1 /* 2 * Copyright (c) 2024-2026, STMicroelectronics - All Rights Reserved 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <limits.h> 9 10 #include <arch_helpers.h> 11 #include <common/debug.h> 12 #include <drivers/st/bsec.h> 13 #include <drivers/st/bsec3_reg.h> 14 #include <drivers/st/stm32mp_reset.h> 15 #include <lib/mmio.h> 16 #include <lib/spinlock.h> 17 #include <libfdt.h> 18 19 #include <platform_def.h> 20 21 #define BSEC_IP_VERSION_1_0 U(0x10) 22 #define BSEC_IP_VERSION_1_2 U(0x12) 23 #define BSEC_IP_ID_3 U(0x100033) 24 25 #define MAX_NB_TRIES U(3) 26 27 /* 28 * IP configuration 29 */ 30 #define BSEC_OTP_MASK GENMASK_32(4, 0) 31 #define BSEC_OTP_BANK_SHIFT U(5) 32 #define BSEC_TIMEOUT_VALUE U(0x800000) /* ~7sec @1.2GHz */ 33 34 static uint32_t otp_bank(uint32_t otp) 35 { 36 if (otp > STM32MP2_OTP_MAX_ID) { 37 panic(); 38 } 39 40 return (otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT; 41 } 42 43 static uint32_t otp_bit_mask(uint32_t otp) 44 { 45 return BIT(otp & BSEC_OTP_MASK); 46 } 47 48 /* 49 * bsec_get_status: return status register value. 50 */ 51 static uint32_t bsec_get_status(void) 52 { 53 return mmio_read_32(BSEC_BASE + BSEC_OTPSR); 54 } 55 56 /* 57 * bsec_get_version: return BSEC version. 58 */ 59 static uint32_t bsec_get_version(void) 60 { 61 return mmio_read_32(BSEC_BASE + BSEC_VERR) & BSEC_VERR_MASK; 62 } 63 64 /* 65 * bsec_get_id: return BSEC ID. 66 */ 67 static uint32_t bsec_get_id(void) 68 { 69 return mmio_read_32(BSEC_BASE + BSEC_IPIDR); 70 } 71 72 static bool is_fuse_shadowed(uint32_t otp) 73 { 74 uint32_t bank = otp_bank(otp); 75 uint32_t otp_mask = otp_bit_mask(otp); 76 uint32_t bank_value; 77 78 bank_value = mmio_read_32(BSEC_BASE + BSEC_SFSR(bank)); 79 80 if ((bank_value & otp_mask) != 0U) { 81 return true; 82 } 83 84 return false; 85 } 86 87 static void poll_otp_status_busy(void) 88 { 89 uint32_t timeout = BSEC_TIMEOUT_VALUE; 90 91 while (((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) && (timeout != 0U)) { 92 timeout--; 93 } 94 95 if ((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) { 96 ERROR("BSEC timeout\n"); 97 panic(); 98 } 99 } 100 101 static uint32_t check_read_error(uint32_t otp) 102 { 103 uint32_t status = bsec_get_status(); 104 105 if ((status & BSEC_OTPSR_SECF) != 0U) { 106 VERBOSE("BSEC read %u single error correction detected\n", otp); 107 } 108 109 if ((status & BSEC_OTPSR_PPLF) != 0U) { 110 VERBOSE("BSEC read %u permanent programming lock detected.\n", otp); 111 } 112 113 if ((status & BSEC_OTPSR_PPLMF) != 0U) { 114 ERROR("BSEC read %u error 0x%x\n", otp, status); 115 return BSEC_ERROR; 116 } 117 118 if ((status & (BSEC_OTPSR_DISTURBF | BSEC_OTPSR_DEDF | BSEC_OTPSR_AMEF)) != 0U) { 119 ERROR("BSEC read %u error 0x%x with invalid FVR\n", otp, status); 120 return BSEC_RETRY; 121 } 122 123 return BSEC_OK; 124 } 125 126 static uint32_t check_program_error(uint32_t otp) 127 { 128 uint32_t status = bsec_get_status(); 129 130 if ((status & BSEC_OTPSR_PROGFAIL) != 0U) { 131 ERROR("BSEC program %u error 0x%x\n", otp, status); 132 return BSEC_RETRY; 133 } 134 135 return BSEC_OK; 136 } 137 138 