xref: /rk3399_ARM-atf/plat/nvidia/tegra/soc/t186/drivers/se/se.c (revision 665e71b8ea28162ec7737c1411bca3ea89e5957e) 
1 /*
2  * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <drivers/delay_timer.h>
9 #include <errno.h>
10 #include <string.h>
11 
12 #include <bpmp_ipc.h>
13 #include <pmc.h>
14 #include <security_engine.h>
15 #include <tegra186_private.h>
16 #include <tegra_private.h>
17 
18 #include "se_private.h"
19 
20 /*******************************************************************************
21  * Constants and Macros
22  ******************************************************************************/
23 #define SE0_MAX_BUSY_TIMEOUT_MS		U(100)	/* 100ms */
24 #define BYTES_IN_WORD			U(4)
25 #define SHA256_MAX_HASH_RESULT		U(7)
26 #define SHA256_DST_SIZE			U(32)
27 #define SHA_FIRST_OP			U(1)
28 #define MAX_SHA_ENGINE_CHUNK_SIZE	U(0xFFFFFF)
29 #define SHA256_MSG_LENGTH_ONETIME	U(0xffff)
30 
31 /*
32  * Check that SE operation has completed after kickoff
33  * This function is invoked after an SE operation has been started,
34  * and it checks the following conditions:
35  * 1. SE0_INT_STATUS = SE0_OP_DONE
36  * 2. SE0_STATUS = IDLE
37  * 3. SE0_ERR_STATUS is clean.
38  */
39 static int32_t tegra_se_operation_complete(void)
40 {
41 	uint32_t val = 0U;
42 
43 	/* Read SE0 interrupt register to ensure H/W operation complete */
44 	val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET);
45 	if (SE0_INT_OP_DONE(val) == SE0_INT_OP_DONE_CLEAR) {
46 		ERROR("%s: Engine busy state too many times! val = 0x%x\n",
47 			__func__, val);
48 		return -ETIMEDOUT;
49 	}
50 
51 	/* Read SE0 status idle to ensure H/W operation complete */
52 	val = tegra_se_read_32(SE0_SHA_STATUS_0);
53 	if (val != SE0_SHA_STATUS_IDLE) {
54 		ERROR("%s: Idle state timeout! val = 0x%x\n", __func__,
55 			val);
56 		return -ETIMEDOUT;
57 	}
58 
59 	/* Ensure that no errors are thrown during operation */
60 	val = tegra_se_read_32(SE0_ERR_STATUS_REG_OFFSET);
61 	if (val != SE0_ERR_STATUS_CLEAR) {
62 		ERROR("%s: Error during SE operation! val = 0x%x",
63 			__func__, val);
64 		return -ENOTSUP;
65 	}
66 
67 	return 0;
68 }
69 
70 /*
71  * Security engine primitive normal operations
72  */
73 static int32_t tegra_se_start_normal_operation(uint64_t src_addr,
74 		uint32_t nbytes, uint32_t last_buf, uint32_t src_len_inbytes)
75 {
76 	int32_t ret = 0;
77 	uint32_t val = 0U;
78 	uint32_t src_in_lo;
79 	uint32_t src_in_msb;
80 	uint32_t src_in_hi;
81 
82 	if ((src_addr == 0UL) || (nbytes == 0U))
83 		return -EINVAL;
84 
85 	src_in_lo = (uint32_t)src_addr;
86 	src_in_msb = ((uint32_t)(src_addr >> 32U) & 0xffU);
87 	src_in_hi = ((src_in_msb << SE0_IN_HI_ADDR_HI_0_MSB_SHIFT) |
88 				(nbytes & 0xffffffU));
89 
90 	/* set SRC_IN_ADDR_LO and SRC_IN_ADDR_HI*/
91 	tegra_se_write_32(SE0_IN_ADDR, src_in_lo);
92 	tegra_se_write_32(SE0_IN_HI_ADDR_HI, src_in_hi);
93 
94 	val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET);
