1d64485e4SEtienne Carriere // SPDX-License-Identifier: BSD-3-Clause 2d64485e4SEtienne Carriere /* 3d64485e4SEtienne Carriere * Copyright (c) 2017-2019, STMicroelectronics 4d64485e4SEtienne Carriere */ 5d64485e4SEtienne Carriere 6d64485e4SEtienne Carriere #include <assert.h> 7d64485e4SEtienne Carriere #include <drivers/stm32_bsec.h> 8d64485e4SEtienne Carriere #include <io.h> 9d64485e4SEtienne Carriere #include <kernel/delay.h> 10d64485e4SEtienne Carriere #include <kernel/generic_boot.h> 11d64485e4SEtienne Carriere #include <kernel/spinlock.h> 12d64485e4SEtienne Carriere #include <limits.h> 13d64485e4SEtienne Carriere #include <mm/core_memprot.h> 14d64485e4SEtienne Carriere #include <platform_config.h> 15d64485e4SEtienne Carriere #include <stm32_util.h> 16d64485e4SEtienne Carriere #include <types_ext.h> 17d64485e4SEtienne Carriere #include <util.h> 18d64485e4SEtienne Carriere 19d64485e4SEtienne Carriere #define BSEC_OTP_MASK GENMASK_32(4, 0) 20d64485e4SEtienne Carriere #define BSEC_OTP_BANK_SHIFT 5 21d64485e4SEtienne Carriere 22d64485e4SEtienne Carriere /* Permanent lock bitmasks */ 23d64485e4SEtienne Carriere #define ADDR_LOWER_OTP_PERLOCK_SHIFT 3 24d64485e4SEtienne Carriere #define DATA_LOWER_OTP_PERLOCK_BIT 3 25d64485e4SEtienne Carriere #define DATA_LOWER_OTP_PERLOCK_MASK GENMASK_32(2, 0) 26d64485e4SEtienne Carriere #define ADDR_UPPER_OTP_PERLOCK_SHIFT 4 27d64485e4SEtienne Carriere #define DATA_UPPER_OTP_PERLOCK_BIT 1 28d64485e4SEtienne Carriere #define DATA_UPPER_OTP_PERLOCK_MASK GENMASK_32(3, 0) 29d64485e4SEtienne Carriere 30d64485e4SEtienne Carriere /* BSEC register offset */ 31d64485e4SEtienne Carriere #define BSEC_OTP_CONF_OFF 0x000U 32d64485e4SEtienne Carriere #define BSEC_OTP_CTRL_OFF 0x004U 33d64485e4SEtienne Carriere #define BSEC_OTP_WRDATA_OFF 0x008U 34d64485e4SEtienne Carriere #define BSEC_OTP_STATUS_OFF 0x00CU 35d64485e4SEtienne Carriere #define BSEC_OTP_LOCK_OFF 0x010U 36d64485e4SEtienne Carriere #define BSEC_DEN_OFF 0x014U 37d64485e4SEtienne Carriere #define BSEC_FEN_OFF 0x018U 38d64485e4SEtienne Carriere #define BSEC_DISTURBED_OFF 0x01CU 39d64485e4SEtienne Carriere #define BSEC_DISTURBED1_OFF 0x020U 40d64485e4SEtienne Carriere #define BSEC_DISTURBED2_OFF 0x024U 41d64485e4SEtienne Carriere #define BSEC_ERROR_OFF 0x034U 42d64485e4SEtienne Carriere #define BSEC_ERROR1_OFF 0x038U 43d64485e4SEtienne Carriere #define BSEC_ERROR2_OFF 0x03CU 44d64485e4SEtienne Carriere #define BSEC_WRLOCK_OFF 0x04CU 45d64485e4SEtienne Carriere #define BSEC_WRLOCK1_OFF 0x050U 46d64485e4SEtienne Carriere #define BSEC_WRLOCK2_OFF 0x054U 47d64485e4SEtienne Carriere #define BSEC_SPLOCK_OFF 0x064U 48d64485e4SEtienne Carriere #define BSEC_SPLOCK1_OFF 0x068U 49d64485e4SEtienne Carriere #define BSEC_SPLOCK2_OFF 0x06CU 50d64485e4SEtienne Carriere #define BSEC_SWLOCK_OFF 0x07CU 51d64485e4SEtienne Carriere #define BSEC_SWLOCK1_OFF 0x080U 52d64485e4SEtienne Carriere #define BSEC_SWLOCK2_OFF 0x084U 53d64485e4SEtienne Carriere #define BSEC_SRLOCK_OFF 0x094U 54d64485e4SEtienne Carriere #define BSEC_SRLOCK1_OFF 0x098U 55d64485e4SEtienne Carriere #define BSEC_SRLOCK2_OFF 0x09CU 56d64485e4SEtienne Carriere #define BSEC_JTAG_IN_OFF 0x0ACU 57d64485e4SEtienne Carriere #define BSEC_JTAG_OUT_OFF 0x0B0U 58d64485e4SEtienne Carriere #define BSEC_SCRATCH_OFF 0x0B4U 59d64485e4SEtienne Carriere #define BSEC_OTP_DATA_OFF 0x200U 60d64485e4SEtienne Carriere #define BSEC_IPHW_CFG_OFF 0xFF0U 61d64485e4SEtienne Carriere #define BSEC_IPVR_OFF 0xFF4U 62d64485e4SEtienne Carriere #define BSEC_IP_ID_OFF 0xFF8U 63d64485e4SEtienne Carriere #define BSEC_IP_MAGIC_ID_OFF 