From d43154486d27323f64334203e9bc8baf08af6845 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sat, 29 Oct 2022 20:42:28 +0300 Subject: security/tpm/: turn tis_{init,open} into tis_probe Init was always followed by open and after successful initialization we need only send-receive function, which is now returned by tis_probe on success further reducing number of functions to export from drivers. Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991 Reviewed-by: Julius Werner Tested-by: build bot (Jenkins) --- src/drivers/crb/tis.c | 45 ++++++++++++++------------------------ src/drivers/i2c/tpm/cr50.c | 1 - src/drivers/i2c/tpm/tis.c | 41 +++++++++++----------------------- src/drivers/i2c/tpm/tis_atmel.c | 19 ++++++---------- src/drivers/i2c/tpm/tpm.c | 2 -- src/drivers/i2c/tpm/tpm.h | 1 - src/drivers/pc80/tpm/tis.c | 42 +++++++++++++++++------------------ src/drivers/spi/tpm/tis.c | 35 ++++++++++------------------- src/security/tpm/tis.h | 34 +++++++++++----------------- src/security/tpm/tss/tcg-1.2/tss.c | 17 +++++++------- src/security/tpm/tss/tcg-2.0/tss.c | 21 ++++++++---------- 11 files changed, 101 insertions(+), 157 deletions(-) diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c index a7d4fa73473d..0bb53c726d99 100644 --- a/src/drivers/crb/tis.c +++ b/src/drivers/crb/tis.c @@ -14,8 +14,6 @@ #include "tpm.h" #include "chip.h" -static unsigned int tpm_is_open; - static const struct { uint16_t vid; uint16_t did; @@ -35,50 +33,41 @@ static const char *tis_get_dev_name(struct tpm2_info *info) return "Unknown"; } -int tis_open(void) +static int crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf, + size_t *rbuf_len) { - if (tpm_is_open) { - printk(BIOS_ERR, "%s called twice.\n", __func__); + int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); + + if (len == 0) return -1; - } - if (CONFIG(HAVE_INTEL_PTT)) { - if (!ptt_active()) { - printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__); - return -1; - } - printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__); - } + *rbuf_len = len; return 0; } -int tis_init(void) +tis_sendrecv_fn tis_probe(void) { struct tpm2_info info; - // Wake TPM up (if necessary) + /* Wake TPM up (if necessary) */ if (tpm2_init() != 0) - return -1; + return NULL; tpm2_get_info(&info); printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info), info.revision); - return 0; -} - -int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf, size_t *rbuf_len) -{ - int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); - - if (len == 0) - return -1; - - *rbuf_len = len; + if (CONFIG(HAVE_INTEL_PTT)) { + if (!ptt_active()) { + printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__); + return NULL; + } + printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__); + } - return 0; + return &crb_tpm_sendrecv; } static void crb_tpm_fill_ssdt(const struct device *dev) diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c index d9088233c27b..593f201e6801 100644 --- a/src/drivers/i2c/tpm/cr50.c +++ b/src/drivers/i2c/tpm/cr50.c @@ -484,7 +484,6 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr) cr50_set_board_cfg(); } - chip->is_open = 1; return 0; } diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c index e9bf2cf7062a..2cf32f6217b5 100644 --- a/src/drivers/i2c/tpm/tis.c +++ b/src/drivers/i2c/tpm/tis.c @@ -19,32 +19,6 @@ static struct tpm_chip chip; #define TPM_CMD_COUNT_BYTE 2 #define TPM_CMD_ORDINAL_BYTE 6 -int tis_open(void) -{ - int rc; - - if (chip.is_open) { - printk(BIOS_DEBUG, "%s() called twice.\n", __func__); - return -1; - } - - rc = tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS, - CONFIG_DRIVER_TPM_I2C_ADDR); - if (rc < 0) - chip.is_open = 0; - - if (rc) - return -1; - - return 0; -} - -int tis_init(void) -{ - return tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, - CONFIG_DRIVER_TPM_I2C_ADDR); -} - static ssize_t tpm_transmit(const uint8_t *sbuf, size_t sbufsiz, void *rbuf, size_t rbufsiz) { @@ -107,8 +81,8 @@ out: return rc; } -int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, - uint8_t *recvbuf, size_t *rbuf_len) +static int i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, + uint8_t *recvbuf, size_t *rbuf_len) { ASSERT(sbuf_size >= 10); @@ -144,3 +118,14 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, return 0; } + +tis_sendrecv_fn tis_probe(void) +{ + if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR)) + return NULL; + + if (tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR)) + return NULL; + + return &i2c_tpm_sendrecv; +} diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c