From patchwork Sun Dec 17 10:13:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Lukas Wunner X-Patchwork-Id: 755185 Received: from mailout1.hostsharing.net (mailout1.hostsharing.net [83.223.95.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8892D2EB; Sun, 17 Dec 2023 10:36:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=wunner.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wunner.de Received: from h08.hostsharing.net (h08.hostsharing.net [83.223.95.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mailout1.hostsharing.net (Postfix) with ESMTPS id 10CE010192642; Sun, 17 Dec 2023 11:29:49 +0100 (CET) Received: from localhost (unknown [89.246.108.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by h08.hostsharing.net (Postfix) with ESMTPSA id D9C976073EFF; Sun, 17 Dec 2023 11:29:48 +0100 (CET) X-Mailbox-Line: From 953fd4c7519030db88e5b5e12ab6307414ebdd21 Mon Sep 17 00:00:00 2001 Message-Id: <953fd4c7519030db88e5b5e12ab6307414ebdd21.1702806810.git.lukas@wunner.de> In-Reply-To: References: From: Lukas Wunner Date: Sun, 17 Dec 2023 11:13:31 +0100 Subject: [PATCH v3 1/4] dt-bindings: tpm: Consolidate TCG TIS bindings Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To: Rob Herring , Krzysztof Kozlowski , Conor Dooley , Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe Cc: devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, Lino Sanfilippo , Nayna Jain , Thirupathaiah Annapureddy , Sasha Levin , Andrey Pronin , Alexander Steffen , Johannes Holland , Amir Mizinski , Benoit HOUYERE , Peter Delevoryas , Ninad Palsule , Guenter Roeck , Francesco Dolcini , Nishanth Menon A significant number of Trusted Platform Modules conform to the "TIS" specification published by the Trusted Computing Group ("TCG PC Client Specific TPM Interface Specification"). These chips typically use an SPI, I²C or LPC bus as transport (via MMIO in the latter case). Some of them even support multiple of those buses (selectable through a config strap) or the same chip is available in multiple SKUs, each with a different bus interface. The devicetree bindings for these TPMs have not been converted to DT schema yet and are spread out across 3 generic files and 2 chip-specific files. A few TPM compatible strings were added to trivial-devices.yaml even though additional properties are documented in the plaintext bindings. Consolidate the devicetree bindings into 3 yaml files, one per bus. Move common properties to a separate tpm-common.yaml. Document compatible strings which are supported by the TPM TIS driver but were neglected to be added to the devicetree bindings. Document the memory-region property recently introduced by commit 1e2714bb83fc ("tpm: Add reserved memory event log"). Signed-off-by: Lukas Wunner Reviewed-by: Ninad Palsule --- Changes v2 -> v3: * Drop clock-frequency property from tcg,tpm-tis-i2c.yaml. It doesn't exist at the peripheral level, only at the controller level. Document maximum clock frequency for infineon,slb9635tt and infineon,slb9645tt in textual form (as was previously done in trivial-devices.yaml). * Document reset-gpios property as used by: arch/arm64/boot/dts/freescale/imx8mp-beacon-kit.dts .../bindings/security/tpm/st33zp24-i2c.txt | 34 ------- .../bindings/security/tpm/st33zp24-spi.txt | 32 ------- .../bindings/security/tpm/tpm-i2c.txt | 26 ------ .../bindings/security/tpm/tpm_tis_mmio.txt | 25 ------ .../bindings/security/tpm/tpm_tis_spi.txt | 23 ----- .../bindings/tpm/tcg,tpm-tis-i2c.yaml | 90 +++++++++++++++++++ .../bindings/tpm/tcg,tpm-tis-mmio.yaml | 49 ++++++++++ .../bindings/tpm/tcg,tpm_tis-spi.yaml | 75 ++++++++++++++++ .../devicetree/bindings/tpm/tpm-common.yaml | 87 ++++++++++++++++++ .../devicetree/bindings/trivial-devices.yaml | 16 ---- 10 files changed, 301 insertions(+), 156 deletions(-) delete mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt delete mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml create mode 100644 Documentation/devicetree/bindings/tpm/tpm-common.yaml diff --git a/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt b/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt deleted file mode 100644 index 0dc121b6eace..