1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/pm.h> 14 #include <kernel/spinlock.h> 15 #include <libfdt.h> 16 #include <limits.h> 17 #include <mm/core_memprot.h> 18 #include <platform_config.h> 19 #include <stm32_util.h> 20 #include <string.h> 21 #include <tee_api_defines.h> 22 #include <types_ext.h> 23 #include <util.h> 24 25 #define BSEC_OTP_MASK GENMASK_32(4, 0) 26 #define BSEC_OTP_BANK_SHIFT U(5) 27 28 /* Permanent lock bitmasks */ 29 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 30 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 31 32 /* BSEC register offset */ 33 #define BSEC_OTP_CONF_OFF U(0x000) 34 #define BSEC_OTP_CTRL_OFF U(0x004) 35 #define BSEC_OTP_WRDATA_OFF U(0x008) 36 #define BSEC_OTP_STATUS_OFF U(0x00C) 37 #define BSEC_OTP_LOCK_OFF U(0x010) 38 #define BSEC_DEN_OFF U(0x014) 39 #define BSEC_FEN_OFF U(0x018) 40 #define BSEC_DISTURBED_OFF U(0x01C) 41 #define BSEC_DISTURBED1_OFF U(0x020) 42 #define BSEC_DISTURBED2_OFF U(0x024) 43 #define BSEC_ERROR_OFF U(0x034) 44 #define BSEC_ERROR1_OFF U(0x038) 45 #define BSEC_ERROR2_OFF U(0x03C) 46 #define BSEC_WRLOCK_OFF U(0x04C) 47 #define BSEC_WRLOCK1_OFF U(0x050) 48 #define BSEC_WRLOCK2_OFF U(0x054) 49 #define BSEC_SPLOCK_OFF U(0x064) 50 #define BSEC_SPLOCK1_OFF U(0x068) 51 #define BSEC_SPLOCK2_OFF U(0x06C) 52 #define BSEC_SWLOCK_OFF U(0x07C) 53 #define BSEC_SWLOCK1_OFF U(0x080) 54 #define BSEC_SWLOCK2_OFF U(0x084) 55 #define BSEC_SRLOCK_OFF U(0x094) 56 #define BSEC_SRLOCK1_OFF U(0x098) 57 #define BSEC_SRLOCK2_OFF U(0x09C) 58 #define BSEC_JTAG_IN_OFF U(0x0AC) 59 #define BSEC_JTAG_OUT_OFF U(0x0B0) 60 #define BSEC_SCRATCH_OFF U(0x0B4) 61 #define BSEC_OTP_DATA_OFF U(0x200) 62 #define BSEC_IPHW_CFG_OFF U(0xFF0) 63 #define BSEC_IPVR_OFF U(0xFF4) 64 #define BSEC_IP_ID_OFF U(0xFF8) 65 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 66 67 /* BSEC_CONFIGURATION Register */ 68 #define BSEC_CONF_POWER_UP_MASK BIT(0) 69 #define BSEC_CONF_POWER_UP_SHIFT U(0) 70 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 71 #define BSEC_CONF_FRQ_SHIFT U(1) 72 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 73 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 74 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 75 #define BSEC_CONF_TREAD_SHIFT U(7) 76 77 /* BSEC_CONTROL Register */ 78 #define BSEC_READ U(0x000) 79 #define BSEC_WRITE U(0x100) 80 #define BSEC_LOCK U(0x200) 81 82 /* BSEC_STATUS Register */ 83 #define BSEC_MODE_SECURED BIT(0) 84 #define BSEC_MODE_INVALID BIT(2) 85 #define BSEC_MODE_BUSY BIT(3) 86 #define BSEC_MODE_PROGFAIL BIT(4) 87 #define BSEC_MODE_PWR BIT(5) 88 89 /* 90 * OTP Lock services definition 91 * Value must corresponding to the bit position in the register 92 */ 93 #define BSEC_LOCK_UPPER_OTP U(0x00) 94 #define BSEC_LOCK_DEBUG U(0x02) 95 #define BSEC_LOCK_PROGRAM U(0x04) 96 97 /* Timeout when polling on status */ 98 #define BSEC_TIMEOUT_US U(10000) 99 100 struct bsec_dev { 101 struct io_pa_va base; 102 unsigned int upper_base; 103 unsigned int max_id; 104 uint32_t *nsec_access; 105 }; 106 107 /* Only 1 instance of BSEC is expected per platform */ 108 static struct bsec_dev bsec_dev; 109 110 /* BSEC access protection */ 111 static unsigned int lock = SPINLOCK_UNLOCK; 112 113 static uint32_t bsec_lock(void) 114 { 115 return may_spin_lock(&lock); 116 } 117 118 static void bsec_unlock(uint32_t exceptions) 119 { 120 may_spin_unlock(&lock, exceptions); 121 } 122 123 static uint32_t otp_max_id(void) 124 { 125 return bsec_dev.max_id; 126 } 127 128 static uint32_t otp_upper_base(void) 129 { 130 return bsec_dev.upper_base; 131 } 132 133 static uint32_t otp_bank_offset(uint32_t otp_id) 134 { 135 assert(otp_id <= otp_max_id()); 136 137 