xref: /rk3399_ARM-atf/drivers/st/bsec/bsec2.c (revision ffb7742125def3e0acca4c7e4d3215af5ce25a31) 
1 /*
2  * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <limits.h>
9 
10 #include <arch_helpers.h>
11 #include <common/debug.h>
12 #include <drivers/st/bsec.h>
13 #include <drivers/st/bsec2_reg.h>
14 #include <lib/mmio.h>
15 #include <lib/spinlock.h>
16 #include <libfdt.h>
17 
18 #include <platform_def.h>
19 
20 #define BSEC_IP_VERSION_1_1	U(0x11)
21 #define BSEC_IP_VERSION_2_0	U(0x20)
22 #define BSEC_IP_ID_2		U(0x100032)
23 
24 /*
25  * IP configuration
26  */
27 #define BSEC_OTP_MASK			GENMASK(4, 0)
28 #define BSEC_OTP_BANK_SHIFT		5
29 #define BSEC_TIMEOUT_VALUE		U(0xFFFF)
30 
31 #define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
32 
33 static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __maybe_unused;
34 
35 static uint32_t bsec_shadow_register(uint32_t otp);
36 static uint32_t bsec_power_safmem(bool power);
37 static uint32_t bsec_get_version(void);
38 static uint32_t bsec_get_id(void);
39 static uint32_t bsec_get_status(void);
40 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value);
41 
42 /* BSEC access protection */
43 static spinlock_t bsec_spinlock;
44 
45 static void bsec_lock(void)
46 {
47 	if (stm32mp_lock_available()) {
48 		spin_lock(&bsec_spinlock);
49 	}
50 }
51 
52 static void bsec_unlock(void)
53 {
54 	if (stm32mp_lock_available()) {
55 		spin_unlock(&bsec_spinlock);
56 	}
57 }
58 
59 static bool is_otp_invalid_mode(void)
60 {
61 	bool ret = ((bsec_get_status() & BSEC_OTP_STATUS_INVALID) == BSEC_OTP_STATUS_INVALID);
62 
63 	if (ret) {
64 		ERROR("OTP mode is OTP-INVALID\n");
65 	}
66 
67 	return ret;
68 }
69 
70 #if defined(IMAGE_BL32)
71 static int bsec_get_dt_node(struct dt_node_info *info)
72 {
73 	int node;
74 
75 	node = dt_get_node(info, -1, DT_BSEC_COMPAT);
76 	if (node < 0) {
77 		return -FDT_ERR_NOTFOUND;
78 	}
79 
80 	return node;
81 }
82 
83 static void enable_non_secure_access(uint32_t otp)
84 {
85 	otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
86 
87 	if (bsec_shadow_register(otp) != BSEC_OK) {
88 		panic();
89 	}
90 }
91 
92 static bool non_secure_can_access(uint32_t otp)
93 {
94 	return (otp_nsec_access[otp / __WORD_BIT] &
95 		BIT(otp % __WORD_BIT)) != 0U;
96 }
97 
98 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
99 {
100 	int bsec_subnode;
101 
102 	fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
103 		const fdt32_t *cuint;
104 		uint32_t otp;
105 		uint32_t i;
106 		uint32_t size;
107 		uint32_t offset;
108 		uint32_t length;
109 
110 		cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
111 		if (cuint == NULL) {
112 			panic();
113 		}
114 
115 		offset = fdt32_to_cpu(*cuint);
116 		cuint++;
117 		length = fdt32_to_cpu(*cuint);
118 
119 		otp = offset / sizeof(uint32_t);
120 
121 		if (otp < STM32MP1_UPPER_OTP_START) {
122 			unsigned int otp_end = round_up(offset + length,
123 						       sizeof(uint32_t)) /
124 					       sizeof(uint32_t);
125 
126 			if (otp_end > STM32MP1_UPPER_OTP_START) {
127 				/*
128 				 * OTP crosses Lower/Upper boundary, consider
129 				 * only the upper part.
