1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/spinlock.h> 14 #include <libfdt.h> 15 #include <limits.h> 16 #include <mm/core_memprot.h> 17 #include <platform_config.h> 18 #include <stm32_util.h> 19 #include <string.h> 20 #include <tee_api_defines.h> 21 #include <types_ext.h> 22 #include <util.h> 23 24 #define BSEC_OTP_MASK GENMASK_32(4, 0) 25 #define BSEC_OTP_BANK_SHIFT U(5) 26 27 /* Permanent lock bitmasks */ 28 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 29 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 30 31 /* BSEC register offset */ 32 #define BSEC_OTP_CONF_OFF U(0x000) 33 #define BSEC_OTP_CTRL_OFF U(0x004) 34 #define BSEC_OTP_WRDATA_OFF U(0x008) 35 #define BSEC_OTP_STATUS_OFF U(0x00C) 36 #define BSEC_OTP_LOCK_OFF U(0x010) 37 #define BSEC_DEN_OFF U(0x014) 38 #define BSEC_FEN_OFF U(0x018) 39 #define BSEC_DISTURBED_OFF U(0x01C) 40 #define BSEC_DISTURBED1_OFF U(0x020) 41 #define BSEC_DISTURBED2_OFF U(0x024) 42 #define BSEC_ERROR_OFF U(0x034) 43 #define BSEC_ERROR1_OFF U(0x038) 44 #define BSEC_ERROR2_OFF U(0x03C) 45 #define BSEC_WRLOCK_OFF U(0x04C) 46 #define BSEC_WRLOCK1_OFF U(0x050) 47 #define BSEC_WRLOCK2_OFF U(0x054) 48 #define BSEC_SPLOCK_OFF U(0x064) 49 #define BSEC_SPLOCK1_OFF U(0x068) 50 #define BSEC_SPLOCK2_OFF U(0x06C) 51 #define BSEC_SWLOCK_OFF U(0x07C) 52 #define BSEC_SWLOCK1_OFF U(0x080) 53 #define BSEC_SWLOCK2_OFF U(0x084) 54 #define BSEC_SRLOCK_OFF U(0x094) 55 #define BSEC_SRLOCK1_OFF U(0x098) 56 #define BSEC_SRLOCK2_OFF U(0x09C) 57 #define BSEC_JTAG_IN_OFF U(0x0AC) 58 #define BSEC_JTAG_OUT_OFF U(0x0B0) 59 #define BSEC_SCRATCH_OFF U(0x0B4) 60 #define BSEC_OTP_DATA_OFF U(0x200) 61 #define BSEC_IPHW_CFG_OFF U(0xFF0) 62 #define BSEC_IPVR_OFF U(0xFF4) 63 #define BSEC_IP_ID_OFF U(0xFF8) 64 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 65 66 /* BSEC_CONFIGURATION Register */ 67 #define BSEC_CONF_POWER_UP_MASK BIT(0) 68 #define BSEC_CONF_POWER_UP_SHIFT U(0) 69 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 70 #define BSEC_CONF_FRQ_SHIFT U(1) 71 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 72 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 73 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 74 #define BSEC_CONF_TREAD_SHIFT U(7) 75 76 /* BSEC_CONTROL Register */ 77 #define BSEC_READ U(0x000) 78 #define BSEC_WRITE U(0x100) 79 #define BSEC_LOCK U(0x200) 80 81 /* BSEC_STATUS Register */ 82 #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0) 83 #define BSEC_MODE_BUSY_MASK BIT(3) 84 #define BSEC_MODE_PROGFAIL_MASK BIT(4) 85 #define BSEC_MODE_PWR_MASK BIT(5) 86 #define BSEC_MODE_BIST1_LOCK_MASK BIT(6) 87 #define BSEC_MODE_BIST2_LOCK_MASK BIT(7) 88 89 /* BSEC_DEBUG */ 90 #define BSEC_HDPEN BIT(4) 91 #define BSEC_SPIDEN BIT(5) 92 #define BSEC_SPINDEN BIT(6) 93 #define BSEC_DBGSWGEN BIT(10) 94 #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0) 95 96 /* 97 * OTP Lock services definition 98 * Value must corresponding to the bit position in the register 99 */ 100 #define BSEC_LOCK_UPPER_OTP U(0x00) 101 #define BSEC_LOCK_DEBUG U(0x02) 102 #define BSEC_LOCK_PROGRAM U(0x04) 103 104 /* Timeout when polling on status */ 105 #define BSEC_TIMEOUT_US U(10000) 106 107 struct bsec_dev { 108 struct io_pa_va base; 109 unsigned int upper_base; 110 unsigned int max_id; 111 uint32_t *nsec_access; 112 }; 113 114 /* Only 1 instance of BSEC is expected per platform */ 115 static struct bsec_dev bsec_dev; 116 117 /* BSEC access protection */ 118 static unsigned int lock = SPINLOCK_UNLOCK; 119 120 static uint32_t bsec_lock(void) 121 { 122 return may_spin_lock(&lock); 123 } 