OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Driver tpm(4) and third party packages for trusted platform modules

From: Hans-Joerg Hoexer (tss-projectgenua.de)
Date: Mon Aug 02 2010 - 07:02:19 CDT


Hi,

we have developed a driver for various TPMs for OpenBSD 4.7-current and
FreeBSD 8.0 and have ported and updated several third party packages to
enable use of TPMs on Open- and FreeBSD. This enables applications like
OpenSSH to generate and store private keys inside a TPM.

The supported TPMs are:

- Atmel 97SC3203
- Broadcom BCM0102
- Infineon SLB 9635 TT 1.2
- Intel INTC0102
- Sinosun SNS SSX35
- STM ST19WP18
- Winbond WEC WPCT200

The supported third party packages are:

- openCryptoki 2.3.1: An PKCS#11 implementation, including support
  for TPMs. OpenSSH can use this library to generate and store private
  RSA keys inside a TPM.
- openssl_tpm_engine 0.4.1: An openssl engine supporting TPMs.
- tpm-emulator 0.7.0: An emulator providing the functionality of a TPM.
  Used for development purposes.
- tpm-tools 1.3.5: Various tools for managing a TPM, including key
  generation.
- trousers 0.3.5: An implementation of the Trusted Software Stack.
  This is the backend libary for the afore mentioned packages.
- trousers testsuite 0.2: A testsuite for trousers.
- TrustedGRUB 1.1.4: An TPM enabled version of grub, including support
  for natively booting OpenBSD.

A patch including the driver tpm(4) is attached, more information,
full source code and patches for third party packages can be found at
http://bsssd.sourceforge.net.

Regards,
HJ.

---

 Patch for OpenBSD 4.7-current

 It provides:
 - tpm(4) driver
 - modified acpidump(8) for dumping the TCPA table
 - MAKEDEV(8) to generate /dev/tpm
 - modified ichpcib(4) which enables tpm chip
 - comments to aps(4) which shares registers with tpm(4)

 Applying and building the patch:
        # cd /usr/src
        # patch < /tmp/openbsd-beta.diff
        # cd /usr/src/usr.sbin/acpidump/
        # make obj && make depend && make && make install
        # cd /usr/src/etc/etc.i386/
        # make
        # cp MAKEDEV /dev/MAKEDEV
        # cd /dev
        # sh MAKEDEV tpm
        # cd /usr/src/sys/arch/i386/conf/
        # config GENERIC
        # cd ../compile/GENERIC/
        # make depend && make && make install
        # reboot

 Note: The IRQ to be used with tpm(4) was chosen arbitrarily to be 7.
 If there are conflicts with other devices you can either chose another
 free IRQ, disable use of IRQs at all by not specifying a value in
 GENERIC or use config(8) to set the value to -1.

Index: etc/MAKEDEV.common
===================================================================
RCS file: /cvs/src/etc/MAKEDEV.common,v
retrieving revision 1.39
diff -u -p -r1.39 MAKEDEV.common
--- etc/MAKEDEV.common 14 Jul 2008 16:22:23 -0000 1.39
+++ etc/MAKEDEV.common 10 Mar 2010 19:02:22 -0000
-138,6 +138,7 target(all, pctr)dnl
 target(all, pctr0)dnl
 target(all, pf)dnl
 twrget(all, cry, crypto)dnl
+twrget(all, tpm)dnl
 target(all, apm)dnl
 target(all, acpi)dnl
 twrget(all, tth, ttyh, 0, 1)dnl
-498,6 +499,8 __devitem(oppr, openprom,PROM settings,o
 _cdev(oppr, openprom, 70, 0)dnl
 __devitem(cry, crypto, Hardware crypto access driver,crypto)dnl
 _mkdev(cry, crypto, {-M crypto c major_cry_c-} 0)dnl
+__devitem(tpm, tpm, Trusted platform module access driver,tpm)dnl
+_mkdev(tpm, tpm, {-M tpm c major_tpm_c-} 0)dnl
 __devitem(pf, pf*, Packet Filter)dnl
 _mkdev(pf, {-pf*-}, {-M pf c major_pf_c 0 600-})dnl
 __devitem(bpf, bpf*, Berkeley Packet Filter)dnl
Index: etc/etc.i386/MAKEDEV
===================================================================
RCS file: /cvs/src/etc/etc.i386/MAKEDEV,v
retrieving revision 1.194
diff -u -p -r1.194 MAKEDEV
--- etc/etc.i386/MAKEDEV 28 Jun 2008 21:48:29 -0000 1.194
+++ etc/etc.i386/MAKEDEV 10 Mar 2010 19:02:24 -0000
-97,6 +97,7
 # speaker PC speaker
 # ss* SCSI scanners
 # systrace* System call tracing device
+# tpm Trusted platform module access driver
 # tun* Network tunnel driver
 # tuner* Tuner devices
 # uk* Unknown SCSI devices
-272,6 +273,10 tuner*)
 
 tun*)
         M tun$U c 40 $U 600
+ ;;
+
+tpm)
+ M tpm c 55 0
         ;;
 
 systrace)
Index: etc/etc.i386/MAKEDEV.md
===================================================================
RCS file: /cvs/src/etc/etc.i386/MAKEDEV.md,v
retrieving revision 1.48
diff -u -p -r1.48 MAKEDEV.md
--- etc/etc.i386/MAKEDEV.md 28 Jun 2008 21:46:05 -0000 1.48
+++ etc/etc.i386/MAKEDEV.md 10 Mar 2010 19:02:24 -0000
-99,6 +99,7 _DEV(rnd, 45)
 _DEV(speak, 27)
 _DEV(ss, 19)
 _DEV(systrace, 78)
+_DEV(tpm, 55)
 _DEV(tun, 40)
 _DEV(tuner, 49)
 _DEV(uk, 20)
Index: share/man/man4/Makefile
===================================================================
RCS file: /cvs/src/share/man/man4/Makefile,v
retrieving revision 1.504
diff -u -p -r1.504 Makefile
--- share/man/man4/Makefile 1 Mar 2010 23:35:56 -0000 1.504
+++ share/man/man4/Makefile 10 Mar 2010 19:02:27 -0000
-51,8 +51,8 MAN= aac.4 ac97.4 acphy.4 \
         sm.4 softraid.4 spdmem.4 sdtemp.4 speaker.4 sppp.4 sqphy.4 \
         ss.4 st.4 ste.4 stge.4 sti.4 \
         stp.4 sv.4 systrace.4 tcic.4 tcp.4 termios.4 tht.4 ti.4 tl.4 \
- tlphy.4 thmc.4 tqphy.4 trm.4 trunk.4 tsl.4 tty.4 tun.4 twe.4 txp.4 \
- txphy.4 uaudio.4 uark.4 uath.4 uberry.4 ubsa.4 ubsec.4 ubt.4 \
+ tlphy.4 thmc.4 tpm.4 tqphy.4 trm.4 trunk.4 tsl.4 tty.4 tun.4 twe.4 \
+ txp.4 txphy.4 uaudio.4 uark.4 uath.4 uberry.4 ubsa.4 ubsec.4 ubt.4 \
         ucom.4 uchcom.4 ucycom.4 udav.4 udcf.4 udfu.4 udl.4 udp.4 udsbr.4 \
         ueagle.4 uftdi.4 ugen.4 uhci.4 uhid.4 uhidev.4 uhts.4 \
         uipaq.4 uk.4 ukbd.4 \
Index: share/man/man4/tpm.4
===================================================================
RCS file: share/man/man4/tpm.4
diff -N share/man/man4/tpm.4
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ share/man/man4/tpm.4 10 Mar 2010 19:02:34 -0000
-0,0 +1,69
+.\" $OpenBSD:$
+.\"
+.\" Copyright (c) 2010 Hans-J
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate:$
+.Dt TPM 4
+.Os
+.Sh NAME
+.Nm tpm
+.Nd Trusted Platform Module
+.Sh SYNOPSIS
+.Cd "tpm* at isa? iomem 0xfed40000"
+.Cd "tpm* at isa? iomem 0xfed40000 irq 7"
+.Sh DESCRIPTION
+The
+.Nm
+driver provides support for various trusted platfrom modules (TPM) that can
+store cryptographic keys.
+.Pp
+Supported modules:
+.Pp
+.Bl -bullet -compact -offset indent
+.It
+Atmel 97SC3203
+.It
+Broadcom BCM0102
+.It
+Infineon IFX SLD 9630 TT 1.1 and IFX SLB 9635 TT 1.2
+.It
+Intel INTC0102
+.It
+Sinosun SNS SSX35
+.It
+STM ST19WP18
+.It
+Winbond WEC WPCT200
+.El
+.Pp
+The driver can be configured to use an IRQ by providing a free ISA
+interrupt vector using the keyword
+.Em irq
+in the kernel configuration file or using
+.Xr config 8 .
+If not IRQ is specified, the driver uses polling.
+This is the default configuration.
+.Sh SEE ALSO
+.Xr intro 4 ,
+.Xr files.conf 5,
+.Xr config 8
+.Sh AUTHORS
+.An -nosplit
+The
+.Nm
+driver was written by
+.An Michael Shalayeff
+and
+.An Hans-Joerg Hoexer .
Index: sys/arch/i386/conf/GENERIC
===================================================================
RCS file: /cvs/src/sys/arch/i386/conf/GENERIC,v
retrieving revision 1.678
diff -u -p -r1.678 GENERIC
--- sys/arch/i386/conf/GENERIC 3 Jan 2010 18:37:24 -0000 1.678
+++ sys/arch/i386/conf/GENERIC 10 Mar 2010 19:02:51 -0000
-808,6 +808,13 radio* at fms?
 # Joystick driver. Probe is a little strange; add only if you have one.
 #joy0 at isa? port 0x201
 joy* at isapnp?
+
+# Trusted Platform Module
+tpm* at isa? iomem 0xfed40000 irq 7
+#tpm* at isa? port 0x02e
+#tpm* at isa? port 0x04e
+#tpm* at isa? port 0x07e
+#tpm* at isa? port 0x0ee
 
