xref: /optee_os/core/include/drivers/stm32_bsec.h (revision 7dfc80ab580541750da0935c623efb5151eea408) 
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3  * Copyright (c) 2017-2022, STMicroelectronics
4  */
5 
6 #ifndef __STM32_BSEC_H
7 #define __STM32_BSEC_H
8 
9 #include <compiler.h>
10 #include <stdint.h>
11 #include <tee_api.h>
12 
13 /* BSEC_DEBUG */
14 #define BSEC_HDPEN			BIT(4)
15 #define BSEC_SPIDEN			BIT(5)
16 #define BSEC_SPINDEN			BIT(6)
17 #define BSEC_DBGSWGEN			BIT(10)
18 #define BSEC_DEBUG_ALL			(BSEC_HDPEN | \
19 					 BSEC_SPIDEN | \
20 					 BSEC_SPINDEN | \
21 					 BSEC_DBGSWGEN)
22 
23 #define BSEC_BITS_PER_WORD		(8U * sizeof(uint32_t))
24 #define BSEC_BYTES_PER_WORD		sizeof(uint32_t)
25 
26 /* BSEC different global states */
27 enum stm32_bsec_sec_state {
28 	BSEC_STATE_SEC_CLOSED,
29 	BSEC_STATE_SEC_OPEN,
30 	BSEC_STATE_INVALID
31 };
32 
33 /*
34  * Load OTP from SAFMEM and provide its value
35  * @value: Output read value
36  * @otp_id: OTP number
37  * Return a TEE_Result compliant return value
38  */
39 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *value, uint32_t otp_id);
40 
41 /*
42  * Copy SAFMEM OTP to BSEC data.
43  * @otp_id: OTP number.
44  * Return a TEE_Result compliant return value
45  */
46 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id);
47 
48 /*
49  * Read an OTP data value
50  * @value: Output read value
51  * @otp_id: OTP number
52  * Return a TEE_Result compliant return value
53  */
54 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id);
55 
56 /*
57  * Write value in BSEC data register
58  * @value: Value to write
59  * @otp_id: OTP number
60  * Return a TEE_Result compliant return value
61  */
62 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id);
63 
64 /*
65  * Program a bit in SAFMEM without BSEC data refresh
66  * @value: Value to program.
67  * @otp_id: OTP number.
68  * Return a TEE_Result compliant return value
69  */
70 #ifdef CFG_STM32_BSEC_WRITE
71 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id);
72 #else
73 static inline TEE_Result stm32_bsec_program_otp(uint32_t value __unused,
74 						uint32_t otp_id __unused)
75 {
76 	return TEE_ERROR_NOT_SUPPORTED;
77 }
78 #endif
79 
80 /*
81  * Permanent lock of OTP in SAFMEM
82  * @otp_id: OTP number
83  * Return a TEE_Result compliant return value
84  */
85 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id);
86 
87 /*
88  * Enable/disable debug service
89  * @value: Value to write
90  * Return a TEE_Result compliant return value
91  */
92 #ifdef CFG_STM32_BSEC_WRITE
93 TEE_Result stm32_bsec_write_debug_conf(uint32_t value);
94 #else
95 static inline TEE_Result stm32_bsec_write_debug_conf(uint32_t value __unused)
96 {
97 	return TEE_ERROR_NOT_SUPPORTED;
98 }
99 #endif
100 
101 /* Return debug configuration read from BSEC */
102 uint32_t stm32_bsec_read_debug_conf(void);
103 
104 /*
105  * Write shadow-read lock
106  * @otp_id: OTP number
107  * Return a TEE_Result compliant return value
108  */
109 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id);
110 
111 /*
112  * Read shadow-read lock
113  * @otp_id: OTP number
114  * @locked: (out) true if shadow-read is locked, false if not locked.
115  * Return a TEE_Result compliant return value
116  */
117 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked);
118 
119 /*
120  * Write shadow-write lock
121  * @otp_id: OTP number
122  * Return a TEE_Result compliant return value
123  */
124 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id);
125 
126 /*
127  * Read shadow-write lock
128  * @otp_id: OTP number
129  * @locked: (out) true if shadow-write is locked, false if not locked.
130  * Return a TEE_Result compliant return value
131  */
132 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked);
133 
134 /*
135  * Write shadow-program lock
136  * @otp_id: OTP number
137  * Return a TEE_Result compliant return value
138  */
139 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id);
140 
141 /*
142  * Read shadow-program lock
143  * @otp_id: OTP number
144  * @locked: (out) true if shadow-program is locked, false if not locked.
145  * Return a TEE_Result compliant return value
146  */
147 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked);
148 
149 /*
150  * Read permanent lock status
151  * @otp_id: OTP number
152  * @locked: (out) true if permanent lock is locked, false if not locked.
153  * Return a TEE_Result compliant return value
154  */
155 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked);
156 
157 /*
158  * Lock Upper OTP or Global programming or debug enable
159  * @service: Service to lock, see header file
160  * Return a TEE_Result compliant return value
161  */
162 TEE_Result stm32_bsec_otp_lock(uint32_t service);
163 
164 /*
165  * Return true if OTP can be read, false otherwise
166  * @otp_id: OTP number
167  */
168 bool stm32_bsec_can_access_otp(uint32_t otp_id);
169 
170 /*
171  * Return true if non-secure world is allowed to read the target OTP
172  * @otp_id: OTP number
173  */
174 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id);
175 
176 /*
177  * Find and get OTP location from its name.
178  * @name: sub-node name to look up.
179  * @otp_id: pointer to output OTP number or NULL.
180  * @otp_bit_len: pointer to output OTP length in bits or NULL.
181  * Return a TEE_Result compliant status
182  */
183 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
184 					       uint32_t *otp_id,
185 					       size_t *otp_bit_len);
186 
187 /*
188  * Get BSEC global sec state.
189  * @sec_state: Global BSEC current sec state
190  * Return a TEE_Result compliant status
191  */
192 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *sec_state);
193 
194 #endif /*__STM32_BSEC_H*/
195