Added GPIO examples for Nuvoton NPCT75x TPM 2.0 Modules

* Added GPIO configuration logic
* Added more NV attributes per Nuvoton specification
* Fixes from testing on the hardware
* Improvements on tpm2.h definitions
* Fixes after vendor feedback
* Updated the examples README with NPCT75x information and ST33 differences

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>

Author: Dimitar Tomov

examples/README.md

@@ -8,7 +8,7 @@ The PKCS #7 and TLS examples require generating CSR's and signing them using a t
 
 To enable parameter encryption use `-aes` for AES-CFB mode or `-xor` for XOR mode. Only some TPM commands / responses support parameter encryption. If the TPM2_ API has .flags `CMD_FLAG_ENC2` or `CMD_FLAG_DEC2` set then the command will use parameter encryption / decryption.
 
-There are some vendor specific examples, like the TPM 2.0 extra GPIO examples for ST33.
+There are some vendor specific examples, like the TPM 2.0 extra GPIO examples for ST33 and NPCT75x.
 
 ## Native API Test
 
@@ -433,13 +433,13 @@ Some TPM 2.0 modules have extra I/O functionalities and additional GPIO that the
 
 Currently, the GPIO control examples support only ST33 TPM 2.0 modules.
 
-There are three examples available: `gpio/gpio_config`, `gpio/gpio_set`, `gpio/gpio_read`.
+There are four examples available: `gpio/gpio_config` for ST33 and `gpio/gpio_nuvoton` for NPCT75x. Once configured, a GPIO can be controlled using `gpio/gpio_set` and `gpio/gpio_read`.
 
 Every example has a help option `-h`. Please consult with `gpio_config -h` about the various GPIO modes.
 
-Demo usage is available, when no parameters are supplied. Then, GPIO 0 is used in output mode.
-
+Demo usage is available, when no parameters are supplied. Recommended is to use carefully selected options, because GPIO interact with the physical world.
 
+ST33 supports 6 modes, information from `gpio/gpio_config` below:
 ```
 
 examples/gpio/gpio_config -h
@@ -458,8 +458,25 @@ Example usage, without parameters, configures GPIO0 as input with a pull down.
 
 ```
 
+NPCT75x supports 3 output modes, information from `gpio/gpio_nuvoton` below:
+
+```
+xpected usage:
+./examples/gpio/gpio_config [num] [mode]
+* num is a GPIO number between 3 and 4 (default 3)
+* mode is either push-pull, open-drain or open-drain with pull-up
+	1. pushpull  - output in push pull configuration
+	2. opendrain - output in open drain configuration
+	3. pullup - output in open drain with pull-up enabled
+	4. unconfig - delete NV index for GPIO access
+Example usage, without parameters, configures GPIO3 as push-pull output.
+```
+
+Please note that NPCT75x GPIO numbering starts from GPIO3, while ST33 starts from GPIO0.
+
 Example usage for configuring a GPIO to output can be found below:
 
+- ST33
 ```
 
 $ ./examples/gpio/gpio_config
@@ -476,9 +493,24 @@ GPIO0 set to high level
 
 ```
 
-Switching a GPIO configuration is seamless, because gpio/config takes care of deleting existing NV Index, so a new GPIO configuration can be chosen.
+- NPCT75xx
+
+```
+pi@raspberrypi:~/wolftpm $ sudo ./examples/gpio/gpio_nuvoton 4 1
+Example for GPIO configuration of a NPTC7xx TPM 2.0 module
+GPIO number: 4
+GPIO mode: 1
+wolfTPM2_Init: success
+First, the current NPCT7xx config will be read
+then modified with the new GPIO configuration
+Successfully read the current NPCT7xx configuration
+NTC2_PreConfig success
+NV Index for GPIO access created
+```
+
+Switching a GPIO configuration is seamless. Because for ST33 `gpio/gpio_config` takes care of deleting existing NV Index, so a new GPIO configuration can be chosen. And for NPCT75xx `gpio/gpio_nuvoton` can reconfigure any GPIO without deleteing the creating NV index.
 
