1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/pm.h> 14 #include <kernel/spinlock.h> 15 #include <libfdt.h> 16 #include <limits.h> 17 #include <mm/core_memprot.h> 18 #include <platform_config.h> 19 #include <stm32_util.h> 20 #include <string.h> 21 #include <tee_api_defines.h> 22 #include <types_ext.h> 23 #include <util.h> 24 25 #ifdef CFG_STM32MP13 26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec" 27 #endif 28 #ifdef CFG_STM32MP15 29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec" 30 #endif 31 32 #define BSEC_OTP_MASK GENMASK_32(4, 0) 33 #define BSEC_OTP_BANK_SHIFT U(5) 34 35 /* Permanent lock bitmasks */ 36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 38 39 /* BSEC register offset */ 40 #define BSEC_OTP_CONF_OFF U(0x000) 41 #define BSEC_OTP_CTRL_OFF U(0x004) 42 #define BSEC_OTP_WRDATA_OFF U(0x008) 43 #define BSEC_OTP_STATUS_OFF U(0x00C) 44 #define BSEC_OTP_LOCK_OFF U(0x010) 45 #define BSEC_DEN_OFF U(0x014) 46 #define BSEC_FEN_OFF U(0x018) 47 #define BSEC_DISTURBED_OFF U(0x01C) 48 #define BSEC_DISTURBED1_OFF U(0x020) 49 #define BSEC_DISTURBED2_OFF U(0x024) 50 #define BSEC_ERROR_OFF U(0x034) 51 #define BSEC_ERROR1_OFF U(0x038) 52 #define BSEC_ERROR2_OFF U(0x03C) 53 #define BSEC_WRLOCK_OFF U(0x04C) 54 #define BSEC_WRLOCK1_OFF U(0x050) 55 #define BSEC_WRLOCK2_OFF U(0x054) 56 #define BSEC_SPLOCK_OFF U(0x064) 57 #define BSEC_SPLOCK1_OFF U(0x068) 58 #define BSEC_SPLOCK2_OFF U(0x06C) 59 #define BSEC_SWLOCK_OFF U(0x07C) 60 #define BSEC_SWLOCK1_OFF U(0x080) 61 #define BSEC_SWLOCK2_OFF U(0x084) 62 #define BSEC_SRLOCK_OFF U(0x094) 63 #define BSEC_SRLOCK1_OFF U(0x098) 64 #define BSEC_SRLOCK2_OFF U(0x09C) 65 #define BSEC_JTAG_IN_OFF U(0x0AC) 66 #define BSEC_JTAG_OUT_OFF U(0x0B0) 67 #define BSEC_SCRATCH_OFF U(0x0B4) 68 #define BSEC_OTP_DATA_OFF U(0x200) 69 #define BSEC_IPHW_CFG_OFF U(0xFF0) 70 #define BSEC_IPVR_OFF U(0xFF4) 71 #define BSEC_IP_ID_OFF U(0xFF8) 72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 73 74 /* BSEC_CONFIGURATION Register */ 75 #define BSEC_CONF_POWER_UP_MASK BIT(0) 76 #define BSEC_CONF_POWER_UP_SHIFT U(0) 77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 78 #define BSEC_CONF_FRQ_SHIFT U(1) 79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 82 #define BSEC_CONF_TREAD_SHIFT U(7) 83 84 /* BSEC_CONTROL Register */ 85 #define BSEC_READ U(0x000) 86 #define BSEC_WRITE U(0x100) 87 #define BSEC_LOCK U(0x200) 88 89 /* BSEC_STATUS Register */ 90 #define BSEC_MODE_SECURED BIT(0) 91 #define BSEC_MODE_INVALID BIT(2) 92 #define BSEC_MODE_BUSY BIT(3) 93 #define BSEC_MODE_PROGFAIL BIT(4) 94 #define BSEC_MODE_PWR BIT(5) 95 #define BSEC_MODE_CLOSED BIT(8) 96 97 /* 98 * OTP Lock services definition 99 * Value must corresponding to the bit position in the register 100 */ 101 #define BSEC_LOCK_UPPER_OTP U(0x00) 102 #define BSEC_LOCK_DEBUG U(0x02) 103 #define BSEC_LOCK_PROGRAM U(0x04) 104 105 /* Timeout when polling on status */ 106 #define BSEC_TIMEOUT_US U(10000) 107 108 struct bsec_dev { 109 struct io_pa_va base; 110 unsigned int upper_base; 111 unsigned int max_id; 112 uint32_t *nsec_access; 113 }; 114 115 /* Only 1 instance of BSEC is expected per platform */ 116 static struct bsec_dev bsec_dev; 117 118 /* BSEC access protection */ 119 static unsigned int lock = SPINLOCK_UNLOCK; 120 121 static uint32_t bsec_lock(void) 122 { 123 return may_spin_lock(&lock); 124 } 125 126 static void bsec_unlock(uint32_t exceptions) 127 { 128 may_spin_unlock(&lock, exceptions); 129 } 130 131 static uint32_t otp_max_id(void) 132 { 133 return bsec_dev.max_id; 134 } 135 136 static uint32_t otp_upper_base(void) 137 { 138 return bsec_dev.upper_base; 139 } 140 141 static uint32_t otp_bank_offset(uint32_t otp_id) 142 { 143 assert(otp_id <= otp_max_id()); 144 145 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 