1 /* 2 * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <limits.h> 9 10 #include <arch_helpers.h> 11 #include <common/debug.h> 12 #include <drivers/st/bsec.h> 13 #include <drivers/st/bsec2_reg.h> 14 #include <lib/mmio.h> 15 #include <lib/spinlock.h> 16 #include <libfdt.h> 17 18 #include <platform_def.h> 19 20 #define BSEC_IP_VERSION_1_1 U(0x11) 21 #define BSEC_IP_VERSION_2_0 U(0x20) 22 #define BSEC_IP_ID_2 U(0x100032) 23 24 /* 25 * IP configuration 26 */ 27 #define BSEC_OTP_MASK GENMASK(4, 0) 28 #define BSEC_OTP_BANK_SHIFT 5 29 #define BSEC_TIMEOUT_VALUE U(0xFFFF) 30 31 #define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT) 32 33 static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __maybe_unused; 34 35 static uint32_t bsec_shadow_register(uint32_t otp); 36 static uint32_t bsec_power_safmem(bool power); 37 static uint32_t bsec_get_version(void); 38 static uint32_t bsec_get_id(void); 39 static uint32_t bsec_get_status(void); 40 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value); 41 42 /* BSEC access protection */ 43 static spinlock_t bsec_spinlock; 44 45 static void bsec_lock(void) 46 { 47 if (stm32mp_lock_available()) { 48 spin_lock(&bsec_spinlock); 49 } 50 } 51 52 static void bsec_unlock(void) 53 { 54 if (stm32mp_lock_available()) { 55 spin_unlock(&bsec_spinlock); 56 } 57 } 58 59 static bool is_otp_invalid_mode(void) 60 { 61 bool ret = ((bsec_get_status() & BSEC_OTP_STATUS_INVALID) == BSEC_OTP_STATUS_INVALID); 62 63 if (ret) { 64 ERROR("OTP mode is OTP-INVALID\n"); 65 } 66 67 return ret; 68 } 69 70 #if defined(IMAGE_BL32) 71 static int bsec_get_dt_node(struct dt_node_info *info) 72 { 73 int node; 74 75 node = dt_get_node(info, -1, DT_BSEC_COMPAT); 76 if (node < 0) { 77 return -FDT_ERR_NOTFOUND; 78 } 79 80 return node; 81 } 82 83 static void enable_non_secure_access(uint32_t otp) 84 { 85 otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT); 86 87 if (bsec_shadow_register(otp) != BSEC_OK) { 88 panic(); 89 } 90 } 91 92 static bool non_secure_can_access(uint32_t otp) 93 { 94 return (otp_nsec_access[otp / __WORD_BIT] & 95 BIT(otp % __WORD_BIT)) != 0U; 96 } 97 98 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node) 99 { 100 int bsec_subnode; 101 102 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) { 103 const fdt32_t *cuint; 104 uint32_t otp; 105 uint32_t i; 106 uint32_t size; 107 uint32_t offset; 108 uint32_t length; 109 110 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL); 111 if (cuint == NULL) { 112 panic(); 113 } 114 115 offset = fdt32_to_cpu(*cuint); 116 cuint++; 117 length = fdt32_to_cpu(*cuint); 118 119 otp = offset / sizeof(uint32_t); 120 121 if (otp < STM32MP1_UPPER_OTP_START) { 122 unsigned int otp_end = round_up(offset + length, 123 sizeof(uint32_t)) / 124 sizeof(uint32_t); 125 126 if (otp_end > STM32MP1_UPPER_OTP_START) { 127 /* 128 * OTP crosses Lower/Upper boundary, consider 129 * only the upper part. 130 */ 131 otp = STM32MP1_UPPER_OTP_START; 132 length -= (STM32MP1_UPPER_OTP_START * 133 sizeof(uint32_t)) - offset; 134 offset = STM32MP1_UPPER_OTP_START * 135 sizeof(uint32_t); 136 137 WARN("OTP crosses Lower/Upper boundary\n"); 138 } else { 139 continue; 140 } 141 } 142 143 if ((fdt_getprop(fdt, bsec_subnode, 144 "st,non-secure-otp", NULL)) == NULL) { 