-Example usage for configuring a GPIO as input with a pulp-up can be found below:
+Example usage for configuring a GPIO as input with a pull-up on ST33 can be found below:
 
 ```
 

examples/gpio/gpio.h

@@ -26,14 +26,24 @@
     extern "C" {
 #endif
 
-#if defined(WOLFTPM_ST33) || defined(WOLFTPM_AUTODETECT)
+#if defined(WOLFTPM_ST33) || defined(WOLFTPM_NUVOTON) || defined(WOLFTPM_AUTODETECT)
 #define GPIO_NUM_MIN TPM_GPIO_A
-#define GPIO_NUM_MAX (TPM_GPIO_COUNT-1) /* see wolftpm/tpm2.h */
+#define GPIO_NUM_MAX TPM_GPIO_A+TPM_GPIO_COUNT-1 /* see wolftpm/tpm2.h */
+#endif
+
+#ifdef WOLFTPM_NUVOTON
+/* Nuvoton GPIO Modes - only output */
+#define NUVOTON_GPIO_MODE_PUSHPULL  1
+#define NUVOTON_GPIO_MODE_OPENDRAIN 2
+#define NUVOTON_GPIO_MODE_PULLUP    3
+#define NUVOTON_GPIO_MODE_UNCONFIG  4 /* Not a real GPIO mode, deleting NV index */
+#define NUVOTON_GPIO_MODE_MAX 4
 #endif
 
 int TPM2_GPIO_Config_Example(void* userCtx, int argc, char *argv[]);
 int TPM2_GPIO_Read_Example(void* userCtx, int argc, char *argv[]);
 int TPM2_GPIO_Set_Example(void* userCtx, int argc, char *argv[]);
+int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[]);
 
 #ifdef __cplusplus
     }  /* extern "C" */

examples/gpio/gpio_nuvoton.c

@@ -0,0 +1,267 @@
+/* gpio_nuvoton.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfTPM.
+ *
+ * wolfTPM is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfTPM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* This examples demonstrates the use of GPIO available on
+ * Nuvoton TPM 2.0 Modules, e.g. NPCT750 with FW version 7.2.3
+ */
+
+#include <wolftpm/tpm2_wrap.h>
+
+#if defined(WOLFTPM_NUVOTON)
+
+#include <examples/gpio/gpio.h>
+#include <examples/tpm_io.h>
+#include <examples/tpm_test.h>
+
+#include <stdio.h>
+#include <stdlib.h> /* atoi */
+
+
+/******************************************************************************/
+/* --- BEGIN TPM2.0 GPIO Configuration example  -- */
+/******************************************************************************/
+
+static void usage(void)
+{
+    printf("Expected usage:\n");
+    printf("./examples/gpio/gpio_config [num] [mode]\n");
+    printf("* num is a GPIO number between 3 and 4 (default %d)\n", GPIO_NUM_MIN);
+    printf("* mode is either push-pull, open-drain or open-drain with pull-up\n");
+    printf("\t1. pushpull  - output in push pull configuration\n");
+    printf("\t2. opendrain - output in open drain configuration\n");
+    printf("\t3. pullup - output in open drain with pull-up enabled\n");
+    printf("\t4. unconfig - delete NV index for GPIO access\n");
+    printf("Example usage, without parameters, configures GPIO3 as push-pull output.\n");
+}
+
+int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[])
+{
+    int rc = -1;
+    WOLFTPM2_DEV dev;
+    WOLFTPM2_CAPS caps;
+    WOLFTPM2_NV nv;
+    WOLFTPM2_HANDLE parent;
+    TPM_HANDLE nvIndex = TPM_NV_GPIO_SPACE;
+    word32 nvAttributes;
+    int gpioNum = 0;
+    int gpioMode = NUVOTON_GPIO_MODE_PUSHPULL;
+    /* Nuvoton specific structures */
+    CFG_STRUCT newConfig;
+    NTC2_GetConfig_Out getConfig;
+    NTC2_PreConfig_In preConfig;
+
+   if (argc >= 2) {
+        if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
+            XSTRNCMP(argv[1], "-h", 2) == 0 ||