124 125 static void bsec_unlock(uint32_t exceptions) 126 { 127 may_spin_unlock(&lock, exceptions); 128 } 129 130 static uint32_t otp_max_id(void) 131 { 132 return bsec_dev.max_id; 133 } 134 135 static uint32_t otp_upper_base(void) 136 { 137 return bsec_dev.upper_base; 138 } 139 140 static uint32_t otp_bank_offset(uint32_t otp_id) 141 { 142 assert(otp_id <= otp_max_id()); 143 144 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 145 sizeof(uint32_t); 146 } 147 148 static vaddr_t bsec_base(void) 149 { 150 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 151 } 152 153 static uint32_t bsec_status(void) 154 { 155 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 156 } 157 158 /* 159 * Check that BSEC interface does not report an error 160 * @otp_id : OTP number 161 * @check_disturbed: check only error (false) or all sources (true) 162 * Return a TEE_Result compliant value 163 */ 164 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 165 { 166 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 167 uint32_t bank = otp_bank_offset(otp_id); 168 169 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 170 return TEE_ERROR_GENERIC; 171 172 if (check_disturbed && 173 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 174 return TEE_ERROR_GENERIC; 175 176 return TEE_SUCCESS; 177 } 178 179 static TEE_Result power_up_safmem(void) 180 { 181 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 182 183 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 184 BSEC_CONF_POWER_UP_MASK); 185 186 /* 187 * If a timeout is detected, test the condition again to consider 188 * cases where timeout is due to the executing TEE thread rescheduling. 189 */ 190 while (!timeout_elapsed(timeout_ref)) 191 if (bsec_status() & BSEC_MODE_PWR_MASK) 192 break; 193 194 if (bsec_status() & BSEC_MODE_PWR_MASK) 195 return TEE_SUCCESS; 196 197 return TEE_ERROR_GENERIC; 198 } 199 200 static TEE_Result power_down_safmem(void) 201 { 202 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 203 204 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 205 206 /* 207 * If a timeout is detected, test the condition again to consider 208 * cases where timeout is due to the executing TEE thread rescheduling. 209 */ 210 while (!timeout_elapsed(timeout_ref)) 211 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 212 break; 213 214 if (!(bsec_status() & BSEC_MODE_PWR_MASK)) 215 return TEE_SUCCESS; 216 217 return TEE_ERROR_GENERIC; 218 } 219 220 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 221 { 222 TEE_Result result = 0; 223 uint32_t exceptions = 0; 224 uint64_t timeout_ref = 0; 225 bool locked = false; 226 227 /* Check if shadowing of OTP is locked, informative only */ 228 result = stm32_bsec_read_sr_lock(otp_id, &locked); 229 if (result) 230 return result; 231 232 if (locked) 233 DMSG("BSEC shadow warning: OTP locked"); 234 235 exceptions = bsec_lock(); 236 237 result = power_up_safmem(); 238 if (result) 239 goto out; 240 241 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 242 243 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 244 while (!timeout_elapsed(timeout_ref)) 245 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 246 break; 247 248 if (bsec_status() & BSEC_MODE_BUSY_MASK) 249 result = TEE_ERROR_BUSY; 250 else 251 result = check_no_error(otp_id, true /* check-disturbed */); 252 253 power_down_safmem(); 254 255 out: 256 bsec_unlock(exceptions); 257 258 return result; 259 } 260 261 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 262 { 263 if (otp_id > otp_max_id()) 264 return TEE_ERROR_BAD_PARAMETERS; 265 266 