130 				 */
131 				otp = STM32MP1_UPPER_OTP_START;
132 				length -= (STM32MP1_UPPER_OTP_START *
133 					   sizeof(uint32_t)) - offset;
134 				offset = STM32MP1_UPPER_OTP_START *
135 					 sizeof(uint32_t);
136 
137 				WARN("OTP crosses Lower/Upper boundary\n");
138 			} else {
139 				continue;
140 			}
141 		}
142 
143 		if ((fdt_getprop(fdt, bsec_subnode,
144 				 "st,non-secure-otp", NULL)) == NULL) {
145 			continue;
146 		}
147 
148 		if (((offset % sizeof(uint32_t)) != 0U) ||
149 		    ((length % sizeof(uint32_t)) != 0U)) {
150 			ERROR("Unaligned non-secure OTP\n");
151 			panic();
152 		}
153 
154 		size = length / sizeof(uint32_t);
155 
156 		for (i = otp; i < (otp + size); i++) {
157 			enable_non_secure_access(i);
158 		}
159 	}
160 }
161 
162 static void bsec_late_init(void)
163 {
164 	void *fdt;
165 	int node;
166 	struct dt_node_info bsec_info;
167 
168 	if (fdt_get_address(&fdt) == 0) {
169 		panic();
170 	}
171 
172 	node = bsec_get_dt_node(&bsec_info);
173 	if (node < 0) {
174 		panic();
175 	}
176 
177 	assert(bsec_info.base == BSEC_BASE);
178 
179 	bsec_dt_otp_nsec_access(fdt, node);
180 }
181 #endif
182 
183 static uint32_t otp_bank_offset(uint32_t otp)
184 {
185 	assert(otp <= STM32MP1_OTP_MAX_ID);
186 
187 	return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
188 	       sizeof(uint32_t);
189 }
190 
191 static uint32_t otp_bit_mask(uint32_t otp)
192 {
193 	return BIT(otp & BSEC_OTP_MASK);
194 }
195 
196 /*
197  * bsec_check_error: check BSEC error status.
198  * otp: OTP number.
199  * check_disturbed: check only error (false),
200  *	or error and disturbed status (true).
201  * return value: BSEC_OK if no error.
202  */
203 static uint32_t bsec_check_error(uint32_t otp, bool check_disturbed)
204 {
205 	uint32_t bit = otp_bit_mask(otp);
206 	uint32_t bank = otp_bank_offset(otp);
207 
208 	if ((mmio_read_32(BSEC_BASE + BSEC_ERROR_OFF + bank) & bit) != 0U) {
209 		return BSEC_ERROR;
210 	}
211 
212 	if (!check_disturbed) {
213 		return BSEC_OK;
214 	}
215 
216 	if ((mmio_read_32(BSEC_BASE + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
217 		return BSEC_DISTURBED;
218 	}
219 
220 	return BSEC_OK;
221 }
222 
223 /*
224  * bsec_probe: initialize BSEC driver.
225  * return value: BSEC_OK if no error.
226  */
227 uint32_t bsec_probe(void)
228 {
229 	if (is_otp_invalid_mode()) {
230 		return BSEC_ERROR;
231 	}
232 
233 	if (((bsec_get_version() != BSEC_IP_VERSION_1_1) &&
234 	     (bsec_get_version() != BSEC_IP_VERSION_2_0)) ||
235 	    (bsec_get_id() != BSEC_IP_ID_2)) {
236 		panic();
237 	}
238 
239 #if defined(IMAGE_BL32)
240 	bsec_late_init();
241 #endif
242 	return BSEC_OK;
243 }
244 
245 /*
246  * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
247  * otp: OTP number.
248  * return value: BSEC_OK if no error.
