1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/spinlock.h> 14 #include <libfdt.h> 15 #include <limits.h> 16 #include <mm/core_memprot.h> 17 #include <platform_config.h> 18 #include <stm32_util.h> 19 #include <string.h> 20 #include <tee_api_defines.h> 21 #include <types_ext.h> 22 #include <util.h> 23 24 #define BSEC_OTP_MASK GENMASK_32(4, 0) 25 #define BSEC_OTP_BANK_SHIFT 5 26 27 /* Permanent lock bitmasks */ 28 #define ADDR_LOWER_OTP_PERLOCK_SHIFT 3 29 #define DATA_LOWER_OTP_PERLOCK_BIT 3 30 #define DATA_LOWER_OTP_PERLOCK_MASK GENMASK_32(2, 0) 31 #define ADDR_UPPER_OTP_PERLOCK_SHIFT 4 32 #define DATA_UPPER_OTP_PERLOCK_BIT 1 33 #define DATA_UPPER_OTP_PERLOCK_MASK GENMASK_32(3, 0) 34 35 /* BSEC register offset */ 36 #define BSEC_OTP_CONF_OFF 0x000U 37 #define BSEC_OTP_CTRL_OFF 0x004U 38 #define BSEC_OTP_WRDATA_OFF 0x008U 39 #define BSEC_OTP_STATUS_OFF 0x00CU 40 #define BSEC_OTP_LOCK_OFF 0x010U 41 #define BSEC_DEN_OFF 0x014U 42 #define BSEC_FEN_OFF 0x018U 43 #define BSEC_DISTURBED_OFF 0x01CU 44 #define BSEC_DISTURBED1_OFF 0x020U 45 #define BSEC_DISTURBED2_OFF 0x024U 46 #define BSEC_ERROR_OFF 0x034U 47 #define BSEC_ERROR1_OFF 0x038U 48 #define BSEC_ERROR2_OFF 0x03CU 49 #define BSEC_WRLOCK_OFF 0x04CU 50 #define BSEC_WRLOCK1_OFF 0x050U 51 #define BSEC_WRLOCK2_OFF 0x054U 52 #define BSEC_SPLOCK_OFF 0x064U 53 #define BSEC_SPLOCK1_OFF 0x068U 54 #define BSEC_SPLOCK2_OFF 0x06CU 55 #define BSEC_SWLOCK_OFF 0x07CU 56 #define BSEC_SWLOCK1_OFF 0x080U 57 #define BSEC_SWLOCK2_OFF 0x084U 58 #define BSEC_SRLOCK_OFF 0x094U 59 #define BSEC_SRLOCK1_OFF 0x098U 60 #define BSEC_SRLOCK2_OFF 0x09CU 61 #define BSEC_JTAG_IN_OFF 0x0ACU 62 #define BSEC_JTAG_OUT_OFF 0x0B0U 63 #define BSEC_SCRATCH_OFF 0x0B4U 64 #define BSEC_OTP_DATA_OFF 0x200U 65 #define BSEC_IPHW_CFG_OFF 0xFF0U 66 #define BSEC_IPVR_OFF 0xFF4U 67 #define BSEC_IP_ID_OFF 0xFF8U 68 #define BSEC_IP_MAGIC_ID_OFF 0xFFCU 69 70 /* BSEC_CONFIGURATION Register */ 71 #define BSEC_CONF_POWER_UP_MASK BIT(0) 72 #define BSEC_CONF_POWER_UP_SHIFT 0 73 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 74 #define BSEC_CONF_FRQ_SHIFT 1 75 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 76 #define BSEC_CONF_PRG_WIDTH_SHIFT 3 77 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 78 #define BSEC_CONF_TREAD_SHIFT 7 79 80 /* BSEC_CONTROL Register */ 81 #define BSEC_READ 0x000U 82 #define BSEC_WRITE 0x100U 83 #define BSEC_LOCK 0x200U 84 85 /* BSEC_STATUS Register */ 86 #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0) 87 #define BSEC_MODE_BUSY_MASK BIT(3) 88 #define BSEC_MODE_PROGFAIL_MASK BIT(4) 89 #define BSEC_MODE_PWR_MASK BIT(5) 90 #define BSEC_MODE_BIST1_LOCK_MASK BIT(6) 91 #define BSEC_MODE_BIST2_LOCK_MASK BIT(7) 92 93 /* BSEC_DEBUG */ 94 #define BSEC_HDPEN BIT(4) 95 #define BSEC_SPIDEN BIT(5) 96 #define BSEC_SPINDEN BIT(6) 97 #define BSEC_DBGSWGEN BIT(10) 98 #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0) 99 100 /* 101 * OTP Lock services definition 102 * Value must corresponding to the bit position in the register 103 */ 104 #define BSEC_LOCK_UPPER_OTP 0x00 105 #define BSEC_LOCK_DEBUG 0x02 106 #define BSEC_LOCK_PROGRAM 0x04 107 108 /* Timeout when polling on status */ 109 #define BSEC_TIMEOUT_US 10000 110 111 #define BITS_PER_WORD (CHAR_BIT * sizeof(uint32_t)) 112 113 struct bsec_dev { 114 struct io_pa_va base; 115 unsigned int upper_base; 116 unsigned int max_id; 117 uint32_t *nsec_access; 118 }; 119 120 /* Only 1 instance of BSEC is expected per platform */ 121 static struct bsec_dev bsec_dev; 122 123 /* BSEC access