1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/pm.h> 14 #include <kernel/spinlock.h> 15 #include <libfdt.h> 16 #include <limits.h> 17 #include <mm/core_memprot.h> 18 #include <platform_config.h> 19 #include <stm32_util.h> 20 #include <string.h> 21 #include <tee_api_defines.h> 22 #include <types_ext.h> 23 #include <util.h> 24 25 #ifdef CFG_STM32MP13 26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec" 27 #endif 28 #ifdef CFG_STM32MP15 29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec" 30 #endif 31 32 #define BSEC_OTP_MASK GENMASK_32(4, 0) 33 #define BSEC_OTP_BANK_SHIFT U(5) 34 35 /* Permanent lock bitmasks */ 36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 38 39 /* BSEC register offset */ 40 #define BSEC_OTP_CONF_OFF U(0x000) 41 #define BSEC_OTP_CTRL_OFF U(0x004) 42 #define BSEC_OTP_WRDATA_OFF U(0x008) 43 #define BSEC_OTP_STATUS_OFF U(0x00C) 44 #define BSEC_OTP_LOCK_OFF U(0x010) 45 #define BSEC_DEN_OFF U(0x014) 46 #define BSEC_FEN_OFF U(0x018) 47 #define BSEC_DISTURBED_OFF U(0x01C) 48 #define BSEC_DISTURBED1_OFF U(0x020) 49 #define BSEC_DISTURBED2_OFF U(0x024) 50 #define BSEC_ERROR_OFF U(0x034) 51 #define BSEC_ERROR1_OFF U(0x038) 52 #define BSEC_ERROR2_OFF U(0x03C) 53 #define BSEC_WRLOCK_OFF U(0x04C) 54 #define BSEC_WRLOCK1_OFF U(0x050) 55 #define BSEC_WRLOCK2_OFF U(0x054) 56 #define BSEC_SPLOCK_OFF U(0x064) 57 #define BSEC_SPLOCK1_OFF U(0x068) 58 #define BSEC_SPLOCK2_OFF U(0x06C) 59 #define BSEC_SWLOCK_OFF U(0x07C) 60 #define BSEC_SWLOCK1_OFF U(0x080) 61 #define BSEC_SWLOCK2_OFF U(0x084) 62 #define BSEC_SRLOCK_OFF U(0x094) 63 #define BSEC_SRLOCK1_OFF U(0x098) 64 #define BSEC_SRLOCK2_OFF U(0x09C) 65 #define BSEC_JTAG_IN_OFF U(0x0AC) 66 #define BSEC_JTAG_OUT_OFF U(0x0B0) 67 #define BSEC_SCRATCH_OFF U(0x0B4) 68 #define BSEC_OTP_DATA_OFF U(0x200) 69 #define BSEC_IPHW_CFG_OFF U(0xFF0) 70 #define BSEC_IPVR_OFF U(0xFF4) 71 #define BSEC_IP_ID_OFF U(0xFF8) 72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 73 74 /* BSEC_CONFIGURATION Register */ 75 #define BSEC_CONF_POWER_UP_MASK BIT(0) 76 #define BSEC_CONF_POWER_UP_SHIFT U(0) 77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 78 #define BSEC_CONF_FRQ_SHIFT U(1) 79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 82 #define BSEC_CONF_TREAD_SHIFT U(7) 83 84 /* BSEC_CONTROL Register */ 85 #define BSEC_READ U(0x000) 86 #define BSEC_WRITE U(0x100) 87 #define BSEC_LOCK U(0x200) 88 89 /* BSEC_STATUS Register */ 90 #define BSEC_MODE_SECURED BIT(0) 91 #define BSEC_MODE_INVALID BIT(2) 92 #define BSEC_MODE_BUSY BIT(3) 93 #define BSEC_MODE_PROGFAIL BIT(4) 94 #define BSEC_MODE_PWR BIT(5) 95 #define BSEC_MODE_CLOSED BIT(8) 96 97 /* BSEC_DENR register fields */ 98 #define BSEC_DENR_DBGEN BIT(1) 99 #define BSEC_DENR_NIDEN BIT(2) 100 #define BSEC_DENR_DEVICEEN BIT(3) 101 #define BSEC_DENR_HDPEN BIT(4) 102 #define BSEC_DENR_SPIDEN BIT(5) 103 #define BSEC_DENR_SPNIDEN BIT(6) 104 #define BSEC_DENR_DBGSWEN BIT(10) 105 106 /* BSEC_DEBUG bitfields */ 107 #ifdef CFG_STM32MP13 108 #define BSEC_DEN_ALL_MSK (GENMASK_32(11, 10) | GENMASK_32(8, 1)) 109 #endif 110 #ifdef CFG_STM32MP15 111 #define BSEC_DEN_ALL_MSK GENMASK_32(11, 1) 112 #endif 113 114 /* 115 * OTP Lock services definition 116 * Value must corresponding to the bit position in the register 117 */ 118 #define BSEC_LOCK_UPPER_OTP U(0x00) 119 #define BSEC_LOCK_DEBUG U(0x02) 120 #define BSEC_LOCK_PROGRAM U(0x04) 121 122 /* Timeout when polling on status */ 123 #define BSEC_TIMEOUT_US U(10000) 124 125 struct bsec_dev { 126 struct io_pa_va base; 127 unsigned int