diff mbox series

[v2,1/3] dt-bindings: tpm: Consolidate TCG TIS bindings

Message ID 3f56f0a2bb90697a23e83583a21684b75dc7eea2.1701093036.git.lukas@wunner.de
State Changes Requested
Headers show
Series dt-bindings: tpm: Clean all the things | expand

Checks

Context Check Description
robh/checkpatch warning total: 0 errors, 12 warnings, 359 lines checked
robh/patch-applied success
robh/dtbs-check warning build log
robh/dt-meta-schema success

Commit Message

Lukas Wunner Nov. 27, 2023, 2:02 p.m. UTC 
A significant number of Trusted Platform Modules conform to the "TIS"
specification published by the Trusted Computing Group ("TCG PC Client
Specific TPM Interface Specification").  These chips typically use an
SPI, I²C or LPC bus as transport (via MMIO in the latter case).  Some
of them even support multiple of those buses (selectable through a
config strap) or the same chip is available in multiple SKUs, each with
a different bus interface.

The devicetree bindings for these TPMs have not been converted to DT
schema yet and are spread out across 3 generic files and 3 chip-specific
files.  A few TPM compatible strings were added to trivial-devices.yaml
even though additional properties are documented in the plaintext
bindings.

Consolidate the devicetree bindings into 3 files, one per bus.

Move common properties to a separate tpm-common.yaml.

Document compatible strings which are supported by the TPM TIS driver
but were neglected to be added to the devicetree bindings.

Document the memory-region property recently introduced by commit
1e2714bb83fc ("tpm: Add reserved memory event log").

Signed-off-by: Lukas Wunner <lukas@wunner.de>
---
Changes v1 -> v2:
  * Overhaul i2c compatible definitions.  Turns out that the fallback
    tcg,tpm-tis-i2c only applies to chips conforming to the PTP spec,
    wheras other chips use a vendor-specific interface and thus omit
    the fallback.
  * Don't enforce fallback compatible tcg,tpm_tis-spi for google,cr50.
  * Add nodename restriction to tpm-common.yaml.
  * Add clock constraints that were previously documented for
    infineon,slb9635tt and infineon,slb9645tt.
  * Drop google,cr50 SPI example (Rob).
  * Fix errors for linux,sml-base, linux,sml-size and lpcpd-gpios
    properties (Rob).

 .../bindings/security/tpm/google,cr50.txt     |  19 ---
 .../bindings/security/tpm/st33zp24-i2c.txt    |  34 ------
 .../bindings/security/tpm/st33zp24-spi.txt    |  32 -----
 .../bindings/security/tpm/tpm-i2c.txt         |  26 ----
 .../bindings/security/tpm/tpm_tis_mmio.txt    |  25 ----
 .../bindings/security/tpm/tpm_tis_spi.txt     |  23 ----
 .../bindings/tpm/tcg,tpm-tis-i2c.yaml         | 113 ++++++++++++++++++
 .../bindings/tpm/tcg,tpm-tis-mmio.yaml        |  49 ++++++++
 .../bindings/tpm/tcg,tpm_tis-spi.yaml         |  79 ++++++++++++
 .../devicetree/bindings/tpm/tpm-common.yaml   |  72 +++++++++++
 .../devicetree/bindings/trivial-devices.yaml  |  16 ---
 11 files changed, 313 insertions(+), 175 deletions(-)
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/google,cr50.txt
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt
 delete mode 100644 Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt
 create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml
 create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml
 create mode 100644 Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml
 create mode 100644 Documentation/devicetree/bindings/tpm/tpm-common.yaml