static void check_reset_error(void) 139 { 140 uint32_t status = bsec_get_status(); 141 142 /* check initial status reporting */ 143 if ((status & BSEC_OTPSR_BUSY) != 0U) { 144 VERBOSE("BSEC reset and busy when OTPSR read\n"); 145 } 146 if ((status & BSEC_OTPSR_HIDEUP) != 0U) { 147 VERBOSE("BSEC upper fuse are not accessible (HIDEUP)\n"); 148 } 149 if ((status & BSEC_OTPSR_OTPSEC) != 0U) { 150 VERBOSE("BSEC reset single error correction detected\n"); 151 } 152 if ((status & BSEC_OTPSR_OTPNVIR) == 0U) { 153 VERBOSE("BSEC reset first fuse word 0 is detected zero\n"); 154 } 155 if ((status & BSEC_OTPSR_OTPERR) != 0U) { 156 ERROR("BSEC reset critical error 0x%x\n", status); 157 panic(); 158 } 159 if ((status & BSEC_OTPSR_INIT_DONE) != BSEC_OTPSR_INIT_DONE) { 160 ERROR("BSEC reset critical error 0x%x\n", status); 161 panic(); 162 } 163 } 164 165 static bool is_bsec_write_locked(void) 166 { 167 return (mmio_read_32(BSEC_BASE + BSEC_LOCKR) & BSEC_LOCKR_GWLOCK_MASK) != 0U; 168 } 169 170 /* 171 * bsec_probe: initialize BSEC driver. 172 * return value: BSEC_OK if no error. 173 */ 174 uint32_t bsec_probe(void) 175 { 176 uint32_t version = bsec_get_version(); 177 uint32_t id = bsec_get_id(); 178 179 #if STM32MP21 180 if ((version != BSEC_IP_VERSION_1_2) || (id != BSEC_IP_ID_3)) { 181 #else /* STM32MP21 */ 182 if ((version != BSEC_IP_VERSION_1_0) || (id != BSEC_IP_ID_3)) { 183 #endif /* STM32MP21 */ 184 EARLY_ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id); 185 panic(); 186 } 187 188 check_reset_error(); 189 190 return BSEC_OK; 191 } 192 193 /* 194 * bsec_shadow_register: copy SAFMEM OTP to BSEC data. 195 * otp: OTP number. 196 * return value: BSEC_OK if no error. 197 */ 198 static uint32_t bsec_shadow_register(uint32_t otp) 199 { 200 uint32_t result; 201 uint32_t i; 202 bool value; 203 204 result = bsec_read_sr_lock(otp, &value); 205 if (result != BSEC_OK) { 206 WARN("BSEC: %u Sticky-read bit read Error %u\n", otp, result); 207 } else if (value) { 208 VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", otp); 209 } 210 211 for (i = 0U; i < MAX_NB_TRIES; i++) { 212 mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp); 213 214 poll_otp_status_busy(); 215 216 result = check_read_error(otp); 217 if (result != BSEC_RETRY) { 218 break; 219 } 220 } 221 222 return result; 223 } 224 225 /* 226 * bsec_write_otp: write a value in shadow OTP. 227 * val: value to program. 228 * otp: OTP number. 229 * return value: BSEC_OK if no error. 230 */ 231 uint32_t bsec_write_otp(uint32_t val, uint32_t otp) 232 { 233 bool state; 234 uint32_t result; 235 236 if (otp > STM32MP2_OTP_MAX_ID) { 237 panic(); 238 } 239 240 if (!is_fuse_shadowed(otp)) { 241 return BSEC_ERROR; 242 } 243 244 if (is_bsec_write_locked()) { 245 return BSEC_WRITE_LOCKED; 246 } 247 248 result = bsec_read_sw_lock(otp, &state); 249 if (result != BSEC_OK) { 250 WARN("Shadow register is SW locked\n"); 251 return result; 252 } 253 254 mmio_write_32(BSEC_BASE + BSEC_FVR(otp), val); 255 256 return BSEC_OK; 257 } 258 259 /* 260 * bsec_program_otp: program a bit in SAFMEM after the prog. 261 * The OTP data is not refreshed. 