upper_base; 128 unsigned int max_id; 129 uint32_t *nsec_access; 130 }; 131 132 /* Only 1 instance of BSEC is expected per platform */ 133 static struct bsec_dev bsec_dev; 134 135 /* BSEC access protection */ 136 static unsigned int lock = SPINLOCK_UNLOCK; 137 138 static uint32_t bsec_lock(void) 139 { 140 return may_spin_lock(&lock); 141 } 142 143 static void bsec_unlock(uint32_t exceptions) 144 { 145 may_spin_unlock(&lock, exceptions); 146 } 147 148 static uint32_t otp_max_id(void) 149 { 150 return bsec_dev.max_id; 151 } 152 153 static uint32_t otp_upper_base(void) 154 { 155 return bsec_dev.upper_base; 156 } 157 158 static uint32_t otp_bank_offset(uint32_t otp_id) 159 { 160 assert(otp_id <= otp_max_id()); 161 162 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 163 sizeof(uint32_t); 164 } 165 166 static vaddr_t bsec_base(void) 167 { 168 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 169 } 170 171 static uint32_t bsec_status(void) 172 { 173 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 174 } 175 176 static bool state_is_invalid_mode(void) 177 { 178 return bsec_status() & BSEC_MODE_INVALID; 179 } 180 181 static bool state_is_secured_mode(void) 182 { 183 return bsec_status() & BSEC_MODE_SECURED; 184 } 185 186 static bool state_is_closed_mode(void) 187 { 188 uint32_t otp_cfg = 0; 189 uint32_t close_mode = 0; 190 TEE_Result res = TEE_ERROR_GENERIC; 191 size_t __maybe_unused sz = 0; 192 uint8_t __maybe_unused offset = 0; 193 194 if (IS_ENABLED(CFG_STM32MP13)) 195 return bsec_status() & BSEC_MODE_CLOSED; 196 197 res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg, 198 &offset, &sz); 199 if (res || sz != 8 || offset) 200 panic("CFG0 OTP not found or invalid"); 201 202 if (stm32_bsec_read_otp(&close_mode, otp_cfg)) 203 panic("Unable to read OTP"); 204 205 return close_mode & CFG0_OTP_CLOSED_DEVICE; 206 } 207 208 /* 209 * Check that BSEC interface does not report an error 210 * @otp_id : OTP number 211 * @check_disturbed: check only error (false) or all sources (true) 212 * Return a TEE_Result compliant value 213 */ 214 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 215 { 216 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 217 uint32_t bank = otp_bank_offset(otp_id); 218 219 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 220 return TEE_ERROR_GENERIC; 221 222 if (check_disturbed && 223 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 224 return TEE_ERROR_GENERIC; 225 226 return TEE_SUCCESS; 227 } 228 229 static TEE_Result power_up_safmem(void) 230 { 231 uint64_t timeout_ref = 0; 232 233 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 234 BSEC_CONF_POWER_UP_MASK); 235 236 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 237 while (!timeout_elapsed(timeout_ref)) 238 if (bsec_status() & BSEC_MODE_PWR) 239 break; 240 241 if (bsec_status() & BSEC_MODE_PWR) 242 return TEE_SUCCESS; 243 244 return TEE_ERROR_GENERIC; 245 } 246 247 static TEE_Result power_down_safmem(void) 248 { 249 uint64_t timeout_ref = 0; 250 251 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 252 253 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 254 while (!timeout_elapsed(timeout_ref)) 255 if (!(bsec_status() & BSEC_MODE_PWR)) 256 break; 257 258 if (!