security/tpm/: turn tis_{init,open} into tis_probe
init() was always followed by open() and after successful initialization
we only need send-receive function which is now returned by tis_probe()
on success, thus further reducing number of functions to export from
drivers.
This also removes check for opening TIS twice that seems to have no
value.
Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c
index cdb0dbb..2c9128e 100644
--- a/src/drivers/crb/tis.c
+++ b/src/drivers/crb/tis.c
@@ -14,8 +14,6 @@
#include "tpm.h"
#include "chip.h"
-static unsigned int tpm_is_open;
-
static const struct {
uint16_t vid;
uint16_t did;
@@ -35,43 +33,8 @@
return "Unknown";
}
-tpm_result_t tis_open(void)
-{
- if (tpm_is_open) {
- printk(BIOS_ERR, "%s called twice.\n", __func__);
- return TPM_CB_FAIL;
- }
-
- if (CONFIG(HAVE_INTEL_PTT)) {
- if (!ptt_active()) {
- printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
- return TPM_CB_FAIL;
- }
- printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
- }
-
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_init(void)
-{
- struct tpm2_info info;
-
- // Wake TPM up (if necessary)
- tpm_result_t rc = tpm2_init();
- if (rc)
- return rc;
-
- tpm2_get_info(&info);
-
- printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info),
- info.revision);
-
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
- uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t crb_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, uint8_t *recvbuf,
+ size_t *rbuf_len)
{
int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
@@ -83,6 +46,30 @@
return TPM_SUCCESS;
}
+tis_sendrecv_fn tis_probe(void)
+{
+ struct tpm2_info info;
+
+ /* Wake TPM up (if necessary) */
+ if (tpm2_init())
+ return NULL;
+
+ tpm2_get_info(&info);
+
+ printk(BIOS_INFO, "Initialized TPM device %s revision %d\n", tis_get_dev_name(&info),
+ info.revision);
+
+ if (CONFIG(HAVE_INTEL_PTT)) {
+ if (!ptt_active()) {
+ printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__);
+ return NULL;
+ }
+ printk(BIOS_DEBUG, "%s: Intel PTT is active.\n", __func__);
+ }
+
+ return &crb_tpm_sendrecv;
+}
+
static void crb_tpm_fill_ssdt(const struct device *dev)
{
const char *path = acpi_device_path(dev);
diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c
index 3351ca2..8462198 100644
--- a/src/drivers/i2c/tpm/cr50.c
+++ b/src/drivers/i2c/tpm/cr50.c
@@ -505,7 +505,6 @@
cr50_set_board_cfg();
}
- chip->is_open = 1;
return TPM_SUCCESS;
}
diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c
index a5c3b8f..6cb05f0 100644
--- a/src/drivers/i2c/tpm/tis.c
+++ b/src/drivers/i2c/tpm/tis.c
@@ -19,29 +19,6 @@
#define TPM_CMD_COUNT_BYTE 2
#define TPM_CMD_ORDINAL_BYTE 6
-tpm_result_t tis_open(void)
-{
- tpm_result_t rc;
-
- if (chip.is_open) {
- printk(BIOS_DEBUG, "%s() called twice.\n", __func__);
- return TPM_CB_FAIL;
- }
-
- rc = tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS,
- CONFIG_DRIVER_TPM_I2C_ADDR);
- if (rc != TPM_SUCCESS)
- chip.is_open = 0;
-
- return rc;
-}
-
-tpm_result_t tis_init(void)
-{
- return tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS,
- CONFIG_DRIVER_TPM_I2C_ADDR);
-}
-
static ssize_t tpm_transmit(const uint8_t *sbuf, size_t sbufsiz, void *rbuf,
size_t rbufsiz)
{
@@ -103,8 +80,8 @@
return rc;
}
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
- uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t i2c_tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+ uint8_t *recvbuf, size_t *rbuf_len)
{
ASSERT(sbuf_size >= 10);
@@ -140,3 +117,14 @@
return TPM_SUCCESS;
}
+
+tis_sendrecv_fn tis_probe(void)
+{
+ if (tpm_vendor_probe(CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
+ return NULL;
+
+ if (tpm_vendor_init(&chip, CONFIG_DRIVER_TPM_I2C_BUS, CONFIG_DRIVER_TPM_I2C_ADDR))
+ return NULL;
+
+ return &i2c_tpm_sendrecv;
+}
diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c
index 91ed6a9..0a29049 100644
--- a/src/drivers/i2c/tpm/tis_atmel.c
+++ b/src/drivers/i2c/tpm/tis_atmel.c
@@ -22,18 +22,8 @@
uint32_t return_code;
} __packed;
-tpm_result_t tis_open(void)
-{
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_init(void)
-{
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
- uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t i2c_tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+ uint8_t *recvbuf, size_t *rbuf_len)
{
size_t hdr_bytes;
struct tpm_output_header *header;
@@ -116,3 +106,8 @@
/* Successful transfer */
return TPM_SUCCESS;
}
+
+tis_sendrecv_fn tis_probe(void)
+{
+ return &i2c_tis_sendrecv;
+}
diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c
index 91c310b..541eb3a 100644
--- a/src/drivers/i2c/tpm/tpm.c
+++ b/src/drivers/i2c/tpm/tpm.c
@@ -507,8 +507,6 @@
tpm_dev.sleep_short = SLEEP_DURATION;
tpm_dev.sleep_long = SLEEP_DURATION_LONG;
- chip->is_open = 1;
-
chip->req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID;
chip->req_canceled = TPM_STS_COMMAND_READY;
diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h
index fb98377..628ad4d 100644
--- a/src/drivers/i2c/tpm/tpm.h
+++ b/src/drivers/i2c/tpm/tpm.h
@@ -39,7 +39,6 @@
#define TPM_DID_VID(l) (0x0006 | ((l) << 4))
struct tpm_chip {
- int is_open;
uint8_t req_complete_mask;
uint8_t req_complete_val;
uint8_t req_canceled;
diff --git a/src/drivers/pc80/tpm/tis.c b/src/drivers/pc80/tpm/tis.c
index 3f2d6bd..019e4a1 100644
--- a/src/drivers/pc80/tpm/tis.c
+++ b/src/drivers/pc80/tpm/tis.c
@@ -356,14 +356,14 @@
}
/*
- * tis_init()
+ * pc80_tis_probe()
*
* Probe the TPM device and try determining its manufacturer/device name.
