1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright 2022 Microsoft
4 *
5 * Driver for the NXP LX2160A-series Security Fuse Processor (SFP).
6 */
7
8 #include <assert.h>
9 #include <drivers/ls_sfp.h>
10 #include <io.h>
11 #include <kernel/boot.h>
12 #include <kernel/delay.h>
13 #include <kernel/dt.h>
14 #include <kernel/panic.h>
15 #include <kernel/tee_time.h>
16 #include <libfdt.h>
17 #include <mm/core_memprot.h>
18 #include <util.h>
19
20 /**
21 * struct ls_sfp_registers - Memory map of the SFP registers.
22 * @rsvd0[0x8]: Reserved.
23 * @ingr: Instruction Register.
24 * @svhesr: Secret Value Hamming Error Status Registers.
25 * @sfpcr: SFP Configuration Register.
26 * @rsvd1[0x3]: Reserved.
27 * @version: SFP Version Register.
28 * @rsvd2[0x71]: Reserved.
29 * @ospr0: OEM Security Policy Register 0.
30 * @ospr1: OEM Security Policy Register 1.
31 * @dcvr0: Debug Challenge Value Register 0.
32 * @dcvr1: Debug Challenge Value Register 1.
33 * @drvr0: Debug Response Value Register 0.
34 * @drvr1: Debug Response Value Register 1
35 * @fswpr: Factory Section Write Protect Register.
36 * @fuidr0: Factory Unique ID Register 0.
37 * @fuidr1: Factory Unique ID Register 1.
38 * @isbccr: ISBC Configuration Register.
39 * @fspfr[0x3]: Factory Scratch Pad Fuse Registers.
40 * @otpmkr[0x8]: One Time Programmable Master Key.
41 * @srkhr[0x8]: Super Root Key Hash.
42 * @ouidr[0x5]: OEM Unique ID Scratch Pad Fuse Registers.
43 */
44 static struct ls_sfp_registers {
45 uint32_t rsvd0[0x8]; /* 0x000 */
46 uint32_t ingr; /* 0x020 */
47 uint32_t svhesr; /* 0x024 */
48 uint32_t sfpcr; /* 0x028 */
49 uint32_t rsvd1[0x3]; /* 0x02C */
50 uint32_t version; /* 0x038 */
51 uint32_t rsvd2[0x71]; /* 0x03C */
52 uint32_t ospr0; /* 0x200 */
53 uint32_t ospr1; /* 0x204 */
54 uint32_t dcvr0; /* 0x208 */
55 uint32_t dcvr1; /* 0x20C */
56 uint32_t drvr0; /* 0x210 */
57 uint32_t drvr1; /* 0x214 */
58 uint32_t fswpr; /* 0x218 */
59 uint32_t fuidr0; /* 0x21C */
60 uint32_t fuidr1; /* 0x220 */
61 uint32_t isbccr; /* 0x224 */
62 uint32_t fspfr[0x3]; /* 0x228 */
63 uint32_t otpmkr[0x8]; /* 0x234 */
64 uint32_t srkhr[0x8]; /* 0x254 */
65 uint32_t ouidr[0x5]; /* 0x274 */
66 } *sfp_regs;
67
68 /**
69 * struct ls_gpio_info - Data struct containing GPIO specific information.
70 * @gpio_pin: GPIO pin number.
71 * @gpio_chip: GPIO controller instance data.
72 */
73 static struct ls_gpio_info {
74 uint32_t gpio_pin;
75 struct ls_gpio_chip_data gpio_chip;
76 } gpio_info;
77
78 /**
79 * ls_sfp_init() - Get SFP info from the embedded device tree and initialize
80 * sfp_regs and gpio_info.
81 *
82 * Return: TEE_SUCCESS or > 0 on error.