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 138 sizeof(uint32_t); 139 } 140 141 static vaddr_t bsec_base(void) 142 { 143 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 144 } 145 146 static uint32_t bsec_status(void) 147 { 148 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 149 } 150 151 static bool state_is_invalid_mode(void) 152 { 153 return bsec_status() & BSEC_MODE_INVALID; 154 } 155 156 static bool state_is_secured_mode(void) 157 { 158 return bsec_status() & BSEC_MODE_SECURED; 159 } 160 161 static bool state_is_closed_mode(void) 162 { 163 uint32_t close_mode = 0; 164 165 if (stm32_bsec_read_otp(&close_mode, CFG0_OTP)) 166 panic("Unable to read OTP"); 167 168 return close_mode & CFG0_OTP_CLOSED_DEVICE; 169 } 170 171 /* 172 * Check that BSEC interface does not report an error 173 * @otp_id : OTP number 174 * @check_disturbed: check only error (false) or all sources (true) 175 * Return a TEE_Result compliant value 176 */ 177 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 178 { 179 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 180 uint32_t bank = otp_bank_offset(otp_id); 181 182 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 183 return TEE_ERROR_GENERIC; 184 185 if (check_disturbed && 186 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 187 return TEE_ERROR_GENERIC; 188 189 return TEE_SUCCESS; 190 } 191 192 static TEE_Result power_up_safmem(void) 193 { 194 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 195 196 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 197 BSEC_CONF_POWER_UP_MASK); 198 199 /* 200 * If a timeout is detected, test the condition again to consider 201 * cases where timeout is due to the executing TEE thread rescheduling. 202 */ 203 while (!timeout_elapsed(timeout_ref)) 204 if (bsec_status() & BSEC_MODE_PWR) 205 break; 206 207 if (bsec_status() & BSEC_MODE_PWR) 208 return TEE_SUCCESS; 209 210 return TEE_ERROR_GENERIC; 211 } 212 213 static TEE_Result power_down_safmem(void) 214 { 215 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 216 217 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 218 219 /* 220 * If a timeout is detected, test the condition again to consider 221 * cases where timeout is due to the executing TEE thread rescheduling. 222 */ 223 while (!timeout_elapsed(timeout_ref)) 224 if (!(bsec_status() & BSEC_MODE_PWR)) 225 break; 226 227 if (!(bsec_status() & BSEC_MODE_PWR)) 228 return TEE_SUCCESS; 229 230 return TEE_ERROR_GENERIC; 231 } 232 233 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 234 { 235 TEE_Result result = 0; 236 uint32_t exceptions = 0; 237 uint64_t timeout_ref = 0; 238 bool locked = false; 239 240 /* Check if shadowing of OTP is locked, informative only */ 241 result = stm32_bsec_read_sr_lock(otp_id, &locked); 242 if (result) 243 return result; 244 245 if (locked) 246 DMSG("BSEC shadow warning: OTP locked"); 247 248 if (state_is_invalid_mode()) 249 return TEE_ERROR_SECURITY; 250 251 exceptions = bsec_lock(); 252 253 result = power_up_safmem(); 254 if (result) 255 goto out; 256 257 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 258 259 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 260 while (!timeout_elapsed(timeout_ref)) 261 if (!