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt +++ /dev/null @@ -1,34 +0,0 @@ -* STMicroelectronics SAS. ST33ZP24 TPM SoC - -Required properties: -- compatible: Should be "st,st33zp24-i2c". -- clock-frequency: I²C work frequency. -- reg: address on the bus - -Optional ST33ZP24 Properties: -- interrupts: GPIO interrupt to which the chip is connected -- lpcpd-gpios: Output GPIO pin used for ST33ZP24 power management D1/D2 state. -If set, power must be present when the platform is going into sleep/hibernate mode. - -Optional SoC Specific Properties: -- pinctrl-names: Contains only one value - "default". -- pintctrl-0: Specifies the pin control groups used for this controller. - -Example (for ARM-based BeagleBoard xM with ST33ZP24 on I2C2): - -&i2c2 { - - - st33zp24: st33zp24@13 { - - compatible = "st,st33zp24-i2c"; - - reg = <0x13>; - clock-frequency = <400000>; - - interrupt-parent = <&gpio5>; - interrupts = <7 IRQ_TYPE_LEVEL_HIGH>; - - lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>; - }; -}; diff --git a/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt b/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt deleted file mode 100644 index 37198971f17b..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt +++ /dev/null @@ -1,32 +0,0 @@ -* STMicroelectronics SAS. ST33ZP24 TPM SoC - -Required properties: -- compatible: Should be "st,st33zp24-spi". -- spi-max-frequency: Maximum SPI frequency (<= 10000000). - -Optional ST33ZP24 Properties: -- interrupts: GPIO interrupt to which the chip is connected -- lpcpd-gpios: Output GPIO pin used for ST33ZP24 power management D1/D2 state. -If set, power must be present when the platform is going into sleep/hibernate mode. - -Optional SoC Specific Properties: -- pinctrl-names: Contains only one value - "default". -- pintctrl-0: Specifies the pin control groups used for this controller. - -Example (for ARM-based BeagleBoard xM with ST33ZP24 on SPI4): - -&mcspi4 { - - - st33zp24@0 { - - compatible = "st,st33zp24-spi"; - - spi-max-frequency = <10000000>; - - interrupt-parent = <&gpio5>; - interrupts = <7 IRQ_TYPE_LEVEL_HIGH>; - - lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>; - }; -}; diff --git a/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt b/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt deleted file mode 100644 index a65d7b71e81a..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt +++ /dev/null @@ -1,26 +0,0 @@ -* Device Tree Bindings for I2C based Trusted Platform Module(TPM) - -Required properties: - -- compatible : 'manufacturer,model', eg. nuvoton,npct650 -- label : human readable string describing the device, eg. "tpm" -- linux,sml-base : 64-bit base address of the reserved memory allocated for - the firmware event log -- linux,sml-size : size of the memory allocated for the firmware event log - -Optional properties: - -- powered-while-suspended: present when the TPM is left powered on between - suspend and resume (makes the suspend/resume - callbacks do nothing). - -Example (for OpenPower Systems with Nuvoton TPM 2.0 on I2C) ----------------------------------------------------------- - -tpm@57 { - reg = <0x57>; - label = "tpm"; - compatible = "nuvoton,npct650", "nuvoton,npct601"; - linux,sml-base = <0x7f 0xfd450000>; - linux,sml-size = <0x10000>; -}; diff --git a/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt b/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt deleted file mode 100644 index 7c6304426da1..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt +++ /dev/null @@ -1,25 +0,0 @@ -Trusted Computing Group MMIO Trusted Platform Module - -The TCG defines multi vendor standard for accessing a TPM chip, this -is the standard protocol defined to access the TPM via MMIO. Typically -this interface will be implemented over Intel's LPC bus. - -Refer to the 'TCG PC Client Specific TPM Interface Specification (TIS)' TCG -publication for the specification. - -Required properties: - -- compatible: should contain a string below for the chip, followed by - "tcg,tpm-tis-mmio". Valid chip strings are: - * "atmel,at97sc3204" -- reg: The location of the MMIO registers, should be at least 0x5000 bytes -- interrupts: An optional interrupt indicating command completion. - -Example: - - tpm_tis@90000 { - compatible = "atmel,at97sc3204", "tcg,tpm-tis-mmio"; - reg = <0x90000 0x5000>; - interrupt-parent = <&EIC0>; - interrupts = <1 2>; - }; diff --git a/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt b/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt deleted file mode 100644 index b800667da92b..