145 continue; 146 } 147 148 if (((offset % sizeof(uint32_t)) != 0U) || 149 ((length % sizeof(uint32_t)) != 0U)) { 150 ERROR("Unaligned non-secure OTP\n"); 151 panic(); 152 } 153 154 size = length / sizeof(uint32_t); 155 156 for (i = otp; i < (otp + size); i++) { 157 enable_non_secure_access(i); 158 } 159 } 160 } 161 162 static void bsec_late_init(void) 163 { 164 void *fdt; 165 int node; 166 struct dt_node_info bsec_info; 167 168 if (fdt_get_address(&fdt) == 0) { 169 EARLY_ERROR("%s: DT not found\n", __func__); 170 panic(); 171 } 172 173 node = bsec_get_dt_node(&bsec_info); 174 if (node < 0) { 175 EARLY_ERROR("%s: BSEC node not found\n", __func__); 176 panic(); 177 } 178 179 assert(bsec_info.base == BSEC_BASE); 180 181 bsec_dt_otp_nsec_access(fdt, node); 182 } 183 #endif 184 185 static uint32_t otp_bank_offset(uint32_t otp) 186 { 187 assert(otp <= STM32MP1_OTP_MAX_ID); 188 189 return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) * 190 sizeof(uint32_t); 191 } 192 193 static uint32_t otp_bit_mask(uint32_t otp) 194 { 195 return BIT(otp & BSEC_OTP_MASK); 196 } 197 198 /* 199 * bsec_check_error: check BSEC error status. 200 * otp: OTP number. 201 * check_disturbed: check only error (false), 202 * or error and disturbed status (true). 203 * return value: BSEC_OK if no error. 204 */ 205 static uint32_t bsec_check_error(uint32_t otp, bool check_disturbed) 206 { 207 uint32_t bit = otp_bit_mask(otp); 208 uint32_t bank = otp_bank_offset(otp); 209 210 if ((mmio_read_32(BSEC_BASE + BSEC_ERROR_OFF + bank) & bit) != 0U) { 211 return BSEC_ERROR; 212 } 213 214 if (!check_disturbed) { 215 return BSEC_OK; 216 } 217 218 if ((mmio_read_32(BSEC_BASE + BSEC_DISTURBED_OFF + bank) & bit) != 0U) { 219 return BSEC_DISTURBED; 220 } 221 222 return BSEC_OK; 223 } 224 225 /* 226 * bsec_probe: initialize BSEC driver. 227 * return value: BSEC_OK if no error. 228 */ 229 uint32_t bsec_probe(void) 230 { 231 uint32_t version; 232 uint32_t id; 233 234 if (is_otp_invalid_mode()) { 235 EARLY_ERROR("%s: otp_invalid_mod\n", __func__); 236 return BSEC_ERROR; 237 } 238 239 version = bsec_get_version(); 240 id = bsec_get_id(); 241 242 if (((version != BSEC_IP_VERSION_1_1) && 243 (version != BSEC_IP_VERSION_2_0)) || 244 (id != BSEC_IP_ID_2)) { 245 EARLY_ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id); 246 panic(); 247 } 248 249 #if defined(IMAGE_BL32) 250 bsec_late_init(); 251 #endif 252 return BSEC_OK; 253 } 254 255 /* 256 * bsec_shadow_register: copy SAFMEM OTP to BSEC data. 257 * otp: OTP number. 258 * return value: BSEC_OK if no error. 259 */ 260 static uint32_t bsec_shadow_register(uint32_t otp) 261 { 262 uint32_t result; 263 bool value; 264 bool power_up = false; 265 266 if (is_otp_invalid_mode()) { 267 return BSEC_ERROR; 268 } 269 270 result = bsec_read_sr_lock(otp, &value); 271 if (result != BSEC_OK) { 272 ERROR("BSEC: %u Sticky-read bit read Error %u\n", otp, result); 273 return result; 274 } 275 276 if (value) { 277 VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", 278 otp); 279 } 280 281 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) { 282 result = bsec_power_safmem(true); 283 284 if (result != BSEC_OK) { 285 return result; 286 } 287 288 power_up = true; 289 } 290 291 bsec_lock(); 292 293 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_READ); 294 295 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) { 296 ; 297 } 298 299 result = bsec_check_error(otp, true); 300 301 bsec_unlock(); 302 303 if (power_up) { 304 if (bsec_power_safmem(false) != BSEC_OK) { 305 panic(); 306 } 307 } 308 309 return result; 310 } 311 312 /* 313 * bsec_read_otp: read an OTP data value. 