xref: /optee_os/core/drivers/stm32_bsec.c (revision ed3fa831cdd6c545bf2813de8aeccc2564387983) 
1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3  * Copyright (c) 2017-2020, STMicroelectronics
4  */
5 
6 #include <assert.h>
7 #include <drivers/stm32_bsec.h>
8 #include <io.h>
9 #include <kernel/delay.h>
10 #include <kernel/generic_boot.h>
11 #include <kernel/spinlock.h>
12 #include <limits.h>
13 #include <mm/core_memprot.h>
14 #include <platform_config.h>
15 #include <stm32_util.h>
16 #include <string.h>
17 #include <tee_api_defines.h>
18 #include <types_ext.h>
19 #include <util.h>
20 
21 #define BSEC_OTP_MASK			GENMASK_32(4, 0)
22 #define BSEC_OTP_BANK_SHIFT		5
23 
24 /* Permanent lock bitmasks */
25 #define ADDR_LOWER_OTP_PERLOCK_SHIFT	3
26 #define DATA_LOWER_OTP_PERLOCK_BIT	3
27 #define DATA_LOWER_OTP_PERLOCK_MASK	GENMASK_32(2, 0)
28 #define ADDR_UPPER_OTP_PERLOCK_SHIFT	4
29 #define DATA_UPPER_OTP_PERLOCK_BIT	1
30 #define DATA_UPPER_OTP_PERLOCK_MASK	GENMASK_32(3, 0)
31 
32 /* BSEC register offset */
33 #define BSEC_OTP_CONF_OFF		0x000U
34 #define BSEC_OTP_CTRL_OFF		0x004U
35 #define BSEC_OTP_WRDATA_OFF		0x008U
36 #define BSEC_OTP_STATUS_OFF		0x00CU
37 #define BSEC_OTP_LOCK_OFF		0x010U
38 #define BSEC_DEN_OFF			0x014U
39 #define BSEC_FEN_OFF			0x018U
40 #define BSEC_DISTURBED_OFF		0x01CU
41 #define BSEC_DISTURBED1_OFF		0x020U
42 #define BSEC_DISTURBED2_OFF		0x024U
43 #define BSEC_ERROR_OFF			0x034U
44 #define BSEC_ERROR1_OFF			0x038U
45 #define BSEC_ERROR2_OFF			0x03CU
46 #define BSEC_WRLOCK_OFF			0x04CU
47 #define BSEC_WRLOCK1_OFF		0x050U
48 #define BSEC_WRLOCK2_OFF		0x054U
49 #define BSEC_SPLOCK_OFF			0x064U
50 #define BSEC_SPLOCK1_OFF		0x068U
51 #define BSEC_SPLOCK2_OFF		0x06CU
52 #define BSEC_SWLOCK_OFF			0x07CU
53 #define BSEC_SWLOCK1_OFF		0x080U
54 #define BSEC_SWLOCK2_OFF		0x084U
55 #define BSEC_SRLOCK_OFF			0x094U
56 #define BSEC_SRLOCK1_OFF		0x098U
57 #define BSEC_SRLOCK2_OFF		0x09CU
58 #define BSEC_JTAG_IN_OFF		0x0ACU
59 #define BSEC_JTAG_OUT_OFF		0x0B0U
60 #define BSEC_SCRATCH_OFF		0x0B4U
61 #define BSEC_OTP_DATA_OFF		0x200U
62 #define BSEC_IPHW_CFG_OFF		0xFF0U
63 #define BSEC_IPVR_OFF			0xFF4U
64 #define BSEC_IP_ID_OFF			0xFF8U
65 #define BSEC_IP_MAGIC_ID_OFF		0xFFCU
66 
67 /* BSEC_CONFIGURATION Register */
68 #define BSEC_CONF_POWER_UP_MASK		BIT(0)
69 #define BSEC_CONF_POWER_UP_SHIFT	0
70 #define BSEC_CONF_FRQ_MASK		GENMASK_32(2, 1)
71 #define BSEC_CONF_FRQ_SHIFT		1
72 #define BSEC_CONF_PRG_WIDTH_MASK	GENMASK_32(6, 3)
73 #define BSEC_CONF_PRG_WIDTH_SHIFT	3
74 #define BSEC_CONF_TREAD_MASK		GENMASK_32(8, 7)
75 #define BSEC_CONF_TREAD_SHIFT		7
76 
77 /* BSEC_CONTROL Register */
78 #define BSEC_READ			0x000U
79 #define BSEC_WRITE			0x100U
80 #define BSEC_LOCK			0x200U
81 
82 /* BSEC_STATUS Register */
83 #define BSEC_MODE_STATUS_MASK		GENMASK_32(2, 0)
84 #define BSEC_MODE_BUSY_MASK		BIT(3)
85 #define BSEC_MODE_PROGFAIL_MASK		BIT(4)
86 #define BSEC_MODE_PWR_MASK		BIT(5)
87 #define BSEC_MODE_BIST1_LOCK_MASK	BIT(6)
88 #define BSEC_MODE_BIST2_LOCK_MASK	BIT(7)
89 
90 /* BSEC_DEBUG */
91 #define BSEC_HDPEN			BIT(4)