(bsec_status() & BSEC_MODE_BUSY)) 262 break; 263 264 if (bsec_status() & BSEC_MODE_BUSY) 265 result = TEE_ERROR_BUSY; 266 else 267 result = check_no_error(otp_id, true /* check-disturbed */); 268 269 power_down_safmem(); 270 271 out: 272 bsec_unlock(exceptions); 273 274 return result; 275 } 276 277 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 278 { 279 if (otp_id > otp_max_id()) 280 return TEE_ERROR_BAD_PARAMETERS; 281 282 if (state_is_invalid_mode()) 283 return TEE_ERROR_SECURITY; 284 285 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 286 (otp_id * sizeof(uint32_t))); 287 288 return TEE_SUCCESS; 289 } 290 291 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 292 { 293 TEE_Result result = 0; 294 295 result = stm32_bsec_shadow_register(otp_id); 296 if (result) { 297 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 298 return result; 299 } 300 301 result = stm32_bsec_read_otp(otp_value, otp_id); 302 if (result) 303 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 304 305 return result; 306 } 307 308 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 309 { 310 TEE_Result result = 0; 311 uint32_t exceptions = 0; 312 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 313 bool locked = false; 314 315 /* Check if write of OTP is locked, informative only */ 316 result = stm32_bsec_read_sw_lock(otp_id, &locked); 317 if (result) 318 return result; 319 320 if (locked) 321 DMSG("BSEC write warning: OTP locked"); 322 323 if (state_is_invalid_mode()) 324 return TEE_ERROR_SECURITY; 325 326 exceptions = bsec_lock(); 327 328 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 329 330 bsec_unlock(exceptions); 331 332 return TEE_SUCCESS; 333 } 334 335 #ifdef CFG_STM32_BSEC_WRITE 336 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 337 { 338 TEE_Result result = 0; 339 uint32_t exceptions = 0; 340 uint64_t timeout_ref = 0; 341 bool locked = false; 342 343 /* Check if shadowing of OTP is locked, informative only */ 344 result = stm32_bsec_read_sp_lock(otp_id, &locked); 345 if (result) 346 return result; 347 348 if (locked) 349 DMSG("BSEC program warning: OTP locked"); 350 351 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 352 DMSG("BSEC program warning: GPLOCK activated"); 353 354 if (state_is_invalid_mode()) 355 return TEE_ERROR_SECURITY; 356 357 exceptions = bsec_lock(); 358 359 result = power_up_safmem(); 360 if (result) 361 goto out; 362 363 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 364 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 365 366 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 367 while (!timeout_elapsed(timeout_ref)) 368 if (!(bsec_status() & BSEC_MODE_BUSY)) 369 break; 370 371 if (bsec_status() & BSEC_MODE_BUSY) 372 result = TEE_ERROR_BUSY; 373 else if (bsec_status() & BSEC_MODE_PROGFAIL) 374 result = TEE_ERROR_BAD_PARAMETERS; 375 else 376 result = check_no_error(otp_id, true /* check-disturbed */); 377 378 power_down_safmem(); 379 380 out: 381 bsec_unlock(exceptions); 382 383 return result; 384 } 385 #endif /*CFG_STM32_BSEC_WRITE*/ 386 387 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 388 { 389 TEE_Result result = 0; 390 uint32_t data = 0; 391 uint32_t addr = 0; 392 uint32_t exceptions = 0; 393 vaddr_t base = bsec_base(); 394 uint64_t timeout_ref = 0; 395 uint32_t upper_base = otp_upper_base(); 396 397 if (otp_id > otp_max_id()) 398 return TEE_ERROR_BAD_PARAMETERS; 399 400 /* 401 * 2 bits per words for lower OTPs: 2:1 Redundancy 402 * 1 bit per word for upper OTPs : ECC support 403 * e.g with 32 lower and 64 upper OTPs: 404 * OTP word to be ADDR[6:0] WRDATA[31:0] 405 * locked 406 * 0 0x00 0x0000 0003 407 * 1 0x00 0x0000 000C 408 * ... ... ... 409 * 7 0x00 0x0000 C000 410 * 8 0x01 0x0000 0003 411 * ... ... ... 412 * 31 0x03 0x0000 C000 413 * 32 0x04 0x0000 0001 414 * 33 0x04 0x0000 0002 415 * 95 0x07 0x0000 8000 416 */ 417 if (otp_id < upper_base) { 418 addr = otp_id / 8U; 419 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 420 } else { 421 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 422 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 423 } 424 425 if (state_is_invalid_mode()) 426 return TEE_ERROR_SECURITY; 427 428 exceptions = bsec_lock(); 429 430 result = power_up_safmem(); 431 if (result) 432 goto out; 433 434 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 435 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 436 437 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 438 while (!timeout_elapsed(timeout_ref)) 439 if (!