Comments

Rob Herring Nov. 27, 2023, 4:31 p.m. UTC | #1 
On Mon, Nov 27, 2023 at 8:09 AM Lukas Wunner <lukas@wunner.de> wrote:
>
> A significant number of Trusted Platform Modules conform to the "TIS"
> specification published by the Trusted Computing Group ("TCG PC Client
> Specific TPM Interface Specification").  These chips typically use an
> SPI, I²C or LPC bus as transport (via MMIO in the latter case).  Some
> of them even support multiple of those buses (selectable through a
> config strap) or the same chip is available in multiple SKUs, each with
> a different bus interface.
>
> The devicetree bindings for these TPMs have not been converted to DT
> schema yet and are spread out across 3 generic files and 3 chip-specific
> files.  A few TPM compatible strings were added to trivial-devices.yaml
> even though additional properties are documented in the plaintext
> bindings.
>
> Consolidate the devicetree bindings into 3 files, one per bus.
>
> Move common properties to a separate tpm-common.yaml.
>
> Document compatible strings which are supported by the TPM TIS driver
> but were neglected to be added to the devicetree bindings.
>
> Document the memory-region property recently introduced by commit
> 1e2714bb83fc ("tpm: Add reserved memory event log").
>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> ---
> Changes v1 -> v2:
>   * Overhaul i2c compatible definitions.  Turns out that the fallback
>     tcg,tpm-tis-i2c only applies to chips conforming to the PTP spec,
>     wheras other chips use a vendor-specific interface and thus omit
>     the fallback.
>   * Don't enforce fallback compatible tcg,tpm_tis-spi for google,cr50.
>   * Add nodename restriction to tpm-common.yaml.
>   * Add clock constraints that were previously documented for
>     infineon,slb9635tt and infineon,slb9645tt.
>   * Drop google,cr50 SPI example (Rob).

That's going to avoid a warning in the examples, but it's going to
fail any actual google,c50 SPI user. What's going to happen is both
the SPI and I2C TPM schemas will be applied. Any SPI based cases will
fail if they have SPI properties because the I2C schema won't allow
them. If there is no fallback for google,cr50, then you must do a
separate schema doc (well, you could do an if/then schema in
tcg,tpm-tis-i2c.yaml to reference spi-peripheral-props.yaml, but that
would look kind of odd).

Rob
Lukas Wunner Dec. 13, 2023, 4:23 p.m. UTC | #2 
On Mon, Nov 27, 2023 at 10:31:06AM -0600, Rob Herring wrote:
> On Mon, Nov 27, 2023 at 8:09AM Lukas Wunner <lukas@wunner.de> wrote:
> > A significant number of Trusted Platform Modules conform to the "TIS"
> > specification published by the Trusted Computing Group ("TCG PC Client
> > Specific TPM Interface Specification").  These chips typically use an
> > SPI, I²C or LPC bus as transport (via MMIO in the latter case).  Some
> > of them even support multiple of those buses (selectable through a
> > config strap) or the same chip is available in multiple SKUs, each with
> > a different bus interface.
> >
> > The devicetree bindings for these TPMs have not been converted to DT
> > schema yet and are spread out across 3 generic files and 3 chip-specific
> > files.  A few TPM compatible strings were added to trivial-devices.yaml
> > even though additional properties are documented in the plaintext
> > bindings.
> >
> > Consolidate the devicetree bindings into 3 files, one per bus.
[...]
> > Changes v1 -> v2:
> >   * Drop google,cr50 SPI example (Rob).
> 
> That's going to avoid a warning in the examples, but it's going to
> fail any actual google,c50 SPI user. What's going to happen is both
> the SPI and I2C TPM schemas will be applied. Any SPI based cases will
> fail if they have SPI properties because the I2C schema won't allow
> them. If there is no fallback for google,cr50, then you must do a
> separate schema doc (well, you could do an if/then schema in
> tcg,tpm-tis-i2c.yaml to reference spi-peripheral-props.yaml, but that
> would look kind of odd).

I'm wondering if a "select:" property in the schema would be a viable
(and acceptable) way to solve this.

Ideally the validator would match a regex against the $nodename of the
parent and see if it contains "spi" or "i2c".  But I think matching
against the parent's $nodename isn't possible, is it?  I can only
match the TPM's $nodename, right?

All the devicetree nodes in arch/arm64/boot/dts/* containing a
google,cr50 compatible string have an spi-max-frequency property if
they're attached to SPI.  So I think it may be possible to select the
i2c or spi schema based on presence of that property if the compatible
string is google,cr50.  A bit kludgy perhaps but if there's no better
option?

What I don't like about creating a custom schema for google,cr50 is that
there may be other chips in the future which support multiple buses,
so we'd need an spi+i2c schema and probably also an spi+i2c+mmio,
i2c+mmio, spi+mmio schema.  It gets messy.  Granted we could enforce
that these newly added chips use a fallback compatible that we could
select the schema with.  Still, automatically selecting the right
schema would be better, in particular if I could somehow match against
the $nodename of the parent.

Thoughts?

