1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright 2022 Microsoft 4 * 5 * Driver for the NXP LX2160A-series Security Fuse Processor (SFP). 6 */ 7 8 #include <assert.h> 9 #include <drivers/ls_sfp.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/delay.h> 13 #include <kernel/dt.h> 14 #include <kernel/panic.h> 15 #include <kernel/tee_time.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <util.h> 19 20 /** 21 * struct ls_sfp_registers - Memory map of the SFP registers. 22 * @rsvd0[0x8]: Reserved. 23 * @ingr: Instruction Register. 24 * @svhesr: Secret Value Hamming Error Status Registers. 25 * @sfpcr: SFP Configuration Register. 26 * @rsvd1[0x3]: Reserved. 27 * @version: SFP Version Register. 28 * @rsvd2[0x71]: Reserved. 29 * @ospr0: OEM Security Policy Register 0. 30 * @ospr1: OEM Security Policy Register 1. 31 * @dcvr0: Debug Challenge Value Register 0. 32 * @dcvr1: Debug Challenge Value Register 1. 33 * @drvr0: Debug Response Value Register 0. 34 * @drvr1: Debug Response Value Register 1 35 * @fswpr: Factory Section Write Protect Register. 36 * @fuidr0: Factory Unique ID Register 0. 37 * @fuidr1: Factory Unique ID Register 1. 38 * @isbccr: ISBC Configuration Register. 39 * @fspfr[0x3]: Factory Scratch Pad Fuse Registers. 40 * @otpmkr[0x8]: One Time Programmable Master Key. 41 * @srkhr[0x8]: Super Root Key Hash. 42 * @ouidr[0x5]: OEM Unique ID Scratch Pad Fuse Registers. 43 */ 44 static struct ls_sfp_registers { 45 uint32_t rsvd0[0x8]; /* 0x000 */ 46 uint32_t ingr; /* 0x020 */ 47 uint32_t svhesr; /* 0x024 */ 48 uint32_t sfpcr; /* 0x028 */ 49 uint32_t rsvd1[0x3]; /* 0x02C */ 50 uint32_t version; /* 0x038 */ 51 uint32_t rsvd2[0x71]; /* 0x03C */ 52 uint32_t ospr0; /* 0x200 */ 53 uint32_t ospr1; /* 0x204 */ 54 uint32_t dcvr0; /* 0x208 */ 55 uint32_t dcvr1; /* 0x20C */ 56 uint32_t drvr0; /* 0x210 */ 57 uint32_t drvr1; /* 0x214 */ 58 uint32_t fswpr; /* 0x218 */ 59 uint32_t fuidr0; /* 0x21C */ 60 uint32_t fuidr1; /* 0x220 */ 61 uint32_t isbccr; /* 0x224 */ 62 uint32_t fspfr[0x3]; /* 0x228 */ 63 uint32_t otpmkr[0x8]; /* 0x234 */ 64 uint32_t srkhr[0x8]; /* 0x254 */ 65 uint32_t ouidr[0x5]; /* 0x274 */ 66 } *sfp_regs; 67 68 /** 69 * struct ls_gpio_info - Data struct containing GPIO specific information. 70 * @gpio_pin: GPIO pin number. 71 * @gpio_chip: GPIO controller instance data. 72 */ 73 static struct ls_gpio_info { 74 uint32_t gpio_pin; 75 struct ls_gpio_chip_data gpio_chip; 76 } gpio_info; 77 78 /** 79 * ls_sfp_init() - Get SFP info from the embedded device tree and initialize 80 * sfp_regs and gpio_info. 81 * 82 * Return: TEE_SUCCESS or > 0 on error. 