1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/spinlock.h> 14 #include <libfdt.h> 15 #include <limits.h> 16 #include <mm/core_memprot.h> 17 #include <platform_config.h> 18 #include <stm32_util.h> 19 #include <string.h> 20 #include <tee_api_defines.h> 21 #include <types_ext.h> 22 #include <util.h> 23 24 #define BSEC_OTP_MASK GENMASK_32(4, 0) 25 #define BSEC_OTP_BANK_SHIFT 5 26 27 /* Permanent lock bitmasks */ 28 #define ADDR_LOWER_OTP_PERLOCK_SHIFT 3 29 #define DATA_LOWER_OTP_PERLOCK_BIT 3 30 #define DATA_LOWER_OTP_PERLOCK_MASK GENMASK_32(2, 0) 31 #define ADDR_UPPER_OTP_PERLOCK_SHIFT 4 32 #define DATA_UPPER_OTP_PERLOCK_BIT 1 33 #define DATA_UPPER_OTP_PERLOCK_MASK GENMASK_32(3, 0) 34 35 /* BSEC register offset */ 36 #define BSEC_OTP_CONF_OFF 0x000U 37 #define BSEC_OTP_CTRL_OFF 0x004U 38 #define BSEC_OTP_WRDATA_OFF 0x008U 39 #define BSEC_OTP_STATUS_OFF 0x00CU 40 #define BSEC_OTP_LOCK_OFF 0x010U 41 #define BSEC_DEN_OFF 0x014U 42 #define BSEC_FEN_OFF 0x018U 43 #define BSEC_DISTURBED_OFF 0x01CU 44 #define BSEC_DISTURBED1_OFF 0x020U 45 #define BSEC_DISTURBED2_OFF 0x024U 46 #define BSEC_ERROR_OFF 0x034U 47 #define BSEC_ERROR1_OFF 0x038U 48 #define BSEC_ERROR2_OFF 0x03CU 49 #define BSEC_WRLOCK_OFF 0x04CU 50 #define BSEC_WRLOCK1_OFF 0x050U 51 #define BSEC_WRLOCK2_OFF 0x054U 52 #define BSEC_SPLOCK_OFF 0x064U 53 #define BSEC_SPLOCK1_OFF 0x068U 54 #define BSEC_SPLOCK2_OFF 0x06CU 55 #define BSEC_SWLOCK_OFF 0x07CU 56 #define BSEC_SWLOCK1_OFF 0x080U 57 #define BSEC_SWLOCK2_OFF 0x084U 58 #define BSEC_SRLOCK_OFF 0x094U 59 #define BSEC_SRLOCK1_OFF 0x098U 60 #define BSEC_SRLOCK2_OFF 0x09CU 61 #define BSEC_JTAG_IN_OFF 0x0ACU 62 #define BSEC_JTAG_OUT_OFF 0x0B0U 63 #define BSEC_SCRATCH_OFF 0x0B4U 64 #define BSEC_OTP_DATA_OFF 0x200U 65 #define BSEC_IPHW_CFG_OFF 0xFF0U 66 #define BSEC_IPVR_OFF 0xFF4U 67 #define BSEC_IP_ID_OFF 0xFF8U 68 #define BSEC_IP_MAGIC_ID_OFF 0xFFCU 69 70 /* BSEC_CONFIGURATION Register */ 71 #define BSEC_CONF_POWER_UP_MASK BIT(0) 72 #define BSEC_CONF_POWER_UP_SHIFT 0 73 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 74 #define BSEC_CONF_FRQ_SHIFT 1 75 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 76 #define BSEC_CONF_PRG_WIDTH_SHIFT 3 77 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 78 #define BSEC_CONF_TREAD_SHIFT 7 79 80 /* BSEC_CONTROL Register */ 81 #define BSEC_READ 0x000U 82 #define BSEC_WRITE 0x100U 83 #define BSEC_LOCK 0x200U 84 85 /* BSEC_STATUS Register */ 86 #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0) 87 #define BSEC_MODE_BUSY_MASK BIT(3) 88 #define BSEC_MODE_PROGFAIL_MASK BIT(4) 89 #define BSEC_MODE_PWR_MASK BIT(5) 90 #define BSEC_MODE_BIST1_LOCK_MASK BIT(6) 91 #define BSEC_MODE_BIST2_LOCK_MASK BIT(7) 92 93 /* BSEC_DEBUG */ 94 #define BSEC_HDPEN BIT(4) 95 #define BSEC_SPIDEN BIT(5) 96 #define BSEC_SPINDEN BIT(6) 97 #define BSEC_DBGSWGEN BIT(10) 98 #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0) 99 100 /* 101 * OTP Lock services definition 102 * Value must corresponding to the bit position in the register 103 */ 104 #define BSEC_LOCK_UPPER_OTP 0x00 105 #define BSEC_LOCK_DEBUG 0x02 106 #define BSEC_LOCK_PROGRAM 0x04 107 108 /* Timeout when polling on status */ 109 #define BSEC_TIMEOUT_US 10000 110 111 112 struct bsec_dev { 113 struct io_pa_va base; 114 unsigned int upper_base; 115 unsigned int max_id; 116 uint32_t *nsec_access; 117 }; 118 119 /* Only 1 instance of BSEC is expected per platform */ 120 static struct bsec_dev bsec_dev; 121 122 /* BSEC access protection */ 123 static unsigned int lock = SPINLOCK_UNLOCK; 124 125 static uint32_t bsec_lock(void) 126 { 127 return may_spin_lock(&lock); 128 } 129 130 static void bsec_unlock(uint32_t exceptions) 131 { 132 may_spin_unlock(&lock, exceptions); 133 } 134 135 static uint32_t otp_max_id(void) 136 { 137 return bsec_dev.max_id; 138 } 139 140 static uint32_t otp_upper_base(void) 141 { 142 return bsec_dev.upper_base; 143 } 144 145 static uint32_t otp_bank_offset(uint32_t otp_id) 146 { 147 assert(otp_id <= otp_max_id()); 148 149 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 150 sizeof(uint32_t); 151 } 152 153 static vaddr_t bsec_base(void) 154 { 155 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 156 } 157 158 static uint32_t bsec_status(void) 159 { 160 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 161 } 162 163 /* 164 * Check that BSEC interface does not report an error 165 * @otp_id : OTP number 