Thanks,

Lukas
Rob Herring Dec. 13, 2023, 5:01 p.m. UTC | #3 
On Wed, Dec 13, 2023 at 10:23 AM Lukas Wunner <lukas@wunner.de> wrote:
>
> On Mon, Nov 27, 2023 at 10:31:06AM -0600, Rob Herring wrote:
> > On Mon, Nov 27, 2023 at 8:09AM Lukas Wunner <lukas@wunner.de> wrote:
> > > A significant number of Trusted Platform Modules conform to the "TIS"
> > > specification published by the Trusted Computing Group ("TCG PC Client
> > > Specific TPM Interface Specification").  These chips typically use an
> > > SPI, I涎 or LPC bus as transport (via MMIO in the latter case).  Some
> > > of them even support multiple of those buses (selectable through a
> > > config strap) or the same chip is available in multiple SKUs, each with
> > > a different bus interface.
> > >
> > > The devicetree bindings for these TPMs have not been converted to DT
> > > schema yet and are spread out across 3 generic files and 3 chip-specific
> > > files.  A few TPM compatible strings were added to trivial-devices.yaml
> > > even though additional properties are documented in the plaintext
> > > bindings.
> > >
> > > Consolidate the devicetree bindings into 3 files, one per bus.
> [...]
> > > Changes v1 -> v2:
> > >   * Drop google,cr50 SPI example (Rob).
> >
> > That's going to avoid a warning in the examples, but it's going to
> > fail any actual google,c50 SPI user. What's going to happen is both
> > the SPI and I2C TPM schemas will be applied. Any SPI based cases will
> > fail if they have SPI properties because the I2C schema won't allow
> > them. If there is no fallback for google,cr50, then you must do a
> > separate schema doc (well, you could do an if/then schema in
> > tcg,tpm-tis-i2c.yaml to reference spi-peripheral-props.yaml, but that
> > would look kind of odd).
>
> I'm wondering if a "select:" property in the schema would be a viable
> (and acceptable) way to solve this.
>
> Ideally the validator would match a regex against the $nodename of the
> parent and see if it contains "spi" or "i2c".  But I think matching
> against the parent's $nodename isn't possible, is it?

No. I've thought of adding something like that, but haven't.

>  I can only
> match the TPM's $nodename, right?

Right.

> All the devicetree nodes in arch/arm64/boot/dts/* containing a
> google,cr50 compatible string have an spi-max-frequency property if
> they're attached to SPI.  So I think it may be possible to select the
> i2c or spi schema based on presence of that property if the compatible
> string is google,cr50.  A bit kludgy perhaps but if there's no better
> option?

I don't think we should make spi-max-frequency required.

> What I don't like about creating a custom schema for google,cr50 is that
> there may be other chips in the future which support multiple buses,
> so we'd need an spi+i2c schema and probably also an spi+i2c+mmio,
> i2c+mmio, spi+mmio schema.  It gets messy.  Granted we could enforce
> that these newly added chips use a fallback compatible that we could
> select the schema with.  Still, automatically selecting the right
> schema would be better, in particular if I could somehow match against
> the $nodename of the parent.

Seems like more of a theoretical problem than realistic. I think cr50
is a bit of a special case. It also has other functions AIUI and maybe
we'll need other DT properties. If we do have new ones, I think
enforcing the fallback should be enough. After all, that's what you
tried to do in v1, but we're stuck with it for cr50.

Another option is combine the SPI and I2C schemas. Then you just need:

if:
  properties:
    compatible:
      contains:
        enum:
          - tcg,tpm_tis-spi
          - google,cr50
then:
  $ref: spi-peripheral-props.yaml

I would leave MMIO separate in that case. Seems unlikely something
would have MMIO and a serial interface.

I still lean towards a separate schema for cr50 over this.

BTW, there's now another conversion patch[1] which I forgot to Cc you
on my reply.

Rob

[1] https://lore.kernel.org/all/20231213161347.GA1204384-robh@kernel.org/
Lukas Wunner Dec. 15, 2023, 3:24 p.m. UTC | #4 
On Wed, Dec 13, 2023 at 11:01:21AM -0600, Rob Herring wrote:
> On Wed, Dec 13, 2023 at 10:23AM Lukas Wunner <lukas@wunner.de> wrote:
> > Ideally the validator would match a regex against the $nodename of the
> > parent and see if it contains "spi" or "i2c".  But I think matching
> > against the parent's $nodename isn't possible, is it?
> 
> No. I've thought of adding something like that, but haven't.