146 sizeof(uint32_t); 147 } 148 149 static vaddr_t bsec_base(void) 150 { 151 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 152 } 153 154 static uint32_t bsec_status(void) 155 { 156 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 157 } 158 159 static bool state_is_invalid_mode(void) 160 { 161 return bsec_status() & BSEC_MODE_INVALID; 162 } 163 164 static bool state_is_secured_mode(void) 165 { 166 return bsec_status() & BSEC_MODE_SECURED; 167 } 168 169 static bool state_is_closed_mode(void) 170 { 171 uint32_t otp_cfg = 0; 172 uint32_t close_mode = 0; 173 TEE_Result res = TEE_ERROR_GENERIC; 174 175 if (IS_ENABLED(CFG_STM32MP13)) 176 return bsec_status() & BSEC_MODE_CLOSED; 177 178 res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg, NULL); 179 if (res) 180 panic("CFG0 OTP not found"); 181 182 if (stm32_bsec_read_otp(&close_mode, otp_cfg)) 183 panic("Unable to read OTP"); 184 185 return close_mode & CFG0_OTP_CLOSED_DEVICE; 186 } 187 188 /* 189 * Check that BSEC interface does not report an error 190 * @otp_id : OTP number 191 * @check_disturbed: check only error (false) or all sources (true) 192 * Return a TEE_Result compliant value 193 */ 194 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 195 { 196 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 197 uint32_t bank = otp_bank_offset(otp_id); 198 199 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 200 return TEE_ERROR_GENERIC; 201 202 if (check_disturbed && 203 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 204 return TEE_ERROR_GENERIC; 205 206 return TEE_SUCCESS; 207 } 208 209 static TEE_Result power_up_safmem(void) 210 { 211 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 212 213 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 214 BSEC_CONF_POWER_UP_MASK); 215 216 /* 217 * If a timeout is detected, test the condition again to consider 218 * cases where timeout is due to the executing TEE thread rescheduling. 219 */ 220 while (!timeout_elapsed(timeout_ref)) 221 if (bsec_status() & BSEC_MODE_PWR) 222 break; 223 224 if (bsec_status() & BSEC_MODE_PWR) 225 return TEE_SUCCESS; 226 227 return TEE_ERROR_GENERIC; 228 } 229 230 static TEE_Result power_down_safmem(void) 231 { 232 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 233 234 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 235 236 /* 237 * If a timeout is detected, test the condition again to consider 238 * cases where timeout is due to the executing TEE thread rescheduling. 239 */ 240 while (!timeout_elapsed(timeout_ref)) 241 if (!(bsec_status() & BSEC_MODE_PWR)) 242 break; 243 244 if (!(bsec_status() & BSEC_MODE_PWR)) 245 return TEE_SUCCESS; 246 247 return TEE_ERROR_GENERIC; 248 } 249 250 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 251 { 252 TEE_Result result = 0; 253 uint32_t exceptions = 0; 254 uint64_t timeout_ref = 0; 255 bool locked = false; 256 257 /* Check if shadowing of OTP is locked, informative only */ 258 result = stm32_bsec_read_sr_lock(otp_id, &locked); 259 if (result) 260 return result; 261 262 if (locked) 263 DMSG("BSEC shadow warning: OTP locked"); 264 265 if (state_is_invalid_mode()) 266 return TEE_ERROR_SECURITY; 267 268 exceptions = bsec_lock(); 269 270 result = power_up_safmem(); 271 if (result) 272 goto out; 273 274 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 275 276 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 277 while (!timeout_elapsed(timeout_ref)) 278 if (!