249  */
250 static uint32_t bsec_shadow_register(uint32_t otp)
251 {
252 	uint32_t result;
253 	bool value;
254 	bool power_up = false;
255 
256 	if (is_otp_invalid_mode()) {
257 		return BSEC_ERROR;
258 	}
259 
260 	result = bsec_read_sr_lock(otp, &value);
261 	if (result != BSEC_OK) {
262 		ERROR("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
263 		return result;
264 	}
265 
266 	if (value) {
267 		VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n",
268 			otp);
269 	}
270 
271 	if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
272 		result = bsec_power_safmem(true);
273 
274 		if (result != BSEC_OK) {
275 			return result;
276 		}
277 
278 		power_up = true;
279 	}
280 
281 	bsec_lock();
282 
283 	mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
284 
285 	while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
286 		;
287 	}
288 
289 	result = bsec_check_error(otp, true);
290 
291 	bsec_unlock();
292 
293 	if (power_up) {
294 		if (bsec_power_safmem(false) != BSEC_OK) {
295 			panic();
296 		}
297 	}
298 
299 	return result;
300 }
301 
302 /*
303  * bsec_read_otp: read an OTP data value.
304  * val: read value.
305  * otp: OTP number.
306  * return value: BSEC_OK if no error.
307  */
308 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
309 {
310 	if (is_otp_invalid_mode()) {
311 		return BSEC_ERROR;
312 	}
313 
314 	if (otp > STM32MP1_OTP_MAX_ID) {
315 		return BSEC_INVALID_PARAM;
316 	}
317 
318 	*val = mmio_read_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
319 			    (otp * sizeof(uint32_t)));
320 
321 	return BSEC_OK;
322 }
323 
324 /*
325  * bsec_write_otp: write value in BSEC data register.
326  * val: value to write.
327  * otp: OTP number.
328  * return value: BSEC_OK if no error.
329  */
330 uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
331 {
332 	uint32_t result;
333 	bool value;
334 
335 	if (is_otp_invalid_mode()) {
336 		return BSEC_ERROR;
337 	}
338 
339 	result = bsec_read_sw_lock(otp, &value);
340 	if (result != BSEC_OK) {
341 		ERROR("BSEC: %u Sticky-write bit read Error %u\n", otp, result);
342 		return result;
343 	}
344 
345 	if (value) {
346 		VERBOSE("BSEC: OTP %u is locked and write will be ignored\n",
347 			otp);
348 	}
349 
350 	/* Ensure integrity of each register access sequence */
351 	bsec_lock();
352 
353 	mmio_write_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
354 		      (otp * sizeof(uint32_t)), val);
355 
356 	bsec_unlock();
357 
358 	return result;
359 }
360 
361 /*
362  * bsec_program_otp: program a bit in SAFMEM after the prog.
363  *	The OTP data is not refreshed.
364  * val: value to program.
365  * otp: OTP number.
366  * return value: BSEC_OK if no error.
367  */
368 uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
369 {
370 	uint32_t result;
371 	bool power_up = false;
372 	bool sp_lock;
373 	bool perm_lock;
374 
375 	if (is_otp_invalid_mode()) {
376 		return BSEC_ERROR;
377 	}
378 
379 	result = bsec_read_sp_lock(otp, &sp_lock);
380 	if (result != BSEC_OK) {
381 		ERROR("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
382 		return result;
383 	}
384 
385 	result = bsec_read_permanent_lock(otp, &perm_lock);
386 	if (result != BSEC_OK) {
387 		ERROR("BSEC: %u permanent bit read Error %u\n", otp, result);
388 		return result;
389 	}
390 
391 	if (sp_lock || perm_lock) {
392 		WARN("BSEC: OTP locked, prog will be ignored\n");
393 		return BSEC_PROG_FAIL;
394 	}
395 
396 	if ((mmio_read_32(BSEC_BASE + BSEC_OTP_LOCK_OFF) & GPLOCK_LOCK_MASK) != 0U) {
397 		WARN("BSEC: GPLOCK activated, prog will be ignored\n");
398 	}
399 
400 	if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
401 		result = bsec_power_safmem(true);
402 
403 		if (result != BSEC_OK) {
404 			return result;
405 		}
406 
407 		power_up = true;
408 	}
409 
410 	bsec_lock();
411 
412 	mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, val);
413 
414 	mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
415 
416 	while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
417 		;
418 	}
419 
420 	if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
421 		result = BSEC_PROG_FAIL;
422 	} else {
423 		result = bsec_check_error(otp, true);
424 	}
425 
426 	bsec_unlock();
427 
428 	if (power_up) {
429 		if (bsec_power_safmem(false) != BSEC_OK) {
430 			panic();
431 		}
432 	}
433 
434 	return result;
435 }
436 
437 /*
438  * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
439  * otp: OTP number.
