1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * Copyright (c) 2019-2020, NVIDIA CORPORATION. All rights reserved. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 8 #include <assert.h> 9 #include <errno.h> 10 #include <stdbool.h> 11 12 #include <arch_helpers.h> 13 #include <bpmp_ipc.h> 14 #include <common/debug.h> 15 #include <drivers/delay_timer.h> 16 #include <lib/mmio.h> 17 #include <lib/psci/psci.h> 18 #include <se.h> 19 #include <tegra_platform.h> 20 21 #include "se_private.h" 22 23 /******************************************************************************* 24 * Constants and Macros 25 ******************************************************************************/ 26 #define ERR_STATUS_SW_CLEAR U(0xFFFFFFFF) 27 #define INT_STATUS_SW_CLEAR U(0xFFFFFFFF) 28 #define MAX_TIMEOUT_MS U(1000) /* Max. timeout of 1s */ 29 #define NUM_SE_REGS_TO_SAVE U(4) 30 31 #define BYTES_IN_WORD U(4) 32 #define SHA256_MAX_HASH_RESULT U(7) 33 #define SHA256_DST_SIZE U(32) 34 #define SHA_FIRST_OP U(1) 35 #define MAX_SHA_ENGINE_CHUNK_SIZE U(0xFFFFFF) 36 #define SHA256_MSG_LENGTH_ONETIME U(0xFFFF) 37 38 /******************************************************************************* 39 * Data structure and global variables 40 ******************************************************************************/ 41 static uint32_t se_regs[NUM_SE_REGS_TO_SAVE]; 42 43 /* 44 * Check that SE operation has completed after kickoff. 45 * 46 * This function is invoked after an SE operation has been started, 47 * and it checks the following conditions: 48 * 49 * 1. SE_STATUS = IDLE 50 * 2. AHB bus data transfer is complete. 51 * 3. SE_ERR_STATUS is clean. 52 */ 53 static bool tegra_se_is_operation_complete(void) 54 { 55 uint32_t val = 0, timeout = 0, sha_status, aes_status; 56 int32_t ret = 0; 57 bool se_is_busy, txn_has_errors, txn_successful; 58 59 /* 60 * Poll the status register to check if the operation 61 * completed. 62 */ 63 do { 64 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS); 65 se_is_busy = ((val & CTX_SAVE_AUTO_SE_BUSY) != 0U); 66 67 /* sleep until SE finishes */ 68 if (se_is_busy) { 69 mdelay(1); 70 timeout++; 71 } 72 73 } while (se_is_busy && (timeout < MAX_TIMEOUT_MS)); 74 75 /* any transaction errors? */ 76 txn_has_errors = (tegra_se_read_32(SHA_ERR_STATUS) != 0U) || 77 (tegra_se_read_32(AES0_ERR_STATUS) != 0U); 78 79 /* transaction successful? */ 80 sha_status = tegra_se_read_32(SHA_INT_STATUS) & SHA_SE_OP_DONE; 81 aes_status = tegra_se_read_32(AES0_INT_STATUS) & AES0_SE_OP_DONE; 82 txn_successful = (sha_status == SHA_SE_OP_DONE) && 83 (aes_status == AES0_SE_OP_DONE); 84 85 if ((timeout == MAX_TIMEOUT_MS) || txn_has_errors || !txn_successful) { 86 ERROR("%s: Atomic context save operation failed!\n", 87 __func__); 88 ret = -ECANCELED; 89 } 90 91 return (ret == 0); 92 } 93 94 /* 95 * Wait for SE engine to be idle and clear any pending interrupts, before 96 * starting the next SE operation. 