xref: /optee_os/core/drivers/stm32_bsec.c (revision 3d3b05918ec9052ba13de82fbcaba204766eb636) 
1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3  * Copyright (c) 2017-2019, STMicroelectronics
4  */
5 
6 #include <assert.h>
7 #include <drivers/stm32_bsec.h>
8 #include <io.h>
9 #include <kernel/delay.h>
10 #include <kernel/generic_boot.h>
11 #include <kernel/spinlock.h>
12 #include <limits.h>
13 #include <mm/core_memprot.h>
14 #include <platform_config.h>
15 #include <stm32_util.h>
16 #include <types_ext.h>
17 #include <util.h>
18 
19 #define BSEC_OTP_MASK			GENMASK_32(4, 0)
20 #define BSEC_OTP_BANK_SHIFT		5
21 
22 /* Permanent lock bitmasks */
23 #define ADDR_LOWER_OTP_PERLOCK_SHIFT	3
24 #define DATA_LOWER_OTP_PERLOCK_BIT	3
25 #define DATA_LOWER_OTP_PERLOCK_MASK	GENMASK_32(2, 0)
26 #define ADDR_UPPER_OTP_PERLOCK_SHIFT	4
27 #define DATA_UPPER_OTP_PERLOCK_BIT	1
28 #define DATA_UPPER_OTP_PERLOCK_MASK	GENMASK_32(3, 0)
29 
30 /* BSEC register offset */
31 #define BSEC_OTP_CONF_OFF		0x000U
32 #define BSEC_OTP_CTRL_OFF		0x004U
33 #define BSEC_OTP_WRDATA_OFF		0x008U
34 #define BSEC_OTP_STATUS_OFF		0x00CU
35 #define BSEC_OTP_LOCK_OFF		0x010U
36 #define BSEC_DEN_OFF			0x014U
37 #define BSEC_FEN_OFF			0x018U
38 #define BSEC_DISTURBED_OFF		0x01CU
39 #define BSEC_DISTURBED1_OFF		0x020U
40 #define BSEC_DISTURBED2_OFF		0x024U
41 #define BSEC_ERROR_OFF			0x034U
42 #define BSEC_ERROR1_OFF			0x038U
43 #define BSEC_ERROR2_OFF			0x03CU
44 #define BSEC_WRLOCK_OFF			0x04CU
45 #define BSEC_WRLOCK1_OFF		0x050U
46 #define BSEC_WRLOCK2_OFF		0x054U
47 #define BSEC_SPLOCK_OFF			0x064U
48 #define BSEC_SPLOCK1_OFF		0x068U
49 #define BSEC_SPLOCK2_OFF		0x06CU
50 #define BSEC_SWLOCK_OFF			0x07CU
51 #define BSEC_SWLOCK1_OFF		0x080U
52 #define BSEC_SWLOCK2_OFF		0x084U
53 #define BSEC_SRLOCK_OFF			0x094U
54 #define BSEC_SRLOCK1_OFF		0x098U
55 #define BSEC_SRLOCK2_OFF		0x09CU
56 #define BSEC_JTAG_IN_OFF		0x0ACU
57 #define BSEC_JTAG_OUT_OFF		0x0B0U
58 #define BSEC_SCRATCH_OFF		0x0B4U
59 #define BSEC_OTP_DATA_OFF		0x200U
60 #define BSEC_IPHW_CFG_OFF		0xFF0U
61 #define BSEC_IPVR_OFF			0xFF4U
62 #define BSEC_IP_ID_OFF			0xFF8U
63 #define BSEC_IP_MAGIC_ID_OFF		0xFFCU
64 
65 /* BSEC_CONFIGURATION Register */
66 #define BSEC_CONF_POWER_UP_MASK		BIT(0)
67 #define BSEC_CONF_POWER_UP_SHIFT	0
68 #define BSEC_CONF_FRQ_MASK		GENMASK_32(2, 1)
69 #define BSEC_CONF_FRQ_SHIFT		1
70 #define BSEC_CONF_PRG_WIDTH_MASK	GENMASK_32(6, 3)
71 #define BSEC_CONF_PRG_WIDTH_SHIFT	3
72 #define BSEC_CONF_TREAD_MASK		GENMASK_32(8, 7)
73 #define BSEC_CONF_TREAD_SHIFT		7
74 
75 /* BSEC_CONTROL Register */
76 #define BSEC_READ			0x000U
77 #define BSEC_WRITE			0x100U
78 #define BSEC_LOCK			0x200U
79 
80 /* BSEC_STATUS Register */
81 #define BSEC_MODE_STATUS_MASK		GENMASK_32(2, 0)
82 #define BSEC_MODE_BUSY_MASK		BIT(3)
83 #define BSEC_MODE_PROGFAIL_MASK		BIT(4)
84 #define BSEC_MODE_PWR_MASK		BIT(5)
85 #define BSEC_MODE_BIST1_LOCK_MASK	BIT(6)