0xFFCU 64d64485e4SEtienne Carriere 65d64485e4SEtienne Carriere /* BSEC_CONFIGURATION Register */ 66d64485e4SEtienne Carriere #define BSEC_CONF_POWER_UP_MASK BIT(0) 67d64485e4SEtienne Carriere #define BSEC_CONF_POWER_UP_SHIFT 0 68d64485e4SEtienne Carriere #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 69d64485e4SEtienne Carriere #define BSEC_CONF_FRQ_SHIFT 1 70d64485e4SEtienne Carriere #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 71d64485e4SEtienne Carriere #define BSEC_CONF_PRG_WIDTH_SHIFT 3 72d64485e4SEtienne Carriere #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 73d64485e4SEtienne Carriere #define BSEC_CONF_TREAD_SHIFT 7 74d64485e4SEtienne Carriere 75d64485e4SEtienne Carriere /* BSEC_CONTROL Register */ 76d64485e4SEtienne Carriere #define BSEC_READ 0x000U 77d64485e4SEtienne Carriere #define BSEC_WRITE 0x100U 78d64485e4SEtienne Carriere #define BSEC_LOCK 0x200U 79d64485e4SEtienne Carriere 80d64485e4SEtienne Carriere /* BSEC_STATUS Register */ 81d64485e4SEtienne Carriere #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0) 82d64485e4SEtienne Carriere #define BSEC_MODE_BUSY_MASK BIT(3) 83d64485e4SEtienne Carriere #define BSEC_MODE_PROGFAIL_MASK BIT(4) 84d64485e4SEtienne Carriere #define BSEC_MODE_PWR_MASK BIT(5) 85d64485e4SEtienne Carriere #define BSEC_MODE_BIST1_LOCK_MASK BIT(6) 86d64485e4SEtienne Carriere #define BSEC_MODE_BIST2_LOCK_MASK BIT(7) 87d64485e4SEtienne Carriere 88d64485e4SEtienne Carriere /* BSEC_DEBUG */ 89d64485e4SEtienne Carriere #define BSEC_HDPEN BIT(4) 90d64485e4SEtienne Carriere #define BSEC_SPIDEN BIT(5) 91d64485e4SEtienne Carriere #define BSEC_SPINDEN BIT(6) 92d64485e4SEtienne Carriere #define BSEC_DBGSWGEN BIT(10) 93d64485e4SEtienne Carriere #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0) 94d64485e4SEtienne Carriere 95d64485e4SEtienne Carriere /* 96d64485e4SEtienne Carriere * OTP Lock services definition 97d64485e4SEtienne Carriere * Value must corresponding to the bit position in the register 98d64485e4SEtienne Carriere */ 99d64485e4SEtienne Carriere #define BSEC_LOCK_UPPER_OTP 0x00 100d64485e4SEtienne Carriere #define BSEC_LOCK_DEBUG 0x02 101d64485e4SEtienne Carriere #define BSEC_LOCK_PROGRAM 0x03 102d64485e4SEtienne Carriere 103d64485e4SEtienne Carriere /* Timeout when polling on status */ 104d64485e4SEtienne Carriere #define BSEC_TIMEOUT_US 1000 105d64485e4SEtienne Carriere 106d64485e4SEtienne Carriere struct bsec_dev { 107d64485e4SEtienne Carriere struct io_pa_va base; 108d64485e4SEtienne Carriere unsigned int upper_base; 109d64485e4SEtienne Carriere unsigned int max_id; 110d64485e4SEtienne Carriere bool closed_device; 111d64485e4SEtienne Carriere }; 112d64485e4SEtienne Carriere 113d64485e4SEtienne Carriere /* Only 1 instance of BSEC is expected per platform */ 114d64485e4SEtienne Carriere static struct bsec_dev bsec_dev; 115d64485e4SEtienne Carriere 116d64485e4SEtienne Carriere /* BSEC access protection */ 117d64485e4SEtienne Carriere static unsigned int lock = SPINLOCK_UNLOCK; 118d64485e4SEtienne Carriere 119d64485e4SEtienne Carriere static uint32_t bsec_lock(void) 120d64485e4SEtienne Carriere { 121d64485e4SEtienne Carriere return may_spin_lock(&lock); 122d64485e4SEtienne Carriere } 123d64485e4SEtienne Carriere 124d64485e4SEtienne Carriere static void bsec_unlock(uint32_t exceptions) 125d64485e4SEtienne Carriere { 126d64485e4SEtienne Carriere may_spin_unlock(&lock, exceptions); 127d64485e4SEtienne Carriere } 128d64485e4SEtienne Carriere 129d64485e4SEtienne Carriere static uint32_t otp_max_id(void) 130d64485e4SEtienne Carriere { 131d64485e4SEtienne Carriere