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt +++ /dev/null @@ -1,23 +0,0 @@ -Required properties: -- compatible: should be one of the following - "st,st33htpm-spi" - "infineon,slb9670" - "tcg,tpm_tis-spi" -- spi-max-frequency: Maximum SPI frequency (depends on TPMs). - -Optional SoC Specific Properties: -- pinctrl-names: Contains only one value - "default". -- pintctrl-0: Specifies the pin control groups used for this controller. - -Example (for ARM-based BeagleBoard xM with TPM_TIS on SPI4): - -&mcspi4 { - - - tpm_tis@0 { - - compatible = "tcg,tpm_tis-spi"; - - spi-max-frequency = <10000000>; - }; -}; diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml new file mode 100644 index 000000000000..3ab4434b7352 --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml @@ -0,0 +1,90 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/tcg,tpm-tis-i2c.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: I²C-attached Trusted Platform Module conforming to TCG TIS specification + +maintainers: + - Lukas Wunner + +description: | + The Trusted Computing Group (TCG) has defined a multi-vendor standard + for accessing a TPM chip. It can be transported over various buses, + one of them being I²C. The standard is named: + TCG PC Client Specific TPM Interface Specification (TIS) + https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/ + + The I²C interface was not originally part of the standard, but added + in 2017 with a separate document: + TCG PC Client Platform TPM Profile Specification for TPM 2.0 (PTP) + https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/ + + Recent TPM 2.0 chips conform to this generic interface, others use a + vendor-specific I²C interface. + +properties: + compatible: + oneOf: + - description: Generic TPM 2.0 chips conforming to TCG PTP interface + items: + - enum: + - infineon,slb9673 + - nuvoton,npct75x + - const: tcg,tpm-tis-i2c + + - description: TPM 1.2 and 2.0 chips with vendor-specific I²C interface + items: + - enum: + - atmel,at97sc3204t # TPM 1.2 + - infineon,slb9635tt # TPM 1.2 (maximum 100 kHz) + - infineon,slb9645tt # TPM 1.2 (maximum 400 kHz) + - infineon,tpm_i2c_infineon # TPM 1.2 + - nuvoton,npct501 # TPM 1.2 + - nuvoton,npct601 # TPM 2.0 + - st,st33zp24-i2c # TPM 2.0 + - winbond,wpct301 # TPM 1.2 + + reg: + description: address of TPM on the I²C bus + +allOf: + - $ref: tpm-common.yaml# + +required: + - compatible + - reg + +unevaluatedProperties: false + +examples: + - | + i2c { + #address-cells = <1>; + #size-cells = <0>; + + tpm@57 { + label = "tpm"; + compatible = "nuvoton,npct601"; + reg = <0x57>; + linux,sml-base = <0x7f 0xfd450000>; + linux,sml-size = <0x10000>; + }; + }; + + - | + #include + #include + i2c { + #address-cells = <1>; + #size-cells = <0>; + + tpm@13 { + reg = <0x13>; + compatible = "st,st33zp24-i2c"; + interrupt-parent = <&gpio5>; + interrupts = <7 IRQ_TYPE_LEVEL_HIGH>; + lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>; + }; + }; diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml new file mode 100644 index 000000000000..87bce0692129 --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/tcg,tpm-tis-mmio.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: MMIO-accessed Trusted Platform Module conforming to TCG TIS specification + +maintainers: + - Lukas Wunner + +description: | + The Trusted Computing Group (TCG) has defined a multi-vendor standard + for accessing a TPM chip. It can be transported over various buses, + one of them being LPC (via MMIO). The standard is named: + TCG PC Client Specific TPM Interface Specification (TIS) + https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/ + +properties: + compatible: + items: + - enum: + - at97sc3201 + - atmel,at97sc3204 + - socionext,synquacer-tpm-mmio + - const: tcg,tpm-tis-mmio + + reg: + description: + location and length of the MMIO registers, length should be + at least 0x5000 bytes + +allOf: + - $ref: tpm-common.yaml# + +required: + - compatible + - reg + +unevaluatedProperties: false + +examples: + - | + tpm@90000 { + compatible = "atmel,at97sc3204", "tcg,tpm-tis-mmio"; + reg = <0x90000 0x5000>; + interrupt-parent = <&EIC0>; + interrupts = <1 2>; + }; diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml new file mode 100644 index 000000000000..c3413b47ac3d --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/tcg,tpm_tis-spi.