314 * val: read value. 315 * otp: OTP number. 316 * return value: BSEC_OK if no error. 317 */ 318 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp) 319 { 320 if (is_otp_invalid_mode()) { 321 return BSEC_ERROR; 322 } 323 324 if (otp > STM32MP1_OTP_MAX_ID) { 325 return BSEC_INVALID_PARAM; 326 } 327 328 *val = mmio_read_32(BSEC_BASE + BSEC_OTP_DATA_OFF + 329 (otp * sizeof(uint32_t))); 330 331 return BSEC_OK; 332 } 333 334 /* 335 * bsec_write_otp: write value in BSEC data register. 336 * val: value to write. 337 * otp: OTP number. 338 * return value: BSEC_OK if no error. 339 */ 340 uint32_t bsec_write_otp(uint32_t val, uint32_t otp) 341 { 342 uint32_t result; 343 bool value; 344 345 if (is_otp_invalid_mode()) { 346 return BSEC_ERROR; 347 } 348 349 result = bsec_read_sw_lock(otp, &value); 350 if (result != BSEC_OK) { 351 ERROR("BSEC: %u Sticky-write bit read Error %u\n", otp, result); 352 return result; 353 } 354 355 if (value) { 356 VERBOSE("BSEC: OTP %u is locked and write will be ignored\n", 357 otp); 358 } 359 360 /* Ensure integrity of each register access sequence */ 361 bsec_lock(); 362 363 mmio_write_32(BSEC_BASE + BSEC_OTP_DATA_OFF + 364 (otp * sizeof(uint32_t)), val); 365 366 bsec_unlock(); 367 368 return result; 369 } 370 371 /* 372 * bsec_program_otp: program a bit in SAFMEM after the prog. 373 * The OTP data is not refreshed. 374 * val: value to program. 375 * otp: OTP number. 376 * return value: BSEC_OK if no error. 377 */ 378 uint32_t bsec_program_otp(uint32_t val, uint32_t otp) 379 { 380 uint32_t result; 381 bool power_up = false; 382 bool sp_lock; 383 bool perm_lock; 384 385 if (is_otp_invalid_mode()) { 386 return BSEC_ERROR; 387 } 388 389 result = bsec_read_sp_lock(otp, &sp_lock); 390 if (result != BSEC_OK) { 391 ERROR("BSEC: %u Sticky-prog bit read Error %u\n", otp, result); 392 return result; 393 } 394 395 result = bsec_read_permanent_lock(otp, &perm_lock); 396 if (result != BSEC_OK) { 397 ERROR("BSEC: %u permanent bit read Error %u\n", otp, result); 398 return result; 399 } 400 401 if (sp_lock || perm_lock) { 402 WARN("BSEC: OTP locked, prog will be ignored\n"); 403 return BSEC_PROG_FAIL; 404 } 405 406 if ((mmio_read_32(BSEC_BASE + BSEC_OTP_LOCK_OFF) & GPLOCK_LOCK_MASK) != 0U) { 407 WARN("BSEC: GPLOCK activated, prog will be ignored\n"); 408 } 409 410 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) { 411 result = bsec_power_safmem(true); 412 413 if (result != BSEC_OK) { 414 return result; 415 } 416 417 power_up = true; 418 } 419 420 bsec_lock(); 421 422 mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, val); 423 424 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE); 425 426 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) { 427 ; 428 } 429 430 if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) { 431 result = BSEC_PROG_FAIL; 432 } else { 433 result = bsec_check_error(otp, true); 434 } 435 436 bsec_unlock(); 437 438 if (power_up) { 439 if (bsec_power_safmem(false) != BSEC_OK) { 440 panic(); 441 } 442 } 443 444 return result; 445 } 446 447 /* 448 * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM. 449 * otp: OTP number. 