95 	if (val > 0U) {
96 		tegra_se_write_32(SE0_INT_STATUS_REG_OFFSET, 0x00000U);
97 	}
98 
99 	/* Enable SHA interrupt for SE0 Operation */
100 	tegra_se_write_32(SE0_SHA_INT_ENABLE, 0x1aU);
101 
102 	/* flush to DRAM for SE to use the updated contents */
103 	flush_dcache_range(src_addr, src_len_inbytes);
104 
105 	/* Start SHA256 operation */
106 	if (last_buf == 1U) {
107 		tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START |
108 				SE0_UNIT_OPERATION_PKT_LASTBUF_FIELD);
109 	} else {
110 		tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START);
111 	}
112 
113 	/* Wait for SE-operation to finish */
114 	udelay(SE0_MAX_BUSY_TIMEOUT_MS * 100U);
115 
116 	/* Check SE0 operation status */
117 	ret = tegra_se_operation_complete();
118 	if (ret != 0) {
119 		ERROR("SE operation complete Failed! 0x%x", ret);
120 		return ret;
121 	}
122 
123 	return 0;
124 }
125 
126 static int32_t tegra_se_calculate_sha256_hash(uint64_t src_addr,
127 						uint32_t src_len_inbyte)
128 {
129 	uint32_t val, last_buf, i;
130 	int32_t ret = 0;
131 	uint32_t operations;
132 	uint64_t src_len_inbits;
133 	uint32_t len_bits_msb;
134 	uint32_t len_bits_lsb;
135 	uint32_t number_of_operations, max_bytes, bytes_left, remaining_bytes;
136 
137 	if (src_len_inbyte > MAX_SHA_ENGINE_CHUNK_SIZE) {
138 		ERROR("SHA input chunk size too big: 0x%x\n", src_len_inbyte);
139 		return -EINVAL;
140 	}
141 
142 	if (src_addr == 0UL) {
143 		return -EINVAL;
144 	}
145 
146 	/* number of bytes per operation */
147 	max_bytes = SHA256_HASH_SIZE_BYTES * SHA256_MSG_LENGTH_ONETIME;
148 
149 	src_len_inbits = src_len_inbyte * 8U;
150 	len_bits_msb = (uint32_t)(src_len_inbits >> 32U);
151 	len_bits_lsb = (uint32_t)(src_len_inbits & 0xFFFFFFFF);
152 
153 	/* program SE0_CONFIG for SHA256 operation */
154 	val = SE0_CONFIG_ENC_ALG_SHA | SE0_CONFIG_ENC_MODE_SHA256 |
155 		SE0_CONFIG_DEC_ALG_NOP | SE0_CONFIG_DST_HASHREG;
156 	tegra_se_write_32(SE0_SHA_CONFIG, val);
157 
158 	/* set SE0_SHA_MSG_LENGTH registers */
159 	tegra_se_write_32(SE0_SHA_MSG_LENGTH_0, len_bits_lsb);
160 	tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb);
161 	tegra_se_write_32(SE0_SHA_MSG_LENGTH_1, len_bits_msb);
162 
163 	/* zero out unused SE0_SHA_MSG_LENGTH and SE0_SHA_MSG_LEFT */
164 	tegra_se_write_32(SE0_SHA_MSG_LENGTH_2, 0U);
165 	tegra_se_write_32(SE0_SHA_MSG_LENGTH_3, 0U);
166 	tegra_se_write_32(SE0_SHA_MSG_LEFT_1, 0U);
167 	tegra_se_write_32(SE0_SHA_MSG_LEFT_2, 0U);
168 	tegra_se_write_32(SE0_SHA_MSG_LEFT_3, 0U);
169 
170 	number_of_operations = src_len_inbyte / max_bytes;
171 	remaining_bytes = src_len_inbyte % max_bytes;
172 	if (remaining_bytes > 0U) {
173 		number_of_operations += 1U;
174 	}
175 
176 	/*
177 	 * 1. Operations == 1:	program SE0_SHA_TASK register to initiate SHA256
178 	 *			hash generation by setting
179 	 *			1(SE0_SHA_CONFIG_HW_INIT_HASH) to SE0_SHA_TASK
180 	 *			and start SHA256-normal operation.
