1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/spinlock.h> 14 #include <libfdt.h> 15 #include <limits.h> 16 #include <mm/core_memprot.h> 17 #include <platform_config.h> 18 #include <stm32_util.h> 19 #include <string.h> 20 #include <tee_api_defines.h> 21 #include <types_ext.h> 22 #include <util.h> 23 24 #define BSEC_OTP_MASK GENMASK_32(4, 0) 25 #define BSEC_OTP_BANK_SHIFT 5 26 27 /* Permanent lock bitmasks */ 28 #define ADDR_LOWER_OTP_PERLOCK_SHIFT 3 29 #define DATA_LOWER_OTP_PERLOCK_BIT 3 30 #define DATA_LOWER_OTP_PERLOCK_MASK GENMASK_32(2, 0) 31 #define ADDR_UPPER_OTP_PERLOCK_SHIFT 4 32 #define DATA_UPPER_OTP_PERLOCK_BIT 1 33 #define DATA_UPPER_OTP_PERLOCK_MASK GENMASK_32(3, 0) 34 35 /* BSEC register offset */ 36 #define BSEC_OTP_CONF_OFF 0x000U 37 #define BSEC_OTP_CTRL_OFF 0x004U 38 #define BSEC_OTP_WRDATA_OFF 0x008U 39 #define BSEC_OTP_STATUS_OFF 0x00CU 40 #define BSEC_OTP_LOCK_OFF 0x010U 41 #define BSEC_DEN_OFF 0x014U 42 #define BSEC_FEN_OFF 0x018U 43 #define BSEC_DISTURBED_OFF 0x01CU 44 #define BSEC_DISTURBED1_OFF 0x020U 45 #define BSEC_DISTURBED2_OFF 0x024U 46 #define BSEC_ERROR_OFF 0x034U 47 #define BSEC_ERROR1_OFF 0x038U 48 #define BSEC_ERROR2_OFF 0x03CU 49 #define BSEC_WRLOCK_OFF 0x04CU 50 #define BSEC_WRLOCK1_OFF 0x050U 51 #define BSEC_WRLOCK2_OFF 0x054U 52 #define BSEC_SPLOCK_OFF 0x064U 53 #define BSEC_SPLOCK1_OFF 0x068U 54 #define BSEC_SPLOCK2_OFF 0x06CU 55 #define BSEC_SWLOCK_OFF 0x07CU 56 #define BSEC_SWLOCK1_OFF 0x080U 57 #define BSEC_SWLOCK2_OFF 0x084U 58 #define BSEC_SRLOCK_OFF 0x094U 59 #define BSEC_SRLOCK1_OFF 0x098U 60 #define BSEC_SRLOCK2_OFF 0x09CU 61 #define BSEC_JTAG_IN_OFF 0x0ACU 62 #define BSEC_JTAG_OUT_OFF 0x0B0U 63 #define BSEC_SCRATCH_OFF 0x0B4U 64 #define BSEC_OTP_DATA_OFF 0x200U 65 #define BSEC_IPHW_CFG_OFF 0xFF0U 66 #define BSEC_IPVR_OFF 0xFF4U 67 #define BSEC_IP_ID_OFF 0xFF8U 68 #define BSEC_IP_MAGIC_ID_OFF 0xFFCU 69 70 /* BSEC_CONFIGURATION Register */ 71 #define BSEC_CONF_POWER_UP_MASK BIT(0) 72 #define BSEC_CONF_POWER_UP_SHIFT 0 73 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 74 #define BSEC_CONF_FRQ_SHIFT 1 75 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 76 #define BSEC_CONF_PRG_WIDTH_SHIFT 3 77 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 78 #define BSEC_CONF_TREAD_SHIFT 7 79 80 /* BSEC_CONTROL Register */ 81 #define BSEC_READ 0x000U 82 #define BSEC_WRITE 0x100U 83 #define BSEC_LOCK 0x200U 84 85 /* BSEC_STATUS Register */ 86 #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0) 87 #define BSEC_MODE_BUSY_MASK BIT(3) 88 #define BSEC_MODE_PROGFAIL_MASK BIT(4) 89 #define BSEC_MODE_PWR_MASK BIT(5) 90 #define BSEC_MODE_BIST1_LOCK_MASK BIT(6) 91 #define BSEC_MODE_BIST2_LOCK_MASK BIT(7) 92 93 /* BSEC_DEBUG */ 94 #define BSEC_HDPEN BIT(4) 95 #define BSEC_SPIDEN BIT(5) 96 #define BSEC_SPINDEN BIT(6) 97 #define BSEC_DBGSWGEN BIT(10) 98 #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0) 99 100 /* 101 * OTP Lock services definition 102 * Value must corresponding to the bit position in the register 103 */ 104 #define BSEC_LOCK_UPPER_OTP 0x00 105 #define BSEC_LOCK_DEBUG 0x02 106 #define BSEC_LOCK_PROGRAM 0x04 107 108 /* Timeout when polling on status */ 109 #define BSEC_TIMEOUT_US 1000 110 111 #define BITS_PER_WORD (CHAR_BIT * sizeof(uint32_t)) 112 113 struct bsec_dev { 114 struct io_pa_va base; 115 unsigned int upper_base; 116 unsigned int max_id; 117 uint32_t *nsec_access; 118 }; 119 120 /* Only 1 instance of BSEC is expected per platform */ 121 static struct bsec_dev bsec_dev; 122 123 /* BSEC access