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: SPI-attached Trusted Platform Module conforming to TCG TIS specification + +maintainers: + - Lukas Wunner + +description: | + The Trusted Computing Group (TCG) has defined a multi-vendor standard + for accessing a TPM chip. It can be transported over various buses, + one of them being SPI. The standard is named: + TCG PC Client Specific TPM Interface Specification (TIS) + https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/ + +properties: + compatible: + items: + - enum: + - infineon,slb9670 + - st,st33htpm-spi + - st,st33zp24-spi + - const: tcg,tpm_tis-spi + +allOf: + - $ref: tpm-common.yaml# + - $ref: /schemas/spi/spi-peripheral-props.yaml# + - if: + properties: + compatible: + contains: + const: st,st33zp24-spi + then: + properties: + spi-max-frequency: + maximum: 10000000 + +required: + - compatible + - reg + +unevaluatedProperties: false + +examples: + - | + spi { + #address-cells = <1>; + #size-cells = <0>; + + tpm@0 { + reg = <0>; + compatible = "infineon,slb9670", "tcg,tpm_tis-spi"; + spi-max-frequency = <10000000>; + }; + }; + + - | + #include + #include + spi { + #address-cells = <1>; + #size-cells = <0>; + + tpm@0 { + reg = <0>; + compatible = "st,st33zp24-spi", "tcg,tpm_tis-spi"; + spi-max-frequency = <10000000>; + interrupt-parent = <&gpio5>; + interrupts = <7 IRQ_TYPE_LEVEL_HIGH>; + lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>; + }; + }; diff --git a/Documentation/devicetree/bindings/tpm/tpm-common.yaml b/Documentation/devicetree/bindings/tpm/tpm-common.yaml new file mode 100644 index 000000000000..90390624a8be --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/tpm-common.yaml @@ -0,0 +1,87 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/tpm-common.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: Trusted Platform Module common properties + +maintainers: + - Lukas Wunner + +properties: + $nodename: + pattern: '^tpm(@[0-9a-f]+)?$' + + interrupts: + description: indicates command completion + maxItems: 1 + + label: + description: human readable string describing the device, e.g. "tpm" + + linux,sml-base: + description: + base address of reserved memory allocated for firmware event log + $ref: /schemas/types.yaml#/definitions/uint64 + + linux,sml-size: + description: + size of reserved memory allocated for firmware event log + $ref: /schemas/types.yaml#/definitions/uint32 + + memory-region: + description: reserved memory allocated for firmware event log + maxItems: 1 + + powered-while-suspended: + description: + present when the TPM is left powered on between suspend and resume + (makes the suspend/resume callbacks do nothing) + type: boolean + + resets: + description: Reset controller to reset the TPM + $ref: /schemas/types.yaml#/definitions/phandle + + reset-gpios: + description: Output GPIO pin to reset the TPM + maxItems: 1 + +# must always have both linux,sml-base and linux,sml-size +dependentRequired: + linux,sml-base: ['linux,sml-size'] + linux,sml-size: ['linux,sml-base'] + +# must only have either memory-region or linux,sml-base +# as well as either resets or reset-gpios +dependentSchemas: + memory-region: + properties: + linux,sml-base: false + linux,sml-base: + properties: + memory-region: false + resets: + properties: + reset-gpios: false + reset-gpios: + properties: + resets: false + +allOf: + - if: + properties: + compatible: + contains: + pattern: '^st,st33zp24' + then: + properties: + lpcpd-gpios: + description: + Output GPIO pin used for ST33ZP24 power management of D1/D2 state. + If set, power must be present when the platform is going into + sleep/hibernate mode. + maxItems: 1 + +additionalProperties: true diff --git a/Documentation/devicetree/bindings/trivial-devices.yaml b/Documentation/devicetree/bindings/trivial-devices.yaml index c3190f2a168a..29aed5ddba6b 100644 --- a/Documentation/devicetree/bindings/trivial-devices.yaml +++ b/Documentation/devicetree/bindings/trivial-devices.yaml @@ -49,8 +49,6 @@ properties: - ams,iaq-core # i2c serial eeprom (24cxx) - at,24c08 - # i2c trusted platform module (TPM) - - atmel,at97sc3204t # ATSHA204 - i2c h/w symmetric crypto module - atmel,atsha204 # ATSHA204A - i2c h/w symmetric crypto module @@ -145,12 +143,6 @@ properties: - infineon,ir38263 # Infineon IRPS5401 Voltage Regulator (PMIC) - infineon,irps5401 - # Infineon SLB9635 (Soft-) I2C TPM (old protocol, max 100khz) - - infineon,slb9635tt - # Infineon SLB9645 I2C TPM (new protocol, max 400khz) - - infineon,slb9645tt - # Infineon SLB9673 I2C TPM 2.0 - - infineon,slb9673 # Infineon TLV493D-A1B6 I2C 3D Magnetic Sensor - infineon,tlv493d-a1b6 # Infineon Multi-phase Digital VR Controller xdpe11280 @@ -301,10 +293,6 @@ properties: - national,lm85 # I2C ±0.33°C Accurate, 12-Bit + Sign Temperature Sensor and Thermal Window Comparator - national,lm92 - # i2c trusted platform module (TPM) - - nuvoton,npct501 - # i2c trusted platform module (TPM2) - - nuvoton,npct601 # Nuvoton Temperature Sensor - nuvoton,w83773g # OKI ML86V7667 video decoder @@ -349,8 +337,6 @@ properties: - silabs,si7020 # Skyworks SKY81452: Six-Channel White LED Driver with Touch Panel Bias Supply - skyworks,sky81452 - # Socionext SynQuacer TPM MMIO module - - socionext,synquacer-tpm-mmio # SparkFun Qwiic Joystick (COM-15168) with i2c interface - sparkfun,qwiic-joystick # i2c serial eeprom (24cxx) @@ -405,8 +391,6 @@ properties: - winbond,w83793 # Vicor Corporation Digital Supervisor - vicor,pli1209bc - # i2c trusted platform module (TPM) - - winbond,wpct301 required: - compatible From patchwork Sun Dec 17 10:13:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Lukas Wunner X-Patchwork-Id: 755693 Received: from mailout3.hostsharing.net (mailout3.hostsharing.net [176.9.242.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E132C6FA5; Sun, 17 Dec 2023 10:48:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=wunner.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wunner.de Received: from h08.hostsharing.net (h08.hostsharing.net [83.223.95.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mailout3.hostsharing.net (Postfix) with ESMTPS id 1ED51101E6B41; Sun, 17 Dec 2023 11:38:31 +0100 (CET) Received: from localhost (unknown [89.246.108.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by h08.hostsharing.net (Postfix) with ESMTPSA id C72D26073EFF; Sun, 17 Dec 2023 11:38:30 +0100 (CET) X-Mailbox-Line: From 52635205818ab201cacb0c0f37c7fa48149c7f8e Mon Sep 17 00:00:00 2001 Message-Id: <52635205818ab201cacb0c0f37c7fa48149c7f8e.1702806810.git.lukas@wunner.de> In-Reply-To: References: From: Lukas Wunner Date: Sun, 17 Dec 2023 11:13:32 +0100 Subject: [PATCH v3 2/4] dt-bindings: tpm: Convert Google Cr50 bindings to DT schema Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To: Rob Herring , Krzysztof Kozlowski , Conor Dooley , Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe Cc: devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, Lino Sanfilippo , Nayna Jain , Thirupathaiah Annapureddy , Sasha Levin , Andrey Pronin , Alexander Steffen , Johannes Holland , Amir Mizinski , Benoit HOUYERE , Peter Delevoryas , Ninad Palsule , Guenter Roeck , Francesco Dolcini , Nishanth Menon Convert the devicetree bindings for the Google Security Chip H1 running Cr50 firmware to DT schema. The chip can be attached to SPI or I²C. Existing devicetrees use the same "google,cr50" compatible string for both cases without additionally specifying a generic "tcg,tpm_tis-spi" or "tcg,tpm-tis-i2c" compatible. The chip therefore cannot be documented in the tcg,tpm_tis-spi.yaml and tcg,tpm-tis-i2c.yaml schemas: The validator would select both of them and complain about SPI properties when the chip is an I²C peripheral. So document the chip in a schema of its own which includes both, SPI and I²C properties by reference. Signed-off-by: Lukas Wunner --- Changes v2 -> v3: * Introduce new schema specifically for google,cr50 (Rob). Note that I can't use "oneOf" for SPI and I²C properties because a node with only a "reg" property is a valid SPI and I²C node and would match both subschemas. So "anyOf" it is. .../bindings/security/tpm/google,cr50.txt | 19 ------ .../devicetree/bindings/tpm/google,cr50.yaml | 65 +++++++++++++++++++ 2 files changed, 65 insertions(+), 19 deletions(-) delete mode 100644 Documentation/devicetree/bindings/security/tpm/google,cr50.txt create mode 100644 Documentation/devicetree/bindings/tpm/google,cr50.yaml diff --git a/Documentation/devicetree/bindings/security/tpm/google,cr50.txt b/Documentation/devicetree/bindings/security/tpm/google,cr50.txt deleted file mode 100644 index cd69c2efdd37..