(bsec_status() & BSEC_MODE_PWR)) 259 return TEE_SUCCESS; 260 261 return TEE_ERROR_GENERIC; 262 } 263 264 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 265 { 266 TEE_Result result = 0; 267 uint32_t exceptions = 0; 268 uint64_t timeout_ref = 0; 269 bool locked = false; 270 271 /* Check if shadowing of OTP is locked, informative only */ 272 result = stm32_bsec_read_sr_lock(otp_id, &locked); 273 if (result) 274 return result; 275 276 if (locked) 277 DMSG("BSEC shadow warning: OTP locked"); 278 279 if (state_is_invalid_mode()) 280 return TEE_ERROR_SECURITY; 281 282 exceptions = bsec_lock(); 283 284 result = power_up_safmem(); 285 if (result) 286 goto out; 287 288 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 289 290 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 291 while (!timeout_elapsed(timeout_ref)) 292 if (!(bsec_status() & BSEC_MODE_BUSY)) 293 break; 294 295 if (bsec_status() & BSEC_MODE_BUSY) 296 result = TEE_ERROR_BUSY; 297 else 298 result = check_no_error(otp_id, true /* check-disturbed */); 299 300 power_down_safmem(); 301 302 out: 303 bsec_unlock(exceptions); 304 305 return result; 306 } 307 308 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 309 { 310 if (otp_id > otp_max_id()) 311 return TEE_ERROR_BAD_PARAMETERS; 312 313 if (state_is_invalid_mode()) 314 return TEE_ERROR_SECURITY; 315 316 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 317 (otp_id * sizeof(uint32_t))); 318 319 return TEE_SUCCESS; 320 } 321 322 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 323 { 324 TEE_Result result = 0; 325 326 result = stm32_bsec_shadow_register(otp_id); 327 if (result) { 328 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 329 return result; 330 } 331 332 result = stm32_bsec_read_otp(otp_value, otp_id); 333 if (result) 334 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 335 336 return result; 337 } 338 339 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 340 { 341 TEE_Result result = 0; 342 uint32_t exceptions = 0; 343 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 344 bool locked = false; 345 346 /* Check if write of OTP is locked, informative only */ 347 result = stm32_bsec_read_sw_lock(otp_id, &locked); 348 if (result) 349 return result; 350 351 if (locked) 352 DMSG("BSEC write warning: OTP locked"); 353 354 if (state_is_invalid_mode()) 355 return TEE_ERROR_SECURITY; 356 357 exceptions = bsec_lock(); 358 359 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 360 361 bsec_unlock(exceptions); 362 363 return TEE_SUCCESS; 364 } 365 366 #ifdef CFG_STM32_BSEC_WRITE 367 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 368 { 369 TEE_Result result = 0; 370 uint32_t exceptions = 0; 371 uint64_t timeout_ref = 0; 372 bool locked = false; 373 374 /* Check if shadowing of OTP is locked, informative only */ 375 result = stm32_bsec_read_sp_lock(otp_id, &locked); 376 if (result) 377 return result; 378 379 if (locked) 380 DMSG("BSEC program warning: OTP locked"); 381 382 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 383 DMSG("BSEC program warning: GPLOCK activated"); 384 385 if (state_is_invalid_mode()) 386 return TEE_ERROR_SECURITY; 387 388 exceptions = bsec_lock(); 389 390 result = power_up_safmem(); 391 if (result) 392 goto out; 393 394 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 395 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 396 397 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 398 while (!timeout_elapsed(timeout_ref)) 399 if (!