VirtualBox

About
Screenshots
Downloads
Documentation
End-user docs
Technical docs
Contribute
Community

Browse Source

Context Navigation

source: vbox/trunk/src/VBox/Devices/Security/DevTpm.cpp@ 102995

Last change on this file since 102995 was 102995, checked in by vboxsync, 4 months ago
Devices/Security/DevTpm: Addendum for r161223, need to keep the version distinction in the interface ID register so Windows 11 detects the TPM
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 77.5 KB

Line
1	/* $Id: DevTpm.cpp 102995 2024-01-23 07:54:57Z vboxsync $ */
2	/** @file
3	* DevTpm - Trusted Platform Module emulation.
4	*
5	* This emulation is based on the spec available under (as of 2021-08-02):
6	* https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf
7	*/
8
9	/*
10	* Copyright (C) 2021-2023 Oracle and/or its affiliates.
11	*
12	* This file is part of VirtualBox base platform packages, as
13	* available from https://www.virtualbox.org.
14	*
15	* This program is free software; you can redistribute it and/or
16	* modify it under the terms of the GNU General Public License
17	* as published by the Free Software Foundation, in version 3 of the
18	* License.
19	*
20	* This program is distributed in the hope that it will be useful, but
21	* WITHOUT ANY WARRANTY; without even the implied warranty of
22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23	* General Public License for more details.
24	*
25	* You should have received a copy of the GNU General Public License
26	* along with this program; if not, see <https://www.gnu.org/licenses>.
27	*
28	* SPDX-License-Identifier: GPL-3.0-only
29	*/
30
31
32	/*********************************************************************************************************************************
33	* Header Files *
34	*********************************************************************************************************************************/
35	#define LOG_GROUP LOG_GROUP_DEV_TPM
36	#include <VBox/vmm/pdmdev.h>
37	#include <VBox/vmm/pdmtpmifs.h>
38	#include <iprt/assert.h>
39	#include <iprt/string.h>
40	#include <iprt/uuid.h>
41
42	#include <iprt/formats/tpm.h>
43
44	#include "VBoxDD.h"
45
46
47	/*********************************************************************************************************************************
48	* Defined Constants And Macros *
49	*********************************************************************************************************************************/
50
51	/** The TPM saved state version. */
52	#define TPM_SAVED_STATE_VERSION 1
53
54	/** Default vendor ID. */
55	#define TPM_VID_DEFAULT 0x1014
56	/** Default device ID. */
57	#define TPM_DID_DEFAULT 0x0001
58	/** Default revision ID. */
59	#define TPM_RID_DEFAULT 0x01
60	/** Maximum size of the data buffer in bytes. */
61	#define TPM_DATA_BUFFER_SIZE_MAX 3968
62
63	/** The TPM MMIO base default as defined in chapter 5.2. */
64	#define TPM_MMIO_BASE_DEFAULT 0xfed40000
65	/** The size of the TPM MMIO area. */
66	#define TPM_MMIO_SIZE 0x5000
67
68	/** Number of localities as mandated by the TPM spec. */
69	#define TPM_LOCALITY_COUNT 5
70	/** Size of each locality in the TPM MMIO area (chapter 6.5.2).*/
71	#define TPM_LOCALITY_MMIO_SIZE 0x1000
72
73	/** @name TPM locality register related defines for the FIFO interface.
74	* @{ */
75	/** Ownership management for a particular locality. */
76	#define TPM_FIFO_LOCALITY_REG_ACCESS 0x00
77	/** Indicates whether a dynamic OS has been established on this platform before.. */
78	# define TPM_FIFO_LOCALITY_REG_ACCESS_ESTABLISHMENT RT_BIT(0)
79	/** On reads indicates whether the locality requests use of the TPM (1) or not or is already active locality (0),
80	* writing a 1 requests the locality to be granted getting the active locality.. */
81	# define TPM_FIFO_LOCALITY_REG_ACCESS_REQUEST_USE RT_BIT(1)
82	/** Indicates whether another locality is requesting usage of the TPM. */
83	# define TPM_FIFO_LOCALITY_REG_ACCESS_PENDING_REQUEST RT_BIT(2)
84	/** Writing a 1 forces the TPM to give control to the locality if it has a higher priority. */
85	# define TPM_FIFO_LOCALITY_REG_ACCESS_SEIZE RT_BIT(3)
86	/** On reads indicates whether this locality has been seized by a higher locality (1) or not (0), writing a 1 clears this bit. */
87	# define TPM_FIFO_LOCALITY_REG_ACCESS_BEEN_SEIZED RT_BIT(4)
88	/** On reads indicates whether this locality is active (1) or not (0), writing a 1 relinquishes control for this locality. */
89	# define TPM_FIFO_LOCALITY_REG_ACCESS_ACTIVE RT_BIT(5)
90	/** Set bit indicates whether all other bits in this register have valid data. */
91	# define TPM_FIFO_LOCALITY_REG_ACCESS_VALID RT_BIT(7)
92	/** Writable mask. */
93	# define TPM_FIFO_LOCALITY_REG_ACCESS_WR_MASK 0x3a
94
95	/** Interrupt enable register. */
96	#define TPM_FIFO_LOCALITY_REG_INT_ENABLE 0x08
97	/** Data available interrupt enable bit. */
98	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_DATA_AVAIL RT_BIT_32(0)
99	/** Status valid interrupt enable bit. */
100	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_STS_VALID RT_BIT_32(1)
101	/** Locality change interrupt enable bit. */
102	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_LOCALITY_CHANGE RT_BIT_32(2)
103	/** Interrupt polarity configuration. */
104	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_MASK 0x18
105	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_SHIFT 3
106	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_INT_POLARITY_SHIFT)
107	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_GET(a) (((a) & TPM_FIFO_LOCALITY_REG_INT_POLARITY_MASK) >> TPM_FIFO_LOCALITY_REG_INT_POLARITY_SHIFT)
108	/** High level interrupt trigger. */
109	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_HIGH 0
110	/** Low level interrupt trigger. */
111	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_LOW 1
112	/** Rising edge interrupt trigger. */
113	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_RISING 2
114	/** Falling edge interrupt trigger. */
115	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_POLARITY_FALLING 3
116	/** Command ready enable bit. */
117	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_CMD_RDY RT_BIT_32(7)
118	/** Global interrupt enable/disable bit. */
119	# define TPM_FIFO_LOCALITY_REG_INT_ENABLE_GLOBAL RT_BIT_32(31)
120
121	/** Configured interrupt vector register. */
122	#define TPM_FIFO_LOCALITY_REG_INT_VEC 0x0c
123
124	/** Interrupt status register. */
125	#define TPM_FIFO_LOCALITY_REG_INT_STS 0x10
126	/** Data available interrupt occured bit, writing a 1 clears the bit. */
127	# define TPM_FIFO_LOCALITY_REG_INT_STS_DATA_AVAIL RT_BIT_32(0)
128	/** Status valid interrupt occured bit, writing a 1 clears the bit. */
129	# define TPM_FIFO_LOCALITY_REG_INT_STS_STS_VALID RT_BIT_32(1)
130	/** Locality change interrupt occured bit, writing a 1 clears the bit. */
131	# define TPM_FIFO_LOCALITY_REG_INT_STS_LOCALITY_CHANGE RT_BIT_32(2)
132	/** Command ready occured bit, writing a 1 clears the bit. */
133	# define TPM_FIFO_LOCALITY_REG_INT_STS_CMD_RDY RT_BIT_32(7)
134	/** Writable mask. */
135	# define TPM_FIFO_LOCALITY_REG_INT_STS_WR_MASK UINT32_C(0x87)
136
137	/** Interfacce capabilities register. */
138	#define TPM_FIFO_LOCALITY_REG_IF_CAP 0x14
139	/** Flag whether the TPM supports the data avilable interrupt. */
140	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_DATA_AVAIL RT_BIT(0)
141	/** Flag whether the TPM supports the status valid interrupt. */
142	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_STS_VALID RT_BIT(1)
143	/** Flag whether the TPM supports the data avilable interrupt. */
144	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_LOCALITY_CHANGE RT_BIT(2)
145	/** Flag whether the TPM supports high level interrupts. */
146	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_LVL_HIGH RT_BIT(3)
147	/** Flag whether the TPM supports low level interrupts. */
148	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_LVL_LOW RT_BIT(4)
149	/** Flag whether the TPM supports rising edge interrupts. */
150	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_RISING_EDGE RT_BIT(5)
151	/** Flag whether the TPM supports falling edge interrupts. */
152	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_FALLING_EDGE RT_BIT(6)
153	/** Flag whether the TPM supports the command ready interrupt. */
154	# define TPM_FIFO_LOCALITY_REG_IF_CAP_INT_CMD_RDY RT_BIT(7)
155	/** Flag whether the busrt count field is static or dynamic. */
156	# define TPM_FIFO_LOCALITY_REG_IF_CAP_BURST_CNT_STATIC RT_BIT(8)
157	/** Maximum transfer size support. */
158	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_MASK 0x600
159	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_SHIFT 9
160	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_SHIFT)
161	/** Only legacy transfers supported. */
162	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_LEGACY 0x0
163	/** 8B maximum transfer size. */
164	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_8B 0x1
165	/** 32B maximum transfer size. */
166	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_32B 0x2
167	/** 64B maximum transfer size. */
168	# define TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_64B 0x3
169	/** Interface version. */
170	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_MASK UINT32_C(0x70000000)
171	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_SHIFT 28
172	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_SHIFT)
173	/** Interface 1.21 or ealier. */
174	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_IF_1_21 0
175	/** Interface 1.3. */
176	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_IF_1_3 2
177	/** Interface 1.3 for TPM 2.0. */
178	# define TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_IF_1_3_TPM2 3
179
180	/** TPM status register. */
181	#define TPM_FIFO_LOCALITY_REG_STS 0x18
182	/** Writing a 1 forces the TPM to re-send the response. */
183	# define TPM_FIFO_LOCALITY_REG_STS_RESPONSE_RETRY RT_BIT_32(1)
184	/** Indicating whether the TPM has finished a self test. */
185	# define TPM_FIFO_LOCALITY_REG_STS_SELF_TEST_DONE RT_BIT_32(2)
186	/** Flag indicating whether the TPM expects more data for the command. */
187	# define TPM_FIFO_LOCALITY_REG_STS_EXPECT RT_BIT_32(3)
188	/** Flag indicating whether the TPM has more response data available. */
189	# define TPM_FIFO_LOCALITY_REG_STS_DATA_AVAIL RT_BIT_32(4)
190	/** Written by software to cause the TPM to execute a previously transfered command. */
191	# define TPM_FIFO_LOCALITY_REG_STS_TPM_GO RT_BIT_32(5)
192	/** On reads indicates whether the TPM is ready to receive a new command (1) or not (0),
193	* a write of 1 causes the TPM to transition to this state. */
194	# define TPM_FIFO_LOCALITY_REG_STS_CMD_RDY RT_BIT_32(6)
195	/** Indicates whether the Expect and data available bits are valid. */
196	# define TPM_FIFO_LOCALITY_REG_STS_VALID RT_BIT_32(7)
197	/** Sets the burst count. */
198	# define TPM_FIFO_LOCALITY_REG_STS_BURST_CNT_MASK UINT32_C(0xffff00)
199	# define TPM_FIFO_LOCALITY_REG_STS_BURST_CNT_SHIFT UINT32_C(8)
200	# define TPM_FIFO_LOCALITY_REG_STS_BURST_CNT_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_STS_BURST_CNT_SHIFT)
201	/** Cancels the active command. */
202	# define TPM_FIFO_LOCALITY_REG_STS_CMD_CANCEL RT_BIT_32(24)
203	/** Reset establishment bit. */
204	# define TPM_FIFO_LOCALITY_REG_STS_RST_ESTABLISHMENT RT_BIT_32(25)
205	/** Sets the TPM family. */
206	# define TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_MASK UINT32_C(0x0c000000)
207	# define TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_SHIFT UINT32_C(26)
208	# define TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_SHIFT)
209	# define TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_1_2 UINT32_C(0)
210	# define TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_2_0 UINT32_C(1)
211
212
213	/** TPM end of HASH operation signal register for locality 4. */
214	#define TPM_FIFO_LOCALITY_REG_HASH_END 0x20
215	/** Data FIFO read/write register. */
216	#define TPM_FIFO_LOCALITY_REG_DATA_FIFO 0x24
217	/** TPM start of HASH operation signal register for locality 4. */
218	#define TPM_FIFO_LOCALITY_REG_HASH_START 0x28
219
220	/** Locality interface ID register. */
221	#define TPM_FIFO_LOCALITY_REG_INTF_ID 0x30
222	/** Interface type field. */
223	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_MASK UINT32_C(0xf)
224	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_SHIFT 0
225	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_SHIFT)
226	/** FIFO interface as defined in PTP for TPM 2.0 is active. */
227	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_FIFO_TPM20 0x0
228	/** CRB interface is active. */
229	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_CRB 0x1
230	/** FIFO interface as defined in TIS 1.3 is active. */
231	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_TIS1_3 0xf
232	/** Interface type field. */
233	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_MASK UINT32_C(0xf)
234	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_SHIFT 4
235	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_SHIFT)
236	/** FIFO interface for TPM 2.0 */
237	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_FIFO 0
238	/** CRB interface version 0. */
239	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_CRB 1
240	/** Only locality 0 is supported when clear, set if 5 localities are supported. */
241	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_LOCALITY RT_BIT(8)
242	/** Maximum transfer size support. */
243	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_MASK 0x1800
244	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SHIFT 11
245	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SHIFT)
246	/** Only legacy transfers supported. */
247	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_LEGACY 0x0
248	/** 8B maximum transfer size. */
249	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_8B 0x1
250	/** 32B maximum transfer size. */
251	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_32B 0x2
252	/** 64B maximum transfer size. */
253	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_64B 0x3
254	/** FIFO interface is supported and may be selected. */
255	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_FIFO RT_BIT(13)
256	/** CRB interface is supported and may be selected. */
257	# define TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_CRB RT_BIT(14)
258	/** Interrupt polarity configuration. */
259	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_MASK 0x60000
260	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT 17
261	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_SET(a) ((a) << TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT)
262	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_GET(a) (((a) & TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_MASK) >> TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT)
263	/** Selects the FIFO interface, takes effect on next _TPM_INIT. */
264	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_FIFO 0
265	/** Selects the CRB interface, takes effect on next _TPM_INIT. */
266	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_CRB 1
267	/** Locks the interface selector field and prevents further changes. */
268	# define TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_LOCK RT_BIT(19)
269
270
271	/** Extended data FIFO read/write register. */
272	#define TPM_FIFO_LOCALITY_REG_XDATA_FIFO 0x80
273	/** TPM device and vendor ID. */
274	#define TPM_FIFO_LOCALITY_REG_DID_VID 0xf00
275	/** TPM revision ID. */
276	#define TPM_FIFO_LOCALITY_REG_RID 0xf04
277	/** @} */
278
279
280	/** @name TPM locality register related defines for the CRB interface.