86 #define BSEC_MODE_BIST2_LOCK_MASK	BIT(7)
87 
88 /* BSEC_DEBUG */
89 #define BSEC_HDPEN			BIT(4)
90 #define BSEC_SPIDEN			BIT(5)
91 #define BSEC_SPINDEN			BIT(6)
92 #define BSEC_DBGSWGEN			BIT(10)
93 #define BSEC_DEN_ALL_MSK		GENMASK_32(10, 0)
94 
95 /*
96  * OTP Lock services definition
97  * Value must corresponding to the bit position in the register
98  */
99 #define BSEC_LOCK_UPPER_OTP		0x00
100 #define BSEC_LOCK_DEBUG			0x02
101 #define BSEC_LOCK_PROGRAM		0x03
102 
103 /* Timeout when polling on status */
104 #define BSEC_TIMEOUT_US			1000
105 
106 struct bsec_dev {
107 	struct io_pa_va base;
108 	unsigned int upper_base;
109 	unsigned int max_id;
110 	bool closed_device;
111 };
112 
113 /* Only 1 instance of BSEC is expected per platform */
114 static struct bsec_dev bsec_dev;
115 
116 /* BSEC access protection */
117 static unsigned int lock = SPINLOCK_UNLOCK;
118 
119 static uint32_t bsec_lock(void)
120 {
121 	return may_spin_lock(&lock);
122 }
123 
124 static void bsec_unlock(uint32_t exceptions)
125 {
126 	may_spin_unlock(&lock, exceptions);
127 }
128 
129 static uint32_t otp_max_id(void)
130 {
131 	return bsec_dev.max_id;
132 }
133 
134 static uint32_t otp_bank_offset(uint32_t otp_id)
135 {
136 	assert(otp_id <= otp_max_id());
137 
138 	return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
139 		sizeof(uint32_t);
140 }
141 
142 static vaddr_t bsec_base(void)
143 {
144 	return io_pa_or_va(&bsec_dev.base);
145 }
146 
147 static uint32_t bsec_status(void)
148 {
149 	return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
150 }
151 
152 static TEE_Result check_no_error(uint32_t otp_id)
153 {
154 	uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
155 	uint32_t bank = otp_bank_offset(otp_id);
156 
157 	if (io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
158 		return TEE_ERROR_GENERIC;
159 
160 	if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
161 		return TEE_ERROR_GENERIC;
162 
163 	return TEE_SUCCESS;
164 }
165 
166 static TEE_Result power_up_safmem(void)
167 {
168 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
169 
170 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
171 		  BSEC_CONF_POWER_UP_MASK);
172 
173 	/*
174 	 * If a timeout is detected, test the condition again to consider
175 	 * cases where timeout is due to the executing TEE thread rescheduling.
176 	 */
177 	while (!timeout_elapsed(timeout_ref))
178 		if (bsec_status() & BSEC_MODE_PWR_MASK)
179 			break;
180 
181 	if (bsec_status() & BSEC_MODE_PWR_MASK)
182 		return TEE_SUCCESS;
183 
184 	return TEE_ERROR_GENERIC;
185 }
186 
187 static TEE_Result power_down_safmem(void)
188 {
189 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
190 
191 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
192 
193 	/*
194 	 * If a timeout is detected, test the condition again to consider
195 	 * cases where timeout is due to the executing TEE thread rescheduling.