83 */ 84 static TEE_Result ls_sfp_init(void) 85 { 86 size_t size = 0; 87 int node = 0; 88 int rc = 0; 89 int povdd_node = 0; 90 int prop_len = 0; 91 vaddr_t ctrl_base = 0; 92 struct ls_gpio_chip_data *gc = NULL; 93 const char *fdt_prop_gpio = "povdd-gpio-controller"; 94 const char *fdt_prop_pin = "povdd-gpio-pin"; 95 const fdt32_t *gpio_val = NULL; 96 const fdt32_t *pin_val = NULL; 97 void *fdt = get_embedded_dt(); 98 99 if (!fdt) { 100 EMSG("Unable to get the Embedded DTB, SFP init failed"); 101 return TEE_ERROR_GENERIC; 102 } 103 104 node = fdt_node_offset_by_compatible(fdt, node, "fsl,lx2160a-sfp"); 105 if (node <= 0) { 106 EMSG("Unable to find SFP FDT node - rc = 0x%#"PRIx32, rc); 107 return TEE_ERROR_ITEM_NOT_FOUND; 108 } 109 110 rc = dt_map_dev(fdt, node, &ctrl_base, &size); 111 if (rc < 0) { 112 EMSG("Unable to get SFP virtual address - rc = 0x%#"PRIx32, rc); 113 return TEE_ERROR_GENERIC; 114 } 115 116 povdd_node = fdt_path_offset(fdt, "/povdd"); 117 if (povdd_node <= 0) { 118 EMSG("Unable to find POVDD FDT node - rc = 0x%#"PRIx32, 119 povdd_node); 120 return TEE_ERROR_ITEM_NOT_FOUND; 121 } 122 123 sfp_regs = (struct ls_sfp_registers *)ctrl_base; 124 125 gpio_val = fdt_getprop(fdt, povdd_node, fdt_prop_gpio, &prop_len); 126 if (!gpio_val) { 127 EMSG("Missing %s from POVDD FDT node", fdt_prop_gpio); 128 return TEE_ERROR_ITEM_NOT_FOUND; 129 } 130 131 pin_val = fdt_getprop(fdt, povdd_node, fdt_prop_pin, &prop_len); 132 if (!pin_val) { 133 EMSG("Missing %s from POVDD FDT node", fdt_prop_pin); 134 return TEE_ERROR_ITEM_NOT_FOUND; 135 } 136 137 gc = &gpio_info.gpio_chip; 138 gc->gpio_controller = (uint8_t)fdt32_to_cpu(*gpio_val); 139 gpio_info.gpio_pin = fdt32_to_cpu(*pin_val); 140 141 return ls_gpio_init(gc); 142 } 143 144 /** 145 * ls_sfp_program_fuses() - Write to fuses and verify that the correct value was 146 * written. 147 * 148 * Return: TEE_SUCCESS or > 0 on error. 149 */ 150 static TEE_Result ls_sfp_program_fuses(void) 151 { 152 struct gpio_chip *gc = NULL; 153 uint32_t pin = gpio_info.gpio_pin; 154 vaddr_t sfp_ingr_va = (vaddr_t)&sfp_regs->ingr; 155 uint64_t timeout = 0; 156 157 /* Enable POVDD */ 158 gc = &gpio_info.gpio_chip.chip; 159 160 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to HIGH", 161 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin); 162 gc->ops->set_direction(gc, pin, GPIO_DIR_OUT); 163 gc->ops->set_value(gc, pin, GPIO_LEVEL_HIGH); 164 165 if (gc->ops->get_value(gc, pin) != GPIO_LEVEL_HIGH) { 166 EMSG("Error setting POVDD to HIGH"); 167 return TEE_ERROR_GENERIC; 168 } 169 170 /* TA_PROG_SFP ramp rate requires up to 5ms for stability */ 171 mdelay(5); 172 173 /* Send SFP write command */ 174 io_write32(sfp_ingr_va, SFP_INGR_PROGFB_CMD); 175 176 /* Wait until fuse programming is successful */ 177 timeout = timeout_init_us(SFP_INGR_FUSE_TIMEOUT); 178 while (io_read32(sfp_ingr_va) & SFP_INGR_PROGFB_CMD) { 179 if (timeout_elapsed(timeout)) { 180 EMSG("SFP fusing timed out"); 181 return TEE_ERROR_GENERIC; 182 } 183 } 184 185 /* Check for SFP fuse programming error */ 186 if (io_read32(sfp_ingr_va) & SFP_INGR_ERROR_MASK) { 