281	* @{ */
282	/** Locality state register. */
283	#define TPM_CRB_LOCALITY_REG_STATE 0x00
284	/** Indicates whether a dynamic OS has been established on this platform before.. */
285	# define TPM_CRB_LOCALITY_REG_ESTABLISHMENT RT_BIT(0)
286	/** Flag whether the host has a locality assigned (1) or not (0). */
287	# define TPM_CRB_LOCALITY_REG_STATE_LOC_ASSIGNED RT_BIT(1)
288	/** Indicates the currently active locality. */
289	# define TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_MASK UINT32_C(0x1c)
290	# define TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_SHIFT 2
291	# define TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_SET(a) ((a) << TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_SHIFT)
292	/** Flag whether the register contains valid values. */
293	# define TPM_CRB_LOCALITY_REG_STATE_VALID RT_BIT(7)
294
295	/** Locality control register. */
296	#define TPM_CRB_LOCALITY_REG_CTRL 0x08
297	/** Request TPM access from this locality. */
298	# define TPM_CRB_LOCALITY_REG_CTRL_REQ_ACCESS RT_BIT(0)
299	/** Release TPM access from this locality. */
300	# define TPM_CRB_LOCALITY_REG_CTRL_RELINQUISH RT_BIT(1)
301	/** Seize TPM access in favor of this locality if it has a higher priority. */
302	# define TPM_CRB_LOCALITY_REG_CTRL_SEIZE RT_BIT(2)
303	/** Resets the established bit if written from locality 3 or 4. */
304	# define TPM_CRB_LOCALITY_REG_CTRL_RST_ESTABLISHMENT RT_BIT(3)
305
306	/** Locality status register. */
307	#define TPM_CRB_LOCALITY_REG_STS 0x0c
308	/** Locality has been granted access to the TPM. */
309	# define TPM_CRB_LOCALITY_REG_STS_GRANTED RT_BIT(0)
310	/** A higher locality has seized the TPM from this locality. */
311	# define TPM_CRB_LOCALITY_REG_STS_SEIZED RT_BIT(1)
312
313	/** Locality interface ID register. */
314	#define TPM_CRB_LOCALITY_REG_INTF_ID 0x30
315	/** Interface type field. */
316	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_MASK UINT32_C(0xf)
317	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_SHIFT 0
318	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_SET(a) ((a) << TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_SHIFT)
319	/** FIFO interface as defined in PTP for TPM 2.0 is active. */
320	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_FIFO_TPM20 0x0
321	/** CRB interface is active. */
322	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_CRB 0x1
323	/** FIFO interface as defined in TIS 1.3 is active. */
324	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_TIS1_3 0xf
325	/** Interface type field. */
326	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_MASK UINT32_C(0xf)
327	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_SHIFT 4
328	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_SET(a) ((a) << TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_SHIFT)
329	/** FIFO interface for TPM 2.0 */
330	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_FIFO 0
331	/** CRB interface version 0. */
332	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_CRB 1
333	/** Only locality 0 is supported when clear, set if 5 localities are supported. */
334	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_LOCALITY RT_BIT(8)
335	/** @todo TPM supports ... */
336	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_CRB_IDLE_BYPASS RT_BIT(9)
337	/** Maximum transfer size support. */
338	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_MASK 0x1800
339	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SHIFT 11
340	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SET(a) ((a) << TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SHIFT)
341	/** Only legacy transfers supported. */
342	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_LEGACY 0x0
343	/** 8B maximum transfer size. */
344	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_8B 0x1
345	/** 32B maximum transfer size. */
346	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_32B 0x2
347	/** 64B maximum transfer size. */
348	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_64B 0x3
349	/** FIFO interface is supported and may be selected. */
350	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_FIFO RT_BIT(13)
351	/** CRB interface is supported and may be selected. */
352	# define TPM_CRB_LOCALITY_REG_INTF_ID_CAP_CRB RT_BIT(14)
353	/** Interrupt polarity configuration. */
354	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_MASK 0x60000
355	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT 17
356	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_SET(a) ((a) << TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT)
357	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_GET(a) (((a) & TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_MASK) >> TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_SHIFT)
358	/** Selects the FIFO interface, takes effect on next _TPM_INIT. */
359	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_FIFO 0
360	/** Selects the CRB interface, takes effect on next _TPM_INIT. */
361	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_CRB 1
362	/** Locks the interface selector field and prevents further changes. */
363	# define TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_LOCK RT_BIT(19)
364	/** Revision ID field. */
365	# define TPM_CRB_LOCALITY_REG_INTF_ID_RID_SHIFT 17
366	# define TPM_CRB_LOCALITY_REG_INTF_ID_RID_SET(a) ((uint64_t)(a) << TPM_CRB_LOCALITY_REG_INTF_ID_RID_SHIFT)
367	/** Vendor ID field. */
368	# define TPM_CRB_LOCALITY_REG_INTF_ID_VID_SHIFT 32
369	# define TPM_CRB_LOCALITY_REG_INTF_ID_VID_SET(a) ((uint64_t)(a) << TPM_CRB_LOCALITY_REG_INTF_ID_VID_SHIFT)
370	/** Device ID field. */
371	# define TPM_CRB_LOCALITY_REG_INTF_ID_DID_SHIFT 48
372	# define TPM_CRB_LOCALITY_REG_INTF_ID_DID_SET(a) ((uint64_t)(a) << TPM_CRB_LOCALITY_REG_INTF_ID_DID_SHIFT)
373
374	/** Locality CRB extension register (optional and locality 0 only). */
375	#define TPM_CRB_LOCALITY_REG_CTRL_EXT 0x38
376
377	/** Locality CRB request register. */
378	#define TPM_CRB_LOCALITY_REG_CTRL_REQ 0x40
379	/** The TPM should transition to the ready state to receive a new command. */
380	# define TPM_CRB_LOCALITY_REG_CTRL_REQ_CMD_RDY RT_BIT(0)
381	/** The TPM should transition to the idle state. */
382	# define TPM_CRB_LOCALITY_REG_CTRL_REQ_IDLE RT_BIT(1)
383
384	/** Locality CRB status register. */
385	#define TPM_CRB_LOCALITY_REG_CTRL_STS 0x44
386	/** This bit indicates that the TPM ran into a fatal error if set. */
387	# define TPM_CRB_LOCALITY_REG_CTRL_STS_TPM_FATAL_ERR RT_BIT(0)
388	/** This bit indicates that the TPM is in the idle state. */
389	# define TPM_CRB_LOCALITY_REG_CTRL_STS_TPM_IDLE RT_BIT(1)
390
391	/** Locality CRB cancel register. */
392	#define TPM_CRB_LOCALITY_REG_CTRL_CANCEL 0x48
393	/** Locality CRB start register. */
394	#define TPM_CRB_LOCALITY_REG_CTRL_START 0x4c
395
396	/** Locality interrupt enable register. */
397	#define TPM_CRB_LOCALITY_REG_INT_ENABLE 0x50
398	/** Enable the "TPM has executed a reqeust and response is available" interrupt. */
399	# define TPM_CRB_LOCALITY_REG_INT_ENABLE_START RT_BIT(0)
400	/** Enable the "TPM has transitioned to the command ready state" interrupt. */
401	# define TPM_CRB_LOCALITY_REG_INT_CMD_RDY RT_BIT(1)
402	/** Enable the "TPM has cleared the establishment flag" interrupt. */
403	# define TPM_CRB_LOCALITY_REG_INT_ESTABLISHMENT_CLR RT_BIT(2)
404	/** Enable the "active locality has changed" interrupt. */
405	# define TPM_CRB_LOCALITY_REG_INT_LOC_CHANGED RT_BIT(3)
406	/** Enables interrupts globally as defined by the individual bits in this register. */
407	# define TPM_CRB_LOCALITY_REG_INT_GLOBAL_ENABLE RT_BIT(31)
408
409	/** Locality interrupt status register. */
410	#define TPM_CRB_LOCALITY_REG_INT_STS 0x54
411	/** Indicates that the TPM as executed a command and the response is available for reading, writing a 1 clears the bit. */
412	# define TPM_CRB_LOCALITY_REG_INT_STS_START RT_BIT(0)
413	/** Indicates that the TPM has finished the transition to the ready state, writing a 1 clears this bit. */
414	# define TPM_CRB_LOCALITY_REG_INT_STS_CMD_RDY RT_BIT(1)
415	/** Indicates that the TPM has cleared the establishment flag, writing a 1 clears this bit. */
416	# define TPM_CRB_LOCALITY_REG_INT_STS_ESTABLISHMENT_CLR RT_BIT(2)
417	/** Indicates that a locality change has occurrec, writing a 1 clears this bit. */
418	# define TPM_CRB_LOCALITY_REG_INT_STS_LOC_CHANGED RT_BIT(3)
419
420	/** Locality command buffer size register. */
421	#define TPM_CRB_LOCALITY_REG_CTRL_CMD_SZ 0x58
422	/** Locality command buffer low address register. */
423	#define TPM_CRB_LOCALITY_REG_CTRL_CMD_LADDR 0x5c
424	/** Locality command buffer low address register. */
425	#define TPM_CRB_LOCALITY_REG_CTRL_CMD_HADDR 0x60
426	/** Locality response buffer size register. */
427	#define TPM_CRB_LOCALITY_REG_CTRL_RSP_SZ 0x64
428	/** Locality response buffer address register. */
429	#define TPM_CRB_LOCALITY_REG_CTRL_RSP_ADDR 0x68
430	/** Locality data buffer. */
431	#define TPM_CRB_LOCALITY_REG_DATA_BUFFER 0x80
432	/** @} */
433
434
435	/*********************************************************************************************************************************
436	* Structures and Typedefs *
437	*********************************************************************************************************************************/
438
439	/**
440	* Possible TPM states
441	* (see chapter 5.6.12.1 Figure 3 State Transition Diagram).