Please consider this a feature request. :)

It would be good if it were possible to define constraints not just
for the $nodename of the parent, but any of its properties.

E.g. with i2c, the clock-frequency is set at the host controller's
devicetree node, not at each attached i2c peripheral's node.
For ACPI, i2c_acpi_find_bus_speed() walks the bus to find the
highest clock speed supported by all attached i2c peripherals,
but for OF, the onus is on the devicetree author to manually
determine the clock.

Thus, for a TPM such as infineon,slb9635tt which only supports 100 kHz,
I want to validate that the parent node's clock-frequency is less than
or equal to that.

In Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
there's an example showing a clock-frequency property at the
peripheral's node and I mistakenly carried that over to the yaml
schema.  A look at the code reveals that's entirely bogus so I'll
drop the clock-frequency property in v3.  I will retain textual
hints that infineon,slb9635tt is limited to 100 kHz and
infineon,slb9645tt to 400 kHz, but as it stands I can't define
rules that would allow the validator to check that automatically.

Thanks,

Lukas
Rob Herring Dec. 18, 2023, 9:01 p.m. UTC | #5 
On Fri, Dec 15, 2023 at 9:24 AM Lukas Wunner <lukas@wunner.de> wrote:
>
> On Wed, Dec 13, 2023 at 11:01:21AM -0600, Rob Herring wrote:
> > On Wed, Dec 13, 2023 at 10:23AM Lukas Wunner <lukas@wunner.de> wrote:
> > > Ideally the validator would match a regex against the $nodename of the
> > > parent and see if it contains "spi" or "i2c".  But I think matching
> > > against the parent's $nodename isn't possible, is it?
> >
> > No. I've thought of adding something like that, but haven't.
>
> Please consider this a feature request. :)
>
> It would be good if it were possible to define constraints not just
> for the $nodename of the parent, but any of its properties.

You could write such a schema, but it would have to be applied to the
parent node rather than the child node. It would have to be applied to
every 'i2c' node and in theory you could have one for every i2c
device. We could define something like "$defs/parent-schema" within
the child device schema and make the tools apply it to the parent
node.

> E.g. with i2c, the clock-frequency is set at the host controller's
> devicetree node, not at each attached i2c peripheral's node.
> For ACPI, i2c_acpi_find_bus_speed() walks the bus to find the
> highest clock speed supported by all attached i2c peripherals,
> but for OF, the onus is on the devicetree author to manually
> determine the clock.
>
> Thus, for a TPM such as infineon,slb9635tt which only supports 100 kHz,
> I want to validate that the parent node's clock-frequency is less than
> or equal to that.
>
> In Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
> there's an example showing a clock-frequency property at the
> peripheral's node and I mistakenly carried that over to the yaml
> schema.  A look at the code reveals that's entirely bogus so I'll
> drop the clock-frequency property in v3.  I will retain textual
> hints that infineon,slb9635tt is limited to 100 kHz and
> infineon,slb9645tt to 400 kHz, but as it stands I can't define
> rules that would allow the validator to check that automatically.

We could adapt the bindings to accept that. Makes sense as that's
mostly a property of each device. SPI freq is per child, but I guess
I2C has to be the minimum of all the child nodes.

