1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright 2022 Microsoft 4 * 5 * Driver for the NXP LX2160A-series Security Fuse Processor (SFP). 6 */ 7 8 #include <assert.h> 9 #include <drivers/ls_sfp.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/delay.h> 13 #include <kernel/dt.h> 14 #include <kernel/panic.h> 15 #include <kernel/tee_time.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <util.h> 19 20 /** 21 * struct ls_sfp_registers - Memory map of the SFP registers. 22 * @rsvd0[0x8]: Reserved. 23 * @ingr: Instruction Register. 24 * @svhesr: Secret Value Hamming Error Status Registers. 25 * @sfpcr: SFP Configuration Register. 26 * @rsvd1[0x3]: Reserved. 27 * @version: SFP Version Register. 28 * @rsvd2[0x71]: Reserved. 29 * @ospr0: OEM Security Policy Register 0. 30 * @ospr1: OEM Security Policy Register 1. 31 * @dcvr0: Debug Challenge Value Register 0. 32 * @dcvr1: Debug Challenge Value Register 1. 33 * @drvr0: Debug Response Value Register 0. 34 * @drvr1: Debug Response Value Register 1 35 * @fswpr: Factory Section Write Protect Register. 36 * @fuidr0: Factory Unique ID Register 0. 37 * @fuidr1: Factory Unique ID Register 1. 38 * @isbccr: ISBC Configuration Register. 39 * @fspfr[0x3]: Factory Scratch Pad Fuse Registers. 40 * @otpmkr[0x8]: One Time Programmable Master Key. 41 * @srkhr[0x8]: Super Root Key Hash. 42 * @ouidr[0x5]: OEM Unique ID Scratch Pad Fuse Registers. 43 */ 44 static struct ls_sfp_registers { 45 uint32_t rsvd0[0x8]; /* 0x000 */ 46 uint32_t ingr; /* 0x020 */ 47 uint32_t svhesr; /* 0x024 */ 48 uint32_t sfpcr; /* 0x028 */ 49 uint32_t rsvd1[0x3]; /* 0x02C */ 50 uint32_t version; /* 0x038 */ 51 uint32_t rsvd2[0x71]; /* 0x03C */ 52 uint32_t ospr0; /* 0x200 */ 53 uint32_t ospr1; /* 0x204 */ 54 uint32_t dcvr0; /* 0x208 */ 55 uint32_t dcvr1; /* 0x20C */ 56 uint32_t drvr0; /* 0x210 */ 57 uint32_t drvr1; /* 0x214 */ 58 uint32_t fswpr; /* 0x218 */ 59 uint32_t fuidr0; /* 0x21C */ 60 uint32_t fuidr1; /* 0x220 */ 61 uint32_t isbccr; /* 0x224 */ 62 uint32_t fspfr[0x3]; /* 0x228 */ 63 uint32_t otpmkr[0x8]; /* 0x234 */ 64 uint32_t srkhr[0x8]; /* 0x254 */ 65 uint32_t ouidr[0x5]; /* 0x274 */ 66 } *sfp_regs; 67 68 /** 69 * struct ls_gpio_info - Data struct containing GPIO specific information. 70 * @gpio_pin: GPIO pin number. 71 * @gpio_chip: GPIO controller instance data. 72 */ 73 static struct ls_gpio_info { 74 uint32_t gpio_pin; 75 struct ls_gpio_chip_data gpio_chip; 76 } gpio_info; 77 78 /** 79 * ls_sfp_init() - Get SFP info from the embedded device tree and initialize 80 * sfp_regs and gpio_info. 81 * 82 * Return: TEE_SUCCESS or > 0 on error. 