 # crypto support
 hifn* at pci? # Hi/fn 7751 crypto card
Index: sys/arch/i386/i386/conf.c
===================================================================
RCS file: /cvs/src/sys/arch/i386/i386/conf.c,v
retrieving revision 1.132
diff -u -p -r1.132 conf.c
--- sys/arch/i386/i386/conf.c 13 Aug 2009 15:04:20 -0000 1.132
+++ sys/arch/i386/i386/conf.c 10 Mar 2010 19:02:52 -0000
-174,6 +173,8 cdev_decl(cztty);
 #include "gpr.h"
 #include "nvram.h"
 cdev_decl(nvram);
+#include "tpm.h"
+cdev_decl(tpm);
 #include "agp.h"
 cdev_decl(agp);
 #include "drm.h"
-265,7 +266,7 struct cdevsw cdevsw[] =
         cdev_midi_init(NMIDI,midi), /* 52: MIDI I/O */
         cdev_midi_init(NSEQUENCER,sequencer), /* 53: sequencer I/O */
         cdev_disk_init(NRAID,raid), /* 54: RAIDframe disk driver */
- cdev_notdef(), /* 55: */
+ cdev_tpm_init(NTPM,tpm), /* 55: TCPA interface XXX */
         /* The following slots are reserved for isdn4bsd. */
         cdev_notdef(), /* 56: i4b main device */
         cdev_notdef(), /* 57: i4b control device */
Index: sys/arch/i386/pci/ichpcib.c
===================================================================
RCS file: /cvs/src/sys/arch/i386/pci/ichpcib.c,v
retrieving revision 1.23
diff -u -p -r1.23 ichpcib.c
--- sys/arch/i386/pci/ichpcib.c 4 Jan 2008 00:23:25 -0000 1.23
+++ sys/arch/i386/pci/ichpcib.c 10 Mar 2010 19:02:58 -0000
-20,8 +20,12
  * instead of pcib(4). In addition to the core pcib(4) functionality this
  * driver provides support for the Intel SpeedStep technology and
  * power management timer.
+ * On ICH2 and later also enable I/O port access for TIS 1.1 / legacy
+ * access to the TPM (tpm(4)).
  */
 
+#include "tpm.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/device.h>
-128,7 +132,9 ichpcib_attach(struct device *parent, st
         struct ichpcib_softc *sc = (struct ichpcib_softc *)self;
         struct pci_attach_args *pa = aux;
         pcireg_t cntl, pmbase;
-
+#if NTPM > 0
+ int lpc_ena, gen2_dec;
+#endif
         /* Check if power management I/O space is enabled */
         cntl = pci_conf_read(pa->pa_pc, pa->pa_tag, ICH_ACPI_CNTL);
         if ((cntl & ICH_ACPI_CNTL_ACPI_EN) == 0) {
-171,6 +177,57 ichpcib_attach(struct device *parent, st
 #endif /* !SMALL_KERNEL */
 
 corepcib:
+#if NTPM > 0
+ lpc_ena = gen2_dec = 0;
+ switch (PCI_PRODUCT(pa->pa_id)) {
+ case PCI_PRODUCT_INTEL_6300ESB_LPC:
+ case PCI_PRODUCT_INTEL_6321ESB_LPC:
+ case PCI_PRODUCT_INTEL_82801AA_LPC:
+ case PCI_PRODUCT_INTEL_82801AB_LPC:
+ /* ICH has none */
+ break;
+ case PCI_PRODUCT_INTEL_82801BA_LPC:
+ case PCI_PRODUCT_INTEL_82801BAM_LPC:
+ case PCI_PRODUCT_INTEL_82801CA_LPC:
+ case PCI_PRODUCT_INTEL_82801CAM_LPC:
+ case PCI_PRODUCT_INTEL_82801DB_LPC:
+ case PCI_PRODUCT_INTEL_82801DBM_LPC:
+ case PCI_PRODUCT_INTEL_82801E_LPC:
+ case PCI_PRODUCT_INTEL_82801EB_LPC:
+ /* ICH2-5 */
+ lpc_ena = ICH2_LPC_ENA;
+ gen2_dec = ICH2_GEN2_DEC;
+ break;
+ default:
+ /* ICH6 and later */
+ lpc_ena = ICH3_LPC_ENA;
+ gen2_dec = ICH3_GEN1_DEC;
+ break;
+ }
+
+ /* enable tpm */
+ if (lpc_ena && gen2_dec) {
+ extern int tpm_enabled;
+ pcireg_t r;
+
+ pci_conf_write(pa->pa_pc, pa->pa_tag, lpc_ena,
+ pci_conf_read(pa->pa_pc, pa->pa_tag, lpc_ena) |
+ ICH_LPC_EN_CNF2);
+
+ r = pci_conf_read(pa->pa_pc, pa->pa_tag, gen2_dec);
+ if ((r & ICH_GEN2_DEC_ENA) && (r & ICH_GEN2_DEC_MASK))
+ /* gen1 mask is different but smaller -- thus ok */
+ tpm_enabled = r & ICH_GEN2_DEC_MASK;
+ else {
+ /* magically map tpm(4) regs at 0x400 */
+ tpm_enabled = 0x400;
+ r = (r & ~ICH_GEN2_DEC_MASK) | tpm_enabled;
+ pci_conf_write(pa->pa_pc, pa->pa_tag, gen2_dec,
+ r | ICH_GEN2_DEC_ENA);
+ }
+ }
+#endif
+
         /* Provide core pcib(4) functionality */
         pcibattach(parent, self, aux);
 }
Index: sys/dev/isa/aps.c
===================================================================
RCS file: /cvs/src/sys/dev/isa/aps.c,v
retrieving revision 1.19
diff -u -p -r1.19 aps.c
--- sys/dev/isa/aps.c 24 May 2009 16:40:18 -0000 1.19
+++ sys/dev/isa/aps.c 10 Mar 2010 19:04:08 -0000
-45,6 +45,8
  * http://documentation.renesas.com/eng/products/mpumcu/rej09b0300_2140bhm.pdf
  *
  * EC uses LPC Channel 3 registers TWR0..15
+ * (except for low 4 registers that might be something else, as
+ * e.g. tpm(4))
  */
 
 /* STR3 status register */
Index: sys/dev/isa/files.isa
===================================================================
RCS file: /cvs/src/sys/dev/isa/files.isa,v
retrieving revision 1.105
diff -u -p -r1.105 files.isa
--- sys/dev/isa/files.isa 23 Jan 2009 20:32:22 -0000 1.105
+++ sys/dev/isa/files.isa 10 Mar 2010 19:04:09 -0000
-383,6 +383,11 device isagpio: gpiobus
 attach isagpio at isa
 file dev/isa/isagpio.c isagpio
 