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/google,cr50.txt +++ /dev/null @@ -1,19 +0,0 @@ -* H1 Secure Microcontroller with Cr50 Firmware on SPI Bus. - -H1 Secure Microcontroller running Cr50 firmware provides several -functions, including TPM-like functionality. It communicates over -SPI using the FIFO protocol described in the PTP Spec, section 6. - -Required properties: -- compatible: Should be "google,cr50". -- spi-max-frequency: Maximum SPI frequency. - -Example: - -&spi0 { - tpm@0 { - compatible = "google,cr50"; - reg = <0>; - spi-max-frequency = <800000>; - }; -}; diff --git a/Documentation/devicetree/bindings/tpm/google,cr50.yaml b/Documentation/devicetree/bindings/tpm/google,cr50.yaml new file mode 100644 index 000000000000..9302e12e9fc7 --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/google,cr50.yaml @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/google,cr50.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: Google Security Chip H1 (running Cr50 firmware) + +maintainers: + - Andrey Pronin + +description: | + Google has designed a family of security chips called "Titan". + One member is the H1 built into Chromebooks and running Cr50 firmware: + https://www.osfc.io/2018/talks/google-secure-microcontroller-and-ccd-closed-case-debugging/ + + The chip provides several functions, including TPM 2.0 like functionality. + It communicates over SPI or I²C using the FIFO protocol described in the + TCG PC Client Platform TPM Profile Specification for TPM 2.0 (PTP), sec 6: + https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/ + +properties: + compatible: + const: google,cr50 + +allOf: + - $ref: tpm-common.yaml# + +anyOf: + - $ref: /schemas/spi/spi-peripheral-props.yaml# + - $ref: tcg,tpm-tis-i2c.yaml#/properties/reg + +required: + - compatible + - reg + +unevaluatedProperties: false + +examples: + - | + spi { + #address-cells = <1>; + #size-cells = <0>; + + tpm@0 { + reg = <0>; + compatible = "google,cr50"; + spi-max-frequency = <800000>; + }; + }; + + - | + #include + i2c { + #address-cells = <1>; + #size-cells = <0>; + + tpm@50 { + compatible = "google,cr50"; + reg = <0x50>; + interrupts-extended = <&pio 88 IRQ_TYPE_EDGE_FALLING>; + pinctrl-names = "default"; + pinctrl-0 = <&cr50_int>; + }; + }; From patchwork Sun Dec 17 10:13:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Wunner X-Patchwork-Id: 755184 Received: from mailout1.hostsharing.net (mailout1.hostsharing.net [83.223.95.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 887E06FA8; Sun, 17 Dec 2023 10:50:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=wunner.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wunner.de Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mailout1.hostsharing.net (Postfix) with ESMTPS id 0989C10192642; Sun, 17 Dec 2023 11:50:08 +0100 (CET) Received: from localhost (unknown [89.246.108.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by h08.hostsharing.net (Postfix) with ESMTPSA id DBD236073EFF; Sun, 17 Dec 2023 11:50:07 +0100 (CET) X-Mailbox-Line: From 5c41e045dfe7cc3f27dd41c08c62ed8c4a90d8a4 Mon Sep 17 00:00:00 2001 Message-Id: <5c41e045dfe7cc3f27dd41c08c62ed8c4a90d8a4.1702806810.git.lukas@wunner.de> In-Reply-To: References: From: Lukas Wunner Date: Sun, 17 Dec 2023 11:13:33 +0100 Subject: [PATCH v3 3/4] dt-bindings: tpm: Convert IBM vTPM bindings to DT schema To: Rob Herring , Krzysztof Kozlowski , Conor Dooley , Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe Cc: devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, Lino Sanfilippo , Nayna Jain , Thirupathaiah Annapureddy , Sasha Levin , Andrey Pronin , Alexander Steffen , Johannes Holland , Amir Mizinski , Benoit HOUYERE , Peter Delevoryas , Ninad Palsule , Guenter Roeck , Francesco Dolcini , Nishanth Menon Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Convert the devicetree bindings for the IBM Virtual Trusted Platform Module to DT schema. Drop properties which are already documented in tpm-common.yaml. Document the "IBM,vtpm20" compatible string introduced by commit 18b3670d79ae ("tpm: ibmvtpm: Add support for TPM2"). Signed-off-by: Lukas Wunner Reviewed-by: Rob Herring --- .../bindings/security/tpm/ibmvtpm.txt | 41 ------- .../devicetree/bindings/tpm/ibm,vtpm.yaml | 104 ++++++++++++++++++ 2 files changed, 104 insertions(+), 41 