protection */ 124 static unsigned int lock = SPINLOCK_UNLOCK; 125 126 static uint32_t bsec_lock(void) 127 { 128 return may_spin_lock(&lock); 129 } 130 131 static void bsec_unlock(uint32_t exceptions) 132 { 133 may_spin_unlock(&lock, exceptions); 134 } 135 136 static uint32_t otp_max_id(void) 137 { 138 return bsec_dev.max_id; 139 } 140 141 static uint32_t otp_upper_base(void) 142 { 143 return bsec_dev.upper_base; 144 } 145 146 static uint32_t otp_bank_offset(uint32_t otp_id) 147 { 148 assert(otp_id <= otp_max_id()); 149 150 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 151 sizeof(uint32_t); 152 } 153 154 static vaddr_t bsec_base(void) 155 { 156 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 157 } 158 159 static uint32_t bsec_status(void) 160 { 161 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 162 } 163 164 /* 165 * Check that BSEC interface does not report an error 166 * @otp_id : OTP number 167 * @check_disturbed: check only error (false) or all sources (true) 168 * Return a TEE_Result compliant value 169 */ 170 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 171 { 172 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 173 uint32_t bank = otp_bank_offset(otp_id); 174 175 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 176 return TEE_ERROR_GENERIC; 177 178 if (check_disturbed && 179 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 180 return TEE_ERROR_GENERIC; 181 182 return TEE_SUCCESS; 183 } 184 185 static TEE_Result power_up_safmem(void) 186 { 187 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 188 189 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 190 BSEC_CONF_POWER_UP_MASK); 191 192 /* 193 * If a timeout is detected, test the condition again to consider 194 * cases where timeout is due to the executing TEE thread rescheduling. 195 */ 196 while (!timeout_elapsed(timeout_ref)) 197 if (bsec_status() & BSEC_MODE_PWR_MASK) 198 break; 199 200 if (bsec_status() & BSEC_MODE_PWR_MASK) 201 return TEE_SUCCESS; 202 203 return TEE_ERROR_GENERIC; 204 } 205 206 static TEE_Result power_down_safmem(void) 207 { 208 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 209 210 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 211 212 /* 213 * If a timeout is detected, test the condition again to consider 214 * cases where timeout is due to the executing TEE thread rescheduling. 215 */ 216 while (!timeout_elapsed(timeout_ref)) 217 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 218 break; 219 220 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 221 return TEE_SUCCESS; 222 223 return TEE_ERROR_GENERIC; 224 } 225 226 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 227 { 228 TEE_Result result = 0; 229 uint32_t exceptions = 0; 230 uint64_t timeout_ref = 0; 231 bool locked = false; 232 233 /* Check if shadowing of OTP is locked, informative only */ 234 result = stm32_bsec_read_sr_lock(otp_id, &locked); 235 if (result) 236 return result; 237 238 if (locked) 239 DMSG("BSEC shadow warning: OTP locked"); 240 241 exceptions = bsec_lock(); 242 243 result = power_up_safmem(); 244 if (result) 245 return result; 246 247 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 248 249 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 250 while (!timeout_elapsed(timeout_ref)) 251 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 252 break; 253 254 if (bsec_status() & BSEC_MODE_BUSY_MASK) 255 result = TEE_ERROR_BUSY; 256 else 257 result = check_no_error(otp_id, true /* check-disturbed */); 258 259 power_down_safmem(); 