tpm: introduce TPM SPI driver
authorVadim Bendebury <vbendeb@chromium.org>
Thu, 23 Jun 2016 02:14:01 +0000 (19:14 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Fri, 24 Jun 2016 03:19:55 +0000 (20:19 -0700)
This ports the SPI TPM driver from coreboot. The driver is compliant
with the TCG issued "TPM Profile (PTP) Specification Revision 00.43"
which can be found by googling its title.

The driver implements both the hardware flow control protocol and the
TPM state machine.

The hardware flow control allows to map SPI based TPM devices to the
LPC address space on x86 platforms, on all other platforms it needs to
be implemented in the driver software.

A lot more implementation details can be found in the code comments.

This is not a complete version of the driver: its robustness needs to
be improved, delay loops need to be bound, error conditions need to
propagate up the call stack.

BRANCH=none
BUG=chrome-os-partner:50645, chrome-os-partner:54141
TEST=with the rest of the patches applied; attempts of vboot_firmware
     to communicate with the TPM trigger proper TPM initialization
     (which indicates that SPI interface is operational and is plugged
     in properly). Chrome OS boot fails because vboot_firmware does not
     speak TPM2 yet.

Change-Id: Ic084c8b7ed14a24fd210cfe9ef59430f636696fc
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/355320
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
src/drivers/tpm/Kconfig
src/drivers/tpm/Makefile.inc
src/drivers/tpm/spi.c [new file with mode: 0644]
src/drivers/tpm/spi.h [new file with mode: 0644]

index 1dc0614..6facd07 100644 (file)
@@ -21,6 +21,11 @@ config DRIVER_TPM_SLB9635_I2C
        select DRIVER_TPM
        default n
 
+config DRIVER_TPM_SPI
+       bool "SPI TPM driver"
+       select DRIVER_TPM
+       default n
+
 config DRIVER_TPM_I2C
        bool
        default n
index 33504cf..6daa2f3 100644 (file)
@@ -12,6 +12,7 @@
 ##
 
 depthcharge-$(CONFIG_DRIVER_TPM) += tpm.c
-depthcharge-$(CONFIG_DRIVER_TPM_LPC) += lpc.c
 depthcharge-$(CONFIG_DRIVER_TPM_I2C) += i2c.c
+depthcharge-$(CONFIG_DRIVER_TPM_LPC) += lpc.c
 depthcharge-$(CONFIG_DRIVER_TPM_SLB9635_I2C) += slb9635_i2c.c
+depthcharge-$(CONFIG_DRIVER_TPM_SPI) += spi.c
diff --git a/src/drivers/tpm/spi.c b/src/drivers/tpm/spi.c
new file mode 100644 (file)
index 0000000..55ea21f
--- /dev/null
@@ -0,0 +1,661 @@
+/*
+ * Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * This is a driver for a SPI interfaced TPM2 device.
+ *
+ * It assumes that the required SPI interface has been initialized before the
+ * driver is started. A 'sruct spi_slave' pointer passed at initialization is
+ * used to direct traffic to the correct SPI interface. This dirver does not
+ * provide a way to instantiate multiple TPM devices. Also, to keep things
+ * simple, the driver unconditionally uses of TPM locality zero.
+ *
+ * References to documentation are based on the TCG issued "TPM Profile (PTP)
+ * Specification Revision 00.43".
+ */
+
+#include <libpayload.h>
+
+#include "spi.h"
+
+/************************************************************/
+/*  Plumbing to make porting of the coreboot driver easier. */
+struct spi_slave {};
+enum {
+       false = 0,
+       true
+};
+
+struct tpm2_info {
+       uint16_t vendor_id;
+       uint16_t device_id;
+       uint16_t revision;
+};
+
+struct stopwatch {
+       u64 start;
+       u64 expires;
+};
+static void stopwatch_init_usecs_expire(struct stopwatch *sw, long us)
+{
+       sw->start = timer_us(0);
+       sw->expires = us;
+}
+
+static int stopwatch_expired(struct stopwatch *sw)
+{
+       return timer_us(sw->start > sw->expires);
+}
+
+/*
+ * Use static driver structure, we're not going to have multiple TPM devices
+ * on board.