+            XSTRNCMP(argv[1], "--help", 6) == 0) {
+            usage();
+            return 0;
+        }
+        if (argc == 3) {
+            gpioMode = atoi(argv[2]);
+            if (gpioMode > NUVOTON_GPIO_MODE_MAX) {
+                printf("GPIO mode is out of range (1-3)\n");
+                usage();
+                goto exit_badargs;
+            }
+            /* Preparing to process next argument */
+            argc--;
+        }
+        if (argc == 2) {
+            gpioNum = atoi(argv[1]);
+            if (gpioNum < GPIO_NUM_MIN || gpioNum > GPIO_NUM_MAX) {
+                printf("GPIO is out of range (%d-%d)\n", GPIO_NUM_MIN, GPIO_NUM_MAX);
+                usage();
+                goto exit_badargs;
+            }
+            nvIndex = TPM_NV_GPIO_SPACE + (gpioNum-GPIO_NUM_MIN);
+            /* all arguments processed */
+        }
+    }
+    else if (argc == 1) {
+        /* Default behavior, without arguments: GPIO 3 as pushpull output */
+        gpioMode = NUVOTON_GPIO_MODE_PUSHPULL;
+        gpioNum = GPIO_NUM_MIN;
+    }
+    else {
+        printf("Incorrect arguments\n");
+        usage();
+        goto exit_badargs;
+    }
+
+    printf("Example for GPIO configuration of a NPTC7xx TPM 2.0 module\n");
+
+    printf("GPIO number: %d\n", gpioNum);
+    printf("GPIO mode: %d\n", gpioMode);
+
+    rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+        goto exit;
+    }
+    printf("wolfTPM2_Init: success\n");
+
+    /* Get TPM capabilities, to discover the TPM vendor */
+    rc = wolfTPM2_GetCapabilities(&dev, &caps);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("wolfTPM2_GetCapabilities failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+    }
+
+    /* Confirm the TPM vendor */
+    if (caps.mfg != TPM_MFG_NUVOTON) {
+        printf("TPM model mismatch. This example demonstrates extra GPIO on NPCT7xx.\n");
+        goto exit;
+    }
+
+#if 0 /* TODO: Satisfy NV_POLICY_DELETE */
+#ifdef DEBUG_WOLFTPM
+    printf("Trying to remove NV index 0x%8.8X used for GPIO\n", nvIndex);
+#endif
+    /* Make sure NV Index for this GPIO is cleared before use
+     * This way we make sure a new GPIO config can be set
+     */
+    rc = wolfTPM2_NVDelete(&dev, TPM_RH_PLATFORM, nvIndex);
+    if (rc == TPM_RC_SUCCESS) {
+        printf("NV index undefined\n");
+    }
+    else if (rc == (TPM_RC_HANDLE | TPM_RC_2)) {
+        printf("NV Index is available for GPIO use\n");
+    }
+    else {
+        printf("wolfTPM2_NVDelete failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+    }
+#endif
+    /* GPIO un-configuration is done using NVDelete, no further action needed */
+    if (gpioMode == NUVOTON_GPIO_MODE_UNCONFIG) {
+        printf("Reconfiguration does not require to NV index deletion\n");
+        goto exit;
+    }
+
+    printf("First, the current NPCT7xx config will be read\n" \
+           "then modified with the new GPIO configuration\n");
+
+    XMEMSET(&newConfig, 0, sizeof(newConfig));
+    XMEMSET(&getConfig, 0, sizeof(getConfig));
+    rc = TPM2_NTC2_GetConfig(&getConfig);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("NTC2_getConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+        goto exit;
+    }
+    printf("Successfully read the current NPCT7xx configuration\n");