Rob
diff mbox series

Patch

diff --git a/Documentation/devicetree/bindings/security/tpm/google,cr50.txt b/Documentation/devicetree/bindings/security/tpm/google,cr50.txt
deleted file mode 100644
index cd69c2efdd37..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/google,cr50.txt
+++ /dev/null
@@ -1,19 +0,0 @@ 
-* H1 Secure Microcontroller with Cr50 Firmware on SPI Bus.
-
-H1 Secure Microcontroller running Cr50 firmware provides several
-functions, including TPM-like functionality. It communicates over
-SPI using the FIFO protocol described in the PTP Spec, section 6.
-
-Required properties:
-- compatible: Should be "google,cr50".
-- spi-max-frequency: Maximum SPI frequency.
-
-Example:
-
-&spi0 {
-	tpm@0 {
-		compatible = "google,cr50";
-		reg = <0>;
-		spi-max-frequency = <800000>;
-	};
-};
diff --git a/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt b/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
deleted file mode 100644
index 0dc121b6eace..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
+++ /dev/null
@@ -1,34 +0,0 @@ 
-* STMicroelectronics SAS. ST33ZP24 TPM SoC
-
-Required properties:
-- compatible: Should be "st,st33zp24-i2c".
-- clock-frequency: I²C work frequency.
-- reg: address on the bus
-
-Optional ST33ZP24 Properties:
-- interrupts: GPIO interrupt to which the chip is connected
-- lpcpd-gpios: Output GPIO pin used for ST33ZP24 power management D1/D2 state.
-If set, power must be present when the platform is going into sleep/hibernate mode.
-
-Optional SoC Specific Properties:
-- pinctrl-names: Contains only one value - "default".
-- pintctrl-0: Specifies the pin control groups used for this controller.
-
-Example (for ARM-based BeagleBoard xM with ST33ZP24 on I2C2):
-
-&i2c2 {
-
-
-        st33zp24: st33zp24@13 {
-
-                compatible = "st,st33zp24-i2c";
-
-                reg = <0x13>;
-                clock-frequency = <400000>;
-
-                interrupt-parent = <&gpio5>;
-                interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;
-
-                lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>;
-        };
-};
diff --git a/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt b/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt
deleted file mode 100644
index 37198971f17b..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt
+++ /dev/null
@@ -1,32 +0,0 @@ 
-* STMicroelectronics SAS. ST33ZP24 TPM SoC
-
-Required properties:
-- compatible: Should be "st,st33zp24-spi".
-- spi-max-frequency: Maximum SPI frequency (<= 10000000).
-
-Optional ST33ZP24 Properties:
-- interrupts: GPIO interrupt to which the chip is connected
-- lpcpd-gpios: Output GPIO pin used for ST33ZP24 power management D1/D2 state.
-If set, power must be present when the platform is going into sleep/hibernate mode.
-
-Optional SoC Specific Properties:
-- pinctrl-names: Contains only one value - "default".
-- pintctrl-0: Specifies the pin control groups used for this controller.
-
-Example (for ARM-based BeagleBoard xM with ST33ZP24 on SPI4):
-
-&mcspi4 {
-
-
-        st33zp24@0 {
-
-                compatible = "st,st33zp24-spi";
-
-                spi-max-frequency = <10000000>;
-
-                interrupt-parent = <&gpio5>;
-                interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;
-
-                lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>;
-        };
-};
diff --git a/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt b/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt
deleted file mode 100644
index a65d7b71e81a..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/tpm-i2c.txt
+++ /dev/null
@@ -1,26 +0,0 @@ 
-* Device Tree Bindings for I2C based Trusted Platform Module(TPM)
-
-Required properties:
-
-- compatible     : 'manufacturer,model', eg. nuvoton,npct650
-- label          : human readable string describing the device, eg. "tpm"
-- linux,sml-base : 64-bit base address of the reserved memory allocated for
-                   the firmware event log
-- linux,sml-size : size of the memory allocated for the firmware event log
-
-Optional properties:
-
-- powered-while-suspended: present when the TPM is left powered on between
-                           suspend and resume (makes the suspend/resume
-                           callbacks do nothing).
-
-Example (for OpenPower Systems with Nuvoton TPM 2.0 on I2C)
-----------------------------------------------------------
-
-tpm@57 {
-	reg = <0x57>;
-	label = "tpm";
-	compatible = "nuvoton,npct650", "nuvoton,npct601";
-	linux,sml-base = <0x7f 0xfd450000>;