deletions(-) delete mode 100644 Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt create mode 100644 Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml diff --git a/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt b/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt deleted file mode 100644 index d89f99971368..000000000000 --- a/Documentation/devicetree/bindings/security/tpm/ibmvtpm.txt +++ /dev/null @@ -1,41 +0,0 @@ -* Device Tree Bindings for IBM Virtual Trusted Platform Module(vtpm) - -Required properties: - -- compatible : property name that conveys the platform architecture - identifiers, as 'IBM,vtpm' -- device_type : specifies type of virtual device -- interrupts : property specifying the interrupt source number and - sense code associated with this virtual I/O Adapters -- ibm,my-drc-index : integer index for the connector between the device - and its parent - present only if Dynamic - Reconfiguration(DR) Connector is enabled -- ibm,#dma-address-cells: specifies the number of cells that are used to - encode the physical address field of dma-window - properties -- ibm,#dma-size-cells : specifies the number of cells that are used to - encode the size field of dma-window properties -- ibm,my-dma-window : specifies DMA window associated with this virtual - IOA -- ibm,loc-code : specifies the unique and persistent location code - associated with this virtual I/O Adapters -- linux,sml-base : 64-bit base address of the reserved memory allocated - for the firmware event log -- linux,sml-size : size of the memory allocated for the firmware event log - -Example (IBM Virtual Trusted Platform Module) ---------------------------------------------- - - vtpm@30000003 { - ibm,#dma-size-cells = <0x2>; - compatible = "IBM,vtpm"; - device_type = "IBM,vtpm"; - ibm,my-drc-index = <0x30000003>; - ibm,#dma-address-cells = <0x2>; - linux,sml-base = <0xc60e 0x0>; - interrupts = <0xa0003 0x0>; - ibm,my-dma-window = <0x10000003 0x0 0x0 0x0 0x10000000>; - ibm,loc-code = "U8286.41A.10082DV-V3-C3"; - reg = <0x30000003>; - linux,sml-size = <0xbce10200>; - }; diff --git a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml new file mode 100644 index 000000000000..50a3fd31241c --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml @@ -0,0 +1,104 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/ibm,vtpm.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: IBM Virtual Trusted Platform Module (vTPM) + +maintainers: + - Nayna Jain + +description: | + Virtual TPM is used on IBM POWER7+ and POWER8 systems running POWERVM. + It is supported through the adjunct partition with firmware release 740 + or higher. With vTPM support, each lpar is able to have its own vTPM + without the physical TPM hardware. The TPM functionality is provided by + communicating with the vTPM adjunct partition through Hypervisor calls + (Hcalls) and Command/Response Queue (CRQ) commands. + +properties: + compatible: + enum: + - IBM,vtpm + - IBM,vtpm20 + + device_type: + description: + type of virtual device + enum: + - IBM,vtpm + - IBM,vtpm20 + + reg: + maxItems: 1 + + 'ibm,#dma-address-cells': + description: + number of cells that are used to encode the physical address field of + dma-window properties + $ref: /schemas/types.yaml#/definitions/uint32-array + + 'ibm,#dma-size-cells': + description: + number of cells that are used to encode the size field of + dma-window properties + $ref: /schemas/types.yaml#/definitions/uint32-array + + ibm,my-dma-window: + description: + DMA window associated with this virtual I/O Adapter + $ref: /schemas/types.yaml#/definitions/uint32-array + minItems: 5 + maxItems: 5 + + ibm,my-drc-index: + description: + integer index for the connector between the device and its parent; + present only if Dynamic Reconfiguration (DR) Connector is enabled + $ref: /schemas/types.yaml#/definitions/uint32 + + ibm,loc-code: + description: + unique and persistent location code associated with this virtual + I/O Adapter + $ref: /schemas/types.yaml#/definitions/string + +required: + - compatible + - device_type + - reg + - interrupts + - ibm,#dma-address-cells + - ibm,#dma-size-cells + - ibm,my-dma-window + - ibm,my-drc-index + - ibm,loc-code + - linux,sml-base + - linux,sml-size + +allOf: + - $ref: tpm-common.yaml# + +unevaluatedProperties: false + +examples: + - | + soc { + #address-cells = <1>; + #size-cells = <0>; + + tpm@30000003 { + compatible = "IBM,vtpm"; + device_type = "IBM,vtpm"; + reg = <0x30000003>; + interrupts = <0xa0003 0x0>; + ibm,#dma-address-cells = <0x2>; + ibm,#dma-size-cells = <0x2>; + ibm,my-dma-window = <0x10000003 0x0 0x0 0x0 0x10000000>; + ibm,my-drc-index = <0x30000003>; + ibm,loc-code = "U8286.41A.10082DV-V3-C3"; + linux,sml-base = <0xc60e 0x0>; + linux,sml-size = <0xbce10200>; + }; + }; From patchwork Sun Dec 17 10:13:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukas Wunner X-Patchwork-Id: 755692 Received: from mailout2.hostsharing.net (mailout2.hostsharing.net [83.223.78.