+ */
+static SpiTpm spi_tpm;
+
+static int spi_claim_bus(struct spi_slave *unused)
+{
+       return spi_tpm.bus->start(spi_tpm.bus);
+}
+
+static void spi_release_bus(struct spi_slave *unused)
+{
+       spi_tpm.bus->stop(spi_tpm.bus);
+}
+
+static int spi_xfer(struct spi_slave *unused, const void *dout,
+                   unsigned bytesout, void *din, unsigned bytesin)
+{
+       unsigned count;
+
+       count = bytesin;
+       if (bytesin < bytesout)
+               count = bytesout;
+       else
+               count = bytesin;
+
+       return spi_tpm.bus->transfer(spi_tpm.bus, din, dout, count);
+}
+
+static uint32_t read_be32(const void *ptr)
+{
+       uint32_t result;
+
+       memcpy(&result, ptr, sizeof(result));
+       return be32toh(result);
+}
+
+/*********************************************************/
+/*   Coreboot driver with as little changes as possible. */
+
+
+#define TPM_LOCALITY_0_SPI_BASE 0x00d40000
+
+/* Assorted TPM2 registers for interface type FIFO. */
+#define TPM_ACCESS_REG    (TPM_LOCALITY_0_SPI_BASE + 0)
+#define TPM_STS_REG       (TPM_LOCALITY_0_SPI_BASE + 0x18)
+#define TPM_DATA_FIFO_REG (TPM_LOCALITY_0_SPI_BASE + 0x24)
+#define TPM_DID_VID_REG   (TPM_LOCALITY_0_SPI_BASE + 0xf00)
+#define TPM_RID_REG       (TPM_LOCALITY_0_SPI_BASE + 0xf04)
+
+/* SPI Interface descriptor used by the driver. */
+struct tpm_spi_if {
+       struct spi_slave *slave;
+       int (*cs_assert)(struct spi_slave *slave);
+       void (*cs_deassert)(struct spi_slave *slave);
+       int  (*xfer)(struct spi_slave *slave, const void *dout,
+                    unsigned bytesout, void *din,
+                    unsigned bytesin);
+};
+
+/* Use the common SPI driver wrapper as the interface callbacks. */
+static struct tpm_spi_if tpm_if = {
+       .cs_assert = spi_claim_bus,
+       .cs_deassert = spi_release_bus,
+       .xfer = spi_xfer
+};
+
+/* Cached TPM device identification. */
+struct tpm2_info tpm_info;
+
+/*
+ * TODO(vbendeb): make CONFIG_DEBUG_TPM an int to allow different level of
+ * debug traces. Right now it is either 0 or 1.
+ */
+static const int debug_level_ = 1;
+
+/* Locality management bits (in TPM_ACCESS_REG) */
+enum tpm_access_bits {
+       tpm_reg_valid_sts = (1 << 7),
+       active_locality = (1 << 5),
+       request_use = (1 << 1),
+       tpm_establishment = (1 << 0),
+};
+
+/*
+ * Variuous fields of the TPM status register, arguably the most important
+ * register when interfacing to a TPM.
+ */
+enum tpm_sts_bits {
+       tpm_family_shift = 26,
+       tpm_family_mask = ((1 << 2) - 1),  /* 2 bits wide. */
+       tpm_family_tpm2 = 1,
+       reset_establishment_bit = (1 << 25),
+       command_cancel = (1 << 24),
+       burst_count_shift = 8,
+       burst_count_mask = ((1 << 16) - 1),  /* 16 bits wide. */
+       sts_valid = (1 << 7),
+       command_ready = (1 << 6),
+       tpm_go = (1 << 5),
+       data_avail = (1 << 4),
+       expect = (1 << 3),
+       self_test_done = (1 << 2),
+       response_retry = (1 << 1),
+};
+
+/*
+ * SPI frame header for TPM transactions is 4 bytes in size, it is described
+ * in section "6.4.6 Spi Bit Protocol".
+ */
+typedef struct {
+       unsigned char body[4];
+} spi_frame_header;
+
+/*
+ * Each TPM2 SPI transaction starts the same: CS is asserted, the 4 byte
+ * header is sent to the TPM, the master waits til TPM is ready to continue.
+ */
+static void start_transaction(int read_write, size_t bytes, unsigned addr)
+{
+       spi_frame_header header;
+       uint8_t byte;
+       int i;
+
+       /*
+        * Give it 10 ms. TODO(vbendeb): remove this once cr50 SPS TPM driver
+        * performance is fixed.
+        */
+       mdelay(10);
+
+       /*
+        * The first byte of the frame header encodes the transaction type
+        * (read or write) and transfer size (set to lentgh - 1), limited to
+        * 64 bytes.