442	*/
443	typedef enum DEVTPMSTATE
444	{
445	/** Invalid state, do not use. */
446	DEVTPMSTATE_INVALID = 0,
447	/** Idle state. */
448	DEVTPMSTATE_IDLE,
449	/** Ready to accept command data. */
450	DEVTPMSTATE_READY,
451	/** Command data being transfered. */
452	DEVTPMSTATE_CMD_RECEPTION,
453	/** Command is being executed by the TPM. */
454	DEVTPMSTATE_CMD_EXEC,
455	/** Command has completed and data can be read. */
456	DEVTPMSTATE_CMD_COMPLETION,
457	/** Command is being canceled. */
458	DEVTPMSTATE_CMD_CANCEL,
459	/** TPM ran into a fatal error and is not operational. */
460	DEVTPMSTATE_FATAL_ERROR,
461	/** Last valid state (used for saved state sanity check). */
462	DEVTPMSTATE_LAST_VALID = DEVTPMSTATE_FATAL_ERROR,
463	/** 32bit hack. */
464	DEVTPMSTATE_32BIT_HACK = 0x7fffffff
465	} DEVTPMSTATE;
466
467
468	/**
469	* Locality state.
470	*/
471	typedef struct DEVTPMLOCALITY
472	{
473	/** The interrupt enable register. */
474	uint32_t uRegIntEn;
475	/** The interrupt status register. */
476	uint32_t uRegIntSts;
477	} DEVTPMLOCALITY;
478	/** Pointer to a locality state. */
479	typedef DEVTPMLOCALITY *PDEVTPMLOCALITY;
480	/** Pointer to a const locality state. */
481	typedef const DEVTPMLOCALITY *PCDEVTPMLOCALITY;
482
483
484	/**
485	* Shared TPM device state.
486	*/
487	typedef struct DEVTPM
488	{
489	/** Base MMIO address of the TPM device. */
490	RTGCPHYS GCPhysMmio;
491	/** The handle of the MMIO region. */
492	IOMMMIOHANDLE hMmio;
493	/** The handle for the ring-3 task. */
494	PDMTASKHANDLE hTpmCmdTask;
495	/** The vendor ID configured. */
496	uint16_t uVenId;
497	/** The device ID configured. */
498	uint16_t uDevId;
499	/** The revision ID configured. */
500	uint8_t bRevId;
501	/** The IRQ value. */
502	uint8_t uIrq;
503	/** Flag whether CRB access mode is used. */
504	bool fCrb;
505	/** Flag whether the TPM driver below supportes other localities than 0. */
506	bool fLocChangeSup;
507	/** Flag whether the establishment bit is set. */
508	bool fEstablishmentSet;
509
510	/** Currently selected locality. */
511	uint8_t bLoc;
512	/** States of the implemented localities. */
513	DEVTPMLOCALITY aLoc[TPM_LOCALITY_COUNT];
514	/** Bitmask of localities having requested access to the TPM. */
515	uint32_t bmLocReqAcc;
516	/** Bitmask of localities having been seized access from the TPM. */
517	uint32_t bmLocSeizedAcc;
518	/** The current state of the TPM. */
519	DEVTPMSTATE enmState;
520	/** The TPM version being emulated. */
521	TPMVERSION enmTpmVers;
522
523	/** Size of the command/response buffer. */
524	uint32_t cbCmdResp;
525	/** Offset into the Command/Response buffer. */
526	uint32_t offCmdResp;
527	/** Command/Response buffer. */
528	uint8_t abCmdResp[TPM_DATA_BUFFER_SIZE_MAX];
529	} DEVTPM;
530	/** Pointer to the shared TPM device state. */
531	typedef DEVTPM *PDEVTPM;
532
533	/** The special no current locality selected value. */
534	#define TPM_NO_LOCALITY_SELECTED 0xff
535
536
537	/**
538	* TPM device state for ring-3.
539	*/
540	typedef struct DEVTPMR3
541	{
542	/** Pointer to the device instance. */
543	PPDMDEVINS pDevIns;
544	/** The base interface for LUN\#0. */
545	PDMIBASE IBase;
546	/** The base interface below. */
547	R3PTRTYPE(PPDMIBASE) pDrvBase;
548	/** The TPM connector interface below. */
549	R3PTRTYPE(PPDMITPMCONNECTOR) pDrvTpm;
550	} DEVTPMR3;
551	/** Pointer to the TPM device state for ring-3. */
552	typedef DEVTPMR3 *PDEVTPMR3;
553
554
555	/**
556	* TPM device state for ring-0.
557	*/
558	typedef struct DEVTPMR0
559	{
560	uint32_t u32Dummy;
561	} DEVTPMR0;
562	/** Pointer to the TPM device state for ring-0. */
563	typedef DEVTPMR0 *PDEVTPMR0;
564
565
566	/**
567	* TPM device state for raw-mode.
568	*/
569	typedef struct DEVTPMRC
570	{
571	uint32_t u32Dummy;
572	} DEVTPMRC;
573	/** Pointer to the TPM device state for raw-mode. */
574	typedef DEVTPMRC *PDEVTPMRC;
575
576	/** The TPM device state for the current context. */
577	typedef CTX_SUFF(DEVTPM) DEVTPMCC;
578	/** Pointer to the TPM device state for the current context. */
579	typedef CTX_SUFF(PDEVTPM) PDEVTPMCC;
580
581
582	#ifndef VBOX_DEVICE_STRUCT_TESTCASE
583
584
585	/*********************************************************************************************************************************
586	* Global Variables *
587	*********************************************************************************************************************************/
588	#ifdef IN_RING3
589	/**
590	* SSM descriptor table for the TPM structure.
591	*/
592	static SSMFIELD const g_aTpmFields[] =
593	{
594	SSMFIELD_ENTRY(DEVTPM, fEstablishmentSet),
595	SSMFIELD_ENTRY(DEVTPM, bLoc),
596	SSMFIELD_ENTRY(DEVTPM, aLoc[0].uRegIntEn),
597	SSMFIELD_ENTRY(DEVTPM, aLoc[0].uRegIntSts),
598	SSMFIELD_ENTRY(DEVTPM, aLoc[1].uRegIntEn),
599	SSMFIELD_ENTRY(DEVTPM, aLoc[1].uRegIntSts),
600	SSMFIELD_ENTRY(DEVTPM, aLoc[2].uRegIntEn),
601	SSMFIELD_ENTRY(DEVTPM, aLoc[2].uRegIntSts),
602	SSMFIELD_ENTRY(DEVTPM, aLoc[3].uRegIntEn),
603	SSMFIELD_ENTRY(DEVTPM, aLoc[3].uRegIntSts),
604	SSMFIELD_ENTRY(DEVTPM, aLoc[4].uRegIntEn),
605	SSMFIELD_ENTRY(DEVTPM, aLoc[4].uRegIntSts),
606	SSMFIELD_ENTRY(DEVTPM, bmLocReqAcc),
607	SSMFIELD_ENTRY(DEVTPM, bmLocSeizedAcc),
608	SSMFIELD_ENTRY(DEVTPM, enmState),
609	SSMFIELD_ENTRY(DEVTPM, offCmdResp),
610	SSMFIELD_ENTRY(DEVTPM, abCmdResp),
611	SSMFIELD_ENTRY_TERM()
612	};
613	#endif
614
615
616	/**
617	* Sets the IRQ line of the given device to the given state.
618	*
619	* @param pDevIns Pointer to the PDM device instance data.
620	* @param pThis Pointer to the shared TPM device.
621	* @param iLvl The interrupt level to set.
622	*/
623	DECLINLINE(void) tpmIrqReq(PPDMDEVINS pDevIns, PDEVTPM pThis, int iLvl)
624	{
625	PDMDevHlpISASetIrqNoWait(pDevIns, pThis->uIrq, iLvl);
626	}
627
628
629	/**
630	* Updates the IRQ status of the given locality.
631	*
632	* @param pDevIns Pointer to the PDM device instance data.
633	* @param pThis Pointer to the shared TPM device.
634	* @param pLoc The locality state.
635	*/
636	static void tpmLocIrqUpdate(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc)
637	{
638	if ( (pLoc->uRegIntEn & TPM_CRB_LOCALITY_REG_INT_GLOBAL_ENABLE) /* Aliases with TPM_FIFO_LOCALITY_REG_INT_ENABLE_GLOBAL */
639	&& (pLoc->uRegIntEn & pLoc->uRegIntSts))
640	tpmIrqReq(pDevIns, pThis, 1);
641	else
642	tpmIrqReq(pDevIns, pThis, 0);
643	}
644
645
646	/**
647	* Sets the interrupt status for the given locality, firing an interrupt if necessary.
648	*
649	* @param pDevIns Pointer to the PDM device instance data.
650	* @param pThis Pointer to the shared TPM device.
651	* @param pLoc The locality state.
652	* @param uSts The interrupt status bit to set.
653	*/
654	static void tpmLocSetIntSts(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc, uint32_t uSts)
655	{
656	pLoc->uRegIntSts \|= uSts;
657	tpmLocIrqUpdate(pDevIns, pThis, pLoc);
658	}
659
660
661	/**
662	* Selects the next locality which has requested access.
663	*
664	* @param pDevIns Pointer to the PDM device instance data.
665	* @param pThis Pointer to the shared TPM device.
666	*/
667	static void tpmLocSelectNext(PPDMDEVINS pDevIns, PDEVTPM pThis)
668	{
669	Assert(pThis->bmLocReqAcc);
670	Assert(pThis->bLoc == TPM_NO_LOCALITY_SELECTED);
671	pThis->bLoc = (uint8_t)ASMBitLastSetU32(pThis->bmLocReqAcc) - 1; /* Select one with highest priority. */
672
673	tpmLocSetIntSts(pDevIns, pThis, &pThis->aLoc[pThis->bLoc], TPM_CRB_LOCALITY_REG_INT_STS_LOC_CHANGED);
674	}
675
676
677	/**
678	* Returns the given locality being accessed from the given TPM MMIO offset.
679	*
680	* @returns Locality number.
681	* @param off The offset into the TPM MMIO region.
682	*/
683	DECLINLINE(uint8_t) tpmGetLocalityFromOffset(RTGCPHYS off)
684	{
685	return off / TPM_LOCALITY_MMIO_SIZE;
686	}
687
688
689	/**
690	* Returns the given register of a particular locality being accessed from the given TPM MMIO offset.
691	*
692	* @returns Register index being accessed.
693	* @param off The offset into the TPM MMIO region.