(bsec_status() & BSEC_MODE_BUSY)) 440 break; 441 442 if (bsec_status() & BSEC_MODE_BUSY) 443 result = TEE_ERROR_BUSY; 444 else if (bsec_status() & BSEC_MODE_PROGFAIL) 445 result = TEE_ERROR_BAD_PARAMETERS; 446 else 447 result = check_no_error(otp_id, false /* not-disturbed */); 448 449 power_down_safmem(); 450 451 out: 452 bsec_unlock(exceptions); 453 454 return result; 455 } 456 457 #ifdef CFG_STM32_BSEC_WRITE 458 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 459 { 460 TEE_Result result = TEE_ERROR_GENERIC; 461 uint32_t exceptions = 0; 462 463 if (state_is_invalid_mode()) 464 return TEE_ERROR_SECURITY; 465 466 exceptions = bsec_lock(); 467 468 io_write32(bsec_base() + BSEC_DEN_OFF, value); 469 470 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ value) == 0U) 471 result = TEE_SUCCESS; 472 473 bsec_unlock(exceptions); 474 475 return result; 476 } 477 #endif /*CFG_STM32_BSEC_WRITE*/ 478 479 uint32_t stm32_bsec_read_debug_conf(void) 480 { 481 return io_read32(bsec_base() + BSEC_DEN_OFF); 482 } 483 484 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 485 { 486 uint32_t bank = otp_bank_offset(otp_id); 487 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 488 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 489 uint32_t exceptions = 0; 490 491 if (otp_id > STM32MP1_OTP_MAX_ID) 492 return TEE_ERROR_BAD_PARAMETERS; 493 494 if (state_is_invalid_mode()) 495 return TEE_ERROR_SECURITY; 496 497 exceptions = bsec_lock(); 498 499 io_write32(lock_addr, otp_mask); 500 501 bsec_unlock(exceptions); 502 503 return TEE_SUCCESS; 504 } 505 506 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 507 { 508 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 509 } 510 511 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 512 { 513 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 514 } 515 516 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 517 { 518 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 519 } 520 521 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 522 size_t lock_offset) 523 { 524 uint32_t bank = otp_bank_offset(otp_id); 525 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 526 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 527 528 if (otp_id > STM32MP1_OTP_MAX_ID) 529 return TEE_ERROR_BAD_PARAMETERS; 530 531 if (state_is_invalid_mode()) 532 return TEE_ERROR_SECURITY; 533 534 *locked = (io_read32(lock_addr) & otp_mask) != 0; 535 536 return TEE_SUCCESS; 537 } 538 539 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 540 { 541 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 542 } 543 544 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 545 { 546 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 547 } 548 549 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 550 { 551 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 552 } 553 554 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 555 { 556 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 557 } 558 559 TEE_Result stm32_bsec_otp_lock(uint32_t service) 560 { 561 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 562 563 if (state_is_invalid_mode()) 564 return TEE_ERROR_SECURITY; 565 566 switch (service) { 567 case BSEC_LOCK_UPPER_OTP: 568 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 569 break; 570 case BSEC_LOCK_DEBUG: 571 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 572 break; 