260 261 bsec_unlock(exceptions); 262 263 return result; 264 } 265 266 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 267 { 268 if (otp_id > otp_max_id()) 269 return TEE_ERROR_BAD_PARAMETERS; 270 271 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 272 (otp_id * sizeof(uint32_t))); 273 274 return TEE_SUCCESS; 275 } 276 277 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 278 { 279 TEE_Result result = 0; 280 281 result = stm32_bsec_shadow_register(otp_id); 282 if (result) { 283 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 284 return result; 285 } 286 287 result = stm32_bsec_read_otp(otp_value, otp_id); 288 if (result) 289 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 290 291 return result; 292 } 293 294 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 295 { 296 TEE_Result result = 0; 297 uint32_t exceptions = 0; 298 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 299 bool locked = false; 300 301 /* Check if write of OTP is locked, informative only */ 302 result = stm32_bsec_read_sw_lock(otp_id, &locked); 303 if (result) 304 return result; 305 306 if (locked) 307 DMSG("BSEC write warning: OTP locked"); 308 309 exceptions = bsec_lock(); 310 311 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 312 313 bsec_unlock(exceptions); 314 315 return TEE_SUCCESS; 316 } 317 318 #ifdef CFG_STM32_BSEC_WRITE 319 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 320 { 321 TEE_Result result = 0; 322 uint32_t exceptions = 0; 323 uint64_t timeout_ref = 0; 324 bool locked = false; 325 326 /* Check if shadowing of OTP is locked, informative only */ 327 result = stm32_bsec_read_sp_lock(otp_id, &locked); 328 if (result) 329 return result; 330 331 if (locked) 332 DMSG("BSEC program warning: OTP locked"); 333 334 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 335 DMSG("BSEC program warning: GPLOCK activated"); 336 337 exceptions = bsec_lock(); 338 339 result = power_up_safmem(); 340 if (result) 341 return result; 342 343 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 344 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 345 346 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 347 while (!timeout_elapsed(timeout_ref)) 348 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 349 break; 350 351 if (bsec_status() & BSEC_MODE_BUSY_MASK) 352 result = TEE_ERROR_BUSY; 353 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 354 result = TEE_ERROR_BAD_PARAMETERS; 355 else 356 result = check_no_error(otp_id, true /* check-disturbed */); 357 358 power_down_safmem(); 359 360 bsec_unlock(exceptions); 361 362 return result; 363 } 364 #endif /*CFG_STM32_BSEC_WRITE*/ 365 366 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 367 { 368 TEE_Result result = 0; 369 uint32_t data = 0; 370 uint32_t addr = 0; 371 uint32_t exceptions = 0; 372 vaddr_t base = bsec_base(); 373 uint64_t timeout_ref = 0; 374 375 if (otp_id > otp_max_id()) 376 return TEE_ERROR_BAD_PARAMETERS; 377 378 if (otp_id < otp_upper_base()) { 379 addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT; 380 data = DATA_LOWER_OTP_PERLOCK_BIT << 381 ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U); 382 } else { 383 addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U; 384 data = DATA_UPPER_OTP_PERLOCK_BIT << 385 (otp_id & DATA_UPPER_OTP_PERLOCK_MASK); 386 } 387 388 exceptions = bsec_lock(); 389 390 result = power_up_safmem(); 391 if (result) 392 return result; 393 394 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 395 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 