196 	 */
197 	while (!timeout_elapsed(timeout_ref))
198 		if (!(bsec_status() & BSEC_MODE_PWR_MASK))
199 			break;
200 
201 	if (!(bsec_status() & BSEC_MODE_PWR_MASK))
202 		return TEE_SUCCESS;
203 
204 	return TEE_ERROR_GENERIC;
205 }
206 
207 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
208 {
209 	TEE_Result result = 0;
210 	uint32_t exceptions = 0;
211 	uint64_t timeout_ref = 0;
212 
213 	if (otp_id > otp_max_id())
214 		return TEE_ERROR_BAD_PARAMETERS;
215 
216 	/* Check if shadowing of OTP is locked */
217 	if (stm32_bsec_read_sr_lock(otp_id))
218 		IMSG("OTP locked, register will not be refreshed");
219 
220 	exceptions = bsec_lock();
221 
222 	result = power_up_safmem();
223 	if (result)
224 		return result;
225 
226 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
227 
228 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
229 	while (!timeout_elapsed(timeout_ref))
230 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
231 			break;
232 
233 	if (bsec_status() & BSEC_MODE_BUSY_MASK)
234 		result = TEE_ERROR_GENERIC;
235 	else
236 		result = check_no_error(otp_id);
237 
238 	power_down_safmem();
239 
240 	bsec_unlock(exceptions);
241 
242 	return result;
243 }
244 
245 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
246 {
247 	TEE_Result result = 0;
248 	uint32_t exceptions = 0;
249 
250 	if (otp_id > otp_max_id())
251 		return TEE_ERROR_BAD_PARAMETERS;
252 
253 	exceptions = bsec_lock();
254 
255 	*value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
256 			   (otp_id * sizeof(uint32_t)));
257 
258 	result = check_no_error(otp_id);
259 
260 	bsec_unlock(exceptions);
261 
262 	return result;
263 }
264 
265 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
266 {
267 	TEE_Result result = 0;
268 
269 	result = stm32_bsec_shadow_register(otp_id);
270 	if (result) {
271 		EMSG("BSEC %" PRIu32 " Shadowing Error %x", otp_id, result);
272 		return result;
273 	}
274 
275 	result = stm32_bsec_read_otp(otp_value, otp_id);
276 	if (result)
277 		EMSG("BSEC %" PRIu32 " Read Error %x", otp_id, result);
278 
279 	return result;
280 }
281 
282 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
283 {
284 	TEE_Result result = 0;
285 	uint32_t exceptions = 0;
286 	vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
287 
288 	if (otp_id > otp_max_id())
289 		return TEE_ERROR_BAD_PARAMETERS;
290 
291 	/* Check if programming of OTP is locked */
292 	if (stm32_bsec_read_sw_lock(otp_id))
293 		IMSG("OTP locked, write will be ignored");
294 
295 	exceptions = bsec_lock();
296 
297 	io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
298 
299 	result = check_no_error(otp_id);
300 
301 	bsec_unlock(exceptions);
302 
303 	return result;
304 }
305 
306 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
307 {
308 	TEE_Result result = 0;
309 	uint32_t exceptions = 0;
310 	uint64_t timeout_ref;
311 
312 	if (otp_id > otp_max_id())
313 		return TEE_ERROR_BAD_PARAMETERS;
314 
315 	/* Check if programming of OTP is locked */
316 	if (stm32_bsec_read_sp_lock(otp_id))
317 		IMSG("OTP locked, prog will be ignored");
318 
319 	if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
320 		IMSG("GPLOCK activated, prog will be ignored");
321 
322 	exceptions = bsec_lock();
323 
324 	result = power_up_safmem();
325 	if (result)
326 		return result;
327 
328 	io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
329 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
330 
331 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
332 	while (!timeout_elapsed(timeout_ref))
333 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
334 			break;
335 
336 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
337 		result = TEE_ERROR_GENERIC;
338 	else
339 		result = check_no_error(otp_id);
340 
341 	power_down_safmem();
342 
343 	bsec_unlock(exceptions);
344 
345 	return result;
346 }
347 
348 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
349 {
350 	TEE_Result result = 0;
351 	uint32_t data = 0;
352 	uint32_t addr = 0;
353 	uint32_t exceptions = 0;
354 	vaddr_t base = bsec_base();
355 	uint64_t timeout_ref;
356 
357 	if (otp_id > otp_max_id())
358 		return TEE_ERROR_BAD_PARAMETERS;
359 
360 	if (otp_id < bsec_dev.upper_base) {
361 		addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
362 		data = DATA_LOWER_OTP_PERLOCK_BIT <<
363 		       ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
364 	} else {
365 		addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
366 		data = DATA_UPPER_OTP_PERLOCK_BIT <<
367 		       (otp_id & DATA_UPPER_OTP_PERLOCK_MASK);
368 	}
369 
370 	exceptions = bsec_lock();
371 
372 	result = power_up_safmem();
373 	if (result)
374 		return result;
375 
376 	io_write32(base + BSEC_OTP_WRDATA_OFF, data);
377 	io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
378 
379 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
380 	while (!timeout_elapsed(timeout_ref))
381 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
382 			break;
383 
384 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
385 		result = TEE_ERROR_BAD_PARAMETERS;
386 	else
387 		result = check_no_error(otp_id);
388 
389 	power_down_safmem();
390 
391 	bsec_unlock(exceptions);
392 
393 	return result;
394 }
395 
396 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
397 {
398 	TEE_Result result = TEE_ERROR_GENERIC;
399 	uint32_t masked_val = value & BSEC_DEN_ALL_MSK;
400 	uint32_t exceptions = 0;
401 
402 	exceptions = bsec_lock();
403 
404 	io_write32(bsec_base() + BSEC_DEN_OFF, value);
405 
406 	if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U)
407 		result = TEE_SUCCESS;
408 
409 	bsec_unlock(exceptions);
410 
411 	return result;
412 }
413 
414 uint32_t stm32_bsec_read_debug_conf(void)
415 {
416 	return io_read32(bsec_base() + BSEC_DEN_OFF);
417 }
418 
419 static bool write_bsec_lock(uint32_t otp_id, uint32_t value, size_t lock_offset)
420 {
421 	uint32_t bank = otp_bank_offset(otp_id);
422 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
423 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
424 	uint32_t bank_value = 0;
425 	uint32_t exceptions = 0;
426 
427 	if (!value)
428 		return false;
429 
430 	exceptions = bsec_lock();
431 
432 	bank_value = io_read32(lock_addr);
433 
434 	if ((bank_value & otp_mask) != value) {
435 		/*
436 		 * We can write 0 in all other OTP
437 		 * if the lock is activated in one of other OTP.