694	*/
695	DECLINLINE(uint32_t) tpmGetRegisterFromOffset(RTGCPHYS off)
696	{
697	return off % TPM_LOCALITY_MMIO_SIZE;
698	}
699
700
701	/**
702	* Read from a FIFO interface register.
703	*
704	* @returns VBox strict status code.
705	* @param pDevIns Pointer to the PDM device instance data.
706	* @param pThis Pointer to the shared TPM device.
707	* @param pLoc The locality state being read from.
708	* @param bLoc The locality index.
709	* @param uReg The register offset being accessed.
710	* @param pu64 Where to store the read data.
711	* @param cb Number of bytes to read.
712	*/
713	static VBOXSTRICTRC tpmMmioFifoRead(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc,
714	uint8_t bLoc, uint32_t uReg, uint64_t *pu64, size_t cb)
715	{
716	RT_NOREF(pDevIns);
717	VBOXSTRICTRC rc = VINF_SUCCESS;
718
719	/* Special path for the data buffer. */
720	if ( ( ( uReg >= TPM_FIFO_LOCALITY_REG_DATA_FIFO
721	&& uReg < TPM_FIFO_LOCALITY_REG_DATA_FIFO + sizeof(uint32_t))
722	\|\| ( uReg >= TPM_FIFO_LOCALITY_REG_XDATA_FIFO
723	&& uReg < TPM_FIFO_LOCALITY_REG_XDATA_FIFO + sizeof(uint32_t)))
724	&& bLoc == pThis->bLoc
725	&& pThis->enmState == DEVTPMSTATE_CMD_COMPLETION)
726	{
727	if (pThis->offCmdResp <= pThis->cbCmdResp - cb)
728	{
729	memcpy(pu64, &pThis->abCmdResp[pThis->offCmdResp], cb);
730	pThis->offCmdResp += (uint32_t)cb;
731	}
732	else
733	memset(pu64, 0xff, cb);
734	return VINF_SUCCESS;
735	}
736
737	uint64_t u64;
738	switch (uReg)
739	{
740	case TPM_FIFO_LOCALITY_REG_ACCESS:
741	u64 = TPM_FIFO_LOCALITY_REG_ACCESS_VALID;
742	if (pThis->bLoc == bLoc)
743	u64 \|= TPM_FIFO_LOCALITY_REG_ACCESS_ACTIVE;
744	if (pThis->bmLocSeizedAcc & RT_BIT_32(bLoc))
745	u64 \|= TPM_FIFO_LOCALITY_REG_ACCESS_BEEN_SEIZED;
746	if (pThis->bmLocReqAcc & ~RT_BIT_32(bLoc))
747	u64 \|= TPM_FIFO_LOCALITY_REG_ACCESS_PENDING_REQUEST;
748	if ( pThis->bLoc != bLoc
749	&& pThis->bmLocReqAcc & RT_BIT_32(bLoc))
750	u64 \|= TPM_FIFO_LOCALITY_REG_ACCESS_REQUEST_USE;
751	if (pThis->fEstablishmentSet)
752	u64 \|= TPM_FIFO_LOCALITY_REG_ACCESS_ESTABLISHMENT;
753	break;
754	case TPM_FIFO_LOCALITY_REG_INT_ENABLE:
755	u64 = pLoc->uRegIntEn;
756	break;
757	case TPM_FIFO_LOCALITY_REG_INT_VEC:
758	u64 = pThis->uIrq;
759	break;
760	case TPM_FIFO_LOCALITY_REG_INT_STS:
761	u64 = pLoc->uRegIntSts;
762	break;
763	case TPM_FIFO_LOCALITY_REG_IF_CAP:
764	u64 = TPM_FIFO_LOCALITY_REG_IF_CAP_INT_DATA_AVAIL
765	\| TPM_FIFO_LOCALITY_REG_IF_CAP_INT_STS_VALID
766	\| TPM_FIFO_LOCALITY_REG_IF_CAP_INT_LOCALITY_CHANGE
767	\| TPM_FIFO_LOCALITY_REG_IF_CAP_INT_LVL_LOW
768	\| TPM_FIFO_LOCALITY_REG_IF_CAP_INT_CMD_RDY
769	\| TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_SET(TPM_FIFO_LOCALITY_REG_IF_CAP_DATA_XFER_SZ_64B); /** @todo Make some of them configurable? */
770	if (pThis->enmTpmVers == TPMVERSION_1_2)
771	u64 \|= TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_SET(TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_IF_1_3);
772	else
773	u64 \|= TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_SET(TPM_FIFO_LOCALITY_REG_IF_CAP_IF_VERSION_IF_1_3_TPM2);
774	break;
775	case TPM_FIFO_LOCALITY_REG_STS:
776	if (bLoc != pThis->bLoc)
777	{
778	u64 = UINT64_MAX;
779	break;
780	}
781
782	u64 = TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_SET( pThis->enmTpmVers == TPMVERSION_1_2
783	? TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_1_2
784	: TPM_FIFO_LOCALITY_REG_STS_TPM_FAMILY_2_0)
785	\| TPM_FIFO_LOCALITY_REG_STS_BURST_CNT_SET(_1K)
786	\| TPM_FIFO_LOCALITY_REG_STS_VALID;
787	if (pThis->enmState == DEVTPMSTATE_READY)
788	u64 \|= TPM_FIFO_LOCALITY_REG_STS_CMD_RDY;
789	else if (pThis->enmState == DEVTPMSTATE_CMD_RECEPTION) /* When in the command reception state check whether all of the command data has been received. */
790	{
791	if ( pThis->offCmdResp < sizeof(TPMREQHDR)
792	\|\| pThis->offCmdResp < RTTpmReqGetSz((PCTPMREQHDR)&pThis->abCmdResp[0]))
793	u64 \|= TPM_FIFO_LOCALITY_REG_STS_EXPECT;
794	}
795	else if (pThis->enmState == DEVTPMSTATE_CMD_COMPLETION) /* Check whether there is more response data available. */
796	{
797	if (pThis->offCmdResp < RTTpmRespGetSz((PCTPMRESPHDR)&pThis->abCmdResp[0]))
798	u64 \|= TPM_FIFO_LOCALITY_REG_STS_DATA_AVAIL;
799	}
800	break;
801	case TPM_FIFO_LOCALITY_REG_INTF_ID:
802	u64 = TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_SET(TPM_FIFO_LOCALITY_REG_INTF_ID_IF_VERS_FIFO)
803	\| TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SET(TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_64B)
804	\| TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_GET(TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_FIFO)
805	\| TPM_FIFO_LOCALITY_REG_INTF_ID_IF_SEL_LOCK;
806	if (pThis->enmTpmVers == TPMVERSION_1_2)
807	u64 \|= TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_SET(TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_TIS1_3);
808	else
809	u64 \|= TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_SET(TPM_FIFO_LOCALITY_REG_INTF_ID_IF_TYPE_FIFO_TPM20);
810
811	if (pThis->fLocChangeSup) /* Only advertise the locality capability if the driver below supports it. */
812	u64 \|= TPM_FIFO_LOCALITY_REG_INTF_ID_CAP_LOCALITY;
813	break;
814	case TPM_FIFO_LOCALITY_REG_DID_VID:
815	u64 = RT_H2BE_U32(RT_MAKE_U32(pThis->uVenId, pThis->uDevId));
816	break;
817	case TPM_FIFO_LOCALITY_REG_RID:
818	u64 = pThis->bRevId;
819	break;
820	default: /* Return ~0. */
821	u64 = UINT64_MAX;
822	break;
823	}
824
825	*pu64 = u64;
826
827	return rc;
828	}
829
830
831	/**
832	* Read to a FIFO interface register.
833	*
834	* @returns VBox strict status code.
835	* @param pDevIns Pointer to the PDM device instance data.
836	* @param pThis Pointer to the shared TPM device.
837	* @param pLoc The locality state being written to.
838	* @param bLoc The locality index.
839	* @param uReg The register offset being accessed.
840	* @param u64 The value to write.
841	* @param cb Number of bytes to write.
842	*/
843	static VBOXSTRICTRC tpmMmioFifoWrite(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc,
844	uint8_t bLoc, uint32_t uReg, uint64_t u64, size_t cb)
845	{
846	#ifdef IN_RING3
847	PDEVTPMR3 pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMR3);
848	#endif
849
850	/* Special path for the data buffer. */
851	if ( ( ( uReg >= TPM_FIFO_LOCALITY_REG_DATA_FIFO
852	&& uReg < TPM_FIFO_LOCALITY_REG_DATA_FIFO + sizeof(uint32_t))
853	\|\| ( uReg >= TPM_FIFO_LOCALITY_REG_XDATA_FIFO
854	&& uReg < TPM_FIFO_LOCALITY_REG_XDATA_FIFO + sizeof(uint32_t)))
855	&& bLoc == pThis->bLoc
856	&& ( pThis->enmState == DEVTPMSTATE_READY
857	\|\| pThis->enmState == DEVTPMSTATE_CMD_RECEPTION))
858	{
859	pThis->enmState = DEVTPMSTATE_CMD_RECEPTION;
860	if (pThis->offCmdResp <= pThis->cbCmdResp - cb)
861	{
862	memcpy(&pThis->abCmdResp[pThis->offCmdResp], &u64, cb);
863	pThis->offCmdResp += (uint32_t)cb;
864	}
865	return VINF_SUCCESS;
866	}
867
868	VBOXSTRICTRC rc = VINF_SUCCESS;
869	uint32_t u32 = (uint32_t)u64;
870
871	switch (uReg)
872	{
873	case TPM_FIFO_LOCALITY_REG_ACCESS:
874	u32 &= TPM_FIFO_LOCALITY_REG_ACCESS_WR_MASK;
875	/*
876	* Chapter 5.6.11, 2 states that writing to this register with more than one
877	* bit set to '1' is vendor specific, we decide to ignore such writes to make the logic
878	* below simpler.
879	*/
880	if (!RT_IS_POWER_OF_TWO(u32))
881	break;
882
883	/* Seize access only if this locality has a higher priority than the currently selected one. */
884	if ( (u32 & TPM_FIFO_LOCALITY_REG_ACCESS_SEIZE)
885	&& pThis->bLoc != TPM_NO_LOCALITY_SELECTED
886	&& bLoc > pThis->bLoc)
887	{
888	pThis->bmLocSeizedAcc \|= RT_BIT_32(pThis->bLoc);
889	/** @todo Abort command. */
890	pThis->bLoc = bLoc;
891	}
892
893	if ( (u64 & TPM_FIFO_LOCALITY_REG_ACCESS_REQUEST_USE)
894	&& !(pThis->bmLocReqAcc & RT_BIT_32(bLoc)))
895	{
896	pThis->bmLocReqAcc \|= RT_BIT_32(bLoc);
897	if (pThis->bLoc == TPM_NO_LOCALITY_SELECTED)
898	{
899	pThis->bLoc = bLoc; /* Doesn't fire an interrupt. */
900	pThis->bmLocSeizedAcc &= ~RT_BIT_32(bLoc);
901	}
902	}
903
904	if ( (u64 & TPM_FIFO_LOCALITY_REG_ACCESS_ACTIVE)
905	&& (pThis->bmLocReqAcc & RT_BIT_32(bLoc)))
906	{
907	pThis->bmLocReqAcc &= ~RT_BIT_32(bLoc);
908	if (pThis->bLoc == bLoc)
909	{
910	pThis->bLoc = TPM_NO_LOCALITY_SELECTED;
911	if (pThis->bmLocReqAcc)
912	tpmLocSelectNext(pDevIns, pThis); /* Select the next locality. */
913	}
914	}
915	break;
916	case TPM_FIFO_LOCALITY_REG_INT_ENABLE:
917	if (bLoc != pThis->bLoc)
918	break;
919	pLoc->uRegIntEn = u32;
920	tpmLocIrqUpdate(pDevIns, pThis, pLoc);
921	break;
922	case TPM_FIFO_LOCALITY_REG_INT_STS:
923	if (bLoc != pThis->bLoc)
924	break;
925	pLoc->uRegIntSts &= ~(u32 & TPM_FIFO_LOCALITY_REG_INT_STS_WR_MASK);
926	tpmLocIrqUpdate(pDevIns, pThis, pLoc);
927	break;
928	case TPM_FIFO_LOCALITY_REG_STS:
929	/*
930	* Writes are ignored completely if the locality being accessed is not the
931	* current active one or if the value has multiple bits set (not a power of two),
932	* see chapter 5.6.12.1.
