xref: /optee_os/core/include/drivers/stm32_bsec.h (revision 4b4b84a8de8ed567d491979f8e31e134f9b5cd08) 
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3  * Copyright (c) 2017-2022, STMicroelectronics
4  */
5 
6 #ifndef __STM32_BSEC_H
7 #define __STM32_BSEC_H
8 
9 #include <compiler.h>
10 #include <stdint.h>
11 #include <tee_api.h>
12 
13 /* BSEC_DEBUG */
14 #define BSEC_HDPEN			BIT(4)
15 #define BSEC_SPIDEN			BIT(5)
16 #define BSEC_SPINDEN			BIT(6)
17 #define BSEC_DBGSWGEN			BIT(10)
18 #define BSEC_DEBUG_ALL			(BSEC_HDPEN | \
19 					 BSEC_SPIDEN | \
20 					 BSEC_SPINDEN | \
21 					 BSEC_DBGSWGEN)
22 
23 #define BSEC_BITS_PER_WORD		(8U * sizeof(uint32_t))
24 #define BSEC_BYTES_PER_WORD		sizeof(uint32_t)
25 
26 /* BSEC different global states */
27 enum stm32_bsec_sec_state {
28 	BSEC_STATE_SEC_CLOSED,
29 	BSEC_STATE_SEC_OPEN,
30 	BSEC_STATE_INVALID
31 };
32 
33 /*
34  * Load OTP from SAFMEM and provide its value
35  * @value: Output read value
36  * @otp_id: OTP number
37  * Return a TEE_Result compliant return value
38  */
39 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *value, uint32_t otp_id);
40 
41 /*
42  * Read an OTP data value
43  * @value: Output read value
44  * @otp_id: OTP number
45  * Return a TEE_Result compliant return value
46  */
47 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id);
48 
49 /*
50  * Write value in BSEC data register
51  * @value: Value to write
52  * @otp_id: OTP number
53  * Return a TEE_Result compliant return value
54  */
55 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id);
56 
57 /*
58  * Program a bit in SAFMEM without BSEC data refresh
59  * @value: Value to program.
60  * @otp_id: OTP number.
61  * Return a TEE_Result compliant return value
62  */
63 #ifdef CFG_STM32_BSEC_WRITE
64 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id);
65 #else
66 static inline TEE_Result stm32_bsec_program_otp(uint32_t value __unused,
67 						uint32_t otp_id __unused)
68 {
69 	return TEE_ERROR_NOT_SUPPORTED;
70 }
71 #endif
72 
73 /*
74  * Permanent lock of OTP in SAFMEM
75  * @otp_id: OTP number
76  * Return a TEE_Result compliant return value
77  */
78 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id);
79 
80 /*
81  * Enable/disable debug service
82  * @value: Value to write
83  * Return a TEE_Result compliant return value
84  */
85 TEE_Result stm32_bsec_write_debug_conf(uint32_t value);
86 
87 /* Return debug configuration read from BSEC */
88 uint32_t stm32_bsec_read_debug_conf(void);
89 
90 /*
91  * Write shadow-read lock
92  * @otp_id: OTP number
93  * Return a TEE_Result compliant return value
94  */
95 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id);
96 
97 /*
98  * Read shadow-read lock
99  * @otp_id: OTP number
100  * @locked: (out) true if shadow-read is locked, false if not locked.
101  * Return a TEE_Result compliant return value
102  */
103 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked);
104 
105 /*
106  * Write shadow-write lock
107  * @otp_id: OTP number
108  * Return a TEE_Result compliant return value
109  */
110 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id);
111 
112 /*
113  * Read shadow-write lock
114  * @otp_id: OTP number
115  * @locked: (out) true if shadow-write is locked, false if not locked.
116  * Return a TEE_Result compliant return value
117  */
118 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked);
119 
120 /*
121  * Write shadow-program lock
122  * @otp_id: OTP number
123  * Return a TEE_Result compliant return value
124  */
125 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id);
126 
127 /*
128  * Read shadow-program lock
129  * @otp_id: OTP number
130  * @locked: (out) true if shadow-program is locked, false if not locked.
131  * Return a TEE_Result compliant return value
132  */
133 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked);
134 
135 /*
136  * Read permanent lock status
137  * @otp_id: OTP number
138  * @locked: (out) true if permanent lock is locked, false if not locked.
139  * Return a TEE_Result compliant return value
140  */
141 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked);
142 
143 /*
144  * Return true if OTP can be read, false otherwise
145  * @otp_id: OTP number
146  */
147 bool stm32_bsec_can_access_otp(uint32_t otp_id);
148 
149 /*
150  * Return true if non-secure world is allowed to read the target OTP
151  * @otp_id: OTP number
152  */
153 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id);
154 
155 /*
156  * Find and get OTP location from its name.
157  * @name: sub-node name to look up.
158  * @otp_id: pointer to output OTP number or NULL.
159  * @otp_bit_len: pointer to output OTP length in bits or NULL.
160  * Return a TEE_Result compliant status
161  */
162 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
163 					       uint32_t *otp_id,
164 					       size_t *otp_bit_len);
165 
166 /*
167  * Get BSEC global sec state.
168  * @sec_state: Global BSEC current sec state
169  * Return a TEE_Result compliant status
170  */
171 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *sec_state);
172 
173 #endif /*__STM32_BSEC_H*/
174