xref: /optee_os/core/drivers/stm32_bsec.c (revision 301b3eb5f9665f11c11a89ae9d7f93740767db1a) 
1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3  * Copyright (c) 2017-2020, STMicroelectronics
4  */
5 
6 #include <assert.h>
7 #include <drivers/stm32_bsec.h>
8 #include <io.h>
9 #include <kernel/delay.h>
10 #include <kernel/generic_boot.h>
11 #include <kernel/spinlock.h>
12 #include <limits.h>
13 #include <mm/core_memprot.h>
14 #include <platform_config.h>
15 #include <stm32_util.h>
16 #include <string.h>
17 #include <tee_api_defines.h>
18 #include <types_ext.h>
19 #include <util.h>
20 
21 #define BSEC_OTP_MASK			GENMASK_32(4, 0)
22 #define BSEC_OTP_BANK_SHIFT		5
23 
24 /* Permanent lock bitmasks */
25 #define ADDR_LOWER_OTP_PERLOCK_SHIFT	3
26 #define DATA_LOWER_OTP_PERLOCK_BIT	3
27 #define DATA_LOWER_OTP_PERLOCK_MASK	GENMASK_32(2, 0)
28 #define ADDR_UPPER_OTP_PERLOCK_SHIFT	4
29 #define DATA_UPPER_OTP_PERLOCK_BIT	1
30 #define DATA_UPPER_OTP_PERLOCK_MASK	GENMASK_32(3, 0)
31 
32 /* BSEC register offset */
33 #define BSEC_OTP_CONF_OFF		0x000U
34 #define BSEC_OTP_CTRL_OFF		0x004U
35 #define BSEC_OTP_WRDATA_OFF		0x008U
36 #define BSEC_OTP_STATUS_OFF		0x00CU
37 #define BSEC_OTP_LOCK_OFF		0x010U
38 #define BSEC_DEN_OFF			0x014U
39 #define BSEC_FEN_OFF			0x018U
40 #define BSEC_DISTURBED_OFF		0x01CU
41 #define BSEC_DISTURBED1_OFF		0x020U
42 #define BSEC_DISTURBED2_OFF		0x024U
43 #define BSEC_ERROR_OFF			0x034U
44 #define BSEC_ERROR1_OFF			0x038U
45 #define BSEC_ERROR2_OFF			0x03CU
46 #define BSEC_WRLOCK_OFF			0x04CU
47 #define BSEC_WRLOCK1_OFF		0x050U
48 #define BSEC_WRLOCK2_OFF		0x054U
49 #define BSEC_SPLOCK_OFF			0x064U
50 #define BSEC_SPLOCK1_OFF		0x068U
51 #define BSEC_SPLOCK2_OFF		0x06CU
52 #define BSEC_SWLOCK_OFF			0x07CU
53 #define BSEC_SWLOCK1_OFF		0x080U
54 #define BSEC_SWLOCK2_OFF		0x084U
55 #define BSEC_SRLOCK_OFF			0x094U
56 #define BSEC_SRLOCK1_OFF		0x098U
57 #define BSEC_SRLOCK2_OFF		0x09CU
58 #define BSEC_JTAG_IN_OFF		0x0ACU
59 #define BSEC_JTAG_OUT_OFF		0x0B0U
60 #define BSEC_SCRATCH_OFF		0x0B4U
61 #define BSEC_OTP_DATA_OFF		0x200U
62 #define BSEC_IPHW_CFG_OFF		0xFF0U
63 #define BSEC_IPVR_OFF			0xFF4U
64 #define BSEC_IP_ID_OFF			0xFF8U
65 #define BSEC_IP_MAGIC_ID_OFF		0xFFCU
66 
67 /* BSEC_CONFIGURATION Register */
68 #define BSEC_CONF_POWER_UP_MASK		BIT(0)
69 #define BSEC_CONF_POWER_UP_SHIFT	0
70 #define BSEC_CONF_FRQ_MASK		GENMASK_32(2, 1)
71 #define BSEC_CONF_FRQ_SHIFT		1
72 #define BSEC_CONF_PRG_WIDTH_MASK	GENMASK_32(6, 3)
73 #define BSEC_CONF_PRG_WIDTH_SHIFT	3
74 #define BSEC_CONF_TREAD_MASK		GENMASK_32(8, 7)
75 #define BSEC_CONF_TREAD_SHIFT		7
76 
77 /* BSEC_CONTROL Register */
78 #define BSEC_READ			0x000U
79 #define BSEC_WRITE			0x100U
80 #define BSEC_LOCK			0x200U
81 
82 /* BSEC_STATUS Register */
83 #define BSEC_MODE_STATUS_MASK		GENMASK_32(2, 0)
84 #define BSEC_MODE_BUSY_MASK		BIT(3)
85 #define BSEC_MODE_PROGFAIL_MASK		BIT(4)
86 #define BSEC_MODE_PWR_MASK		BIT(5)
87 #define BSEC_MODE_BIST1_LOCK_MASK	BIT(6)
88 #define BSEC_MODE_BIST2_LOCK_MASK	BIT(7)
89 
90 /* BSEC_DEBUG */
91 #define BSEC_HDPEN			BIT(4)