933	*/
934	if ( bLoc != pThis->bLoc
935	\|\| !RT_IS_POWER_OF_TWO(u64))
936	break;
937
938	if ( (u64 & TPM_FIFO_LOCALITY_REG_STS_CMD_RDY)
939	&& ( pThis->enmState == DEVTPMSTATE_IDLE
940	\|\| pThis->enmState == DEVTPMSTATE_CMD_COMPLETION))
941	{
942	pThis->enmState = DEVTPMSTATE_READY;
943	pThis->offCmdResp = 0;
944	tpmLocSetIntSts(pDevIns, pThis, pLoc, TPM_FIFO_LOCALITY_REG_INT_STS_CMD_RDY);
945	}
946
947	if ( (u64 & TPM_FIFO_LOCALITY_REG_STS_TPM_GO)
948	&& pThis->enmState == DEVTPMSTATE_CMD_RECEPTION)
949	{
950	pThis->enmState = DEVTPMSTATE_CMD_EXEC;
951	rc = PDMDevHlpTaskTrigger(pDevIns, pThis->hTpmCmdTask);
952	}
953
954	if ( (u64 & TPM_FIFO_LOCALITY_REG_STS_RST_ESTABLISHMENT)
955	&& pThis->bLoc >= 3
956	&& ( pThis->enmState == DEVTPMSTATE_IDLE
957	\|\| pThis->enmState == DEVTPMSTATE_CMD_COMPLETION))
958	{
959	#ifndef IN_RING3
960	rc = VINF_IOM_R3_MMIO_WRITE;
961	break;
962	#else
963	if (pThisCC->pDrvTpm)
964	{
965	int rc2 = pThisCC->pDrvTpm->pfnResetEstablishedFlag(pThisCC->pDrvTpm, pThis->bLoc);
966	if (RT_SUCCESS(rc2))
967	pThis->fEstablishmentSet = false;
968	else
969	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
970	}
971	else
972	pThis->fEstablishmentSet = false;
973	#endif
974	}
975
976	if ( (u64 & TPM_FIFO_LOCALITY_REG_STS_CMD_CANCEL)
977	&& pThis->enmState == DEVTPMSTATE_CMD_EXEC)
978	{
979	#ifndef IN_RING3
980	rc = VINF_IOM_R3_MMIO_WRITE;
981	break;
982	#else
983	if (pThisCC->pDrvTpm)
984	{
985	pThis->enmState = DEVTPMSTATE_CMD_CANCEL;
986	int rc2 = pThisCC->pDrvTpm->pfnCmdCancel(pThisCC->pDrvTpm);
987	if (RT_FAILURE(rc2))
988	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
989	}
990	#endif
991	}
992
993	break;
994	case TPM_FIFO_LOCALITY_REG_INT_VEC:
995	case TPM_FIFO_LOCALITY_REG_IF_CAP:
996	case TPM_FIFO_LOCALITY_REG_DID_VID:
997	case TPM_FIFO_LOCALITY_REG_RID:
998	default: /* Ignore. */
999	break;
1000	}
1001
1002	return rc;
1003	}
1004
1005
1006	/**
1007	* Read from a CRB interface register.
1008	*
1009	* @returns VBox strict status code.
1010	* @param pDevIns Pointer to the PDM device instance data.
1011	* @param pThis Pointer to the shared TPM device.
1012	* @param pLoc The locality state being read from.
1013	* @param bLoc The locality index.
1014	* @param uReg The register offset being accessed.
1015	* @param pu64 Where to store the read data.
1016	* @param cb Size of the read in bytes.
1017	*/
1018	static VBOXSTRICTRC tpmMmioCrbRead(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc,
1019	uint8_t bLoc, uint32_t uReg, uint64_t *pu64, size_t cb)
1020	{
1021	RT_NOREF(pDevIns);
1022
1023	/* Special path for the data buffer. */
1024	if ( uReg >= TPM_CRB_LOCALITY_REG_DATA_BUFFER
1025	&& uReg < TPM_CRB_LOCALITY_REG_DATA_BUFFER + pThis->cbCmdResp
1026	&& bLoc == pThis->bLoc
1027	&& pThis->enmState == DEVTPMSTATE_CMD_COMPLETION)
1028	{
1029	memcpy(pu64, &pThis->abCmdResp[uReg - TPM_CRB_LOCALITY_REG_DATA_BUFFER], cb);
1030	return VINF_SUCCESS;
1031	}
1032
1033	VBOXSTRICTRC rc = VINF_SUCCESS;
1034	uint64_t u64 = UINT64_MAX;
1035	switch (uReg)
1036	{
1037	case TPM_CRB_LOCALITY_REG_STATE:
1038	u64 = TPM_CRB_LOCALITY_REG_STATE_VALID
1039	\| ( pThis->bLoc != TPM_NO_LOCALITY_SELECTED
1040	? TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_SET(pThis->bLoc) \| TPM_CRB_LOCALITY_REG_STATE_LOC_ASSIGNED
1041	: TPM_CRB_LOCALITY_REG_STATE_ACTIVE_LOC_SET(0));
1042	if (pThis->fEstablishmentSet)
1043	u64 \|= TPM_CRB_LOCALITY_REG_ESTABLISHMENT;
1044	break;
1045	case TPM_CRB_LOCALITY_REG_STS:
1046	u64 = pThis->bLoc == bLoc
1047	? TPM_CRB_LOCALITY_REG_STS_GRANTED
1048	: 0;
1049	u64 \|= pThis->bmLocSeizedAcc & RT_BIT_32(bLoc)
1050	? TPM_CRB_LOCALITY_REG_STS_SEIZED
1051	: 0;
1052	break;
1053	case TPM_CRB_LOCALITY_REG_INTF_ID:
1054	u64 = TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_SET(TPM_CRB_LOCALITY_REG_INTF_ID_IF_TYPE_CRB)
1055	\| TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_SET(TPM_CRB_LOCALITY_REG_INTF_ID_IF_VERS_CRB)
1056	\| TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_SET(TPM_CRB_LOCALITY_REG_INTF_ID_CAP_DATA_XFER_SZ_64B)
1057	\| TPM_CRB_LOCALITY_REG_INTF_ID_CAP_CRB
1058	\| TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_GET(TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_CRB)
1059	\| TPM_CRB_LOCALITY_REG_INTF_ID_IF_SEL_LOCK
1060	\| TPM_CRB_LOCALITY_REG_INTF_ID_RID_SET(pThis->bRevId)
1061	\| TPM_CRB_LOCALITY_REG_INTF_ID_VID_SET(pThis->uVenId)
1062	\| TPM_CRB_LOCALITY_REG_INTF_ID_DID_SET(pThis->uDevId);
1063
1064	if (pThis->fLocChangeSup) /* Only advertise the locality capability if the driver below supports it. */
1065	u64 \|= TPM_CRB_LOCALITY_REG_INTF_ID_CAP_LOCALITY;
1066
1067	break;
1068	case TPM_CRB_LOCALITY_REG_CTRL_REQ:
1069	if (bLoc != pThis->bLoc)
1070	break;
1071	/*
1072	* Command ready and go idle are always 0 upon read
1073	* as we don't need time to transition to this state
1074	* when written by the guest.
1075	*/
1076	u64 = 0;
1077	break;
1078	case TPM_CRB_LOCALITY_REG_CTRL_STS:
1079	if (bLoc != pThis->bLoc)
1080	break;
1081	if (pThis->enmState == DEVTPMSTATE_FATAL_ERROR)
1082	u64 = TPM_CRB_LOCALITY_REG_CTRL_STS_TPM_FATAL_ERR;
1083	else if (pThis->enmState == DEVTPMSTATE_IDLE)
1084	u64 = TPM_CRB_LOCALITY_REG_CTRL_STS_TPM_IDLE;
1085	else
1086	u64 = 0;
1087	break;
1088	case TPM_CRB_LOCALITY_REG_CTRL_CANCEL:
1089	if (bLoc != pThis->bLoc)
1090	break;
1091	if (pThis->enmState == DEVTPMSTATE_CMD_CANCEL)
1092	u64 = 0x1;
1093	else
1094	u64 = 0;
1095	break;
1096	case TPM_CRB_LOCALITY_REG_CTRL_START:
1097	if (bLoc != pThis->bLoc)
1098	break;
1099	if (pThis->enmState == DEVTPMSTATE_CMD_EXEC)
1100	u64 = 0x1;
1101	else
1102	u64 = 0;
1103	break;
1104	case TPM_CRB_LOCALITY_REG_INT_ENABLE:
1105	u64 = pLoc->uRegIntEn;
1106	break;
1107	case TPM_CRB_LOCALITY_REG_INT_STS:
1108	u64 = pLoc->uRegIntSts;
1109	break;
1110	case TPM_CRB_LOCALITY_REG_CTRL_CMD_LADDR:
1111	u64 = pThis->GCPhysMmio + (bLoc * TPM_LOCALITY_MMIO_SIZE) + TPM_CRB_LOCALITY_REG_DATA_BUFFER;
1112	break;
1113	case TPM_CRB_LOCALITY_REG_CTRL_CMD_HADDR:
1114	u64 = (pThis->GCPhysMmio + (bLoc * TPM_LOCALITY_MMIO_SIZE) + TPM_CRB_LOCALITY_REG_DATA_BUFFER) >> 32;
1115	break;
1116	case TPM_CRB_LOCALITY_REG_CTRL_CMD_SZ:
1117	case TPM_CRB_LOCALITY_REG_CTRL_RSP_SZ:
1118	u64 = pThis->cbCmdResp;
1119	break;
1120	case TPM_CRB_LOCALITY_REG_CTRL_RSP_ADDR:
1121	u64 = pThis->GCPhysMmio + (bLoc * TPM_LOCALITY_MMIO_SIZE) + TPM_CRB_LOCALITY_REG_DATA_BUFFER;
1122	break;
1123	case TPM_CRB_LOCALITY_REG_CTRL: /* Writeonly */
1124	u64 = 0;
1125	break;
1126	case TPM_CRB_LOCALITY_REG_CTRL_EXT:
1127	default:
1128	break; /* Return ~0 */
1129	}
1130
1131	*pu64 = u64;
1132	return rc;
1133	}
1134
1135
1136	/**
1137	* Read to a CRB interface register.
1138	*
1139	* @returns VBox strict status code.
1140	* @param pDevIns Pointer to the PDM device instance data.
1141	* @param pThis Pointer to the shared TPM device.
1142	* @param pLoc The locality state being written to.
1143	* @param bLoc The locality index.
1144	* @param uReg The register offset being accessed.
1145	* @param u64 The value to write.
1146	* @param cb Size of the write in bytes.