440  * return value: BSEC_OK if no error.
441  */
442 #if defined(IMAGE_BL32)
443 uint32_t bsec_permanent_lock_otp(uint32_t otp)
444 {
445 	uint32_t result;
446 	bool power_up = false;
447 	uint32_t data;
448 	uint32_t addr;
449 
450 	if (is_otp_invalid_mode()) {
451 		return BSEC_ERROR;
452 	}
453 
454 	if (otp > STM32MP1_OTP_MAX_ID) {
455 		return BSEC_INVALID_PARAM;
456 	}
457 
458 	if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
459 		result = bsec_power_safmem(true);
460 
461 		if (result != BSEC_OK) {
462 			return result;
463 		}
464 
465 		power_up = true;
466 	}
467 
468 	if (otp < STM32MP1_UPPER_OTP_START) {
469 		addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
470 		data = DATA_LOWER_OTP_PERLOCK_BIT <<
471 		       ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
472 	} else {
473 		addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
474 		data = DATA_UPPER_OTP_PERLOCK_BIT <<
475 		       (otp & DATA_UPPER_OTP_PERLOCK_MASK);
476 	}
477 
478 	bsec_lock();
479 
480 	mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, data);
481 
482 	mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF,
483 		      addr | BSEC_WRITE | BSEC_LOCK);
484 
485 	while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
486 		;
487 	}
488 
489 	if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
490 		result = BSEC_PROG_FAIL;
491 	} else {
492 		result = bsec_check_error(otp, false);
493 	}
494 
495 	bsec_unlock();
496 
497 	if (power_up) {
498 		if (bsec_power_safmem(false) != BSEC_OK) {
499 			panic();
500 		}
501 	}
502 
503 	return result;
504 }
505 #endif
506 
507 /*
508  * bsec_read_debug_conf: return debug configuration register value.
509  */
510 uint32_t bsec_read_debug_conf(void)
511 {
512 	return mmio_read_32(BSEC_BASE + BSEC_DEN_OFF);
513 }
514 
515 /*
516  * bsec_write_scratch: write value in scratch register.
517  * val: value to write.
518  * return value: none.
519  */
520 void bsec_write_scratch(uint32_t val)
521 {
522 #if defined(IMAGE_BL32)
523 	if (is_otp_invalid_mode()) {
524 		return;
525 	}
526 
527 	bsec_lock();
528 	mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
529 	bsec_unlock();
530 #else
531 	mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
532 #endif
533 }
534 
535 /*
536  * bsec_get_status: return status register value.
537  */
538 static uint32_t bsec_get_status(void)
539 {
540 	return mmio_read_32(BSEC_BASE + BSEC_OTP_STATUS_OFF);
541 }
542 
543 /*
544  * bsec_get_version: return BSEC version register value.
545  */
546 static uint32_t bsec_get_version(void)
547 {
548 	return mmio_read_32(BSEC_BASE + BSEC_IPVR_OFF) & BSEC_IPVR_MSK;
549 }
550 
551 /*
552  * bsec_get_id: return BSEC ID register value.
553  */
554 static uint32_t bsec_get_id(void)
555 {
556 	return mmio_read_32(BSEC_BASE + BSEC_IP_ID_OFF);
557 }
558 
559 /*
560  * bsec_set_sr_lock: set shadow-read lock.
561  * otp: OTP number.
562  * return value: BSEC_OK if no error.
563  */
564 uint32_t bsec_set_sr_lock(uint32_t otp)
565 {
566 	uint32_t bank = otp_bank_offset(otp);
567 	uint32_t otp_mask = otp_bit_mask(otp);
568 
569 	if (is_otp_invalid_mode()) {
570 		return BSEC_ERROR;
571 	}
572 
573 	if (otp > STM32MP1_OTP_MAX_ID) {
574 		return BSEC_INVALID_PARAM;
575 	}
576 
577 	bsec_lock();
578 	mmio_write_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank, otp_mask);
579 	bsec_unlock();
580 
581 	return BSEC_OK;
582 }
583 
584 /*
585  * bsec_read_sr_lock: read shadow-read lock.
