mbox series

[0/5] Support TPM Reset GPIO

Message ID 20220407111849.5676-1-LinoSanfilippo@gmx.de
Headers show
Series Support TPM Reset GPIO | expand

Message

Lino Sanfilippo April 7, 2022, 11:18 a.m. UTC 
If the system starts up with the TPM chip still in reset the probe routine
of the tpm-tis driver fails with the following error message: 

"tpm_tis_spi: probe of spiX.Y failed with error -110"

The reason for this error is a missing response to the first command sent
to the chip (TPM_DID_VID) and a following timeout.

With the SLB9670 this issue can be triggered by setting up a pin 
configuration in device tree with the reset line setting to
BCM2835_PUD_DOWN (note that the reset signal for the SLB9670 is active
low).

This patchset adds support to set the chip out of reset from within the TPM
driver.


For this reason two new callbacks are introduced that can optionally be
implemented by a tpm tis driver:

        int (*unset_reset) (struct tpm_tis_data *data);
        int (*set_reset) (struct tpm_tis_data *data);


Function "unset_reset" is called directly before the first TPM command is
issued. Function "set_reset" is called at system shutdown directly after
the TPM2 shutdown command. 

Both callbacks are added to the set of tpm_tis_phy_ops functions. Patch 5
of this series provides the implementations for the SLB9670.

Patch 1:
  Extend struct tpm_tis_phy_ops by the optional callbacks "set_reset" and
  "unset_reset". If defined call "set_reset" before the first TPM command
  is sent and "unset_reset" at system shutdown after the TPM2 shutdown
  command.

Patch 2:
  Document the property "reset-gpios" as an optional property which can be
  used to specify the TPM chips reset gpio.

Patch 3:
  If available get the reset gpio and store it in the tpm_tis_data
  structure.

Patch 4:
  Declare functions tpm_tis_spi_flow_control, tpm_tis_spi_read_bytes and
  tpm_tis_spi_write_bytes as extern. This is in preparation of the next
  patch in which a custom probe function for the SLB9670 is implemented
  that is used to define its own set of tpm_tis_phy_ops.

Patch 5:
  Implement the "set_reset" and "unset_reset" callbacks for the SLB9670 and
  assign it in the probe function. The SLB9670 specific parts are moved
  into an own file to separate it from the generic code (for now I opted
  not to use a kernel config option for the SLB9670 code as it is used in
  case of the SPI CR50).

This series has been tested with a SLB9670.

Lino Sanfilippo (5):
  tpm: add functions to set and unset the tpm chips reset state
  dt-bindings: tpm: document reset gpio property
  tpm: tpm_tis: get optionally defined reset gpio
  tpm: tpm_tis: make functions available for external linkage
  tpm: tpm_tis_spi_slb_9670: implement set_reset and unset_reset
    functions

 .../bindings/security/tpm/tpm_tis_spi.txt     |  2 +
 drivers/char/tpm/Makefile                     |  1 +
 drivers/char/tpm/tpm-chip.c                   |  5 ++
 drivers/char/tpm/tpm_tis_core.c               | 23 ++++++
 drivers/char/tpm/tpm_tis_core.h               |  3 +
 drivers/char/tpm/tpm_tis_spi.h                |  9 ++
 drivers/char/tpm/tpm_tis_spi_main.c           | 16 ++--
 drivers/char/tpm/tpm_tis_spi_slb9670.c        | 82 +++++++++++++++++++
 8 files changed, 133 insertions(+), 8 deletions(-)
 create mode 100644 drivers/char/tpm/tpm_tis_spi_slb9670.c


base-commit: ed4643521e6af8ab8ed1e467630a85884d2696cf

Comments

Jason Gunthorpe April 7, 2022, 2:25 p.m. UTC | #1 
On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
> Currently it is not possible to set the tpm chips reset state from within
> the driver. This is problematic if the chip is still in reset after the
> system comes up. This may e.g. happen if the reset line is pulled into
> reset state by a pin configuration in the device tree.

This kind of system is badly misdesigned.

TPM PCRs fundementally cannot work if the TPM reset line is under
software control.

Jason
Lino Sanfilippo April 10, 2022, 9:03 a.m. UTC | #2 
Hi,

On 07.04.22 at 16:25, Jason Gunthorpe wrote:
> On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
>> Currently it is not possible to set the tpm chips reset state from within
>> the driver. This is problematic if the chip is still in reset after the
>> system comes up. This may e.g. happen if the reset line is pulled into
>> reset state by a pin configuration in the device tree.
>
> This kind of system is badly misdesigned.
>
> TPM PCRs fundementally cannot work if the TPM reset line is under
> software control.
>
> Jason
>


you may be right about the misdesign, but as a matter of fact
there are systems which have the TPMs reset line connected to a GPIO and not
the system reset. For those systems we should provide a way to let at least the
driver put the TPM out of reset (note that on those systems the TPM reset can
be triggered by software anyway by asserting/deasserting the GPIO line).


Regards,
Lino
Lukas Wunner April 10, 2022, 5:11 p.m. UTC | #3 
On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote:
> On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
> > Currently it is not possible to set the tpm chips reset state from within
> > the driver. This is problematic if the chip is still in reset after the
> > system comes up. This may e.g. happen if the reset line is pulled into
> > reset state by a pin configuration in the device tree.
> 
> This kind of system is badly misdesigned.
> 
> TPM PCRs fundementally cannot work if the TPM reset line is under
> software control.