262 * val: value to program. 263 * otp: OTP number. 264 * return value: BSEC_OK if no error. 265 */ 266 uint32_t bsec_program_otp(uint32_t val, uint32_t otp) 267 { 268 uint32_t result; 269 uint32_t i; 270 bool value; 271 272 if (otp > STM32MP2_OTP_MAX_ID) { 273 panic(); 274 } 275 276 if (is_bsec_write_locked() == true) { 277 return BSEC_WRITE_LOCKED; 278 } 279 280 result = bsec_read_sp_lock(otp, &value); 281 if (result != BSEC_OK) { 282 WARN("BSEC: %u Sticky-prog bit read Error %u\n", otp, result); 283 } else if (value) { 284 WARN("BSEC: OTP locked, prog will be ignored\n"); 285 return BSEC_WRITE_LOCKED; 286 } 287 288 mmio_write_32(BSEC_BASE + BSEC_WDR, val); 289 290 for (i = 0U; i < MAX_NB_TRIES; i++) { 291 mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp | BSEC_OTPCR_PROG); 292 293 poll_otp_status_busy(); 294 295 result = check_program_error(otp); 296 if (result != BSEC_RETRY) { 297 break; 298 } 299 } 300 301 return result; 302 } 303 304 /* 305 * bsec_read_debug_conf: read debug configuration. 306 */ 307 uint32_t bsec_read_debug_conf(void) 308 { 309 return mmio_read_32(BSEC_BASE + BSEC_DENR); 310 } 311 312 static uint32_t bsec_lock_register_set(uint32_t offset, uint32_t mask) 313 { 314 uint32_t value = mmio_read_32(BSEC_BASE + offset); 315 316 /* The lock is already set */ 317 if ((value & mask) != 0U) { 318 return BSEC_OK; 319 } 320 321 if (is_bsec_write_locked()) { 322 return BSEC_WRITE_LOCKED; 323 } 324 325 value |= mask; 326 327 mmio_write_32(BSEC_BASE + offset, value); 328 329 return BSEC_OK; 330 } 331 332 static bool bsec_lock_register_get(uint32_t offset, uint32_t mask) 333 { 334 uint32_t value = mmio_read_32(BSEC_BASE + offset); 335 336 return (value & mask) != 0U; 337 } 338 339 /* 340 * bsec_set_sr_lock: set shadow-read lock. 341 * otp: OTP number. 342 * return value: BSEC_OK if no error. 343 */ 344 uint32_t bsec_set_sr_lock(uint32_t otp) 345 { 346 uint32_t bank = otp_bank(otp); 347 uint32_t otp_mask = otp_bit_mask(otp); 348 349 if (otp > STM32MP2_OTP_MAX_ID) { 350 panic(); 351 } 352 353 return bsec_lock_register_set(BSEC_SRLOCK(bank), otp_mask); 354 } 355 356 /* 357 * bsec_read_sr_lock: read shadow-read lock. 358 * otp: OTP number. 359 * value: read value (true or false). 360 * return value: BSEC_OK if no error. 361 */ 362 uint32_t bsec_read_sr_lock(uint32_t otp, bool *value) 363 { 364 uint32_t bank = otp_bank(otp); 365 uint32_t otp_mask = otp_bit_mask(otp); 366 367 assert(value != NULL); 368 if (otp > STM32MP2_OTP_MAX_ID) { 369 panic(); 370 } 371 372 *value = bsec_lock_register_get(BSEC_SRLOCK(bank), otp_mask); 373 374 return BSEC_OK; 375 } 376 377 /* 378 * bsec_set_sw_lock: set shadow-write lock. 379 * otp: OTP number. 380 * return value: BSEC_OK if no error. 381 */ 382 uint32_t bsec_set_sw_lock(uint32_t otp) 383 { 384 uint32_t bank = otp_bank(otp); 385 uint32_t otp_mask = otp_bit_mask(otp); 386 387 if (otp > STM32MP2_OTP_MAX_ID) { 388 panic(); 389 } 390 391 return bsec_lock_register_set(BSEC_SWLOCK(bank), otp_mask); 392 } 393 394 /* 395 * bsec_read_sw_lock: read shadow-write lock. 396 * otp: OTP number. 397 * value: read value (true or false). 