protection */ 124 static unsigned int lock = SPINLOCK_UNLOCK; 125 126 static uint32_t bsec_lock(void) 127 { 128 return may_spin_lock(&lock); 129 } 130 131 static void bsec_unlock(uint32_t exceptions) 132 { 133 may_spin_unlock(&lock, exceptions); 134 } 135 136 static uint32_t otp_max_id(void) 137 { 138 return bsec_dev.max_id; 139 } 140 141 static uint32_t otp_upper_base(void) 142 { 143 return bsec_dev.upper_base; 144 } 145 146 static uint32_t otp_bank_offset(uint32_t otp_id) 147 { 148 assert(otp_id <= otp_max_id()); 149 150 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 151 sizeof(uint32_t); 152 } 153 154 static vaddr_t bsec_base(void) 155 { 156 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 157 } 158 159 static uint32_t bsec_status(void) 160 { 161 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 162 } 163 164 /* 165 * Check that BSEC interface does not report an error 166 * @otp_id : OTP number 167 * @check_disturbed: check only error (false) or all sources (true) 168 * Return a TEE_Result compliant value 169 */ 170 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 171 { 172 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 173 uint32_t bank = otp_bank_offset(otp_id); 174 175 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 176 return TEE_ERROR_GENERIC; 177 178 if (check_disturbed && 179 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 180 return TEE_ERROR_GENERIC; 181 182 return TEE_SUCCESS; 183 } 184 185 static TEE_Result power_up_safmem(void) 186 { 187 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 188 189 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 190 BSEC_CONF_POWER_UP_MASK); 191 192 /* 193 * If a timeout is detected, test the condition again to consider 194 * cases where timeout is due to the executing TEE thread rescheduling. 195 */ 196 while (!timeout_elapsed(timeout_ref)) 197 if (bsec_status() & BSEC_MODE_PWR_MASK) 198 break; 199 200 if (bsec_status() & BSEC_MODE_PWR_MASK) 201 return TEE_SUCCESS; 202 203 return TEE_ERROR_GENERIC; 204 } 205 206 static TEE_Result power_down_safmem(void) 207 { 208 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 209 210 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 211 212 /* 213 * If a timeout is detected, test the condition again to consider 214 * cases where timeout is due to the executing TEE thread rescheduling. 215 */ 216 while (!timeout_elapsed(timeout_ref)) 217 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 218 break; 219 220 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 221 return TEE_SUCCESS; 222 223 return TEE_ERROR_GENERIC; 224 } 225 226 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 227 { 228 TEE_Result result = 0; 229 uint32_t exceptions = 0; 230 uint64_t timeout_ref = 0; 231 bool locked = false; 232 233 /* Check if shadowing of OTP is locked, informative only */ 234 result = stm32_bsec_read_sr_lock(otp_id, &locked); 235 if (result) 236 return result; 237 238 if (locked) 239 DMSG("BSEC shadow warning: OTP locked"); 240 241 exceptions = bsec_lock(); 242 243 result = power_up_safmem(); 244 if (result) 245 goto out; 246 247 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 248 249 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 250 while (!timeout_elapsed(timeout_ref)) 251 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 252 break; 253 254 if (bsec_status() & BSEC_MODE_BUSY_MASK) 255 result = TEE_ERROR_BUSY; 256 else 257 result = check_no_error(otp_id, true /* check-disturbed */); 258 259 power_down_safmem(); 260 261 