187 EMSG("Error writing SFP fuses"); 188 return TEE_ERROR_GENERIC; 189 } 190 191 DMSG("Programmed fuse successfully"); 192 193 /* Disable POVDD */ 194 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to LOW", 195 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin); 196 gc->ops->set_value(gc, pin, GPIO_LEVEL_LOW); 197 gc->ops->set_direction(gc, pin, GPIO_DIR_IN); 198 199 return TEE_SUCCESS; 200 } 201 202 TEE_Result ls_sfp_read(struct ls_sfp_data *data) 203 { 204 if (!sfp_regs) { 205 EMSG("SFP driver not initialized"); 206 return TEE_ERROR_GENERIC; 207 } 208 209 if (!data) 210 return TEE_ERROR_BAD_PARAMETERS; 211 212 data->ingr = io_read32((vaddr_t)&sfp_regs->ingr); 213 data->svhesr = io_read32((vaddr_t)&sfp_regs->svhesr); 214 data->sfpcr = io_read32((vaddr_t)&sfp_regs->sfpcr); 215 data->version = io_read32((vaddr_t)&sfp_regs->version); 216 data->ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0); 217 data->ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1); 218 data->dcvr0 = io_read32((vaddr_t)&sfp_regs->dcvr0); 219 data->dcvr1 = io_read32((vaddr_t)&sfp_regs->dcvr1); 220 data->drvr0 = io_read32((vaddr_t)&sfp_regs->drvr0); 221 data->drvr1 = io_read32((vaddr_t)&sfp_regs->drvr1); 222 data->fswpr = io_read32((vaddr_t)&sfp_regs->fswpr); 223 data->fuidr0 = io_read32((vaddr_t)&sfp_regs->fuidr0); 224 data->fuidr1 = io_read32((vaddr_t)&sfp_regs->fuidr1); 225 data->isbccr = io_read32((vaddr_t)&sfp_regs->isbccr); 226 227 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->fspfr); ++i) 228 data->fspfr[i] = io_read32((vaddr_t)&sfp_regs->fspfr[i]); 229 230 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->otpmkr); ++i) 231 data->otpmkr[i] = io_read32((vaddr_t)&sfp_regs->otpmkr[i]); 232 233 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->srkhr); ++i) 234 data->srkhr[i] = io_read32((vaddr_t)&sfp_regs->srkhr[i]); 235 236 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->ouidr); ++i) 237 data->ouidr[i] = io_read32((vaddr_t)&sfp_regs->ouidr[i]); 238 239 return TEE_SUCCESS; 240 } 241 242 TEE_Result ls_sfp_get_debug_level(uint32_t *dblev) 243 { 244 if (!sfp_regs) { 245 EMSG("SFP driver not initialized"); 246 return TEE_ERROR_GENERIC; 247 } 248 249 if (!dblev) 250 return TEE_ERROR_BAD_PARAMETERS; 251 252 *dblev = io_read32((vaddr_t)&sfp_regs->ospr1) & SFP_OSPR1_DBLEV_MASK; 253 254 return TEE_SUCCESS; 255 } 256 257 TEE_Result ls_sfp_get_its(uint32_t *its) 258 { 259 if (!sfp_regs) { 260 EMSG("SFP driver not initialized"); 261 return TEE_ERROR_GENERIC; 262 } 263 264 if (!its) 265 return TEE_ERROR_BAD_PARAMETERS; 266 267 *its = io_read32((vaddr_t)&sfp_regs->ospr0) & SFP_OSPR0_ITS; 268 269 return TEE_SUCCESS; 270 } 271 272 TEE_Result ls_sfp_get_ouid(uint32_t index, uint32_t *ouid) 273 { 274 if (!sfp_regs) { 275 EMSG("SFP driver not initialized"); 276 return TEE_ERROR_GENERIC; 277 } 278 279 if (!ouid) 280 return TEE_ERROR_BAD_PARAMETERS; 281 282 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) { 283 DMSG("Index greater or equal to ouid: %"PRIu32" >= %zu", 284 index, ARRAY_SIZE(sfp_regs->ouidr)); 285 return TEE_ERROR_BAD_PARAMETERS; 286 } 287 288 *ouid = io_read32((vaddr_t)&sfp_regs->ouidr[index]); 289 290 return TEE_SUCCESS; 291 } 292 293 TEE_Result ls_sfp_get_sb(uint32_t *sb) 294 { 295 if (!sfp_regs) { 296 EMSG("SFP driver not initialized"); 297 return TEE_ERROR_GENERIC; 298 } 299 300 if (!sb) 301 return TEE_ERROR_BAD_PARAMETERS; 302 303 *sb = io_read32((vaddr_t)&sfp_regs->sfpcr) & SFP_SFPCR_SB; 304 305 return TEE_SUCCESS; 306 } 307 308 TEE_Result ls_sfp_get_srkh(uint32_t index, uint32_t *srkh) 309 { 310 if (!sfp_regs) { 311 EMSG("SFP driver not initialized"); 312 return TEE_ERROR_GENERIC; 313 } 314 315 if (!srkh) 316 return TEE_ERROR_BAD_PARAMETERS; 317 318 if (index >= ARRAY_SIZE(sfp_regs->srkhr)) { 319 DMSG("Index greater or equal to srkhr: %"PRIu32" >= %zu", 320 index, ARRAY_SIZE(sfp_regs->srkhr)); 321 return TEE_ERROR_BAD_PARAMETERS; 322 } 323 324 *srkh = io_read32((vaddr_t)&sfp_regs->srkhr[index]); 325 326 return TEE_SUCCESS; 327 } 328 329 TEE_Result ls_sfp_set_debug_level(uint32_t dblev) 330 { 331 uint32_t ospr1 = 0; 332 333 if (!sfp_regs) { 334 EMSG("SFP driver not initialized"); 335 return TEE_ERROR_GENERIC; 336 } 337 338 if (!dblev) 339 return TEE_SUCCESS; 340 341 ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1); 342 if (ospr1 & SFP_OSPR1_DBLEV_MASK) { 343 DMSG("Debug level has already been fused"); 344 return TEE_ERROR_SECURITY; 345 } 346 347 io_write32((vaddr_t)&sfp_regs->ospr1, ospr1 | dblev); 348 349 return ls_sfp_program_fuses(); 350 } 351 352 TEE_Result ls_sfp_set_its_wp(void) 353 { 354 uint32_t ospr0 = 0; 355 356 if (!sfp_regs) { 357 EMSG("SFP driver not initialized"); 358 return TEE_ERROR_GENERIC; 359 } 360 361 ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0); 362 if (ospr0 & (SFP_OSPR0_WP | SFP_OSPR0_ITS)) { 363 DMSG("SFP is already fused"); 364 return TEE_ERROR_SECURITY; 365 } 366 367 ospr0 |= SFP_OSPR0_WP | SFP_OSPR0_ITS; 368 io_write32((vaddr_t)&sfp_regs->ospr0, ospr0); 369 370 return ls_sfp_program_fuses(); 371 } 372 373 TEE_Result ls_sfp_set_ouid(uint32_t index, uint32_t ouid) 374 { 375 if (!sfp_regs) { 376 EMSG("SFP driver not initialized"); 377 return TEE_ERROR_GENERIC; 378 } 379 380 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) { 381 DMSG("Index greater or equal to ouid: %"PRIu32" >= %"PRIu32, 382 index, ARRAY_SIZE(sfp_regs->ouidr)); 383 return TEE_ERROR_BAD_PARAMETERS; 384 } 385 386 io_write32((vaddr_t)&sfp_regs->ouidr[index], ouid); 387 388 return ls_sfp_program_fuses(); 389 } 390 391 TEE_Result ls_sfp_status(void) 392 { 393 if (!sfp_regs) 394 return TEE_ERROR_GENERIC; 395 396 return TEE_SUCCESS; 397 } 398 399 driver_init(ls_sfp_init); 400