181 	 * 2. 1 < Operations < number_of_operations: program SE0_SHA_TASK to
182 	 *			0(SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE) to load
183 	 *			intermediate SHA256 digest result from
184 	 *			HASH_RESULT register to continue SHA256
185 	 *			generation and start SHA256-normal operation.
186 	 * 3. Operations == number_of_operations: continue with step 2 and set
187 	 *			max_bytes to bytes_left to process final
188 	 *			hash-result generation and
189 	 *			start SHA256-normal operation.
190 	 */
191 	bytes_left = src_len_inbyte;
192 	for (operations = 1U; operations <= number_of_operations;
193 								operations++) {
194 		if (operations == SHA_FIRST_OP) {
195 			val = SE0_SHA_CONFIG_HW_INIT_HASH;
196 		} else {
197 			/* Load intermediate SHA digest result to
198 			 * SHA:HASH_RESULT(0..7) to continue the SHA
199 			 * calculation and tell the SHA engine to use it.
200 			 */
201 			for (i = 0U; (i / BYTES_IN_WORD) <=
202 				SHA256_MAX_HASH_RESULT; i += BYTES_IN_WORD) {
203 				val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 +
204 									i);
205 				tegra_se_write_32(SE0_SHA_HASH_RESULT_0 + i,
206 									val);
207 			}
208 			val = SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE;
209 			if (len_bits_lsb <= (max_bytes * 8U)) {
210 				len_bits_lsb = (remaining_bytes * 8U);
211 			} else {
212 				len_bits_lsb -= (max_bytes * 8U);
213 			}
214 			tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb);
215 		}
216 		tegra_se_write_32(SE0_SHA_TASK_CONFIG, val);
217 
218 		max_bytes = (SHA256_HASH_SIZE_BYTES *
219 						SHA256_MSG_LENGTH_ONETIME);
220 		if (bytes_left < max_bytes) {
221 			max_bytes = bytes_left;
222 			last_buf = 1U;
223 		} else {
224 			bytes_left = bytes_left - max_bytes;
225 			last_buf = 0U;
226 		}
227 		/* start operation */
228 		ret = tegra_se_start_normal_operation(src_addr, max_bytes,
229 					last_buf, src_len_inbyte);
230 		if (ret != 0) {
231 			ERROR("Error during SE operation! 0x%x", ret);
232 			return -EINVAL;
233 		}
234 	}
235 
236 	return ret;
237 }
238 
239 /*
240  * Handler to generate SHA256 and save SHA256 hash to PMC-Scratch register.
241  */
242 int32_t tegra_se_save_sha256_hash(uint64_t bl31_base, uint32_t src_len_inbyte)
243 {
244 	int32_t ret = 0;
245 	uint32_t val = 0U, hash_offset = 0U, scratch_offset = 0U, security;
246 
247 	/*
248 	 * Set SE_SOFT_SETTINGS=SE_SECURE to prevent NS process to change SE
249 	 * registers.
250 	 */
251 	security = tegra_se_read_32(SE0_SECURITY);
252 	tegra_se_write_32(SE0_SECURITY, security | SE0_SECURITY_SE_SOFT_SETTING);
253 
254 	ret = tegra_se_calculate_sha256_hash(bl31_base, src_len_inbyte);
255 	if (ret != 0L) {
256 		ERROR("%s: SHA256 generation failed\n", __func__);
257 		return ret;
258 	}
259 
260 	/*
261 	 * Reset SE_SECURE to previous value.
262 	 */
263 	tegra_se_write_32(SE0_SECURITY, security);
264 
265 	/* read SHA256_HASH_RESULT and save to PMC Scratch registers */
266 	scratch_offset = SECURE_SCRATCH_TZDRAM_SHA256_HASH_START;
267 	while (scratch_offset <= SECURE_SCRATCH_TZDRAM_SHA256_HASH_END) {
268 
269 		val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + hash_offset);
270 		mmio_write_32(TEGRA_SCRATCH_BASE + scratch_offset, val);
271 
272 		hash_offset += BYTES_IN_WORD;
273 		scratch_offset += BYTES_IN_WORD;
274 	}
275 
276 	return ret;
277 }
278 
279