves the TPM in reset.
Let the gpio driver take care of the reset polarity.
Signed-off-by: Kayla Theil <kayla.theil@mixed-mode.de>
The TPM specification says that the EXPECT_DATA bit is not valid until
the VALID bit is set. Wait for that bit to be set. Fixes problems with
Ifineon SPI TPM.
Signed-off-by: Roman Kapl <rka@sysgo.com>
At present these functions are not accessible outside the TPM library, but
in some cases we need to call them. Export them in the header file and add
a define for the SHA1 digest size.
Also adjust tpm_open() to call tpm_close() first so that the TPM is in a
known state before opening (e.g. by a previous phase of U-Boot).
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not normally useful, so change the code to avoid writing out every
data package. This can be enabled with #define DEBUG.
Signed-off-by: Simon Glass <sjg@chromium.org>
Adjust the TPM drivers to use livetree (only one does not). Also,
sometimes TPMs can have child devices if they provide a service to the
system (such as storing secure data), so permit that.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we pass around a private pointer to specify the cros_ec device.
With driver model it makes more sense to pass the device. Update the code
to do this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This driver was originally written against Chromium OS circa 2012. A few
new features have been added. Enhance the TPM driver to match. This mostly
includes a few new messages and properly modelling whether a particular
'space' is present or not.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use an enum for command values instead of open-coding them. This removes
the need for comments. Also make sure the driver returns proper error
numbers instead of -1.
Signed-off-by: Simon Glass <sjg@chromium.org>
The recv variable in sandbox_tpm2_fill_buf() is a pointer on a pointer
of a char array. It means accessing *recv is the char array pointer
itself while **recv is the first character of that array. There is no
need for such indirection here, so simplify the code.
Simplifying things will make the last assignment right: "*recv = NULL"
is now correct. The issue has been found by the following Coverity
Scan report:
CID 183371: Incorrect expression (UNUSED_VALUE)
Assigning value "4UL" to "*recv" here, but that stored value is overwritten before it can be used.
232 *recv += sizeof(rc);
233
234 /* Add trailing \0 */
235 *recv = NULL;
While at simplifying things, use '\0' instead of NULL when adding an
empty char at the end of the buffer.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.
This has been found thanks to a Coverity Scan report:
CID 183370: Memory - illegal accesses (UNINIT)
Using uninitialized value "pcr_index".
put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.
Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
TPM_V1 was already compiled by default. Now that both can be compiled
at the same time, compiled them both by default.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While there is probably no reason to do so in a real life situation, it
will allow to compile test both stacks with the same sandbox defconfig.
As we cannot define two 'tpm' commands at the same time, the command for
TPM v1 is still called 'tpm' and the one for TPM v2 'tpm2'. While this
is the exact command name that must be written into eg. test files, any
user already using the TPM v2 stack can continue to do so by just writing
'tpm' because as long as TPM v1 support is not compiled, U-Boot prompt
will search for the closest command named after 'tpm'.
The command set can also be changed at runtime (not supported yet, but
ready to be), but as one can compile only either one stack or the other,
there is still one spot in the code where conditionals are used: to
retrieve the v1 or v2 command set.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: In sandbox_tpm2_fill_buf() use NULL not \0 to ensure NULL
terminated string due to LLVM warning]
Signed-off-by: Tom Rini <trini@konsulko.com>
The TPM_DRIVER_SELECTED symbol was used in one of the initial series
about TPMv2 but its use has been dropped, making these selects
useless, remove them.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When Sandbox and the TPM stack are both selected, compile Sandbox TPM
driver by default.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver can emulate all the basic functionalities of a TPMv2.x
chip and should behave like them during regular testing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
On some designs, the reset line could not be connected to the SoC reset
line, in this case, request the GPIO and ensure the chip gets reset.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the tpm2_tis_spi driver that should support any TPMv2 compliant
(SPI) module.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Choice between v1 and v2 compliant functions is done with the
configuration.
Create the various files that will receive TPMv2-only code on the same
scheme as for the TPMv1 code.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There are no changes in this commit but a new organization of the code
as follow.
* cmd/ directory:
> move existing code from cmd/tpm.c in cmd/tpm-common.c
> move specific code in cmd/tpm-v1.c
> create a specific header file with generic definitions for
commands only called cmd/tpm-user-utils.h
* lib/ directory:
> move existing code from lib/tpm.c in lib/tpm-common.c
> move specific code in lib/tpm-v1.c
> create a specific header file with generic definitions for
the library itself called lib/tpm-utils.h
* include/ directory:
> move existing code from include/tpm.h in include/tpm-common.h
> move specific code in include/tpm-v1.h
Code designated as 'common' is compiled if TPM are used. Code designated
as 'specific' is compiled only if the right specification has been
selected.
All files include tpm-common.h.
Files in cmd/ include tpm-user-utils.h.
Files in lib/ include tpm-utils.h.
Depending on the specification, files may include either (not both)
tpm-v1.h or tpm-v2.h.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix a few more cases of tpm.h -> tpm-v1.h, some Kconfig logic]
Signed-off-by: Tom Rini <trini@konsulko.com>
Because both major revisions are not compatible at all, let's make them
mutually exclusive in Kconfig. This way we will be sure, when using a
command or a library function that it is supported by the right
revision.
Current drivers are currently prefixed by "tpm_", we will prefix TPMv2.x
files by "tpm2_" to make the distinction without moving everything.
The Kconfig menu about TPM drivers is now divided into two sections, one
for each specification. Compliant drivers with one specification will
only show up if this specification _only_ has been selected, otherwise a
comment is displayed.
Once a driver is selected by the user, it selects automatically a
boolean value, that is needed in order to activate the TPM commands.
Selecting the TPM commands will automatically select the right
command/library files.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Rework deps as TPM_V1 and TPM_V2 depend on TPM,
drop TPM_DRIVER_SELECTED]
Signed-off-by: Tom Rini <trini@konsulko.com>
TPM are shipped with a few read-only register from which we can retrieve
for instance:
- vendor ID
- product ID
- revision ID
Product and vendor ID share the same register and are already referenced
in the tpm_chip structure. Add the revision ID entry which is missing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>