450 * return value: BSEC_OK if no error. 451 */ 452 #if defined(IMAGE_BL32) 453 uint32_t bsec_permanent_lock_otp(uint32_t otp) 454 { 455 uint32_t result; 456 bool power_up = false; 457 uint32_t data; 458 uint32_t addr; 459 460 if (is_otp_invalid_mode()) { 461 return BSEC_ERROR; 462 } 463 464 if (otp > STM32MP1_OTP_MAX_ID) { 465 return BSEC_INVALID_PARAM; 466 } 467 468 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) { 469 result = bsec_power_safmem(true); 470 471 if (result != BSEC_OK) { 472 return result; 473 } 474 475 power_up = true; 476 } 477 478 if (otp < STM32MP1_UPPER_OTP_START) { 479 addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT; 480 data = DATA_LOWER_OTP_PERLOCK_BIT << 481 ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U); 482 } else { 483 addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U; 484 data = DATA_UPPER_OTP_PERLOCK_BIT << 485 (otp & DATA_UPPER_OTP_PERLOCK_MASK); 486 } 487 488 bsec_lock(); 489 490 mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, data); 491 492 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, 493 addr | BSEC_WRITE | BSEC_LOCK); 494 495 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) { 496 ; 497 } 498 499 if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) { 500 result = BSEC_PROG_FAIL; 501 } else { 502 result = bsec_check_error(otp, false); 503 } 504 505 bsec_unlock(); 506 507 if (power_up) { 508 if (bsec_power_safmem(false) != BSEC_OK) { 509 panic(); 510 } 511 } 512 513 return result; 514 } 515 #endif 516 517 /* 518 * bsec_read_debug_conf: return debug configuration register value. 519 */ 520 uint32_t bsec_read_debug_conf(void) 521 { 522 return mmio_read_32(BSEC_BASE + BSEC_DEN_OFF); 523 } 524 525 /* 526 * bsec_write_scratch: write value in scratch register. 527 * val: value to write. 528 * return value: none. 529 */ 530 void bsec_write_scratch(uint32_t val) 531 { 532 #if defined(IMAGE_BL32) 533 if (is_otp_invalid_mode()) { 534 return; 535 } 536 537 bsec_lock(); 538 mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val); 539 bsec_unlock(); 540 #else 541 mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val); 542 #endif 543 } 544 545 /* 546 * bsec_get_status: return status register value. 547 */ 548 static uint32_t bsec_get_status(void) 549 { 550 return mmio_read_32(BSEC_BASE + BSEC_OTP_STATUS_OFF); 551 } 552 553 /* 554 * bsec_get_version: return BSEC version register value. 555 */ 556 static uint32_t bsec_get_version(void) 557 { 558 return mmio_read_32(BSEC_BASE + BSEC_IPVR_OFF) & BSEC_IPVR_MSK; 559 } 560 561 /* 562 * bsec_get_id: return BSEC ID register value. 563 */ 564 static uint32_t bsec_get_id(void) 565 { 566 return mmio_read_32(BSEC_BASE + BSEC_IP_ID_OFF); 567 } 568 569 /* 570 * bsec_set_sr_lock: set shadow-read lock. 571 * otp: OTP number. 572 * return value: BSEC_OK if no error. 