92 #define BSEC_SPIDEN			BIT(5)
93 #define BSEC_SPINDEN			BIT(6)
94 #define BSEC_DBGSWGEN			BIT(10)
95 #define BSEC_DEN_ALL_MSK		GENMASK_32(10, 0)
96 
97 /*
98  * OTP Lock services definition
99  * Value must corresponding to the bit position in the register
100  */
101 #define BSEC_LOCK_UPPER_OTP		0x00
102 #define BSEC_LOCK_DEBUG			0x02
103 #define BSEC_LOCK_PROGRAM		0x04
104 
105 /* Timeout when polling on status */
106 #define BSEC_TIMEOUT_US			1000
107 
108 struct bsec_dev {
109 	struct io_pa_va base;
110 	unsigned int upper_base;
111 	unsigned int max_id;
112 };
113 
114 /* Only 1 instance of BSEC is expected per platform */
115 static struct bsec_dev bsec_dev;
116 
117 /* BSEC access protection */
118 static unsigned int lock = SPINLOCK_UNLOCK;
119 
120 static uint32_t bsec_lock(void)
121 {
122 	return may_spin_lock(&lock);
123 }
124 
125 static void bsec_unlock(uint32_t exceptions)
126 {
127 	may_spin_unlock(&lock, exceptions);
128 }
129 
130 static uint32_t otp_max_id(void)
131 {
132 	return bsec_dev.max_id;
133 }
134 
135 static uint32_t otp_bank_offset(uint32_t otp_id)
136 {
137 	assert(otp_id <= otp_max_id());
138 
139 	return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
140 		sizeof(uint32_t);
141 }
142 
143 static vaddr_t bsec_base(void)
144 {
145 	return io_pa_or_va_secure(&bsec_dev.base);
146 }
147 
148 static uint32_t bsec_status(void)
149 {
150 	return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
151 }
152 
153 /*
154  * Check that BSEC interface does not report an error
155  * @otp_id : OTP number
156  * @check_disturbed: check only error (false) or all sources (true)
157  * Return a TEE_Result compliant value
158  */
159 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
160 {
161 	uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
162 	uint32_t bank = otp_bank_offset(otp_id);
163 
164 	if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
165 		return TEE_ERROR_GENERIC;
166 
167 	if (check_disturbed &&
168 	    io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
169 		return TEE_ERROR_GENERIC;
170 
171 	return TEE_SUCCESS;
172 }
173 
174 static TEE_Result power_up_safmem(void)
175 {
176 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
177 
178 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
179 		  BSEC_CONF_POWER_UP_MASK);
180 
181 	/*
182 	 * If a timeout is detected, test the condition again to consider
183 	 * cases where timeout is due to the executing TEE thread rescheduling.
184 	 */
185 	while (!timeout_elapsed(timeout_ref))
186 		if (bsec_status() & BSEC_MODE_PWR_MASK)
187 			break;
188 
189 	if (bsec_status() & BSEC_MODE_PWR_MASK)
190 		return TEE_SUCCESS;
191 
192 	return TEE_ERROR_GENERIC;
193 }
194 
195 static TEE_Result power_down_safmem(void)
196 {
197 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
198 
199 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
200 
201 	/*
202 	 * If a timeout is detected, test the condition again to consider
203 	 * cases where timeout is due to the executing TEE thread rescheduling.
