1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2017-2021, STMicroelectronics 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <drivers/stm32_bsec.h> 9 #include <io.h> 10 #include <kernel/delay.h> 11 #include <kernel/dt.h> 12 #include <kernel/boot.h> 13 #include <kernel/pm.h> 14 #include <kernel/spinlock.h> 15 #include <libfdt.h> 16 #include <limits.h> 17 #include <mm/core_memprot.h> 18 #include <platform_config.h> 19 #include <stm32_util.h> 20 #include <string.h> 21 #include <tee_api_defines.h> 22 #include <types_ext.h> 23 #include <util.h> 24 25 #ifdef CFG_STM32MP13 26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec" 27 #endif 28 #ifdef CFG_STM32MP15 29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec" 30 #endif 31 32 #define BSEC_OTP_MASK GENMASK_32(4, 0) 33 #define BSEC_OTP_BANK_SHIFT U(5) 34 35 /* Permanent lock bitmasks */ 36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3) 37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1) 38 39 /* BSEC register offset */ 40 #define BSEC_OTP_CONF_OFF U(0x000) 41 #define BSEC_OTP_CTRL_OFF U(0x004) 42 #define BSEC_OTP_WRDATA_OFF U(0x008) 43 #define BSEC_OTP_STATUS_OFF U(0x00C) 44 #define BSEC_OTP_LOCK_OFF U(0x010) 45 #define BSEC_DEN_OFF U(0x014) 46 #define BSEC_FEN_OFF U(0x018) 47 #define BSEC_DISTURBED_OFF U(0x01C) 48 #define BSEC_DISTURBED1_OFF U(0x020) 49 #define BSEC_DISTURBED2_OFF U(0x024) 50 #define BSEC_ERROR_OFF U(0x034) 51 #define BSEC_ERROR1_OFF U(0x038) 52 #define BSEC_ERROR2_OFF U(0x03C) 53 #define BSEC_WRLOCK_OFF U(0x04C) 54 #define BSEC_WRLOCK1_OFF U(0x050) 55 #define BSEC_WRLOCK2_OFF U(0x054) 56 #define BSEC_SPLOCK_OFF U(0x064) 57 #define BSEC_SPLOCK1_OFF U(0x068) 58 #define BSEC_SPLOCK2_OFF U(0x06C) 59 #define BSEC_SWLOCK_OFF U(0x07C) 60 #define BSEC_SWLOCK1_OFF U(0x080) 61 #define BSEC_SWLOCK2_OFF U(0x084) 62 #define BSEC_SRLOCK_OFF U(0x094) 63 #define BSEC_SRLOCK1_OFF U(0x098) 64 #define BSEC_SRLOCK2_OFF U(0x09C) 65 #define BSEC_JTAG_IN_OFF U(0x0AC) 66 #define BSEC_JTAG_OUT_OFF U(0x0B0) 67 #define BSEC_SCRATCH_OFF U(0x0B4) 68 #define BSEC_OTP_DATA_OFF U(0x200) 69 #define BSEC_IPHW_CFG_OFF U(0xFF0) 70 #define BSEC_IPVR_OFF U(0xFF4) 71 #define BSEC_IP_ID_OFF U(0xFF8) 72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC) 73 74 /* BSEC_CONFIGURATION Register */ 75 #define BSEC_CONF_POWER_UP_MASK BIT(0) 76 #define BSEC_CONF_POWER_UP_SHIFT U(0) 77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1) 78 #define BSEC_CONF_FRQ_SHIFT U(1) 79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3) 80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3) 81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7) 82 #define BSEC_CONF_TREAD_SHIFT U(7) 83 84 /* BSEC_CONTROL Register */ 85 #define BSEC_READ U(0x000) 86 #define BSEC_WRITE U(0x100) 87 #define BSEC_LOCK U(0x200) 88 89 /* BSEC_STATUS Register */ 90 #define BSEC_MODE_SECURED BIT(0) 91 #define BSEC_MODE_INVALID BIT(2) 92 #define BSEC_MODE_BUSY BIT(3) 93 #define BSEC_MODE_PROGFAIL BIT(4) 94 #define BSEC_MODE_PWR BIT(5) 95 #define BSEC_MODE_CLOSED BIT(8) 96 97 /* 98 * OTP Lock services definition 99 * Value must corresponding to the bit position in the register 100 */ 101 #define BSEC_LOCK_UPPER_OTP U(0x00) 102 #define BSEC_LOCK_DEBUG U(0x02) 103 #define BSEC_LOCK_PROGRAM U(0x04) 104 105 /* Timeout when polling on status */ 106 #define BSEC_TIMEOUT_US U(10000) 107 108 struct bsec_dev { 109 struct io_pa_va base; 110 unsigned int upper_base; 111 unsigned int max_id; 112 uint32_t *nsec_access; 113 }; 114 115 /* Only 1 instance of BSEC is expected per platform */ 116 static struct bsec_dev bsec_dev; 117 118 /* BSEC access protection */ 119 static unsigned int lock = SPINLOCK_UNLOCK; 120 121 static uint32_t bsec_lock(void) 122 { 123 return may_spin_lock(&lock); 124 } 125 126 static void bsec_unlock(uint32_t exceptions) 127 { 128 