97 */ 98 static bool tegra_se_is_ready(void) 99 { 100 int32_t ret = 0; 101 uint32_t val = 0, timeout = 0; 102 bool se_is_ready; 103 104 /* Wait for previous operation to finish */ 105 do { 106 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS); 107 se_is_ready = (val == CTX_SAVE_AUTO_SE_READY); 108 109 /* sleep until SE is ready */ 110 if (!se_is_ready) { 111 mdelay(1); 112 timeout++; 113 } 114 115 } while (!se_is_ready && (timeout < MAX_TIMEOUT_MS)); 116 117 if (timeout == MAX_TIMEOUT_MS) { 118 ERROR("%s: SE is not ready!\n", __func__); 119 ret = -ETIMEDOUT; 120 } 121 122 /* Clear any pending interrupts from previous operation */ 123 tegra_se_write_32(AES0_INT_STATUS, INT_STATUS_SW_CLEAR); 124 tegra_se_write_32(AES1_INT_STATUS, INT_STATUS_SW_CLEAR); 125 tegra_se_write_32(RSA_INT_STATUS, INT_STATUS_SW_CLEAR); 126 tegra_se_write_32(SHA_INT_STATUS, INT_STATUS_SW_CLEAR); 127 128 /* Clear error status for each engine seen from current port */ 129 tegra_se_write_32(AES0_ERR_STATUS, ERR_STATUS_SW_CLEAR); 130 tegra_se_write_32(AES1_ERR_STATUS, ERR_STATUS_SW_CLEAR); 131 tegra_se_write_32(RSA_ERR_STATUS, ERR_STATUS_SW_CLEAR); 132 tegra_se_write_32(SHA_ERR_STATUS, ERR_STATUS_SW_CLEAR); 133 134 return (ret == 0); 135 } 136 137 /* 138 * During System Suspend, this handler triggers the hardware context 139 * save operation. 140 */ 141 static int32_t tegra_se_save_context(void) 142 { 143 int32_t ret = -ECANCELED; 144 145 /* 146 * 1. Ensure all SE Driver including RNG1/PKA1 are shut down. 147 * TSEC/R5s are powergated/idle. All tasks on SE1~SE4, RNG1, 148 * PKA1 are wrapped up. SE0 is ready for use. 149 * 2. Clear interrupt/error in SE0 status register. 150 * 3. Scrub SE0 register to avoid false failure for illegal 151 * configuration. Probably not needed, dependent on HW 152 * implementation. 153 * 4. Check SE is ready for HW CTX_SAVE by polling 154 * SE_CTX_SAVE_AUTO_STATUS.SE_READY. 155 * 156 * Steps 1-4 are executed by tegra_se_is_ready(). 157 * 158 * 5. Issue context save command. 159 * 6. Check SE is busy with CTX_SAVE, the command in step5 was not 160 * dropped for ongoing traffic in any of SE port/engine. 161 * 7. Poll SE register or wait for SE APB interrupt for task completion 162 * a. Polling: Read SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE 163 * b. Interrupt: After receiving interrupt from SE APB, read 164 * SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE. 165 * 8. Check AES0 and SHA ERR_STATUS to ensure no error case. 166 * 9. Check AES0 and SHA INT_STATUS to ensure operation has successfully 167 * completed. 168 * 169 * Steps 6-9 are executed by tegra_se_is_operation_complete(). 170 */ 171 if (tegra_se_is_ready()) { 172 173 /* Issue context save command */ 174 tegra_se_write_32(AES0_OPERATION, SE_OP_CTX_SAVE); 175 176 /* Wait for operation to finish */ 177 if (tegra_se_is_operation_complete()) { 178 ret = 0; 179 } 180 } 181 182 return ret; 183 } 184 185 /* 186 * Check that SE operation has completed after kickoff 187 * This function is invoked after an SE operation has been started, 188 * and it checks the following conditions: 189 * 1. SE0_INT_STATUS = SE0_OP_DONE 190 * 2. SE0_STATUS = IDLE 191 * 3. SE0_ERR_STATUS is clean. 