+        */
+       header.body[0] = (read_write ? 0x80 : 0) | 0x40 | (bytes - 1);
+
+       /* The rest of the frame header is the TPM register address. */
+       for (i = 0; i < 3; i++)
+               header.body[i + 1] = (addr >> (8 * (2 - i))) & 0xff;
+
+       /* CS assert wakes up the slave. */
+       tpm_if.cs_assert(tpm_if.slave);
+
+       /*
+        * The TCG TPM over SPI specification introduces the notion of SPI
+        * flow control (Section "6.4.5 Flow Control").
+        *
+        * Again, the slave (TPM device) expects each transaction to start
+        * with a 4 byte header trasmitted by master. The header indicates if
+        * the master needs to read or write a register, and the register
+        * address.
+        *
+        * If the slave needs to stall the transaction (for instance it is not
+        * ready to send the register value to the master), it sets the MOSI
+        * line to 0 during the last clock of the 4 byte header. In this case
+        * the master is supposed to start polling the SPI bus, one byte at
+        * time, until the last bit in the received byte (transferred during
+        * the last clock of the byte) is set to 1.
+        *
+        * Due to some SPI controllers' shortcomings (Rockchip comes to
+        * mind...) we trasmit the 4 byte header without checking the byte
+        * transmitted by the TPM during the transaction's last byte.
+        *
+        * We know that cr50 is guaranteed to set the flow control bit to 0
+        * during the header transfer, but real TPM2 might be fast enough not
+        * to require to stall the master, this would present an issue.
+        * crosbug.com/p/52132 has been opened to track this.
+        */
+       tpm_if.xfer(tpm_if.slave, header.body, sizeof(header.body), NULL, 0);
+
+       /* Now poll the bus until TPM removes the stall bit. */
+       do {
+               tpm_if.xfer(tpm_if.slave, NULL, 0, &byte, 1);
+       } while (!(byte & 1));
+}
+
+/*
+ * Print out the contents of a buffer, if debug is enabled. Skip registers
+ * other than FIFO, unless debug_level_ is 2.
+ */
+static void trace_dump(const char *prefix, uint32_t reg,
+                      size_t bytes, const uint8_t *buffer,
+                      int force)
+{
+       static char prev_prefix;
+       static unsigned prev_reg;
+       static int current_char;
+       const int BYTES_PER_LINE = 32;
+
+       if (!force) {
+               if (!debug_level_)
+                       return;
+
+               if ((debug_level_ < 2) && (reg != TPM_DATA_FIFO_REG))
+                       return;
+       }
+
+       /*
+        * Do not print register address again if the last dump print was for
+        * that register.
+        */
+       if ((prev_prefix != *prefix) || (prev_reg != reg)) {
+               prev_prefix = *prefix;
+               prev_reg = reg;
+               printf("\n%s %2.2x:", prefix, reg);
+               current_char = 0;
+       }
+
+       if ((reg != TPM_DATA_FIFO_REG) && (bytes == 4)) {
+               /*
+                * This must be a regular register address, print the 32 bit
+                * value.
+                */
+               printf(" %8.8x", *(const uint32_t *)buffer);
+       } else {
+               int i;
+
+               /*
+                * Data read from or written to FIFO or not in 4 byte
+                * quantiites is printed byte at a time.
+                */
+               for (i = 0; i < bytes; i++) {
+                       if (current_char && !(current_char % BYTES_PER_LINE)) {
+                               printf("\n     ");
+                               current_char = 0;
+                       }
+                       current_char++;
+                       printf(" %2.2x", buffer[i]);
+               }
+       }
+}
+
+/*
+ * Once transaction is initiated and the TPM indicated that it is ready to go,
+ * write the actual bytes to the register.
+ */
+static void write_bytes(const void *buffer, size_t bytes)
+{
+       tpm_if.xfer(tpm_if.slave, buffer, bytes, NULL, 0);
+}
+
+/*
+ * Once transaction is initiated and the TPM indicated that it is ready to go,
+ * read the actual bytes from the register.
+ */
+static void read_bytes(void *buffer, size_t bytes)
+{
+       tpm_if.xfer(tpm_if.slave, NULL, 0, buffer, bytes);
+}
+
+/*
+ * To write a register, start transaction, transfer data to the TPM, deassert
+ * CS when done.
+ *
+ * Returns one to indicate success, zero (not yet implemented) to indicate
+ * failure.