index 669ac68f6c82..376586bdfb28 100644 --- a/src/drivers/i2c/tpm/tis_atmel.c +++ b/src/drivers/i2c/tpm/tis_atmel.c @@ -22,18 +22,8 @@ struct tpm_output_header { uint32_t return_code; } __packed; -int tis_open(void) -{ - return 0; -} - -int tis_init(void) -{ - return 0; -} - -int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, - uint8_t *recvbuf, size_t *rbuf_len) +static int i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, + uint8_t *recvbuf, size_t *rbuf_len) { size_t hdr_bytes; struct tpm_output_header *header; @@ -112,3 +102,8 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, /* Successful transfer */ return 0; } + +tis_sendrecv_fn tis_probe(void) +{ + return &i2c_tis_sendrecv; +} diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c index 68b7042a64ca..7d335e9837a2 100644 --- a/src/drivers/i2c/tpm/tpm.c +++ b/src/drivers/i2c/tpm/tpm.c @@ -507,8 +507,6 @@ int tpm_vendor_init(struct tpm_chip *chip, unsigned int bus, uint32_t dev_addr) tpm_dev.sleep_short = SLEEP_DURATION; tpm_dev.sleep_long = SLEEP_DURATION_LONG; - chip->is_open = 1; - chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID; chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID; chip->req_canceled = TPM_STS_COMMAND_READY; diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h index d4176cc5114c..e4ca89397c2e 100644 --- a/src/drivers/i2c/tpm/tpm.h +++ b/src/drivers/i2c/tpm/tpm.h @@ -38,7 +38,6 @@ enum tpm_timeout { #define TPM_DID_VID(l) (0x0006 | ((l) << 4)) struct tpm_chip { - int is_open; uint8_t req_complete_mask; uint8_t req_complete_val; uint8_t req_canceled; diff --git a/src/drivers/pc80/tpm/tis.c b/src/drivers/pc80/tpm/tis.c index ce88ae012d7f..42ad19298cf2 100644 --- a/src/drivers/pc80/tpm/tis.c +++ b/src/drivers/pc80/tpm/tis.c @@ -373,7 +373,7 @@ static int tis_command_ready(u8 locality) * Returns 0 on success (the device is found or was found during an earlier * invocation) or TPM_DRIVER_ERR if the device is not found. */ -static u32 tis_probe(void) +static u32 pc80_tis_probe(void) { const char *device_name = "unknown"; const char *vendor_name = device_name; @@ -608,26 +608,11 @@ static u32 tis_readresponse(u8 *buffer, size_t *len) } /* - * tis_init() - * - * Initialize the TPM device. Returns 0 on success or TPM_DRIVER_ERR on - * failure (in case device probing did not succeed). - */ -int tis_init(void) -{ - if (tis_probe()) - return TPM_DRIVER_ERR; - return 0; -} - -/* - * tis_open() - * * Requests access to locality 0 for the caller. * * Returns 0 on success, TPM_DRIVER_ERR on failure. */ -int tis_open(void) +static int pc80_tis_open(void) { u8 locality = 0; /* we use locality zero for everything */ @@ -653,8 +638,6 @@ int tis_open(void) } /* - * tis_sendrecv() - * * Send the requested data to the TPM and then try to get its response * * @sendbuf - buffer of the data to send @@ -665,8 +648,8 @@ int tis_open(void) * Returns 0 on success (and places the number of response bytes at recv_len) * or TPM_DRIVER_ERR on failure. */ -int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, - uint8_t *recvbuf, size_t *recv_len) +static int pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size, + uint8_t *recvbuf, size_t *recv_len) { if (tis_senddata(sendbuf, send_size)) { printf("%s:%d failed sending data to TPM\n", @@ -677,6 +660,23 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, return tis_readresponse(recvbuf, recv_len); } +/* + * tis_probe() + * + * Probe for the TPM device and set it up for use within locality 0. Returns + * pointer to send-receive function on success or NULL on failure. + */ +tis_sendrecv_fn tis_probe(void) +{ + if (pc80_tis_probe()) + return NULL; + + if (pc80_tis_open()) + return NULL; + + return &pc80_tpm_sendrecv; +} + /* * tis_setup_interrupt() * diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c index b9b2a4a5cb6a..310b1c09ea70 100644 --- a/src/drivers/spi/tpm/tis.c +++ b/src/drivers/spi/tpm/tis.c @@ -5,8 +5,6 @@ #include "tpm.h" -static unsigned int tpm_is_open; - static const struct { uint16_t vid; uint16_t did; @@ -29,16 +27,20 @@ static const char *tis_get_dev_name(struct tpm2_info *info) return "Unknown"; } -int tis_open(void) +static int tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, + uint8_t *recvbuf, size_t *rbuf_len) { - if (tpm_is_open) { - printk(BIOS_ERR, "%s() called twice.