out: 262 bsec_unlock(exceptions); 263 264 return result; 265 } 266 267 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 268 { 269 if (otp_id > otp_max_id()) 270 return TEE_ERROR_BAD_PARAMETERS; 271 272 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 273 (otp_id * sizeof(uint32_t))); 274 275 return TEE_SUCCESS; 276 } 277 278 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 279 { 280 TEE_Result result = 0; 281 282 result = stm32_bsec_shadow_register(otp_id); 283 if (result) { 284 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 285 return result; 286 } 287 288 result = stm32_bsec_read_otp(otp_value, otp_id); 289 if (result) 290 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 291 292 return result; 293 } 294 295 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 296 { 297 TEE_Result result = 0; 298 uint32_t exceptions = 0; 299 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 300 bool locked = false; 301 302 /* Check if write of OTP is locked, informative only */ 303 result = stm32_bsec_read_sw_lock(otp_id, &locked); 304 if (result) 305 return result; 306 307 if (locked) 308 DMSG("BSEC write warning: OTP locked"); 309 310 exceptions = bsec_lock(); 311 312 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 313 314 bsec_unlock(exceptions); 315 316 return TEE_SUCCESS; 317 } 318 319 #ifdef CFG_STM32_BSEC_WRITE 320 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 321 { 322 TEE_Result result = 0; 323 uint32_t exceptions = 0; 324 uint64_t timeout_ref = 0; 325 bool locked = false; 326 327 /* Check if shadowing of OTP is locked, informative only */ 328 result = stm32_bsec_read_sp_lock(otp_id, &locked); 329 if (result) 330 return result; 331 332 if (locked) 333 DMSG("BSEC program warning: OTP locked"); 334 335 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 336 DMSG("BSEC program warning: GPLOCK activated"); 337 338 exceptions = bsec_lock(); 339 340 result = power_up_safmem(); 341 if (result) 342 goto out; 343 344 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 345 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 346 347 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 348 while (!timeout_elapsed(timeout_ref)) 349 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 350 break; 351 352 if (bsec_status() & BSEC_MODE_BUSY_MASK) 353 result = TEE_ERROR_BUSY; 354 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 355 result = TEE_ERROR_BAD_PARAMETERS; 356 else 357 result = check_no_error(otp_id, true /* check-disturbed */); 358 359 power_down_safmem(); 360 361 out: 362 bsec_unlock(exceptions); 363 364 return result; 365 } 366 #endif /*CFG_STM32_BSEC_WRITE*/ 367 368 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 369 { 370 TEE_Result result = 0; 371 uint32_t data = 0; 372 uint32_t addr = 0; 373 uint32_t exceptions = 0; 374 vaddr_t base = bsec_base(); 375 uint64_t timeout_ref = 0; 376 377 if (otp_id > otp_max_id()) 378 return TEE_ERROR_BAD_PARAMETERS; 379 380 if (otp_id < otp_upper_base()) { 381 addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT; 382 data = DATA_LOWER_OTP_PERLOCK_BIT << 383 ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U); 384 } else { 385 addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U; 386 data = DATA_UPPER_OTP_PERLOCK_BIT << 387 (otp_id & DATA_UPPER_OTP_PERLOCK_MASK); 388 } 389 390 exceptions = bsec_lock(); 391 392 result = power_up_safmem(); 393 if (result) 394 goto out; 395 396 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 397 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 