83 */ 84 static TEE_Result ls_sfp_init(void) 85 { 86 size_t size = 0; 87 int node = 0; 88 int rc = 0; 89 int povdd_node = 0; 90 int prop_len = 0; 91 vaddr_t ctrl_base = 0; 92 struct ls_gpio_chip_data *gc = NULL; 93 const char *fdt_prop_gpio = "povdd-gpio-controller"; 94 const char *fdt_prop_pin = "povdd-gpio-pin"; 95 const fdt32_t *gpio_val = NULL; 96 const fdt32_t *pin_val = NULL; 97 void *fdt = get_embedded_dt(); 98 99 if (!fdt) { 100 EMSG("Unable to get the Embedded DTB, SFP init failed"); 101 return TEE_ERROR_GENERIC; 102 } 103 104 node = fdt_node_offset_by_compatible(fdt, node, "fsl,lx2160a-sfp"); 105 if (node <= 0) { 106 EMSG("Unable to find SFP FDT node - rc = 0x%#"PRIx32, rc); 107 return TEE_ERROR_ITEM_NOT_FOUND; 108 } 109 110 rc = dt_map_dev(fdt, node, &ctrl_base, &size, DT_MAP_AUTO); 111 if (rc < 0) { 112 EMSG("Unable to get SFP virtual address - rc = 0x%#"PRIx32, rc); 113 return TEE_ERROR_GENERIC; 114 } 115 116 povdd_node = fdt_path_offset(fdt, "/povdd"); 117 if (povdd_node <= 0) { 118 EMSG("Unable to find POVDD FDT node - rc = 0x%#"PRIx32, 119 povdd_node); 120 return TEE_ERROR_ITEM_NOT_FOUND; 121 } 122 123 sfp_regs = (struct ls_sfp_registers *)ctrl_base; 124 125 gpio_val = fdt_getprop(fdt, povdd_node, fdt_prop_gpio, &prop_len); 126 if (!gpio_val) { 127 EMSG("Missing %s from POVDD FDT node", fdt_prop_gpio); 128 return TEE_ERROR_ITEM_NOT_FOUND; 129 } 130 131 pin_val = fdt_getprop(fdt, povdd_node, fdt_prop_pin, &prop_len); 132 if (!pin_val) { 133 EMSG("Missing %s from POVDD FDT node", fdt_prop_pin); 134 return TEE_ERROR_ITEM_NOT_FOUND; 135 } 136 137 gc = &gpio_info.gpio_chip; 138 gc->gpio_controller = (uint8_t)fdt32_to_cpu(*gpio_val); 139 gpio_info.gpio_pin = fdt32_to_cpu(*pin_val); 140 141 return ls_gpio_init(gc); 142 } 143 144 /** 145 * ls_sfp_program_fuses() - Write to fuses and verify that the correct value was 146 * written. 147 * 148 * Return: TEE_SUCCESS or > 0 on error. 149 */ 150 static TEE_Result ls_sfp_program_fuses(void) 151 { 152 TEE_Result ret = TEE_SUCCESS; 153 struct gpio_chip *gc = NULL; 154 uint32_t pin = gpio_info.gpio_pin; 155 vaddr_t sfp_ingr_va = (vaddr_t)&sfp_regs->ingr; 156 uint64_t timeout = 0; 157 158 /* Enable POVDD */ 159 gc = &gpio_info.gpio_chip.chip; 160 161 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to HIGH", 162 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin); 163 gc->ops->set_direction(gc, pin, GPIO_DIR_OUT); 164 gc->ops->set_value(gc, pin, GPIO_LEVEL_HIGH); 165 166 if (gc->ops->get_value(gc, pin) != GPIO_LEVEL_HIGH) { 167 EMSG("Error setting POVDD to HIGH"); 168 return TEE_ERROR_GENERIC; 169 } 170 171 /* TA_PROG_SFP ramp rate requires up to 5ms for stability */ 172 mdelay(5); 173 174 /* Send SFP write command */ 175 io_write32(sfp_ingr_va, SFP_INGR_PROGFB_CMD); 176 177 /* Wait until fuse programming is successful */ 178 timeout = timeout_init_us(SFP_INGR_FUSE_TIMEOUT_US); 179 while (io_read32(sfp_ingr_va) & SFP_INGR_PROGFB_CMD) { 180 if (timeout_elapsed(timeout)) { 181 EMSG("SFP fusing timed out"); 182 ret = TEE_ERROR_GENERIC; 183 break; 184 } 185 } 186 187 /* Disable POVDD */ 188 DMSG("Set GPIO %"PRIu8" pin %"PRIu32" to LOW", 189 gpio_info.gpio_chip.gpio_controller, pin); 