return bsec_dev.max_id; 132d64485e4SEtienne Carriere } 133d64485e4SEtienne Carriere 134d64485e4SEtienne Carriere static uint32_t otp_bank_offset(uint32_t otp_id) 135d64485e4SEtienne Carriere { 136d64485e4SEtienne Carriere assert(otp_id <= otp_max_id()); 137d64485e4SEtienne Carriere 138d64485e4SEtienne Carriere return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 139d64485e4SEtienne Carriere sizeof(uint32_t); 140d64485e4SEtienne Carriere } 141d64485e4SEtienne Carriere 142d64485e4SEtienne Carriere static vaddr_t bsec_base(void) 143d64485e4SEtienne Carriere { 144*68c4a16bSEtienne Carriere return io_pa_or_va_secure(&bsec_dev.base); 145d64485e4SEtienne Carriere } 146d64485e4SEtienne Carriere 147d64485e4SEtienne Carriere static uint32_t bsec_status(void) 148d64485e4SEtienne Carriere { 149d64485e4SEtienne Carriere return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 150d64485e4SEtienne Carriere } 151d64485e4SEtienne Carriere 152d64485e4SEtienne Carriere static TEE_Result check_no_error(uint32_t otp_id) 153d64485e4SEtienne Carriere { 154d64485e4SEtienne Carriere uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 155d64485e4SEtienne Carriere uint32_t bank = otp_bank_offset(otp_id); 156d64485e4SEtienne Carriere 157d64485e4SEtienne Carriere if (io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 158d64485e4SEtienne Carriere return TEE_ERROR_GENERIC; 159d64485e4SEtienne Carriere 160d64485e4SEtienne Carriere if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 161d64485e4SEtienne Carriere return TEE_ERROR_GENERIC; 162d64485e4SEtienne Carriere 163d64485e4SEtienne Carriere return TEE_SUCCESS; 164d64485e4SEtienne Carriere } 165d64485e4SEtienne Carriere 166d64485e4SEtienne Carriere static TEE_Result power_up_safmem(void) 167d64485e4SEtienne Carriere { 168d64485e4SEtienne Carriere uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 169d64485e4SEtienne Carriere 170d64485e4SEtienne Carriere io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 171d64485e4SEtienne Carriere BSEC_CONF_POWER_UP_MASK); 172d64485e4SEtienne Carriere 173d64485e4SEtienne Carriere /* 174d64485e4SEtienne Carriere * If a timeout is detected, test the condition again to consider 175d64485e4SEtienne Carriere * cases where timeout is due to the executing TEE thread rescheduling. 176d64485e4SEtienne Carriere */ 177d64485e4SEtienne Carriere while (!timeout_elapsed(timeout_ref)) 178d64485e4SEtienne Carriere if (bsec_status() & BSEC_MODE_PWR_MASK) 179d64485e4SEtienne Carriere break; 180d64485e4SEtienne Carriere 181d64485e4SEtienne Carriere if (bsec_status() & BSEC_MODE_PWR_MASK) 182d64485e4SEtienne Carriere return TEE_SUCCESS; 183d64485e4SEtienne Carriere 184d64485e4SEtienne Carriere return TEE_ERROR_GENERIC; 185d64485e4SEtienne Carriere } 186d64485e4SEtienne Carriere 187d64485e4SEtienne Carriere static TEE_Result power_down_safmem(void) 188d64485e4SEtienne Carriere { 189d64485e4SEtienne Carriere uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 190d64485e4SEtienne Carriere 191d64485e4SEtienne Carriere io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 192d64485e4SEtienne Carriere 193d64485e4SEtienne Carriere /* 194d64485e4SEtienne Carriere * If a timeout is detected, test the condition again to consider 195d64485e4SEtienne Carriere * cases where timeout is due to the executing TEE thread rescheduling. 