1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/pm.h> 14 #include <kernel/spinlock.h> 15 #include <libfdt.h> 16 #include <limits.h> 17 #include <mm/core_memprot.h> 18 #include <platform_config.h> 19 #include <stm32_util.h> 20 #include <string.h> 21 #include <tee_api_defines.h> 22 #include <types_ext.h> 23 #include <util.h> 24 25 #ifdef CFG_STM32MP13 26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec" 27 #endif 28 #ifdef CFG_STM32MP15 29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec" 30 #endif 31 32 #define BSEC_OTP_MASK GENMASK_32(4, 0) 33 #define BSEC_OTP_BANK_SHIFT U(5) 34 35 /* Permanent lock bitmasks */ 36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 38 39 /* BSEC register offset */ 40 #define BSEC_OTP_CONF_OFF U(0x000) 41 #define BSEC_OTP_CTRL_OFF U(0x004) 42 #define BSEC_OTP_WRDATA_OFF U(0x008) 43 #define BSEC_OTP_STATUS_OFF U(0x00C) 44 #define BSEC_OTP_LOCK_OFF U(0x010) 45 #define BSEC_DEN_OFF U(0x014) 46 #define BSEC_FEN_OFF U(0x018) 47 #define BSEC_DISTURBED_OFF U(0x01C) 48 #define BSEC_DISTURBED1_OFF U(0x020) 49 #define BSEC_DISTURBED2_OFF U(0x024) 50 #define BSEC_ERROR_OFF U(0x034) 51 #define BSEC_ERROR1_OFF U(0x038) 52 #define BSEC_ERROR2_OFF U(0x03C) 53 #define BSEC_WRLOCK_OFF U(0x04C) 54 #define BSEC_WRLOCK1_OFF U(0x050) 55 #define BSEC_WRLOCK2_OFF U(0x054) 56 #define BSEC_SPLOCK_OFF U(0x064) 57 #define BSEC_SPLOCK1_OFF U(0x068) 58 #define BSEC_SPLOCK2_OFF U(0x06C) 59 #define BSEC_SWLOCK_OFF U(0x07C) 60 #define BSEC_SWLOCK1_OFF U(0x080) 61 #define BSEC_SWLOCK2_OFF U(0x084) 62 #define BSEC_SRLOCK_OFF U(0x094) 63 #define BSEC_SRLOCK1_OFF U(0x098) 64 #define BSEC_SRLOCK2_OFF U(0x09C) 65 #define BSEC_JTAG_IN_OFF U(0x0AC) 66 #define BSEC_JTAG_OUT_OFF U(0x0B0) 67 #define BSEC_SCRATCH_OFF U(0x0B4) 68 #define BSEC_OTP_DATA_OFF U(0x200) 69 #define BSEC_IPHW_CFG_OFF U(0xFF0) 70 #define BSEC_IPVR_OFF U(0xFF4) 71 #define BSEC_IP_ID_OFF U(0xFF8) 72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 73 74 /* BSEC_CONFIGURATION Register */ 75 #define BSEC_CONF_POWER_UP_MASK BIT(0) 76 #define BSEC_CONF_POWER_UP_SHIFT U(0) 77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 78 #define BSEC_CONF_FRQ_SHIFT U(1) 79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 82 #define BSEC_CONF_TREAD_SHIFT U(7) 83 84 /* BSEC_CONTROL Register */ 85 #define BSEC_READ U(0x000) 86 #define BSEC_WRITE U(0x100) 87 #define BSEC_LOCK U(0x200) 88 89 /* BSEC_STATUS Register */ 90 #define BSEC_MODE_SECURED BIT(0) 91 #define BSEC_MODE_INVALID BIT(2) 92 #define BSEC_MODE_BUSY BIT(3) 93 #define BSEC_MODE_PROGFAIL BIT(4) 94 #define BSEC_MODE_PWR BIT(5) 95 #define BSEC_MODE_CLOSED BIT(8) 96 97 /* BSEC_DEBUG bitfields */ 98 #ifdef CFG_STM32MP13 99 #define BSEC_DEN_ALL_MSK (GENMASK_32(11, 10) | GENMASK_32(8, 1)) 100 #endif 101 #ifdef CFG_STM32MP15 102 #define BSEC_DEN_ALL_MSK GENMASK_32(11, 1) 103 #endif 104 105 /* 106 * OTP Lock services definition 107 * Value must corresponding to the bit position in the register 108 */ 109 #define BSEC_LOCK_UPPER_OTP U(0x00) 110 #define BSEC_LOCK_DEBUG U(0x02) 111 #define BSEC_LOCK_PROGRAM U(0x04) 112 113 /* Timeout when polling on status */ 114 #define BSEC_TIMEOUT_US U(10000) 115 116 struct bsec_dev { 117 struct io_pa_va base; 118 unsigned int upper_base; 119 unsigned int max_id; 120 uint32_t *nsec_access; 121 }; 122 123 /* Only 1 instance of BSEC is expected per platform */ 124 static struct bsec_dev bsec_dev; 125 126 /* BSEC access protection */ 127 static unsigned int lock = SPINLOCK_UNLOCK; 128 129 static uint32_t bsec_lock(void) 130 { 131 return may_spin_lock(&lock); 132 } 133 134 static void bsec_unlock(uint32_t exceptions) 135 { 136 may_spin_unlock(&lock, exceptions); 137 } 138 139 static uint32_t otp_max_id(void) 140 { 141 return bsec_dev.max_id; 142 } 143 144 