1147	*/
1148	static VBOXSTRICTRC tpmMmioCrbWrite(PPDMDEVINS pDevIns, PDEVTPM pThis, PDEVTPMLOCALITY pLoc,
1149	uint8_t bLoc, uint32_t uReg, uint64_t u64, size_t cb)
1150	{
1151	#ifdef IN_RING3
1152	PDEVTPMR3 pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMR3);
1153	#endif
1154
1155	VBOXSTRICTRC rc = VINF_SUCCESS;
1156	uint32_t u32 = (uint32_t)u64;
1157
1158	/* Special path for the data buffer. */
1159	if ( uReg >= TPM_CRB_LOCALITY_REG_DATA_BUFFER
1160	&& uReg < TPM_CRB_LOCALITY_REG_DATA_BUFFER + pThis->cbCmdResp
1161	&& bLoc == pThis->bLoc
1162	&& ( pThis->enmState == DEVTPMSTATE_READY
1163	\|\| pThis->enmState == DEVTPMSTATE_CMD_RECEPTION))
1164	{
1165	pThis->enmState = DEVTPMSTATE_CMD_RECEPTION;
1166	memcpy(&pThis->abCmdResp[uReg - TPM_CRB_LOCALITY_REG_DATA_BUFFER], &u64, cb);
1167	return VINF_SUCCESS;
1168	}
1169
1170	switch (uReg)
1171	{
1172	case TPM_CRB_LOCALITY_REG_CTRL:
1173	{
1174	/* See chapter 6.5.3.2.2.1. */
1175	if ( (u64 & TPM_CRB_LOCALITY_REG_CTRL_RST_ESTABLISHMENT)
1176	&& pThis->bLoc >= 3
1177	&& ( pThis->enmState == DEVTPMSTATE_IDLE
1178	\|\| pThis->enmState == DEVTPMSTATE_CMD_COMPLETION))
1179	{
1180	#ifndef IN_RING3
1181	rc = VINF_IOM_R3_MMIO_WRITE;
1182	break;
1183	#else
1184	if (pThisCC->pDrvTpm)
1185	{
1186	int rc2 = pThisCC->pDrvTpm->pfnResetEstablishedFlag(pThisCC->pDrvTpm, pThis->bLoc);
1187	if (RT_SUCCESS(rc2))
1188	pThis->fEstablishmentSet = false;
1189	else
1190	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
1191	}
1192	else
1193	pThis->fEstablishmentSet = false;
1194	#endif
1195	}
1196
1197	/*
1198	* The following three checks should be mutually exclusive as the writer shouldn't
1199	* request, relinquish and seize access in the same write.
1200	*/
1201	/* Seize access only if this locality has a higher priority than the currently selected one. */
1202	if ( (u64 & TPM_CRB_LOCALITY_REG_CTRL_SEIZE)
1203	&& pThis->bLoc != TPM_NO_LOCALITY_SELECTED
1204	&& bLoc > pThis->bLoc)
1205	{
1206	if (pThis->enmState == DEVTPMSTATE_CMD_EXEC)
1207	{
1208	#ifndef IN_RING3
1209	rc = VINF_IOM_R3_MMIO_WRITE;
1210	break;
1211	#else
1212	pThis->enmState = DEVTPMSTATE_CMD_CANCEL;
1213	if (pThisCC->pDrvTpm)
1214	{
1215	int rc2 = pThisCC->pDrvTpm->pfnCmdCancel(pThisCC->pDrvTpm);
1216	if (RT_FAILURE(rc2))
1217	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
1218	else
1219	{
1220	pThis->enmState = DEVTPMSTATE_CMD_COMPLETION;
1221	tpmLocSetIntSts(pDevIns, pThis, pLoc, TPM_CRB_LOCALITY_REG_INT_STS_START);
1222	}
1223	}
1224	#endif
1225	}
1226
1227	pThis->bmLocSeizedAcc \|= RT_BIT_32(pThis->bLoc);
1228	pThis->bLoc = bLoc;
1229	}
1230
1231	if ( (u64 & TPM_CRB_LOCALITY_REG_CTRL_REQ_ACCESS)
1232	&& !(pThis->bmLocReqAcc & RT_BIT_32(bLoc)))
1233	{
1234	pThis->bmLocReqAcc \|= RT_BIT_32(bLoc);
1235	if (pThis->bLoc == TPM_NO_LOCALITY_SELECTED)
1236	{
1237	pThis->bLoc = bLoc; /* Doesn't fire an interrupt. */
1238	pThis->bmLocSeizedAcc &= ~RT_BIT_32(bLoc);
1239	}
1240	}
1241
1242	if ( (u64 & TPM_CRB_LOCALITY_REG_CTRL_RELINQUISH)
1243	&& (pThis->bmLocReqAcc & RT_BIT_32(bLoc)))
1244	{
1245	pThis->bmLocReqAcc &= ~RT_BIT_32(bLoc);
1246	if (pThis->bLoc == bLoc)
1247	{
1248	pThis->bLoc = TPM_NO_LOCALITY_SELECTED;
1249	if (pThis->bmLocReqAcc)
1250	tpmLocSelectNext(pDevIns, pThis); /* Select the next locality. */
1251	}
1252	}
1253	break;
1254	}
1255	case TPM_CRB_LOCALITY_REG_CTRL_REQ:
1256	if ( bLoc != pThis->bLoc
1257	\|\| !RT_IS_POWER_OF_TWO(u32)) /* Ignore if multiple bits are set. */
1258	break;
1259	if ( (u32 & TPM_CRB_LOCALITY_REG_CTRL_REQ_CMD_RDY)
1260	&& ( pThis->enmState == DEVTPMSTATE_IDLE
1261	\|\| pThis->enmState == DEVTPMSTATE_CMD_COMPLETION))
1262	{
1263	pThis->enmState = DEVTPMSTATE_READY;
1264	tpmLocSetIntSts(pDevIns, pThis, pLoc, TPM_CRB_LOCALITY_REG_INT_STS_CMD_RDY);
1265	}
1266	else if ( (u32 & TPM_CRB_LOCALITY_REG_CTRL_REQ_IDLE)
1267	&& pThis->enmState != DEVTPMSTATE_CMD_EXEC)
1268	{
1269	/* Invalidate the command/response buffer. */
1270	RT_ZERO(pThis->abCmdResp);
1271	pThis->offCmdResp = 0;
1272	pThis->enmState = DEVTPMSTATE_IDLE;
1273	}
1274	break;
1275	case TPM_CRB_LOCALITY_REG_CTRL_CANCEL:
1276	if (bLoc != pThis->bLoc)
1277	break;
1278	if ( pThis->enmState == DEVTPMSTATE_CMD_EXEC
1279	&& u32 == 0x1)
1280	{
1281	#ifndef IN_RING3
1282	rc = VINF_IOM_R3_MMIO_WRITE;
1283	break;
1284	#else
1285	pThis->enmState = DEVTPMSTATE_CMD_CANCEL;
1286	if (pThisCC->pDrvTpm)
1287	{
1288	int rc2 = pThisCC->pDrvTpm->pfnCmdCancel(pThisCC->pDrvTpm);
1289	if (RT_FAILURE(rc2))
1290	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
1291	else
1292	{
1293	pThis->enmState = DEVTPMSTATE_CMD_COMPLETION;
1294	tpmLocSetIntSts(pDevIns, pThis, pLoc, TPM_CRB_LOCALITY_REG_INT_STS_START);
1295	}
1296	}
1297	#endif
1298	}
1299	break;
1300	case TPM_CRB_LOCALITY_REG_CTRL_START:
1301	if (bLoc != pThis->bLoc)
1302	break;
1303	if ( pThis->enmState == DEVTPMSTATE_CMD_RECEPTION
1304	&& u32 == 0x1)
1305	{
1306	pThis->enmState = DEVTPMSTATE_CMD_EXEC;
1307	rc = PDMDevHlpTaskTrigger(pDevIns, pThis->hTpmCmdTask);
1308	}
1309	break;
1310	case TPM_CRB_LOCALITY_REG_INT_ENABLE:
1311	pLoc->uRegIntEn = u32;
1312	tpmLocIrqUpdate(pDevIns, pThis, pLoc);
1313	break;
1314	case TPM_CRB_LOCALITY_REG_INT_STS:
1315	pLoc->uRegIntSts &= ~u32;
1316	tpmLocIrqUpdate(pDevIns, pThis, pLoc);
1317	break;
1318	case TPM_CRB_LOCALITY_REG_CTRL_EXT: /* Not implemented. */
1319	case TPM_CRB_LOCALITY_REG_STATE: /* Readonly */
1320	case TPM_CRB_LOCALITY_REG_INTF_ID:
1321	case TPM_CRB_LOCALITY_REG_CTRL_STS:
1322	case TPM_CRB_LOCALITY_REG_CTRL_CMD_LADDR:
1323	case TPM_CRB_LOCALITY_REG_CTRL_CMD_HADDR:
1324	case TPM_CRB_LOCALITY_REG_CTRL_CMD_SZ:
1325	case TPM_CRB_LOCALITY_REG_CTRL_RSP_SZ:
1326	case TPM_CRB_LOCALITY_REG_CTRL_RSP_ADDR:
1327	default: /* Ignore. */
1328	break;
1329	}
1330
1331	return rc;
1332	}
1333
1334
1335	/* -=-=-=-=-=- MMIO callbacks -=-=-=-=-=- */
1336
1337	/**
1338	* @callback_method_impl{FNIOMMMIONEWREAD}
1339	*/
1340	static DECLCALLBACK(VBOXSTRICTRC) tpmMmioRead(PPDMDEVINS pDevIns, void pvUser, RTGCPHYS off, void pv, unsigned cb)
1341	{
1342	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1343	RT_NOREF(pvUser);
1344
1345	AssertReturn(cb <= sizeof(uint64_t), VERR_INTERNAL_ERROR);
1346
1347	RTGCPHYS offAligned = off & ~UINT64_C(0x3);
1348	uint8_t cBitsShift = (off & 0x3) * 8;
1349
1350	VBOXSTRICTRC rc = VINF_SUCCESS;
1351	uint32_t uReg = tpmGetRegisterFromOffset(offAligned);
1352	uint8_t bLoc = tpmGetLocalityFromOffset(offAligned);
1353	PDEVTPMLOCALITY pLoc = &pThis->aLoc[bLoc];
1354
1355	uint64_t u64;
1356	if (pThis->fCrb)
1357	rc = tpmMmioCrbRead(pDevIns, pThis, pLoc, bLoc, uReg, &u64, cb);
1358	else
1359	rc = tpmMmioFifoRead(pDevIns, pThis, pLoc, bLoc, uReg, &u64, cb);
1360
1361	LogFlowFunc((": %RGp %#x %#llx\n", off, cb, u64));
1362
1363	if (rc == VINF_SUCCESS)
1364	{
1365	switch (cb)
1366	{
1367	case 1: (uint8_t )pv = (uint8_t)(u64 >> cBitsShift); break;
1368	case 2: (uint16_t )pv = (uint16_t)(u64 >> cBitsShift); break;
1369	case 4: (uint32_t )pv = (uint32_t)(u64 >> cBitsShift); break;
1370	case 8: (uint64_t )pv = u64; break;
1371	default: AssertFailedBreakStmt(rc = VERR_INTERNAL_ERROR);
1372	}
1373	}
1374
1375	return rc;
1376	}
1377
1378
1379	/**
1380	* @callback_method_impl{FNIOMMMIONEWWRITE}
1381	*/
1382	static DECLCALLBACK(VBOXSTRICTRC) tpmMmioWrite(PPDMDEVINS pDevIns, void pvUser, RTGCPHYS off, void const pv, unsigned cb)
1383	{
1384	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1385	RT_NOREF(pvUser);
1386
1387	Assert(!(off & (cb - 1)));
1388
1389	uint64_t u64;
1390	switch (cb)
1391	{
1392	case 1: u64 = (const uint8_t )pv; break;
1393	case 2: u64 = (const uint16_t )pv; break;
1394	case 4: u64 = (const uint32_t )pv; break;
1395	case 8: u64 = (const uint64_t )pv; break;
1396	default: AssertFailedReturn(VERR_INTERNAL_ERROR);
1397	}
1398
1399	LogFlowFunc((": %RGp %#llx\n", off, u64));
1400
1401	VBOXSTRICTRC rc = VINF_SUCCESS;
1402	uint32_t uReg = tpmGetRegisterFromOffset(off);
1403	uint8_t bLoc = tpmGetLocalityFromOffset(off);
1404	PDEVTPMLOCALITY pLoc = &pThis->aLoc[bLoc];
1405
1406	if (pThis->fCrb)
1407	rc = tpmMmioCrbWrite(pDevIns, pThis, pLoc, bLoc, uReg, u64, cb);
1408	else
1409	rc = tpmMmioFifoWrite(pDevIns, pThis, pLoc, bLoc, uReg, u64, cb);
1410
1411	return rc;
1412	}
1413
1414
1415	#ifdef IN_RING3
1416
1417	/**
1418	* @callback_method_impl{FNPDMTASKDEV, Execute a command in ring-3}
1419	*/
1420	static DECLCALLBACK(void) tpmR3CmdExecWorker(PPDMDEVINS pDevIns, void *pvUser)
1421	{
1422	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1423	PDEVTPMR3 pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMR3);
1424	RT_NOREF(pvUser);
1425	LogFlowFunc(("\n"));
1426
1427	int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1428	PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1429
1430	if (pThisCC->pDrvTpm)
1431	{
1432	size_t cbCmd = RTTpmReqGetSz((PCTPMREQHDR)&pThis->abCmdResp[0]);
1433	int rc = pThisCC->pDrvTpm->pfnCmdExec(pThisCC->pDrvTpm, pThis->bLoc, &pThis->abCmdResp[0], cbCmd,
1434	&pThis->abCmdResp[0], sizeof(pThis->abCmdResp));
1435	if (RT_SUCCESS(rc))
1436	{
1437	pThis->enmState = DEVTPMSTATE_CMD_COMPLETION;
1438	pThis->offCmdResp = 0;
1439	if (pThis->fCrb)
1440	tpmLocSetIntSts(pThisCC->pDevIns, pThis, &pThis->aLoc[pThis->bLoc], TPM_CRB_LOCALITY_REG_INT_STS_START);
1441	else
1442	tpmLocSetIntSts(pThisCC->pDevIns, pThis, &pThis->aLoc[pThis->bLoc], TPM_FIFO_LOCALITY_REG_INT_STS_DATA_AVAIL \| TPM_FIFO_LOCALITY_REG_INT_STS_STS_VALID);
1443	}
1444	else
1445	{
1446	/* Set fatal error. */
1447	pThis->enmState = DEVTPMSTATE_FATAL_ERROR;
1448	}
1449	}
1450
1451	PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1452	}
1453
1454
1455	/**
1456	* Resets the shared hardware TPM state.