398 * return value: BSEC_OK if no error. 399 */ 400 uint32_t bsec_read_sw_lock(uint32_t otp, bool *value) 401 { 402 uint32_t bank = otp_bank(otp); 403 uint32_t otp_mask = otp_bit_mask(otp); 404 405 assert(value != NULL); 406 if (otp > STM32MP2_OTP_MAX_ID) { 407 panic(); 408 } 409 410 *value = bsec_lock_register_get(BSEC_SWLOCK(bank), otp_mask); 411 412 return BSEC_OK; 413 } 414 415 /* 416 * bsec_set_sp_lock: set shadow-program lock. 417 * otp: OTP number. 418 * return value: BSEC_OK if no error. 419 */ 420 uint32_t bsec_set_sp_lock(uint32_t otp) 421 { 422 uint32_t bank = otp_bank(otp); 423 uint32_t otp_mask = otp_bit_mask(otp); 424 425 if (otp > STM32MP2_OTP_MAX_ID) { 426 panic(); 427 } 428 429 return bsec_lock_register_set(BSEC_SPLOCK(bank), otp_mask); 430 } 431 432 /* 433 * bsec_read_sp_lock: read shadow-program lock. 434 * otp: OTP number. 435 * value: read value (true or false). 436 * return value: BSEC_OK if no error. 437 */ 438 uint32_t bsec_read_sp_lock(uint32_t otp, bool *value) 439 { 440 uint32_t bank = otp_bank(otp); 441 uint32_t otp_mask = otp_bit_mask(otp); 442 443 assert(value != NULL); 444 if (otp > STM32MP2_OTP_MAX_ID) { 445 panic(); 446 } 447 448 *value = bsec_lock_register_get(BSEC_SPLOCK(bank), otp_mask); 449 450 return BSEC_OK; 451 } 452 453 /* 454 * bsec_get_secure_state: read state in BSEC status register. 455 * return: secure state 456 */ 457 uint32_t bsec_get_secure_state(void) 458 { 459 uint32_t state = BSEC_STATE_INVALID; 460 uint32_t status = bsec_get_status(); 461 uint32_t bsec_sr = mmio_read_32(BSEC_BASE + BSEC_SR); 462 463 if ((status & BSEC_OTPSR_INIT_DONE) == BSEC_OTPSR_INIT_DONE) { 464 /* NVSTATE is only valid if INIT_DONE */ 465 uint32_t nvstates = (bsec_sr & BSEC_SR_NVSTATE_MASK) >> BSEC_SR_NVSTATE_SHIFT; 466 467 if (nvstates == BSEC_SR_NVSTATE_OPEN) { 468 state = BSEC_STATE_SEC_OPEN; 469 } else if (nvstates == BSEC_SR_NVSTATE_CLOSED) { 470 state = BSEC_STATE_SEC_CLOSED; 471 } else { 472 VERBOSE("%s nvstates = %u\n", __func__, nvstates); 473 } 474 } 475 476 return state; 477 } 478 479 /* 480 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value 481 * val: read value. 482 * otp: OTP number. 483 * return value: BSEC_OK if no error. 484 */ 485 uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp) 486 { 487 assert(val != NULL); 488 if (otp > STM32MP2_OTP_MAX_ID) { 489 panic(); 490 } 491 492 *val = 0U; 493 494 if (is_bsec_write_locked()) { 495 return BSEC_WRITE_LOCKED; 496 } 497 498 if (!is_fuse_shadowed(otp)) { 499 uint32_t result = bsec_shadow_register(otp); 500 501 if (result != BSEC_OK) { 502 ERROR("BSEC: %u Shadowing Error %u\n", otp, result); 503 return result; 504 } 505 } 506 507 *val = mmio_read_32(BSEC_BASE + BSEC_FVR(otp)); 508 509 return BSEC_OK; 510 } 511 512 /* 513 * bsec_read_otp: read an OTP data value. 514 * val: read value. 515 * otp: OTP number. 516 * return value: BSEC_OK if no error. 517 */ 518 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp) 519 { 520 assert(val != NULL); 521 if (otp > STM32MP2_OTP_MAX_ID) { 522 panic(); 523 } 524 525 return bsec_shadow_read_otp(val, otp); 526 } 527