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 267 (otp_id * sizeof(uint32_t))); 268 269 return TEE_SUCCESS; 270 } 271 272 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 273 { 274 TEE_Result result = 0; 275 276 result = stm32_bsec_shadow_register(otp_id); 277 if (result) { 278 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 279 return result; 280 } 281 282 result = stm32_bsec_read_otp(otp_value, otp_id); 283 if (result) 284 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 285 286 return result; 287 } 288 289 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 290 { 291 TEE_Result result = 0; 292 uint32_t exceptions = 0; 293 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 294 bool locked = false; 295 296 /* Check if write of OTP is locked, informative only */ 297 result = stm32_bsec_read_sw_lock(otp_id, &locked); 298 if (result) 299 return result; 300 301 if (locked) 302 DMSG("BSEC write warning: OTP locked"); 303 304 exceptions = bsec_lock(); 305 306 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 307 308 bsec_unlock(exceptions); 309 310 return TEE_SUCCESS; 311 } 312 313 #ifdef CFG_STM32_BSEC_WRITE 314 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 315 { 316 TEE_Result result = 0; 317 uint32_t exceptions = 0; 318 uint64_t timeout_ref = 0; 319 bool locked = false; 320 321 /* Check if shadowing of OTP is locked, informative only */ 322 result = stm32_bsec_read_sp_lock(otp_id, &locked); 323 if (result) 324 return result; 325 326 if (locked) 327 DMSG("BSEC program warning: OTP locked"); 328 329 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 330 DMSG("BSEC program warning: GPLOCK activated"); 331 332 exceptions = bsec_lock(); 333 334 result = power_up_safmem(); 335 if (result) 336 goto out; 337 338 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 339 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 340 341 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 342 while (!timeout_elapsed(timeout_ref)) 343 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 344 break; 345 346 if (bsec_status() & BSEC_MODE_BUSY_MASK) 347 result = TEE_ERROR_BUSY; 348 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 349 result = TEE_ERROR_BAD_PARAMETERS; 350 else 351 result = check_no_error(otp_id, true /* check-disturbed */); 352 353 power_down_safmem(); 354 355 out: 356 bsec_unlock(exceptions); 357 358 return result; 359 } 360 #endif /*CFG_STM32_BSEC_WRITE*/ 361 362 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 363 { 364 TEE_Result result = 0; 365 uint32_t data = 0; 366 uint32_t addr = 0; 367 uint32_t exceptions = 0; 368 vaddr_t base = bsec_base(); 369 uint64_t timeout_ref = 0; 370 uint32_t upper_base = otp_upper_base(); 371 372 if (otp_id > otp_max_id()) 373 return TEE_ERROR_BAD_PARAMETERS; 374 375 /* 376 * 2 bits per words for lower OTPs: 2:1 Redundancy 377 * 1 bit per word for upper OTPs : ECC support 378 * e.g with 32 lower and 64 upper OTPs: 379 * OTP word to be ADDR[6:0] WRDATA[31:0] 380 * locked 381 * 0 0x00 0x0000 0003 382 * 1 0x00 0x0000 000C 383 * ... ... ... 384 * 7 0x00 0x0000 C000 385 * 8 0x01 0x0000 0003 386 * ... ... ... 387 * 31 0x03 0x0000 C000 388 * 32 0x04 0x0000 0001 389 * 33 0x04 0x0000 0002 390 * 95 0x07 0x0000 8000 391 */ 392 if (otp_id < upper_base) { 393 addr = otp_id / 8U; 394 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 395 } else { 396 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 397 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 398 } 399 400 exceptions = bsec_lock(); 401 402 result = power_up_safmem(); 403 if (result) 404 goto out; 405 406 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 407 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 408 409 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 410 while (!timeout_elapsed(timeout_ref)) 411 if (!