xref: /optee_os/core/include/drivers/stm32_bsec.h (revision cb5f271c1eaed4c18fd26873f152afc0590b0413) 
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3  * Copyright (c) 2017-2022, STMicroelectronics
4  */
5 
6 #ifndef __STM32_BSEC_H
7 #define __STM32_BSEC_H
8 
9 #include <compiler.h>
10 #include <stdint.h>
11 #include <tee_api.h>
12 
13 /* BSEC_DEBUG */
14 #define BSEC_HDPEN			BIT(4)
15 #define BSEC_SPIDEN			BIT(5)
16 #define BSEC_SPINDEN			BIT(6)
17 #define BSEC_DBGSWGEN			BIT(10)
18 #define BSEC_DEBUG_ALL			(BSEC_HDPEN | \
19 					 BSEC_SPIDEN | \
20 					 BSEC_SPINDEN | \
21 					 BSEC_DBGSWGEN)
22 
23 #define BSEC_BITS_PER_WORD		(8U * sizeof(uint32_t))
24 #define BSEC_BYTES_PER_WORD		sizeof(uint32_t)
25 
26 /* BSEC different global states */
27 enum stm32_bsec_sec_state {
28 	BSEC_STATE_SEC_CLOSED,
29 	BSEC_STATE_SEC_OPEN,
30 	BSEC_STATE_INVALID
31 };
32 
33 /*
34  * Load OTP from SAFMEM and provide its value
35  * @value: Output read value
36  * @otp_id: OTP number
37  * Return a TEE_Result compliant return value
38  */
39 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *value, uint32_t otp_id);
40 
41 /*
42  * Copy SAFMEM OTP to BSEC data.
43  * @otp_id: OTP number.
44  * Return a TEE_Result compliant return value
45  */
46 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id);
47 
48 /*
49  * Read an OTP data value
50  * @value: Output read value
51  * @otp_id: OTP number
52  * Return a TEE_Result compliant return value
53  */
54 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id);
55 
56 /*
57  * Write value in BSEC data register
58  * @value: Value to write
59  * @otp_id: OTP number
60  * Return a TEE_Result compliant return value
61  */
62 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id);
63 
64 /*
65  * Program a bit in SAFMEM without BSEC data refresh
66  * @value: Value to program.
67  * @otp_id: OTP number.
68  * Return a TEE_Result compliant return value
69  */
70 #ifdef CFG_STM32_BSEC_WRITE
71 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id);
72 #else
73 static inline TEE_Result stm32_bsec_program_otp(uint32_t value __unused,
74 						uint32_t otp_id __unused)
75 {
76 	return TEE_ERROR_NOT_SUPPORTED;
77 }
78 #endif
79 
80 /*
81  * Permanent lock of OTP in SAFMEM
82  * @otp_id: OTP number
83  * Return a TEE_Result compliant return value
84  */
85 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id);
86 
87 /*
88  * Enable/disable debug service
89  * @value: Value to write
90  * Return a TEE_Result compliant return value
91  */
92 TEE_Result stm32_bsec_write_debug_conf(uint32_t value);
93 
94 /* Return debug configuration read from BSEC */
95 uint32_t stm32_bsec_read_debug_conf(void);
96 
97 /*
98  * Write shadow-read lock
99  * @otp_id: OTP number
100  * Return a TEE_Result compliant return value
101  */
102 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id);
103 
104 /*
105  * Read shadow-read lock
106  * @otp_id: OTP number
107  * @locked: (out) true if shadow-read is locked, false if not locked.
108  * Return a TEE_Result compliant return value
109  */
110 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked);
111 
112 /*
113  * Write shadow-write lock
114  * @otp_id: OTP number
115  * Return a TEE_Result compliant return value
116  */
117 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id);
118 
119 /*
120  * Read shadow-write lock
121  * @otp_id: OTP number
122  * @locked: (out) true if shadow-write is locked, false if not locked.
123  * Return a TEE_Result compliant return value
124  */
125 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked);
126 
127 /*
128  * Write shadow-program lock
129  * @otp_id: OTP number
130  * Return a TEE_Result compliant return value
131  */
132 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id);
133 
134 /*
135  * Read shadow-program lock
136  * @otp_id: OTP number
137  * @locked: (out) true if shadow-program is locked, false if not locked.
138  * Return a TEE_Result compliant return value
139  */
140 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked);
141 
142 /*
143  * Read permanent lock status
144  * @otp_id: OTP number
145  * @locked: (out) true if permanent lock is locked, false if not locked.
146  * Return a TEE_Result compliant return value
147  */
148 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked);
149 
150 /*
151  * Return true if OTP can be read, false otherwise
152  * @otp_id: OTP number
153  */
154 bool stm32_bsec_can_access_otp(uint32_t otp_id);
155 
156 /*
157  * Return true if non-secure world is allowed to read the target OTP
158  * @otp_id: OTP number
159  */
160 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id);
161 
162 /*
163  * Find and get OTP location from its name.
164  * @name: sub-node name to look up.
165  * @otp_id: pointer to output OTP number or NULL.
166  * @otp_bit_len: pointer to output OTP length in bits or NULL.
167  * Return a TEE_Result compliant status
168  */
169 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
170 					       uint32_t *otp_id,
171 					       size_t *otp_bit_len);
172 
173 /*
174  * Get BSEC global sec state.
175  * @sec_state: Global BSEC current sec state
176  * Return a TEE_Result compliant status
177  */
178 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *sec_state);
179 
180 #endif /*__STM32_BSEC_H*/
181