92 #define BSEC_SPIDEN			BIT(5)
93 #define BSEC_SPINDEN			BIT(6)
94 #define BSEC_DBGSWGEN			BIT(10)
95 #define BSEC_DEN_ALL_MSK		GENMASK_32(10, 0)
96 
97 /*
98  * OTP Lock services definition
99  * Value must corresponding to the bit position in the register
100  */
101 #define BSEC_LOCK_UPPER_OTP		0x00
102 #define BSEC_LOCK_DEBUG			0x02
103 #define BSEC_LOCK_PROGRAM		0x04
104 
105 /* Timeout when polling on status */
106 #define BSEC_TIMEOUT_US			1000
107 
108 struct bsec_dev {
109 	struct io_pa_va base;
110 	unsigned int upper_base;
111 	unsigned int max_id;
112 	bool closed_device;
113 };
114 
115 /* Only 1 instance of BSEC is expected per platform */
116 static struct bsec_dev bsec_dev;
117 
118 /* BSEC access protection */
119 static unsigned int lock = SPINLOCK_UNLOCK;
120 
121 static uint32_t bsec_lock(void)
122 {
123 	return may_spin_lock(&lock);
124 }
125 
126 static void bsec_unlock(uint32_t exceptions)
127 {
128 	may_spin_unlock(&lock, exceptions);
129 }
130 
131 static uint32_t otp_max_id(void)
132 {
133 	return bsec_dev.max_id;
134 }
135 
136 static uint32_t otp_bank_offset(uint32_t otp_id)
137 {
138 	assert(otp_id <= otp_max_id());
139 
140 	return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
141 		sizeof(uint32_t);
142 }
143 
144 static vaddr_t bsec_base(void)
145 {
146 	return io_pa_or_va_secure(&bsec_dev.base);
147 }
148 
149 static uint32_t bsec_status(void)
150 {
151 	return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
152 }
153 
154 /*
155  * Check that BSEC interface does not report an error
156  * @otp_id : OTP number
157  * @check_disturbed: check only error (false) or all sources (true)
158  * Return a TEE_Result compliant value
159  */
160 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
161 {
162 	uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
163 	uint32_t bank = otp_bank_offset(otp_id);
164 
165 	if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
166 		return TEE_ERROR_GENERIC;
167 
168 	if (check_disturbed &&
169 	    io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
170 		return TEE_ERROR_GENERIC;
171 
172 	return TEE_SUCCESS;
173 }
174 
175 static TEE_Result power_up_safmem(void)
176 {
177 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
178 
179 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
180 		  BSEC_CONF_POWER_UP_MASK);
181 
182 	/*
183 	 * If a timeout is detected, test the condition again to consider
184 	 * cases where timeout is due to the executing TEE thread rescheduling.
185 	 */
186 	while (!timeout_elapsed(timeout_ref))
187 		if (bsec_status() & BSEC_MODE_PWR_MASK)
188 			break;
189 
190 	if (bsec_status() & BSEC_MODE_PWR_MASK)
191 		return TEE_SUCCESS;
192 
193 	return TEE_ERROR_GENERIC;
194 }
195 
196 static TEE_Result power_down_safmem(void)
197 {
198 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
199 
200 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
201 
202 	/*
203 	 * If a timeout is detected, test the condition again to consider
204 	 * cases where timeout is due to the executing TEE thread rescheduling.