+# Trusted Platform Module
+device tpm
+attach tpm at isa
+file dev/isa/tpm.c tpm needs-flag
+
 #
 # PCMCIA PCIC (i82365SL and compatibles):
 #
Index: sys/dev/isa/tpm.c
===================================================================
RCS file: sys/dev/isa/tpm.c
diff -N sys/dev/isa/tpm.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/dev/isa/tpm.c 10 Mar 2010 19:04:15 -0000
-0,0 +1,1537
+/*
+ * Copyright (c) 2008, 2009 Michael Shalayeff
+ * Copyright (c) 2009, 2010 Hans-J
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* #define TPM_DEBUG */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/kernel.h>
+#include <sys/malloc.h>
+#include <sys/proc.h>
+
+#ifdef __FreeBSD__
+#include <sys/module.h>
+#include <sys/conf.h>
+#include <sys/uio.h>
+#include <sys/bus.h>
+
+#include <machine/bus.h>
+#include <sys/rman.h>
+#include <machine/resource.h>
+
+#include <machine/md_var.h>
+
+#include <isa/isareg.h>
+#include <isa/isavar.h>
+#else
+#include <sys/device.h>
+
+#include <machine/cpu.h>
+#include <machine/bus.h>
+#include <machine/intr.h>
+#include <machine/conf.h>
+
+#include <dev/isa/isareg.h>
+#include <dev/isa/isavar.h>
+#endif
+
+#ifndef __FreeBSD__
+/* XXX horrible hack for tcsd (-lpthread) workaround on OpenBSD */
+#undef PCATCH
+#define PCATCH 0
+#endif
+
+#define TPM_BUFSIZ 1024
+
+#define TPM_HDRSIZE 10
+
+#define TPM_PARAM_SIZE 0x0001
+
+#ifdef __FreeBSD__
+#define IRQUNK -1
+#endif
+
+#define TPM_ACCESS 0x0000 /* acess register */
+#define TPM_ACCESS_ESTABLISHMENT 0x01 /* establishment */
+#define TPM_ACCESS_REQUEST_USE 0x02 /* request using locality */
+#define TPM_ACCESS_REQUEST_PENDING 0x04 /* pending request */
+#define TPM_ACCESS_SEIZE 0x08 /* request locality seize */
+#define TPM_ACCESS_SEIZED 0x10 /* locality has been seized */
+#define TPM_ACCESS_ACTIVE_LOCALITY 0x20 /* locality is active */
+#define TPM_ACCESS_VALID 0x80 /* bits are valid */
+#define TPM_ACCESS_BITS \
+ "\020\01EST\02REQ\03PEND\04SEIZE\05SEIZED\06ACT\010VALID"
+
+#define TPM_INTERRUPT_ENABLE 0x0008
+#define TPM_GLOBAL_INT_ENABLE 0x80000000 /* enable ints */
+#define TPM_CMD_READY_INT 0x00000080 /* cmd ready enable */
+#define TPM_INT_EDGE_FALLING 0x00000018
+#define TPM_INT_EDGE_RISING 0x00000010
+#define TPM_INT_LEVEL_LOW 0x00000008
+#define TPM_INT_LEVEL_HIGH 0x00000000
+#define TPM_LOCALITY_CHANGE_INT 0x00000004 /* locality change enable */
+#define TPM_STS_VALID_INT 0x00000002 /* int on TPM_STS_VALID is set */
+#define TPM_DATA_AVAIL_INT 0x00000001 /* int on TPM_STS_DATA_AVAIL is set */
+#define TPM_INTERRUPT_ENABLE_BITS \
+ "\020\040ENA\010RDY\03LOCH\02STSV\01DRDY"
+
+#define TPM_INT_VECTOR 0x000c /* 8 bit reg for 4 bit irq vector */
+#define TPM_INT_STATUS 0x0010 /* bits are & 0x87 from TPM_INTERRUPT_ENABLE */
+
+#define TPM_INTF_CAPABILITIES 0x0014 /* capability register */
+#define TPM_INTF_BURST_COUNT_STATIC 0x0100 /* TPM_STS_BMASK static */
+#define TPM_INTF_CMD_READY_INT 0x0080 /* int on ready supported */
+#define TPM_INTF_INT_EDGE_FALLING 0x0040 /* falling edge ints supported */
+#define TPM_INTF_INT_EDGE_RISING 0x0020 /* rising edge ints supported */
+#define TPM_INTF_INT_LEVEL_LOW 0x0010 /* level-low ints supported */
+#define TPM_INTF_INT_LEVEL_HIGH 0x0008 /* level-high ints supported */
+#define TPM_INTF_LOCALITY_CHANGE_INT 0x0004 /* locality-change int (mb 1) */
+#define TPM_INTF_STS_VALID_INT 0x0002 /* TPM_STS_VALID int supported */
+#define TPM_INTF_DATA_AVAIL_INT 0x0001 /* TPM_STS_DATA_AVAIL int supported (mb 1) */
+#define TPM_CAPSREQ \
+ (TPM_INTF_DATA_AVAIL_INT|TPM_INTF_LOCALITY_CHANGE_INT|TPM_INTF_INT_LEVEL_LOW)
+#define TPM_CAPBITS \
+ "\020\01IDRDY\02ISTSV\03ILOCH\04IHIGH\05ILOW\06IEDGE\07IFALL\010IRDY\011BCST"
+
+#define TPM_STS 0x0018 /* status register */
+#define TPM_STS_MASK 0x000000ff /* status bits */
+#define TPM_STS_BMASK 0x00ffff00 /* ro io burst size */
+#define TPM_STS_VALID 0x00000080 /* ro other bits are valid */
+#define TPM_STS_CMD_READY 0x00000040 /* rw chip/signal ready */
+#define TPM_STS_GO 0x00000020 /* wo start the command */
+#define TPM_STS_DATA_AVAIL 0x00000010 /* ro data available */
+#define TPM_STS_DATA_EXPECT 0x00000008 /* ro more data to be written */
+#define TPM_STS_RESP_RETRY 0x00000002 /* wo resend the response */
+#define TPM_STS_BITS "\020\010VALID\07RDY\06GO\05DRDY\04EXPECT\02RETRY"
+
+#define TPM_DATA 0x0024
+#define TPM_ID 0x0f00
+#define TPM_REV 0x0f04
+#define TPM_SIZE 0x5000 /* five pages of the above */
+
+#define TPM_ACCESS_TMO 2000 /* 2sec */
+#define TPM_READY_TMO 2000 /* 2sec */
+#define TPM_READ_TMO 120000 /* 2 minutes */
+#define TPM_BURST_TMO 2000 /* 2sec */
+
+#define TPM_LEGACY_BUSY 0x01
+#define TPM_LEGACY_ABRT 0x01
+#define TPM_LEGACY_DA 0x02
+#define TPM_LEGACY_RE 0x04
+#define TPM_LEGACY_LAST 0x04
+#define TPM_LEGACY_BITS "\020\01BUSY\2DA\3RE\4LAST"
+#define TPM_LEGACY_TMO (2*60) /* sec */
+#define TPM_LEGACY_SLEEP 5 /* ticks */
+#define TPM_LEGACY_DELAY 100
+
+/* Set when enabling legacy interface in host bridge. */
+int tpm_enabled;
+
+struct tpm_softc {
+#ifndef __FreeBSD__
+ struct device sc_dev;
+#endif
+ void *sc_ih;
+
+ int (*sc_init)(struct tpm_softc *, int, const char *);
+ int (*sc_start)(struct tpm_softc *, int);
+ int (*sc_read)(struct tpm_softc *, void *, int, size_t *, int);
+ int (*sc_write)(struct tpm_softc *, void *, int);
+ int (*sc_end)(struct tpm_softc *, int, int);
+
+ bus_space_tag_t sc_bt, sc_batm;
+ bus_space_handle_t sc_bh, sc_bahm;
+
+ u_int32_t sc_devid;
+ u_int32_t sc_rev;
+ u_int32_t sc_stat;
+ u_int32_t sc_capabilities;
+
+ int sc_flags;
+#define TPM_OPEN 0x0001
+
+ int sc_vector;
+#ifdef __FreeBSD__
+ void *intr_cookie;
+#endif
+
+#ifndef __FreeBSD__
+ void *sc_powerhook;
+#endif
+ int sc_suspend;
+};
+
+#ifdef __FreeBSD__
+#define TPMSOFTC(dev) \
+ ((struct tpm_softc *)devclass_get_softc(tpm_devclass, dev2unit(dev)))
+
+d_open_t tpmopen;
+d_close_t tpmclose;
+d_read_t tpmread;
+d_write_t tpmwrite;
+d_ioctl_t tpmioctl;
+
+static struct cdevsw tpm_cdevsw = {
+ .d_version = D_VERSION,
+ .d_flags = D_NEEDGIANT,
+ .d_open = tpmopen,
+ .d_close = tpmclose,
+ .d_read = tpmread,
+ .d_write = tpmwrite,
+ .d_ioctl = tpmioctl,
+ .d_name = "tpm",
+};
+#else
+#define TPMSOFTC(dev) \
+ (struct tpm_softc *)device_lookup(&tpm_cd, minor(dev))
+
+struct cfdriver tpm_cd = {
+ NULL, "tpm", DV_DULL
+};
+
+int tpm_match(struct device *, void *, void *);
+void tpm_attach(struct device *, struct device *, void *);
+
+struct cfattach tpm_ca = {
+ sizeof(struct tpm_softc), tpm_match, tpm_attach
+};
+#endif
+
+const struct {
+ u_int32_t devid;
+ char name[32];
+ int flags;
+#define TPM_DEV_NOINTS 0x0001
+} tpm_devs[] = {
+ { 0x000615d1, "IFX SLD 9630 TT 1.1", 0 },
+ { 0x000b15d1, "IFX SLB 9635 TT 1.2", 0 },
+ { 0x100214e4, "Broadcom BCM0102", TPM_DEV_NOINTS },
+ { 0x00fe1050, "WEC WPCT200", 0 },
+ { 0x687119fa, "SNS SSX35", 0 },
+ { 0x2e4d5453, "STM ST19WP18", 0 },
+ { 0x32021114, "ATML 97SC3203", TPM_DEV_NOINTS },
+ { 0x10408086, "INTEL INTC0102", 0 },
+ { 0, "", TPM_DEV_NOINTS },
+};
+
+int tpm_tis12_probe(bus_space_tag_t, bus_space_handle_t);
+int tpm_tis12_irqinit(struct tpm_softc *, int, int);
+int tpm_tis12_init(struct tpm_softc *, int, const char *);
+int tpm_tis12_start(struct tpm_softc *, int);
+int tpm_tis12_read(struct tpm_softc *, void *, int, size_t *, int);
+int tpm_tis12_write(struct tpm_softc *, void *, int);
+int tpm_tis12_end(struct tpm_softc *, int, int);
+
+#ifdef __FreeBSD__
+void tpm_intr(void *);
+int tpm_suspend(device_t);
+int tpm_resume(device_t);
+#else
+int tpm_intr(void *);
+void tpm_powerhook(int, void *);
+int tpm_suspend(struct tpm_softc *, int);
+int tpm_resume(struct tpm_softc *, int);
+#endif
+
+int tpm_waitfor_poll(struct tpm_softc *, u_int8_t, int, void *);
+int tpm_waitfor_int(struct tpm_softc *, u_int8_t, int, void *, int);
+int tpm_waitfor(struct tpm_softc *, u_int8_t, int, void *);
+int tpm_request_locality(struct tpm_softc *, int);
+int tpm_getburst(struct tpm_softc *);
+u_int8_t tpm_status(struct tpm_softc *);
+int tpm_tmotohz(int);
+
+int tpm_legacy_probe(bus_space_tag_t, bus_addr_t);
+int tpm_legacy_init(struct tpm_softc *, int, const char *);
+int tpm_legacy_start(struct tpm_softc *, int);
+int tpm_legacy_read(struct tpm_softc *, void *, int, size_t *, int);
+int tpm_legacy_write(struct tpm_softc *, void *, int);
+int tpm_legacy_end(struct tpm_softc *, int, int);
+
+#ifdef __FreeBSD__
+/*
+ * FreeBSD specific code for probing and attaching TPM to device tree.
+ */
+static void
+tpm_identify(driver_t *driver, device_t parent)
+{
+ BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
+}
+
+static int
+tpm_probe(device_t dev)
+{
+ struct tpm_softc *sc = device_get_softc(dev);
+ bus_space_tag_t iot;
+ bus_space_handle_t ioh;
+ struct resource *mem_res;
+ int rv, mem_rid;
+
+ bzero(sc, sizeof(struct tpm_softc));
+
+ mem_rid = 0;
+ mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid,
+ RF_ACTIVE);
+ if (mem_res == NULL)
+ return (ENXIO);
+ iot = rman_get_bustag(mem_res);
+ ioh = rman_get_bushandle(mem_res);
+
+ if ((rv = tpm_tis12_probe(iot, ioh)))
+ device_set_desc(dev, "Trusted Platform Module");
+
+ bus_release_resource(dev, SYS_RES_MEMORY, mem_rid, mem_res);
+ return rv ? 0 : ENXIO;
+}
+
+static int
+tpm_attach(device_t dev)
+{
+ struct tpm_softc *sc = device_get_softc(dev);
+ struct resource *mem_res;
+ int mem_rid;
+ int irq_rid, irq;
+ struct resource *irq_res;
+
+ mem_rid = 0;
+ mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid,
+ RF_ACTIVE);
+ if (mem_res == NULL)
+ return ENXIO;
+
+ sc->sc_bt = rman_get_bustag(mem_res);
+ sc->sc_bh = rman_get_bushandle(mem_res);
+
+ irq_rid = 0;
+ irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ, &irq_rid,
+ RF_ACTIVE | RF_SHAREABLE);
+ if (irq_res != NULL)
+ irq = rman_get_start(irq_res);
+ else
+ irq = IRQUNK;
+
+ if (tpm_legacy_probe(sc->sc_bt, sc->sc_bh)) {
+ sc->sc_init = tpm_legacy_init;