573 case BSEC_LOCK_PROGRAM: 574 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 575 break; 576 default: 577 return TEE_ERROR_BAD_PARAMETERS; 578 } 579 580 return TEE_SUCCESS; 581 } 582 583 static size_t nsec_access_array_size(void) 584 { 585 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 586 587 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 588 } 589 590 static bool nsec_access_granted(unsigned int index) 591 { 592 uint32_t *array = bsec_dev.nsec_access; 593 594 return array && 595 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 596 array[index / BSEC_BITS_PER_WORD] & 597 BIT(index % BSEC_BITS_PER_WORD); 598 } 599 600 bool stm32_bsec_can_access_otp(uint32_t otp_id) 601 { 602 return (otp_id <= otp_max_id()) && !state_is_invalid_mode(); 603 } 604 605 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 606 { 607 return otp_id < otp_upper_base() || 608 nsec_access_granted(otp_id - otp_upper_base()); 609 } 610 611 struct nvmem_layout { 612 char *name; 613 uint32_t otp_id; 614 size_t bit_len; 615 }; 616 617 static struct nvmem_layout *nvmem_layout; 618 static size_t nvmem_layout_count; 619 620 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 621 uint32_t *otp_id, 622 size_t *otp_bit_len) 623 { 624 size_t i = 0; 625 626 if (!name) 627 return TEE_ERROR_BAD_PARAMETERS; 628 629 for (i = 0; i < nvmem_layout_count; i++) { 630 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name)) 631 continue; 632 633 if (otp_id) 634 *otp_id = nvmem_layout[i].otp_id; 635 636 if (otp_bit_len) 637 *otp_bit_len = nvmem_layout[i].bit_len; 638 639 DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i, 640 nvmem_layout[i].otp_id, nvmem_layout[i].bit_len); 641 642 return TEE_SUCCESS; 643 } 644 645 DMSG("nvmem %s failed", name); 646 647 return TEE_ERROR_ITEM_NOT_FOUND; 648 }; 649 650 TEE_Result stm32_bsec_get_state(uint32_t *state) 651 { 652 if (!state) 653 return TEE_ERROR_BAD_PARAMETERS; 654 655 if (state_is_invalid_mode() || !state_is_secured_mode()) { 656 *state = BSEC_STATE_INVALID; 657 } else { 658 if (state_is_closed_mode()) 659 *state = BSEC_STATE_SEC_CLOSED; 660 else 661 *state = BSEC_STATE_SEC_OPEN; 662 } 663 664 return TEE_SUCCESS; 665 } 666 667 #ifdef CFG_EMBED_DTB 668 static void enable_nsec_access(unsigned int otp_id) 669 { 670 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 671 672 if (otp_id < otp_upper_base()) 673 return; 674 675 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 676 panic(); 677 678 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 679 } 680 681 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 682 { 683 int bsec_subnode = 0; 684 685 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 686 sizeof(*bsec_dev.nsec_access)); 687 if (!bsec_dev.nsec_access) 688 panic(); 689 690 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 691 unsigned int reg_offset = 0; 692 unsigned int reg_size = 0; 693 unsigned int otp_id = 0; 694 unsigned int i = 0; 695 size_t size = 0; 696 697 reg_offset = _fdt_reg_base_address(fdt, bsec_subnode); 698 reg_size = _fdt_reg_size(fdt, bsec_subnode); 699 700 assert(reg_offset != DT_INFO_INVALID_REG && 701 reg_size != DT_INFO_INVALID_REG_SIZE); 702 703 otp_id = reg_offset / sizeof(uint32_t); 704 705 if (otp_id < STM32MP1_UPPER_OTP_START) { 706 unsigned int otp_end = 707 ROUNDUP_DIV(reg_offset + reg_size, 708 sizeof(uint32_t)); 709 710 if (otp_end > STM32MP1_UPPER_OTP_START) { 711 /* 712 * OTP crosses Lower/Upper boundary, consider 713 * only the upper part. 714 */ 715 otp_id = STM32MP1_UPPER_OTP_START; 716 reg_size -= (STM32MP1_UPPER_OTP_START * 717 sizeof(uint32_t)) - reg_offset; 718 reg_offset = STM32MP1_UPPER_OTP_START * 719 sizeof(uint32_t); 720 721 DMSG("OTP