1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3 * Copyright (c) 2017-2021, STMicroelectronics
4 */
5
6 #include <assert.h>
7 #include <config.h>
8 #include <drivers/stm32_bsec.h>
9 #include <io.h>
10 #include <kernel/delay.h>
11 #include <kernel/dt.h>
12 #include <kernel/boot.h>
13 #include <kernel/pm.h>
14 #include <kernel/spinlock.h>
15 #include <libfdt.h>
16 #include <limits.h>
17 #include <mm/core_memprot.h>
18 #include <platform_config.h>
19 #include <stm32_util.h>
20 #include <string.h>
21 #include <tee_api_defines.h>
22 #include <types_ext.h>
23 #include <util.h>
24
25 #ifdef CFG_STM32MP13
26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec"
27 #endif
28 #ifdef CFG_STM32MP15
29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec"
30 #endif
31
32 #define BSEC_OTP_MASK GENMASK_32(4, 0)
33 #define BSEC_OTP_BANK_SHIFT U(5)
34
35 /* Permanent lock bitmasks */
36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3)
37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1)
38
39 /* BSEC register offset */
40 #define BSEC_OTP_CONF_OFF U(0x000)
41 #define BSEC_OTP_CTRL_OFF U(0x004)
42 #define BSEC_OTP_WRDATA_OFF U(0x008)
43 #define BSEC_OTP_STATUS_OFF U(0x00C)
44 #define BSEC_OTP_LOCK_OFF U(0x010)
45 #define BSEC_DEN_OFF U(0x014)
46 #define BSEC_FEN_OFF U(0x018)
47 #define BSEC_DISTURBED_OFF U(0x01C)
48 #define BSEC_DISTURBED1_OFF U(0x020)
49 #define BSEC_DISTURBED2_OFF U(0x024)
50 #define BSEC_ERROR_OFF U(0x034)
51 #define BSEC_ERROR1_OFF U(0x038)
52 #define BSEC_ERROR2_OFF U(0x03C)
53 #define BSEC_WRLOCK_OFF U(0x04C)
54 #define BSEC_WRLOCK1_OFF U(0x050)
55 #define BSEC_WRLOCK2_OFF U(0x054)
56 #define BSEC_SPLOCK_OFF U(0x064)
57 #define BSEC_SPLOCK1_OFF U(0x068)
58 #define BSEC_SPLOCK2_OFF U(0x06C)
59 #define BSEC_SWLOCK_OFF U(0x07C)
60 #define BSEC_SWLOCK1_OFF U(0x080)
61 #define BSEC_SWLOCK2_OFF U(0x084)
62 #define BSEC_SRLOCK_OFF U(0x094)
63 #define BSEC_SRLOCK1_OFF U(0x098)
64 #define BSEC_SRLOCK2_OFF U(0x09C)
65 #define BSEC_JTAG_IN_OFF U(0x0AC)
66 #define BSEC_JTAG_OUT_OFF U(0x0B0)
67 #define BSEC_SCRATCH_OFF U(0x0B4)
68 #define BSEC_OTP_DATA_OFF U(0x200)
69 #define BSEC_IPHW_CFG_OFF U(0xFF0)
70 #define BSEC_IPVR_OFF U(0xFF4)
71 #define BSEC_IP_ID_OFF U(0xFF8)
72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC)
73
74 /* BSEC_CONFIGURATION Register */
75 #define BSEC_CONF_POWER_UP_MASK BIT(0)
76 #define BSEC_CONF_POWER_UP_SHIFT U(0)
77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1)
78 #define BSEC_CONF_FRQ_SHIFT U(1)
79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3)
80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3)
81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7)
82 #define BSEC_CONF_TREAD_SHIFT U(7)
83
84 /* BSEC_CONTROL Register */
85 #define BSEC_READ U(0x000)
86 #define BSEC_WRITE U(0x100)
87 #define BSEC_LOCK U(0x200)
88
89 /* BSEC_STATUS Register */
90 #define BSEC_MODE_SECURED BIT(0)
91 #define BSEC_MODE_INVALID BIT(2)
92 #define BSEC_MODE_BUSY BIT(3)
93 #define BSEC_MODE_PROGFAIL BIT(4)
94 #define BSEC_MODE_PWR BIT(5)
95 #define BSEC_MODE_CLOSED BIT(8)
96
97 /* BSEC_DENR register fields */
98 #define BSEC_DENR_DBGEN BIT(1)
99 #define BSEC_DENR_NIDEN BIT(2)
100 #define BSEC_DENR_DEVICEEN BIT(3)
101 #define BSEC_DENR_HDPEN BIT(4)
102 #define BSEC_DENR_SPIDEN BIT(5)
103 #define BSEC_DENR_SPNIDEN BIT(6)
104 #define BSEC_DENR_DBGSWEN BIT(10)
105
106 /* BSEC_DEBUG bitfields */
