Re: [PATCH 2/3 v3] tpm2: Add a TPMv2 MMIO TIS driver

[Ilias Apalodimas <ilias.apalodimas@linaro.org>]

On Thu, Jul 08, 2021 at 11:42:29AM +0200, Heinrich Schuchardt wrote:
> On 08.07.21 10:23, Ilias Apalodimas wrote:
> > Add support for devices that expose a TPMv2 though MMIO.
> > Apart from those devices, we can use the driver in our QEMU setups and
> > test TPM related code which is difficult to achieve using the sandbox
> > driver (e.g test the EFI TCG2 protocol).
> > 
> > It's worth noting that a previous patch added TPMv2 TIS core functions,
> > which the current driver is consuming.
> > 
> > Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> 
> There should be a defconfig using the driver to ensure that it is built
> in CI. As you want to use the driver for testing with QEMU let that be
> qemu_arm64_defconfig and qemu_arm_defconfig (we should build both 64bit
> and 32bit).
> 
> A paragraph in doc/board/emulation/qemu-arm.rst indicating how to
> emulate a TPM would be helpful.
> 
> I think information like the following is needed:
> 
> To emulate a TPM the swtpm package may be used. It can be built from the
> following repositories:
> 
>     https://github.com/stefanberger/libtpms.git
>     https://github.com/stefanberger/swtpm.git
> 
> Swtpm provides a socket for the TPM emulation which can be consumed by QEMU.
> 
> In a first console invoke swtpm:
> 
>     swtpm socket --tpmstate dir=/tmp/mytpm1   \
>     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock --log level=20
> 
> In a second console invoke qemu-system-aarch64 with
> 
>     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>     -tpmdev emulator,id=tpm0,chardev=chrtpm \
>     -device tpm-tis-device,tpmdev=tpm0
> 
> To use the TPM emulation U-Boot must be compiled with
> 
> ???