(bsec_status() & BSEC_MODE_BUSY_MASK)) 412 break; 413 414 if (bsec_status() & BSEC_MODE_BUSY_MASK) 415 result = TEE_ERROR_BUSY; 416 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK) 417 result = TEE_ERROR_BAD_PARAMETERS; 418 else 419 result = check_no_error(otp_id, false /* not-disturbed */); 420 421 power_down_safmem(); 422 423 out: 424 bsec_unlock(exceptions); 425 426 return result; 427 } 428 429 #ifdef CFG_STM32_BSEC_WRITE 430 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 431 { 432 TEE_Result result = TEE_ERROR_GENERIC; 433 uint32_t masked_val = value & BSEC_DEN_ALL_MSK; 434 uint32_t exceptions = 0; 435 436 exceptions = bsec_lock(); 437 438 io_write32(bsec_base() + BSEC_DEN_OFF, value); 439 440 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U) 441 result = TEE_SUCCESS; 442 443 bsec_unlock(exceptions); 444 445 return result; 446 } 447 #endif /*CFG_STM32_BSEC_WRITE*/ 448 449 uint32_t stm32_bsec_read_debug_conf(void) 450 { 451 return io_read32(bsec_base() + BSEC_DEN_OFF); 452 } 453 454 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 455 { 456 uint32_t bank = otp_bank_offset(otp_id); 457 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 458 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 459 uint32_t exceptions = 0; 460 461 if (otp_id > STM32MP1_OTP_MAX_ID) 462 return TEE_ERROR_BAD_PARAMETERS; 463 464 exceptions = bsec_lock(); 465 466 io_write32(lock_addr, otp_mask); 467 468 bsec_unlock(exceptions); 469 470 return TEE_SUCCESS; 471 } 472 473 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 474 { 475 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 476 } 477 478 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 479 { 480 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 481 } 482 483 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 484 { 485 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 486 } 487 488 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 489 size_t lock_offset) 490 { 491 uint32_t bank = otp_bank_offset(otp_id); 492 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 493 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 494 495 if (otp_id > STM32MP1_OTP_MAX_ID) 496 return TEE_ERROR_BAD_PARAMETERS; 497 498 *locked = (io_read32(lock_addr) & otp_mask) != 0; 499 500 return TEE_SUCCESS; 501 } 502 503 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 504 { 505 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 506 } 507 508 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 509 { 510 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 511 } 512 513 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 514 { 515 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 516 } 517 518 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 519 { 520 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 521 } 522 523 TEE_Result stm32_bsec_otp_lock(uint32_t service) 524 { 525 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 526 527 switch (service) { 528 case BSEC_LOCK_UPPER_OTP: 529 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 530 break; 531 case BSEC_LOCK_DEBUG: 532 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 533 break; 534 case BSEC_LOCK_PROGRAM: 535 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 536 break; 537 default: 538 return TEE_ERROR_BAD_PARAMETERS; 539 } 540 