+ */
+static int tpm2_write_reg(unsigned reg_number, const void *buffer, size_t bytes)
+{
+       trace_dump("W", reg_number, bytes, buffer, 0);
+       start_transaction(false, bytes, reg_number);
+       write_bytes(buffer, bytes);
+       tpm_if.cs_deassert(tpm_if.slave);
+       return 1;
+}
+
+/*
+ * To read a register, start transaction, transfer data from the TPM, deassert
+ * CS when done.
+ *
+ * Returns one to indicate success, zero (not yet implemented) to indicate
+ * failure.
+ */
+static int tpm2_read_reg(unsigned reg_number, void *buffer, size_t bytes)
+{
+       start_transaction(true, bytes, reg_number);
+       read_bytes(buffer, bytes);
+       tpm_if.cs_deassert(tpm_if.slave);
+       trace_dump("R", reg_number, bytes, buffer, 0);
+       return 1;
+}
+
+/*
+ * Status register is accessed often, wrap reading and writing it into
+ * dedicated functions.
+ */
+static int read_tpm_sts(uint32_t *status)
+{
+       return tpm2_read_reg(TPM_STS_REG, status, sizeof(*status));
+}
+
+static int write_tpm_sts(uint32_t status)
+{
+       return tpm2_write_reg(TPM_STS_REG, &status, sizeof(status));
+}
+
+/*
+ * The TPM may limit the transaction bytes count (burst count) below the 64
+ * bytes max. The current value is available as a field of the status
+ * register.
+ */
+static uint32_t get_burst_count(void)
+{
+       uint32_t status;
+
+       read_tpm_sts(&status);
+       return (status >> burst_count_shift) & burst_count_mask;
+}
+
+static int tpm2_init(SpiOps *spi_ops)
+{
+       uint32_t did_vid, status;
+       uint8_t cmd;
+
+       tpm2_read_reg(TPM_DID_VID_REG, &did_vid, sizeof(did_vid));
+
+       /* Try claiming locality zero. */
+       tpm2_read_reg(TPM_ACCESS_REG, &cmd, sizeof(cmd));
+       if ((cmd & (active_locality & tpm_reg_valid_sts)) ==
+           (active_locality & tpm_reg_valid_sts)) {
+               /*
+                * Locality active - maybe reset line is not connected?
+                * Release the locality and try again
+                */
+               cmd = active_locality;
+               tpm2_write_reg(TPM_ACCESS_REG, &cmd, sizeof(cmd));
+               tpm2_read_reg(TPM_ACCESS_REG, &cmd, sizeof(cmd));
+       }
+
+       /* The tpm_establishment bit can be either set or not, ignore it. */
+       if ((cmd & ~tpm_establishment) != tpm_reg_valid_sts) {
+               printf("invalid reset status: %#x\n", cmd);
+               return -1;
+       }
+
+       cmd = request_use;
+       tpm2_write_reg(TPM_ACCESS_REG, &cmd, sizeof(cmd));
+       tpm2_read_reg(TPM_ACCESS_REG, &cmd, sizeof(cmd));
+       if ((cmd &  ~tpm_establishment) !=
+           (tpm_reg_valid_sts | active_locality)) {
+               printf("failed to claim locality 0, status: %#x\n",
+                      cmd);
+               return -1;
+       }
+
+       read_tpm_sts(&status);
+       if (((status >> tpm_family_shift) & tpm_family_mask) !=
+           tpm_family_tpm2) {
+               printf("unexpected TPM family value, status: %#x\n",
+                      status);
+               return -1;
+       }
+
+       /*
+        * Locality claimed, read the revision value and set up the tpm_info
+        * structure.
+        */
+       tpm2_read_reg(TPM_RID_REG, &cmd, sizeof(cmd));
+       tpm_info.vendor_id = did_vid & 0xffff;
+       tpm_info.device_id = did_vid >> 16;
+       tpm_info.revision = cmd;
+
+       printf("Connected to device vid:did:rid of %4.4x:%4.4x:%2.2x\n",
+              tpm_info.vendor_id, tpm_info.device_id, tpm_info.revision);
+
+       return 0;
+}
+
+/*
+ * This is in seconds, certain TPM commands, like key generation, can take
+ * long time to complete.
+ *
+ * Returns one to indicate success, zero (not yet implemented) to indicate
+ * failure.