573 */ 574 uint32_t bsec_set_sr_lock(uint32_t otp) 575 { 576 uint32_t bank = otp_bank_offset(otp); 577 uint32_t otp_mask = otp_bit_mask(otp); 578 579 if (is_otp_invalid_mode()) { 580 return BSEC_ERROR; 581 } 582 583 if (otp > STM32MP1_OTP_MAX_ID) { 584 return BSEC_INVALID_PARAM; 585 } 586 587 bsec_lock(); 588 mmio_write_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank, otp_mask); 589 bsec_unlock(); 590 591 return BSEC_OK; 592 } 593 594 /* 595 * bsec_read_sr_lock: read shadow-read lock. 596 * otp: OTP number. 597 * value: read value (true or false). 598 * return value: BSEC_OK if no error. 599 */ 600 uint32_t bsec_read_sr_lock(uint32_t otp, bool *value) 601 { 602 uint32_t bank = otp_bank_offset(otp); 603 uint32_t otp_mask = otp_bit_mask(otp); 604 uint32_t bank_value; 605 606 if (otp > STM32MP1_OTP_MAX_ID) { 607 return BSEC_INVALID_PARAM; 608 } 609 610 bank_value = mmio_read_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank); 611 612 *value = ((bank_value & otp_mask) != 0U); 613 614 return BSEC_OK; 615 } 616 617 /* 618 * bsec_set_sw_lock: set shadow-write lock. 619 * otp: OTP number. 620 * return value: BSEC_OK if no error. 621 */ 622 uint32_t bsec_set_sw_lock(uint32_t otp) 623 { 624 uint32_t bank = otp_bank_offset(otp); 625 uint32_t otp_mask = otp_bit_mask(otp); 626 627 if (is_otp_invalid_mode()) { 628 return BSEC_ERROR; 629 } 630 631 if (otp > STM32MP1_OTP_MAX_ID) { 632 return BSEC_INVALID_PARAM; 633 } 634 635 bsec_lock(); 636 mmio_write_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank, otp_mask); 637 bsec_unlock(); 638 639 return BSEC_OK; 640 } 641 642 /* 643 * bsec_read_sw_lock: read shadow-write lock. 644 * otp: OTP number. 645 * value: read value (true or false). 646 * return value: BSEC_OK if no error. 647 */ 648 uint32_t bsec_read_sw_lock(uint32_t otp, bool *value) 649 { 650 uint32_t bank = otp_bank_offset(otp); 651 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK); 652 uint32_t bank_value; 653 654 if (otp > STM32MP1_OTP_MAX_ID) { 655 return BSEC_INVALID_PARAM; 656 } 657 658 bank_value = mmio_read_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank); 659 660 *value = ((bank_value & otp_mask) != 0U); 661 662 return BSEC_OK; 663 } 664 665 /* 666 * bsec_set_sp_lock: set shadow-program lock. 667 * otp: OTP number. 668 * return value: BSEC_OK if no error. 669 */ 670 uint32_t bsec_set_sp_lock(uint32_t otp) 671 { 672 uint32_t bank = otp_bank_offset(otp); 673 uint32_t otp_mask = otp_bit_mask(otp); 674 675 if (is_otp_invalid_mode()) { 676 return BSEC_ERROR; 677 } 678 679 if (otp > STM32MP1_OTP_MAX_ID) { 680 return BSEC_INVALID_PARAM; 681 } 682 683 bsec_lock(); 684 mmio_write_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank, otp_mask); 685 bsec_unlock(); 686 687 return BSEC_OK; 688 } 689 690 /* 691 * bsec_read_sp_lock: read shadow-program lock. 692 * otp: OTP number. 693 * value: read value (true or false). 694 * return value: BSEC_OK if no error. 695 */ 696 uint32_t bsec_read_sp_lock(uint32_t otp, bool *value) 697 { 698 uint32_t bank = otp_bank_offset(otp); 699 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK); 700 uint32_t bank_value; 701 702 if (otp > STM32MP1_OTP_MAX_ID) { 703 return BSEC_INVALID_PARAM; 704 } 705 706 bank_value = mmio_read_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank); 707 708 *value = ((bank_value & otp_mask) != 0U); 709 710 return BSEC_OK; 711 } 712 713 /* 714 * bsec_read_permanent_lock: Read permanent lock status. 