166 * @check_disturbed: check only error (false) or all sources (true) 167 * Return a TEE_Result compliant value 168 */ 169 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 170 { 171 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 172 uint32_t bank = otp_bank_offset(otp_id); 173 174 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 175 return TEE_ERROR_GENERIC; 176 177 if (check_disturbed && 178 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 179 return TEE_ERROR_GENERIC; 180 181 return TEE_SUCCESS; 182 } 183 184 static TEE_Result power_up_safmem(void) 185 { 186 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 187 188 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 189 BSEC_CONF_POWER_UP_MASK); 190 191 /* 192 * If a timeout is detected, test the condition again to consider 193 * cases where timeout is due to the executing TEE thread rescheduling. 194 */ 195 while (!timeout_elapsed(timeout_ref)) 196 if (bsec_status() & BSEC_MODE_PWR_MASK) 197 break; 198 199 if (bsec_status() & BSEC_MODE_PWR_MASK) 200 return TEE_SUCCESS; 201 202 return TEE_ERROR_GENERIC; 203 } 204 205 static TEE_Result power_down_safmem(void) 206 { 207 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 208 209 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 210 211 /* 212 * If a timeout is detected, test the condition again to consider 213 * cases where timeout is due to the executing TEE thread rescheduling. 214 */ 215 while (!timeout_elapsed(timeout_ref)) 216 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 217 break; 218 219 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 220 return TEE_SUCCESS; 221 222 return TEE_ERROR_GENERIC; 223 } 224 225 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 226 { 227 TEE_Result result = 0; 228 uint32_t exceptions = 0; 229 uint64_t timeout_ref = 0; 230 bool locked = false; 231 232 /* Check if shadowing of OTP is locked, informative only */ 233 result = stm32_bsec_read_sr_lock(otp_id, &locked); 234 if (result) 235 return result; 236 237 if (locked) 238 DMSG("BSEC shadow warning: OTP locked"); 239 240 exceptions = bsec_lock(); 241 242 result = power_up_safmem(); 243 if (result) 244 goto out; 245 246 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 247 248 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 249 while (!timeout_elapsed(timeout_ref)) 250 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 251 break; 252 253 if (bsec_status() & BSEC_MODE_BUSY_MASK) 254 result = TEE_ERROR_BUSY; 255 else 256 result = check_no_error(otp_id, true /* check-disturbed */); 257 258 power_down_safmem(); 259 260 out: 261 bsec_unlock(exceptions); 262 263 return result; 264 } 265 266 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 267 { 268 if (otp_id > otp_max_id()) 269 return TEE_ERROR_BAD_PARAMETERS; 270 271 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 272 (otp_id * sizeof(uint32_t))); 273 274 return TEE_SUCCESS; 275 } 276 277 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 278 { 279 TEE_Result result = 0; 280 281 result = stm32_bsec_shadow_register(otp_id); 282 if (result) { 283 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 284 return result; 285 } 286 287 result = stm32_bsec_read_otp(otp_value, otp_id); 288 if (result) 289 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 290 291 return result; 292 } 293 294 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 295 { 296 TEE_Result result = 0; 297 uint32_t exceptions = 0; 298 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 299 bool locked = false; 300 301 /* Check if write of OTP is locked, informative only */ 302 result = stm32_bsec_read_sw_lock(otp_id, &locked); 303 if (result) 304 return result; 305 306 if (locked) 307 DMSG("BSEC write warning: OTP locked"); 308 309 exceptions = bsec_lock(); 310 311 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 312 313 bsec_unlock(exceptions); 314 315 return TEE_SUCCESS; 316 } 317 318 #ifdef CFG_STM32_BSEC_WRITE 319 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 320 { 321 TEE_Result result = 0; 322 uint32_t exceptions = 0; 323 uint64_t timeout_ref = 0; 324 bool locked = false; 325 326 /* Check if shadowing of OTP is locked, informative only */ 327 result = stm32_bsec_read_sp_lock(otp_id, &locked); 328 if (result) 329 return result; 330 331 if (locked) 332 DMSG("BSEC program warning: OTP locked"); 333 334 