-	linux,sml-size = <0x10000>;
-};
diff --git a/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt b/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt
deleted file mode 100644
index 7c6304426da1..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/tpm_tis_mmio.txt
+++ /dev/null
@@ -1,25 +0,0 @@ 
-Trusted Computing Group MMIO Trusted Platform Module
-
-The TCG defines multi vendor standard for accessing a TPM chip, this
-is the standard protocol defined to access the TPM via MMIO. Typically
-this interface will be implemented over Intel's LPC bus.
-
-Refer to the 'TCG PC Client Specific TPM Interface Specification (TIS)' TCG
-publication for the specification.
-
-Required properties:
-
-- compatible: should contain a string below for the chip, followed by
-              "tcg,tpm-tis-mmio". Valid chip strings are:
-	          * "atmel,at97sc3204"
-- reg: The location of the MMIO registers, should be at least 0x5000 bytes
-- interrupts: An optional interrupt indicating command completion.
-
-Example:
-
-	tpm_tis@90000 {
-				compatible = "atmel,at97sc3204", "tcg,tpm-tis-mmio";
-				reg = <0x90000 0x5000>;
-				interrupt-parent = <&EIC0>;
-				interrupts = <1 2>;
-	};
diff --git a/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt b/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt
deleted file mode 100644
index b800667da92b..000000000000
--- a/Documentation/devicetree/bindings/security/tpm/tpm_tis_spi.txt
+++ /dev/null
@@ -1,23 +0,0 @@ 
-Required properties:
-- compatible: should be one of the following
-    "st,st33htpm-spi"
-    "infineon,slb9670"
-    "tcg,tpm_tis-spi"
-- spi-max-frequency: Maximum SPI frequency (depends on TPMs).
-
-Optional SoC Specific Properties:
-- pinctrl-names: Contains only one value - "default".
-- pintctrl-0: Specifies the pin control groups used for this controller.
-
-Example (for ARM-based BeagleBoard xM with TPM_TIS on SPI4):
-
-&mcspi4 {
-
-
-        tpm_tis@0 {
-
-                compatible = "tcg,tpm_tis-spi";
-
-                spi-max-frequency = <10000000>;
-        };
-};
diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml
new file mode 100644
index 000000000000..3af6b4b63f39
--- /dev/null
+++ b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml
@@ -0,0 +1,113 @@ 
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/tpm/tcg,tpm-tis-i2c.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: I²C-attached Trusted Platform Module conforming to TCG TIS specification
+
+maintainers:
+  - Lukas Wunner <lukas@wunner.de>
+
+description: |
+  The Trusted Computing Group (TCG) has defined a multi-vendor standard
+  for accessing a TPM chip.  It can be transported over various buses,
+  one of them being I²C.  The standard is named:
+  TCG PC Client Specific TPM Interface Specification (TIS)
+  https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
+
+  The I²C interface was not originally part of the standard, but added
+  in 2017 with a separate document:
+  TCG PC Client Platform TPM Profile Specification for TPM 2.0 (PTP)
+  https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf
+
+  Recent TPM 2.0 chips conform to this generic interface, others use a
+  vendor-specific I²C interface.
+
+properties:
+  compatible:
+    oneOf:
+      - description: Generic TPM 2.0 chips conforming to TCG PTP interface
+        items:
+          - enum:
+              - infineon,slb9673
+              - nuvoton,npct75x
+          - const: tcg,tpm-tis-i2c
+
+      - description: TPM 1.2 and 2.0 chips with vendor-specific I²C interface
+        items:
+          - enum:
+              - atmel,at97sc3204t # TPM 1.2
+              - google,cr50 # TPM 2.0 (Titan H1 running Cr50 firmware)
+              - infineon,slb9635tt # TPM 1.2
+              - infineon,slb9645tt # TPM 1.2
+              - infineon,tpm_i2c_infineon # TPM 1.2
+              - nuvoton,npct501 # TPM 1.2
+              - nuvoton,npct601 # TPM 2.0
+              - st,st33zp24-i2c # TPM 2.0
+              - winbond,wpct301 # TPM 1.2
+
+  reg:
+    description: address of TPM on the I²C bus
+
+  clock-frequency:
+    description: clock frequency used to access TPM on the I²C bus
+
+allOf:
+  - $ref: tpm-common.yaml#
+  - if:
+      properties:
+        compatible:
+          contains:
+            const: infineon,slb9635tt
+    then:
+      properties:
+        clock-frequency:
+          maximum: 100000
+  - if:
+      properties:
+        compatible:
+          contains:
+            const: infineon,slb9645tt
+    then:
+      properties:
+        clock-frequency:
+          maximum: 400000