192 */ 193 static int32_t tegra_se_sha256_hash_operation_complete(void) 194 { 195 uint32_t val = 0U; 196 197 /* Poll the SE interrupt register to ensure H/W operation complete */ 198 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 199 while (SE0_INT_OP_DONE(val) == SE0_INT_OP_DONE_CLEAR) { 200 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 201 if (SE0_INT_OP_DONE(val) != SE0_INT_OP_DONE_CLEAR) { 202 break; 203 } 204 } 205 206 /* Poll the SE status idle to ensure H/W operation complete */ 207 val = tegra_se_read_32(SE0_SHA_STATUS_0); 208 while (val != SE0_SHA_STATUS_IDLE) { 209 val = tegra_se_read_32(SE0_SHA_STATUS_0); 210 if (val == SE0_SHA_STATUS_IDLE) { 211 break; 212 } 213 } 214 215 /* Ensure that no errors are thrown during operation */ 216 val = tegra_se_read_32(SE0_ERR_STATUS_REG_OFFSET); 217 if (val != 0U) { 218 ERROR("%s: error during SE operation! 0x%x", __func__, 219 val); 220 return -ENOTSUP; 221 } 222 223 return 0; 224 } 225 226 /* 227 * Security engine primitive normal operations 228 */ 229 static int32_t tegra_se_start_normal_operation(uint64_t src_addr, 230 uint32_t nbytes, uint32_t last_buf, uint32_t src_len_inbytes) 231 { 232 uint32_t val = 0U; 233 uint32_t src_in_lo; 234 uint32_t src_in_msb; 235 uint32_t src_in_hi; 236 int32_t ret = 0; 237 238 if ((src_addr == 0ULL) || (nbytes == 0U)) 239 return -EINVAL; 240 241 src_in_lo = (uint32_t)src_addr; 242 src_in_msb = (uint32_t)((src_addr >> 32U) & 0xFFU); 243 src_in_hi = ((src_in_msb << SE0_IN_HI_ADDR_HI_0_MSB_SHIFT) | 244 (nbytes & MAX_SHA_ENGINE_CHUNK_SIZE)); 245 246 /* set SRC_IN_ADDR_LO and SRC_IN_ADDR_HI*/ 247 tegra_se_write_32(SE0_IN_ADDR, src_in_lo); 248 tegra_se_write_32(SE0_IN_HI_ADDR_HI, src_in_hi); 249 250 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 251 if (val > 0U) { 252 tegra_se_write_32(SE0_INT_STATUS_REG_OFFSET, 0x0U); 253 } 254 255 /* Enable SHA interrupt for SE0 Operation */ 256 tegra_se_write_32(SE0_SHA_INT_ENABLE, 0x1aU); 257 258 /* flush to DRAM for SE to use the updated contents */ 259 flush_dcache_range(src_addr, src_len_inbytes); 260 261 /* Start SHA256 operation */ 262 if (last_buf == 1U) { 263 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START | 264 SE0_UNIT_OPERATION_PKT_LASTBUF_FIELD); 265 } else { 266 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START); 267 } 268 269 return ret; 270 } 271 272 static int32_t tegra_se_calculate_sha256_hash(uint64_t src_addr, 273 uint32_t src_len_inbyte) 274 { 275 uint32_t val, last_buf, i; 276 int32_t ret = 0; 277 uint32_t operations; 278 uint64_t src_len_inbits; 279 uint32_t len_bits_msb; 280 uint32_t len_bits_lsb; 281 uint32_t number_of_operations, max_bytes, bytes_left, remaining_bytes; 282 283 if (src_len_inbyte > MAX_SHA_ENGINE_CHUNK_SIZE) { 284 ERROR("SHA input chunk size too big: 0x%x\n", src_len_inbyte); 285 return -EINVAL; 286 } 287 288 if (src_addr == 0ULL) { 289 return -EINVAL; 290 } 291 292 /* number of bytes per operation */ 293 max_bytes = (SHA256_HASH_SIZE_BYTES * SHA256_MSG_LENGTH_ONETIME); 