static uint32_t otp_upper_base(void) 145 { 146 return bsec_dev.upper_base; 147 } 148 149 static uint32_t otp_bank_offset(uint32_t otp_id) 150 { 151 assert(otp_id <= otp_max_id()); 152 153 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 154 sizeof(uint32_t); 155 } 156 157 static vaddr_t bsec_base(void) 158 { 159 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 160 } 161 162 static uint32_t bsec_status(void) 163 { 164 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 165 } 166 167 static bool state_is_invalid_mode(void) 168 { 169 return bsec_status() & BSEC_MODE_INVALID; 170 } 171 172 static bool state_is_secured_mode(void) 173 { 174 return bsec_status() & BSEC_MODE_SECURED; 175 } 176 177 static bool state_is_closed_mode(void) 178 { 179 uint32_t otp_cfg = 0; 180 uint32_t close_mode = 0; 181 TEE_Result res = TEE_ERROR_GENERIC; 182 183 if (IS_ENABLED(CFG_STM32MP13)) 184 return bsec_status() & BSEC_MODE_CLOSED; 185 186 res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg, NULL); 187 if (res) 188 panic("CFG0 OTP not found"); 189 190 if (stm32_bsec_read_otp(&close_mode, otp_cfg)) 191 panic("Unable to read OTP"); 192 193 return close_mode & CFG0_OTP_CLOSED_DEVICE; 194 } 195 196 /* 197 * Check that BSEC interface does not report an error 198 * @otp_id : OTP number 199 * @check_disturbed: check only error (false) or all sources (true) 200 * Return a TEE_Result compliant value 201 */ 202 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 203 { 204 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 205 uint32_t bank = otp_bank_offset(otp_id); 206 207 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 208 return TEE_ERROR_GENERIC; 209 210 if (check_disturbed && 211 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 212 return TEE_ERROR_GENERIC; 213 214 return TEE_SUCCESS; 215 } 216 217 static TEE_Result power_up_safmem(void) 218 { 219 uint64_t timeout_ref = 0; 220 221 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 222 BSEC_CONF_POWER_UP_MASK); 223 224 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 225 while (!timeout_elapsed(timeout_ref)) 226 if (bsec_status() & BSEC_MODE_PWR) 227 break; 228 229 if (bsec_status() & BSEC_MODE_PWR) 230 return TEE_SUCCESS; 231 232 return TEE_ERROR_GENERIC; 233 } 234 235 static TEE_Result power_down_safmem(void) 236 { 237 uint64_t timeout_ref = 0; 238 239 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 240 241 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 242 while (!timeout_elapsed(timeout_ref)) 243 if (!(bsec_status() & BSEC_MODE_PWR)) 244 break; 245 246 if (!(bsec_status() & BSEC_MODE_PWR)) 247 return TEE_SUCCESS; 248 249 return TEE_ERROR_GENERIC; 250 } 251 252 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 253 { 254 TEE_Result result = 0; 255 uint32_t exceptions = 0; 256 uint64_t timeout_ref = 0; 257 bool locked = false; 258 259 /* Check if shadowing of OTP is locked, informative only */ 260 result = stm32_bsec_read_sr_lock(otp_id, &locked); 261 if (result) 262 return result; 263 264 if (locked) 265 DMSG("BSEC shadow warning: OTP locked"); 266 267 if (state_is_invalid_mode()) 268 return TEE_ERROR_SECURITY; 269 270 exceptions = bsec_lock(); 271 272 result = power_up_safmem(); 273 if (result) 274 goto out; 275 276 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 277 278 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 279 while (!timeout_elapsed(timeout_ref)) 280 if (!