398 399 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 400 while (!timeout_elapsed(timeout_ref)) 401 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 402 break; 403 404 if (bsec_status() & BSEC_MODE_BUSY_MASK) 405 result = TEE_ERROR_BUSY; 406 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 407 result = TEE_ERROR_BAD_PARAMETERS; 408 else 409 result = check_no_error(otp_id, false /* not-disturbed */); 410 411 power_down_safmem(); 412 413 out: 414 bsec_unlock(exceptions); 415 416 return result; 417 } 418 419 #ifdef CFG_STM32_BSEC_WRITE 420 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 421 { 422 TEE_Result result = TEE_ERROR_GENERIC; 423 uint32_t masked_val = value & BSEC_DEN_ALL_MSK; 424 uint32_t exceptions = 0; 425 426 exceptions = bsec_lock(); 427 428 io_write32(bsec_base() + BSEC_DEN_OFF, value); 429 430 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U) 431 result = TEE_SUCCESS; 432 433 bsec_unlock(exceptions); 434 435 return result; 436 } 437 #endif /*CFG_STM32_BSEC_WRITE*/ 438 439 uint32_t stm32_bsec_read_debug_conf(void) 440 { 441 return io_read32(bsec_base() + BSEC_DEN_OFF); 442 } 443 444 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 445 { 446 uint32_t bank = otp_bank_offset(otp_id); 447 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 448 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 449 uint32_t exceptions = 0; 450 451 if (otp_id > STM32MP1_OTP_MAX_ID) 452 return TEE_ERROR_BAD_PARAMETERS; 453 454 exceptions = bsec_lock(); 455 456 io_write32(lock_addr, otp_mask); 457 458 bsec_unlock(exceptions); 459 460 return TEE_SUCCESS; 461 } 462 463 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 464 { 465 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 466 } 467 468 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 469 { 470 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 471 } 472 473 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 474 { 475 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 476 } 477 478 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 479 size_t lock_offset) 480 { 481 uint32_t bank = otp_bank_offset(otp_id); 482 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 483 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 484 485 if (otp_id > STM32MP1_OTP_MAX_ID) 486 return TEE_ERROR_BAD_PARAMETERS; 487 488 *locked = (io_read32(lock_addr) & otp_mask) != 0; 489 490 return TEE_SUCCESS; 491 } 492 493 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 494 { 495 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 496 } 497 498 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 499 { 500 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 501 } 502 503 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 504 { 505 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 506 } 507 508 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 509 { 510 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 511 } 512 513 TEE_Result stm32_bsec_otp_lock(uint32_t service) 514 { 515 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 516 517 switch (service) { 518 case BSEC_LOCK_UPPER_OTP: 519 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 520 break; 521 case BSEC_LOCK_DEBUG: 522 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 523 break; 524 case BSEC_LOCK_PROGRAM: 525 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 526 break; 527 default: 528 return TEE_ERROR_BAD_PARAMETERS; 529 } 530 531 return TEE_SUCCESS; 532 } 533 534 static size_t