107 #ifdef CFG_STM32MP13
108 #define BSEC_DEN_ALL_MSK (GENMASK_32(11, 10) | GENMASK_32(8, 1))
109 #endif
110 #ifdef CFG_STM32MP15
111 #define BSEC_DEN_ALL_MSK GENMASK_32(11, 1)
112 #endif
113
114 /*
115 * OTP Lock services definition
116 * Value must corresponding to the bit position in the register
117 */
118 #define BSEC_LOCK_UPPER_OTP U(0x00)
119 #define BSEC_LOCK_DEBUG U(0x02)
120 #define BSEC_LOCK_PROGRAM U(0x04)
121
122 /* Timeout when polling on status */
123 #define BSEC_TIMEOUT_US U(10000)
124
125 struct bsec_dev {
126 struct io_pa_va base;
127 unsigned int upper_base;
128 unsigned int max_id;
129 uint32_t *nsec_access;
130 };
131
132 /* Only 1 instance of BSEC is expected per platform */
133 static struct bsec_dev bsec_dev;
134
135 /* BSEC access protection */
136 static unsigned int lock = SPINLOCK_UNLOCK;
137
bsec_lock(void)138 static uint32_t bsec_lock(void)
139 {
140 return may_spin_lock(&lock);
141 }
142
bsec_unlock(uint32_t exceptions)143 static void bsec_unlock(uint32_t exceptions)
144 {
145 may_spin_unlock(&lock, exceptions);
146 }
147
otp_max_id(void)148 static uint32_t otp_max_id(void)
149 {
150 return bsec_dev.max_id;
151 }
152
otp_upper_base(void)153 static uint32_t otp_upper_base(void)
154 {
155 return bsec_dev.upper_base;
156 }
157
otp_bank_offset(uint32_t otp_id)158 static uint32_t otp_bank_offset(uint32_t otp_id)
159 {
160 assert(otp_id <= otp_max_id());
161
162 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
163 sizeof(uint32_t);
164 }
165
bsec_base(void)166 static vaddr_t bsec_base(void)
167 {
168 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1);
169 }
170
bsec_status(void)171 static uint32_t bsec_status(void)
172 {
173 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
174 }
175
state_is_invalid_mode(void)176 static bool state_is_invalid_mode(void)
177 {
178 return bsec_status() & BSEC_MODE_INVALID;
179 }
180
state_is_secured_mode(void)181 static bool state_is_secured_mode(void)
182 {
183 return bsec_status() & BSEC_MODE_SECURED;
184 }
185
state_is_closed_mode(void)186 static bool state_is_closed_mode(void)
187 {
188 uint32_t otp_cfg = 0;
189 uint32_t close_mode = 0;
190 TEE_Result res = TEE_ERROR_GENERIC;
191 size_t __maybe_unused sz = 0;
192 uint8_t __maybe_unused offset = 0;
193
194 if (IS_ENABLED(CFG_STM32MP13))
195 return bsec_status() & BSEC_MODE_CLOSED;
196
197 res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg,
198 &offset, &sz);
199 if (res || sz != 8 || offset)
200 panic("CFG0 OTP not found or invalid");
201
202 if (stm32_bsec_read_otp(&close_mode, otp_cfg))
203 panic("Unable to read OTP");
204
205 return close_mode & CFG0_OTP_CLOSED_DEVICE;
206 }
207
208 /*
209 * Check that BSEC interface does not report an error
210 * @otp_id : OTP number
211 * @check_disturbed: check only error (false) or all sources (true)
212 * Return a TEE_Result compliant value
213 */
check_no_error(uint32_t otp_id,bool check_disturbed)214 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
215 {
216 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
217 uint32_t bank = otp_bank_offset(otp_id);
218
219 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
220 return TEE_ERROR_GENERIC;
221
222 if (check_disturbed &&
223 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
224 return TEE_ERROR_GENERIC;
225
226 return TEE_SUCCESS;
227 }
228
power_up_safmem(void)229 static TEE_Result power_up_safmem(void)
230 {