+
+required:
+  - compatible
+  - reg
+
+unevaluatedProperties: false
+
+examples:
+  - |
+    i2c {
+        #address-cells = <1>;
+        #size-cells = <0>;
+
+        tpm@57 {
+            label = "tpm";
+            compatible = "nuvoton,npct601";
+            reg = <0x57>;
+            linux,sml-base = <0x7f 0xfd450000>;
+            linux,sml-size = <0x10000>;
+        };
+    };
+
+  - |
+    #include <dt-bindings/gpio/gpio.h>
+    #include <dt-bindings/interrupt-controller/irq.h>
+    i2c {
+        #address-cells = <1>;
+        #size-cells = <0>;
+
+        tpm@13 {
+            reg = <0x13>;
+            compatible = "st,st33zp24-i2c";
+            clock-frequency = <400000>;
+            interrupt-parent = <&gpio5>;
+            interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;
+            lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>;
+        };
+    };
diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml
new file mode 100644
index 000000000000..87bce0692129
--- /dev/null
+++ b/Documentation/devicetree/bindings/tpm/tcg,tpm-tis-mmio.yaml
@@ -0,0 +1,49 @@ 
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/tpm/tcg,tpm-tis-mmio.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: MMIO-accessed Trusted Platform Module conforming to TCG TIS specification
+
+maintainers:
+  - Lukas Wunner <lukas@wunner.de>
+
+description: |
+  The Trusted Computing Group (TCG) has defined a multi-vendor standard
+  for accessing a TPM chip.  It can be transported over various buses,
+  one of them being LPC (via MMIO).  The standard is named:
+  TCG PC Client Specific TPM Interface Specification (TIS)
+  https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
+
+properties:
+  compatible:
+    items:
+      - enum:
+          - at97sc3201
+          - atmel,at97sc3204
+          - socionext,synquacer-tpm-mmio
+      - const: tcg,tpm-tis-mmio
+
+  reg:
+    description:
+      location and length of the MMIO registers, length should be
+      at least 0x5000 bytes
+
+allOf:
+  - $ref: tpm-common.yaml#
+
+required:
+  - compatible
+  - reg
+
+unevaluatedProperties: false
+
+examples:
+  - |
+    tpm@90000 {
+        compatible = "atmel,at97sc3204", "tcg,tpm-tis-mmio";
+        reg = <0x90000 0x5000>;
+        interrupt-parent = <&EIC0>;
+        interrupts = <1 2>;
+    };
diff --git a/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml b/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml
new file mode 100644
index 000000000000..f3a5949b091d
--- /dev/null
+++ b/Documentation/devicetree/bindings/tpm/tcg,tpm_tis-spi.yaml
@@ -0,0 +1,79 @@ 
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/tpm/tcg,tpm_tis-spi.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: SPI-attached Trusted Platform Module conforming to TCG TIS specification
+
+maintainers:
+  - Lukas Wunner <lukas@wunner.de>
+
+description: |
+  The Trusted Computing Group (TCG) has defined a multi-vendor standard
+  for accessing a TPM chip.  It can be transported over various buses,
+  one of them being SPI.  The standard is named:
+  TCG PC Client Specific TPM Interface Specification (TIS)
+  https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
+
+properties:
+  compatible:
+    oneOf:
+      - items:
+          - enum:
+              - infineon,slb9670
+              - st,st33htpm-spi
+              - st,st33zp24-spi
+          - const: tcg,tpm_tis-spi
+
+      - items:
+          - const: google,cr50 # TPM 2.0 (Titan H1 running Cr50 firmware)
+
+allOf:
+  - $ref: tpm-common.yaml#
+  - $ref: /schemas/spi/spi-peripheral-props.yaml#
+  - if:
+      properties:
+        compatible:
+          contains:
+            const: st,st33zp24-spi
+    then:
+      properties:
+        spi-max-frequency:
+          maximum: 10000000
+
+required:
+  - compatible
+  - reg
+
+unevaluatedProperties: false
+
+examples:
+  - |
+    spi {
+        #address-cells = <1>;
+        #size-cells = <0>;
+
+        tpm@0 {
+            reg = <0>;
+            compatible = "infineon,slb9670", "tcg,tpm_tis-spi";
+            spi-max-frequency = <10000000>;
+        };
+    };
+
+  - |
+    #include <dt-bindings/gpio/gpio.h>
+    #include <dt-bindings/interrupt-controller/irq.h>
+    spi {
+        #address-cells = <1>;
+        #size-cells = <0>;
+
+        tpm@0 {
+            reg = <0>;
+            compatible = "st,st33zp24-spi", "tcg,tpm_tis-spi";
+            spi-max-frequency = <10000000>;
+            interrupt-parent = <&gpio5>;
+            interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;
