1 /* SPDX-License-Identifier: BSD-3-Clause */ 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 */ 5 6 #ifndef __DRIVERS_STM32_BSEC_H 7 #define __DRIVERS_STM32_BSEC_H 8 9 #include <compiler.h> 10 #include <stdint.h> 11 #include <tee_api.h> 12 13 /* BSEC_DEBUG */ 14 #define BSEC_HDPEN BIT(4) 15 #define BSEC_SPIDEN BIT(5) 16 #define BSEC_SPINDEN BIT(6) 17 #define BSEC_DBGSWGEN BIT(10) 18 #define BSEC_DEBUG_ALL (BSEC_HDPEN | \ 19 BSEC_SPIDEN | \ 20 BSEC_SPINDEN | \ 21 BSEC_DBGSWGEN) 22 23 #define BSEC_BITS_PER_WORD (8U * sizeof(uint32_t)) 24 #define BSEC_BYTES_PER_WORD sizeof(uint32_t) 25 26 /* BSEC different global states */ 27 enum stm32_bsec_sec_state { 28 BSEC_STATE_SEC_CLOSED, 29 BSEC_STATE_SEC_OPEN, 30 BSEC_STATE_INVALID 31 }; 32 33 /* 34 * Load OTP from SAFMEM and provide its value 35 * @value: Output read value 36 * @otp_id: OTP number 37 * Return a TEE_Result compliant return value 38 */ 39 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *value, uint32_t otp_id); 40 41 /* 42 * Copy SAFMEM OTP to BSEC data. 43 * @otp_id: OTP number. 44 * Return a TEE_Result compliant return value 45 */ 46 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id); 47 48 /* 49 * Read an OTP data value 50 * @value: Output read value 51 * @otp_id: OTP number 52 * Return a TEE_Result compliant return value 53 */ 54 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id); 55 56 /* 57 * Write value in BSEC data register 58 * @value: Value to write 59 * @otp_id: OTP number 60 * Return a TEE_Result compliant return value 61 */ 62 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id); 63 64 /* 65 * Program a bit in SAFMEM without BSEC data refresh 66 * @value: Value to program. 67 * @otp_id: OTP number. 68 * Return a TEE_Result compliant return value 69 */ 70 #ifdef CFG_STM32_BSEC_WRITE 71 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id); 72 #else 73 static inline TEE_Result stm32_bsec_program_otp(uint32_t value __unused, 74 uint32_t otp_id __unused) 75 { 76 return TEE_ERROR_NOT_SUPPORTED; 77 } 78 #endif 79 80 /* 81 * Permanent lock of OTP in SAFMEM 82 * @otp_id: OTP number 83 * Return a TEE_Result compliant return value 84 */ 85 #ifdef CFG_STM32_BSEC_WRITE 86 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id); 87 #else 88 static inline TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id __unused) 89 { 90 return TEE_ERROR_NOT_SUPPORTED; 91 } 92 #endif 93 94 /* 95 * Enable/disable debug service 96 * @value: Value to write 97 * Return a TEE_Result compliant return value 98 */ 99 TEE_Result stm32_bsec_write_debug_conf(uint32_t value); 100 101 /* Return debug configuration read from BSEC */ 102 uint32_t stm32_bsec_read_debug_conf(void); 103 104 /* 105 * Write shadow-read lock 106 * @otp_id: OTP number 107 * Return a TEE_Result compliant return value 108 */ 109 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id); 110 111 /* 112 * Read shadow-read lock 113 * @otp_id: OTP number 114 * @locked: (out) true if shadow-read is locked, false if not locked. 115 * Return a TEE_Result compliant return value 116 */ 117 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked); 118 119 /* 120 * Write shadow-write lock 121 * @otp_id: OTP number 122 * Return a TEE_Result compliant return value 123 */ 124 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id); 125 126 /* 127 * Read shadow-write lock 128 * @otp_id: OTP number 129 * @locked: (out) true if shadow-write is locked, false if not locked. 130 * Return a TEE_Result compliant return value 131 */ 132 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked); 133 134 /* 135 * Write shadow-program lock 136 * @otp_id: OTP number 137 * Return a TEE_Result compliant return value 138 */ 139 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id); 140 141 /* 142 * Read shadow-program lock 143 * @otp_id: OTP number 144 * @locked: (out) true if shadow-program is locked, false if not locked. 145 * Return a TEE_Result compliant return value 146 */ 147 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked); 148 149 /* 150 * Read permanent lock status 151 * @otp_id: OTP number 152 * @locked: (out) true if permanent lock is locked, false if not locked. 153 * Return a TEE_Result compliant return value 154 */ 155 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked); 156 157 /* 158 * Return true if OTP can be read, false otherwise 159 * @otp_id: OTP number 160 */ 161 bool stm32_bsec_can_access_otp(uint32_t otp_id); 162 163 /* 164 * Return true if non-secure world is allowed to read the target OTP 165 * @otp_id: OTP number 166 */ 167 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id); 168 169 /* 170 * Find and get OTP location from its name. 171 * @name: sub-node name to look up. 172 * @otp_id: pointer to output OTP number or NULL. 173 * @otp_bit_offset: pointer to output OTP bit offset in the NVMEM cell or NULL. 174 * @otp_bit_len: pointer to output OTP length in bits or NULL. 175 * Return a TEE_Result compliant status 176 */ 177 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name, 178 uint32_t *otp_id, 179 uint8_t *otp_bit_offset, 180 size_t *otp_bit_len); 181 182 /* 183 * Find and get OTP location from its phandle. 184 * @phandle: node phandle to look up. 185 * @otp_id: pointer to read OTP number or NULL. 186 * @otp_bit_offset: pointer to read offset in OTP in bits or NULL. 187 * @otp_bit_len: pointer to read OTP length in bits or NULL. 188 * Return a TEE_Result compliant status 189 */ 190 TEE_Result stm32_bsec_find_otp_by_phandle(const uint32_t phandle, 191 uint32_t *otp_id, 192 uint8_t *otp_bit_offset, 193 size_t *otp_bit_len); 194 195 /* 196 * Get BSEC global sec state. 197 * @sec_state: Global BSEC current sec state 198 * Return a TEE_Result compliant status 199 */ 200 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *sec_state); 201 202 #endif /*__DRIVERS_STM32_BSEC_H*/ 203