231 uint64_t timeout_ref = 0;
232
233 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
234 BSEC_CONF_POWER_UP_MASK);
235
236 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
237 while (!timeout_elapsed(timeout_ref))
238 if (bsec_status() & BSEC_MODE_PWR)
239 break;
240
241 if (bsec_status() & BSEC_MODE_PWR)
242 return TEE_SUCCESS;
243
244 return TEE_ERROR_GENERIC;
245 }
246
power_down_safmem(void)247 static TEE_Result power_down_safmem(void)
248 {
249 uint64_t timeout_ref = 0;
250
251 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
252
253 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
254 while (!timeout_elapsed(timeout_ref))
255 if (!(bsec_status() & BSEC_MODE_PWR))
256 break;
257
258 if (!(bsec_status() & BSEC_MODE_PWR))
259 return TEE_SUCCESS;
260
261 return TEE_ERROR_GENERIC;
262 }
263
stm32_bsec_shadow_register(uint32_t otp_id)264 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
265 {
266 TEE_Result result = 0;
267 uint32_t exceptions = 0;
268 uint64_t timeout_ref = 0;
269 bool locked = false;
270
271 /* Check if shadowing of OTP is locked, informative only */
272 result = stm32_bsec_read_sr_lock(otp_id, &locked);
273 if (result)
274 return result;
275
276 if (locked)
277 DMSG("BSEC shadow warning: OTP locked");
278
279 if (state_is_invalid_mode())
280 return TEE_ERROR_SECURITY;
281
282 exceptions = bsec_lock();
283
284 result = power_up_safmem();
285 if (result)
286 goto out;
287
288 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
289
290 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
291 while (!timeout_elapsed(timeout_ref))
292 if (!(bsec_status() & BSEC_MODE_BUSY))
293 break;
294
295 if (bsec_status() & BSEC_MODE_BUSY)
296 result = TEE_ERROR_BUSY;
297 else
298 result = check_no_error(otp_id, true /* check-disturbed */);
299
300 power_down_safmem();
301
302 out:
303 bsec_unlock(exceptions);
304
305 return result;
306 }
307
stm32_bsec_read_otp(uint32_t * value,uint32_t otp_id)308 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
309 {
310 if (otp_id > otp_max_id())
311 return TEE_ERROR_BAD_PARAMETERS;
312
313 if (state_is_invalid_mode())
314 return TEE_ERROR_SECURITY;
315
316 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
317 (otp_id * sizeof(uint32_t)));
318
319 return TEE_SUCCESS;
320 }
321
stm32_bsec_shadow_read_otp(uint32_t * otp_value,uint32_t otp_id)322 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
323 {
324 TEE_Result result = 0;
325
326 result = stm32_bsec_shadow_register(otp_id);
327 if (result) {
328 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
329 return result;
330 }
331
332 result = stm32_bsec_read_otp(otp_value, otp_id);
333 if (result)
334 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
335
336 return result;
337 }
338
stm32_bsec_write_otp(uint32_t value,uint32_t otp_id)339 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
340 {
341 TEE_Result result = 0;
342 uint32_t exceptions = 0;
343 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
344 bool locked = false;
345
346 /* Check if write of OTP is locked, informative only */
347 result = stm32_bsec_read_sw_lock(otp_id, &locked);
348 if (result)
349 return result;
350
351 if (locked)
352 DMSG("BSEC write warning: OTP locked");
353
354 if (state_is_invalid_mode())
355 return TEE_ERROR_SECURITY;
356
357 exceptions = bsec_lock();
358
359 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
360
361 bsec_unlock(exceptions);