(bsec_status() & BSEC_MODE_BUSY)) 400 break; 401 402 if (bsec_status() & BSEC_MODE_BUSY) 403 result = TEE_ERROR_BUSY; 404 else if (bsec_status() & BSEC_MODE_PROGFAIL) 405 result = TEE_ERROR_BAD_PARAMETERS; 406 else 407 result = check_no_error(otp_id, true /* check-disturbed */); 408 409 power_down_safmem(); 410 411 out: 412 bsec_unlock(exceptions); 413 414 return result; 415 } 416 417 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 418 { 419 TEE_Result result = 0; 420 uint32_t data = 0; 421 uint32_t addr = 0; 422 uint32_t exceptions = 0; 423 vaddr_t base = bsec_base(); 424 uint64_t timeout_ref = 0; 425 uint32_t upper_base = otp_upper_base(); 426 427 if (otp_id > otp_max_id()) 428 return TEE_ERROR_BAD_PARAMETERS; 429 430 /* 431 * 2 bits per words for lower OTPs: 2:1 Redundancy 432 * 1 bit per word for upper OTPs : ECC support 433 * e.g with 32 lower and 64 upper OTPs: 434 * OTP word to be ADDR[6:0] WRDATA[31:0] 435 * locked 436 * 0 0x00 0x0000 0003 437 * 1 0x00 0x0000 000C 438 * ... ... ... 439 * 7 0x00 0x0000 C000 440 * 8 0x01 0x0000 0003 441 * ... ... ... 442 * 31 0x03 0x0000 C000 443 * 32 0x04 0x0000 0001 444 * 33 0x04 0x0000 0002 445 * 95 0x07 0x0000 8000 446 */ 447 if (otp_id < upper_base) { 448 addr = otp_id / 8U; 449 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 450 } else { 451 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 452 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 453 } 454 455 if (state_is_invalid_mode()) 456 return TEE_ERROR_SECURITY; 457 458 exceptions = bsec_lock(); 459 460 result = power_up_safmem(); 461 if (result) 462 goto out; 463 464 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 465 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 466 467 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 468 while (!timeout_elapsed(timeout_ref)) 469 if (!(bsec_status() & BSEC_MODE_BUSY)) 470 break; 471 472 if (bsec_status() & BSEC_MODE_BUSY) 473 result = TEE_ERROR_BUSY; 474 else if (bsec_status() & BSEC_MODE_PROGFAIL) 475 result = TEE_ERROR_BAD_PARAMETERS; 476 else 477 result = check_no_error(otp_id, false /* not-disturbed */); 478 479 #ifdef CFG_STM32MP13 480 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK); 481 #endif 482 483 power_down_safmem(); 484 485 out: 486 bsec_unlock(exceptions); 487 488 return result; 489 } 490 #endif /*CFG_STM32_BSEC_WRITE*/ 491 492 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 493 { 494 TEE_Result result = TEE_ERROR_GENERIC; 495 uint32_t exceptions = 0; 496 497 assert(!(value & ~BSEC_DEN_ALL_MSK)); 498 499 if (state_is_invalid_mode()) 500 return TEE_ERROR_SECURITY; 501 502 exceptions = bsec_lock(); 503 504 io_clrsetbits32(bsec_base() + BSEC_DEN_OFF, BSEC_DEN_ALL_MSK, value); 505 506 if (stm32_bsec_read_debug_conf() == value) 507 result = TEE_SUCCESS; 508 509 bsec_unlock(exceptions); 510 511 return result; 512 } 513 514 uint32_t stm32_bsec_read_debug_conf(void) 515 { 516 return io_read32(bsec_base() + BSEC_DEN_OFF) & BSEC_DEN_ALL_MSK; 517 } 518 519 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 520 { 521 uint32_t bank = otp_bank_offset(otp_id); 522 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 523 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 524 uint32_t exceptions = 0; 525 526 if (otp_id > STM32MP1_OTP_MAX_ID) 527 return TEE_ERROR_BAD_PARAMETERS; 528 529 if (state_is_invalid_mode()) 530 return TEE_ERROR_SECURITY; 531 532 exceptions = bsec_lock(); 533 534 io_write32(lock_addr, otp_mask); 535 536 bsec_unlock(exceptions); 537 538 return TEE_SUCCESS; 539 } 540 541 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 542 { 543 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 544 } 545 546 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 547 { 548 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 549 } 550 551 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 552 { 553 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 