(bsec_status() & BSEC_MODE_BUSY)) 279 break; 280 281 if (bsec_status() & BSEC_MODE_BUSY) 282 result = TEE_ERROR_BUSY; 283 else 284 result = check_no_error(otp_id, true /* check-disturbed */); 285 286 power_down_safmem(); 287 288 out: 289 bsec_unlock(exceptions); 290 291 return result; 292 } 293 294 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 295 { 296 if (otp_id > otp_max_id()) 297 return TEE_ERROR_BAD_PARAMETERS; 298 299 if (state_is_invalid_mode()) 300 return TEE_ERROR_SECURITY; 301 302 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 303 (otp_id * sizeof(uint32_t))); 304 305 return TEE_SUCCESS; 306 } 307 308 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 309 { 310 TEE_Result result = 0; 311 312 result = stm32_bsec_shadow_register(otp_id); 313 if (result) { 314 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 315 return result; 316 } 317 318 result = stm32_bsec_read_otp(otp_value, otp_id); 319 if (result) 320 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 321 322 return result; 323 } 324 325 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 326 { 327 TEE_Result result = 0; 328 uint32_t exceptions = 0; 329 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 330 bool locked = false; 331 332 /* Check if write of OTP is locked, informative only */ 333 result = stm32_bsec_read_sw_lock(otp_id, &locked); 334 if (result) 335 return result; 336 337 if (locked) 338 DMSG("BSEC write warning: OTP locked"); 339 340 if (state_is_invalid_mode()) 341 return TEE_ERROR_SECURITY; 342 343 exceptions = bsec_lock(); 344 345 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 346 347 bsec_unlock(exceptions); 348 349 return TEE_SUCCESS; 350 } 351 352 #ifdef CFG_STM32_BSEC_WRITE 353 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 354 { 355 TEE_Result result = 0; 356 uint32_t exceptions = 0; 357 uint64_t timeout_ref = 0; 358 bool locked = false; 359 360 /* Check if shadowing of OTP is locked, informative only */ 361 result = stm32_bsec_read_sp_lock(otp_id, &locked); 362 if (result) 363 return result; 364 365 if (locked) 366 DMSG("BSEC program warning: OTP locked"); 367 368 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 369 DMSG("BSEC program warning: GPLOCK activated"); 370 371 if (state_is_invalid_mode()) 372 return TEE_ERROR_SECURITY; 373 374 exceptions = bsec_lock(); 375 376 result = power_up_safmem(); 377 if (result) 378 goto out; 379 380 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 381 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 382 383 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 384 while (!timeout_elapsed(timeout_ref)) 385 if (!(bsec_status() & BSEC_MODE_BUSY)) 386 break; 387 388 if (bsec_status() & BSEC_MODE_BUSY) 389 result = TEE_ERROR_BUSY; 390 else if (bsec_status() & BSEC_MODE_PROGFAIL) 391 result = TEE_ERROR_BAD_PARAMETERS; 392 else 393 result = check_no_error(otp_id, true /* check-disturbed */); 394 395 power_down_safmem(); 396 397 out: 398 bsec_unlock(exceptions); 399 400 return result; 401 } 402 #endif /*CFG_STM32_BSEC_WRITE*/ 403 404 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 405 { 406 TEE_Result result = 0; 407 uint32_t data = 0; 408 uint32_t addr = 0; 409 uint32_t exceptions = 0; 410 vaddr_t base = bsec_base(); 411 uint64_t timeout_ref = 0; 412 uint32_t upper_base = otp_upper_base(); 413 414 if (otp_id > otp_max_id()) 415 return TEE_ERROR_BAD_PARAMETERS; 416 417 /* 418 * 2 bits per words for lower OTPs: 2:1 Redundancy 419 * 1 bit per word for upper OTPs : ECC support 420 * e.g with 32 lower and 64 upper OTPs: 421 * OTP word to be ADDR[6:0] WRDATA[31:0] 422 * locked 423 * 0 0x00 0x0000 0003 424 * 1 0x00 0x0000 000C 425 * ... ... ... 426 * 7 0x00 0x0000 C000 427 * 8 0x01 0x0000 0003 428 * ... ... ... 429 * 31 0x03 0x0000 C000 430 * 32 0x04 0x0000 0001 431 * 33 0x04 0x0000 0002 432 * 95 0x07 0x0000 8000 433 */ 434 if (otp_id < upper_base) { 435 addr = otp_id / 8U; 436 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 437 } else { 438 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 439 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 440 } 441 442 if (state_is_invalid_mode()) 443 return TEE_ERROR_SECURITY; 444 445 exceptions = bsec_lock(); 446 447 result = power_up_safmem(); 448 if (result) 449 goto out; 450 451 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 452 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 453 454 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 455 while (!timeout_elapsed(timeout_ref)) 456 if (!