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 335 DMSG("BSEC program warning: GPLOCK activated"); 336 337 exceptions = bsec_lock(); 338 339 result = power_up_safmem(); 340 if (result) 341 goto out; 342 343 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 344 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 345 346 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 347 while (!timeout_elapsed(timeout_ref)) 348 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 349 break; 350 351 if (bsec_status() & BSEC_MODE_BUSY_MASK) 352 result = TEE_ERROR_BUSY; 353 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 354 result = TEE_ERROR_BAD_PARAMETERS; 355 else 356 result = check_no_error(otp_id, true /* check-disturbed */); 357 358 power_down_safmem(); 359 360 out: 361 bsec_unlock(exceptions); 362 363 return result; 364 } 365 #endif /*CFG_STM32_BSEC_WRITE*/ 366 367 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 368 { 369 TEE_Result result = 0; 370 uint32_t data = 0; 371 uint32_t addr = 0; 372 uint32_t exceptions = 0; 373 vaddr_t base = bsec_base(); 374 uint64_t timeout_ref = 0; 375 376 if (otp_id > otp_max_id()) 377 return TEE_ERROR_BAD_PARAMETERS; 378 379 if (otp_id < otp_upper_base()) { 380 addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT; 381 data = DATA_LOWER_OTP_PERLOCK_BIT << 382 ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U); 383 } else { 384 addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U; 385 data = DATA_UPPER_OTP_PERLOCK_BIT << 386 (otp_id & DATA_UPPER_OTP_PERLOCK_MASK); 387 } 388 389 exceptions = bsec_lock(); 390 391 result = power_up_safmem(); 392 if (result) 393 goto out; 394 395 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 396 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 397 398 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 399 while (!timeout_elapsed(timeout_ref)) 400 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 401 break; 402 403 if (bsec_status() & BSEC_MODE_BUSY_MASK) 404 result = TEE_ERROR_BUSY; 405 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 406 result = TEE_ERROR_BAD_PARAMETERS; 407 else 408 result = check_no_error(otp_id, false /* not-disturbed */); 409 410 power_down_safmem(); 411 412 out: 413 bsec_unlock(exceptions); 414 415 return result; 416 } 417 418 #ifdef CFG_STM32_BSEC_WRITE 419 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 420 { 421 TEE_Result result = TEE_ERROR_GENERIC; 422 uint32_t masked_val = value & BSEC_DEN_ALL_MSK; 423 uint32_t exceptions = 0; 424 425 exceptions = bsec_lock(); 426 427 io_write32(bsec_base() + BSEC_DEN_OFF, value); 428 429 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U) 430 result = TEE_SUCCESS; 431 432 bsec_unlock(exceptions); 433 434 return result; 435 } 436 #endif /*CFG_STM32_BSEC_WRITE*/ 437 438 uint32_t stm32_bsec_read_debug_conf(void) 439 { 440 return io_read32(bsec_base() + BSEC_DEN_OFF); 441 } 442 443 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 444 { 445 uint32_t bank = otp_bank_offset(otp_id); 446 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 447 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 448 uint32_t exceptions = 0; 449 450 if (otp_id > STM32MP1_OTP_MAX_ID) 451 return TEE_ERROR_BAD_PARAMETERS; 452 453 exceptions = bsec_lock(); 454 455 io_write32(lock_addr, otp_mask); 456 457 bsec_unlock(exceptions); 458 459 return TEE_SUCCESS; 460 } 461 462 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 463 { 464 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 465 } 466 467 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 468 { 469 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 470 } 471 472 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 473 { 474 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 475 } 476 477 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 478 size_t lock_offset) 479 { 480 uint32_t bank = otp_bank_offset(otp_id); 481 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 482 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 483 484 if (otp_id > STM32MP1_OTP_MAX_ID) 485 return TEE_ERROR_BAD_PARAMETERS; 486 487 *locked = (io_read32(lock_addr) & otp_mask) != 0; 488 489 return TEE_SUCCESS; 490 } 491 492 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 493 { 494 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 495 } 496 497 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 498 { 499 