362
363 return TEE_SUCCESS;
364 }
365
366 #ifdef CFG_STM32_BSEC_WRITE
stm32_bsec_program_otp(uint32_t value,uint32_t otp_id)367 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
368 {
369 TEE_Result result = 0;
370 uint32_t exceptions = 0;
371 uint64_t timeout_ref = 0;
372 bool locked = false;
373
374 /* Check if shadowing of OTP is locked, informative only */
375 result = stm32_bsec_read_sp_lock(otp_id, &locked);
376 if (result)
377 return result;
378
379 if (locked)
380 DMSG("BSEC program warning: OTP locked");
381
382 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
383 DMSG("BSEC program warning: GPLOCK activated");
384
385 if (state_is_invalid_mode())
386 return TEE_ERROR_SECURITY;
387
388 exceptions = bsec_lock();
389
390 result = power_up_safmem();
391 if (result)
392 goto out;
393
394 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
395 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
396
397 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
398 while (!timeout_elapsed(timeout_ref))
399 if (!(bsec_status() & BSEC_MODE_BUSY))
400 break;
401
402 if (bsec_status() & BSEC_MODE_BUSY)
403 result = TEE_ERROR_BUSY;
404 else if (bsec_status() & BSEC_MODE_PROGFAIL)
405 result = TEE_ERROR_BAD_PARAMETERS;
406 else
407 result = check_no_error(otp_id, true /* check-disturbed */);
408
409 power_down_safmem();
410
411 out:
412 bsec_unlock(exceptions);
413
414 return result;
415 }
416
stm32_bsec_permanent_lock_otp(uint32_t otp_id)417 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
418 {
419 TEE_Result result = 0;
420 uint32_t data = 0;
421 uint32_t addr = 0;
422 uint32_t exceptions = 0;
423 vaddr_t base = bsec_base();
424 uint64_t timeout_ref = 0;
425 uint32_t upper_base = otp_upper_base();
426
427 if (otp_id > otp_max_id())
428 return TEE_ERROR_BAD_PARAMETERS;
429
430 /*
431 * 2 bits per words for lower OTPs: 2:1 Redundancy
432 * 1 bit per word for upper OTPs : ECC support
433 * e.g with 32 lower and 64 upper OTPs:
434 * OTP word to be ADDR[6:0] WRDATA[31:0]
435 * locked
436 * 0 0x00 0x0000 0003
437 * 1 0x00 0x0000 000C
438 * ... ... ...
439 * 7 0x00 0x0000 C000
440 * 8 0x01 0x0000 0003
441 * ... ... ...
442 * 31 0x03 0x0000 C000
443 * 32 0x04 0x0000 0001
444 * 33 0x04 0x0000 0002
445 * 95 0x07 0x0000 8000
446 */
447 if (otp_id < upper_base) {
448 addr = otp_id / 8U;
449 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF);
450 } else {
451 addr = upper_base / 8U + (otp_id - upper_base) / 16U;
452 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF);
453 }
454
455 if (state_is_invalid_mode())
456 return TEE_ERROR_SECURITY;
457
458 exceptions = bsec_lock();
459
460 result = power_up_safmem();
461 if (result)
462 goto out;
463
464 io_write32(base + BSEC_OTP_WRDATA_OFF, data);
465 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
466
467 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
468 while (!timeout_elapsed(timeout_ref))
469 if (!(bsec_status() & BSEC_MODE_BUSY))
470 break;
471
472 if (bsec_status() & BSEC_MODE_BUSY)
473 result = TEE_ERROR_BUSY;
474 else if (bsec_status() & BSEC_MODE_PROGFAIL)
475 result = TEE_ERROR_BAD_PARAMETERS;
476 else
477 result = check_no_error(otp_id, false /* not-disturbed */);
478
479 #ifdef CFG_STM32MP13
480 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK);
481 #endif
482
483 power_down_safmem();
484
485 out:
486 bsec_unlock(exceptions);
487
488 return result;
489 }