(bsec_status() & BSEC_MODE_BUSY)) 457 break; 458 459 if (bsec_status() & BSEC_MODE_BUSY) 460 result = TEE_ERROR_BUSY; 461 else if (bsec_status() & BSEC_MODE_PROGFAIL) 462 result = TEE_ERROR_BAD_PARAMETERS; 463 else 464 result = check_no_error(otp_id, false /* not-disturbed */); 465 466 #ifdef CFG_STM32MP13 467 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK); 468 #endif 469 470 power_down_safmem(); 471 472 out: 473 bsec_unlock(exceptions); 474 475 return result; 476 } 477 478 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 479 { 480 TEE_Result result = TEE_ERROR_GENERIC; 481 uint32_t exceptions = 0; 482 483 if (state_is_invalid_mode()) 484 return TEE_ERROR_SECURITY; 485 486 exceptions = bsec_lock(); 487 488 io_write32(bsec_base() + BSEC_DEN_OFF, value); 489 490 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ value) == 0U) 491 result = TEE_SUCCESS; 492 493 bsec_unlock(exceptions); 494 495 return result; 496 } 497 498 uint32_t stm32_bsec_read_debug_conf(void) 499 { 500 return io_read32(bsec_base() + BSEC_DEN_OFF); 501 } 502 503 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 504 { 505 uint32_t bank = otp_bank_offset(otp_id); 506 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 507 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 508 uint32_t exceptions = 0; 509 510 if (otp_id > STM32MP1_OTP_MAX_ID) 511 return TEE_ERROR_BAD_PARAMETERS; 512 513 if (state_is_invalid_mode()) 514 return TEE_ERROR_SECURITY; 515 516 exceptions = bsec_lock(); 517 518 io_write32(lock_addr, otp_mask); 519 520 bsec_unlock(exceptions); 521 522 return TEE_SUCCESS; 523 } 524 525 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 526 { 527 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 528 } 529 530 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 531 { 532 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 533 } 534 535 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 536 { 537 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 538 } 539 540 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 541 size_t lock_offset) 542 { 543 uint32_t bank = otp_bank_offset(otp_id); 544 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 545 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 546 547 if (otp_id > STM32MP1_OTP_MAX_ID) 548 return TEE_ERROR_BAD_PARAMETERS; 549 550 if (state_is_invalid_mode()) 551 return TEE_ERROR_SECURITY; 552 553 *locked = (io_read32(lock_addr) & otp_mask) != 0; 554 555 return TEE_SUCCESS; 556 } 557 558 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 559 { 560 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 561 } 562 563 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 564 { 565 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 566 } 567 568 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 569 { 570 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 571 } 572 573 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 574 { 575 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 576 } 577 578 static size_t nsec_access_array_size(void) 579 { 580 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 581 582 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 583 } 584 585 static bool nsec_access_granted(unsigned int index) 586 { 587 uint32_t *array = bsec_dev.nsec_access; 588 589 return array && 590 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 591 array[index / BSEC_BITS_PER_WORD] & 592 BIT(index % BSEC_BITS_PER_WORD); 593 } 594 595 bool stm32_bsec_can_access_otp(uint32_t otp_id) 596 { 597 return (otp_id <= otp_max_id()) && !state_is_invalid_mode(); 598 } 599 600 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 601 { 602 return otp_id < otp_upper_base() || 603 nsec_access_granted(otp_id - otp_upper_base()); 604 } 605 606 struct nvmem_layout { 607 char *name; 608 uint32_t otp_id; 609 size_t bit_len; 610 }; 611 612 static struct nvmem_layout *nvmem_layout; 613 static size_t nvmem_layout_count; 614 615 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 616 uint32_t *otp_id, 617 size_t *otp_bit_len) 618 { 619 size_t i = 0; 620 621 if (!name) 622 return TEE_ERROR_BAD_PARAMETERS; 623 624 for (i = 0; i < nvmem_layout_count; i++) { 625 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name)) 626 continue; 627 628 if (otp_id) 629 *otp_id = nvmem_layout[i].otp_id; 630 631 if (otp_bit_len) 632 *otp_bit_len = nvmem_layout[i].bit_len; 633 634 DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i, 635 nvmem_layout[i].otp_id, nvmem_layout[i].bit_len); 636 637 return TEE_SUCCESS; 638 } 639 640 DMSG("nvmem %s failed", name); 641 642 return TEE_ERROR_ITEM_NOT_FOUND; 643 }; 644 645 TEE_Result stm32_bsec_get_state(uint32_t *state) 646 { 647 if (!state) 648 return TEE_ERROR_BAD_PARAMETERS; 649 650 if (state_is_invalid_mode() || !state_is_secured_mode()) { 651 *state = BSEC_STATE_INVALID; 652 } else { 653 if (state_is_closed_mode()) 654 *state = BSEC_STATE_SEC_CLOSED; 655 else 656 *state = BSEC_STATE_SEC_OPEN; 657 } 658 659 return TEE_SUCCESS; 660 } 661 662 #ifdef CFG_EMBED_DTB 663 static void enable_nsec_access(unsigned int otp_id) 664 { 665 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 666 667 if (otp_id < otp_upper_base()) 668 return; 669 670 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 671 panic(); 672 673 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 674 } 675 676 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 677 { 678 int bsec_subnode = 0; 679 680 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 681 sizeof(*bsec_dev.nsec_access)); 682 if (!bsec_dev.nsec_access) 683 panic(); 684 685 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 686 unsigned int reg_offset = 0; 687 unsigned int reg_size = 0; 688 unsigned int otp_id = 0; 689 unsigned int i = 0; 690 size_t size = 0; 691 692 reg_offset = _fdt_reg_base_address(fdt, bsec_subnode); 693 reg_size = _fdt_reg_size(fdt, bsec_subnode); 694 695 assert(reg_offset != DT_INFO_INVALID_REG && 696 reg_size != DT_INFO_INVALID_REG_SIZE); 697 698 otp_id = reg_offset / sizeof(uint32_t); 699 700 if (otp_id < STM32MP1_UPPER_OTP_START) { 701 unsigned int otp_end = 702 ROUNDUP_DIV(reg_offset + reg_size, 703 sizeof(uint32_t)); 704 705 if (otp_end > STM32MP1_UPPER_OTP_START) { 706 /* 707 * OTP crosses Lower/Upper boundary, consider 708 * only the upper part. 709 */ 710 otp_id = STM32MP1_UPPER_OTP_START; 711 reg_size -= (STM32MP1_UPPER_OTP_START * 712 sizeof(uint32_t)) - reg_offset; 713 reg_offset = STM32MP1_UPPER_OTP_START * 714 sizeof(uint32_t); 715 716 DMSG("OTP crosses Lower/Upper boundary"); 717 } else { 718 continue; 719 } 720 } 721 722 /* Handle different kinds of non-secure accesses */ 723 if (fdt_getprop(fdt, bsec_subnode, 724 "st,non-secure-otp-provisioning", NULL)) { 725 bool locked = false; 726 bool locked_2 = false; 727 728 /* Check if write of OTP is locked */ 729 if (stm32_bsec_read_permanent_lock(otp_id, &locked)) 730 panic("Cannot read permanent lock"); 731 732 /* 733 * Check if fuses of the subnode 734 * have the same lock status 735 */ 736 for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) { 737 if (stm32_bsec_read_permanent_lock(otp_id + i, 738 &locked_2)) 739 panic("Cannot read permanent lock"); 740 741 if (locked != locked_2) { 742 