may_spin_unlock(&lock, exceptions); 129 } 130 131 static uint32_t otp_max_id(void) 132 { 133 return bsec_dev.max_id; 134 } 135 136 static uint32_t otp_upper_base(void) 137 { 138 return bsec_dev.upper_base; 139 } 140 141 static uint32_t otp_bank_offset(uint32_t otp_id) 142 { 143 assert(otp_id <= otp_max_id()); 144 145 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 146 sizeof(uint32_t); 147 } 148 149 static vaddr_t bsec_base(void) 150 { 151 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1); 152 } 153 154 static uint32_t bsec_status(void) 155 { 156 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF); 157 } 158 159 static bool state_is_invalid_mode(void) 160 { 161 return bsec_status() & BSEC_MODE_INVALID; 162 } 163 164 static bool state_is_secured_mode(void) 165 { 166 return bsec_status() & BSEC_MODE_SECURED; 167 } 168 169 static bool state_is_closed_mode(void) 170 { 171 uint32_t close_mode = 0; 172 173 if (IS_ENABLED(CFG_STM32MP13)) 174 return bsec_status() & BSEC_MODE_CLOSED; 175 176 if (stm32_bsec_read_otp(&close_mode, CFG0_OTP)) 177 panic("Unable to read OTP"); 178 179 return close_mode & CFG0_OTP_CLOSED_DEVICE; 180 } 181 182 /* 183 * Check that BSEC interface does not report an error 184 * @otp_id : OTP number 185 * @check_disturbed: check only error (false) or all sources (true) 186 * Return a TEE_Result compliant value 187 */ 188 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed) 189 { 190 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK); 191 uint32_t bank = otp_bank_offset(otp_id); 192 193 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit) 194 return TEE_ERROR_GENERIC; 195 196 if (check_disturbed && 197 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit) 198 return TEE_ERROR_GENERIC; 199 200 return TEE_SUCCESS; 201 } 202 203 static TEE_Result power_up_safmem(void) 204 { 205 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 206 207 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK, 208 BSEC_CONF_POWER_UP_MASK); 209 210 /* 211 * If a timeout is detected, test the condition again to consider 212 * cases where timeout is due to the executing TEE thread rescheduling. 213 */ 214 while (!timeout_elapsed(timeout_ref)) 215 if (bsec_status() & BSEC_MODE_PWR) 216 break; 217 218 if (bsec_status() & BSEC_MODE_PWR) 219 return TEE_SUCCESS; 220 221 return TEE_ERROR_GENERIC; 222 } 223 224 static TEE_Result power_down_safmem(void) 225 { 226 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 227 228 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK); 229 230 /* 231 * If a timeout is detected, test the condition again to consider 232 * cases where timeout is due to the executing TEE thread rescheduling. 233 */ 234 while (!timeout_elapsed(timeout_ref)) 235 if (!(bsec_status() & BSEC_MODE_PWR)) 236 break; 237 238 if (!(bsec_status() & BSEC_MODE_PWR)) 239 return TEE_SUCCESS; 240 241 return TEE_ERROR_GENERIC; 242 } 243 244 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id) 245 { 246 TEE_Result result = 0; 247 uint32_t exceptions = 0; 248 uint64_t timeout_ref = 0; 249 bool locked = false; 250 251 /* Check if shadowing of OTP is locked, informative only */ 252 result = stm32_bsec_read_sr_lock(otp_id, &locked); 253 if (result) 254 return result; 255 256 if (locked) 257 DMSG("BSEC shadow warning: OTP locked"); 258 259 if (state_is_invalid_mode()) 260 return TEE_ERROR_SECURITY; 261 262 exceptions = bsec_lock(); 263 264 result = power_up_safmem(); 265 if (result) 266 goto out; 267 268 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ); 269 270 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 271 while (!timeout_elapsed(timeout_ref)) 272 if (!