204 	 */
205 	while (!timeout_elapsed(timeout_ref))
206 		if (!(bsec_status() & BSEC_MODE_PWR_MASK))
207 			break;
208 
209 	if (!(bsec_status() & BSEC_MODE_PWR_MASK))
210 		return TEE_SUCCESS;
211 
212 	return TEE_ERROR_GENERIC;
213 }
214 
215 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
216 {
217 	TEE_Result result = 0;
218 	uint32_t exceptions = 0;
219 	uint64_t timeout_ref = 0;
220 	bool locked = false;
221 
222 	/* Check if shadowing of OTP is locked, informative only */
223 	result = stm32_bsec_read_sr_lock(otp_id, &locked);
224 	if (result)
225 		return result;
226 
227 	if (locked)
228 		DMSG("BSEC shadow warning: OTP locked");
229 
230 	exceptions = bsec_lock();
231 
232 	result = power_up_safmem();
233 	if (result)
234 		return result;
235 
236 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
237 
238 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
239 	while (!timeout_elapsed(timeout_ref))
240 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
241 			break;
242 
243 	if (bsec_status() & BSEC_MODE_BUSY_MASK)
244 		result = TEE_ERROR_GENERIC;
245 	else
246 		result = check_no_error(otp_id, true /* check-disturbed */);
247 
248 	power_down_safmem();
249 
250 	bsec_unlock(exceptions);
251 
252 	return result;
253 }
254 
255 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
256 {
257 	if (otp_id > otp_max_id())
258 		return TEE_ERROR_BAD_PARAMETERS;
259 
260 	*value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
261 			   (otp_id * sizeof(uint32_t)));
262 
263 	return TEE_SUCCESS;
264 }
265 
266 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
267 {
268 	TEE_Result result = 0;
269 
270 	result = stm32_bsec_shadow_register(otp_id);
271 	if (result) {
272 		EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
273 		return result;
274 	}
275 
276 	result = stm32_bsec_read_otp(otp_value, otp_id);
277 	if (result)
278 		EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
279 
280 	return result;
281 }
282 
283 #ifdef CFG_STM32_BSEC_WRITE
284 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
285 {
286 	TEE_Result result = 0;
287 	uint32_t exceptions = 0;
288 	vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
289 	bool locked = false;
290 
291 	/* Check if write of OTP is locked, informative only */
292 	result = stm32_bsec_read_sw_lock(otp_id, &locked);
293 	if (result)
294 		return result;
295 
296 	if (locked)
297 		DMSG("BSEC write warning: OTP locked");
298 
299 	exceptions = bsec_lock();
300 
301 	io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
302 
303 	bsec_unlock(exceptions);
304 
305 	return TEE_SUCCESS;
306 }
307 
308 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
309 {
310 	TEE_Result result = 0;
311 	uint32_t exceptions = 0;
312 	uint64_t timeout_ref = 0;
313 	bool locked = false;
314 
315 	/* Check if shadowing of OTP is locked, informative only */
316 	result = stm32_bsec_read_sp_lock(otp_id, &locked);
317 	if (result)
318 		return result;
319 
320 	if (locked)
321 		DMSG("BSEC program warning: OTP locked");
322 
323 	if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
324 		DMSG("BSEC program warning: GPLOCK activated");
325 
326 	exceptions = bsec_lock();
327 
328 	result = power_up_safmem();
329 	if (result)
330 		return result;
331 
332 	io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
333 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
334 
335 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
336 	while (!timeout_elapsed(timeout_ref))
337 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
338 			break;
339 
340 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
341 		result = TEE_ERROR_GENERIC;
342 	else
343 		result = check_no_error(otp_id, true /* check-disturbed */);
344 
345 	power_down_safmem();
346 
347 	bsec_unlock(exceptions);
348 
349 	return result;
350 }
351 #endif /*CFG_STM32_BSEC_WRITE*/
352 
353 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
354 {
355 	TEE_Result result = 0;
356 	uint32_t data = 0;
357 	uint32_t addr = 0;
358 	uint32_t exceptions = 0;
359 	vaddr_t base = bsec_base();
360 	uint64_t timeout_ref;
361 
362 	if (otp_id > otp_max_id())
363 		return TEE_ERROR_BAD_PARAMETERS;
364 
365 	if (otp_id < bsec_dev.upper_base) {
366 		addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
367 		data = DATA_LOWER_OTP_PERLOCK_BIT <<
368 		       ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
369 	} else {