490 #endif /*CFG_STM32_BSEC_WRITE*/
491
stm32_bsec_write_debug_conf(uint32_t value)492 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
493 {
494 TEE_Result result = TEE_ERROR_GENERIC;
495 uint32_t exceptions = 0;
496
497 assert(!(value & ~BSEC_DEN_ALL_MSK));
498
499 if (state_is_invalid_mode())
500 return TEE_ERROR_SECURITY;
501
502 exceptions = bsec_lock();
503
504 io_clrsetbits32(bsec_base() + BSEC_DEN_OFF, BSEC_DEN_ALL_MSK, value);
505
506 if (stm32_bsec_read_debug_conf() == value)
507 result = TEE_SUCCESS;
508
509 bsec_unlock(exceptions);
510
511 return result;
512 }
513
stm32_bsec_read_debug_conf(void)514 uint32_t stm32_bsec_read_debug_conf(void)
515 {
516 return io_read32(bsec_base() + BSEC_DEN_OFF) & BSEC_DEN_ALL_MSK;
517 }
518
set_bsec_lock(uint32_t otp_id,size_t lock_offset)519 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
520 {
521 uint32_t bank = otp_bank_offset(otp_id);
522 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
523 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
524 uint32_t exceptions = 0;
525
526 if (otp_id > STM32MP1_OTP_MAX_ID)
527 return TEE_ERROR_BAD_PARAMETERS;
528
529 if (state_is_invalid_mode())
530 return TEE_ERROR_SECURITY;
531
532 exceptions = bsec_lock();
533
534 io_write32(lock_addr, otp_mask);
535
536 bsec_unlock(exceptions);
537
538 return TEE_SUCCESS;
539 }
540
stm32_bsec_set_sr_lock(uint32_t otp_id)541 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
542 {
543 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
544 }
545
stm32_bsec_set_sw_lock(uint32_t otp_id)546 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
547 {
548 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
549 }
550
stm32_bsec_set_sp_lock(uint32_t otp_id)551 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
552 {
553 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
554 }
555
read_bsec_lock(uint32_t otp_id,bool * locked,size_t lock_offset)556 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
557 size_t lock_offset)
558 {
559 uint32_t bank = otp_bank_offset(otp_id);
560 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
561 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
562
563 if (otp_id > STM32MP1_OTP_MAX_ID)
564 return TEE_ERROR_BAD_PARAMETERS;
565
566 if (state_is_invalid_mode())
567 return TEE_ERROR_SECURITY;
568
569 *locked = (io_read32(lock_addr) & otp_mask) != 0;
570
571 return TEE_SUCCESS;
572 }
573
stm32_bsec_read_sr_lock(uint32_t otp_id,bool * locked)574 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
575 {
576 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
577 }
578
stm32_bsec_read_sw_lock(uint32_t otp_id,bool * locked)579 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
580 {
581 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
582 }
583
stm32_bsec_read_sp_lock(uint32_t otp_id,bool * locked)584 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
585 {
586 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
587 }
588
stm32_bsec_read_permanent_lock(uint32_t otp_id,bool * locked)589 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
590 {
591 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
592 }
593
nsec_access_array_size(void)594 static size_t nsec_access_array_size(void)
595 {
596 size_t upper_count = otp_max_id() - otp_upper_base() + 1;
597
598 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD);
599 }
600