196d64485e4SEtienne Carriere */ 197d64485e4SEtienne Carriere while (!timeout_elapsed(timeout_ref)) 198d64485e4SEtienne Carriere if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 199d64485e4SEtienne Carriere break; 200d64485e4SEtienne Carriere 201d64485e4SEtienne Carriere if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 202d64485e4SEtienne Carriere return TEE_SUCCESS; 203d64485e4SEtienne Carriere 204d64485e4SEtienne Carriere return TEE_ERROR_GENERIC; 205d64485e4SEtienne Carriere } 206d64485e4SEtienne Carriere 207d64485e4SEtienne Carriere TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 208d64485e4SEtienne Carriere { 209d64485e4SEtienne Carriere TEE_Result result = 0; 210d64485e4SEtienne Carriere uint32_t exceptions = 0; 211d64485e4SEtienne Carriere uint64_t timeout_ref = 0; 212d64485e4SEtienne Carriere 213d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 214d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 215d64485e4SEtienne Carriere 216d64485e4SEtienne Carriere /* Check if shadowing of OTP is locked */ 217d64485e4SEtienne Carriere if (stm32_bsec_read_sr_lock(otp_id)) 218d64485e4SEtienne Carriere IMSG("OTP locked, register will not be refreshed"); 219d64485e4SEtienne Carriere 220d64485e4SEtienne Carriere exceptions = bsec_lock(); 221d64485e4SEtienne Carriere 222d64485e4SEtienne Carriere result = power_up_safmem(); 223d64485e4SEtienne Carriere if (result) 224d64485e4SEtienne Carriere return result; 225d64485e4SEtienne Carriere 226d64485e4SEtienne Carriere io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 227d64485e4SEtienne Carriere 228d64485e4SEtienne Carriere timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 229d64485e4SEtienne Carriere while (!timeout_elapsed(timeout_ref)) 230d64485e4SEtienne Carriere if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 231d64485e4SEtienne Carriere break; 232d64485e4SEtienne Carriere 233d64485e4SEtienne Carriere if (bsec_status() & BSEC_MODE_BUSY_MASK) 234d64485e4SEtienne Carriere result = TEE_ERROR_GENERIC; 235d64485e4SEtienne Carriere else 236d64485e4SEtienne Carriere result = check_no_error(otp_id); 237d64485e4SEtienne Carriere 238d64485e4SEtienne Carriere power_down_safmem(); 239d64485e4SEtienne Carriere 240d64485e4SEtienne Carriere bsec_unlock(exceptions); 241d64485e4SEtienne Carriere 242d64485e4SEtienne Carriere return result; 243d64485e4SEtienne Carriere } 244d64485e4SEtienne Carriere 245d64485e4SEtienne Carriere TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 246d64485e4SEtienne Carriere { 247d64485e4SEtienne Carriere TEE_Result result = 0; 248d64485e4SEtienne Carriere uint32_t exceptions = 0; 249d64485e4SEtienne Carriere 250d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 251d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 252d64485e4SEtienne Carriere 253d64485e4SEtienne Carriere exceptions = bsec_lock(); 254d64485e4SEtienne Carriere 255d64485e4SEtienne Carriere *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 256d64485e4SEtienne Carriere (otp_id * sizeof(uint32_t))); 257d64485e4SEtienne Carriere 258d64485e4SEtienne Carriere result = check_no_error(otp_id); 259d64485e4SEtienne Carriere 260d64485e4SEtienne Carriere bsec_unlock(exceptions); 261d64485e4SEtienne Carriere 262d64485e4SEtienne Carriere return result; 263d64485e4SEtienne Carriere } 264d64485e4SEtienne Carriere 265d64485e4SEtienne Carriere TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 266d64485e4SEtienne Carriere { 267d64485e4SEtienne Carriere TEE_Result result = 0; 268d64485e4SEtienne Carriere 269d64485e4SEtienne Carriere result = stm32_bsec_shadow_register(otp_id); 270d64485e4SEtienne Carriere if (result) { 271d64485e4SEtienne Carriere EMSG("BSEC %" PRIu32 " Shadowing Error %x", otp_id, result); 272d64485e4SEtienne Carriere return result; 273d64485e4SEtienne Carriere } 274d64485e4SEtienne Carriere 275d64485e4SEtienne Carriere result = stm32_bsec_read_otp(otp_value, otp_id); 276d64485e4SEtienne Carriere if (result) 277d64485e4SEtienne Carriere EMSG("BSEC %" PRIu32 " Read Error %x", otp_id, result); 278d64485e4SEtienne Carriere 279d64485e4SEtienne Carriere return result; 280d64485e4SEtienne Carriere } 281d64485e4SEtienne Carriere 282d64485e4SEtienne Carriere TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 283d64485e4SEtienne Carriere { 284d64485e4SEtienne Carriere TEE_Result result = 0; 285d64485e4SEtienne Carriere uint32_t exceptions = 0; 286d64485e4SEtienne Carriere vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 287d64485e4SEtienne Carriere 288d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 289d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 290d64485e4SEtienne Carriere 291d64485e4SEtienne Carriere /* Check if programming of OTP is locked */ 292d64485e4SEtienne Carriere if (stm32_bsec_read_sw_lock(otp_id)) 293d64485e4SEtienne Carriere IMSG("OTP locked, write will be ignored"); 294d64485e4SEtienne Carriere 295d64485e4SEtienne Carriere exceptions = bsec_lock(); 296d64485e4SEtienne Carriere 297d64485e4SEtienne Carriere io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 298d64485e4SEtienne Carriere 299d64485e4SEtienne Carriere result = check_no_error(otp_id); 300d64485e4SEtienne Carriere 301d64485e4SEtienne Carriere bsec_unlock(exceptions); 302d64485e4SEtienne Carriere 303d64485e4SEtienne Carriere return result; 304d64485e4SEtienne Carriere } 305d64485e4SEtienne Carriere 306d64485e4SEtienne Carriere TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 307d64485e4SEtienne Carriere { 308d64485e4SEtienne Carriere TEE_Result result = 0; 309d64485e4SEtienne Carriere uint32_t exceptions = 0; 310d64485e4SEtienne Carriere uint64_t timeout_ref; 311d64485e4SEtienne Carriere 312d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 313d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 314d64485e4SEtienne Carriere 315d64485e4SEtienne Carriere /* Check if programming of OTP is locked */ 316d64485e4SEtienne Carriere if (stm32_bsec_read_sp_lock(otp_id)) 317d64485e4SEtienne Carriere IMSG("OTP locked, prog will be ignored"); 318d64485e4SEtienne Carriere 319d64485e4SEtienne Carriere if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 320d64485e4SEtienne Carriere IMSG("GPLOCK activated, prog will be ignored"); 321d64485e4SEtienne Carriere 322d64485e4SEtienne Carriere exceptions = bsec_lock(); 323d64485e4SEtienne Carriere 324d64485e4SEtienne Carriere result = power_up_safmem(); 325d64485e4SEtienne Carriere if (result) 326d64485e4SEtienne Carriere return result; 327d64485e4SEtienne Carriere 328d64485e4SEtienne Carriere io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 329d64485e4SEtienne Carriere io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 330d64485e4SEtienne Carriere 331d64485e4SEtienne Carriere timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 332d64485e4SEtienne Carriere while (!timeout_elapsed(timeout_ref)) 333d64485e4SEtienne Carriere if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 334d64485e4SEtienne Carriere break; 335d64485e4SEtienne Carriere 336d64485e4SEtienne Carriere if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK)) 337d64485e4SEtienne Carriere result = TEE_ERROR_GENERIC; 338d64485e4SEtienne Carriere else 339d64485e4SEtienne Carriere result = check_no_error(otp_id); 340d64485e4SEtienne Carriere 341d64485e4SEtienne Carriere power_down_safmem(); 342d64485e4SEtienne Carriere 343d64485e4SEtienne Carriere