554 } 555 556 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 557 size_t lock_offset) 558 { 559 uint32_t bank = otp_bank_offset(otp_id); 560 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 561 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 562 563 if (otp_id > STM32MP1_OTP_MAX_ID) 564 return TEE_ERROR_BAD_PARAMETERS; 565 566 if (state_is_invalid_mode()) 567 return TEE_ERROR_SECURITY; 568 569 *locked = (io_read32(lock_addr) & otp_mask) != 0; 570 571 return TEE_SUCCESS; 572 } 573 574 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 575 { 576 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 577 } 578 579 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 580 { 581 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 582 } 583 584 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 585 { 586 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 587 } 588 589 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 590 { 591 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 592 } 593 594 static size_t nsec_access_array_size(void) 595 { 596 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 597 598 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 599 } 600 601 static bool nsec_access_granted(unsigned int index) 602 { 603 uint32_t *array = bsec_dev.nsec_access; 604 605 return array && 606 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 607 array[index / BSEC_BITS_PER_WORD] & 608 BIT(index % BSEC_BITS_PER_WORD); 609 } 610 611 bool stm32_bsec_can_access_otp(uint32_t otp_id) 612 { 613 return (otp_id <= otp_max_id()) && !state_is_invalid_mode(); 614 } 615 616 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 617 { 618 return otp_id < otp_upper_base() || 619 nsec_access_granted(otp_id - otp_upper_base()); 620 } 621 622 /* 623 * struct nvmem_layout - NVMEM cell description 624 * @name: Name of the nvmem node in the DT 625 * @otp_id: BSEC base index for the OTP words 626 * @bit_offset: Bit offset in the OTP word 627 * @bit_len: Bit size of the OTP word 628 * @phandle: Associated phandle in embedded DTB 629 */ 630 struct nvmem_layout { 631 char *name; 632 uint32_t otp_id; 633 uint8_t bit_offset; 634 size_t bit_len; 635 uint32_t phandle; 636 }; 637 638 static struct nvmem_layout *nvmem_layout; 639 static size_t nvmem_layout_count; 640 641 static TEE_Result stm32_bsec_otp_setting(size_t i, 642 uint32_t *otp_id, 643 uint8_t *otp_bit_offset, 644 size_t *otp_bit_len) 645 { 646 if (otp_id) 647 *otp_id = nvmem_layout[i].otp_id; 648 649 if (otp_bit_offset) 650 *otp_bit_offset = nvmem_layout[i].bit_offset; 651 652 if (otp_bit_len) 653 *otp_bit_len = nvmem_layout[i].bit_len; 654 655 DMSG("nvmem[%zu] = %s at BSEC word %" PRIu32 " bits [%" PRIu8 " %zu]", 656 i, nvmem_layout[i].name, nvmem_layout[i].otp_id, 657 nvmem_layout[i].bit_offset, nvmem_layout[i].bit_len); 658 659 return TEE_SUCCESS; 660 } 661 662 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 663 uint32_t *otp_id, 664 uint8_t *otp_bit_offset, 665 size_t *otp_bit_len) 666 { 667 size_t i = 0; 668 669 if (!name) 670 return TEE_ERROR_BAD_PARAMETERS; 671 672 for (i = 0; i < nvmem_layout_count; i++) { 673 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name)) 674 continue; 675 676 return stm32_bsec_otp_setting(i, otp_id, otp_bit_offset, 677 otp_bit_len); 678 } 679 680 DMSG("nvmem %s failed", name); 681 682 return TEE_ERROR_ITEM_NOT_FOUND; 683 } 684 685 TEE_Result stm32_bsec_find_otp_by_phandle(const uint32_t phandle, 686 uint32_t *otp_id, 687 uint8_t *otp_bit_offset, 