541 return TEE_SUCCESS; 542 } 543 544 static size_t nsec_access_array_size(void) 545 { 546 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 547 548 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 549 } 550 551 static bool nsec_access_granted(unsigned int index) 552 { 553 uint32_t *array = bsec_dev.nsec_access; 554 555 return array && 556 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 557 array[index / BSEC_BITS_PER_WORD] & 558 BIT(index % BSEC_BITS_PER_WORD); 559 } 560 561 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 562 { 563 return otp_id < otp_upper_base() || 564 nsec_access_granted(otp_id - otp_upper_base()); 565 } 566 567 #ifdef CFG_EMBED_DTB 568 static void enable_nsec_access(unsigned int otp_id) 569 { 570 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 571 572 if (otp_id < otp_upper_base()) 573 return; 574 575 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 576 panic(); 577 578 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 579 } 580 581 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 582 { 583 int bsec_subnode = 0; 584 585 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 586 sizeof(*bsec_dev.nsec_access)); 587 if (!bsec_dev.nsec_access) 588 panic(); 589 590 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 591 const fdt32_t *cuint = NULL; 592 unsigned int otp_id = 0; 593 unsigned int i = 0; 594 size_t size = 0; 595 uint32_t offset = 0; 596 uint32_t length = 0; 597 598 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL); 599 assert(cuint); 600 601 offset = fdt32_to_cpu(*cuint); 602 cuint++; 603 length = fdt32_to_cpu(*cuint); 604 605 otp_id = offset / sizeof(uint32_t); 606 607 if (otp_id < STM32MP1_UPPER_OTP_START) { 608 unsigned int otp_end = ROUNDUP(offset + length, 609 sizeof(uint32_t)) / 610 sizeof(uint32_t); 611 612 if (otp_end > STM32MP1_UPPER_OTP_START) { 613 /* 614 * OTP crosses Lower/Upper boundary, consider 615 * only the upper part. 616 */ 617 otp_id = STM32MP1_UPPER_OTP_START; 618 length -= (STM32MP1_UPPER_OTP_START * 619 sizeof(uint32_t)) - offset; 620 offset = STM32MP1_UPPER_OTP_START * 621 sizeof(uint32_t); 622 623 DMSG("OTP crosses Lower/Upper boundary"); 624 } else { 625 continue; 626 } 627 } 628 629 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 630 continue; 631 632 if ((offset % sizeof(uint32_t)) || (length % sizeof(uint32_t))) 633 panic("Unaligned non-secure OTP"); 634 635 size = length / sizeof(uint32_t); 636 637 if (otp_id + size > STM32MP1_OTP_MAX_ID) 638 panic("OTP range oversized"); 639 640 for (i = otp_id; i < otp_id + size; i++) 641 enable_nsec_access(i); 642 } 643 } 644 645 static void initialize_bsec_from_dt(void) 646 { 647 void *fdt = NULL; 648 int node = 0; 649 struct dt_node_info bsec_info = { }; 650 651 fdt = get_embedded_dt(); 652 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec"); 653 if (node < 0) 654 panic(); 655 656 _fdt_fill_device_info(fdt, &bsec_info, node); 657 658 if (bsec_info.reg != bsec_dev.base.pa || 659 !(bsec_info.status & DT_STATUS_OK_SEC)) 660 panic(); 661 662 bsec_dt_otp_nsec_access(fdt, node); 663 } 664 #else 665 static void initialize_bsec_from_dt(void) 666 { 667 } 668 #endif /*CFG_EMBED_DTB*/ 669 670 static TEE_Result initialize_bsec(void) 671 { 672 struct stm32_bsec_static_cfg cfg = { }; 673 674 stm32mp_get_bsec_static_cfg(&cfg); 675 676 bsec_dev.base.pa = cfg.base; 677 bsec_dev.upper_base = cfg.upper_start; 678 bsec_dev.max_id = cfg.max_id; 679 680 if (IS_ENABLED(CFG_EMBED_DTB)) 681 initialize_bsec_from_dt(); 682 683 return TEE_SUCCESS; 684 } 685 686 early_init(initialize_bsec); 687