+            lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>;
+        };
+    };
diff --git a/Documentation/devicetree/bindings/tpm/tpm-common.yaml b/Documentation/devicetree/bindings/tpm/tpm-common.yaml
new file mode 100644
index 000000000000..d7006a802b6e
--- /dev/null
+++ b/Documentation/devicetree/bindings/tpm/tpm-common.yaml
@@ -0,0 +1,72 @@ 
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/tpm/tpm-common.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: Trusted Platform Module common properties
+
+maintainers:
+  - Lukas Wunner <lukas@wunner.de>
+
+properties:
+  $nodename:
+    pattern: '^tpm(@[0-9a-f]+)?$'
+
+  interrupts:
+    description: indicates command completion
+    maxItems: 1
+
+  label:
+    description: human readable string describing the device, e.g. "tpm"
+
+  linux,sml-base:
+    description:
+      base address of reserved memory allocated for firmware event log
+    $ref: /schemas/types.yaml#/definitions/uint64
+
+  linux,sml-size:
+    description:
+      size of reserved memory allocated for firmware event log
+    $ref: /schemas/types.yaml#/definitions/uint32
+
+  memory-region:
+    description: reserved memory allocated for firmware event log
+    maxItems: 1
+
+  powered-while-suspended:
+    description:
+      present when the TPM is left powered on between suspend and resume
+      (makes the suspend/resume callbacks do nothing)
+    type: boolean
+
+# must always have both linux,sml-base and linux,sml-size
+dependentRequired:
+  linux,sml-base: ['linux,sml-size']
+  linux,sml-size: ['linux,sml-base']
+
+# must only have either memory-region or linux,sml-base
+dependentSchemas:
+  memory-region:
+    properties:
+      linux,sml-base: false
+  linux,sml-base:
+    properties:
+      memory-region: false
+
+allOf:
+  - if:
+      properties:
+        compatible:
+          contains:
+            pattern: '^st,st33zp24'
+    then:
+      properties:
+        lpcpd-gpios:
+          description:
+            Output GPIO pin used for ST33ZP24 power management of D1/D2 state.
+            If set, power must be present when the platform is going into
+            sleep/hibernate mode.
+          maxItems: 1
+
+additionalProperties: true
diff --git a/Documentation/devicetree/bindings/trivial-devices.yaml b/Documentation/devicetree/bindings/trivial-devices.yaml
index c3190f2a168a..29aed5ddba6b 100644
--- a/Documentation/devicetree/bindings/trivial-devices.yaml
+++ b/Documentation/devicetree/bindings/trivial-devices.yaml
@@ -49,8 +49,6 @@  properties:
           - ams,iaq-core
             # i2c serial eeprom (24cxx)
           - at,24c08
-            # i2c trusted platform module (TPM)
-          - atmel,at97sc3204t
             # ATSHA204 - i2c h/w symmetric crypto module
           - atmel,atsha204
             # ATSHA204A - i2c h/w symmetric crypto module
@@ -145,12 +143,6 @@  properties:
           - infineon,ir38263
             # Infineon IRPS5401 Voltage Regulator (PMIC)
           - infineon,irps5401
-            # Infineon SLB9635 (Soft-) I2C TPM (old protocol, max 100khz)
-          - infineon,slb9635tt
-            # Infineon SLB9645 I2C TPM (new protocol, max 400khz)
-          - infineon,slb9645tt
-            # Infineon SLB9673 I2C TPM 2.0
-          - infineon,slb9673
             # Infineon TLV493D-A1B6 I2C 3D Magnetic Sensor
           - infineon,tlv493d-a1b6
             # Infineon Multi-phase Digital VR Controller xdpe11280
@@ -301,10 +293,6 @@  properties:
           - national,lm85
             # I2C ±0.33°C Accurate, 12-Bit + Sign Temperature Sensor and Thermal Window Comparator
           - national,lm92
-            # i2c trusted platform module (TPM)
-          - nuvoton,npct501
-            # i2c trusted platform module (TPM2)
-          - nuvoton,npct601
             # Nuvoton Temperature Sensor
           - nuvoton,w83773g
             # OKI ML86V7667 video decoder
@@ -349,8 +337,6 @@  properties:
           - silabs,si7020
             # Skyworks SKY81452: Six-Channel White LED Driver with Touch Panel Bias Supply
           - skyworks,sky81452
-            # Socionext SynQuacer TPM MMIO module
-          - socionext,synquacer-tpm-mmio
             # SparkFun Qwiic Joystick (COM-15168) with i2c interface
           - sparkfun,qwiic-joystick
             # i2c serial eeprom (24cxx)
@@ -405,8 +391,6 @@  properties:
           - winbond,w83793
             # Vicor Corporation Digital Supervisor
           - vicor,pli1209bc
-            # i2c trusted platform module (TPM)
-          - winbond,wpct301
 
 required:
   - compatible