586  * otp: OTP number.
587  * value: read value (true or false).
588  * return value: BSEC_OK if no error.
589  */
590 uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
591 {
592 	uint32_t bank = otp_bank_offset(otp);
593 	uint32_t otp_mask = otp_bit_mask(otp);
594 	uint32_t bank_value;
595 
596 	if (otp > STM32MP1_OTP_MAX_ID) {
597 		return BSEC_INVALID_PARAM;
598 	}
599 
600 	bank_value = mmio_read_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank);
601 
602 	*value = ((bank_value & otp_mask) != 0U);
603 
604 	return BSEC_OK;
605 }
606 
607 /*
608  * bsec_set_sw_lock: set shadow-write lock.
609  * otp: OTP number.
610  * return value: BSEC_OK if no error.
611  */
612 uint32_t bsec_set_sw_lock(uint32_t otp)
613 {
614 	uint32_t bank = otp_bank_offset(otp);
615 	uint32_t otp_mask = otp_bit_mask(otp);
616 
617 	if (is_otp_invalid_mode()) {
618 		return BSEC_ERROR;
619 	}
620 
621 	if (otp > STM32MP1_OTP_MAX_ID) {
622 		return BSEC_INVALID_PARAM;
623 	}
624 
625 	bsec_lock();
626 	mmio_write_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank, otp_mask);
627 	bsec_unlock();
628 
629 	return BSEC_OK;
630 }
631 
632 /*
633  * bsec_read_sw_lock: read shadow-write lock.
634  * otp: OTP number.
635  * value: read value (true or false).
636  * return value: BSEC_OK if no error.
637  */
638 uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
639 {
640 	uint32_t bank = otp_bank_offset(otp);
641 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
642 	uint32_t bank_value;
643 
644 	if (otp > STM32MP1_OTP_MAX_ID) {
645 		return BSEC_INVALID_PARAM;
646 	}
647 
648 	bank_value = mmio_read_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank);
649 
650 	*value = ((bank_value & otp_mask) != 0U);
651 
652 	return BSEC_OK;
653 }
654 
655 /*
656  * bsec_set_sp_lock: set shadow-program lock.
657  * otp: OTP number.
658  * return value: BSEC_OK if no error.
659  */
660 uint32_t bsec_set_sp_lock(uint32_t otp)
661 {
662 	uint32_t bank = otp_bank_offset(otp);
663 	uint32_t otp_mask = otp_bit_mask(otp);
664 
665 	if (is_otp_invalid_mode()) {
666 		return BSEC_ERROR;
667 	}
668 
669 	if (otp > STM32MP1_OTP_MAX_ID) {
670 		return BSEC_INVALID_PARAM;
671 	}
672 
673 	bsec_lock();
674 	mmio_write_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank, otp_mask);
675 	bsec_unlock();
676 
677 	return BSEC_OK;
678 }
679 
680 /*
681  * bsec_read_sp_lock: read shadow-program lock.
682  * otp: OTP number.
683  * value: read value (true or false).
684  * return value: BSEC_OK if no error.
685  */
686 uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
687 {
688 	uint32_t bank = otp_bank_offset(otp);
689 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
690 	uint32_t bank_value;
691 
692 	if (otp > STM32MP1_OTP_MAX_ID) {
693 		return BSEC_INVALID_PARAM;
694 	}
695 
696 	bank_value = mmio_read_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank);
697 
698 	*value = ((bank_value & otp_mask) != 0U);
699 
700 	return BSEC_OK;
701 }
702 
703 /*
704  * bsec_read_permanent_lock: Read permanent lock status.
705  * otp: OTP number.
706  * value: read value (true or false).
707  * return value: BSEC_OK if no error.