(bsec_status() & BSEC_MODE_BUSY)) 281 break; 282 283 if (bsec_status() & BSEC_MODE_BUSY) 284 result = TEE_ERROR_BUSY; 285 else 286 result = check_no_error(otp_id, true /* check-disturbed */); 287 288 power_down_safmem(); 289 290 out: 291 bsec_unlock(exceptions); 292 293 return result; 294 } 295 296 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 297 { 298 if (otp_id > otp_max_id()) 299 return TEE_ERROR_BAD_PARAMETERS; 300 301 if (state_is_invalid_mode()) 302 return TEE_ERROR_SECURITY; 303 304 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 305 (otp_id * sizeof(uint32_t))); 306 307 return TEE_SUCCESS; 308 } 309 310 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 311 { 312 TEE_Result result = 0; 313 314 result = stm32_bsec_shadow_register(otp_id); 315 if (result) { 316 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 317 return result; 318 } 319 320 result = stm32_bsec_read_otp(otp_value, otp_id); 321 if (result) 322 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 323 324 return result; 325 } 326 327 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 328 { 329 TEE_Result result = 0; 330 uint32_t exceptions = 0; 331 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 332 bool locked = false; 333 334 /* Check if write of OTP is locked, informative only */ 335 result = stm32_bsec_read_sw_lock(otp_id, &locked); 336 if (result) 337 return result; 338 339 if (locked) 340 DMSG("BSEC write warning: OTP locked"); 341 342 if (state_is_invalid_mode()) 343 return TEE_ERROR_SECURITY; 344 345 exceptions = bsec_lock(); 346 347 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 348 349 bsec_unlock(exceptions); 350 351 return TEE_SUCCESS; 352 } 353 354 #ifdef CFG_STM32_BSEC_WRITE 355 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 356 { 357 TEE_Result result = 0; 358 uint32_t exceptions = 0; 359 uint64_t timeout_ref = 0; 360 bool locked = false; 361 362 /* Check if shadowing of OTP is locked, informative only */ 363 result = stm32_bsec_read_sp_lock(otp_id, &locked); 364 if (result) 365 return result; 366 367 if (locked) 368 DMSG("BSEC program warning: OTP locked"); 369 370 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 371 DMSG("BSEC program warning: GPLOCK activated"); 372 373 if (state_is_invalid_mode()) 374 return TEE_ERROR_SECURITY; 375 376 exceptions = bsec_lock(); 377 378 result = power_up_safmem(); 379 if (result) 380 goto out; 381 382 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 383 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 384 385 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 386 while (!timeout_elapsed(timeout_ref)) 387 if (!(bsec_status() & BSEC_MODE_BUSY)) 388 break; 389 390 if (bsec_status() & BSEC_MODE_BUSY) 391 result = TEE_ERROR_BUSY; 392 else if (bsec_status() & BSEC_MODE_PROGFAIL) 393 result = TEE_ERROR_BAD_PARAMETERS; 394 else 395 result = check_no_error(otp_id, true /* check-disturbed */); 396 397 power_down_safmem(); 398 399 out: 400 bsec_unlock(exceptions); 401 402 return result; 403 } 404 #endif /*CFG_STM32_BSEC_WRITE*/ 405 406 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 407 { 408 TEE_Result result = 0; 409 uint32_t data = 0; 410 uint32_t addr = 0; 411 uint32_t exceptions = 0; 412 vaddr_t base = bsec_base(); 413 uint64_t timeout_ref = 0; 414 uint32_t upper_base = otp_upper_base(); 415 416 if (otp_id > otp_max_id()) 417 return TEE_ERROR_BAD_PARAMETERS; 418 419 /* 420 * 2 bits per words for lower OTPs: 2:1 Redundancy 421 * 1 bit per word for upper OTPs : ECC support 422 * e.g with 32 lower and 64 upper OTPs: 423 * OTP word to be ADDR[6:0] WRDATA[31:0] 424 * locked 425 * 0 0x00 0x0000 0003 426 * 1 0x00 0x0000 000C 427 * ... ... ... 428 * 7 0x00 0x0000 C000 429 * 8 0x01 0x0000 0003 430 * ... ... ... 431 * 31 0x03 0x0000 C000 432 * 32 0x04 0x0000 0001 433 * 33 0x04 0x0000 0002 434 * 95 0x07 0x0000 8000 435 */ 436 if (otp_id < upper_base) { 437 addr = otp_id / 8U; 438 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 439 } else { 440 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 441 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 442 } 443 444 if (state_is_invalid_mode()) 445 return TEE_ERROR_SECURITY; 446 447 exceptions = bsec_lock(); 448 449 result = power_up_safmem(); 450 if (result) 451 goto out; 452 453 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 454 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 455 456 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 457 while (!timeout_elapsed(timeout_ref)) 458 if (!