370 		addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
371 		data = DATA_UPPER_OTP_PERLOCK_BIT <<
372 		       (otp_id & DATA_UPPER_OTP_PERLOCK_MASK);
373 	}
374 
375 	exceptions = bsec_lock();
376 
377 	result = power_up_safmem();
378 	if (result)
379 		return result;
380 
381 	io_write32(base + BSEC_OTP_WRDATA_OFF, data);
382 	io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
383 
384 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
385 	while (!timeout_elapsed(timeout_ref))
386 		if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
387 			break;
388 
389 	if (bsec_status() & (BSEC_MODE_BUSY_MASK | BSEC_MODE_PROGFAIL_MASK))
390 		result = TEE_ERROR_BAD_PARAMETERS;
391 	else
392 		result = check_no_error(otp_id, false /* not-disturbed */);
393 
394 	power_down_safmem();
395 
396 	bsec_unlock(exceptions);
397 
398 	return result;
399 }
400 
401 #ifdef CFG_STM32_BSEC_WRITE
402 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
403 {
404 	TEE_Result result = TEE_ERROR_GENERIC;
405 	uint32_t masked_val = value & BSEC_DEN_ALL_MSK;
406 	uint32_t exceptions = 0;
407 
408 	exceptions = bsec_lock();
409 
410 	io_write32(bsec_base() + BSEC_DEN_OFF, value);
411 
412 	if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U)
413 		result = TEE_SUCCESS;
414 
415 	bsec_unlock(exceptions);
416 
417 	return result;
418 }
419 #endif /*CFG_STM32_BSEC_WRITE*/
420 
421 uint32_t stm32_bsec_read_debug_conf(void)
422 {
423 	return io_read32(bsec_base() + BSEC_DEN_OFF);
424 }
425 
426 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
427 {
428 	uint32_t bank = otp_bank_offset(otp_id);
429 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
430 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
431 	uint32_t exceptions = 0;
432 
433 	if (otp_id > STM32MP1_OTP_MAX_ID)
434 		return TEE_ERROR_BAD_PARAMETERS;
435 
436 	exceptions = bsec_lock();
437 
438 	io_write32(lock_addr, otp_mask);
439 
440 	bsec_unlock(exceptions);
441 
442 	return TEE_SUCCESS;
443 }
444 
445 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
446 {
447 	return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
448 }
449 
450 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
451 {
452 	return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
453 }
454 
455 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
456 {
457 	return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
458 }
459 
460 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
461 				 size_t lock_offset)
462 {
463 	uint32_t bank = otp_bank_offset(otp_id);
464 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
465 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
466 
467 	if (otp_id > STM32MP1_OTP_MAX_ID)
468 		return TEE_ERROR_BAD_PARAMETERS;
469 
470 	*locked = (io_read32(lock_addr) & otp_mask) != 0;
471 
472 	return TEE_SUCCESS;
473 }
474 
475 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
476 {
477 	return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
478 }
479 
480 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
481 {
482 	return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
483 }
484 
485 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
486 {
487 	return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
488 }
489 
490 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
491 {
492 	return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
493 }
494 
495 TEE_Result stm32_bsec_otp_lock(uint32_t service)
496 {
497 	vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF;
498 
499 	switch (service) {
500 	case BSEC_LOCK_UPPER_OTP:
501 		io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP));
502 		break;
503 	case BSEC_LOCK_DEBUG:
504 		io_write32(addr, BIT(BSEC_LOCK_DEBUG));
505 		break;
506 	case BSEC_LOCK_PROGRAM:
507 		io_write32(addr, BIT(BSEC_LOCK_PROGRAM));
508 		break;
509 	default:
510 		return TEE_ERROR_BAD_PARAMETERS;
511 	}
512 
513 	return TEE_SUCCESS;
514 }
515 
516 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
517 {
518 	if (otp_id > otp_max_id())
519 		return false;
520 
521 	return otp_id < bsec_dev.upper_base;
522 }
523 
524 static TEE_Result initialize_bsec(void)
525 {
526 	struct stm32_bsec_static_cfg cfg = { };
527 
528 	stm32mp_get_bsec_static_cfg(&cfg);
529 
530 	bsec_dev.base.pa = cfg.base;
531 	bsec_dev.upper_base = cfg.upper_start;
532 	bsec_dev.max_id = cfg.max_id;
533 
534 	return TEE_SUCCESS;
535 }
536 
537 driver_init(initialize_bsec);
538