Not every system which incorporates a TPM wants to use or is even capable
of measuring software state of any kind or perform secure boot.

Those systems may merely want to use the TPM to store key material.

Thanks,

Lukas
Lukas Wunner April 10, 2022, 5:18 p.m. UTC | #4 
On Thu, Apr 07, 2022 at 01:18:49PM +0200, Lino Sanfilippo wrote:
> --- /dev/null
> +++ b/drivers/char/tpm/tpm_tis_spi_slb9670.c
[...]
> +int slb9670_spi_unset_reset(struct tpm_tis_data *data)
[...]
> +int slb9670_spi_set_reset(struct tpm_tis_data *data)
[...]
> +static const struct tpm_tis_phy_ops slb9670_spi_phy_ops = {
> +	.read_bytes = tpm_tis_spi_read_bytes,
> +	.write_bytes = tpm_tis_spi_write_bytes,
> +	.read16 = tpm_tis_spi_read16,
> +	.read32 = tpm_tis_spi_read32,
> +	.write32 = tpm_tis_spi_write32,
> +	.set_reset = slb9670_spi_set_reset,
> +	.unset_reset = slb9670_spi_unset_reset,
> +};

0-day is complaining that slb9670_spi_set_reset() / slb9670_spi_unset_reset()
are not declared static:

https://lore.kernel.org/all/202204081357.8SfjQosI-lkp@intel.com/

Thanks,

Lukas
Lino Sanfilippo April 10, 2022, 7:44 p.m. UTC | #5 
On 10.04.22 at 19:18, Lukas Wunner wrote:
> On Thu, Apr 07, 2022 at 01:18:49PM +0200, Lino Sanfilippo wrote:
>> --- /dev/null
>> +++ b/drivers/char/tpm/tpm_tis_spi_slb9670.c
> [...]
>> +int slb9670_spi_unset_reset(struct tpm_tis_data *data)
> [...]
>> +int slb9670_spi_set_reset(struct tpm_tis_data *data)
> [...]
>> +static const struct tpm_tis_phy_ops slb9670_spi_phy_ops = {
>> +	.read_bytes = tpm_tis_spi_read_bytes,
>> +	.write_bytes = tpm_tis_spi_write_bytes,
>> +	.read16 = tpm_tis_spi_read16,
>> +	.read32 = tpm_tis_spi_read32,
>> +	.write32 = tpm_tis_spi_write32,
>> +	.set_reset = slb9670_spi_set_reset,
>> +	.unset_reset = slb9670_spi_unset_reset,
>> +};
>
> 0-day is complaining that slb9670_spi_set_reset() / slb9670_spi_unset_reset()
> are not declared static:
>
> https://lore.kernel.org/all/202204081357.8SfjQosI-lkp@intel.com/
>
> Thanks,
>
> Lukas
>

Right, I will fix this in the next version, thanks!

Regards,
Lino
Jason Gunthorpe April 11, 2022, 11:47 a.m. UTC | #6 
On Sun, Apr 10, 2022 at 07:11:23PM +0200, Lukas Wunner wrote:
> On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote:
> > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
> > > Currently it is not possible to set the tpm chips reset state from within
> > > the driver. This is problematic if the chip is still in reset after the
> > > system comes up. This may e.g. happen if the reset line is pulled into
> > > reset state by a pin configuration in the device tree.
> > 
> > This kind of system is badly misdesigned.
> > 
> > TPM PCRs fundementally cannot work if the TPM reset line is under
> > software control.
> 
> Not every system which incorporates a TPM wants to use or is even capable
> of measuring software state of any kind or perform secure boot.
> 
> Those systems may merely want to use the TPM to store key material.

Then maybe the TPM driver should make it clear somehow that the PCRs
don't work in these systems.

It is really dangerous to add capabilities like this that should
never, ever be used in sanely designed systems.

Jason
Jarkko Sakkinen April 14, 2022, 12:13 p.m. UTC | #7 
On Mon, Apr 11, 2022 at 08:47:41AM -0300, Jason Gunthorpe wrote:
> On Sun, Apr 10, 2022 at 07:11:23PM +0200, Lukas Wunner wrote:
> > On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote:
> > > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
> > > > Currently it is not possible to set the tpm chips reset state from within
> > > > the driver. This is problematic if the chip is still in reset after the
> > > > system comes up. This may e.g. happen if the reset line is pulled into
> > > > reset state by a pin configuration in the device tree.
> > > 
> > > This kind of system is badly misdesigned.
> > > 
> > > TPM PCRs fundementally cannot work if the TPM reset line is under
> > > software control.
> > 
> > Not every system which incorporates a TPM wants to use or is even capable
> > of measuring software state of any kind or perform secure boot.
> > 
> > Those systems may merely want to use the TPM to store key material.
> 
> Then maybe the TPM driver should make it clear somehow that the PCRs
> don't work in these systems.
> 
> It is really dangerous to add capabilities like this that should
> never, ever be used in sanely designed systems.
> 
> Jason

I agree. That niche should do the bad things with oot patches.

BR, Jarkko