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 500 } 501 502 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 503 { 504 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 505 } 506 507 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 508 { 509 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 510 } 511 512 TEE_Result stm32_bsec_otp_lock(uint32_t service) 513 { 514 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 515 516 switch (service) { 517 case BSEC_LOCK_UPPER_OTP: 518 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 519 break; 520 case BSEC_LOCK_DEBUG: 521 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 522 break; 523 case BSEC_LOCK_PROGRAM: 524 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 525 break; 526 default: 527 return TEE_ERROR_BAD_PARAMETERS; 528 } 529 530 return TEE_SUCCESS; 531 } 532 533 static size_t nsec_access_array_size(void) 534 { 535 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 536 537 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 538 } 539 540 static bool nsec_access_granted(unsigned int index) 541 { 542 uint32_t *array = bsec_dev.nsec_access; 543 544 return array && 545 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 546 array[index / BSEC_BITS_PER_WORD] & 547 BIT(index % BSEC_BITS_PER_WORD); 548 } 549 550 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 551 { 552 return otp_id < otp_upper_base() || 553 nsec_access_granted(otp_id - otp_upper_base()); 554 } 555 556 #ifdef CFG_EMBED_DTB 557 static void enable_nsec_access(unsigned int otp_id) 558 { 559 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 560 561 if (otp_id < otp_upper_base()) 562 return; 563 564 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 565 panic(); 566 567 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 568 } 569 570 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 571 { 572 int bsec_subnode = 0; 573 574 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 575 sizeof(*bsec_dev.nsec_access)); 576 if (!bsec_dev.nsec_access) 577 panic(); 578 579 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 580 const fdt32_t *cuint = NULL; 581 unsigned int otp_id = 0; 582 unsigned int i = 0; 583 size_t size = 0; 584 uint32_t offset = 0; 585 uint32_t length = 0; 586 587 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL); 588 assert(cuint); 589 590 offset = fdt32_to_cpu(*cuint); 591 cuint++; 592 length = fdt32_to_cpu(*cuint); 593 594 otp_id = offset / sizeof(uint32_t); 595 596 if (otp_id < STM32MP1_UPPER_OTP_START) { 597 unsigned int otp_end = ROUNDUP(offset + length, 598 sizeof(uint32_t)) / 599 sizeof(uint32_t); 600 601 if (otp_end > STM32MP1_UPPER_OTP_START) { 602 /* 603 * OTP crosses Lower/Upper boundary, consider 604 * only the upper part. 605 */ 606 otp_id = STM32MP1_UPPER_OTP_START; 607 length -= (STM32MP1_UPPER_OTP_START * 608 sizeof(uint32_t)) - offset; 609 offset = STM32MP1_UPPER_OTP_START * 610 sizeof(uint32_t); 611 612 DMSG("OTP crosses Lower/Upper boundary"); 613 } else { 614 continue; 615 } 616 } 617 618 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 619 continue; 620 621 if ((offset % sizeof(uint32_t)) || (length % sizeof(uint32_t))) 622 panic("Unaligned non-secure OTP"); 623 624 size = length / sizeof(uint32_t); 625 626 if (otp_id + size > STM32MP1_OTP_MAX_ID) 627 panic("OTP range oversized"); 628 629 for (i = otp_id; i < otp_id + size; i++) 630 enable_nsec_access(i); 631 } 632 } 633 634 static void initialize_bsec_from_dt(void) 635 { 636 void *fdt = NULL; 637 int node = 0; 638 struct dt_node_info bsec_info = { }; 639 640 fdt = get_embedded_dt(); 641 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec"); 642 if (node < 0) 643 panic(); 644 645 _fdt_fill_device_info(fdt, &bsec_info, node); 646 647 if (bsec_info.reg != bsec_dev.base.pa || 648 !(bsec_info.status & DT_STATUS_OK_SEC)) 649 panic(); 650 651 bsec_dt_otp_nsec_access(fdt, node); 652 } 653 #else 654 static void initialize_bsec_from_dt(void) 655 { 656 } 657 #endif /*CFG_EMBED_DTB*/ 658 659 static TEE_Result initialize_bsec(void) 660 { 661 struct stm32_bsec_static_cfg cfg = { }; 662 663 stm32mp_get_bsec_static_cfg(&cfg); 664 665 bsec_dev.base.pa = cfg.base; 666 bsec_dev.upper_base = cfg.upper_start; 667 bsec_dev.max_id = cfg.max_id; 668 669 if (IS_ENABLED(CFG_EMBED_DTB)) 670 initialize_bsec_from_dt(); 671 672 return TEE_SUCCESS; 673 } 674 675 early_init(initialize_bsec); 676