*
* Returns TPM_SUCCESS on success (the device is found or was found during
* an earlier invocation) or TPM_CB_FAIL if the device is not found.
*/
-tpm_result_t tis_init(void)
+static tpm_result_t pc80_tis_probe(void)
{
const char *device_name = "unknown";
const char *vendor_name = device_name;
@@ -607,13 +607,13 @@
}
/*
- * tis_open()
+ * pc80_tis_open()
*
* Requests access to locality 0 for the caller.
*
* Returns TPM_SUCCESS on success, TSS Error on failure.
*/
-tpm_result_t tis_open(void)
+static tpm_result_t pc80_tis_open(void)
{
u8 locality = 0; /* we use locality zero for everything */
tpm_result_t rc = TPM_SUCCESS;
@@ -650,8 +650,8 @@
* Returns TPM_SUCCESS on success (and places the number of response bytes
* at recv_len) or TPM_CB_FAIL on failure.
*/
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t send_size,
- uint8_t *recvbuf, size_t *recv_len)
+static tpm_result_t pc80_tpm_sendrecv(const uint8_t *sendbuf, size_t send_size,
+ uint8_t *recvbuf, size_t *recv_len)
{
tpm_result_t rc = tis_senddata(sendbuf, send_size);
if (rc) {
@@ -664,6 +664,23 @@
}
/*
+ * tis_probe()
+ *
+ * Probe for the TPM device and set it up for use within locality 0. Returns
+ * pointer to send-receive function on success or NULL on failure.
+ */
+tis_sendrecv_fn tis_probe(void)
+{
+ if (pc80_tis_probe())
+ return NULL;
+
+ if (pc80_tis_open())
+ return NULL;
+
+ return &pc80_tpm_sendrecv;
+}
+
+/*
* tis_setup_interrupt()
*
* Set up the interrupt vector and polarity for locality 0 and
diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c
index 6fa6c82..90d7f59 100644
--- a/src/drivers/spi/tpm/tis.c
+++ b/src/drivers/spi/tpm/tis.c
@@ -5,8 +5,6 @@
#include "tpm.h"
-static unsigned int tpm_is_open;
-
static const struct {
uint16_t vid;
uint16_t did;
@@ -29,43 +27,8 @@
return "Unknown";
}
-tpm_result_t tis_open(void)
-{
- if (tpm_is_open) {
- printk(BIOS_ERR, "%s() called twice.\n", __func__);
- return TPM_CB_FAIL;
- }
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_init(void)
-{
- struct spi_slave spi;
- struct tpm2_info info;
- tpm_result_t rc = TPM_SUCCESS;
-
- if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS,
- CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) {
- printk(BIOS_ERR, "Failed to setup TPM SPI slave\n");
- return TPM_CB_FAIL;
- }
-
- rc = tpm2_init(&spi);
- if (rc) {
- printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n");
- return rc;
- }
-
- tpm2_get_info(&info);
-
- printk(BIOS_INFO, "Initialized TPM device %s revision %d\n",
- tis_get_dev_name(&info), info.revision);
-
- return TPM_SUCCESS;
-}
-
-tpm_result_t tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
- uint8_t *recvbuf, size_t *rbuf_len)
+static tpm_result_t tpm_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+ uint8_t *recvbuf, size_t *rbuf_len)
{
int len = tpm2_process_command(sendbuf, sbuf_size, recvbuf, *rbuf_len);
@@ -76,3 +39,27 @@
return TPM_SUCCESS;
}
+
+tis_sendrecv_fn tis_probe(void)
+{
+ struct spi_slave spi;
+ struct tpm2_info info;
+
+ if (spi_setup_slave(CONFIG_DRIVER_TPM_SPI_BUS,
+ CONFIG_DRIVER_TPM_SPI_CHIP, &spi)) {
+ printk(BIOS_ERR, "Failed to setup TPM SPI slave\n");
+ return NULL;
+ }
+
+ if (tpm2_init(&spi)) {
+ printk(BIOS_ERR, "Failed to initialize TPM SPI interface\n");
+ return NULL;
+ }
+
+ tpm2_get_info(&info);
+
+ printk(BIOS_INFO, "Initialized TPM device %s revision %d\n",
+ tis_get_dev_name(&info), info.revision);
+
+ return &tpm_sendrecv;
+}
diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h
index 34dc8e8b..ac07bfb 100644
--- a/src/security/tpm/tis.h
+++ b/src/security/tpm/tis.h
@@ -33,23 +33,6 @@
};
/*
- * tis_init()
- *
- * Initialize the TPM device.
- * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
- */
-tpm_result_t tis_init(void);
-
-/*
- * tis_open()
- *
- * Requests access to locality 0 for the caller.
- *
- * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
- */
-tpm_result_t tis_open(void);
-
-/*
* tis_sendrecv()
*
* Send the requested data to the TPM and then try to get its response
@@ -61,8 +44,19 @@
*
* Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
*/
-tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
- size_t *recv_len);
+typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
+ size_t *recv_len);
+
+/*
+ * tis_probe()
+ *
+ * Probe for the TPM device and set it up for use within locality 0. Returns
+ * pointer to send-receive function on success or NULL on failure.
+ *
+ * Do not call this explicitly, it's meant to be used exclusively by TSS
+ * implementation (tlcl_lib_init() function to be specific).
+ */
+tis_sendrecv_fn tis_probe(void);
/*
* tis_vendor_write()
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index e73db38..f0d28df 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -24,13 +24,22 @@
#include <console/console.h>
#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
+static tis_sendrecv_fn tis_sendrecv;
+
static tpm_result_t tpm_send_receive(const uint8_t *request,
- uint32_t request_length,
- uint8_t *response,
- uint32_t *response_length)
+ uint32_t request_length,
+ uint8_t *response,
+ uint32_t *response_length)
{
size_t len = *response_length;
- tpm_result_t rc = tis_sendrecv(request, request_length, response, &len);
+ tpm_result_t rc;
+
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n");
+ return TPM_FAIL;
+ }
+
+ rc = tis_sendrecv(request, request_length, response, &len);
if (rc)
return rc;
/* check 64->32bit overflow and (re)check response buffer overflow */
@@ -142,23 +151,16 @@
/* Exported functions. */
-static uint8_t tlcl_init_done;
-
tpm_result_t tlcl_lib_init(void)
{
- tpm_result_t rc = TPM_SUCCESS;
- if (tlcl_init_done)
- return rc;
- rc = tis_init();
- if (rc)
- return rc;
- rc = tis_open();
- if (rc)
- return rc;
+ if (tis_sendrecv != NULL)
+ return TPM_SUCCESS;
- tlcl_init_done = 1;
+ tis_sendrecv = tis_probe();
+ if (tis_sendrecv == NULL)
+ return TPM_CB_NO_DEVICE;
- return rc;
+ return TPM_SUCCESS;
}
tpm_result_t tlcl_startup(void)
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index e23a0d2..135d296 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -16,6 +16,8 @@
* TPM2 specification.
*/
+static tis_sendrecv_fn tis_sendrecv;
+
void *tpm_process_command(TPM_CC command, void *command_body)
{
struct obuf ob;
@@ -26,6 +28,11 @@
/* Command/response buffer. */
static uint8_t cr_buffer[TPM_BUFFER_SIZE];
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "Attempted use of uninitialized TSS 2.0 stack\n");
+ return NULL;
+ }
+
obuf_init(&ob, cr_buffer, sizeof(cr_buffer));
if (tpm_marshal_command(command, command_body, &ob) < 0) {
@@ -201,30 +208,19 @@
return TPM_SUCCESS;
}
-static uint8_t tlcl_init_done;
-
/* This function is called directly by vboot, uses vboot return types. */
tpm_result_t tlcl_lib_init(void)
{
- tpm_result_t rc = TPM_SUCCESS;
- if (tlcl_init_done)
- return rc;
+ if (tis_sendrecv != NULL)
+ return TPM_SUCCESS;
- rc = tis_init();
- if (rc) {
- printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc);
- return rc;
- }
- rc = tis_open();
- if (rc) {
- printk(BIOS_ERR, "%s: tis_open returned error %d\n"
- , __func__, rc);
- return rc;
+ tis_sendrecv = tis_probe();
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__);
+ return TPM_CB_NO_DEVICE;
}
- tlcl_init_done = 1;
-
- return rc;
+ return TPM_SUCCESS;
}
tpm_result_t tlcl_physical_presence_cmd_enable(void)