190 gc->ops->set_value(gc, pin, GPIO_LEVEL_LOW); 191 gc->ops->set_direction(gc, pin, GPIO_DIR_IN); 192 193 if (ret) 194 return ret; 195 196 /* Check for SFP fuse programming error */ 197 if (io_read32(sfp_ingr_va) & SFP_INGR_ERROR_MASK) { 198 EMSG("Error writing SFP fuses"); 199 return TEE_ERROR_GENERIC; 200 } 201 202 DMSG("Programmed fuse successfully"); 203 204 return TEE_SUCCESS; 205 } 206 207 TEE_Result ls_sfp_read(struct ls_sfp_data *data) 208 { 209 if (!sfp_regs) { 210 EMSG("SFP driver not initialized"); 211 return TEE_ERROR_GENERIC; 212 } 213 214 if (!data) 215 return TEE_ERROR_BAD_PARAMETERS; 216 217 data->ingr = io_read32((vaddr_t)&sfp_regs->ingr); 218 data->svhesr = io_read32((vaddr_t)&sfp_regs->svhesr); 219 data->sfpcr = io_read32((vaddr_t)&sfp_regs->sfpcr); 220 data->version = io_read32((vaddr_t)&sfp_regs->version); 221 data->ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0); 222 data->ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1); 223 data->dcvr0 = io_read32((vaddr_t)&sfp_regs->dcvr0); 224 data->dcvr1 = io_read32((vaddr_t)&sfp_regs->dcvr1); 225 data->drvr0 = io_read32((vaddr_t)&sfp_regs->drvr0); 226 data->drvr1 = io_read32((vaddr_t)&sfp_regs->drvr1); 227 data->fswpr = io_read32((vaddr_t)&sfp_regs->fswpr); 228 data->fuidr0 = io_read32((vaddr_t)&sfp_regs->fuidr0); 229 data->fuidr1 = io_read32((vaddr_t)&sfp_regs->fuidr1); 230 data->isbccr = io_read32((vaddr_t)&sfp_regs->isbccr); 231 232 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->fspfr); ++i) 233 data->fspfr[i] = io_read32((vaddr_t)&sfp_regs->fspfr[i]); 234 235 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->otpmkr); ++i) 236 data->otpmkr[i] = io_read32((vaddr_t)&sfp_regs->otpmkr[i]); 237 238 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->srkhr); ++i) 239 data->srkhr[i] = io_read32((vaddr_t)&sfp_regs->srkhr[i]); 240 241 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->ouidr); ++i) 242 data->ouidr[i] = io_read32((vaddr_t)&sfp_regs->ouidr[i]); 243 244 return TEE_SUCCESS; 245 } 246 247 TEE_Result ls_sfp_get_debug_level(uint32_t *dblev) 248 { 249 if (!sfp_regs) { 250 EMSG("SFP driver not initialized"); 251 return TEE_ERROR_GENERIC; 252 } 253 254 if (!dblev) 255 return TEE_ERROR_BAD_PARAMETERS; 256 257 *dblev = io_read32((vaddr_t)&sfp_regs->ospr1) & SFP_OSPR1_DBLEV_MASK; 258 259 return TEE_SUCCESS; 260 } 261 262 TEE_Result ls_sfp_get_its(uint32_t *its) 263 { 264 if (!sfp_regs) { 265 EMSG("SFP driver not initialized"); 266 return TEE_ERROR_GENERIC; 267 } 268 269 if (!its) 270 return TEE_ERROR_BAD_PARAMETERS; 271 272 *its = (io_read32((vaddr_t)&sfp_regs->ospr0) & SFP_OSPR0_ITS_MASK) >> 273 SFP_OSPR0_ITS_OFFSET; 274 275 return TEE_SUCCESS; 276 } 277 278 TEE_Result ls_sfp_get_ouid(uint32_t index, uint32_t *ouid) 279 { 280 if (!sfp_regs) { 281 EMSG("SFP driver not initialized"); 282 return TEE_ERROR_GENERIC; 283 } 284 285 if (!ouid) 286 return