// // Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include <algorithm> #include <ctime> #include <string> #include <unistd.h> #include <base/logging.h> #include "trunks/tpm_generated.h" #include "trunks/trunks_ftdi_spi.h" // Assorted TPM2 registers for interface type FIFO. #define TPM_ACCESS_REG 0 #define TPM_STS_REG 0x18 #define TPM_DATA_FIFO_REG 0x24 #define TPM_DID_VID_REG 0xf00 #define TPM_RID_REG 0xf04 namespace trunks { // Locality management bits (in TPM_ACCESS_REG) enum TpmAccessBits { tpmRegValidSts = (1 << 7), activeLocality = (1 << 5), requestUse = (1 << 1), tpmEstablishment = (1 << 0), }; enum TpmStsBits { tpmFamilyShift = 26, tpmFamilyMask = ((1 << 2) - 1), // 2 bits wide tpmFamilyTPM2 = 1, resetEstablishmentBit = (1 << 25), commandCancel = (1 << 24), burstCountShift = 8, burstCountMask = ((1 << 16) - 1), // 16 bits wide stsValid = (1 << 7), commandReady = (1 << 6), tpmGo = (1 << 5), dataAvail = (1 << 4), Expect = (1 << 3), selfTestDone = (1 << 2), responseRetry = (1 << 1), }; // SPI frame header for TPM transactions is 4 bytes in size, it is described // in section "6.4.6 Spi Bit Protocol" of the TCG issued "TPM Profile (PTP) // Specification Revision 00.43. struct SpiFrameHeader { unsigned char body[4]; }; TrunksFtdiSpi::~TrunksFtdiSpi() { if (mpsse_) Close(mpsse_); mpsse_ = NULL; } bool TrunksFtdiSpi::ReadTpmSts(uint32_t* status) { return FtdiReadReg(TPM_STS_REG, sizeof(*status), status); } bool TrunksFtdiSpi::WriteTpmSts(uint32_t status) { return FtdiWriteReg(TPM_STS_REG, sizeof(status), &status); } void TrunksFtdiSpi::StartTransaction(bool read_write, size_t bytes, unsigned addr) { unsigned char* response; SpiFrameHeader header; usleep(10000); // give it 10 ms. TODO(vbendeb): remove this once // cr50 SPS TPM driver performance is fixed. // The first byte of the frame header encodes the transaction type (read or // write) and size (set to lenth - 1). header.body[0] = (read_write ? 0x80 : 0) | 0x40 | (bytes - 1); // The rest of the frame header is the internal address in the TPM for (int i = 0; i < 3; i++) header.body[i + 1] = (addr >> (8 * (2 - i))) & 0xff; Start(mpsse_); response = Transfer(mpsse_, header.body, sizeof(header.body)); // The TCG TPM over SPI specification itroduces the notion of SPI flow // control (Section "6.4.5 Flow Control" of the TCG issued "TPM Profile // (PTP) Specification Revision 00.43). // The slave (TPM device) expects each transaction to start with a 4 byte // header trasmitted by master. If the slave needs to stall the transaction, // it sets the MOSI bit to 0 during the last clock of the 4 byte header. In // this case the master is supposed to start polling the line, byte at time, // until the last bit in the received byte (transferred during the last // clock of the byte) is set to 1. while (!(response[3] & 1)) { unsigned char* poll_state; poll_state = Read(mpsse_, 1); response[3] = *poll_state; free(poll_state); } free(response); } bool TrunksFtdiSpi::FtdiWriteReg(unsigned reg_number, size_t bytes, const void* buffer) { if (!mpsse_) return false; StartTransaction(false, bytes, reg_number + locality_ * 0x10000); Write(mpsse_, buffer, bytes); Stop(mpsse_); return true; } bool TrunksFtdiSpi::FtdiReadReg(unsigned reg_number, size_t bytes, void* buffer) { unsigned char* value; if (!mpsse_) return false; StartTransaction(true, bytes, reg_number + locality_ * 0x10000); value = Read(mpsse_, bytes); if (buffer) memcpy(buffer, value, bytes); free(value); Stop(mpsse_); return true; } size_t TrunksFtdiSpi::GetBurstCount(void) { uint32_t status; ReadTpmSts(&status); return (size_t)((status >> burstCountShift) & burstCountMask); } bool TrunksFtdiSpi::Init() { uint32_t did_vid, status; uint8_t cmd; if (mpsse_) return true; mpsse_ = MPSSE(SPI0, ONE_MHZ, MSB); if (!mpsse_) return false; // Reset the TPM using GPIOL0, issue a 100 ms long pulse. PinLow(mpsse_, GPIOL0); usleep(100000); PinHigh(mpsse_, GPIOL0); FtdiReadReg(TPM_DID_VID_REG, sizeof(did_vid), &did_vid); uint16_t vid = did_vid & 0xffff; if ((vid != 0x15d1) && (vid != 0x1ae0)) { LOG(ERROR) << "unknown did_vid: 0x" << std::hex << did_vid; return false; } // Try claiming locality zero. FtdiReadReg(TPM_ACCESS_REG, sizeof(cmd), &cmd); // tpmEstablishment can be either set or not. if ((cmd & ~tpmEstablishment) != tpmRegValidSts) { LOG(ERROR) << "invalid reset status: 0x" << std::hex << (unsigned)cmd; return false; } cmd = requestUse; FtdiWriteReg(TPM_ACCESS_REG, sizeof(cmd), &cmd); FtdiReadReg(TPM_ACCESS_REG, sizeof(cmd), &cmd); if ((cmd & ~tpmEstablishment) != (tpmRegValidSts | activeLocality)) { LOG(ERROR) << "failed to claim locality, status: 0x" << std::hex << (unsigned)cmd; return false; } ReadTpmSts(&status); if (((status >> tpmFamilyShift) & tpmFamilyMask) != tpmFamilyTPM2) { LOG(ERROR) << "unexpected TPM family value, status: 0x" << std::hex << status; return false; } FtdiReadReg(TPM_RID_REG, sizeof(cmd), &cmd); printf("Connected to device vid:did:rid of %4.4x:%4.4x:%2.2x\n", did_vid & 0xffff, did_vid >> 16, cmd); return true; } void TrunksFtdiSpi::SendCommand(const std::string& command, const ResponseCallback& callback) { printf("%s invoked\n", __func__); } bool TrunksFtdiSpi::WaitForStatus(uint32_t statusMask, uint32_t statusExpected, int timeout_ms) { uint32_t status; time_t target_time; target_time = time(NULL) + timeout_ms / 1000; do { usleep(10000); // 10 ms polling period. if (time(NULL) >= target_time) { LOG(ERROR) << "failed to get expected status " << std::hex << statusExpected; return false; } ReadTpmSts(&status); } while ((status & statusMask) != statusExpected); return true; } std::string TrunksFtdiSpi::SendCommandAndWait(const std::string& command) { uint32_t status; uint32_t expected_status_bits; size_t transaction_size, handled_so_far(0); std::string rv(""); if (!mpsse_) { LOG(ERROR) << "attempt to use an uninitialized FTDI TPM!"; return rv; } WriteTpmSts(commandReady); // No need to wait for the sts.Expect bit to be set, at least with the // 15d1:001b device, let's just write the command into FIFO, not exceeding // the minimum of the two values - burst_count and 64 (which is the protocol // limitation) do { transaction_size = std::min( std::min(command.size() - handled_so_far, GetBurstCount()), (size_t)64); if (transaction_size) { LOG(INFO) << "will transfer " << transaction_size << " bytes"; FtdiWriteReg(TPM_DATA_FIFO_REG, transaction_size, command.c_str() + handled_so_far); handled_so_far += transaction_size; } } while (handled_so_far != command.size()); // And tell the device it can start processing it. WriteTpmSts(tpmGo); expected_status_bits = stsValid | dataAvail; if (!WaitForStatus(expected_status_bits, expected_status_bits)) return rv; // The response is ready, let's read it. // First we read the FIFO payload header, to see how much data to expect. // The header size is fixed to six bytes, the total payload size is stored // in network order in the last four bytes of the header. char data_header[6]; // Let's read the header first. FtdiReadReg(TPM_DATA_FIFO_REG, sizeof(data_header), data_header); // Figure out the total payload size. uint32_t payload_size; memcpy(&payload_size, data_header + 2, sizeof(payload_size)); payload_size = be32toh(payload_size); // A FIFO message with the minimum required header and contents can not be // less than 10 bytes long. It also should never be more than 4096 bytes // long. if ((payload_size < 10) || (payload_size > MAX_RESPONSE_SIZE)) { // Something must be wrong... LOG(ERROR) << "Bad total payload size value: " << payload_size; return rv; } LOG(INFO) << "Total payload size " << payload_size; // Let's read all but the last byte in the FIFO to make sure the status // register is showing correct flow control bits: 'more data' until the last // byte and then 'no more data' once the last byte is read. handled_so_far = 0; payload_size = payload_size - sizeof(data_header) - 1; // Allow room for the last byte too. uint8_t* payload = new uint8_t[payload_size + 1]; do { transaction_size = std::min( std::min(payload_size - handled_so_far, GetBurstCount()), (size_t)64); if (transaction_size) { FtdiReadReg(TPM_DATA_FIFO_REG, transaction_size, payload + handled_so_far); handled_so_far += transaction_size; } } while (handled_so_far != payload_size); // Verify that there is still data to come. ReadTpmSts(&status); if ((status & expected_status_bits) != expected_status_bits) { LOG(ERROR) << "unexpected status 0x" << std::hex << status; delete[] payload; return rv; } // Now, read the last byte of the payload. FtdiReadReg(TPM_DATA_FIFO_REG, sizeof(uint8_t), payload + payload_size); // Verify that 'data available' is not asseretd any more. ReadTpmSts(&status); if ((status & expected_status_bits) != stsValid) { LOG(ERROR) << "unexpected status 0x" << std::hex << status; delete[] payload; return rv; } rv = std::string(data_header, sizeof(data_header)) + std::string(reinterpret_cast<char*>(payload), payload_size + 1); /* Move the TPM back to idle state. */ WriteTpmSts(commandReady); delete[] payload; return rv; } } // namespace trunks