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D32379C8; Sun, 17 Dec 2023 10:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=wunner.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wunner.de Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mailout2.hostsharing.net (Postfix) with ESMTPS id 8D69B10189BEB; Sun, 17 Dec 2023 11:52:50 +0100 (CET) Received: from localhost (unknown [89.246.108.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by h08.hostsharing.net (Postfix) with ESMTPSA id 4F3A66073EFF; Sun, 17 Dec 2023 11:52:50 +0100 (CET) X-Mailbox-Line: From 99523409eb5aec9276055ff358ae6f2ceb10be6d Mon Sep 17 00:00:00 2001 Message-Id: <99523409eb5aec9276055ff358ae6f2ceb10be6d.1702806810.git.lukas@wunner.de> In-Reply-To: References: From: Lukas Wunner Date: Sun, 17 Dec 2023 11:13:34 +0100 Subject: [PATCH v3 4/4] dt-bindings: tpm: Document Microsoft fTPM bindings To: Rob Herring , Krzysztof Kozlowski , Conor Dooley , Jarkko Sakkinen , Peter Huewe , Jason Gunthorpe Cc: devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, Lino Sanfilippo , Nayna Jain , Thirupathaiah Annapureddy , Sasha Levin , Andrey Pronin , Alexander Steffen , Johannes Holland , Amir Mizinski , Benoit HOUYERE , Peter Delevoryas , Ninad Palsule , Guenter Roeck , Francesco Dolcini , Nishanth Menon Precedence: bulk X-Mailing-List: devicetree@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: A driver for Microsoft's firmware-based Trusted Platform Module (fTPM) was merged with commit 09e574831b27 ("tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEE"), but its devicetree bindings were not. This is the only remaining undocumented compatible string for a TPM, so add a DT schema based on the patch linked below. Link: https://lore.kernel.org/all/20190409184958.7476-2-sashal@kernel.org/ Signed-off-by: Lukas Wunner Reviewed-by: Rob Herring --- Changes v2 -> v3: * Use "const" instead of "enum" for singleton compatible string. .../bindings/tpm/microsoft,ftpm.yaml | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 Documentation/devicetree/bindings/tpm/microsoft,ftpm.yaml diff --git a/Documentation/devicetree/bindings/tpm/microsoft,ftpm.yaml b/Documentation/devicetree/bindings/tpm/microsoft,ftpm.yaml new file mode 100644 index 000000000000..fdb81968f03d --- /dev/null +++ b/Documentation/devicetree/bindings/tpm/microsoft,ftpm.yaml @@ -0,0 +1,47 @@ +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +%YAML 1.2 +--- +$id: http://devicetree.org/schemas/tpm/microsoft,ftpm.yaml# +$schema: http://devicetree.org/meta-schemas/core.yaml# + +title: Microsoft firmware-based Trusted Platform Module (fTPM) + +maintainers: + - Thirupathaiah Annapureddy + - Sasha Levin + +description: | + Commodity CPU architectures, such as ARM and Intel CPUs, have started to + offer trusted computing features in their CPUs aimed at displacing dedicated + trusted hardware. Unfortunately, these CPU architectures raise serious + challenges to building trusted systems because they omit providing secure + resources outside the CPU perimeter. + + Microsoft's firmware-based TPM 2.0 (fTPM) leverages ARM TrustZone to overcome + these challenges and provide software with security guarantees similar to + those of dedicated trusted hardware. + + https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/ + https://github.com/Microsoft/ms-tpm-20-ref/tree/main/Samples/ARM32-FirmwareTPM + +properties: + compatible: + const: microsoft,ftpm + +required: + - compatible + - linux,sml-base + - linux,sml-size + +allOf: + - $ref: tpm-common.yaml# + +unevaluatedProperties: false + +examples: + - | + tpm { + compatible = "microsoft,ftpm"; + linux,sml-base = <0x0 0xc0000000>; + linux,sml-size = <0x10000>; + };