Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
In TPM 2.0 Firmware 1.3.0.1 and 1.3.1.0 (at least) there exists
a bug where if you send the wrong thing to the TPM it may lock the
bus, with no way of recovery except powering the TPM off/on.
On our current systems, the only way to power the TPM off/on is to pull
the power on the system (*NOT* just power off/on to host from BMC).
So, this patch adds the ability to do things to the i2c request really
early on, well before it hits any hardware, such as quickly drop it.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently, the polling time is calculated by adding the sleep time to it.
This calculates the polling time by taking timestamps with mftb() before
calling the i2c-interface to send an i2c request to the tpm. Thus having
a much more accurate polling time.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after reading the tpm fifo in
tpm_read_fifo().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm_read_fifo() has unnecessary and not so intuitive variables.
This cleans up these variables.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after writting the tpm fifo in
tpm_write_fifo().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm_write_fifo() has unnecessary and not so intuitive variables.
This cleans up these variables.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after writting the sts.commandReady to
release the tpm.
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This handles errors returned by the tpm-i2c interface after writing
sts.go in tpm_transmit().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The functions tpm_is_expecting() and tpm_is_data_avail() ignore the
errors returned by the tpm-i2c interface.
This adds code to handle erros after checking the tpm fifo status. The
tpm_is_expecting() and tpm_is_data_avail() functions are replaced by
tpm_wait_for_fifo_status().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This returns burst_count as opposed to pass it as a parameter.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
TPM_TIMEOUT_D timeout is only related to burst_count polling.
This moves the burstCount polling code to tpm_read_burst_count() in
order to isolate the code that is related to TPM_TIMEOUT_D.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after reading sts.commandReady. The
nested loop in tpm_poll_for_command_ready() is splitted in two
functions.
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm status register is read from multiple places by calling the
tpm-i2c-interface.
This adds the tpm_status_read_byte() to be the only function that
directly calls the tpm-i2c interface to read the tpm status register
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the tpm_check_status(), which makes the code more easy to read
and also allows the use of a mask to check status.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This shorten some defines to better fit in 80 columms.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This ensures the i2c subsystem is done with the i2c request before
we continue. Since it handles timeouts, we don't have to here.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The i2c code manipulates req->timeout, so it has to be reset before
re-sending.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Doing everything asynchronously is brilliant, it's exactly what we
want to do.
Except... the tpm driver wants to do things synchronously, which isn't
so cool.
For reasons that are not yet completely known, we spend an awful lot of
time in the main thread *not* running pollers (potentially seconds), which
doesn't bode well for I2C timeouts.
Since the TPM measure is done in a secondary thread, we do *not* run pollers
there either (as of 323c8aeb54bd4e0b9004091fcbb4a9daeda2f576 - which is
roughly as of skiboot 2.1.1).
But we still need to crank the i2c state machine, so we introduce a call
to do just that. It will return how long the poll interval should be, so
that we can time_wait() for a more appropriate time for whatever i2c
implementation is sitting behind things.
Without this, it was "easy" to get to a situation where the i2c state machine
wasn't cranked at all, and you'd hit the i2c timeout (for the issued operation)
before the poller to crank i2c was ever called.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This bumps up the byte timeout for tpm i2c requests from 10ms to 30ms.
Some p8dtu systems are getting i2c request timeout.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Pass SKIBOOT_ENABLE_MAMBO_STB=1 as environment variable to skiboot.tcl
and the tcl will enable the /ibm,secureboot node, enabling hash and
signature "verification" for that mambo session.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the 1/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
checks if the TPM device is ready to receive a new command.
This adds the 2/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
writes a given command to master I2C FIFO.
This adds the 3/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
sets the TPMGO bit in the I2C master status register to indicate that
the command stored in the FIFO can be sent to the TPM device.
This adds the 4/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
reads from the I2C master FIFO the result that the TPM device returned
for the last command sent.
This adds the 5/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
sets the COMMAND_READY bit in the status register to indicate that the
TPM device is ready to receive a new command.
This adds the probe function to the TPM Nuvoton driver and also updates
the tpm_init() in tpm_chip.c to call the probe function.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: squash commits into one]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the functions that TPM I2C drivers can use to send
requests to I2C master.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds a driver for the ROM verification code. The driver is compatible
with 'ibm,secureboot-v1'.
The presense of a verification code in the platform is indicated by the
presence of the ibm,secureboot node in the device tree.
The ibm,secureboot node is documented in 'doc/device-tree/ibm,secureboot.rst'
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|