bsec_unlock(exceptions); 344d64485e4SEtienne Carriere 345d64485e4SEtienne Carriere return result; 346d64485e4SEtienne Carriere } 347d64485e4SEtienne Carriere 348d64485e4SEtienne Carriere TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 349d64485e4SEtienne Carriere { 350d64485e4SEtienne Carriere TEE_Result result = 0; 351d64485e4SEtienne Carriere uint32_t data = 0; 352d64485e4SEtienne Carriere uint32_t addr = 0; 353d64485e4SEtienne Carriere uint32_t exceptions = 0; 354d64485e4SEtienne Carriere vaddr_t base = bsec_base(); 355d64485e4SEtienne Carriere uint64_t timeout_ref; 356d64485e4SEtienne Carriere 357d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 358d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 359d64485e4SEtienne Carriere 360d64485e4SEtienne Carriere if (otp_id < bsec_dev.upper_base) { 361d64485e4SEtienne Carriere addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT; 362d64485e4SEtienne Carriere data = DATA_LOWER_OTP_PERLOCK_BIT << 363d64485e4SEtienne Carriere ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U); 364d64485e4SEtienne Carriere } else { 365d64485e4SEtienne Carriere addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U; 366d64485e4SEtienne Carriere data = DATA_UPPER_OTP_PERLOCK_BIT << 367d64485e4SEtienne Carriere (otp_id & DATA_UPPER_OTP_PERLOCK_MASK); 368d64485e4SEtienne Carriere } 369d64485e4SEtienne Carriere 370d64485e4SEtienne Carriere exceptions = bsec_lock(); 371d64485e4SEtienne Carriere 372d64485e4SEtienne Carriere result = power_up_safmem(); 373d64485e4SEtienne Carriere if (result) 374d64485e4SEtienne Carriere return result; 375d64485e4SEtienne Carriere 376d64485e4SEtienne Carriere io_write32(base + BSEC_OTP_WRDATA_OFF, data); 377d64485e4SEtienne Carriere io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 378d64485e4SEtienne Carriere 379d64485e4SEtienne Carriere timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 380d64485e4SEtienne Carriere while (!timeout_elapsed(timeout_ref)) 381d64485e4SEtienne Carriere if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 382d64485e4SEtienne Carriere break; 383d64485e4SEtienne Carriere 384d64485e4SEtienne Carriere if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK)) 385d64485e4SEtienne Carriere result = TEE_ERROR_BAD_PARAMETERS; 386d64485e4SEtienne Carriere else 387d64485e4SEtienne Carriere result = check_no_error(otp_id); 388d64485e4SEtienne Carriere 389d64485e4SEtienne Carriere power_down_safmem(); 390d64485e4SEtienne Carriere 391d64485e4SEtienne Carriere bsec_unlock(exceptions); 392d64485e4SEtienne Carriere 393d64485e4SEtienne Carriere return result; 394d64485e4SEtienne Carriere } 395d64485e4SEtienne Carriere 396d64485e4SEtienne Carriere TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 397d64485e4SEtienne Carriere { 398d64485e4SEtienne Carriere TEE_Result result = TEE_ERROR_GENERIC; 399d64485e4SEtienne Carriere uint32_t masked_val = value & BSEC_DEN_ALL_MSK; 400d64485e4SEtienne Carriere uint32_t exceptions = 0; 401d64485e4SEtienne Carriere 402d64485e4SEtienne Carriere exceptions = bsec_lock(); 403d64485e4SEtienne Carriere 404d64485e4SEtienne Carriere io_write32(bsec_base() + BSEC_DEN_OFF, value); 405d64485e4SEtienne Carriere 406d64485e4SEtienne Carriere if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U) 407d64485e4SEtienne Carriere result = TEE_SUCCESS; 408d64485e4SEtienne Carriere 409d64485e4SEtienne Carriere bsec_unlock(exceptions); 410d64485e4SEtienne Carriere 411d64485e4SEtienne Carriere return result; 412d64485e4SEtienne Carriere } 413d64485e4SEtienne Carriere 414d64485e4SEtienne Carriere uint32_t