nsec_access_granted(unsigned int index)601 static bool nsec_access_granted(unsigned int index)
602 {
603 uint32_t *array = bsec_dev.nsec_access;
604
605 return array &&
606 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() &&
607 array[index / BSEC_BITS_PER_WORD] &
608 BIT(index % BSEC_BITS_PER_WORD);
609 }
610
stm32_bsec_can_access_otp(uint32_t otp_id)611 bool stm32_bsec_can_access_otp(uint32_t otp_id)
612 {
613 return (otp_id <= otp_max_id()) && !state_is_invalid_mode();
614 }
615
stm32_bsec_nsec_can_access_otp(uint32_t otp_id)616 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
617 {
618 return otp_id < otp_upper_base() ||
619 nsec_access_granted(otp_id - otp_upper_base());
620 }
621
622 /*
623 * struct nvmem_layout - NVMEM cell description
624 * @name: Name of the nvmem node in the DT
625 * @otp_id: BSEC base index for the OTP words
626 * @bit_offset: Bit offset in the OTP word
627 * @bit_len: Bit size of the OTP word
628 * @phandle: Associated phandle in embedded DTB
629 */
630 struct nvmem_layout {
631 char *name;
632 uint32_t otp_id;
633 uint8_t bit_offset;
634 size_t bit_len;
635 uint32_t phandle;
636 };
637
638 static struct nvmem_layout *nvmem_layout;
639 static size_t nvmem_layout_count;
640
stm32_bsec_otp_setting(size_t i,uint32_t * otp_id,uint8_t * otp_bit_offset,size_t * otp_bit_len)641 static TEE_Result stm32_bsec_otp_setting(size_t i,
642 uint32_t *otp_id,
643 uint8_t *otp_bit_offset,
644 size_t *otp_bit_len)
645 {
646 if (otp_id)
647 *otp_id = nvmem_layout[i].otp_id;
648
649 if (otp_bit_offset)
650 *otp_bit_offset = nvmem_layout[i].bit_offset;
651
652 if (otp_bit_len)
653 *otp_bit_len = nvmem_layout[i].bit_len;
654
655 DMSG("nvmem[%zu] = %s at BSEC word %" PRIu32 " bits [%" PRIu8 " %zu]",
656 i, nvmem_layout[i].name, nvmem_layout[i].otp_id,
657 nvmem_layout[i].bit_offset, nvmem_layout[i].bit_len);
658
659 return TEE_SUCCESS;
660 }
661
stm32_bsec_find_otp_in_nvmem_layout(const char * name,uint32_t * otp_id,uint8_t * otp_bit_offset,size_t * otp_bit_len)662 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
663 uint32_t *otp_id,
664 uint8_t *otp_bit_offset,
665 size_t *otp_bit_len)
666 {
667 size_t i = 0;
668
669 if (!name)
670 return TEE_ERROR_BAD_PARAMETERS;
671
672 for (i = 0; i < nvmem_layout_count; i++) {
673 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name))
674 continue;
675
676 return stm32_bsec_otp_setting(i, otp_id, otp_bit_offset,
677 otp_bit_len);
678 }
679
680 DMSG("nvmem %s failed", name);
681
682 return TEE_ERROR_ITEM_NOT_FOUND;
683 }
684
stm32_bsec_find_otp_by_phandle(const uint32_t phandle,uint32_t * otp_id,uint8_t * otp_bit_offset,size_t * otp_bit_len)685 TEE_Result stm32_bsec_find_otp_by_phandle(const uint32_t phandle,
686 uint32_t *otp_id,
687 uint8_t *otp_bit_offset,
688 size_t *otp_bit_len)
689 {
690 size_t i = 0;
691
692 if (!phandle)
693 return TEE_ERROR_GENERIC;
694
695 for (i = 0; i < nvmem_layout_count; i++) {
696 if (nvmem_layout[i].phandle != phandle)
697 continue;
698
699 return stm32_bsec_otp_setting(i, otp_id, otp_bit_offset,
700 otp_bit_len);
701 }
702
703 DMSG("nvmem %u not found", phandle);
704
705 return TEE_ERROR_ITEM_NOT_FOUND;
706 }
707
stm32_bsec_get_state(enum stm32_bsec_sec_state * state)708 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *state)
709 {
710 if (!state)
711 return TEE_ERROR_BAD_PARAMETERS;
712
713 if (state_is_invalid_mode() || !state_is_secured_mode()) {
714 *state = BSEC_STATE_INVALID;