396 397 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 398 while (!timeout_elapsed(timeout_ref)) 399 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 400 break; 401 402 if (bsec_status() & BSEC_MODE_BUSY_MASK) 403 result = TEE_ERROR_BUSY; 404 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 405 result = TEE_ERROR_BAD_PARAMETERS; 406 else 407 result = check_no_error(otp_id, false /* not-disturbed */); 408 409 power_down_safmem(); 410 411 bsec_unlock(exceptions); 412 413 return result; 414 } 415 416 #ifdef CFG_STM32_BSEC_WRITE 417 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 418 { 419 TEE_Result result = TEE_ERROR_GENERIC; 420 uint32_t masked_val = value & BSEC_DEN_ALL_MSK; 421 uint32_t exceptions = 0; 422 423 exceptions = bsec_lock(); 424 425 io_write32(bsec_base() + BSEC_DEN_OFF, value); 426 427 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U) 428 result = TEE_SUCCESS; 429 430 bsec_unlock(exceptions); 431 432 return result; 433 } 434 #endif /*CFG_STM32_BSEC_WRITE*/ 435 436 uint32_t stm32_bsec_read_debug_conf(void) 437 { 438 return io_read32(bsec_base() + BSEC_DEN_OFF); 439 } 440 441 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 442 { 443 uint32_t bank = otp_bank_offset(otp_id); 444 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 445 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 446 uint32_t exceptions = 0; 447 448 if (otp_id > STM32MP1_OTP_MAX_ID) 449 return TEE_ERROR_BAD_PARAMETERS; 450 451 exceptions = bsec_lock(); 452 453 io_write32(lock_addr, otp_mask); 454 455 bsec_unlock(exceptions); 456 457 return TEE_SUCCESS; 458 } 459 460 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 461 { 462 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 463 } 464 465 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 466 { 467 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 468 } 469 470 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 471 { 472 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 473 } 474 475 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 476 size_t lock_offset) 477 { 478 uint32_t bank = otp_bank_offset(otp_id); 479 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 480 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 481 482 if (otp_id > STM32MP1_OTP_MAX_ID) 483 return TEE_ERROR_BAD_PARAMETERS; 484 485 *locked = (io_read32(lock_addr) & otp_mask) != 0; 486 487 return TEE_SUCCESS; 488 } 489 490 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 491 { 492 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 493 } 494 495 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 496 { 497 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 498 } 499 500 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 501 { 502 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 503 } 504 505 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 506 { 507 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 508 } 509 510 TEE_Result stm32_bsec_otp_lock(uint32_t service) 511 { 512 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 513 514 switch (service) { 515 case BSEC_LOCK_UPPER_OTP: 516 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 517 break; 518 case BSEC_LOCK_DEBUG: 519 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 520 break; 521 case BSEC_LOCK_PROGRAM: 522 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 523 break; 524 default: 525 return TEE_ERROR_BAD_PARAMETERS; 526 } 527 528 return TEE_SUCCESS; 529 } 530 531 static size_t