83 */
ls_sfp_init(void)84 static TEE_Result ls_sfp_init(void)
85 {
86 size_t size = 0;
87 int node = 0;
88 int rc = 0;
89 int povdd_node = 0;
90 int prop_len = 0;
91 vaddr_t ctrl_base = 0;
92 struct ls_gpio_chip_data *gc = NULL;
93 const char *fdt_prop_gpio = "povdd-gpio-controller";
94 const char *fdt_prop_pin = "povdd-gpio-pin";
95 const fdt32_t *gpio_val = NULL;
96 const fdt32_t *pin_val = NULL;
97 void *fdt = get_embedded_dt();
98
99 if (!fdt) {
100 EMSG("Unable to get the Embedded DTB, SFP init failed");
101 return TEE_ERROR_GENERIC;
102 }
103
104 node = fdt_node_offset_by_compatible(fdt, node, "fsl,lx2160a-sfp");
105 if (node <= 0) {
106 EMSG("Unable to find SFP FDT node - rc = 0x%#"PRIx32, rc);
107 return TEE_ERROR_ITEM_NOT_FOUND;
108 }
109
110 rc = dt_map_dev(fdt, node, &ctrl_base, &size, DT_MAP_AUTO);
111 if (rc < 0) {
112 EMSG("Unable to get SFP virtual address - rc = 0x%#"PRIx32, rc);
113 return TEE_ERROR_GENERIC;
114 }
115
116 povdd_node = fdt_path_offset(fdt, "/povdd");
117 if (povdd_node <= 0) {
118 EMSG("Unable to find POVDD FDT node - rc = 0x%#"PRIx32,
119 povdd_node);
120 return TEE_ERROR_ITEM_NOT_FOUND;
121 }
122
123 sfp_regs = (struct ls_sfp_registers *)ctrl_base;
124
125 gpio_val = fdt_getprop(fdt, povdd_node, fdt_prop_gpio, &prop_len);
126 if (!gpio_val) {
127 EMSG("Missing %s from POVDD FDT node", fdt_prop_gpio);
128 return TEE_ERROR_ITEM_NOT_FOUND;
129 }
130
131 pin_val = fdt_getprop(fdt, povdd_node, fdt_prop_pin, &prop_len);
132 if (!pin_val) {
133 EMSG("Missing %s from POVDD FDT node", fdt_prop_pin);
134 return TEE_ERROR_ITEM_NOT_FOUND;
135 }
136
137 gc = &gpio_info.gpio_chip;
138 gc->gpio_controller = (uint8_t)fdt32_to_cpu(*gpio_val);
139 gpio_info.gpio_pin = fdt32_to_cpu(*pin_val);
140
141 return ls_gpio_init(gc);
142 }
143
144 /**
145 * ls_sfp_program_fuses() - Write to fuses and verify that the correct value was
146 * written.
147 *
148 * Return: TEE_SUCCESS or > 0 on error.
149 */
ls_sfp_program_fuses(void)150 static TEE_Result ls_sfp_program_fuses(void)
151 {
152 TEE_Result ret = TEE_SUCCESS;
153 struct gpio_chip *gc = NULL;
154 uint32_t pin = gpio_info.gpio_pin;
155 vaddr_t sfp_ingr_va = (vaddr_t)&sfp_regs->ingr;
156 uint64_t timeout = 0;
157
158 /* Enable POVDD */
159 gc = &gpio_info.gpio_chip.chip;
160
161 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to HIGH",
162 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin);
163 gc->ops->set_direction(gc, pin, GPIO_DIR_OUT);
164 gc->ops->set_value(gc, pin, GPIO_LEVEL_HIGH);
165
166 if (gc->ops->get_value(gc, pin) != GPIO_LEVEL_HIGH) {
167 EMSG("Error setting POVDD to HIGH");
168 return TEE_ERROR_GENERIC;
169 }
170
171 /* TA_PROG_SFP ramp rate requires up to 5ms for stability */
172 mdelay(5);
173
174 /* Send SFP write command */
175 io_write32(sfp_ingr_va, SFP_INGR_PROGFB_CMD);
176
177 /* Wait until fuse programming is successful */
178 timeout = timeout_init_us(SFP_INGR_FUSE_TIMEOUT_US);
179 while (io_read32(sfp_ingr_va) & SFP_INGR_PROGFB_CMD) {
180 if (timeout_elapsed(timeout)) {
181 EMSG("SFP fusing timed out");
182 ret = TEE_ERROR_GENERIC;
183 break;
184 }
185 }
186