+ sc->sc_start = tpm_legacy_start;
+ sc->sc_read = tpm_legacy_read;
+ sc->sc_write = tpm_legacy_write;
+ sc->sc_end = tpm_legacy_end;
+ } else {
+ sc->sc_init = tpm_tis12_init;
+ sc->sc_start = tpm_tis12_start;
+ sc->sc_read = tpm_tis12_read;
+ sc->sc_write = tpm_tis12_write;
+ sc->sc_end = tpm_tis12_end;
+ }
+
+ printf("%s", device_get_name(dev));
+ if ((sc->sc_init)(sc, irq, "tpm")) {
+ bus_release_resource(dev, SYS_RES_MEMORY, mem_rid, mem_res);
+ bus_release_resource(dev, SYS_RES_IRQ, irq_rid, irq_res);
+ return ENXIO;
+ }
+
+ if (sc->sc_init == tpm_tis12_init && irq_res != NULL &&
+ bus_setup_intr(dev, irq_res, INTR_TYPE_TTY, NULL,
+ tpm_intr, sc, &sc->intr_cookie) != 0) {
+ bus_release_resource(dev, SYS_RES_MEMORY, mem_rid, mem_res);
+ bus_release_resource(dev, SYS_RES_IRQ, irq_rid, irq_res);
+ printf(": cannot establish interrupt\n");
+ return 1;
+ }
+
+ make_dev(&tpm_cdevsw, device_get_unit(dev), UID_ROOT, GID_WHEEL,
+ 0600, "tpm");
+
+ return 0;
+}
+
+static device_method_t tpm_methods[] = {
+ DEVMETHOD(device_identify, tpm_identify),
+ DEVMETHOD(device_probe, tpm_probe),
+ DEVMETHOD(device_attach, tpm_attach),
+ DEVMETHOD(device_suspend, tpm_suspend),
+ DEVMETHOD(device_resume, tpm_resume),
+ { 0, 0 }
+};
+
+static driver_t tpm_driver = {
+ "tpm", tpm_methods, sizeof(struct tpm_softc),
+};
+
+static devclass_t tpm_devclass;
+
+DRIVER_MODULE(tpm, isa, tpm_driver, tpm_devclass, 0, 0);
+#else
+/*
+ * OpenBSD specific code for probing and attaching TPM to device tree.
+ */
+int
+tpm_match(struct device *parent, void *match, void *aux)
+{
+ struct isa_attach_args *ia = aux;
+ struct cfdata *cf = match;
+ bus_space_tag_t bt = ia->ia_memt;
+ bus_space_handle_t bh;
+ int rv;
+
+ /* There can be only one. */
+ if (cf->cf_unit)
+ return 0;
+
+ if (tpm_legacy_probe(ia->ia_iot, ia->ia_iobase)) {
+ ia->ia_iosize = 2;
+ return 1;
+ }
+
+ if (ia->ia_maddr == -1)
+ return 0;
+
+ if (bus_space_map(bt, ia->ia_maddr, TPM_SIZE, 0, &bh))
+ return 0;
+
+ if ((rv = tpm_tis12_probe(bt, bh))) {
+ ia->ia_iosize = 0;
+ ia->ia_msize = TPM_SIZE;
+ }
+
+ bus_space_unmap(bt, bh, TPM_SIZE);
+ return rv;
+}
+
+void
+tpm_attach(struct device *parent, struct device *self, void *aux)
+{
+ struct tpm_softc *sc = (struct tpm_softc *)self;
+ struct isa_attach_args *ia = aux;
+ bus_addr_t iobase;
+ bus_size_t size;
+ int rv;
+
+ if (tpm_legacy_probe(ia->ia_iot, ia->ia_iobase)) {
+ sc->sc_bt = ia->ia_iot;
+ iobase = ia->ia_iobase;
+ size = ia->ia_iosize;
+ sc->sc_batm = ia->ia_iot;
+ sc->sc_init = tpm_legacy_init;
+ sc->sc_start = tpm_legacy_start;
+ sc->sc_read = tpm_legacy_read;
+ sc->sc_write = tpm_legacy_write;
+ sc->sc_end = tpm_legacy_end;
+ } else {
+ sc->sc_bt = ia->ia_memt;
+ iobase = ia->ia_maddr;
+ size = TPM_SIZE;
+ sc->sc_init = tpm_tis12_init;
+ sc->sc_start = tpm_tis12_start;
+ sc->sc_read = tpm_tis12_read;
+ sc->sc_write = tpm_tis12_write;
+ sc->sc_end = tpm_tis12_end;
+ }
+
+ if (bus_space_map(sc->sc_bt, iobase, size, 0, &sc->sc_bh)) {
+ printf(": cannot map registers\n");
+ return;
+ }
+
+ if ((rv = (sc->sc_init)(sc, ia->ia_irq, sc->sc_dev.dv_xname))) {
+ bus_space_unmap(sc->sc_bt, sc->sc_bh, size);
+ return;
+ }
+
+ /*
+ * Only setup interrupt handler when we have a vector and the
+ * chip is TIS 1.2 compliant.
+ */
+ if (sc->sc_init == tpm_tis12_init && ia->ia_irq != IRQUNK &&
+ (sc->sc_ih = isa_intr_establish(ia->ia_ic, ia->ia_irq, IST_EDGE,
+ IPL_TTY, tpm_intr, sc, sc->sc_dev.dv_xname)) == NULL) {
+ bus_space_unmap(sc->sc_bt, sc->sc_bh, TPM_SIZE);
+ printf("%s: cannot establish interrupt\n",
+ sc->sc_dev.dv_xname);
+ return;
+ }
+
+#ifdef __FreeBSD__
+ sc->sc_suspend = 0;
+#else
+ sc->sc_suspend = PWR_RESUME;
+ sc->sc_powerhook = powerhook_establish(tpm_powerhook, sc);
+#endif
+}
+#endif
+
+/* Probe TPM using TIS 1.2 interface. */
+int
+tpm_tis12_probe(bus_space_tag_t bt, bus_space_handle_t bh)
+{
+ u_int32_t r;
+ u_int8_t save, reg;
+
+ r = bus_space_read_4(bt, bh, TPM_INTF_CAPABILITIES);
+ if (r == 0xffffffff)
+ return 0;
+
+#ifdef TPM_DEBUG
+ printf("tpm: caps=%b\n", r, TPM_CAPBITS);
+#endif
+ if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
+ !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
+#ifdef TPM_DEBUG
+ printf("tpm: caps too low (caps=%b)\n", r, TPM_CAPBITS);
+#endif
+ return 0;
+ }
+
+ save = bus_space_read_1(bt, bh, TPM_ACCESS);
+ bus_space_write_1(bt, bh, TPM_ACCESS, TPM_ACCESS_REQUEST_USE);
+ reg = bus_space_read_1(bt, bh, TPM_ACCESS);
+ if ((reg & TPM_ACCESS_VALID) && (reg & TPM_ACCESS_ACTIVE_LOCALITY) &&
+ bus_space_read_4(bt, bh, TPM_ID) != 0xffffffff)
+ return 1;
+
+ bus_space_write_1(bt, bh, TPM_ACCESS, save);
+ return 0;
+}
+
+/*
+ * Setup interrupt vector if one is provided and interrupts are know to
+ * work on that particular chip.
+ */
+int
+tpm_tis12_irqinit(struct tpm_softc *sc, int irq, int idx)
+{
+ u_int32_t r;
+
+ if ((irq == IRQUNK) || (tpm_devs[idx].flags & TPM_DEV_NOINTS)) {
+ sc->sc_vector = IRQUNK;
+ return 0;
+ }
+
+ /* Ack and disable all interrupts. */
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
+ ~TPM_GLOBAL_INT_ENABLE);
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS));
+
+ /* Program interrupt vector. */
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_INT_VECTOR, irq);
+ sc->sc_vector = irq;
+
+ /* Program interrupt type. */
+ if (sc->sc_capabilities & TPM_INTF_INT_EDGE_RISING)
+ r = TPM_INT_EDGE_RISING;
+ else if (sc->sc_capabilities & TPM_INTF_INT_LEVEL_HIGH)
+ r = TPM_INT_LEVEL_HIGH;
+ else
+ r = TPM_INT_LEVEL_LOW;
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE, r);
+
+ return 0;
+}
+
+/* Setup TPM using TIS 1.2 interface. */
+int
+tpm_tis12_init(struct tpm_softc *sc, int irq, const char *name)
+{
+ u_int32_t r;
+ int i;
+
+ r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTF_CAPABILITIES);
+#ifdef TPM_DEBUG
+ printf(" caps=%b ", r, TPM_CAPBITS);
+#endif
+ if ((r & TPM_CAPSREQ) != TPM_CAPSREQ ||
+ !(r & (TPM_INTF_INT_EDGE_RISING | TPM_INTF_INT_LEVEL_LOW))) {
+ printf(": capabilities too low (caps=%b)\n", r, TPM_CAPBITS);
+ return 1;
+ }
+ sc->sc_capabilities = r;
+
+ sc->sc_devid = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_ID);
+ sc->sc_rev = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_REV);
+
+ for (i = 0; tpm_devs[i].devid; i++)
+ if (tpm_devs[i].devid == sc->sc_devid)
+ break;
+
+ if (tpm_devs[i].devid)
+ printf(": %s rev 0x%x\n", tpm_devs[i].name, sc->sc_rev);
+ else
+ printf(": device 0x%08x rev 0x%x\n", sc->sc_devid, sc->sc_rev);
+
+ if (tpm_tis12_irqinit(sc, irq, i))
+ return 1;
+
+ if (tpm_request_locality(sc, 0))
+ return 1;
+
+ /* Abort whatever it thought it was doing. */
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
+
+ return 0;
+}
+
+int
+tpm_request_locality(struct tpm_softc *sc, int l)
+{
+ u_int32_t r;
+ int to, rv;
+
+ if (l != 0)
+ return EINVAL;
+
+ if ((bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
+ (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) ==
+ (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY))
+ return 0;
+
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS,
+ TPM_ACCESS_REQUEST_USE);
+
+ to = tpm_tmotohz(TPM_ACCESS_TMO);
+
+ while ((r = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_ACCESS) &
+ (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
+ (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY) && to--) {
+ rv = tsleep(sc->sc_init, PRIBIO | PCATCH, "tpm_locality", 1);
+ if (rv && rv != EWOULDBLOCK) {
+#ifdef TPM_DEBUG
+ printf("tpm_request_locality: interrupted %d\n", rv);
+#endif
+ return rv;
+ }
+ }
+
+ if ((r & (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) !=
+ (TPM_ACCESS_VALID | TPM_ACCESS_ACTIVE_LOCALITY)) {
+#ifdef TPM_DEBUG
+ printf("tpm_request_locality: access %b\n", r, TPM_ACCESS_BITS);
+#endif
+ return EBUSY;
+ }
+
+ return 0;
+}
+
+int
+tpm_getburst(struct tpm_softc *sc)
+{
+ int burst, to, rv;
+
+ to = tpm_tmotohz(TPM_BURST_TMO);
+
+ burst = 0;
+ while (burst == 0 && to--) {
+ /*
+ * Burst count has to be read from bits 8 to 23 without
+ * touching any other bits, eg. the actual status bits 0
+ * to 7.
+ */
+ burst = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 1);
+ burst |= bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS + 2)
+ << 8;
+#ifdef TPM_DEBUG
+ printf("tpm_getburst: read %d\n", burst);
+#endif
+ if (burst)
+ return burst;
+
+ rv = tsleep(sc, PRIBIO | PCATCH, "tpm_getburst", 1);
+ if (rv && rv != EWOULDBLOCK) {
+ return 0;
+ }
+ }
+
+ return 0;
+}
+
+u_int8_t
+tpm_status(struct tpm_softc *sc)
+{
+ u_int8_t status;
+
+ status = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_STS) &
+ TPM_STS_MASK;
+
+ return status;
+}
+
+int
+tpm_tmotohz(int tmo)
+{
+ struct timeval tv;
+
+ tv.tv_sec = tmo / 1000;
+ tv.tv_usec = 1000 * (tmo % 1000);
+
+ return tvtohz(&tv);
+}
+
+/* Save TPM state on suspend. */
+int
+#ifdef __FreeBSD__
+tpm_suspend(device_t dev)
+#else
+tpm_suspend(struct tpm_softc *sc, int why)
+#endif
+{
+#ifdef __FreeBSD__
+ struct tpm_softc *sc = device_get_softc(dev);
+ int why = 1;
+#endif
+ u_int8_t command[] = {
+ 0, 193, /* TPM_TAG_RQU_COMMAND */
+ 0, 0, 0, 10, /* Length in bytes */
+ 0, 0, 0, 156 /* TPM_ORD_SaveStates */
+ };
+
+ /*
+ * Power down: We have to issue the SaveStates command.
+ */
+ sc->sc_write(sc, &command, sizeof(command));
+ sc->sc_read(sc, &command, sizeof(command), NULL, TPM_HDRSIZE);
+#ifdef TPM_DEBUG
+ printf("tpm_suspend: power down: %d -> %d\n", sc->sc_suspend, why);
+#endif
+ sc->sc_suspend = why;
+
+ return 0;
+}
+
+/*
+ * Handle resume event. Actually nothing to do as the BIOS is supposed
+ * to restore the previously saved state.
+ */
+int
+#ifdef __FreeBSD__
+tpm_resume(device_t dev)
+#else
+tpm_resume(struct tpm_softc *sc, int why)
+#endif
+{
+#ifdef __FreeBSD__
+ struct tpm_softc *sc = device_get_softc(dev);
+ int why = 0;
+#endif
+#ifdef TPM_DEBUG
+ printf("tpm_resume: resume: %d -> %d\n", sc->sc_suspend, why);
+#endif
+ sc->sc_suspend = why;