nsec_access_array_size(void) 535 { 536 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 537 538 return ROUNDUP(upper_count, BITS_PER_WORD) / BITS_PER_WORD; 539 } 540 541 static bool nsec_access_granted(unsigned int index) 542 { 543 uint32_t *array = bsec_dev.nsec_access; 544 545 return array && 546 (index / BITS_PER_WORD) < nsec_access_array_size() && 547 array[index / BITS_PER_WORD] & BIT(index % BITS_PER_WORD); 548 } 549 550 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 551 { 552 return otp_id < otp_upper_base() || 553 nsec_access_granted(otp_id - otp_upper_base()); 554 } 555 556 #ifdef CFG_EMBED_DTB 557 static void enable_nsec_access(unsigned int otp_id) 558 { 559 unsigned int idx = (otp_id - otp_upper_base()) / BITS_PER_WORD; 560 561 if (otp_id < otp_upper_base()) 562 return; 563 564 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 565 panic(); 566 567 bsec_dev.nsec_access[idx] |= BIT(otp_id % BITS_PER_WORD); 568 } 569 570 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 571 { 572 int bsec_subnode = 0; 573 574 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 575 sizeof(*bsec_dev.nsec_access)); 576 if (!bsec_dev.nsec_access) 577 panic(); 578 579 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 580 const fdt32_t *cuint = NULL; 581 unsigned int otp_id = 0; 582 unsigned int i = 0; 583 size_t size = 0; 584 uint32_t offset = 0; 585 uint32_t length = 0; 586 587 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL); 588 assert(cuint); 589 590 offset = fdt32_to_cpu(*cuint); 591 cuint++; 592 length = fdt32_to_cpu(*cuint); 593 594 otp_id = offset / sizeof(uint32_t); 595 596 if (otp_id < STM32MP1_UPPER_OTP_START) { 597 unsigned int otp_end = ROUNDUP(offset + length, 598 sizeof(uint32_t)) / 599 sizeof(uint32_t); 600 601 if (otp_end > STM32MP1_UPPER_OTP_START) { 602 /* 603 * OTP crosses Lower/Upper boundary, consider 604 * only the upper part. 605 */ 606 otp_id = STM32MP1_UPPER_OTP_START; 607 length -= (STM32MP1_UPPER_OTP_START * 608 sizeof(uint32_t)) - offset; 609 offset = STM32MP1_UPPER_OTP_START * 610 sizeof(uint32_t); 611 612 DMSG("OTP crosses Lower/Upper boundary"); 613 } else { 614 continue; 615 } 616 } 617 618 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 619 continue; 620 621 if ((offset % sizeof(uint32_t)) || (length % sizeof(uint32_t))) 622 panic("Unaligned non-secure OTP"); 623 624 size = length / sizeof(uint32_t); 625 626 if (otp_id + size > STM32MP1_OTP_MAX_ID) 627 panic("OTP range oversized"); 628 629 for (i = otp_id; i < otp_id + size; i++) 630 enable_nsec_access(i); 631 } 632 } 633 634 static void initialize_bsec_from_dt(void) 635 { 636 void *fdt = NULL; 637 int node = 0; 638 struct dt_node_info bsec_info = { }; 639 640 fdt = get_embedded_dt(); 641 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec"); 642 if (node < 0) 643 panic(); 644 645 _fdt_fill_device_info(fdt, &bsec_info, node); 646 647 if (bsec_info.reg != bsec_dev.base.pa || 648 !(bsec_info.status & DT_STATUS_OK_SEC)) 649 panic(); 650 651 bsec_dt_otp_nsec_access(fdt, node); 652 } 653 #else 654 static void initialize_bsec_from_dt(void) 655 { 656 } 657 #endif /*CFG_EMBED_DTB*/ 658 659 static TEE_Result initialize_bsec(void) 660 { 661 struct stm32_bsec_static_cfg cfg = { }; 662 663 stm32mp_get_bsec_static_cfg(&cfg); 664 665 bsec_dev.base.pa = cfg.base; 666 bsec_dev.upper_base = cfg.upper_start; 667 bsec_dev.max_id = cfg.max_id; 668 669 if (IS_ENABLED(CFG_EMBED_DTB)) 670 initialize_bsec_from_dt(); 671 672 return TEE_SUCCESS; 673 } 674 675 early_init(initialize_bsec); 676