(bsec_status() & BSEC_MODE_BUSY)) 273 break; 274 275 if (bsec_status() & BSEC_MODE_BUSY) 276 result = TEE_ERROR_BUSY; 277 else 278 result = check_no_error(otp_id, true /* check-disturbed */); 279 280 power_down_safmem(); 281 282 out: 283 bsec_unlock(exceptions); 284 285 return result; 286 } 287 288 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id) 289 { 290 if (otp_id > otp_max_id()) 291 return TEE_ERROR_BAD_PARAMETERS; 292 293 if (state_is_invalid_mode()) 294 return TEE_ERROR_SECURITY; 295 296 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF + 297 (otp_id * sizeof(uint32_t))); 298 299 return TEE_SUCCESS; 300 } 301 302 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id) 303 { 304 TEE_Result result = 0; 305 306 result = stm32_bsec_shadow_register(otp_id); 307 if (result) { 308 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result); 309 return result; 310 } 311 312 result = stm32_bsec_read_otp(otp_value, otp_id); 313 if (result) 314 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result); 315 316 return result; 317 } 318 319 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id) 320 { 321 TEE_Result result = 0; 322 uint32_t exceptions = 0; 323 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF; 324 bool locked = false; 325 326 /* Check if write of OTP is locked, informative only */ 327 result = stm32_bsec_read_sw_lock(otp_id, &locked); 328 if (result) 329 return result; 330 331 if (locked) 332 DMSG("BSEC write warning: OTP locked"); 333 334 if (state_is_invalid_mode()) 335 return TEE_ERROR_SECURITY; 336 337 exceptions = bsec_lock(); 338 339 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value); 340 341 bsec_unlock(exceptions); 342 343 return TEE_SUCCESS; 344 } 345 346 #ifdef CFG_STM32_BSEC_WRITE 347 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id) 348 { 349 TEE_Result result = 0; 350 uint32_t exceptions = 0; 351 uint64_t timeout_ref = 0; 352 bool locked = false; 353 354 /* Check if shadowing of OTP is locked, informative only */ 355 result = stm32_bsec_read_sp_lock(otp_id, &locked); 356 if (result) 357 return result; 358 359 if (locked) 360 DMSG("BSEC program warning: OTP locked"); 361 362 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM)) 363 DMSG("BSEC program warning: GPLOCK activated"); 364 365 if (state_is_invalid_mode()) 366 return TEE_ERROR_SECURITY; 367 368 exceptions = bsec_lock(); 369 370 result = power_up_safmem(); 371 if (result) 372 goto out; 373 374 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value); 375 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE); 376 377 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 378 while (!timeout_elapsed(timeout_ref)) 379 if (!(bsec_status() & BSEC_MODE_BUSY)) 380 break; 381 382 if (bsec_status() & BSEC_MODE_BUSY) 383 result = TEE_ERROR_BUSY; 384 else if (bsec_status() & BSEC_MODE_PROGFAIL) 385 result = TEE_ERROR_BAD_PARAMETERS; 386 else 387 result = check_no_error(otp_id, true /* check-disturbed */); 388 389 power_down_safmem(); 390 391 out: 392 bsec_unlock(exceptions); 393 394 return result; 395 } 396 #endif /*CFG_STM32_BSEC_WRITE*/ 397 398 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id) 399 { 400 TEE_Result result = 0; 401 uint32_t data = 0; 402 uint32_t addr = 0; 403 uint32_t exceptions = 0; 404 vaddr_t base = bsec_base(); 405 uint64_t timeout_ref = 0; 406 uint32_t upper_base = otp_upper_base(); 407 408 if (otp_id > otp_max_id()) 409 return TEE_ERROR_BAD_PARAMETERS; 410 411 /* 412 * 2 bits per words for lower OTPs: 2:1 Redundancy 413 * 1 bit per word for upper OTPs : ECC support 414 * e.g with 32 lower and 64 upper OTPs: 415 * OTP word to be ADDR[6:0] WRDATA[31:0] 416 * locked 417 * 0 0x00 0x0000 0003 418 * 1 0x00 0x0000 000C 419 * ... ... ... 420 * 7 0x00 0x0000 C000 421 * 8 0x01 0x0000 0003 422 * ... ... ... 