+
+ return 0;
+}
+
+/* Dispatch suspend and resume events. */
+#ifndef __FreeBSD__
+void
+tpm_powerhook(int why, void *self)
+{
+ struct tpm_softc *sc = (struct tpm_softc *)self;
+
+ if (why != PWR_RESUME)
+ tpm_suspend(sc, why);
+ else
+ tpm_resume(sc, why);
+}
+#endif /* !__FreeBSD__ */
+
+/* Wait for given status bits using polling. */
+int
+tpm_waitfor_poll(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c)
+{
+ int rv;
+
+ /*
+ * Poll until either the requested condition or a time out is
+ * met.
+ */
+ while (((sc->sc_stat = tpm_status(sc)) & mask) != mask && tmo--) {
+ rv = tsleep(c, PRIBIO | PCATCH, "tpm_poll", 1);
+ if (rv && rv != EWOULDBLOCK) {
+#ifdef TPM_DEBUG
+ printf("tpm_waitfor_poll: interrupted %d\n", rv);
+#endif
+ return rv;
+ }
+ }
+
+ return 0;
+}
+
+/* Wait for given status bits using interrupts. */
+int
+tpm_waitfor_int(struct tpm_softc *sc, u_int8_t mask, int tmo, void *c,
+ int inttype)
+{
+ int rv, to;
+
+ /* Poll and return when condition is already met. */
+ sc->sc_stat = tpm_status(sc);
+ if ((sc->sc_stat & mask) == mask)
+ return 0;
+
+ /*
+ * Enable interrupt on tpm chip. Note that interrupts on our
+ * level (SPL_TTY) are disabled (see tpm{read,write} et al) and
+ * will not be delivered to the cpu until we call tsleep(9) below.
+ */
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
+ inttype);
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) |
+ TPM_GLOBAL_INT_ENABLE);
+
+ /*
+ * Poll once more to remedy the race between previous polling
+ * and enabling interrupts on the tpm chip.
+ */
+ sc->sc_stat = tpm_status(sc);
+ if ((sc->sc_stat & mask) == mask) {
+ rv = 0;
+ goto out;
+ }
+
+ to = tpm_tmotohz(tmo);
+#ifdef TPM_DEBUG
+ printf("tpm_waitfor_int: sleeping for %d ticks on %p\n", to, c);
+#endif
+ /*
+ * tsleep(9) enables interrupts on the cpu and returns after
+ * wake up with interrupts disabled again. Note that interrupts
+ * generated by the tpm chip while being at SPL_TTY are not lost
+ * but held and delivered as soon as the cpu goes below SPL_TTY.
+ */
+ rv = tsleep(c, PRIBIO | PCATCH, "tpm_intr", to);
+
+ sc->sc_stat = tpm_status(sc);
+#ifdef TPM_DEBUG
+ printf("tpm_waitfor_int: woke up with rv %d stat %b\n", rv,
+ sc->sc_stat, TPM_STS_BITS);
+#endif
+ if ((sc->sc_stat & mask) == mask)
+ rv = 0;
+
+ /* Disable interrupts on tpm chip again. */
+out: bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
+ ~TPM_GLOBAL_INT_ENABLE);
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE,
+ bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INTERRUPT_ENABLE) &
+ ~inttype);
+
+ return rv;
+}
+
+/*
+ * Wait on given status bits, uses interrupts where possible, otherwise polls.
+ */
+int
+tpm_waitfor(struct tpm_softc *sc, u_int8_t b0, int tmo, void *c)
+{
+ u_int8_t b;
+ int re, to, rv;
+
+#ifdef TPM_DEBUG
+ printf("tpm_waitfor: b0 %b\n", b0, TPM_STS_BITS);
+#endif
+
+ /*
+ * If possible, use interrupts, otherwise poll.
+ *
+ * We use interrupts for TPM_STS_VALID and TPM_STS_DATA_AVAIL (if
+ * the tpm chips supports them) as waiting for those can take
+ * really long. The other TPM_STS* are not needed very often
+ * so we do not support them.
+ */
+ if (sc->sc_vector != IRQUNK) {
+ b = b0;
+
+ /*
+ * Wait for data ready. This interrupt only occures
+ * when both TPM_STS_VALID and TPM_STS_DATA_AVAIL are asserted.
+ * Thus we don't have to bother with TPM_STS_VALID
+ * separately and can just return.
+ *
+ * This only holds for interrupts! When using polling
+ * both flags have to be waited for, see below.
+ */
+ if ((b & TPM_STS_DATA_AVAIL) && (sc->sc_capabilities &
+ TPM_INTF_DATA_AVAIL_INT))
+ return tpm_waitfor_int(sc, b, tmo, c,
+ TPM_DATA_AVAIL_INT);
+
+ /* Wait for status valid bit. */
+ if ((b & TPM_STS_VALID) && (sc->sc_capabilities &
+ TPM_INTF_STS_VALID_INT)) {
+ rv = tpm_waitfor_int(sc, b, tmo, c, TPM_STS_VALID_INT);
+ if (rv != 0)
+ return rv;
+ else
+ b = b0 & ~TPM_STS_VALID;
+ }
+
+ /*
+ * When all flags are taken care of, return. Otherwise
+ * use polling for eg. TPM_STS_CMD_READY.
+ */
+ if (b == 0)
+ return 0;
+ }
+
+ re = 3;
+restart:
+ /*
+ * If requested wait for TPM_STS_VALID before dealing with
+ * any other flag. Eg. when both TPM_STS_DATA_AVAIL and TPM_STS_VALID
+ * are requested, wait for the latter first.
+ */
+ b = b0;
+ if (b0 & TPM_STS_VALID)
+ b = TPM_STS_VALID;
+
+ to = tpm_tmotohz(tmo);
+again:
+ if ((rv = tpm_waitfor_poll(sc, b, to, c)) != 0)
+ return rv;
+
+ if ((b & sc->sc_stat) == TPM_STS_VALID) {
+ /* Now wait for other flags. */
+ b = b0 & ~TPM_STS_VALID;
+ to++;
+ goto again;
+ }
+
+ if ((sc->sc_stat & b) != b) {
+#ifdef TPM_DEBUG
+ printf("tpm_waitfor: timeout: stat=%b b=%b\n",
+ sc->sc_stat, TPM_STS_BITS, b, TPM_STS_BITS);
+#endif
+ if (re-- && (b0 & TPM_STS_VALID)) {
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
+ TPM_STS_RESP_RETRY);
+ goto restart;
+ }
+ return EIO;
+ }
+
+ return 0;
+}
+
+/* Start transaction. */
+int
+tpm_tis12_start(struct tpm_softc *sc, int flag)
+{
+ int rv;
+
+ if (flag == UIO_READ) {
+ rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+ TPM_READ_TMO, sc->sc_read);
+ return rv;
+ }
+
+ /* Own our (0th) locality. */
+ if ((rv = tpm_request_locality(sc, 0)) != 0)
+ return rv;
+
+ sc->sc_stat = tpm_status(sc);
+ if (sc->sc_stat & TPM_STS_CMD_READY) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_start: UIO_WRITE status %b\n", sc->sc_stat,
+ TPM_STS_BITS);
+#endif
+ return 0;
+ }
+
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_start: UIO_WRITE readying chip\n");
+#endif
+
+ /* Abort previous and restart. */
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS, TPM_STS_CMD_READY);
+ if ((rv = tpm_waitfor(sc, TPM_STS_CMD_READY, TPM_READY_TMO,
+ sc->sc_write))) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_start: UIO_WRITE readying failed %d\n", rv);
+#endif
+ return rv;
+ }
+
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_start: UIO_WRITE readying done\n");
+#endif
+
+ return 0;
+}
+
+int
+tpm_tis12_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
+ int flags)
+{
+ u_int8_t *p = buf;
+ size_t cnt;
+ int rv, n, bcnt;
+
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_read: len %d\n", len);
+#endif
+ cnt = 0;
+ while (len > 0) {
+ if ((rv = tpm_waitfor(sc, TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+ TPM_READ_TMO, sc->sc_read)))
+ return rv;
+
+ bcnt = tpm_getburst(sc);
+ n = MIN(len, bcnt);
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_read: fetching %d, burst is %d\n", n, bcnt);
+#endif
+ for (; n--; len--) {
+ *p++ = bus_space_read_1(sc->sc_bt, sc->sc_bh, TPM_DATA);
+ cnt++;
+ }
+
+ if ((flags & TPM_PARAM_SIZE) == 0 && cnt >= 6)
+ break;
+ }
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_read: read %zd bytes, len %d\n", cnt, len);
+#endif
+
+ if (count)
+ *count = cnt;
+
+ return 0;
+}
+
+int
+tpm_tis12_write(struct tpm_softc *sc, void *buf, int len)
+{
+ u_int8_t *p = buf;
+ size_t cnt;
+ int rv, r;
+
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: sc %p buf %p len %d\n", sc, buf, len);
+#endif
+
+ if ((rv = tpm_request_locality(sc, 0)) != 0)
+ return rv;
+
+ cnt = 0;
+ while (cnt < len - 1) {
+ for (r = tpm_getburst(sc); r > 0 && cnt < len - 1; r--) {
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
+ cnt++;
+ }
+ if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: failed burst rv %d\n", rv);
+#endif
+ return rv;
+ }
+ sc->sc_stat = tpm_status(sc);
+ if (!(sc->sc_stat & TPM_STS_DATA_EXPECT)) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
+ sc->sc_stat, TPM_STS_BITS);
+#endif
+ return EIO;
+ }
+ }
+
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_DATA, *p++);
+ cnt++;
+
+ if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO, sc))) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: failed last byte rv %d\n", rv);
+#endif
+ return rv;
+ }
+ if ((sc->sc_stat & TPM_STS_DATA_EXPECT) != 0) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: failed rv %d stat=%b\n", rv,
+ sc->sc_stat, TPM_STS_BITS);
+#endif
+ return EIO;
+ }
+
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_write: wrote %d byte\n", cnt);
+#endif
+
+ return 0;
+}
+
+/* Finish transaction. */
+int
+tpm_tis12_end(struct tpm_softc *sc, int flag, int err)
+{
+ int rv = 0;
+
+ if (flag == UIO_READ) {
+ if ((rv = tpm_waitfor(sc, TPM_STS_VALID, TPM_READ_TMO,
+ sc->sc_read)))
+ return rv;
+
+ /* Still more data? */
+ sc->sc_stat = tpm_status(sc);
+ if (!err && ((sc->sc_stat & TPM_STS_DATA_AVAIL) == TPM_STS_DATA_AVAIL)) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_end: read failed stat=%b\n",
+ sc->sc_stat, TPM_STS_BITS);
+#endif
+ rv = EIO;
+ }
+
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
+ TPM_STS_CMD_READY);
+
+ /* Release our (0th) locality. */
+ bus_space_write_1(sc->sc_bt, sc->sc_bh,TPM_ACCESS,
+ TPM_ACCESS_ACTIVE_LOCALITY);
+ } else {
+ /* Hungry for more? */
+ sc->sc_stat = tpm_status(sc);
+ if (!err && (sc->sc_stat & TPM_STS_DATA_EXPECT)) {
+#ifdef TPM_DEBUG
+ printf("tpm_tis12_end: write failed stat=%b\n",
+ sc->sc_stat, TPM_STS_BITS);
+#endif
+ rv = EIO;
+ }
+
+ bus_space_write_1(sc->sc_bt, sc->sc_bh, TPM_STS,
+ err ? TPM_STS_CMD_READY : TPM_STS_GO);
+ }
+
+ return rv;
+}
+
+#ifdef __FreeBSD__
+void
+#else
+int
+#endif
+tpm_intr(void *v)
+{
+ struct tpm_softc *sc = v;
+ u_int32_t r;
+#ifdef TPM_DEBUG
+ static int cnt = 0;
+#endif
+
+ r = bus_space_read_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS);
+#ifdef TPM_DEBUG
+ if (r != 0)
+ printf("tpm_intr: int=%b (%d)\n", r, TPM_INTERRUPT_ENABLE_BITS,
+ cnt);
+ else
+ cnt++;
+#endif
+ if (!(r & (TPM_CMD_READY_INT | TPM_LOCALITY_CHANGE_INT |
+ TPM_STS_VALID_INT | TPM_DATA_AVAIL_INT)))
+#ifdef __FreeBSD__
+ return;
+#else
+ return 0;
+#endif
+ if (r & TPM_STS_VALID_INT)
+ wakeup(sc);
+
+ if (r & TPM_CMD_READY_INT)
+ wakeup(sc->sc_write);
+
+ if (r & TPM_DATA_AVAIL_INT)
+ wakeup(sc->sc_read);
+
+ if (r & TPM_LOCALITY_CHANGE_INT)