205 	 */
206 	while (!timeout_elapsed(timeout_ref))
207 		if (!(bsec_status() & BSEC_MODE_PWR_MASK))
208 			break;
209 
210 	if (!(bsec_status() & BSEC_MODE_PWR_MASK))
211 		return TEE_SUCCESS;
212 
213 	return TEE_ERROR_GENERIC;
214 }
215 
216 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
217 {
218 	TEE_Result result = 0;
219 	uint32_t exceptions = 0;
220 	uint64_t timeout_ref = 0;
221 	bool locked = false;
222 
223 	/* Check if shadowing of OTP is locked, informative only */
224 	result = stm32_bsec_read_sr_lock(otp_id, &locked);
225 	if (result)
226 		return result;
227 
228 	if (locked)
229 		DMSG("BSEC shadow warning: OTP locked");
230 
231 	exceptions = bsec_lock();
232 
233 	result = power_up_safmem();
234 	if (result)
235 		return result;
236 
237 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
238 
239 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
240 	while (!timeout_elapsed(timeout_ref))
241 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
242 			break;
243 
244 	if (bsec_status() & BSEC_MODE_BUSY_MASK)
245 		result = TEE_ERROR_GENERIC;
246 	else
247 		result = check_no_error(otp_id, true /* check-disturbed */);
248 
249 	power_down_safmem();
250 
251 	bsec_unlock(exceptions);
252 
253 	return result;
254 }
255 
256 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
257 {
258 	if (otp_id > otp_max_id())
259 		return TEE_ERROR_BAD_PARAMETERS;
260 
261 	*value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
262 			   (otp_id * sizeof(uint32_t)));
263 
264 	return TEE_SUCCESS;
265 }
266 
267 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
268 {
269 	TEE_Result result = 0;
270 
271 	result = stm32_bsec_shadow_register(otp_id);
272 	if (result) {
273 		EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
274 		return result;
275 	}
276 
277 	result = stm32_bsec_read_otp(otp_value, otp_id);
278 	if (result)
279 		EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
280 
281 	return result;
282 }
283 
284 #ifdef CFG_STM32_BSEC_WRITE
285 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
286 {
287 	TEE_Result result = 0;
288 	uint32_t exceptions = 0;
289 	vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
290 	bool locked = false;
291 
292 	/* Check if write of OTP is locked, informative only */
293 	result = stm32_bsec_read_sw_lock(otp_id, &locked);
294 	if (result)
295 		return result;
296 
297 	if (locked)
298 		DMSG("BSEC write warning: OTP locked");
299 
300 	exceptions = bsec_lock();
301 
302 	io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
303 
304 	bsec_unlock(exceptions);
305 
306 	return TEE_SUCCESS;
307 }
308 
309 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
310 {
311 	TEE_Result result = 0;
312 	uint32_t exceptions = 0;
313 	uint64_t timeout_ref = 0;
314 	bool locked = false;
315 
316 	/* Check if shadowing of OTP is locked, informative only */
317 	result = stm32_bsec_read_sp_lock(otp_id, &locked);
318 	if (result)
319 		return result;
320 
321 	if (locked)
322 		DMSG("BSEC program warning: OTP locked");
323 
324 	if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
325 		DMSG("BSEC program warning: GPLOCK activated");
326 
327 	exceptions = bsec_lock();
328 
329 	result = power_up_safmem();
330 	if (result)
331 		return result;
332 
333 	io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
334 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
335 
336 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
337 	while (!timeout_elapsed(timeout_ref))
338 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
339 			break;
340 
341 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
342 		result = TEE_ERROR_GENERIC;
343 	else
344 		result = check_no_error(otp_id, true /* check-disturbed */);
345 
346 	power_down_safmem();
347 
348 	bsec_unlock(exceptions);
349 
350 	return result;
351 }
352 #endif /*CFG_STM32_BSEC_WRITE*/
353 
354 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
355 {
356 	TEE_Result result = 0;
357 	uint32_t data = 0;
358 	uint32_t addr = 0;
359 	uint32_t exceptions = 0;
360 	vaddr_t base = bsec_base();
361 	uint64_t timeout_ref;
362 
363 	if (otp_id > otp_max_id())
364 		return TEE_ERROR_BAD_PARAMETERS;
365 
366 	if (otp_id < bsec_dev.upper_base) {
367 		addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
368 		data = DATA_LOWER_OTP_PERLOCK_BIT <<
369 		       ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
370 	} else {
371 		addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
372 		data = DATA_UPPER_OTP_PERLOCK_BIT <<
373 		       (otp_id & DATA_UPPER_OTP_PERLOCK_MASK);
374 	}
375 
376 	exceptions = bsec_lock();