423 * 31 0x03 0x0000 C000 424 * 32 0x04 0x0000 0001 425 * 33 0x04 0x0000 0002 426 * 95 0x07 0x0000 8000 427 */ 428 if (otp_id < upper_base) { 429 addr = otp_id / 8U; 430 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF); 431 } else { 432 addr = upper_base / 8U + (otp_id - upper_base) / 16U; 433 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF); 434 } 435 436 if (state_is_invalid_mode()) 437 return TEE_ERROR_SECURITY; 438 439 exceptions = bsec_lock(); 440 441 result = power_up_safmem(); 442 if (result) 443 goto out; 444 445 io_write32(base + BSEC_OTP_WRDATA_OFF, data); 446 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK); 447 448 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US); 449 while (!timeout_elapsed(timeout_ref)) 450 if (!(bsec_status() & BSEC_MODE_BUSY)) 451 break; 452 453 if (bsec_status() & BSEC_MODE_BUSY) 454 result = TEE_ERROR_BUSY; 455 else if (bsec_status() & BSEC_MODE_PROGFAIL) 456 result = TEE_ERROR_BAD_PARAMETERS; 457 else 458 result = check_no_error(otp_id, false /* not-disturbed */); 459 460 #ifdef CFG_STM32MP13 461 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK); 462 #endif 463 464 power_down_safmem(); 465 466 out: 467 bsec_unlock(exceptions); 468 469 return result; 470 } 471 472 #ifdef CFG_STM32_BSEC_WRITE 473 TEE_Result stm32_bsec_write_debug_conf(uint32_t value) 474 { 475 TEE_Result result = TEE_ERROR_GENERIC; 476 uint32_t exceptions = 0; 477 478 if (state_is_invalid_mode()) 479 return TEE_ERROR_SECURITY; 480 481 exceptions = bsec_lock(); 482 483 io_write32(bsec_base() + BSEC_DEN_OFF, value); 484 485 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ value) == 0U) 486 result = TEE_SUCCESS; 487 488 bsec_unlock(exceptions); 489 490 return result; 491 } 492 #endif /*CFG_STM32_BSEC_WRITE*/ 493 494 uint32_t stm32_bsec_read_debug_conf(void) 495 { 496 return io_read32(bsec_base() + BSEC_DEN_OFF); 497 } 498 499 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset) 500 { 501 uint32_t bank = otp_bank_offset(otp_id); 502 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 503 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 504 uint32_t exceptions = 0; 505 506 if (otp_id > STM32MP1_OTP_MAX_ID) 507 return TEE_ERROR_BAD_PARAMETERS; 508 509 if (state_is_invalid_mode()) 510 return TEE_ERROR_SECURITY; 511 512 exceptions = bsec_lock(); 513 514 io_write32(lock_addr, otp_mask); 515 516 bsec_unlock(exceptions); 517 518 return TEE_SUCCESS; 519 } 520 521 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id) 522 { 523 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF); 524 } 525 526 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id) 527 { 528 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF); 529 } 530 531 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id) 532 { 533 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF); 534 } 535 536 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked, 537 size_t lock_offset) 538 { 539 uint32_t bank = otp_bank_offset(otp_id); 540 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK); 541 vaddr_t lock_addr = bsec_base() + bank + lock_offset; 542 543 if (otp_id > STM32MP1_OTP_MAX_ID) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 if (state_is_invalid_mode()) 547 return TEE_ERROR_SECURITY; 548 549 *locked = (io_read32(lock_addr) & otp_mask) != 0; 550 551 return TEE_SUCCESS; 552 } 553 554 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked) 555 { 556 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF); 557 } 558 559 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked) 560 { 561 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF); 562 } 563 564 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked) 565 { 566 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF); 567 } 568 569 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked) 570 { 571 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF); 572 } 573 574 TEE_Result stm32_bsec_otp_lock(uint32_t service) 575 { 576 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF; 577 578 if (state_is_invalid_mode()) 579 return TEE_ERROR_SECURITY; 580 581 switch (service) { 582 case BSEC_LOCK_UPPER_OTP: 583 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP)); 584 break; 585 case BSEC_LOCK_DEBUG: 586 io_write32(addr, BIT(BSEC_LOCK_DEBUG)); 587 break; 588 case BSEC_LOCK_PROGRAM: 589 io_write32(addr, BIT(BSEC_LOCK_PROGRAM)); 590 break; 591 default: 592 return TEE_ERROR_BAD_PARAMETERS; 593 } 594 595 return TEE_SUCCESS; 596 } 597 598 static size_t nsec_access_array_size(void) 599 { 600 size_t upper_count = otp_max_id() - otp_upper_base() + 1; 601 602 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD); 603 } 604 605 static bool nsec_access_granted(unsigned int index) 606 { 607 uint32_t *array = bsec_dev.nsec_access; 608 609 return array && 610 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() && 611 array[index / BSEC_BITS_PER_WORD] & 612 BIT(index % BSEC_BITS_PER_WORD); 613 } 614 615 bool stm32_bsec_can_access_otp(uint32_t otp_id) 616 { 617 return (otp_id <= otp_max_id()) && !state_is_invalid_mode(); 618 } 619 620 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id) 621 { 622 return otp_id < otp_upper_base() || 623 nsec_access_granted(otp_id - otp_upper_base()); 624 } 625 626 struct nvmem_layout { 627 char *name; 628 uint32_t otp_id; 629 size_t bit_len; 630 }; 631 632 static struct nvmem_layout *nvmem_layout; 633 static size_t nvmem_layout_count; 634 635 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 636 uint32_t *otp_id, 637 size_t *otp_bit_len) 638 { 639 size_t i = 0; 640 641 if (!name) 642 return TEE_ERROR_BAD_PARAMETERS; 643 644 for (i = 0; i < nvmem_layout_count; i++) { 645 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name)) 646 continue; 647 648 if (otp_id) 649 *otp_id = nvmem_layout[i].otp_id; 650 651 if (otp_bit_len) 652 *otp_bit_len = nvmem_layout[i].bit_len; 653 654 DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i, 655 nvmem_layout[i].otp_id, nvmem_layout[i].bit_len); 656 657 return TEE_SUCCESS; 658 } 659 660 DMSG("nvmem %s failed", name); 661 662 return TEE_ERROR_ITEM_NOT_FOUND; 663 }; 664 665 TEE_Result stm32_bsec_get_state(uint32_t *state) 666 { 667 if (!state) 668 return TEE_ERROR_BAD_PARAMETERS; 669 670 if (state_is_invalid_mode() || !state_is_secured_mode()) { 671 *state = BSEC_STATE_INVALID; 672 } else { 673 if (state_is_closed_mode()) 674 *state = BSEC_STATE_SEC_CLOSED; 675 else 676 *state = BSEC_STATE_SEC_OPEN; 677 } 678 679 return TEE_SUCCESS; 680 } 681 682 #ifdef CFG_EMBED_DTB 683 static void enable_nsec_access(unsigned int otp_id) 684 { 685 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD; 686 687 if (otp_id < otp_upper_base()) 688 return; 689 690 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id)) 691 panic(); 692 693 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD); 694 } 695 696 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 697 { 698 int bsec_subnode = 0; 699 700 bsec_dev.nsec_access = calloc(nsec_access_array_size(), 701 sizeof(*bsec_dev.nsec_access)); 702 if (!bsec_dev.nsec_access) 703 panic(); 704 705 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 706 unsigned int reg_offset = 0; 707 unsigned int reg_size = 0; 708 unsigned int otp_id = 0; 709 unsigned int i = 0; 710 size_t size = 0; 711 712 reg_offset = _fdt_reg_base_address(fdt, bsec_subnode); 713 reg_size = _fdt_reg_size(fdt, bsec_subnode); 714 715 assert(reg_offset != DT_INFO_INVALID_REG && 716 reg_size != DT_INFO_INVALID_REG_SIZE); 717 718 otp_id = reg_offset / sizeof(uint32_t); 719 720 if (otp_id < STM32MP1_UPPER_OTP_START) { 721 unsigned int otp_end = 722 ROUNDUP_DIV(reg_offset + reg_size, 723 sizeof(uint32_t)); 724 725 if (otp_end > STM32MP1_UPPER_OTP_START) { 726 /* 727 * OTP crosses Lower/Upper boundary, consider 728 * only the upper part. 729 */ 730 otp_id = STM32MP1_UPPER_OTP_START; 731 reg_size -= (STM32MP1_UPPER_OTP_START * 732 sizeof(uint32_t)) - reg_offset; 733 reg_offset = STM32MP1_UPPER_OTP_START * 734 sizeof(uint32_t); 735 736 DMSG("OTP crosses Lower/Upper boundary"); 737 } else { 738 continue; 739 } 740 } 741 742 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL)) 743 continue; 744 745 if ((reg_offset % sizeof(uint32_t)) || 746 (reg_size % sizeof(uint32_t))) 747 panic("Unaligned non-secure OTP"); 748 749 size = reg_size / sizeof(uint32_t); 750 751 if (otp_id + size > OTP_MAX_SIZE) 752 panic("OTP range oversized"); 753 754 for (i = otp_id; i < otp_id + size; i++) 755 enable_nsec_access(i); 756 } 757 } 758 759 static void save_dt_nvmem_layout(void *fdt, int bsec_node) 760 { 761 int cell_max = 0; 762 int cell_cnt = 0; 763 int node = 0; 764 765 fdt_for_each_subnode(node, fdt, bsec_node) 766 cell_max++; 767 if (!cell_max) 768 return; 769 770 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout)); 771 if (!nvmem_layout) 772 panic(); 773 774 fdt_for_each_subnode(node, fdt, bsec_node) { 775 unsigned int reg_offset = 0; 776 unsigned int reg_length = 0; 777 const char *string = NULL; 778 const char *s = NULL; 779 int len = 0; 780 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt]; 781 782 string = fdt_get_name(fdt, node, &len); 783 if (!string || !len) 784 continue; 785 786 reg_offset = _fdt_reg_base_address(fdt, node); 787 reg_length = _fdt_reg_size(fdt, node); 788 789 if (reg_offset == DT_INFO_INVALID_REG || 790 reg_length == DT_INFO_INVALID_REG_SIZE) { 791 DMSG("Malformed nvmem %s: ignored", string); 792 continue; 793 } 794 795 if (reg_offset % sizeof(uint32_t)) { 796 DMSG("Misaligned nvmem %s: ignored", string); 797 continue; 798 } 799 layout_cell->otp_id = reg_offset / sizeof(uint32_t); 800 layout_cell->bit_len = reg_length * CHAR_BIT; 801 802 s = strchr(string, '@'); 803 if (s) 804 len = s - string; 805 806 layout_cell->name = strndup(string, len); 807 if (!layout_cell->name) 808 panic(); 809 cell_cnt++; 810 DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt, 811 layout_cell->name, layout_cell->otp_id, 812 layout_cell->bit_len); 813 } 814 815 if (cell_cnt != cell_max) { 816 nvmem_layout = realloc(nvmem_layout, 817 cell_cnt * sizeof(*nvmem_layout)); 818 if (!nvmem_layout) 819 panic(); 820 } 821 822 nvmem_layout_count = cell_cnt; 823 } 824 825 static void initialize_bsec_from_dt(void) 826 { 827 void *fdt = NULL; 828 int node = 0; 829 struct dt_node_info bsec_info = { }; 830 831 fdt = get_embedded_dt(); 832 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT); 833 if (node < 0) 834 panic(); 835 836 _fdt_fill_device_info(fdt, &bsec_info, node); 837 838 if (bsec_info.reg != bsec_dev.base.pa || 839 !(bsec_info.status & DT_STATUS_OK_SEC)) 840 panic(); 841 842 bsec_dt_otp_nsec_access(fdt, node); 843 844 save_dt_nvmem_layout(fdt, node); 845 } 846 #else 847 static void initialize_bsec_from_dt(void) 848 { 849 } 850 #endif /*CFG_EMBED_DTB*/ 851 852 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused, 853 const struct pm_callback_handle *hdl __unused) 854 { 855 static uint32_t debug_conf; 856 857 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME); 858 859 if (op == PM_OP_SUSPEND) 860 debug_conf = stm32_bsec_read_debug_conf(); 861 else 862 stm32_bsec_write_debug_conf(debug_conf); 863 864 return TEE_SUCCESS; 865 } 866 DECLARE_KEEP_PAGER(bsec_pm); 867 868 static TEE_Result initialize_bsec(void) 869 { 870 struct stm32_bsec_static_cfg cfg = { }; 871 872 stm32mp_get_bsec_static_cfg(&cfg); 873 874 bsec_dev.base.pa = cfg.base; 875 bsec_dev.upper_base = cfg.upper_start; 876 bsec_dev.max_id = cfg.max_id; 877 878 if (state_is_invalid_mode()) 879 panic(); 880 881 if (IS_ENABLED(CFG_EMBED_DTB)) 882 initialize_bsec_from_dt(); 883 884 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec"); 885 886 return TEE_SUCCESS; 887 } 888 889 early_init(initialize_bsec); 890