+ wakeup(sc->sc_init);
+
+ bus_space_write_4(sc->sc_bt, sc->sc_bh, TPM_INT_STATUS, r);
+
+#ifdef __FreeBSD__
+ return;
+#else
+ return 1;
+#endif
+}
+
+/* Read single byte using legacy interface. */
+static inline u_int8_t
+tpm_legacy_in(bus_space_tag_t iot, bus_space_handle_t ioh, int reg)
+{
+ bus_space_write_1(iot, ioh, 0, reg);
+ return bus_space_read_1(iot, ioh, 1);
+}
+
+/* Write single byte using legacy interface. */
+static inline void
+tpm_legacy_out(bus_space_tag_t iot, bus_space_handle_t ioh, int reg, u_int8_t v)
+{
+ bus_space_write_1(iot, ioh, 0, reg);
+ bus_space_write_1(iot, ioh, 1, v);
+}
+
+/* Probe for TPM using legacy interface. */
+int
+tpm_legacy_probe(bus_space_tag_t iot, bus_addr_t iobase)
+{
+ bus_space_handle_t ioh;
+ u_int8_t r, v;
+ int i, rv = 0;
+ char id[8];
+
+ if (!tpm_enabled || iobase == -1)
+ return 0;
+
+ if (bus_space_map(iot, iobase, 2, 0, &ioh))
+ return 0;
+
+ v = bus_space_read_1(iot, ioh, 0);
+ if (v == 0xff) {
+ bus_space_unmap(iot, ioh, 2);
+ return 0;
+ }
+ r = bus_space_read_1(iot, ioh, 1);
+
+ for (i = sizeof(id); i--; )
+ id[i] = tpm_legacy_in(iot, ioh, TPM_ID + i);
+
+#ifdef TPM_DEBUG
+ printf("tpm_legacy_probe %.4s %d.%d.%d.%d\n",
+ &id[4], id[0], id[1], id[2], id[3]);
+#endif
+ /*
+ * The only chips using the legacy interface we are aware of are
+ * by Atmel. For other chips more signature would have to be added.
+ */
+ if (!bcmp(&id[4], "ATML", 4))
+ rv = 1;
+
+ if (!rv) {
+ bus_space_write_1(iot, ioh, r, 1);
+ bus_space_write_1(iot, ioh, v, 0);
+ }
+ bus_space_unmap(iot, ioh, 2);
+
+ return rv;
+}
+
+/* Setup TPM using legacy interface. */
+int
+tpm_legacy_init(struct tpm_softc *sc, int irq, const char *name)
+{
+ char id[8];
+ u_int8_t ioh, iol;
+ int i;
+
+ if ((i = bus_space_map(sc->sc_batm, tpm_enabled, 2, 0, &sc->sc_bahm))) {
+ printf(": cannot map tpm registers (%d)\n", i);
+ tpm_enabled = 0;
+ return 1;
+ }
+
+ for (i = sizeof(id); i--; )
+ id[i] = tpm_legacy_in(sc->sc_bt, sc->sc_bh, TPM_ID + i);
+
+ printf(": %.4s %d.%d 0x%x\n", &id[4], id[0], id[1], tpm_enabled);
+ iol = tpm_enabled & 0xff;
+ ioh = tpm_enabled >> 16;
+ tpm_enabled = 0;
+
+ return 0;
+}
+
+/* Start transaction. */
+int
+tpm_legacy_start(struct tpm_softc *sc, int flag)
+{
+ struct timeval tv;
+ u_int8_t bits, r;
+ int to, rv;
+
+ bits = flag == UIO_READ ? TPM_LEGACY_DA : 0;
+ tv.tv_sec = TPM_LEGACY_TMO;
+ tv.tv_usec = 0;
+ to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
+ while (((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
+ (TPM_LEGACY_BUSY|bits)) != bits && to--) {
+ rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_start",
+ TPM_LEGACY_SLEEP);
+ if (rv && rv != EWOULDBLOCK)
+ return rv;
+ }
+
+#if defined(TPM_DEBUG) && !defined(__FreeBSD__)
+ printf("%s: bits %b\n", sc->sc_dev.dv_xname, r, TPM_LEGACY_BITS);
+#endif
+ if ((r & (TPM_LEGACY_BUSY|bits)) != bits)
+ return EIO;
+
+ return 0;
+}
+
+int
+tpm_legacy_read(struct tpm_softc *sc, void *buf, int len, size_t *count,
+ int flags)
+{
+ u_int8_t *p;
+ size_t cnt;
+ int to, rv;
+
+ cnt = rv = 0;
+ for (p = buf; !rv && len > 0; len--) {
+ for (to = 1000;
+ !(bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1) &
+ TPM_LEGACY_DA); DELAY(1))
+ if (!to--)
+ return EIO;
+
+ DELAY(TPM_LEGACY_DELAY);
+ *p++ = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 0);
+ cnt++;
+ }
+
+ *count = cnt;
+ return 0;
+}
+
+int
+tpm_legacy_write(struct tpm_softc *sc, void *buf, int len)
+{
+ u_int8_t *p;
+ int n;
+
+ for (p = buf, n = len; n--; DELAY(TPM_LEGACY_DELAY)) {
+ if (!n && len != TPM_BUFSIZ) {
+ bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1,
+ TPM_LEGACY_LAST);
+ DELAY(TPM_LEGACY_DELAY);
+ }
+ bus_space_write_1(sc->sc_batm, sc->sc_bahm, 0, *p++);
+ }
+
+ return 0;
+}
+
+/* Finish transaction. */
+int
+tpm_legacy_end(struct tpm_softc *sc, int flag, int rv)
+{
+ struct timeval tv;
+ u_int8_t r;
+ int to;
+
+ if (rv || flag == UIO_READ)
+ bus_space_write_1(sc->sc_batm, sc->sc_bahm, 1, TPM_LEGACY_ABRT);
+ else {
+ tv.tv_sec = TPM_LEGACY_TMO;
+ tv.tv_usec = 0;
+ to = tvtohz(&tv) / TPM_LEGACY_SLEEP;
+ while(((r = bus_space_read_1(sc->sc_batm, sc->sc_bahm, 1)) &
+ TPM_LEGACY_BUSY) && to--) {
+ rv = tsleep(sc, PRIBIO | PCATCH, "legacy_tpm_end",
+ TPM_LEGACY_SLEEP);
+ if (rv && rv != EWOULDBLOCK)
+ return rv;
+ }
+
+#if defined(TPM_DEBUG) && !defined(__FreeBSD__)
+ printf("%s: bits %b\n", sc->sc_dev.dv_xname, r, TPM_LEGACY_BITS);
+#endif
+ if (r & TPM_LEGACY_BUSY)
+ return EIO;
+
+ if (r & TPM_LEGACY_RE)
+ return EIO; /* XXX Retry the loop? */
+ }
+
+ return rv;
+}
+
+int
+#ifdef __FreeBSD__
+tpmopen(struct cdev *dev, int flag, int mode, struct thread *td)
+#else
+tpmopen(dev_t dev, int flag, int mode, struct proc *p)
+#endif
+{
+ struct tpm_softc *sc = TPMSOFTC(dev);
+
+ if (!sc)
+ return ENXIO;
+
+ if (sc->sc_flags & TPM_OPEN)
+ return EBUSY;
+
+ sc->sc_flags |= TPM_OPEN;
+
+ return 0;
+}
+
+int
+#ifdef __FreeBSD__
+tpmclose(struct cdev *dev, int flag, int mode, struct thread *td)
+#else
+tpmclose(dev_t dev, int flag, int mode, struct proc *p)
+#endif
+{
+ struct tpm_softc *sc = TPMSOFTC(dev);
+
+ if (!sc)
+ return ENXIO;
+
+ if (!(sc->sc_flags & TPM_OPEN))
+ return EINVAL;
+
+ sc->sc_flags &= ~TPM_OPEN;
+
+ return 0;
+}
+
+int
+#ifdef __FreeBSD__
+tpmread(struct cdev *dev, struct uio *uio, int flags)
+#else
+tpmread(dev_t dev, struct uio *uio, int flags)
+#endif
+{
+ struct tpm_softc *sc = TPMSOFTC(dev);
+ u_int8_t buf[TPM_BUFSIZ], *p;
+ size_t cnt;
+ int n, len, rv, s;
+
+ if (!sc)
+ return ENXIO;
+
+ s = spltty();
+ if ((rv = (sc->sc_start)(sc, UIO_READ))) {
+ splx(s);
+ return rv;
+ }
+
+#ifdef TPM_DEBUG
+ printf("tpmread: getting header\n");
+#endif
+ if ((rv = (sc->sc_read)(sc, buf, TPM_HDRSIZE, &cnt, 0))) {
+ (sc->sc_end)(sc, UIO_READ, rv);
+ splx(s);
+ return rv;
+ }
+
+ len = (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8) | buf[5];
+#ifdef TPM_DEBUG
+ printf("tpmread: len %d, io count %d\n", len, uio->uio_resid);
+#endif
+ if (len > uio->uio_resid) {
+ rv = EIO;
+ (sc->sc_end)(sc, UIO_READ, rv);
+#ifdef TPM_DEBUG
+ printf("tpmread: bad residual io count 0x%x\n", uio->uio_resid);
+#endif
+ splx(s);
+ return rv;
+ }
+
+ /* Copy out header. */
+ if ((rv = uiomove((caddr_t)buf, cnt, uio))) {
+ (sc->sc_end)(sc, UIO_READ, rv);
+ splx(s);
+ return rv;
+ }
+
+ /* Get remaining part of the answer (if anything is left). */
+ for (len -= cnt, p = buf, n = sizeof(buf); len > 0; p = buf, len -= n,
+ n = sizeof(buf)) {
+ n = MIN(n, len);
+#ifdef TPM_DEBUG
+ printf("tpmread: n %d len %d\n", n, len);
+#endif
+ if ((rv = (sc->sc_read)(sc, p, n, NULL, TPM_PARAM_SIZE))) {
+ (sc->sc_end)(sc, UIO_READ, rv);
+ splx(s);
+ return rv;
+ }
+ p += n;
+ if ((rv = uiomove((caddr_t)buf, p - buf, uio))) {
+ (sc->sc_end)(sc, UIO_READ, rv);
+ splx(s);
+ return rv;
+ }
+ }
+
+ rv = (sc->sc_end)(sc, UIO_READ, rv);
+ splx(s);
+ return rv;
+}
+
+int
+#ifdef __FreeBSD__
+tpmwrite(struct cdev *dev, struct uio *uio, int flags)
+#else
+tpmwrite(dev_t dev, struct uio *uio, int flags)
+#endif
+{
+ struct tpm_softc *sc = TPMSOFTC(dev);
+ u_int8_t buf[TPM_BUFSIZ];
+ int n, rv, s;
+
+ if (!sc)
+ return ENXIO;
+
+ s = spltty();
+
+#ifdef TPM_DEBUG
+ printf("tpmwrite: io count %d\n", uio->uio_resid);
+#endif
+
+ n = MIN(sizeof(buf), uio->uio_resid);
+ if ((rv = uiomove((caddr_t)buf, n, uio))) {
+ splx(s);
+ return rv;
+ }
+
+ if ((rv = (sc->sc_start)(sc, UIO_WRITE))) {
+ splx(s);
+ return rv;
+ }
+
+ if ((rv = (sc->sc_write(sc, buf, n)))) {
+ splx(s);
+ return rv;
+ }
+
+ rv = (sc->sc_end)(sc, UIO_WRITE, rv);
+ splx(s);
+ return rv;
+}
+
+int
+#ifdef __FreeBSD__
+tpmioctl(struct cdev *dev, u_long cmd, caddr_t data, int flags,
+ struct thread *td)
+#else
+tpmioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct proc *p)
+#endif
+{
+ return ENOTTY;
+}
Index: sys/dev/pci/ichreg.h
===================================================================
RCS file: /cvs/src/sys/dev/pci/ichreg.h,v
retrieving revision 1.7
diff -u -p -r1.7 ichreg.h
--- sys/dev/pci/ichreg.h 18 Dec 2005 12:09:04 -0000 1.7
+++ sys/dev/pci/ichreg.h 10 Mar 2010 19:05:29 -0000
-66,7 +65,8
 #define ICH_SMB_HS_SMBAL (1 << 5) /* SMBALERT# asserted */
 #define ICH_SMB_HS_INUSE (1 << 6) /* bus semaphore */
 #define ICH_SMB_HS_BDONE (1 << 7) /* byte received/transmitted */
-#define ICH_SMB_HS_BITS "\020\001BUSY\002INTR\003DEVERR\004BUSERR\005FAILED\006SMBAL\007INUSE\010BDONE"
+#define ICH_SMB_HS_BITS \
+"\020\001BUSY\002INTR\003DEVERR\004BUSERR\005FAILED\006SMBAL\007INUSE\010BDONE"
 #define ICH_SMB_HC 0x02 /* host control */
 #define ICH_SMB_HC_INTREN (1 << 0) /* enable interrupts */
 #define ICH_SMB_HC_KILL (1 << 1) /* kill current transaction */
-145,5 +145,33
 #define ICH_WDT_RELOAD 0x0c /* reload register */
 #define ICH_WDT_RELOAD_RLD (1 << 8) /* safe reload */
 #define ICH_WDT_RELOAD_TIMEOUT (1 << 9) /* timeout occured */
+
+/*
+ * LPC Enable registers
+ */
+#define ICH2_LPC_ENA 0xE4
+#define ICH3_LPC_ENA 0x80
+#define ICH_LPC_EN_CNF2 0x20000000 /* 0x4e/4f decode enable */
+#define ICH_LPC_EN_CNF1 0x10000000 /* 0x2e/2f decode enable */
+#define ICH_LPC_EN_MC 0x08000000 /* 0x62/56 decode enable */
+#define ICH_LPC_EN_KBC 0x04000000 /* 0x60/64 decode enable */
+#define ICH_LPC_EN_GAMEH 0x02000000 /* 0x208-f decode enable */
+#define ICH_LPC_EN_GAMEL 0x01000000 /* 0x200-7 decode enable */
+#define ICH_LPC_EN_ADLIB 0x00800000 /* 0x388-b decode enable */
+#define ICH_LPC_EN_MSS 0x00400000
+#define ICH_LPC_EN_MIDI 0x00200000
+#define ICH_LPC_EN_SB16 0x00100000
+#define ICH_LPC_EN_FDC 0x00080000
+#define ICH_LPC_EN_LPT 0x00040000
+#define ICH_LPC_EN_COMB 0x00020000
+#define ICH_LPC_EN_COMA 0x00010000
+#define ICH2_GEN1_DEC 0xE8
+#define ICH3_GEN1_DEC 0x84
+#define ICH_GEN1_DEC_ENA 0x00000001
+#define ICH_GEN1_DEC_MASK 0x0000ff80
+#define ICH2_GEN2_DEC 0xEC
+#define ICH3_GEN2_DEC 0x88
+#define ICH_GEN2_DEC_ENA 0x00000001
+#define ICH_GEN2_DEC_MASK 0x0000ffc0
 