1457	*
1458	* @param pThis Pointer to the shared TPM device.
1459	*/
1460	static void tpmR3HwReset(PDEVTPM pThis)
1461	{
1462	pThis->enmState = DEVTPMSTATE_IDLE;
1463	pThis->bLoc = TPM_NO_LOCALITY_SELECTED;
1464	pThis->bmLocReqAcc = 0;
1465	pThis->bmLocSeizedAcc = 0;
1466	pThis->offCmdResp = 0;
1467	RT_ZERO(pThis->abCmdResp);
1468
1469	for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aLoc); i++)
1470	{
1471	PDEVTPMLOCALITY pLoc = &pThis->aLoc[i];
1472	pLoc->uRegIntEn = 0;
1473	pLoc->uRegIntSts = 0;
1474	}
1475	}
1476
1477
1478	/* -=-=-=-=-=-=-=-=- Saved State -=-=-=-=-=-=-=-=- */
1479
1480	/**
1481	* @callback_method_impl{FNSSMDEVLIVEEXEC}
1482	*/
1483	static DECLCALLBACK(int) tpmR3LiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
1484	{
1485	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1486	PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
1487	RT_NOREF(uPass);
1488
1489	/* Save the part of the config used for verification purposes when restoring. */
1490	pHlp->pfnSSMPutGCPhys(pSSM, pThis->GCPhysMmio);
1491	pHlp->pfnSSMPutU16( pSSM, pThis->uVenId);
1492	pHlp->pfnSSMPutU16( pSSM, pThis->uDevId);
1493	pHlp->pfnSSMPutU8( pSSM, pThis->bRevId);
1494	pHlp->pfnSSMPutU8( pSSM, pThis->uIrq);
1495	pHlp->pfnSSMPutBool( pSSM, pThis->fLocChangeSup);
1496	pHlp->pfnSSMPutU32( pSSM, (uint32_t)pThis->enmTpmVers);
1497	pHlp->pfnSSMPutU32( pSSM, pThis->cbCmdResp);
1498
1499	return VINF_SSM_DONT_CALL_AGAIN;
1500	}
1501
1502
1503	/**
1504	* @callback_method_impl{FNSSMDEVSAVEEXEC}
1505	*/
1506	static DECLCALLBACK(int) tpmR3SaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
1507	{
1508	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1509	PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
1510
1511	tpmR3LiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
1512
1513	int rc = pHlp->pfnSSMPutStructEx(pSSM, pThis, sizeof(pThis), 0 /fFlags*/, &g_aTpmFields[0], NULL);
1514	AssertRCReturn(rc, rc);
1515
1516	return pHlp->pfnSSMPutU32(pSSM, UINT32_MAX); /* sanity/terminator */
1517	}
1518
1519
1520	/**
1521	* @callback_method_impl{FNSSMDEVLOADEXEC}
1522	*/
1523	static DECLCALLBACK(int) tpmR3LoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
1524	{
1525	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1526	PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
1527	uint8_t u8;
1528	uint16_t u16;
1529	uint32_t u32;
1530	bool f;
1531	RTGCPHYS GCPhysMmio;
1532	TPMVERSION enmTpmVers;
1533
1534	Assert(uPass == SSM_PASS_FINAL); RT_NOREF(uPass);
1535	AssertMsgReturn(uVersion == TPM_SAVED_STATE_VERSION, ("%d\n", uVersion), VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION);
1536
1537	/* Verify the config first. */
1538	int rc = pHlp->pfnSSMGetGCPhys(pSSM, &GCPhysMmio);
1539	AssertRCReturn(rc, rc);
1540	if (GCPhysMmio != pThis->GCPhysMmio)
1541	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1542	N_("Config mismatch - saved GCPhysMmio=%#RGp; configured GCPhysMmio=%#RGp"),
1543	GCPhysMmio, pThis->GCPhysMmio);
1544
1545	rc = pHlp->pfnSSMGetU16(pSSM, &u16);
1546	AssertRCReturn(rc, rc);
1547	if (u16 != pThis->uVenId)
1548	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1549	N_("Config mismatch - saved uVenId=%#RX16; configured uVenId=%#RX16"),
1550	u16, pThis->uVenId);
1551
1552	rc = pHlp->pfnSSMGetU16(pSSM, &u16);
1553	AssertRCReturn(rc, rc);
1554	if (u16 != pThis->uDevId)
1555	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1556	N_("Config mismatch - saved uDevId=%#RX16; configured uDevId=%#RX16"),
1557	u16, pThis->uDevId);
1558
1559	rc = pHlp->pfnSSMGetU8(pSSM, &u8);
1560	AssertRCReturn(rc, rc);
1561	if (u8 != pThis->bRevId)
1562	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1563	N_("Config mismatch - saved bRevId=%#RX8; configured bDevId=%#RX8"),
1564	u8, pThis->bRevId);
1565
1566	rc = pHlp->pfnSSMGetU8(pSSM, &u8);
1567	AssertRCReturn(rc, rc);
1568	if (u8 != pThis->uIrq)
1569	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1570	N_("Config mismatch - saved uIrq=%#RX8; configured uIrq=%#RX8"),
1571	u8, pThis->uIrq);
1572
1573	rc = pHlp->pfnSSMGetBool(pSSM, &f);
1574	AssertRCReturn(rc, rc);
1575	if (f != pThis->fLocChangeSup)
1576	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1577	N_("Config mismatch - saved fLocChangeSup=%RTbool; configured fLocChangeSup=%RTbool"),
1578	f, pThis->fLocChangeSup);
1579
1580	rc = pHlp->pfnSSMGetU32(pSSM, (uint32_t *)&enmTpmVers);
1581	AssertRCReturn(rc, rc);
1582	if (enmTpmVers != pThis->enmTpmVers)
1583	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1584	N_("Config mismatch - saved enmTpmVers=%RU32; configured enmTpmVers=%RU32"),
1585	enmTpmVers, pThis->enmTpmVers);
1586
1587	rc = pHlp->pfnSSMGetU32(pSSM, &u32);
1588	AssertRCReturn(rc, rc);
1589	if (u32 != pThis->cbCmdResp)
1590	return pHlp->pfnSSMSetCfgError(pSSM, RT_SRC_POS,
1591	N_("Config mismatch - saved cbCmdResp=%RU32; configured cbCmdResp=%RU32"),
1592	u32, pThis->cbCmdResp);
1593
1594	if (uPass == SSM_PASS_FINAL)
1595	{
1596	rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(pThis), 0 /fFlags*/, &g_aTpmFields[0], NULL);
1597
1598	/* The marker. */
1599	rc = pHlp->pfnSSMGetU32(pSSM, &u32);
1600	AssertRCReturn(rc, rc);
1601	AssertMsgReturn(u32 == UINT32_MAX, ("%#x\n", u32), VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
1602
1603	/* Verify device state sanity. */
1604	AssertLogRelMsgReturn( pThis->enmState > DEVTPMSTATE_INVALID
1605	&& pThis->enmState <= DEVTPMSTATE_LAST_VALID,
1606	("Invalid TPM state loaded from saved state: %#x\n", pThis->enmState),
1607	VERR_SSM_UNEXPECTED_DATA);
1608
1609	AssertLogRelMsgReturn(pThis->offCmdResp <= pThis->cbCmdResp,
1610	("Invalid TPM command/response buffer offset loaded from saved state: %#x\n", pThis->offCmdResp),
1611	VERR_SSM_UNEXPECTED_DATA);
1612	}
1613
1614	return VINF_SUCCESS;
1615	}
1616
1617
1618	/* -=-=-=-=-=-=-=-=- PDMIBASE -=-=-=-=-=-=-=-=- */
1619
1620	/**
1621	* @interface_method_impl{PDMIBASE,pfnQueryInterface}
1622	*/
1623	static DECLCALLBACK(void ) tpmR3QueryInterface(PPDMIBASE pInterface, const char pszIID)
1624	{
1625	PDEVTPMCC pThisCC = RT_FROM_MEMBER(pInterface, DEVTPMCC, IBase);
1626	PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThisCC->IBase);
1627	//PDMIBASE_RETURN_INTERFACE(pszIID, PDMITPMPORT, &pThisCC->ITpmPort);
1628	return NULL;
1629	}
1630
1631
1632	/* -=-=-=-=-=-=-=-=- PDMDEVREG -=-=-=-=-=-=-=-=- */
1633
1634	/**
1635	* @interface_method_impl{PDMDEVREG,pfnPowerOn}
1636	*/
1637	static DECLCALLBACK(void) tpmR3PowerOn(PPDMDEVINS pDevIns)
1638	{
1639	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1640	PDEVTPMCC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMCC);
1641
1642	if (pThisCC->pDrvTpm)
1643	pThis->fEstablishmentSet = pThisCC->pDrvTpm->pfnGetEstablishedFlag(pThisCC->pDrvTpm);
1644	}
1645
1646
1647	/**
1648	* @interface_method_impl{PDMDEVREG,pfnReset}
1649	*/
1650	static DECLCALLBACK(void) tpmR3Reset(PPDMDEVINS pDevIns)
1651	{
1652	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1653	PDEVTPMCC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMCC);
1654
1655	tpmR3HwReset(pThis);
1656	if (pThisCC->pDrvTpm)
1657	pThis->fEstablishmentSet = pThisCC->pDrvTpm->pfnGetEstablishedFlag(pThisCC->pDrvTpm);
1658	}
1659
1660
1661	/**
1662	* @interface_method_impl{PDMDEVREG,pfnDestruct}
1663	*/
1664	static DECLCALLBACK(int) tpmR3Destruct(PPDMDEVINS pDevIns)
1665	{
1666	PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
1667	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1668
1669	/** @todo */
1670	RT_NOREF(pThis);
1671	return VINF_SUCCESS;
1672	}
1673
1674
1675	/**
1676	* @interface_method_impl{PDMDEVREG,pfnConstruct}
1677	*/
1678	static DECLCALLBACK(int) tpmR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
1679	{
1680	PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
1681	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1682	PDEVTPMCC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PDEVTPMCC);
1683	PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
1684	int rc;
1685
1686	RT_NOREF(iInstance);
1687
1688	pThis->hTpmCmdTask = NIL_PDMTASKHANDLE;
1689
1690	pThisCC->pDevIns = pDevIns;
1691
1692	/* IBase */
1693	pThisCC->IBase.pfnQueryInterface = tpmR3QueryInterface;
1694
1695	/*
1696	* Validate and read the configuration.