187 /* Disable POVDD */
188 DMSG("Set GPIO %"PRIu8" pin %"PRIu32" to LOW",
189 gpio_info.gpio_chip.gpio_controller, pin);
190 gc->ops->set_value(gc, pin, GPIO_LEVEL_LOW);
191 gc->ops->set_direction(gc, pin, GPIO_DIR_IN);
192
193 if (ret)
194 return ret;
195
196 /* Check for SFP fuse programming error */
197 if (io_read32(sfp_ingr_va) & SFP_INGR_ERROR_MASK) {
198 EMSG("Error writing SFP fuses");
199 return TEE_ERROR_GENERIC;
200 }
201
202 DMSG("Programmed fuse successfully");
203
204 return TEE_SUCCESS;
205 }
206
ls_sfp_read(struct ls_sfp_data * data)207 TEE_Result ls_sfp_read(struct ls_sfp_data *data)
208 {
209 if (!sfp_regs) {
210 EMSG("SFP driver not initialized");
211 return TEE_ERROR_GENERIC;
212 }
213
214 if (!data)
215 return TEE_ERROR_BAD_PARAMETERS;
216
217 data->ingr = io_read32((vaddr_t)&sfp_regs->ingr);
218 data->svhesr = io_read32((vaddr_t)&sfp_regs->svhesr);
219 data->sfpcr = io_read32((vaddr_t)&sfp_regs->sfpcr);
220 data->version = io_read32((vaddr_t)&sfp_regs->version);
221 data->ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
222 data->ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
223 data->dcvr0 = io_read32((vaddr_t)&sfp_regs->dcvr0);
224 data->dcvr1 = io_read32((vaddr_t)&sfp_regs->dcvr1);
225 data->drvr0 = io_read32((vaddr_t)&sfp_regs->drvr0);
226 data->drvr1 = io_read32((vaddr_t)&sfp_regs->drvr1);
227 data->fswpr = io_read32((vaddr_t)&sfp_regs->fswpr);
228 data->fuidr0 = io_read32((vaddr_t)&sfp_regs->fuidr0);
229 data->fuidr1 = io_read32((vaddr_t)&sfp_regs->fuidr1);
230 data->isbccr = io_read32((vaddr_t)&sfp_regs->isbccr);
231
232 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->fspfr); ++i)
233 data->fspfr[i] = io_read32((vaddr_t)&sfp_regs->fspfr[i]);
234
235 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->otpmkr); ++i)
236 data->otpmkr[i] = io_read32((vaddr_t)&sfp_regs->otpmkr[i]);
237
238 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->srkhr); ++i)
239 data->srkhr[i] = io_read32((vaddr_t)&sfp_regs->srkhr[i]);
240
241 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->ouidr); ++i)
242 data->ouidr[i] = io_read32((vaddr_t)&sfp_regs->ouidr[i]);
243
244 return TEE_SUCCESS;
245 }
246
ls_sfp_get_debug_level(uint32_t * dblev)247 TEE_Result ls_sfp_get_debug_level(uint32_t *dblev)
248 {
249 if (!sfp_regs) {
250 EMSG("SFP driver not initialized");
251 return TEE_ERROR_GENERIC;
252 }
253
254 if (!dblev)
255 return TEE_ERROR_BAD_PARAMETERS;
256
257 *dblev = io_read32((vaddr_t)&sfp_regs->ospr1) & SFP_OSPR1_DBLEV_MASK;
258
259 return TEE_SUCCESS;
260 }
261
ls_sfp_get_its(uint32_t * its)262 TEE_Result ls_sfp_get_its(uint32_t *its)
263 {
264 if (!sfp_regs) {
265 EMSG("SFP driver not initialized");
266 return TEE_ERROR_GENERIC;
267 }
268
269 if (!its)
270 return TEE_ERROR_BAD_PARAMETERS;
271
272 *its = (io_read32((vaddr_t)&sfp_regs->ospr0) & SFP_OSPR0_ITS_MASK) >>
273 SFP_OSPR0_ITS_OFFSET;
274
275 return TEE_SUCCESS;
276 }
277
ls_sfp_get_ouid(uint32_t index,uint32_t * ouid)278 TEE_Result ls_sfp_get_ouid(uint32_t index, uint32_t *ouid)
279 {
280 if (!sfp_regs) {
281 EMSG("SFP driver not initialized");
282 return TEE_ERROR_GENERIC;