+    XMEMCPY(&newConfig, &getConfig.preConfig, sizeof(newConfig));
+
+#ifdef DEBUG_WOLFTPM
+    printf("getConfig CFG_CONFIG structure:\n");
+    TPM2_PrintBin((byte*)&getConfig.preConfig, sizeof(getConfig.preConfig));
+#endif
+
+    /* Prepare GPIO configuration according to Nuvoton requirements */
+    if(gpioMode == NUVOTON_GPIO_MODE_PUSHPULL) {
+        newConfig.GpioPushPull |= (1 << gpioNum);
+    }
+    else {
+        /* NUVOTON_GPIO_MODE_OPENDRAIN || NUVOTON_GPIO_MODE_PULLUP */
+        newConfig.GpioPushPull &= ~(1 << gpioNum);
+    }
+
+    /* Set pull-up to disabled by default, configure below only if requested */
+    newConfig.GpioPullUp &= ~(1 << gpioNum);
+
+    /* Extra step for open-drain with pull-up mode */
+    if (gpioMode == NUVOTON_GPIO_MODE_PULLUP) {
+        newConfig.GpioPullUp &= ~(1 << gpioNum);
+    }
+
+#ifdef DEBUG_WOLFTPM
+    printf("newConfig CFG_CONFIG structure:\n");
+    TPM2_PrintBin((byte*)&newConfig, sizeof(newConfig));
+#endif
+
+    /* Configuring a TPM GPIO requires a PLATFORM authorization. Afterwards,
+     * using that GPIO is up to the user. Therefore, NV Indexes are operated
+     * using OWNER authorization. See below NVCreateAuth.
+     */
+    XMEMSET(&preConfig, 0, sizeof(preConfig));
+    preConfig.authHandle = TPM_RH_PLATFORM;
+    XMEMCPY(&preConfig.preConfig, &newConfig, sizeof(newConfig));
+    rc = TPM2_NTC2_PreConfig(&preConfig);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("TPM2_SetCommandSet failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+        goto exit;
+    }
+    printf("NTC2_PreConfig success\n");
+
+    /* Configure NV Index for access to this GPIO */
+    XMEMSET(&nv, 0, sizeof(nv));
+    XMEMSET(&parent, 0, sizeof(parent));
+    /* Initial NV attributes */
+    parent.hndl = TPM_RH_PLATFORM;
+    rc = wolfTPM2_GetNvAttributesTemplate(parent.hndl, &nvAttributes);
+    /* Add NV attributes required by Nuvoton specification */
+    nvAttributes |= (TPMA_NV_PLATFORMCREATE | TPMA_NV_POLICY_DELETE);
+    nvAttributes |= (TPM_NT_ORDINARY & TPMA_NV_TPM_NT);
+    if (rc != 0) {
+        printf("Setting NV attributes failed\n");
+        goto exit;
+    }
+#ifdef DEBUG_WOLFTPM
+    printf("nvAttributes = 0x%8.8X\n", nvAttributes);
+#endif
+
+    /* Define NV Index for GPIO */
+    rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, nvIndex, nvAttributes,
+                               sizeof(BYTE), (byte*)gNvAuth, sizeof(gNvAuth)-1);
+    if (rc != 0 && rc != TPM_RC_NV_DEFINED) {
+        printf("Creating NV Index for GPIO acccess failed\n");
+        goto exit;
+    }
+    printf("NV Index for GPIO access created\n");
+
+exit:
+
+    wolfTPM2_Cleanup(&dev);
+
+exit_badargs:
+
+    return rc;
+}
+
+/******************************************************************************/
+/* --- END TPM2.0 GPIO Configuration example -- */
+/******************************************************************************/
+#endif /* WOLFTPM_NUVOTON */
+
+#ifndef NO_MAIN_DRIVER
+int main(int argc, char *argv[])
+{
+    int rc = -1;
+
+#if defined(WOLFTPM_NUVOTON)
+    rc = TPM2_GPIO_Nuvoton_Example(NULL, argc, argv);
+#else
+    printf("This example demonstrates extra GPIO on Nuvoton TPM 2.0 modules.\n");
+    (void)argc;
+    (void)argv;
+#endif /* WOLFTPM_NUVOTON */
+
+    return rc;
+}
+#endif