crosses Lower/Upper boundary"); 722 } else { 723 continue; 724 } 725 } 726 727 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 728 continue; 729 730 if ((reg_offset % sizeof(uint32_t)) || 731 (reg_size % sizeof(uint32_t))) 732 panic("Unaligned non-secure OTP"); 733 734 size = reg_size / sizeof(uint32_t); 735 736 if (otp_id + size > OTP_MAX_SIZE) 737 panic("OTP range oversized"); 738 739 for (i = otp_id; i < otp_id + size; i++) 740 enable_nsec_access(i); 741 } 742 } 743 744 static void save_dt_nvmem_layout(void *fdt, int bsec_node) 745 { 746 int cell_max = 0; 747 int cell_cnt = 0; 748 int node = 0; 749 750 fdt_for_each_subnode(node, fdt, bsec_node) 751 cell_max++; 752 if (!cell_max) 753 return; 754 755 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout)); 756 if (!nvmem_layout) 757 panic(); 758 759 fdt_for_each_subnode(node, fdt, bsec_node) { 760 unsigned int reg_offset = 0; 761 unsigned int reg_length = 0; 762 const char *string = NULL; 763 const char *s = NULL; 764 int len = 0; 765 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt]; 766 767 string = fdt_get_name(fdt, node, &len); 768 if (!string || !len) 769 continue; 770 771 reg_offset = _fdt_reg_base_address(fdt, node); 772 reg_length = _fdt_reg_size(fdt, node); 773 774 if (reg_offset == DT_INFO_INVALID_REG || 775 reg_length == DT_INFO_INVALID_REG_SIZE) { 776 DMSG("Malformed nvmem %s: ignored", string); 777 continue; 778 } 779 780 if (reg_offset % sizeof(uint32_t)) { 781 DMSG("Misaligned nvmem %s: ignored", string); 782 continue; 783 } 784 layout_cell->otp_id = reg_offset / sizeof(uint32_t); 785 layout_cell->bit_len = reg_length * CHAR_BIT; 786 787 s = strchr(string, '@'); 788 if (s) 789 len = s - string; 790 791 layout_cell->name = strndup(string, len); 792 if (!layout_cell->name) 793 panic(); 794 cell_cnt++; 795 DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt, 796 layout_cell->name, layout_cell->otp_id, 797 layout_cell->bit_len); 798 } 799 800 if (cell_cnt != cell_max) { 801 nvmem_layout = realloc(nvmem_layout, 802 cell_cnt * sizeof(*nvmem_layout)); 803 if (!nvmem_layout) 804 panic(); 805 } 806 807 nvmem_layout_count = cell_cnt; 808 } 809 810 static void initialize_bsec_from_dt(void) 811 { 812 void *fdt = NULL; 813 int node = 0; 814 struct dt_node_info bsec_info = { }; 815 816 fdt = get_embedded_dt(); 817 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec"); 818 if (node < 0) 819 panic(); 820 821 _fdt_fill_device_info(fdt, &bsec_info, node); 822 823 if (bsec_info.reg != bsec_dev.base.pa || 824 !(bsec_info.status & DT_STATUS_OK_SEC)) 825 panic(); 826 827 bsec_dt_otp_nsec_access(fdt, node); 828 829 save_dt_nvmem_layout(fdt, node); 830 } 831 #else 832 static void initialize_bsec_from_dt(void) 833 { 834 } 835 #endif /*CFG_EMBED_DTB*/ 836 837 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused, 838 const struct pm_callback_handle *hdl __unused) 839 { 840 static uint32_t debug_conf; 841 842 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME); 843 844 if (op == PM_OP_SUSPEND) 845 debug_conf = stm32_bsec_read_debug_conf(); 846 else 847 stm32_bsec_write_debug_conf(debug_conf); 848 849 return TEE_SUCCESS; 850 } 851 DECLARE_KEEP_PAGER(bsec_pm); 852 853 static TEE_Result initialize_bsec(void) 854 { 855 struct stm32_bsec_static_cfg cfg = { }; 856 857 stm32mp_get_bsec_static_cfg(&cfg); 858 859 bsec_dev.base.pa = cfg.base; 860 bsec_dev.upper_base = cfg.upper_start; 861 bsec_dev.max_id = cfg.max_id; 862 863 if (state_is_invalid_mode()) 864 panic(); 865 866 if (IS_ENABLED(CFG_EMBED_DTB)) 867 initialize_bsec_from_dt(); 868 869 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec"); 870 871 return TEE_SUCCESS; 872 } 873 874 early_init(initialize_bsec); 875