283 }
284
285 if (!ouid)
286 return TEE_ERROR_BAD_PARAMETERS;
287
288 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
289 DMSG("Index greater or equal to ouid: %"PRIu32" >= %zu",
290 index, ARRAY_SIZE(sfp_regs->ouidr));
291 return TEE_ERROR_BAD_PARAMETERS;
292 }
293
294 *ouid = io_read32((vaddr_t)&sfp_regs->ouidr[index]);
295
296 return TEE_SUCCESS;
297 }
298
ls_sfp_get_sb(uint32_t * sb)299 TEE_Result ls_sfp_get_sb(uint32_t *sb)
300 {
301 if (!sfp_regs) {
302 EMSG("SFP driver not initialized");
303 return TEE_ERROR_GENERIC;
304 }
305
306 if (!sb)
307 return TEE_ERROR_BAD_PARAMETERS;
308
309 *sb = (io_read32((vaddr_t)&sfp_regs->sfpcr) & SFP_SFPCR_SB_MASK) >>
310 SFP_SFPCR_SB_OFFSET;
311
312 return TEE_SUCCESS;
313 }
314
ls_sfp_get_srkh(uint32_t index,uint32_t * srkh)315 TEE_Result ls_sfp_get_srkh(uint32_t index, uint32_t *srkh)
316 {
317 if (!sfp_regs) {
318 EMSG("SFP driver not initialized");
319 return TEE_ERROR_GENERIC;
320 }
321
322 if (!srkh)
323 return TEE_ERROR_BAD_PARAMETERS;
324
325 if (index >= ARRAY_SIZE(sfp_regs->srkhr)) {
326 DMSG("Index greater or equal to srkhr: %"PRIu32" >= %zu",
327 index, ARRAY_SIZE(sfp_regs->srkhr));
328 return TEE_ERROR_BAD_PARAMETERS;
329 }
330
331 *srkh = io_read32((vaddr_t)&sfp_regs->srkhr[index]);
332
333 return TEE_SUCCESS;
334 }
335
ls_sfp_set_debug_level(uint32_t dblev)336 TEE_Result ls_sfp_set_debug_level(uint32_t dblev)
337 {
338 uint32_t ospr1 = 0;
339
340 if (!sfp_regs) {
341 EMSG("SFP driver not initialized");
342 return TEE_ERROR_GENERIC;
343 }
344
345 if (!dblev)
346 return TEE_SUCCESS;
347
348 ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
349 if (ospr1 & SFP_OSPR1_DBLEV_MASK) {
350 DMSG("Debug level has already been fused");
351 return TEE_ERROR_SECURITY;
352 }
353
354 io_write32((vaddr_t)&sfp_regs->ospr1, ospr1 | dblev);
355
356 return ls_sfp_program_fuses();
357 }
358
ls_sfp_set_its_wp(void)359 TEE_Result ls_sfp_set_its_wp(void)
360 {
361 uint32_t ospr0 = 0;
362
363 if (!sfp_regs) {
364 EMSG("SFP driver not initialized");
365 return TEE_ERROR_GENERIC;
366 }
367
368 ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
369 if (ospr0 & (SFP_OSPR0_WP_MASK | SFP_OSPR0_ITS_MASK)) {
370 DMSG("SFP is already fused");
371 return TEE_ERROR_SECURITY;
372 }
373
374 ospr0 |= SFP_OSPR0_WP_MASK | SFP_OSPR0_ITS_MASK;
375 io_write32((vaddr_t)&sfp_regs->ospr0, ospr0);
376
377 return ls_sfp_program_fuses();
378 }
379
ls_sfp_set_ouid(uint32_t index,uint32_t ouid)380 TEE_Result ls_sfp_set_ouid(uint32_t index, uint32_t ouid)
381 {
382 if (!sfp_regs) {
383 EMSG("SFP driver not initialized");
384 return TEE_ERROR_GENERIC;
385 }
386
387 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
388 DMSG("Index greater or equal to ouid: %"PRIu32" >= %"PRIu32,
389 index, ARRAY_SIZE(sfp_regs->ouidr));
390 return TEE_ERROR_BAD_PARAMETERS;
391 }
392
393 io_write32((vaddr_t)&sfp_regs->ouidr[index], ouid);
394
395 return ls_sfp_program_fuses();
396 }
397
ls_sfp_status(void)398 TEE_Result ls_sfp_status(void)
399 {
400 if (!sfp_regs)
401 return TEE_ERROR_GENERIC;
402
403 return TEE_SUCCESS;
404 }
405
406 driver_init(ls_sfp_init);
407