EMSG("Inconsistent status OTP ID %u", 743 otp_id + i); 744 locked = true; 745 } 746 } 747 748 if (locked) { 749 DMSG("BSEC: OTP locked"); 750 continue; 751 } 752 } else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", 753 NULL)) { 754 continue; 755 } 756 757 if ((reg_offset % sizeof(uint32_t)) || 758 (reg_size % sizeof(uint32_t))) 759 panic("Unaligned non-secure OTP"); 760 761 size = reg_size / sizeof(uint32_t); 762 763 if (otp_id + size > OTP_MAX_SIZE) 764 panic("OTP range oversized"); 765 766 for (i = otp_id; i < otp_id + size; i++) 767 enable_nsec_access(i); 768 } 769 } 770 771 static void save_dt_nvmem_layout(void *fdt, int bsec_node) 772 { 773 int cell_max = 0; 774 int cell_cnt = 0; 775 int node = 0; 776 777 fdt_for_each_subnode(node, fdt, bsec_node) 778 cell_max++; 779 if (!cell_max) 780 return; 781 782 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout)); 783 if (!nvmem_layout) 784 panic(); 785 786 fdt_for_each_subnode(node, fdt, bsec_node) { 787 unsigned int reg_offset = 0; 788 unsigned int reg_length = 0; 789 const char *string = NULL; 790 const char *s = NULL; 791 int len = 0; 792 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt]; 793 794 string = fdt_get_name(fdt, node, &len); 795 if (!string || !len) 796 continue; 797 798 reg_offset = _fdt_reg_base_address(fdt, node); 799 reg_length = _fdt_reg_size(fdt, node); 800 801 if (reg_offset == DT_INFO_INVALID_REG || 802 reg_length == DT_INFO_INVALID_REG_SIZE) { 803 DMSG("Malformed nvmem %s: ignored", string); 804 continue; 805 } 806 807 if (reg_offset % sizeof(uint32_t)) { 808 DMSG("Misaligned nvmem %s: ignored", string); 809 continue; 810 } 811 layout_cell->otp_id = reg_offset / sizeof(uint32_t); 812 layout_cell->bit_len = reg_length * CHAR_BIT; 813 814 s = strchr(string, '@'); 815 if (s) 816 len = s - string; 817 818 layout_cell->name = strndup(string, len); 819 if (!layout_cell->name) 820 panic(); 821 cell_cnt++; 822 DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt, 823 layout_cell->name, layout_cell->otp_id, 824 layout_cell->bit_len); 825 } 826 827 if (cell_cnt != cell_max) { 828 nvmem_layout = realloc(nvmem_layout, 829 cell_cnt * sizeof(*nvmem_layout)); 830 if (!nvmem_layout) 831 panic(); 832 } 833 834 nvmem_layout_count = cell_cnt; 835 } 836 837 static void initialize_bsec_from_dt(void) 838 { 839 void *fdt = NULL; 840 int node = 0; 841 struct dt_node_info bsec_info = { }; 842 843 fdt = get_embedded_dt(); 844 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT); 845 if (node < 0) 846 panic(); 847 848 _fdt_fill_device_info(fdt, &bsec_info, node); 849 850 if (bsec_info.reg != bsec_dev.base.pa || 851 !(bsec_info.status & DT_STATUS_OK_SEC)) 852 panic(); 853 854 bsec_dt_otp_nsec_access(fdt, node); 855 856 save_dt_nvmem_layout(fdt, node); 857 } 858 #else 859 static void initialize_bsec_from_dt(void) 860 { 861 } 862 #endif /*CFG_EMBED_DTB*/ 863 864 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused, 865 const struct pm_callback_handle *hdl __unused) 866 { 867 static uint32_t debug_conf; 868 869 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME); 870 871 if (op == PM_OP_SUSPEND) 872 debug_conf = stm32_bsec_read_debug_conf(); 873 else 874 stm32_bsec_write_debug_conf(debug_conf); 875 876 return TEE_SUCCESS; 877 } 878 DECLARE_KEEP_PAGER(bsec_pm); 879 880 static TEE_Result initialize_bsec(void) 881 { 882 struct stm32_bsec_static_cfg cfg = { }; 883 884 stm32mp_get_bsec_static_cfg(&cfg); 885 886 bsec_dev.base.pa = cfg.base; 887 bsec_dev.upper_base = cfg.upper_start; 888 bsec_dev.max_id = cfg.max_id; 889 890 if (state_is_invalid_mode()) 891 panic(); 892 893 if (IS_ENABLED(CFG_EMBED_DTB)) 894 initialize_bsec_from_dt(); 895 896 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec"); 897 898 return TEE_SUCCESS; 899 } 900 901 early_init(initialize_bsec); 902