Text looks good to me. I'll send a v4 with the defconfigs + help included

Thanks
/Ilias
> 
> Best regards
> 
> Heinrich
> 
> > ---
> >   drivers/tpm/Kconfig         |   9 +++
> >   drivers/tpm/Makefile        |   1 +
> >   drivers/tpm/tpm2_tis_mmio.c | 156 ++++++++++++++++++++++++++++++++++++
> >   3 files changed, 166 insertions(+)
> >   create mode 100644 drivers/tpm/tpm2_tis_mmio.c
> > 
> > diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> > index 9eebab5cfd90..406ee8716e1e 100644
> > --- a/drivers/tpm/Kconfig
> > +++ b/drivers/tpm/Kconfig
> > @@ -161,6 +161,15 @@ config TPM2_FTPM_TEE
> >   	help
> >   	  This driver supports firmware TPM running in TEE.
> > 
> > +config TPM2_MMIO
> > +	bool "MMIO based TPM2 Interface"
> > +	depends on TPM_V2
> > +	help
> > +	  This driver supports firmware TPM2.0 MMIO interface.
> > +	  The usual TPM operations and the 'tpm' command can be used to talk
> > +	  to the device using the standard TPM Interface Specification (TIS)
> > +	  protocol.
> > +
> >   endif # TPM_V2
> > 
> >   endmenu
> > diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
> > index f64d20067f88..1065c1874f58 100644
> > --- a/drivers/tpm/Makefile
> > +++ b/drivers/tpm/Makefile
> > @@ -14,3 +14,4 @@ obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o
> >   obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o
> >   obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
> >   obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o
> > +obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o
> > diff --git a/drivers/tpm/tpm2_tis_mmio.c b/drivers/tpm/tpm2_tis_mmio.c
> > new file mode 100644
> > index 000000000000..2183a2807162
> > --- /dev/null
> > +++ b/drivers/tpm/tpm2_tis_mmio.c
> > @@ -0,0 +1,156 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * driver for mmio TCG/TIS TPM (trusted platform module).
> > + *
> > + * Specifications at www.trustedcomputinggroup.org
> > + */
> > +
> > +#include <common.h>
> > +#include <dm.h>
> > +#include <log.h>
> > +#include <tpm-v2.h>
> > +#include <linux/bitops.h>
> > +#include <linux/compiler.h>
> > +#include <linux/delay.h>
> > +#include <linux/errno.h>
> > +#include <linux/types.h>
> > +#include <linux/io.h>
> > +#include <linux/unaligned/be_byteshift.h>
> > +#include "tpm_tis.h"
> > +#include "tpm_internal.h"
> > +
> > +struct tpm_tis_chip_data {
> > +	unsigned int pcr_count;
> > +	unsigned int pcr_select_min;
> > +	unsigned int time_before_first_cmd_ms;
> > +	void __iomem *iobase;
> > +};
> > +
> > +static int mmio_read_bytes(struct udevice *udev, u32 addr, u16 len,
> > +			   u8 *result)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	while (len--)
> > +		*result++ = ioread8(drv_data->iobase + addr);
> > +	return 0;
> > +}
> > +
> > +static int mmio_write_bytes(struct udevice *udev, u32 addr, u16 len,
> > +			    const u8 *value)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	while (len--)
> > +		iowrite8(*value++, drv_data->iobase + addr);
> > +	return 0;
> > +}
> > +
> > +static int mmio_read16(struct udevice *udev, u32 addr, u16 *result)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	*result = ioread16(drv_data->iobase + addr);
> > +	return 0;
> > +}
> > +
> > +static int mmio_read32(struct udevice *udev, u32 addr, u32 *result)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	*result = ioread32(drv_data->iobase + addr);
> > +	return 0;
> > +}
> > +
> > +static int mmio_write32(struct udevice *udev, u32 addr, u32 value)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	iowrite32(value, drv_data->iobase + addr);
> > +	return 0;
> > +}
> > +
> > +static struct tpm_tis_phy_ops phy_ops = {
> > +	.read_bytes = mmio_read_bytes,
> > +	.write_bytes = mmio_write_bytes,
> > +	.read16 = mmio_read16,
> > +	.read32 = mmio_read32,
> > +	.write32 = mmio_write32,
> > +};
> > +
> > +static int tpm_tis_probe(struct udevice *udev)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +	struct tpm_chip_priv *priv = dev_get_uclass_priv(udev);
> > +	int ret = 0;
> > +	fdt_addr_t ioaddr;
> > +	u64 sz;
> > +
> > +	ioaddr = dev_read_addr(udev);
> > +	if (ioaddr == FDT_ADDR_T_NONE)
> > +		return -EINVAL;
> > +
> > +	ret = dev_read_u64(udev, "reg", &sz);
> > +	if (ret)
> > +		return -EINVAL;
> > +
> > +	drv_data->iobase = ioremap(ioaddr, sz);
> > +	log_info("Remapped TPM2 base: 0x%llx size: 0x%llx\n", ioaddr, sz);
> > +	tpm_tis_ops_register(udev, &phy_ops);
> > +	ret = tpm_tis_init(udev);
> > +	if (ret)
> > +		goto iounmap;
> > +
> > +	priv->pcr_count = drv_data->pcr_count;
> > +	priv->pcr_select_min = drv_data->pcr_select_min;
> > +	/*
> > +	 * Although the driver probably works with a TPMv1 our Kconfig
> > +	 * limits the driver to TPMv2 only
> > +	 */
> > +	priv->version = TPM_V2;
> > +
> > +	return ret;
> > +iounmap:
> > +	iounmap(drv_data->iobase);
> > +	return -EINVAL;
> > +}
> > +
> > +static int tpm_tis_remove(struct udevice *udev)
> > +{
> > +	struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev);
> > +
> > +	iounmap(drv_data->iobase);
> > +	return tpm_tis_cleanup(udev);
> > +}
> > +
> > +static const struct tpm_ops tpm_tis_ops = {
> > +	.open		= tpm_tis_open,
> > +	.close		= tpm_tis_close,
> > +	.get_desc	= tpm_tis_get_desc,
> > +	.send		= tpm_tis_send,
> > +	.recv		= tpm_tis_recv,
> > +	.cleanup	= tpm_tis_cleanup,
> > +};
> > +
> > +static const struct tpm_tis_chip_data tpm_tis_std_chip_data = {
> > +	.pcr_count = 24,
> > +	.pcr_select_min = 3,
> > +};
> > +
> > +static const struct udevice_id tpm_tis_ids[] = {
> > +	{
> > +		.compatible = "tcg,tpm-tis-mmio",
> > +		.data = (ulong)&tpm_tis_std_chip_data,
> > +	},
> > +	{ }
> > +};
> > +
> > +U_BOOT_DRIVER(tpm_tis_mmio) = {
> > +	.name   = "tpm_tis_mmio",
> > +	.id     = UCLASS_TPM,
> > +	.of_match = tpm_tis_ids,
> > +	.ops    = &tpm_tis_ops,
> > +	.probe	= tpm_tis_probe,
> > +	.remove	= tpm_tis_remove,
> > +	.priv_auto	= sizeof(struct tpm_chip),
> > +};
> >