+ */
+#define MAX_STATUS_TIMEOUT 120
+static int wait_for_status(uint32_t status_mask, uint32_t status_expected)
+{
+       uint32_t status;
+       struct stopwatch sw;
+
+       stopwatch_init_usecs_expire(&sw, MAX_STATUS_TIMEOUT * 1000 * 1000);
+       do {
+               udelay(1000);
+               if (stopwatch_expired(&sw)) {
+                       printf("failed to get expected status %x\n",
+                              status_expected);
+                       return false;
+               }
+               read_tpm_sts(&status);
+       } while ((status & status_mask) != status_expected);
+
+       return 1;
+}
+
+enum fifo_transfer_direction {
+       fifo_transmit = 0,
+       fifo_receive = 1
+};
+
+/* Union allows to avoid casting away 'const' on transmit buffers. */
+union fifo_transfer_buffer {
+       uint8_t *rx_buffer;
+       const uint8_t *tx_buffer;
+};
+
+/*
+ * Transfer requested number of bytes to or from TPM FIFO, accounting for the
+ * current burst count value.
+ */
+static void fifo_transfer(size_t transfer_size,
+                         union fifo_transfer_buffer buffer,
+                         enum fifo_transfer_direction direction)
+{
+       size_t transaction_size;
+       size_t burst_count;
+       size_t handled_so_far = 0;
+
+       do {
+               do {
+                       /* Could be zero when TPM is busy. */
+                       burst_count = get_burst_count();
+               } while (!burst_count);
+
+               transaction_size = transfer_size - handled_so_far;
+               transaction_size = MIN(transaction_size, burst_count);
+
+               /*
+                * The SPI frame header does not allow to pass more than 64
+                * bytes.
+                */
+               transaction_size = MIN(transaction_size, 64);
+
+               if (direction == fifo_receive)
+                       tpm2_read_reg(TPM_DATA_FIFO_REG,
+                                     buffer.rx_buffer + handled_so_far,
+                                     transaction_size);
+               else
+                       tpm2_write_reg(TPM_DATA_FIFO_REG,
+                                      buffer.tx_buffer + handled_so_far,
+                                      transaction_size);
+
+               handled_so_far += transaction_size;
+
+       } while (handled_so_far != transfer_size);
+}
+
+static size_t tpm2_process_command(const void *tpm2_command,
+                                  size_t command_size,
+                                  void *tpm2_response,
+                                  size_t max_response)
+{
+       uint32_t status;
+       uint32_t expected_status_bits;
+       size_t payload_size;
+       size_t bytes_to_go;
+       const uint8_t *cmd_body = tpm2_command;
+       uint8_t *rsp_body = tpm2_response;
+       union fifo_transfer_buffer fifo_buffer;
+       const int HEADER_SIZE = 6;
+
+       /* Skip the two byte tag, read the size field. */
+       payload_size = read_be32(cmd_body + 2);
+
+       /* Sanity check. */
+       if (payload_size != command_size) {
+               printf("Command size mismatch: encoded %zd != requested %zd\n",
+                      payload_size, command_size);
+               trace_dump("W", TPM_DATA_FIFO_REG, command_size, cmd_body, 1);
+               printf("\n");
+               return 0;
+       }
+
+       /* Let the TPM know that the command is coming. */
+       write_tpm_sts(command_ready);
+
+       /*
+        * Tpm commands and responses written to and read from the FIFO
+        * register (0x24) are datagrams of variable size, prepended by a 6
+        * byte header.
+        *
+        * The specification description of the state machine is a bit vague,
+        * but from experience it looks like there is no need to wait for the
+        * sts.expect bit to be set, at least with the 9670 and cr50 devices.
+        * Just write the command into FIFO, making sure not to exceed the
+        * burst count or the maximum PDU size, whatever is smaller.
+        */
+       fifo_buffer.tx_buffer = cmd_body;
+       fifo_transfer(command_size, fifo_buffer, fifo_transmit);
+
+       /* Now tell the TPM it can start processing the command. */
+       write_tpm_sts(tpm_go);
+
+       /* Now wait for it to report that the response is ready. */
+       expected_status_bits = sts_valid | data_avail;
+       if (!wait_for_status(expected_status_bits, expected_status_bits)) {
+               /*
+                * If timed out, which should never happen, let's at least
+                * print out the offending command.
+                */
+               trace_dump("W", TPM_DATA_FIFO_REG, command_size, cmd_body, 1);
+               printf("\n");
+               return 0;
+       }
+
+       /*
+        * The response is ready, let's read it. First we read the FIFO
+        * payload header, to see how much data to expect. The response header
+        * size is fixed to six bytes, the total payload size is stored in
+        * network order in the last four bytes.