(bsec_status() & BSEC_MODE_BUSY)) 459 break; 460 461 if (bsec_status() & BSEC_MODE_BUSY) 462 result = TEE_ERROR_BUSY; 463 else if (bsec_status() & BSEC_MODE_PROGFAIL) 464 result = TEE_ERROR_BAD_PARAMETERS; 465 else 466 result = check_no_error(otp_id, false /* not-disturbed */); 467 468 #ifdef CFG_STM32MP13 469 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK); 470 #endif 471 472 power_down_safmem(); 473 474 out: 475 bsec_unlock(exceptions); 476 477 return result; 478 } 479 480 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 481 { 482 TEE_Result result = TEE_ERROR_GENERIC; 483 uint32_t exceptions = 0; 484 485 assert(!(value & ~BSEC_DEN_ALL_MSK)); 486 487 if (state_is_invalid_mode()) 488 return TEE_ERROR_SECURITY; 489 490 exceptions = bsec_lock(); 491 492 io_clrsetbits32(bsec_base() + BSEC_DEN_OFF, BSEC_DEN_ALL_MSK, value); 493 494 if (stm32_bsec_read_debug_conf() == value) 495 result = TEE_SUCCESS; 496 497 bsec_unlock(exceptions); 498 499 return result; 500 } 501 502 uint32_t stm32_bsec_read_debug_conf(void) 503 { 504 return io_read32(bsec_base() + BSEC_DEN_OFF) & BSEC_DEN_ALL_MSK; 505 } 506 507 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 508 { 509 uint32_t bank = otp_bank_offset(otp_id); 510 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 511 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 512 uint32_t exceptions = 0; 513 514 if (otp_id > STM32MP1_OTP_MAX_ID) 515 return TEE_ERROR_BAD_PARAMETERS; 516 517 if (state_is_invalid_mode()) 518 return TEE_ERROR_SECURITY; 519 520 exceptions = bsec_lock(); 521 522 io_write32(lock_addr, otp_mask); 523 524 bsec_unlock(exceptions); 525 526 return TEE_SUCCESS; 527 } 528 529 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 530 { 531 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 532 } 533 534 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 535 { 536 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 537 } 538 539 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 540 { 541 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 542 } 543 544 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 545 size_t lock_offset) 546 { 547 uint32_t bank = otp_bank_offset(otp_id); 548 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 549 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 550 551 if (otp_id > STM32MP1_OTP_MAX_ID) 552 return TEE_ERROR_BAD_PARAMETERS; 553 554 if (state_is_invalid_mode()) 555 return TEE_ERROR_SECURITY; 556 557 *locked = (io_read32(lock_addr) & otp_mask) != 0; 558 559 return TEE_SUCCESS; 560 } 561 562 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 563 { 564 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 565 } 566 567 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 568 { 569 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 570 } 571 572 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 573 { 574 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 575 } 576 577 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 578 { 579 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 580 } 581 582 static size_t nsec_access_array_size(void) 583 { 584 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 585 586 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 587 } 588 589 static bool nsec_access_granted(unsigned int index) 590 { 591 uint32_t *array = bsec_dev.nsec_access; 592 593 return array && 594 