708  */
709 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value)
710 {
711 	uint32_t bank = otp_bank_offset(otp);
712 	uint32_t otp_mask = otp_bit_mask(otp);
713 	uint32_t bank_value;
714 
715 	if (otp > STM32MP1_OTP_MAX_ID) {
716 		return BSEC_INVALID_PARAM;
717 	}
718 
719 	bank_value = mmio_read_32(BSEC_BASE + BSEC_WRLOCK_OFF + bank);
720 
721 	*value = ((bank_value & otp_mask) != 0U);
722 
723 	return BSEC_OK;
724 }
725 
726 /*
727  * bsec_power_safmem: Activate or deactivate SAFMEM power.
728  * power: true to power up, false to power down.
729  * return value: BSEC_OK if no error.
730  */
731 static uint32_t bsec_power_safmem(bool power)
732 {
733 	uint32_t register_val;
734 	uint32_t timeout = BSEC_TIMEOUT_VALUE;
735 
736 	bsec_lock();
737 
738 	register_val = mmio_read_32(BSEC_BASE + BSEC_OTP_CONF_OFF);
739 
740 	if (power) {
741 		register_val |= BSEC_CONF_POWER_UP_MASK;
742 	} else {
743 		register_val &= ~BSEC_CONF_POWER_UP_MASK;
744 	}
745 
746 	mmio_write_32(BSEC_BASE + BSEC_OTP_CONF_OFF, register_val);
747 
748 	if (power) {
749 		while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) &&
750 		       (timeout != 0U)) {
751 			timeout--;
752 		}
753 	} else {
754 		while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) != 0U) &&
755 		       (timeout != 0U)) {
756 			timeout--;
757 		}
758 	}
759 
760 	bsec_unlock();
761 
762 	if (timeout == 0U) {
763 		return BSEC_TIMEOUT;
764 	}
765 
766 	return BSEC_OK;
767 }
768 
769 /*
770  * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value.
771  * val: read value.
772  * otp: OTP number.
773  * return value: BSEC_OK if no error.
774  */
775 uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
776 {
777 	uint32_t result;
778 
779 	result = bsec_shadow_register(otp);
780 	if (result != BSEC_OK) {
781 		ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
782 		return result;
783 	}
784 
785 	result = bsec_read_otp(val, otp);
786 	if (result != BSEC_OK) {
787 		ERROR("BSEC: %u Read Error %u\n", otp, result);
788 	}
789 
790 	return result;
791 }
792 
793 #if defined(IMAGE_BL32)
794 /*
795  * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
796  * otp: OTP number.
797  * return value: BSEC_OK if authorized access.
798  */
799 uint32_t bsec_check_nsec_access_rights(uint32_t otp)
800 {
801 	if (otp > STM32MP1_OTP_MAX_ID) {
802 		return BSEC_INVALID_PARAM;
803 	}
804 
805 	if (otp >= STM32MP1_UPPER_OTP_START) {
806 		if (!non_secure_can_access(otp)) {
807 			return BSEC_ERROR;
808 		}
809 	}
810 
811 	return BSEC_OK;
812 }
813 #endif
814 
815 uint32_t bsec_get_secure_state(void)
816 {
817 	uint32_t status = bsec_get_status();
818 	uint32_t result = BSEC_STATE_INVALID;
819 	uint32_t otp_enc_id __maybe_unused;
820 	uint32_t otp_bit_len __maybe_unused;
821 	int res __maybe_unused;
822 
823 	if ((status & BSEC_OTP_STATUS_INVALID) != 0U) {
824 		result = BSEC_STATE_INVALID;
825 	} else {
826 		if ((status & BSEC_OTP_STATUS_SECURE) != 0U) {
827 			if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
828 				result = BSEC_STATE_SEC_CLOSED;
829 			} else {
830 				result = BSEC_STATE_SEC_OPEN;
831 			}
832 		} else {
833 			/* OTP modes OPEN1 and OPEN2 are not supported */
834 			result = BSEC_STATE_INVALID;
835 		}
836 	}
837 
838 	return result;
839 }
840