 #endif /* !_DEV_PCI_ICHREG_H_ */
Index: sys/sys/conf.h
===================================================================
RCS file: /cvs/src/sys/sys/conf.h,v
retrieving revision 1.95
diff -u -p -r1.95 conf.h
--- sys/sys/conf.h 1 Nov 2009 20:14:12 -0000 1.95
+++ sys/sys/conf.h 10 Mar 2010 19:08:06 -0000
-526,6 +525,12 void randomattach(void);
         (dev_type_stop((*))) enodev, 0, (dev_type_poll((*))) enodev, \
         (dev_type_mmap((*))) enodev }
 
+/* open, close, read, write, ioctl */
+#define cdev_tpm_init(c,n) { \
+ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
+ dev_init(c,n,write), dev_init(c,n,ioctl), (dev_type_stop((*))) enodev, \
+ 0, (dev_type_poll((*))) enodev, (dev_type_mmap((*))) enodev }
+
 #endif
 
 /*
-683,6 +688,7 cdev_decl(urio);
 cdev_decl(hotplug);
 cdev_decl(gpio);
 cdev_decl(amdmsr);
+cdev_decl(tpm);
 
 #endif
 
Index: usr.sbin/acpidump/acpi.c
===================================================================
RCS file: /cvs/src/usr.sbin/acpidump/acpi.c,v
retrieving revision 1.7
diff -u -p -r1.7 acpi.c
--- usr.sbin/acpidump/acpi.c 7 Aug 2009 00:04:15 -0000 1.7
+++ usr.sbin/acpidump/acpi.c 10 Mar 2010 19:08:21 -0000
-51,6 +51,46 struct ACPIsdt dsdt_header = {
         "DSDT", 0, 1, 0, "OEMID", "OEMTBLID", 0x12345678, "CRTR", 0x12345678
 };
 