715 } else {
716 if (state_is_closed_mode())
717 *state = BSEC_STATE_SEC_CLOSED;
718 else
719 *state = BSEC_STATE_SEC_OPEN;
720 }
721
722 return TEE_SUCCESS;
723 }
724
stm32_bsec_hdp_is_enabled(void)725 bool stm32_bsec_hdp_is_enabled(void)
726 {
727 return io_read32(bsec_base() + BSEC_DEN_OFF) & BSEC_DENR_HDPEN;
728 }
729
stm32_bsec_coresight_is_enabled(void)730 bool stm32_bsec_coresight_is_enabled(void)
731 {
732 uint32_t denr = io_read32(bsec_base() + BSEC_DEN_OFF);
733 uint32_t coresight_mask = BSEC_DENR_DBGEN | BSEC_DENR_DEVICEEN |
734 BSEC_DENR_DBGSWEN;
735
736 return (denr & coresight_mask) == coresight_mask;
737 }
738
enable_nsec_access(unsigned int otp_id)739 static void enable_nsec_access(unsigned int otp_id)
740 {
741 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD;
742
743 if (otp_id < otp_upper_base())
744 return;
745
746 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id))
747 panic();
748
749 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD);
750 }
751
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)752 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
753 {
754 int bsec_subnode = 0;
755
756 bsec_dev.nsec_access = calloc(nsec_access_array_size(),
757 sizeof(*bsec_dev.nsec_access));
758 if (!bsec_dev.nsec_access)
759 panic();
760
761 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
762 paddr_t reg_offset = 0;
763 size_t reg_size = 0;
764 unsigned int otp_id = 0;
765 unsigned int i = 0;
766 size_t size = 0;
767
768 if (fdt_reg_info(fdt, bsec_subnode, ®_offset, ®_size))
769 panic();
770
771 otp_id = reg_offset / sizeof(uint32_t);
772
773 if (otp_id < STM32MP1_UPPER_OTP_START) {
774 unsigned int otp_end =
775 ROUNDUP_DIV(reg_offset + reg_size,
776 sizeof(uint32_t));
777
778 if (otp_end > STM32MP1_UPPER_OTP_START) {
779 /*
780 * OTP crosses Lower/Upper boundary, consider
781 * only the upper part.
782 */
783 otp_id = STM32MP1_UPPER_OTP_START;
784 reg_size -= (STM32MP1_UPPER_OTP_START *
785 sizeof(uint32_t)) - reg_offset;
786 reg_offset = STM32MP1_UPPER_OTP_START *
787 sizeof(uint32_t);
788
789 DMSG("OTP crosses Lower/Upper boundary");
790 } else {
791 continue;
792 }
793 }
794
795 /* Handle different kinds of non-secure accesses */
796 if (fdt_getprop(fdt, bsec_subnode,
797 "st,non-secure-otp-provisioning", NULL)) {
798 bool locked = false;
799 bool locked_2 = false;
800
801 /* Check if write of OTP is locked */
802 if (stm32_bsec_read_permanent_lock(otp_id, &locked))
803 panic("Cannot read permanent lock");
804
805 /*
806 * Check if fuses of the subnode
807 * have the same lock status
808 */
809 for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) {
810 if (stm32_bsec_read_permanent_lock(otp_id + i,
811 &locked_2))
812 panic("Cannot read permanent lock");
813
814 if (locked != locked_2) {
815 EMSG("Inconsistent status OTP ID %u",
816 otp_id + i);
817 locked = true;
818 }
819 }
820
821 if (locked) {
822 DMSG("BSEC: OTP locked");
823 continue;
824 }
825 } else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp",
826 NULL)) {
827 continue;
828 }
829
830 if ((reg_offset % sizeof(uint32_t)) ||
831 (reg_size % sizeof(uint32_t)))
832 panic("Unaligned non-secure OTP");
833
834 size = reg_size / sizeof(uint32_t);
835
836 if (otp_id + size > OTP_MAX_SIZE)
837 panic("OTP range oversized");
838
839 for (i = otp_id; i < otp_id + size; i++)
840 enable_nsec_access(i);
841 }
842 }
843