688 size_t *otp_bit_len) 689 { 690 size_t i = 0; 691 692 if (!phandle) 693 return TEE_ERROR_GENERIC; 694 695 for (i = 0; i < nvmem_layout_count; i++) { 696 if (nvmem_layout[i].phandle != phandle) 697 continue; 698 699 return stm32_bsec_otp_setting(i, otp_id, otp_bit_offset, 700 otp_bit_len); 701 } 702 703 DMSG("nvmem %u not found", phandle); 704 705 return TEE_ERROR_ITEM_NOT_FOUND; 706 } 707 708 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *state) 709 { 710 if (!state) 711 return TEE_ERROR_BAD_PARAMETERS; 712 713 if (state_is_invalid_mode() || !state_is_secured_mode()) { 714 *state = BSEC_STATE_INVALID; 715 } else { 716 if (state_is_closed_mode()) 717 *state = BSEC_STATE_SEC_CLOSED; 718 else 719 *state = BSEC_STATE_SEC_OPEN; 720 } 721 722 return TEE_SUCCESS; 723 } 724 725 bool stm32_bsec_hdp_is_enabled(void) 726 { 727 return io_read32(bsec_base() + BSEC_DEN_OFF) & BSEC_DENR_HDPEN; 728 } 729 730 bool stm32_bsec_coresight_is_enabled(void) 731 { 732 uint32_t denr = io_read32(bsec_base() + BSEC_DEN_OFF); 733 uint32_t coresight_mask = BSEC_DENR_DBGEN | BSEC_DENR_DEVICEEN | 734 BSEC_DENR_DBGSWEN; 735 736 return (denr & coresight_mask) == coresight_mask; 737 } 738 739 static void enable_nsec_access(unsigned int otp_id) 740 { 741 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 742 743 if (otp_id < otp_upper_base()) 744 return; 745 746 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 747 panic(); 748 749 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 750 } 751 752 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 753 { 754 int bsec_subnode = 0; 755 756 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 757 sizeof(*bsec_dev.nsec_access)); 758 if (!bsec_dev.nsec_access) 759 panic(); 760 761 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 762 paddr_t reg_offset = 0; 763 size_t reg_size = 0; 764 unsigned int otp_id = 0; 765 unsigned int i = 0; 766 size_t size = 0; 767 768 if (fdt_reg_info(fdt, bsec_subnode, ®_offset, ®_size)) 769 panic(); 770 771 otp_id = reg_offset / sizeof(uint32_t); 772 773 if (otp_id < STM32MP1_UPPER_OTP_START) { 774 unsigned int otp_end = 775 ROUNDUP_DIV(reg_offset + reg_size, 776 sizeof(uint32_t)); 777 778 if (otp_end > STM32MP1_UPPER_OTP_START) { 779 /* 780 * OTP crosses Lower/Upper boundary, consider 781 * only the upper part. 782 */ 783 otp_id = STM32MP1_UPPER_OTP_START; 784 reg_size -= (STM32MP1_UPPER_OTP_START * 785 sizeof(uint32_t)) - reg_offset; 786 reg_offset = STM32MP1_UPPER_OTP_START * 787 sizeof(uint32_t); 788 789 DMSG("OTP crosses Lower/Upper boundary"); 790 } else { 791 continue; 792 } 793 } 794 795 /* Handle different kinds of non-secure accesses */ 796 if (fdt_getprop(fdt, bsec_subnode, 797 "st,non-secure-otp-provisioning", NULL)) { 798 bool locked = false; 799 bool locked_2 = false; 800 801 /* Check if write of OTP is locked */ 802 if (stm32_bsec_read_permanent_lock(otp_id, &locked)) 803 panic("Cannot read permanent lock"); 804 805 /* 806 * Check if fuses of the subnode 807 * have the same lock status 808 */ 809 for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) { 810 if (stm32_bsec_read_permanent_lock(otp_id + i, 811 &locked_2)) 812 panic("Cannot read permanent lock"); 813 814 if (locked != locked_2) { 815 EMSG("Inconsistent status OTP ID %u", 816 otp_id + i); 817 locked = true; 818 } 819 } 820 821 if (locked) { 822 DMSG("BSEC: OTP locked"); 823 continue; 824 } 825 } else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", 826 NULL)) { 827 continue; 828 } 829 830 if ((reg_offset % sizeof(uint32_t)) || 