TEE_ERROR_BAD_PARAMETERS; 287 288 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) { 289 DMSG("Index greater or equal to ouid: %"PRIu32" >= %zu", 290 index, ARRAY_SIZE(sfp_regs->ouidr)); 291 return TEE_ERROR_BAD_PARAMETERS; 292 } 293 294 *ouid = io_read32((vaddr_t)&sfp_regs->ouidr[index]); 295 296 return TEE_SUCCESS; 297 } 298 299 TEE_Result ls_sfp_get_sb(uint32_t *sb) 300 { 301 if (!sfp_regs) { 302 EMSG("SFP driver not initialized"); 303 return TEE_ERROR_GENERIC; 304 } 305 306 if (!sb) 307 return TEE_ERROR_BAD_PARAMETERS; 308 309 *sb = (io_read32((vaddr_t)&sfp_regs->sfpcr) & SFP_SFPCR_SB_MASK) >> 310 SFP_SFPCR_SB_OFFSET; 311 312 return TEE_SUCCESS; 313 } 314 315 TEE_Result ls_sfp_get_srkh(uint32_t index, uint32_t *srkh) 316 { 317 if (!sfp_regs) { 318 EMSG("SFP driver not initialized"); 319 return TEE_ERROR_GENERIC; 320 } 321 322 if (!srkh) 323 return TEE_ERROR_BAD_PARAMETERS; 324 325 if (index >= ARRAY_SIZE(sfp_regs->srkhr)) { 326 DMSG("Index greater or equal to srkhr: %"PRIu32" >= %zu", 327 index, ARRAY_SIZE(sfp_regs->srkhr)); 328 return TEE_ERROR_BAD_PARAMETERS; 329 } 330 331 *srkh = io_read32((vaddr_t)&sfp_regs->srkhr[index]); 332 333 return TEE_SUCCESS; 334 } 335 336 TEE_Result ls_sfp_set_debug_level(uint32_t dblev) 337 { 338 uint32_t ospr1 = 0; 339 340 if (!sfp_regs) { 341 EMSG("SFP driver not initialized"); 342 return TEE_ERROR_GENERIC; 343 } 344 345 if (!dblev) 346 return TEE_SUCCESS; 347 348 ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1); 349 if (ospr1 & SFP_OSPR1_DBLEV_MASK) { 350 DMSG("Debug level has already been fused"); 351 return TEE_ERROR_SECURITY; 352 } 353 354 io_write32((vaddr_t)&sfp_regs->ospr1, ospr1 | dblev); 355 356 return ls_sfp_program_fuses(); 357 } 358 359 TEE_Result ls_sfp_set_its_wp(void) 360 { 361 uint32_t ospr0 = 0; 362 363 if (!sfp_regs) { 364 EMSG("SFP driver not initialized"); 365 return TEE_ERROR_GENERIC; 366 } 367 368 ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0); 369 if (ospr0 & (SFP_OSPR0_WP_MASK | SFP_OSPR0_ITS_MASK)) { 370 DMSG("SFP is already fused"); 371 return TEE_ERROR_SECURITY; 372 } 373 374 ospr0 |= SFP_OSPR0_WP_MASK | SFP_OSPR0_ITS_MASK; 375 io_write32((vaddr_t)&sfp_regs->ospr0, ospr0); 376 377 return ls_sfp_program_fuses(); 378 } 379 380 TEE_Result ls_sfp_set_ouid(uint32_t index, uint32_t ouid) 381 { 382 if (!sfp_regs) { 383 EMSG("SFP driver not initialized"); 384 return TEE_ERROR_GENERIC; 385 } 386 387 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) { 388 DMSG("Index greater or equal to ouid: %"PRIu32" >= %"PRIu32, 389 index, ARRAY_SIZE(sfp_regs->ouidr)); 390 return TEE_ERROR_BAD_PARAMETERS; 391 } 392 393 io_write32((vaddr_t)&sfp_regs->ouidr[index], ouid); 394 395 return ls_sfp_program_fuses(); 396 } 397 398 TEE_Result ls_sfp_status(void) 399 { 400 if (!sfp_regs) 401 return TEE_ERROR_GENERIC; 402 403 return TEE_SUCCESS; 404 } 405 406 driver_init(ls_sfp_init); 407