\n", __func__); + int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); + + if (len == 0) return -1; - } + + *rbuf_len = len; + return 0; } -int tis_init(void) +tis_sendrecv_fn tis_probe(void) { struct spi_slave spi; struct tpm2_info info; @@ -46,12 +48,12 @@ int tis_init(void) if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS, CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) { printk(BIOS_ERR, "Failed to setup TPM SPI slave\n"); - return -1; + return NULL; } if (tpm2_init(&spi)) { printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n"); - return -1; + return NULL; } tpm2_get_info(&info); @@ -59,18 +61,5 @@ int tis_init(void) printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info), info.revision); - return 0; -} - -int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, - uint8_t *recvbuf, size_t *rbuf_len) -{ - int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len); - - if (len == 0) - return -1; - - *rbuf_len = len; - - return 0; + return &tpm_sendrecv; } diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h index 04a137f12eb1..b6a258f4914c 100644 --- a/src/security/tpm/tis.h +++ b/src/security/tpm/tis.h @@ -34,25 +34,6 @@ enum tis_status { }; /* - * tis_init() - * - * Initialize the TPM device. Returns 0 on success or -1 on - * failure (in case device probing did not succeed). - */ -int tis_init(void); - -/* - * tis_open() - * - * Requests access to locality 0 for the caller. - * - * Returns 0 on success, -1 on failure. - */ -int tis_open(void); - -/* - * tis_sendrecv() - * * Send the requested data to the TPM and then try to get its response * * @sendbuf - buffer of the data to send @@ -63,8 +44,19 @@ int tis_open(void); * Returns 0 on success (and places the number of response bytes at recv_len) * or -1 on failure. */ -int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, - size_t *recv_len); +typedef int (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf, + size_t *recv_len); + +/* + * tis_probe() + * + * Probe for the TPM device and set it up for use within locality 0. Returns + * pointer to send-receive function on success or NULL on failure. + * + * Do not call this explicitly, it's meant to be used exclusively by TSS + * implementation (tlcl_lib_init() function to be specific). + */ +tis_sendrecv_fn tis_probe(void); /* TODO: This is supposed to be used only for Google TPM. Consider moving this to drivers/tpm/cr50.h. */ diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index 39c44eca9f32..7f0607ba82d4 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -24,12 +24,18 @@ #include #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args) +static tis_sendrecv_fn tis_sendrecv; + static int tpm_send_receive(const uint8_t *request, uint32_t request_length, uint8_t *response, uint32_t *response_length) { size_t len = *response_length; + + if (tis_sendrecv == NULL) + die("TSS 1.2 wasn't initialized\n"); + if (tis_sendrecv(request, request_length, response, &len)) return VB2_ERROR_UNKNOWN; /* check 64->32bit overflow and (re)check response buffer overflow */ @@ -140,20 +146,15 @@ static uint32_t send(const uint8_t *command) /* Exported functions. */ -static uint8_t tlcl_init_done; - uint32_t tlcl_lib_init(void) { - if (tlcl_init_done) + if (tis_sendrecv != NULL) return VB2_SUCCESS; - if (tis_init()) - return VB2_ERROR_UNKNOWN; - if (tis_open()) + tis_sendrecv = tis_probe(); + if (tis_sendrecv == NULL) return VB2_ERROR_UNKNOWN; - tlcl_init_done = 1; - return VB2_SUCCESS; } diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index d228c7f6a831..a787b13fa1a2 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -16,6 +16,8 @@ * TPM2 specification. */ +static tis_sendrecv_fn tis_sendrecv; + void *tpm_process_command(TPM_CC command, void *command_body) { struct obuf ob; @@ -26,6 +28,9 @@ void *tpm_process_command(TPM_CC command, void *command_body) /* Command/response buffer. */ static uint8_t cr_buffer[TPM_BUFFER_SIZE]; + if (tis_sendrecv == NULL) + die("TSS 2.0 wasn't initialized\n"); + obuf_init(&ob, cr_buffer, sizeof(cr_buffer)); if (tpm_marshal_command(command, command_body, &ob) < 0) { @@ -201,26 +206,18 @@ uint32_t tlcl_clear_control(bool disable) return TPM_SUCCESS; } -static uint8_t tlcl_init_done; - /* This function is called directly by vboot, uses vboot return types. */ uint32_t tlcl_lib_init(void) { - if (tlcl_init_done) + if (tis_sendrecv != NULL) return VB2_SUCCESS; - if (tis_init()) { - printk(BIOS_ERR, "%s: tis_init returned error\n", __func__); + tis_sendrecv = tis_probe(); + if (tis_sendrecv == NULL) { + printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__); return VB2_ERROR_UNKNOWN; } - if (tis_open()) { - printk(BIOS_ERR, "%s: tis_open returned error\n", __func__); - return VB2_ERROR_UNKNOWN; - } - - tlcl_init_done = 1; - return VB2_SUCCESS; } -- cgit v1.2.3