diff --git a/src/soc/amd/common/block/include/amdblocks/psp.h b/src/soc/amd/common/block/include/amdblocks/psp.h index 1ab3385314..40197396fe 100644 --- a/src/soc/amd/common/block/include/amdblocks/psp.h +++ b/src/soc/amd/common/block/include/amdblocks/psp.h @@ -4,6 +4,7 @@ #define AMD_BLOCK_PSP_H #include +#include #define SMM_TRIGGER_IO 0 #define SMM_TRIGGER_MEM 1 @@ -84,4 +85,15 @@ int psp_load_named_blob(enum psp_blob_type type, const char *name); /* Sets the GPIO used for the TPM IRQ */ void psp_set_tpm_irq_gpio(unsigned int gpio); +/* Returns the fTPM base address, 0 on error. */ +uintptr_t psp_ftpm_base_address(void); + +/* Returns true when the fTPM CRB interface is enabled */ +bool psp_ftpm_is_active(void); + +/* Returns required recovery actions to be taken */ +void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram, + bool *psp_nvram, + bool *psp_dir); + #endif /* AMD_BLOCK_PSP_H */ diff --git a/src/soc/amd/common/block/psp/Makefile.mk b/src/soc/amd/common/block/psp/Makefile.mk index dc811f9098..9929d72998 100644 --- a/src/soc/amd/common/block/psp/Makefile.mk +++ b/src/soc/amd/common/block/psp/Makefile.mk @@ -11,6 +11,8 @@ smm-y += psp_smm.c bootblock-y += psp_efs.c verstage-y += psp_efs.c +all-y += ftpm.c + endif # CONFIG_SOC_AMD_COMMON_BLOCK_PSP ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_PSP_GEN1),y) diff --git a/src/soc/amd/common/block/psp/ftpm.c b/src/soc/amd/common/block/psp/ftpm.c new file mode 100644 index 0000000000..7e50365f6d --- /dev/null +++ b/src/soc/amd/common/block/psp/ftpm.c @@ -0,0 +1,88 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include +#include +#include + +#include "psp_def.h" + +uintptr_t psp_ftpm_base_address(void) +{ + const uintptr_t psp_base = get_psp_mmio_base(); + if (!psp_base) + return 0; + + /* TPM MMIO space starts 0xA0 bytes before MBOX */ + return psp_base + CONFIG_PSPV2_MBOX_CMD_OFFSET - 0xA0; +} + +/* + * psp_ftpm_is_active + * + * Checks that fTPM CRB interface is available and active. + */ +bool psp_ftpm_is_active(void) +{ + uint32_t caps = 0; + + /* PSP must report fTPM capability support */ + if (psp_get_ftpm_capabilties(&caps) != CB_SUCCESS) + return false; + + if (!(caps & MBOX_FTPM_CAP_TPM_SUPPORTED)) + return false; + + /* Must have valid MMIO base address */ + if (!psp_ftpm_base_address()) + return false; + + return true; +} + +/* + * psp_ftpm_needs_recovery + * + * Checks the PSP and returns the necessary recovery actions + * to be taken. Recovery actions involve erasing parts of the SPI flash + * and might possibly erase TPM secrets, preventing unsealing of + * the OS. + * + * @psp_rpmc_nvram The PSP_RPMC_NVRAM FMAP regions must be cleared + * @psp_nvram The PSP_NVRAM FMAP regions must be cleared + * @psp_dir The fTPM driver in the PSP directory is missing or corrupted + */ +void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram, + bool *psp_nvram, + bool *psp_dir) +{ + uint32_t psp_caps; + uint32_t caps; + + *psp_rpmc_nvram = false; + *psp_nvram = false; + *psp_dir = false; + + if (psp_get_psp_capabilities(&psp_caps) != CB_SUCCESS) { + printk(BIOS_ERR, "FTPM: Failed to get PSP capabilities\n"); + return; + } + + if (psp_get_ftpm_capabilties(&caps) != CB_SUCCESS) { + printk(BIOS_ERR, "FTPM: Failed to get fTPM capabilities\n"); + return; + } + + if ((psp_caps & 0x5) == 0x4) { + printk(BIOS_WARNING, "FTPM: PSP_RPMC_NVRAM region corrupted.\n"); + *psp_rpmc_nvram = true; + *psp_nvram = true; + } + + if (caps & MBOX_FTPM_CAP_TPM_REQ_FACTORY_RESET) { + printk(BIOS_WARNING, "FTPM: PSP_NVRAM region corrupted.\n"); + *psp_nvram = true; + } + + if (caps & MBOX_FTPM_CAP_FTPM_NEED_RECOVER) + *psp_dir = true; +} diff --git a/src/soc/amd/common/block/psp/psp_def.h b/src/soc/amd/common/block/psp/psp_def.h index 369ef08e02..56c963dd7c 100644 --- a/src/soc/amd/common/block/psp/psp_def.h +++ b/src/soc/amd/common/block/psp/psp_def.h @@ -19,6 +19,9 @@ #define MBOX_BIOS_CMD_SX_INFO_SLEEP_TYPE_MAX 0x07 #define MBOX_BIOS_CMD_RSM_INFO 0x04 #define MBOX_BIOS_CMD_PSP_FTPM_QUERY 0x05 +#define MBOX_FTPM_CAP_TPM_SUPPORTED (1 << 0) +#define MBOX_FTPM_CAP_TPM_REQ_FACTORY_RESET (1 << 1) +#define MBOX_FTPM_CAP_FTPM_NEED_RECOVER (1 << 2) #define MBOX_BIOS_CMD_BOOT_DONE 0x06 #define MBOX_BIOS_CMD_CLEAR_S3_STS 0x07 #define MBOX_BIOS_CMD_S3_DATA_INFO 0x08