1697	*/
1698	PDMDEV_VALIDATE_CONFIG_RETURN(pDevIns, "Irq"
1699	"\|MmioBase"
1700	"\|VendorId"
1701	"\|DeviceId"
1702	"\|RevisionId"
1703	"\|Crb",
1704	"");
1705
1706	rc = pHlp->pfnCFGMQueryU8Def(pCfg, "Irq", &pThis->uIrq, 10);
1707	if (RT_FAILURE(rc))
1708	return PDMDEV_SET_ERROR(pDevIns, rc, N_("Configuration error: Failed to get the \"Irq\" value"));
1709
1710	rc = pHlp->pfnCFGMQueryU64Def(pCfg, "MmioBase", &pThis->GCPhysMmio, TPM_MMIO_BASE_DEFAULT);
1711	if (RT_FAILURE(rc))
1712	return PDMDEV_SET_ERROR(pDevIns, rc,
1713	N_("Configuration error: Failed to get the \"MmioBase\" value"));
1714
1715	rc = pHlp->pfnCFGMQueryU16Def(pCfg, "VendorId", &pThis->uDevId, TPM_VID_DEFAULT);
1716	if (RT_FAILURE(rc))
1717	return PDMDEV_SET_ERROR(pDevIns, rc, N_("Configuration error: Failed to get the \"VendorId\" value"));
1718
1719	rc = pHlp->pfnCFGMQueryU16Def(pCfg, "DeviceId", &pThis->uDevId, TPM_DID_DEFAULT);
1720	if (RT_FAILURE(rc))
1721	return PDMDEV_SET_ERROR(pDevIns, rc, N_("Configuration error: Failed to get the \"DeviceId\" value"));
1722
1723	rc = pHlp->pfnCFGMQueryU8Def(pCfg, "RevisionId", &pThis->bRevId, TPM_RID_DEFAULT);
1724	if (RT_FAILURE(rc))
1725	return PDMDEV_SET_ERROR(pDevIns, rc, N_("Configuration error: Failed to get the \"RevisionId\" value"));
1726
1727	rc = pHlp->pfnCFGMQueryBoolDef(pCfg, "Crb", &pThis->fCrb, false);
1728	if (RT_FAILURE(rc))
1729	return PDMDEV_SET_ERROR(pDevIns, rc, N_("Configuration error: Failed to get the \"Crb\" value"));
1730
1731	/*
1732	* Register the MMIO range, PDM API requests page aligned
1733	* addresses and sizes.
1734	*/
1735	rc = PDMDevHlpMmioCreateAndMap(pDevIns, pThis->GCPhysMmio, TPM_MMIO_SIZE, tpmMmioWrite, tpmMmioRead,
1736	IOMMMIO_FLAGS_READ_PASSTHRU \| IOMMMIO_FLAGS_WRITE_PASSTHRU,
1737	"TPM MMIO", &pThis->hMmio);
1738	AssertRCReturn(rc, rc);
1739
1740	/*
1741	* Attach any TPM driver below.
1742	*/
1743	rc = PDMDevHlpDriverAttach(pDevIns, 0 /iLUN/, &pThisCC->IBase, &pThisCC->pDrvBase, "TPM");
1744	if (RT_SUCCESS(rc))
1745	{
1746	pThisCC->pDrvTpm = PDMIBASE_QUERY_INTERFACE(pThisCC->pDrvBase, PDMITPMCONNECTOR);
1747	AssertLogRelMsgReturn(pThisCC->pDrvTpm, ("TPM#%d: Driver is missing the TPM interface.\n", iInstance), VERR_PDM_MISSING_INTERFACE);
1748
1749	pThis->cbCmdResp = RT_MIN(pThisCC->pDrvTpm->pfnGetBufferSize(pThisCC->pDrvTpm), TPM_DATA_BUFFER_SIZE_MAX);
1750	pThis->fLocChangeSup = pThisCC->pDrvTpm->pfnGetLocalityMax(pThisCC->pDrvTpm) > 0;
1751
1752	pThis->enmTpmVers = pThisCC->pDrvTpm->pfnGetVersion(pThisCC->pDrvTpm);
1753	if (pThis->enmTpmVers == TPMVERSION_UNKNOWN)
1754	return PDMDEV_SET_ERROR(pDevIns, VERR_NOT_SUPPORTED, N_("The emulated TPM version is not supported"));
1755	}
1756	else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
1757	{
1758	pThis->fLocChangeSup = false;
1759	pThis->fEstablishmentSet = false;
1760	pThis->cbCmdResp = TPM_DATA_BUFFER_SIZE_MAX;
1761
1762	pThisCC->pDrvBase = NULL;
1763	pThisCC->pDrvTpm = NULL;
1764	LogRel(("TPM#%d: no unit\n", iInstance));
1765	}
1766	else
1767	AssertLogRelMsgRCReturn(rc, ("TPM#%d: Failed to attach to TPM driver. rc=%Rrc\n", iInstance, rc), rc);
1768
1769	/* Create task for executing requests in ring-3. */
1770	rc = PDMDevHlpTaskCreate(pDevIns, PDMTASK_F_RZ, "TPMCmdWrk",
1771	tpmR3CmdExecWorker, NULL /pvUser/, &pThis->hTpmCmdTask);
1772	AssertRCReturn(rc,rc);
1773
1774	/*
1775	* Saved state.
1776	*/
1777	rc = PDMDevHlpSSMRegister3(pDevIns, TPM_SAVED_STATE_VERSION, sizeof(*pThis),
1778	tpmR3LiveExec, tpmR3SaveExec, tpmR3LoadExec);
1779	AssertRCReturn(rc, rc);
1780
1781	tpmR3HwReset(pThis);
1782	return VINF_SUCCESS;
1783	}
1784
1785	#else /* !IN_RING3 */
1786
1787	/**
1788	* @callback_method_impl{PDMDEVREGR0,pfnConstruct}
1789	*/
1790	static DECLCALLBACK(int) tpmRZConstruct(PPDMDEVINS pDevIns)
1791	{
1792	PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
1793	PDEVTPM pThis = PDMDEVINS_2_DATA(pDevIns, PDEVTPM);
1794
1795	int rc = PDMDevHlpMmioSetUpContext(pDevIns, pThis->hMmio, tpmMmioWrite, tpmMmioRead, NULL /pvUser/);
1796	AssertRCReturn(rc, rc);
1797
1798	return VINF_SUCCESS;
1799	}
1800
1801	#endif /* !IN_RING3 */
1802
1803	/**
1804	* The device registration structure.
1805	*/
1806	const PDMDEVREG g_DeviceTpm =
1807	{
1808	/* .u32Version = */ PDM_DEVREG_VERSION,
1809	/* .uReserved0 = */ 0,
1810	/* .szName = */ "tpm",
1811	/* .fFlags = */ PDM_DEVREG_FLAGS_DEFAULT_BITS \| PDM_DEVREG_FLAGS_RZ \| PDM_DEVREG_FLAGS_NEW_STYLE,
1812	/* .fClass = */ PDM_DEVREG_CLASS_SERIAL,
1813	/* .cMaxInstances = */ 1,
1814	/* .uSharedVersion = */ 42,
1815	/* .cbInstanceShared = */ sizeof(DEVTPM),
1816	/* .cbInstanceCC = */ sizeof(DEVTPMCC),
1817	/* .cbInstanceRC = */ sizeof(DEVTPMRC),
1818	/* .cMaxPciDevices = */ 0,
1819	/* .cMaxMsixVectors = */ 0,
1820	/* .pszDescription = */ "Trusted Platform Module",
1821	#if defined(IN_RING3)
1822	/* .pszRCMod = */ "VBoxDDRC.rc",
1823	/* .pszR0Mod = */ "VBoxDDR0.r0",
1824	/* .pfnConstruct = */ tpmR3Construct,
1825	/* .pfnDestruct = */ tpmR3Destruct,
1826	/* .pfnRelocate = */ NULL,
1827	/* .pfnMemSetup = */ NULL,
1828	/* .pfnPowerOn = */ tpmR3PowerOn,
1829	/* .pfnReset = */ tpmR3Reset,
1830	/* .pfnSuspend = */ NULL,
1831	/* .pfnResume = */ NULL,
1832	/* .pfnAttach = */ NULL,
1833	/* .pfnDetach = */ NULL,
1834	/* .pfnQueryInterface = */ NULL,
1835	/* .pfnInitComplete = */ NULL,
1836	/* .pfnPowerOff = */ NULL,
1837	/* .pfnSoftReset = */ NULL,
1838	/* .pfnReserved0 = */ NULL,
1839	/* .pfnReserved1 = */ NULL,
1840	/* .pfnReserved2 = */ NULL,
1841	/* .pfnReserved3 = */ NULL,
1842	/* .pfnReserved4 = */ NULL,
1843	/* .pfnReserved5 = */ NULL,
1844	/* .pfnReserved6 = */ NULL,
1845	/* .pfnReserved7 = */ NULL,
1846	#elif defined(IN_RING0)
1847	/* .pfnEarlyConstruct = */ NULL,
1848	/* .pfnConstruct = */ tpmRZConstruct,
1849	/* .pfnDestruct = */ NULL,
1850	/* .pfnFinalDestruct = */ NULL,
1851	/* .pfnRequest = */ NULL,
1852	/* .pfnReserved0 = */ NULL,
1853	/* .pfnReserved1 = */ NULL,
1854	/* .pfnReserved2 = */ NULL,
1855	/* .pfnReserved3 = */ NULL,
1856	/* .pfnReserved4 = */ NULL,
1857	/* .pfnReserved5 = */ NULL,
1858	/* .pfnReserved6 = */ NULL,
1859	/* .pfnReserved7 = */ NULL,
1860	#elif defined(IN_RC)
1861	/* .pfnConstruct = */ tpmRZConstruct,
1862	/* .pfnReserved0 = */ NULL,
1863	/* .pfnReserved1 = */ NULL,
1864	/* .pfnReserved2 = */ NULL,
1865	/* .pfnReserved3 = */ NULL,
1866	/* .pfnReserved4 = */ NULL,
1867	/* .pfnReserved5 = */ NULL,
1868	/* .pfnReserved6 = */ NULL,
1869	/* .pfnReserved7 = */ NULL,
1870	#else
1871	# error "Not in IN_RING3, IN_RING0 or IN_RC!"
1872	#endif
1873	/* .u32VersionEnd = */ PDM_DEVREG_VERSION
1874	};
1875
1876	#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
1877

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

© 2023 Oracle
Contact – Privacy policy – Terms of Use