438 		 * Write 0 has no effect.
439 		 */
440 		io_write32(lock_addr, bank_value | otp_mask);
441 	}
442 
443 	bsec_unlock(exceptions);
444 
445 	return true;
446 }
447 
448 bool stm32_bsec_write_sr_lock(uint32_t otp_id, uint32_t value)
449 {
450 	return write_bsec_lock(otp_id, value, BSEC_SRLOCK_OFF);
451 }
452 
453 bool stm32_bsec_write_sw_lock(uint32_t otp_id, uint32_t value)
454 {
455 	return write_bsec_lock(otp_id, value, BSEC_SWLOCK_OFF);
456 }
457 
458 bool stm32_bsec_write_sp_lock(uint32_t otp_id, uint32_t value)
459 {
460 	return write_bsec_lock(otp_id, value, BSEC_SPLOCK_OFF);
461 }
462 
463 static bool read_bsec_lock(uint32_t otp_id, size_t lock_offset)
464 {
465 	uint32_t bank = otp_bank_offset(otp_id);
466 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
467 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
468 
469 	return io_read32(lock_addr) & otp_mask;
470 }
471 
472 bool stm32_bsec_read_sr_lock(uint32_t otp_id)
473 {
474 	return read_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
475 }
476 
477 bool stm32_bsec_read_sw_lock(uint32_t otp_id)
478 {
479 	return read_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
480 }
481 
482 bool stm32_bsec_read_sp_lock(uint32_t otp_id)
483 {
484 	return read_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
485 }
486 
487 bool stm32_bsec_wr_lock(uint32_t otp_id)
488 {
489 	uint32_t bank = otp_bank_offset(otp_id);
490 	uint32_t lock_bit = BIT(otp_id & BSEC_OTP_MASK);
491 
492 	if (io_read32(bsec_base() + BSEC_WRLOCK_OFF + bank) & lock_bit) {
493 		/*
494 		 * In case of write don't need to write,
495 		 * the lock is already set.
496 		 */
497 		return true;
498 	}
499 
500 	return false;
501 }
502 
503 uint32_t stm32_bsec_otp_lock(uint32_t service, uint32_t value)
504 {
505 	vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF;
506 
507 	switch (service) {
508 	case BSEC_LOCK_UPPER_OTP:
509 		io_write32(addr, value << BSEC_LOCK_UPPER_OTP);
510 		break;
511 	case BSEC_LOCK_DEBUG:
512 		io_write32(addr, value << BSEC_LOCK_DEBUG);
513 		break;
514 	case BSEC_LOCK_PROGRAM:
515 		io_write32(addr, value << BSEC_LOCK_PROGRAM);
516 		break;
517 	default:
518 		return TEE_ERROR_BAD_PARAMETERS;
519 	}
520 
521 	return TEE_SUCCESS;
522 }
523 
524 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
525 {
526 	if (otp_id > otp_max_id())
527 		return false;
528 
529 	return otp_id < bsec_dev.upper_base || !bsec_dev.closed_device;
530 }
531 
532 static TEE_Result initialize_bsec(void)
533 {
534 	struct stm32_bsec_static_cfg cfg = { 0 };
535 	uint32_t otp = 0;
536 	TEE_Result result = 0;
537 
538 	stm32mp_get_bsec_static_cfg(&cfg);
539 
540 	bsec_dev.base.pa = cfg.base;
541 	bsec_dev.upper_base = cfg.upper_start;
542 	bsec_dev.max_id = cfg.max_id;
543 	bsec_dev.closed_device = true;
544 
545 	/* Disable closed device mode upon platform closed device OTP value */
546 	result = stm32_bsec_shadow_read_otp(&otp, cfg.closed_device_id);
547 	if (!result && !(otp & BIT(cfg.closed_device_position)))
548 		bsec_dev.closed_device = false;
549 
550 	return TEE_SUCCESS;
551 }
552 
553 driver_init(initialize_bsec);
554