nsec_access_array_size(void) 532 { 533 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 534 535 return ROUNDUP(upper_count, BITS_PER_WORD) / BITS_PER_WORD; 536 } 537 538 static bool nsec_access_granted(unsigned int index) 539 { 540 uint32_t *array = bsec_dev.nsec_access; 541 542 return array && 543 (index / BITS_PER_WORD) < nsec_access_array_size() && 544 array[index / BITS_PER_WORD] & BIT(index % BITS_PER_WORD); 545 } 546 547 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 548 { 549 return otp_id < otp_upper_base() || 550 nsec_access_granted(otp_id - otp_upper_base()); 551 } 552 553 #ifdef CFG_EMBED_DTB 554 static void enable_nsec_access(unsigned int otp_id) 555 { 556 unsigned int idx = (otp_id - otp_upper_base()) / BITS_PER_WORD; 557 558 if (otp_id < otp_upper_base()) 559 return; 560 561 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 562 panic(); 563 564 bsec_dev.nsec_access[idx] |= BIT(otp_id % BITS_PER_WORD); 565 } 566 567 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 568 { 569 int bsec_subnode = 0; 570 571 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 572 sizeof(*bsec_dev.nsec_access)); 573 if (!bsec_dev.nsec_access) 574 panic(); 575 576 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 577 const fdt32_t *cuint = NULL; 578 unsigned int otp_id = 0; 579 unsigned int i = 0; 580 size_t size = 0; 581 uint32_t offset = 0; 582 uint32_t length = 0; 583 584 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL); 585 assert(cuint); 586 587 offset = fdt32_to_cpu(*cuint); 588 cuint++; 589 length = fdt32_to_cpu(*cuint); 590 591 otp_id = offset / sizeof(uint32_t); 592 593 if (otp_id < STM32MP1_UPPER_OTP_START) { 594 unsigned int otp_end = ROUNDUP(offset + length, 595 sizeof(uint32_t)) / 596 sizeof(uint32_t); 597 598 if (otp_end > STM32MP1_UPPER_OTP_START) { 599 /* 600 * OTP crosses Lower/Upper boundary, consider 601 * only the upper part. 602 */ 603 otp_id = STM32MP1_UPPER_OTP_START; 604 length -= (STM32MP1_UPPER_OTP_START * 605 sizeof(uint32_t)) - offset; 606 offset = STM32MP1_UPPER_OTP_START * 607 sizeof(uint32_t); 608 609 DMSG("OTP crosses Lower/Upper boundary"); 610 } else { 611 continue; 612 } 613 } 614 615 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 616 continue; 617 618 if ((offset % sizeof(uint32_t)) || (length % sizeof(uint32_t))) 619 panic("Unaligned non-secure OTP"); 620 621 size = length / sizeof(uint32_t); 622 623 if (otp_id + size > STM32MP1_OTP_MAX_ID) 624 panic("OTP range oversized"); 625 626 for (i = otp_id; i < otp_id + size; i++) 627 enable_nsec_access(i); 628 } 629 } 630 631 static void initialize_bsec_from_dt(void) 632 { 633 void *fdt = NULL; 634 int node = 0; 635 struct dt_node_info bsec_info = { }; 636 637 fdt = get_embedded_dt(); 638 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec"); 639 if (node < 0) 640 panic(); 641 642 _fdt_fill_device_info(fdt, &bsec_info, node); 643 644 if (bsec_info.reg != bsec_dev.base.pa || 645 !(bsec_info.status & DT_STATUS_OK_SEC)) 646 panic(); 647 648 bsec_dt_otp_nsec_access(fdt, node); 649 } 650 #else 651 static void initialize_bsec_from_dt(void) 652 { 653 } 654 #endif /*CFG_EMBED_DTB*/ 655 656 static TEE_Result initialize_bsec(void) 657 { 658 struct stm32_bsec_static_cfg cfg = { }; 659 660 stm32mp_get_bsec_static_cfg(&cfg); 661 662 bsec_dev.base.pa = cfg.base; 663 bsec_dev.upper_base = cfg.upper_start; 664 bsec_dev.max_id = cfg.max_id; 665 666 if (IS_ENABLED(CFG_EMBED_DTB)) 667 initialize_bsec_from_dt(); 668 669 return TEE_SUCCESS; 670 } 671 672 driver_init(initialize_bsec); 673