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 595 array[index / BSEC_BITS_PER_WORD] & 596 BIT(index % BSEC_BITS_PER_WORD); 597 } 598 599 bool stm32_bsec_can_access_otp(uint32_t otp_id) 600 { 601 return (otp_id <= otp_max_id()) && !state_is_invalid_mode(); 602 } 603 604 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 605 { 606 return otp_id < otp_upper_base() || 607 nsec_access_granted(otp_id - otp_upper_base()); 608 } 609 610 struct nvmem_layout { 611 char *name; 612 uint32_t otp_id; 613 size_t bit_len; 614 }; 615 616 static struct nvmem_layout *nvmem_layout; 617 static size_t nvmem_layout_count; 618 619 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 620 uint32_t *otp_id, 621 size_t *otp_bit_len) 622 { 623 size_t i = 0; 624 625 if (!name) 626 return TEE_ERROR_BAD_PARAMETERS; 627 628 for (i = 0; i < nvmem_layout_count; i++) { 629 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name)) 630 continue; 631 632 if (otp_id) 633 *otp_id = nvmem_layout[i].otp_id; 634 635 if (otp_bit_len) 636 *otp_bit_len = nvmem_layout[i].bit_len; 637 638 DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i, 639 nvmem_layout[i].otp_id, nvmem_layout[i].bit_len); 640 641 return TEE_SUCCESS; 642 } 643 644 DMSG("nvmem %s failed", name); 645 646 return TEE_ERROR_ITEM_NOT_FOUND; 647 } 648 649 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *state) 650 { 651 if (!state) 652 return TEE_ERROR_BAD_PARAMETERS; 653 654 if (state_is_invalid_mode() || !state_is_secured_mode()) { 655 *state = BSEC_STATE_INVALID; 656 } else { 657 if (state_is_closed_mode()) 658 *state = BSEC_STATE_SEC_CLOSED; 659 else 660 *state = BSEC_STATE_SEC_OPEN; 661 } 662 663 return TEE_SUCCESS; 664 } 665 666 static void enable_nsec_access(unsigned int otp_id) 667 { 668 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 669 670 if (otp_id < otp_upper_base()) 671 return; 672 673 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 674 panic(); 675 676 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 677 } 678 679 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 680 { 681 int bsec_subnode = 0; 682 683 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 684 sizeof(*bsec_dev.nsec_access)); 685 if (!bsec_dev.nsec_access) 686 panic(); 687 688 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 689 unsigned int reg_offset = 0; 690 unsigned int reg_size = 0; 691 unsigned int otp_id = 0; 692 unsigned int i = 0; 693 size_t size = 0; 694 695 reg_offset = fdt_reg_base_address(fdt, bsec_subnode); 696 reg_size = fdt_reg_size(fdt, bsec_subnode); 697 698 assert(reg_offset != DT_INFO_INVALID_REG && 699 reg_size != DT_INFO_INVALID_REG_SIZE); 700 701 otp_id = reg_offset / sizeof(uint32_t); 702 703 if (otp_id < STM32MP1_UPPER_OTP_START) { 704 unsigned int otp_end = 705 ROUNDUP_DIV(reg_offset + reg_size, 706 sizeof(uint32_t)); 707 708 if (otp_end > STM32MP1_UPPER_OTP_START) { 709 /* 710 * OTP crosses Lower/Upper boundary, consider 711 * only the upper part. 712 */ 713 otp_id = STM32MP1_UPPER_OTP_START; 714 reg_size -= (STM32MP1_UPPER_OTP_START * 715 sizeof(uint32_t)) - reg_offset; 716 reg_offset = STM32MP1_UPPER_OTP_START * 717 sizeof(uint32_t); 718 719 DMSG("OTP crosses Lower/Upper boundary"); 720 } else { 721 continue; 722 } 723 } 724 725 /* Handle different kinds of non-secure accesses */ 726 if (fdt_getprop(fdt, bsec_subnode, 727 "st,non-secure-otp-provisioning", NULL)) { 728 bool locked = false; 729 bool locked_2 = false; 730 731 /* Check if write of OTP is locked */ 732 if (stm32_bsec_read_permanent_lock(otp_id, &locked)) 733 panic("Cannot read permanent lock"); 734 735 /* 736 * Check if fuses of the subnode 737 * have the same lock status 738 */ 739 for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) { 740 if (stm32_bsec_read_permanent_lock(otp_id + i, 741 &locked_2)) 742 panic("Cannot read permanent lock"); 743 744 if (locked != locked_2) { 745 EMSG("Inconsistent status OTP ID %u", 746 otp_id + i); 747 locked = true; 748 } 749 } 750 751 if (locked) { 752 DMSG("BSEC: OTP locked"); 753 continue; 754 } 755 } else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", 756 NULL)) { 757 continue; 758 } 759 760 if ((reg_offset % sizeof(uint32_t)) || 761 (reg_size % sizeof(uint32_t))) 762 panic("Unaligned non-secure OTP"); 763 764 size = reg_size / sizeof(uint32_t); 765 766 if (otp_id + size > OTP_MAX_SIZE) 767 panic("OTP range oversized"); 768 769 for (i = otp_id; i < otp_id + size; i++) 770 enable_nsec_access(i); 771 } 772 } 773 774 static void save_dt_nvmem_layout(void *fdt, int bsec_node) 775 { 776 int cell_max = 0; 777 int cell_cnt = 0; 778 int node = 0; 779 780 fdt_for_each_subnode(node, fdt, bsec_node) 781 cell_max++; 782 if (!cell_max) 783 return; 784 785 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout)); 786 if (!nvmem_layout) 787 panic(); 788 789 fdt_for_each_subnode(node, fdt, bsec_node) { 790 unsigned int reg_offset = 0; 791 unsigned int reg_length = 0; 792 const char *string = NULL; 793 const char *s = NULL; 794 int len = 0; 795 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt]; 796 797 string = fdt_get_name(fdt, node, &len); 798 if (!string || !len) 799 continue; 800 801 reg_offset = fdt_reg_base_address(fdt, node); 802 reg_length = fdt_reg_size(fdt, node); 803 804 if (reg_offset == DT_INFO_INVALID_REG || 805 reg_length == DT_INFO_INVALID_REG_SIZE) { 806 DMSG("Malformed nvmem %s: ignored", string); 807 continue; 808 } 809 810 if (reg_offset % sizeof(uint32_t)) { 811 DMSG("Misaligned nvmem %s: ignored", string); 812 continue; 813 } 814 layout_cell->otp_id = reg_offset / sizeof(uint32_t); 815 layout_cell->bit_len = reg_length * CHAR_BIT; 816 817 s = strchr(string, '@'); 818 if (s) 819 len = s - string; 820 821 layout_cell->name = strndup(string, len); 822 if (!layout_cell->name) 823 panic(); 824 cell_cnt++; 825 DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt, 826 layout_cell->name, layout_cell->otp_id, 827 layout_cell->bit_len); 828 } 829 830 if (cell_cnt != cell_max) { 831 nvmem_layout = realloc(nvmem_layout, 832 cell_cnt * sizeof(*nvmem_layout)); 833 if (!nvmem_layout) 834 panic(); 835 } 836 837 nvmem_layout_count = cell_cnt; 838 } 839 840 static void initialize_bsec_from_dt(void) 841 { 842 void *fdt = NULL; 843 int node = 0; 844 struct dt_node_info bsec_info = { }; 845 846 fdt = get_embedded_dt(); 847 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT); 848 if (node < 0) 849 panic(); 850 851 fdt_fill_device_info(fdt, &bsec_info, node); 852 853 if (bsec_info.reg != bsec_dev.base.pa || 854 !(bsec_info.status & DT_STATUS_OK_SEC)) 855 panic(); 856 857 bsec_dt_otp_nsec_access(fdt, node); 858 859 save_dt_nvmem_layout(fdt, node); 860 } 861 862 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused, 863 const struct pm_callback_handle *hdl __unused) 864 { 865 static uint32_t debug_conf; 866 867 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME); 868 869 if (op == PM_OP_SUSPEND) 870 debug_conf = stm32_bsec_read_debug_conf(); 871 else 872 stm32_bsec_write_debug_conf(debug_conf); 873 874 return TEE_SUCCESS; 875 } 876 DECLARE_KEEP_PAGER(bsec_pm); 877 878 static TEE_Result initialize_bsec(void) 879 { 880 struct stm32_bsec_static_cfg cfg = { }; 881 882 stm32mp_get_bsec_static_cfg(&cfg); 883 884 bsec_dev.base.pa = cfg.base; 885 bsec_dev.upper_base = cfg.upper_start; 886 bsec_dev.max_id = cfg.max_id; 887 888 if (state_is_invalid_mode()) 889 panic(); 890 891 initialize_bsec_from_dt(); 892 893 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec"); 894 895 return TEE_SUCCESS; 896 } 897 898 early_init(initialize_bsec); 899