stm32_bsec_read_debug_conf(void) 415d64485e4SEtienne Carriere { 416d64485e4SEtienne Carriere return io_read32(bsec_base() + BSEC_DEN_OFF); 417d64485e4SEtienne Carriere } 418d64485e4SEtienne Carriere 419d64485e4SEtienne Carriere static bool write_bsec_lock(uint32_t otp_id, uint32_t value, size_t lock_offset) 420d64485e4SEtienne Carriere { 421d64485e4SEtienne Carriere uint32_t bank = otp_bank_offset(otp_id); 422d64485e4SEtienne Carriere uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 423d64485e4SEtienne Carriere vaddr_t lock_addr = bsec_base() + bank + lock_offset; 424d64485e4SEtienne Carriere uint32_t bank_value = 0; 425d64485e4SEtienne Carriere uint32_t exceptions = 0; 426d64485e4SEtienne Carriere 427d64485e4SEtienne Carriere if (!value) 428d64485e4SEtienne Carriere return false; 429d64485e4SEtienne Carriere 430d64485e4SEtienne Carriere exceptions = bsec_lock(); 431d64485e4SEtienne Carriere 432d64485e4SEtienne Carriere bank_value = io_read32(lock_addr); 433d64485e4SEtienne Carriere 434d64485e4SEtienne Carriere if ((bank_value & otp_mask) != value) { 435d64485e4SEtienne Carriere /* 436d64485e4SEtienne Carriere * We can write 0 in all other OTP 437d64485e4SEtienne Carriere * if the lock is activated in one of other OTP. 438d64485e4SEtienne Carriere * Write 0 has no effect. 439d64485e4SEtienne Carriere */ 440d64485e4SEtienne Carriere io_write32(lock_addr, bank_value | otp_mask); 441d64485e4SEtienne Carriere } 442d64485e4SEtienne Carriere 443d64485e4SEtienne Carriere bsec_unlock(exceptions); 444d64485e4SEtienne Carriere 445d64485e4SEtienne Carriere return true; 446d64485e4SEtienne Carriere } 447d64485e4SEtienne Carriere 448d64485e4SEtienne Carriere bool stm32_bsec_write_sr_lock(uint32_t otp_id, uint32_t value) 449d64485e4SEtienne Carriere { 450d64485e4SEtienne Carriere return write_bsec_lock(otp_id, value, BSEC_SRLOCK_OFF); 451d64485e4SEtienne Carriere } 452d64485e4SEtienne Carriere 453d64485e4SEtienne Carriere bool stm32_bsec_write_sw_lock(uint32_t otp_id, uint32_t value) 454d64485e4SEtienne Carriere { 455d64485e4SEtienne Carriere return write_bsec_lock(otp_id, value, BSEC_SWLOCK_OFF); 456d64485e4SEtienne Carriere } 457d64485e4SEtienne Carriere 458d64485e4SEtienne Carriere bool stm32_bsec_write_sp_lock(uint32_t otp_id, uint32_t value) 459d64485e4SEtienne Carriere { 460d64485e4SEtienne Carriere return write_bsec_lock(otp_id, value, BSEC_SPLOCK_OFF); 461d64485e4SEtienne Carriere } 462d64485e4SEtienne Carriere 463d64485e4SEtienne Carriere static bool read_bsec_lock(uint32_t otp_id, size_t lock_offset) 464d64485e4SEtienne Carriere { 465d64485e4SEtienne Carriere uint32_t bank = otp_bank_offset(otp_id); 466d64485e4SEtienne Carriere uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 467d64485e4SEtienne Carriere vaddr_t lock_addr = bsec_base() + bank + lock_offset; 468d64485e4SEtienne Carriere 469d64485e4SEtienne Carriere return io_read32(lock_addr) & otp_mask; 470d64485e4SEtienne Carriere } 471d64485e4SEtienne Carriere 472d64485e4SEtienne Carriere bool stm32_bsec_read_sr_lock(uint32_t otp_id) 473d64485e4SEtienne Carriere { 474d64485e4SEtienne Carriere return read_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 475d64485e4SEtienne Carriere } 476d64485e4SEtienne Carriere 477d64485e4SEtienne Carriere bool stm32_bsec_read_sw_lock(uint32_t otp_id) 478d64485e4SEtienne Carriere { 479d64485e4SEtienne Carriere return read_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 480d64485e4SEtienne Carriere } 481d64485e4SEtienne Carriere 482d64485e4SEtienne Carriere bool stm32_bsec_read_sp_lock(uint32_t otp_id) 483d64485e4SEtienne