377 
378 	result = power_up_safmem();
379 	if (result)
380 		return result;
381 
382 	io_write32(base + BSEC_OTP_WRDATA_OFF, data);
383 	io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
384 
385 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
386 	while (!timeout_elapsed(timeout_ref))
387 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
388 			break;
389 
390 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
391 		result = TEE_ERROR_BAD_PARAMETERS;
392 	else
393 		result = check_no_error(otp_id, false /* not-disturbed */);
394 
395 	power_down_safmem();
396 
397 	bsec_unlock(exceptions);
398 
399 	return result;
400 }
401 
402 #ifdef CFG_STM32_BSEC_WRITE
403 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
404 {
405 	TEE_Result result = TEE_ERROR_GENERIC;
406 	uint32_t masked_val = value & BSEC_DEN_ALL_MSK;
407 	uint32_t exceptions = 0;
408 
409 	exceptions = bsec_lock();
410 
411 	io_write32(bsec_base() + BSEC_DEN_OFF, value);
412 
413 	if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U)
414 		result = TEE_SUCCESS;
415 
416 	bsec_unlock(exceptions);
417 
418 	return result;
419 }
420 #endif /*CFG_STM32_BSEC_WRITE*/
421 
422 uint32_t stm32_bsec_read_debug_conf(void)
423 {
424 	return io_read32(bsec_base() + BSEC_DEN_OFF);
425 }
426 
427 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
428 {
429 	uint32_t bank = otp_bank_offset(otp_id);
430 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
431 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
432 	uint32_t exceptions = 0;
433 
434 	if (otp_id > STM32MP1_OTP_MAX_ID)
435 		return TEE_ERROR_BAD_PARAMETERS;
436 
437 	exceptions = bsec_lock();
438 
439 	io_write32(lock_addr, otp_mask);
440 
441 	bsec_unlock(exceptions);
442 
443 	return TEE_SUCCESS;
444 }
445 
446 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
447 {
448 	return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
449 }
450 
451 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
452 {
453 	return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
454 }
455 
456 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
457 {
458 	return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
459 }
460 
461 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
462 				 size_t lock_offset)
463 {
464 	uint32_t bank = otp_bank_offset(otp_id);
465 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
466 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
467 
468 	if (otp_id > STM32MP1_OTP_MAX_ID)
469 		return TEE_ERROR_BAD_PARAMETERS;
470 
471 	*locked = (io_read32(lock_addr) & otp_mask) != 0;
472 
473 	return TEE_SUCCESS;
474 }
475 
476 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
477 {
478 	return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
479 }
480 
481 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
482 {
483 	return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
484 }
485 
486 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
487 {
488 	return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
489 }
490 
491 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
492 {
493 	return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
494 }
495 
496 TEE_Result stm32_bsec_otp_lock(uint32_t service)
497 {
498 	vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF;
499 
500 	switch (service) {
501 	case BSEC_LOCK_UPPER_OTP:
502 		io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP));
503 		break;
504 	case BSEC_LOCK_DEBUG:
505 		io_write32(addr, BIT(BSEC_LOCK_DEBUG));
506 		break;
507 	case BSEC_LOCK_PROGRAM:
508 		io_write32(addr, BIT(BSEC_LOCK_PROGRAM));
509 		break;
510 	default:
511 		return TEE_ERROR_BAD_PARAMETERS;
512 	}
513 
514 	return TEE_SUCCESS;
515 }
516 
517 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
518 {
519 	if (otp_id > otp_max_id())
520 		return false;
521 
522 	return otp_id < bsec_dev.upper_base || !bsec_dev.closed_device;
523 }
524 
525 static TEE_Result initialize_bsec(void)
526 {
527 	struct stm32_bsec_static_cfg cfg = { 0 };
528 	uint32_t otp = 0;
529 	TEE_Result result = 0;
530 
531 	stm32mp_get_bsec_static_cfg(&cfg);
532 
533 	bsec_dev.base.pa = cfg.base;
534 	bsec_dev.upper_base = cfg.upper_start;
535 	bsec_dev.max_id = cfg.max_id;
536 	bsec_dev.closed_device = true;
537 
538 	/* Disable closed device mode upon platform closed device OTP value */
539 	result = stm32_bsec_shadow_read_otp(&otp, cfg.closed_device_id);
540 	if (!result && !(otp & BIT(cfg.closed_device_position)))
541 		bsec_dev.closed_device = false;
542 
543 	return TEE_SUCCESS;
544 }
545 
546 driver_init(initialize_bsec);
547