831 (reg_size % sizeof(uint32_t))) 832 panic("Unaligned non-secure OTP"); 833 834 size = reg_size / sizeof(uint32_t); 835 836 if (otp_id + size > OTP_MAX_SIZE) 837 panic("OTP range oversized"); 838 839 for (i = otp_id; i < otp_id + size; i++) 840 enable_nsec_access(i); 841 } 842 } 843 844 static void save_dt_nvmem_layout(void *fdt, int bsec_node) 845 { 846 int cell_max = 0; 847 int cell_cnt = 0; 848 int node = 0; 849 850 fdt_for_each_subnode(node, fdt, bsec_node) 851 cell_max++; 852 if (!cell_max) 853 return; 854 855 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout)); 856 if (!nvmem_layout) 857 panic(); 858 859 fdt_for_each_subnode(node, fdt, bsec_node) { 860 paddr_t reg_offset = 0; 861 size_t reg_length = 0; 862 const char *string = NULL; 863 const char *s = NULL; 864 int len = 0; 865 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt]; 866 uint32_t bits[2] = { }; 867 868 string = fdt_get_name(fdt, node, &len); 869 if (!string || !len) 870 continue; 871 872 layout_cell->phandle = fdt_get_phandle(fdt, node); 873 assert(layout_cell->phandle != (uint32_t)-1); 874 875 if (fdt_reg_info(fdt, node, ®_offset, ®_length)) { 876 DMSG("Malformed nvmem %s: ignored", string); 877 continue; 878 } 879 880 layout_cell->otp_id = reg_offset / sizeof(uint32_t); 881 layout_cell->bit_offset = (reg_offset % sizeof(uint32_t)) * 882 CHAR_BIT; 883 layout_cell->bit_len = reg_length * CHAR_BIT; 884 885 if (!fdt_read_uint32_array(fdt, node, "bits", bits, 2)) { 886 layout_cell->bit_offset += bits[0]; 887 layout_cell->bit_len = bits[1]; 888 } 889 890 s = strchr(string, '@'); 891 if (s) 892 len = s - string; 893 894 layout_cell->name = strndup(string, len); 895 if (!layout_cell->name) 896 panic(); 897 cell_cnt++; 898 DMSG("nvmem[%d] = %s at BSEC word %" PRIu32 899 " bits [%" PRIu8 " %zu]", 900 cell_cnt, layout_cell->name, layout_cell->otp_id, 901 layout_cell->bit_offset, layout_cell->bit_len); 902 } 903 904 if (cell_cnt != cell_max) { 905 nvmem_layout = realloc(nvmem_layout, 906 cell_cnt * sizeof(*nvmem_layout)); 907 if (!nvmem_layout) 908 panic(); 909 } 910 911 nvmem_layout_count = cell_cnt; 912 } 913 914 static void initialize_bsec_from_dt(void) 915 { 916 void *fdt = NULL; 917 int node = 0; 918 struct dt_node_info bsec_info = { }; 919 920 fdt = get_embedded_dt(); 921 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT); 922 if (node < 0) 923 panic(); 924 925 fdt_fill_device_info(fdt, &bsec_info, node); 926 927 if (bsec_info.reg != bsec_dev.base.pa || 928 !(bsec_info.status & DT_STATUS_OK_SEC)) 929 panic(); 930 931 bsec_dt_otp_nsec_access(fdt, node); 932 933 save_dt_nvmem_layout(fdt, node); 934 } 935 936 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused, 937 const struct pm_callback_handle *hdl __unused) 938 { 939 static uint32_t debug_conf; 940 941 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME); 942 943 if (op == PM_OP_SUSPEND) 944 debug_conf = stm32_bsec_read_debug_conf(); 945 else 946 stm32_bsec_write_debug_conf(debug_conf); 947 948 return TEE_SUCCESS; 949 } 950 DECLARE_KEEP_PAGER(bsec_pm); 951 952 static TEE_Result initialize_bsec(void) 953 { 954 struct stm32_bsec_static_cfg cfg = { }; 955 956 stm32mp_get_bsec_static_cfg(&cfg); 957 958 bsec_dev.base.pa = cfg.base; 959 bsec_dev.upper_base = cfg.upper_start; 960 bsec_dev.max_id = cfg.max_id; 961 962 if (state_is_invalid_mode()) 963 panic(); 964 965 initialize_bsec_from_dt(); 966 967 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec"); 968 969 return TEE_SUCCESS; 970 } 971 972 early_init(initialize_bsec); 973