+        */
+       tpm2_read_reg(TPM_DATA_FIFO_REG, rsp_body, HEADER_SIZE);
+
+       /* Find out the total payload size, skipping the two byte tag. */
+       payload_size = read_be32(rsp_body + 2);
+
+       if (payload_size > max_response) {
+               /*
+                * TODO(vbendeb): at least drain the FIFO here or somehow let
+                * the TPM know that the response can be dropped.
+                */
+               printf(" tpm response too long (%zd bytes)",
+                      payload_size);
+               return 0;
+       }
+
+       /*
+        * Now let's read all but the last byte in the FIFO to make sure the
+        * status register is showing correct flow control bits: 'more data'
+        * until the last byte and then 'no more data' once the last byte is
+        * read.
+        */
+       bytes_to_go = payload_size - 1 - HEADER_SIZE;
+       fifo_buffer.rx_buffer = rsp_body + HEADER_SIZE;
+       fifo_transfer(bytes_to_go, fifo_buffer, fifo_receive);
+
+       /* Verify that there is still data to read. */
+       read_tpm_sts(&status);
+       if ((status & expected_status_bits) != expected_status_bits) {
+               printf("unexpected intermediate status %#x\n",
+                      status);
+               return 0;
+       }
+
+       /* Read the last byte of the PDU. */
+       tpm2_read_reg(TPM_DATA_FIFO_REG, rsp_body + payload_size - 1, 1);
+
+       /* Terminate the dump, if enabled. */
+       if (debug_level_)
+               printf("\n");
+
+       /* Verify that 'data available' is not asseretd any more. */
+       read_tpm_sts(&status);
+       if ((status & expected_status_bits) != sts_valid) {
+               printf("unexpected final status %#x\n", status);
+               return 0;
+       }
+
+       /* Move the TPM back to idle state. */
+       write_tpm_sts(command_ready);
+
+       return payload_size;
+}
+
+/*********************************************************/
+/* Depthcharge interface to the coreboot SPI TPM driver. */
+
+static int tpm_initialized;
+static int tpm_cleanup(CleanupFunc *cleanup, CleanupType type)
+{
+       printf("%s: add release locality here.\n", __func__);
+       return 0;
+}
+
+static int xmit_wrapper(struct TpmOps *me,
+                       const uint8_t *sendbuf,
+                       size_t send_size,
+                       uint8_t *recvbuf,
+                       size_t *recv_len)
+{
+       size_t response_size;
+       SpiTpm *tpm = container_of(me, SpiTpm, ops);
+
+       if (!tpm_initialized) {
+               if (tpm2_init(tpm->bus))
+                       return -1;
+
+               list_insert_after(&spi_tpm.cleanup.list_node, &cleanup_funcs);
+               tpm_initialized = 1;
+       }
+
+       response_size = tpm2_process_command(sendbuf,
+                                            send_size, recvbuf, *recv_len);
+       if (response_size) {
+               *recv_len = response_size;
+               return 0;
+       }
+
+       return -1;
+}
+
+SpiTpm *new_tpm_spi(SpiOps *bus)
+{
+       spi_tpm.ops.xmit = xmit_wrapper;
+       spi_tpm.bus = bus;
+       spi_tpm.cleanup.cleanup = tpm_cleanup;
+       spi_tpm.cleanup.types = CleanupOnReboot | CleanupOnPowerOff |
+               CleanupOnHandoff | CleanupOnLegacy;
+       return &spi_tpm;
+}
diff --git a/src/drivers/tpm/spi.h b/src/drivers/tpm/spi.h
new file mode 100644 (file)
index 0000000..bfefbf1
--- /dev/null
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2016 Google Inc.
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __SRC_DRIVERS_TPM_TPM_SPI_H
+#define __SRC_DRIVERS_TPM_TPM_SPI_H
+
+#include <base/cleanup_funcs.h>
+#include <drivers/bus/spi/spi.h>
+#include <drivers/tpm/tpm.h>
+
+// Supported TPM device types.
+typedef enum {
+       CR50_TPM,
+       UNKNOWN_SPI_TPM,  // This would trigger default behavior.
+} SpiTpmType;
+
+typedef struct
+{
+       TpmOps ops;
+       SpiOps *bus;
+       CleanupFunc cleanup;
+       SpiTpmType chip_type;
+} SpiTpm;
+
+SpiTpm *new_tpm_spi(SpiOps *bus);
+
+#endif // __SRC_DRIVERS_TPM_TPM_SPI_H