Carriere { 484d64485e4SEtienne Carriere return read_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 485d64485e4SEtienne Carriere } 486d64485e4SEtienne Carriere 487d64485e4SEtienne Carriere bool stm32_bsec_wr_lock(uint32_t otp_id) 488d64485e4SEtienne Carriere { 489d64485e4SEtienne Carriere uint32_t bank = otp_bank_offset(otp_id); 490d64485e4SEtienne Carriere uint32_t lock_bit = BIT(otp_id & BSEC_OTP_MASK); 491d64485e4SEtienne Carriere 492d64485e4SEtienne Carriere if (io_read32(bsec_base() + BSEC_WRLOCK_OFF + bank) & lock_bit) { 493d64485e4SEtienne Carriere /* 494d64485e4SEtienne Carriere * In case of write don't need to write, 495d64485e4SEtienne Carriere * the lock is already set. 496d64485e4SEtienne Carriere */ 497d64485e4SEtienne Carriere return true; 498d64485e4SEtienne Carriere } 499d64485e4SEtienne Carriere 500d64485e4SEtienne Carriere return false; 501d64485e4SEtienne Carriere } 502d64485e4SEtienne Carriere 503d64485e4SEtienne Carriere uint32_t stm32_bsec_otp_lock(uint32_t service, uint32_t value) 504d64485e4SEtienne Carriere { 505d64485e4SEtienne Carriere vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 506d64485e4SEtienne Carriere 507d64485e4SEtienne Carriere switch (service) { 508d64485e4SEtienne Carriere case BSEC_LOCK_UPPER_OTP: 509d64485e4SEtienne Carriere io_write32(addr, value << BSEC_LOCK_UPPER_OTP); 510d64485e4SEtienne Carriere break; 511d64485e4SEtienne Carriere case BSEC_LOCK_DEBUG: 512d64485e4SEtienne Carriere io_write32(addr, value << BSEC_LOCK_DEBUG); 513d64485e4SEtienne Carriere break; 514d64485e4SEtienne Carriere case BSEC_LOCK_PROGRAM: 515d64485e4SEtienne Carriere io_write32(addr, value << BSEC_LOCK_PROGRAM); 516d64485e4SEtienne Carriere break; 517d64485e4SEtienne Carriere default: 518d64485e4SEtienne Carriere return TEE_ERROR_BAD_PARAMETERS; 519d64485e4SEtienne Carriere } 520d64485e4SEtienne Carriere 521d64485e4SEtienne Carriere return TEE_SUCCESS; 522d64485e4SEtienne Carriere } 523d64485e4SEtienne Carriere 524d64485e4SEtienne Carriere bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 525d64485e4SEtienne Carriere { 526d64485e4SEtienne Carriere if (otp_id > otp_max_id()) 527d64485e4SEtienne Carriere return false; 528d64485e4SEtienne Carriere 529d64485e4SEtienne Carriere return otp_id < bsec_dev.upper_base || !bsec_dev.closed_device; 530d64485e4SEtienne Carriere } 531d64485e4SEtienne Carriere 532d64485e4SEtienne Carriere static TEE_Result initialize_bsec(void) 533d64485e4SEtienne Carriere { 534d64485e4SEtienne Carriere struct stm32_bsec_static_cfg cfg = { 0 }; 535d64485e4SEtienne Carriere uint32_t otp = 0; 536d64485e4SEtienne Carriere TEE_Result result = 0; 537d64485e4SEtienne Carriere 538d64485e4SEtienne Carriere stm32mp_get_bsec_static_cfg(&cfg); 539d64485e4SEtienne Carriere 540d64485e4SEtienne Carriere bsec_dev.base.pa = cfg.base; 541d64485e4SEtienne Carriere bsec_dev.upper_base = cfg.upper_start; 542d64485e4SEtienne Carriere bsec_dev.max_id = cfg.max_id; 543d64485e4SEtienne Carriere bsec_dev.closed_device = true; 544d64485e4SEtienne Carriere 545d64485e4SEtienne Carriere /* Disable closed device mode upon platform closed device OTP value */ 546d64485e4SEtienne Carriere result = stm32_bsec_shadow_read_otp(&otp, cfg.closed_device_id); 547d64485e4SEtienne Carriere if (!result && !(otp & BIT(cfg.closed_device_position))) 548d64485e4SEtienne Carriere bsec_dev.closed_device = false; 549d64485e4SEtienne Carriere 550d64485e4SEtienne Carriere return TEE_SUCCESS; 551d64485e4SEtienne Carriere } 552d64485e4SEtienne Carriere 553d64485e4SEtienne Carriere driver_init(initialize_bsec); 554