+/* Strings used in the TCPA table */
+static const char *tcpa_event_type_strings[] = {
+ "PREBOOT Certificate",
+ "POST Code",
+ "Unused",
+ "No Action",
+ "Separator",
+ "Action",
+ "Event Tag",
+ "S-CRTM Contents",
+ "S-CRTM Version",
+ "CPU Microcode",
+ "Platform Config Flags",
+ "Table of Devices",
+ "Compact Hash",
+ "IPL",
+ "IPL Partition Data",
+ "Non-Host Code",
+ "Non-Host Config",
+ "Non-Host Info"
+};
+
+static const char *TCPA_pcclient_strings[] = {
+ "<undefined>",
+ "SMBIOS",
+ "BIS Certificate",
+ "POST BIOS ROM Strings",
+ "ESCD",
+ "CMOS",
+ "NVRAM",
+ "Option ROM Execute",
+ "Option ROM Configurateion",
+ "<undefined>",
+ "Option ROM Microcode Update ",
+ "S-CRTM Version String",
+ "S-CRTM Contents",
+ "POST Contents",
+ "Table of Devices",
+};
+
 static void
 acpi_trim_string(char *s, size_t length)
 {
-126,6 +166,178 acpi_handle_facp(struct FACPbody *facp)
         aml_dump(dsdp);
 }
 
+static char *
+acpi_tcpa_evname(struct TCPAevent *event)
+{
+ struct TCPApc_event *pc_event;
+ char *eventname = NULL;
+
+ pc_event = (struct TCPApc_event *)(event + 1);
+
+ switch(event->event_type) {
+ case PREBOOT:
+ case POST_CODE:
+ case UNUSED:
+ case NO_ACTION:
+ case SEPARATOR:
+ case SCRTM_CONTENTS:
+ case SCRTM_VERSION:
+ case CPU_MICROCODE:
+ case PLATFORM_CONFIG_FLAGS:
+ case TABLE_OF_DEVICES:
+ case COMPACT_HASH:
+ case IPL:
+ case IPL_PARTITION_DATA:
+ case NONHOST_CODE:
+ case NONHOST_CONFIG:
+ case NONHOST_INFO:
+ asprintf(&eventname, "%s",
+ tcpa_event_type_strings[event->event_type]);
+ break;
+
+ case ACTION:
+ eventname = calloc(event->event_size + 1, sizeof(char));
+ memcpy(eventname, pc_event, event->event_size);
+ break;
+
+ case EVENT_TAG:
+ switch (pc_event->event_id) {
+ case SMBIOS:
+ case BIS_CERT:
+ case CMOS:
+ case NVRAM:
+ case OPTION_ROM_EXEC:
+ case OPTION_ROM_CONFIG:
+ case S_CRTM_VERSION:
+ case POST_BIOS_ROM:
+ case ESCD:
+ case OPTION_ROM_MICROCODE:
+ case S_CRTM_CONTENTS:
+ case POST_CONTENTS:
+ asprintf(&eventname, "%s",
+ TCPA_pcclient_strings[pc_event->event_id]);
+ break;
+
+ default:
+ asprintf(&eventname, "<unknown tag 0x%02x>",
+ pc_event->event_id);
+ break;
+ }
+ break;
+
+ default:
+ asprintf(&eventname, "<unknown 0x%02x>", event->event_type);
+ break;
+ }
+
+ return eventname;
+}
+
+static void
+acpi_print_tcpa(struct TCPAevent *event)
+{
+ int i;
+ char *eventname;
+
+ eventname = acpi_tcpa_evname(event);
+
+ printf("\t%d", event->pcr_index);
+ printf(" 0x");
+ for (i = 0; i < 20; i++)
+ printf("%02x", event->pcr_value[i]);
+ printf(" [%s]\n", eventname ? eventname : "<unknown>");
+
+ free(eventname);
+}
+
+static void
+acpi_handle_tcpa(struct ACPIsdt *sdp)
+{
+ struct TCPAbody *tcpa;
+ struct TCPAevent *event;
+ u_int64_t len, paddr;
+ unsigned char *vaddr = NULL;
+ unsigned char *vend = NULL;
+
+ printf(BEGIN_COMMENT);
+ tcpa = (struct TCPAbody *)sdp->body;
+
+ acpi_print_string(sdp->signature, 4);
+ printf(": Length=%d, Revision=%d, Checksum=%d,\n",
+ sdp->len, sdp->rev, sdp->check);
+ printf("\tOEMID=");
+ acpi_print_string(sdp->oemid, 6);
+ printf(", OEM Table ID=");
+ acpi_print_string(sdp->oemtblid, 8);
+ printf(", OEM Revision=0x%x,\n", sdp->oemrev);
+ printf("\tCreator ID=");
+ acpi_print_string(sdp->creator, 4);
+ printf(", Creator Revision=0x%x\n", sdp->crerev);
+
+ switch (tcpa->platform_class) {
+ case ACPI_TCPA_BIOS_CLIENT:
+ len = tcpa->client.log_max_len;
+ paddr = tcpa->client.log_start_addr;
+ break;
+
+ case ACPI_TCPA_BIOS_SERVER:
+ len = tcpa->server.log_max_len;
+ paddr = tcpa->server.log_start_addr;
+ break;
+
+ default:
+ printf(END_COMMENT);
+ return;
+ }
+ printf("\tClass %d Base Address 0x%jx Length %lld\n\n",
+ tcpa->platform_class, paddr, len);
+
+ if (len == 0) {
+ printf("\tEmpty TCPA table\n");
+ printf(END_COMMENT);
+ return;
+ }
+
+ vaddr = (unsigned char *)acpi_map_physical(paddr, len);
+ vend = vaddr + len;
+
+ while (vaddr != NULL) {
+ if (vaddr + sizeof(struct TCPAevent) >= vend)
+ break;
+ event = (struct TCPAevent *)vaddr;
+ if (vaddr + event->event_size >= vend)
+ break;
+ if (event->event_type == 0 && event->event_size == 0)
+ break;
+ if (event->event_type > 0x13) /* XXX hshoexer */
+ break;
+#if 0
+ {
+ unsigned int i, j, k;
+
+ printf("\n\t\t0x%08x ", vaddr);
+ for (j = 0, i = 0; i <
+ sizeof(struct TCPAevent) + event->event_size; i++) {
+ printf("%02x ", vaddr[i]);
+ if ((i+1) % 8 == 0) {
+ for (k = 0; k < 8; k++)
+ printf("%c", isprint(vaddr[j+k]) ?
+ vaddr[j+k] : '.');
+ printf("\n\t\t0x%08x ", &vaddr[i + 1]);
+ j = i + 1;
+ }
+ }
+ printf("\n"); }
+#endif
+
+ acpi_print_tcpa(event);
+
+ vaddr += sizeof(struct TCPAevent) + event->event_size;
+ }
+
+ printf(END_COMMENT);
+}
+
 static void
 init_namespace()
 {
-348,11 +560,17 acpi_handle_rsdt(struct ACPIsdt *rsdp)
         acpi_print_rsdt(rsdp);
         for (i = 0; i < entries; i++) {
                 sdp = (struct ACPIsdt *) acpi_map_sdt(rsdp->body[i]);
+#if 0 /* XXX hshoexer */
                 if (acpi_checksum(sdp, sdp->len))
                         errx(1, "RSDT entry %d is corrupt", i);
+#endif
                 aml_dump(sdp);
                 if (!memcmp(sdp->signature, "FACP", 4)) {
+#if 0 /* XXX hshoexer */
                         acpi_handle_facp((struct FACPbody *) sdp->body);
+#endif
+ } else if (!memcmp(sdp->signature, "TCPA", 4)) {
+ acpi_handle_tcpa(sdp);
                 } else {
                         acpi_print_sdt(sdp);
                 }
-440,4 +658,3 aml_region_read_into_buffer(struct aml_e
 {
         return (0);
 }
-
Index: usr.sbin/acpidump/acpidump.h
===================================================================
RCS file: /cvs/src/usr.sbin/acpidump/acpidump.h,v
retrieving revision 1.3
diff -u -p -r1.3 acpidump.h
--- usr.sbin/acpidump/acpidump.h 8 Oct 2007 08:20:49 -0000 1.3
+++ usr.sbin/acpidump/acpidump.h 10 Mar 2010 19:08:21 -0000
-160,6 +160,77 struct FACS {
         char reserved[40];
 } __packed;
 
+/* TCPA */
+struct TCPAbody {
+ uint16_t platform_class;
+#define ACPI_TCPA_BIOS_CLIENT 0x00
+#define ACPI_TCPA_BIOS_SERVER 0x01
+ union {
+ struct client_hdr {
+ uint32_t log_max_len __packed;
+ uint64_t log_start_addr __packed;
+ } client;
+ struct server_hdr {
+ uint16_t reserved;
+ uint64_t log_max_len __packed;
+ uint64_t log_start_addr __packed;
+ } server;
+ };
+} __packed;
+
+struct TCPAevent {
+ u_int32_t pcr_index;
+ u_int32_t event_type;
+ u_int8_t pcr_value[20];
+ u_int32_t event_size;
+ u_int8_t event_data[0];
+};
+
+struct TCPApc_event {
+ u_int32_t event_id;
+ u_int32_t event_size;
+ u_int8_t event_data[0];
+};
+
+enum TCPAevent_types {
+ PREBOOT = 0,
+ POST_CODE,
+ UNUSED,
+ NO_ACTION,
+ SEPARATOR,
+ ACTION,
+ EVENT_TAG,
+ SCRTM_CONTENTS,
+ SCRTM_VERSION,
+ CPU_MICROCODE,
+ PLATFORM_CONFIG_FLAGS,
+ TABLE_OF_DEVICES,
+ COMPACT_HASH,
+ IPL,
+ IPL_PARTITION_DATA,
+ NONHOST_CODE,
+ NONHOST_CONFIG,
+ NONHOST_INFO,
+ EVENT_TYPE_MAX,
+};
+
+enum TCPApcclient_ids {
+ SMBIOS = 1,
+ BIS_CERT,
+ POST_BIOS_ROM,
+ ESCD,
+ CMOS,
+ NVRAM,
+ OPTION_ROM_EXEC,
+ OPTION_ROM_CONFIG,
+ OPTION_ROM_MICROCODE = 10,
+ S_CRTM_VERSION,
+ S_CRTM_CONTENTS,
+ POST_CONTENTS,
+ HOST_TABLE_OF_DEVICES,
+ PCCLIENT_ID_MAX,
+};
+
 void *acpi_map_physical(vm_offset_t, size_t);
 struct ACPIrsdp *acpi_find_rsd_ptr(void);
 int acpi_checksum(void *, size_t)