save_dt_nvmem_layout(void * fdt,int bsec_node)844 static void save_dt_nvmem_layout(void *fdt, int bsec_node)
845 {
846 int cell_max = 0;
847 int cell_cnt = 0;
848 int node = 0;
849
850 fdt_for_each_subnode(node, fdt, bsec_node)
851 cell_max++;
852 if (!cell_max)
853 return;
854
855 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout));
856 if (!nvmem_layout)
857 panic();
858
859 fdt_for_each_subnode(node, fdt, bsec_node) {
860 paddr_t reg_offset = 0;
861 size_t reg_length = 0;
862 const char *string = NULL;
863 const char *s = NULL;
864 int len = 0;
865 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt];
866 uint32_t bits[2] = { };
867
868 string = fdt_get_name(fdt, node, &len);
869 if (!string || !len)
870 continue;
871
872 layout_cell->phandle = fdt_get_phandle(fdt, node);
873 assert(layout_cell->phandle != (uint32_t)-1);
874
875 if (fdt_reg_info(fdt, node, ®_offset, ®_length)) {
876 DMSG("Malformed nvmem %s: ignored", string);
877 continue;
878 }
879
880 layout_cell->otp_id = reg_offset / sizeof(uint32_t);
881 layout_cell->bit_offset = (reg_offset % sizeof(uint32_t)) *
882 CHAR_BIT;
883 layout_cell->bit_len = reg_length * CHAR_BIT;
884
885 if (!fdt_read_uint32_array(fdt, node, "bits", bits, 2)) {
886 layout_cell->bit_offset += bits[0];
887 layout_cell->bit_len = bits[1];
888 }
889
890 s = strchr(string, '@');
891 if (s)
892 len = s - string;
893
894 layout_cell->name = strndup(string, len);
895 if (!layout_cell->name)
896 panic();
897 cell_cnt++;
898 DMSG("nvmem[%d] = %s at BSEC word %" PRIu32
899 " bits [%" PRIu8 " %zu]",
900 cell_cnt, layout_cell->name, layout_cell->otp_id,
901 layout_cell->bit_offset, layout_cell->bit_len);
902 }
903
904 if (cell_cnt != cell_max) {
905 nvmem_layout = realloc(nvmem_layout,
906 cell_cnt * sizeof(*nvmem_layout));
907 if (!nvmem_layout)
908 panic();
909 }
910
911 nvmem_layout_count = cell_cnt;
912 }
913
initialize_bsec_from_dt(void)914 static void initialize_bsec_from_dt(void)
915 {
916 void *fdt = NULL;
917 int node = 0;
918 struct dt_node_info bsec_info = { };
919
920 fdt = get_embedded_dt();
921 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT);
922 if (node < 0)
923 panic();
924
925 fdt_fill_device_info(fdt, &bsec_info, node);
926
927 if (bsec_info.reg != bsec_dev.base.pa ||
928 !(bsec_info.status & DT_STATUS_OK_SEC))
929 panic();
930
931 bsec_dt_otp_nsec_access(fdt, node);
932
933 save_dt_nvmem_layout(fdt, node);
934 }
935
bsec_pm(enum pm_op op,uint32_t pm_hint __unused,const struct pm_callback_handle * hdl __unused)936 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused,
937 const struct pm_callback_handle *hdl __unused)
938 {
939 static uint32_t debug_conf;
940
941 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME);
942
943 if (op == PM_OP_SUSPEND)
944 debug_conf = stm32_bsec_read_debug_conf();
945 else
946 stm32_bsec_write_debug_conf(debug_conf);
947
948 return TEE_SUCCESS;
949 }
950 DECLARE_KEEP_PAGER(bsec_pm);
951
initialize_bsec(void)952 static TEE_Result initialize_bsec(void)
953 {
954 struct stm32_bsec_static_cfg cfg = { };
955
956 stm32mp_get_bsec_static_cfg(&cfg);
957
958 bsec_dev.base.pa = cfg.base;
959 bsec_dev.upper_base = cfg.upper_start;
960 bsec_dev.max_id = cfg.max_id;
961
962 if (state_is_invalid_mode())
963 panic();
964
965 initialize_bsec_from_dt();
966
967 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec");
968
969 return TEE_SUCCESS;
970 }
971
972 early_init(initialize_bsec);
973