715 * otp: OTP number. 716 * value: read value (true or false). 717 * return value: BSEC_OK if no error. 718 */ 719 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value) 720 { 721 uint32_t bank = otp_bank_offset(otp); 722 uint32_t otp_mask = otp_bit_mask(otp); 723 uint32_t bank_value; 724 725 if (otp > STM32MP1_OTP_MAX_ID) { 726 return BSEC_INVALID_PARAM; 727 } 728 729 bank_value = mmio_read_32(BSEC_BASE + BSEC_WRLOCK_OFF + bank); 730 731 *value = ((bank_value & otp_mask) != 0U); 732 733 return BSEC_OK; 734 } 735 736 /* 737 * bsec_power_safmem: Activate or deactivate SAFMEM power. 738 * power: true to power up, false to power down. 739 * return value: BSEC_OK if no error. 740 */ 741 static uint32_t bsec_power_safmem(bool power) 742 { 743 uint32_t register_val; 744 uint32_t timeout = BSEC_TIMEOUT_VALUE; 745 746 bsec_lock(); 747 748 register_val = mmio_read_32(BSEC_BASE + BSEC_OTP_CONF_OFF); 749 750 if (power) { 751 register_val |= BSEC_CONF_POWER_UP_MASK; 752 } else { 753 register_val &= ~BSEC_CONF_POWER_UP_MASK; 754 } 755 756 mmio_write_32(BSEC_BASE + BSEC_OTP_CONF_OFF, register_val); 757 758 if (power) { 759 while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) && 760 (timeout != 0U)) { 761 timeout--; 762 } 763 } else { 764 while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) != 0U) && 765 (timeout != 0U)) { 766 timeout--; 767 } 768 } 769 770 bsec_unlock(); 771 772 if (timeout == 0U) { 773 return BSEC_TIMEOUT; 774 } 775 776 return BSEC_OK; 777 } 778 779 /* 780 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value. 781 * val: read value. 782 * otp: OTP number. 783 * return value: BSEC_OK if no error. 784 */ 785 uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp) 786 { 787 uint32_t result; 788 789 result = bsec_shadow_register(otp); 790 if (result != BSEC_OK) { 791 ERROR("BSEC: %u Shadowing Error %u\n", otp, result); 792 return result; 793 } 794 795 result = bsec_read_otp(val, otp); 796 if (result != BSEC_OK) { 797 ERROR("BSEC: %u Read Error %u\n", otp, result); 798 } 799 800 return result; 801 } 802 803 #if defined(IMAGE_BL32) 804 /* 805 * bsec_check_nsec_access_rights: check non-secure access rights to target OTP. 806 * otp: OTP number. 807 * return value: BSEC_OK if authorized access. 808 */ 809 uint32_t bsec_check_nsec_access_rights(uint32_t otp) 810 { 811 if (otp > STM32MP1_OTP_MAX_ID) { 812 return BSEC_INVALID_PARAM; 813 } 814 815 if (otp >= STM32MP1_UPPER_OTP_START) { 816 if (!non_secure_can_access(otp)) { 817 return BSEC_ERROR; 818 } 819 } 820 821 return BSEC_OK; 822 } 823 #endif 824 825 uint32_t bsec_get_secure_state(void) 826 { 827 uint32_t status = bsec_get_status(); 828 uint32_t result = BSEC_STATE_INVALID; 829 uint32_t otp_enc_id __maybe_unused; 830 uint32_t otp_bit_len __maybe_unused; 831 int res __maybe_unused; 832 833 if ((status & BSEC_OTP_STATUS_INVALID) != 0U) { 834 result = BSEC_STATE_INVALID; 835 } else { 836 if ((status & BSEC_OTP_STATUS_SECURE) != 0U) { 837 if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) { 838 result = BSEC_STATE_SEC_CLOSED; 839 } else { 840 result = BSEC_STATE_SEC_OPEN; 841 } 842 } else { 843 /* OTP modes OPEN1 and OPEN2 are not supported */ 844 result = BSEC_STATE_INVALID; 845 } 846 } 847 848 return result; 849 } 850