soc/amd/common/block/psp: Add fTPM specific bits

Add helper functions for PSP fTPM support.

Signed-off-by: Patrick Rudolph <patrick.rudolph@amd.com>
Change-Id: I5c111bbdda52859381693cb0a15d49f3284a2291
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88355
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

src/soc/amd/common/block/include/amdblocks/psp.h

@@ -4,6 +4,7 @@
 #define AMD_BLOCK_PSP_H
 
 #include <stdint.h>
+#include <stdbool.h>
 
 #define SMM_TRIGGER_IO		0
 #define SMM_TRIGGER_MEM		1
@@ -84,4 +85,15 @@ int psp_load_named_blob(enum psp_blob_type type, const char *name);
 /* Sets the GPIO used for the TPM IRQ */
 void psp_set_tpm_irq_gpio(unsigned int gpio);
 
+/* Returns the fTPM base address, 0 on error. */
+uintptr_t psp_ftpm_base_address(void);
+
+/* Returns true when the fTPM CRB interface is enabled */
+bool psp_ftpm_is_active(void);
+
+/* Returns required recovery actions to be taken */
+void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram,
+			     bool *psp_nvram,
+			     bool *psp_dir);
+
 #endif /* AMD_BLOCK_PSP_H */

src/soc/amd/common/block/psp/Makefile.mk

@@ -11,6 +11,8 @@ smm-y += psp_smm.c
 bootblock-y += psp_efs.c
 verstage-y += psp_efs.c
 
+all-y += ftpm.c
+
 endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP
 
 ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN1),y)

src/soc/amd/common/block/psp/ftpm.c

@@ -0,0 +1,88 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#include <amdblocks/psp.h>
+#include <console/console.h>
+#include <device/mmio.h>
+
+#include "psp_def.h"
+
+uintptr_t psp_ftpm_base_address(void)
+{
+	const uintptr_t psp_base = get_psp_mmio_base();
+	if (!psp_base)
+		return 0;
+
+	/* TPM MMIO space starts 0xA0 bytes before MBOX */
+	return psp_base + CONFIG_PSPV2_MBOX_CMD_OFFSET - 0xA0;
+}
+
+/*
+ * psp_ftpm_is_active
+ *
+ * Checks that fTPM CRB interface is available and active.
+ */
+bool psp_ftpm_is_active(void)
+{
+	uint32_t caps = 0;
+
+	/* PSP must report fTPM capability support */
+	if (psp_get_ftpm_capabilties(&caps) != CB_SUCCESS)
+		return false;
+
+	if (!(caps & MBOX_FTPM_CAP_TPM_SUPPORTED))
+		return false;
+
+	/* Must have valid MMIO base address */
+	if (!psp_ftpm_base_address())
+		return false;
+
+	return true;
+}
+
+/*
+ * psp_ftpm_needs_recovery
+ *
+ * Checks the PSP and returns the necessary recovery actions
+ * to be taken. Recovery actions involve erasing parts of the SPI flash
+ * and might possibly erase TPM secrets, preventing unsealing of
+ * the OS.
+ *
+ * @psp_rpmc_nvram The PSP_RPMC_NVRAM FMAP regions must be cleared
+ * @psp_nvram The PSP_NVRAM FMAP regions must be cleared
+ * @psp_dir The fTPM driver in the PSP directory is missing or corrupted
+ */
+void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram,
+			     bool *psp_nvram,
+			     bool *psp_dir)
+{
+	uint32_t psp_caps;
+	uint32_t caps;
+
+	*psp_rpmc_nvram = false;
+	*psp_nvram = false;
+	*psp_dir = false;
+
+	if (psp_get_psp_capabilities(&psp_caps) != CB_SUCCESS) {
+		printk(BIOS_ERR, "FTPM: Failed to get PSP capabilities\n");
+		return;
+	}
+
+	if (psp_get_ftpm_capabilties(&caps) != CB_SUCCESS) {
+		printk(BIOS_ERR, "FTPM: Failed to get fTPM capabilities\n");
+		return;
+	}
+
+	if ((psp_caps & 0x5) == 0x4) {
+		printk(BIOS_WARNING, "FTPM: PSP_RPMC_NVRAM region corrupted.\n");
+		*psp_rpmc_nvram = true;
+		*psp_nvram = true;
+	}
+
+	if (caps & MBOX_FTPM_CAP_TPM_REQ_FACTORY_RESET) {
+		printk(BIOS_WARNING, "FTPM: PSP_NVRAM region corrupted.\n");
+		*psp_nvram = true;
+	}
+
+	if (caps & MBOX_FTPM_CAP_FTPM_NEED_RECOVER)
+		*psp_dir = true;
+}

src/soc/amd/common/block/psp/psp_def.h

@@ -19,6 +19,9 @@
 #define   MBOX_BIOS_CMD_SX_INFO_SLEEP_TYPE_MAX	0x07
 #define MBOX_BIOS_CMD_RSM_INFO			0x04
 #define MBOX_BIOS_CMD_PSP_FTPM_QUERY		0x05
+#define   MBOX_FTPM_CAP_TPM_SUPPORTED		(1 << 0)
+#define   MBOX_FTPM_CAP_TPM_REQ_FACTORY_RESET	(1 << 1)
+#define   MBOX_FTPM_CAP_FTPM_NEED_RECOVER	(1 << 2)
 #define MBOX_BIOS_CMD_BOOT_DONE			0x06
 #define MBOX_BIOS_CMD_CLEAR_S3_STS		0x07
 #define MBOX_BIOS_CMD_S3_DATA_INFO		0x08