294 295 src_len_inbits = (uint32_t)(src_len_inbyte * 8U); 296 len_bits_msb = (uint32_t)(src_len_inbits >> 32U); 297 len_bits_lsb = (uint32_t)src_len_inbits; 298 299 /* program SE0_CONFIG for SHA256 operation */ 300 val = (uint32_t)(SE0_CONFIG_ENC_ALG_SHA | SE0_CONFIG_ENC_MODE_SHA256 | 301 SE0_CONFIG_DEC_ALG_NOP | SE0_CONFIG_DST_HASHREG); 302 tegra_se_write_32(SE0_SHA_CONFIG, val); 303 304 /* set SE0_SHA_MSG_LENGTH registers */ 305 tegra_se_write_32(SE0_SHA_MSG_LENGTH_0, len_bits_lsb); 306 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb); 307 tegra_se_write_32(SE0_SHA_MSG_LENGTH_1, len_bits_msb); 308 309 /* zero out unused SE0_SHA_MSG_LENGTH and SE0_SHA_MSG_LEFT */ 310 tegra_se_write_32(SE0_SHA_MSG_LENGTH_2, 0U); 311 tegra_se_write_32(SE0_SHA_MSG_LENGTH_3, 0U); 312 tegra_se_write_32(SE0_SHA_MSG_LEFT_1, 0U); 313 tegra_se_write_32(SE0_SHA_MSG_LEFT_2, 0U); 314 tegra_se_write_32(SE0_SHA_MSG_LEFT_3, 0U); 315 316 number_of_operations = (src_len_inbyte / max_bytes); 317 remaining_bytes = (src_len_inbyte % max_bytes); 318 if (remaining_bytes > 0U) { 319 number_of_operations += 1U; 320 } 321 322 /* 323 * 1. Operations == 1: program SE0_SHA_TASK register to initiate SHA256 324 * hash generation by setting 325 * 1(SE0_SHA_CONFIG_HW_INIT_HASH) to SE0_SHA_TASK 326 * and start SHA256-normal operation. 327 * 2. 1 < Operations < number_of_operations: program SE0_SHA_TASK to 328 * 0(SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE) to load 329 * intermediate SHA256 digest result from 330 * HASH_RESULT register to continue SHA256 331 * generation and start SHA256-normal operation. 332 * 3. Operations == number_of_operations: continue with step 2 and set 333 * max_bytes to bytes_left to process final 334 * hash-result generation and start SHA256-normal 335 * operation. 336 */ 337 bytes_left = src_len_inbyte; 338 for (operations = 1U; operations <= number_of_operations; 339 operations++) { 340 if (operations == SHA_FIRST_OP) { 341 val = SE0_SHA_CONFIG_HW_INIT_HASH; 342 } else { 343 /* Load intermediate SHA digest result to 344 * SHA:HASH_RESULT(0..7) to continue the SHA 345 * calculation and tell the SHA engine to use it. 346 */ 347 for (i = 0U; (i / BYTES_IN_WORD) <= 348 SHA256_MAX_HASH_RESULT; i += BYTES_IN_WORD) { 349 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + 350 i); 351 tegra_se_write_32(SE0_SHA_HASH_RESULT_0 + i, 352 val); 353 } 354 val = SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE; 355 if (len_bits_lsb <= (max_bytes * 8U)) { 356 len_bits_lsb = (remaining_bytes * 8U); 357 } else { 358 len_bits_lsb -= (max_bytes * 8U); 359 } 360 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb); 361 } 362 tegra_se_write_32(SE0_SHA_TASK_CONFIG, val); 363 364 max_bytes = (SHA256_HASH_SIZE_BYTES * 365 SHA256_MSG_LENGTH_ONETIME); 366 if (bytes_left < max_bytes) { 367 max_bytes = bytes_left; 368 last_buf = 1U; 369 } else { 370 bytes_left = bytes_left - max_bytes; 371 last_buf = 0U; 372 } 373 /* start operation */ 374 ret = tegra_se_start_normal_operation(src_addr, max_bytes, 375 last_buf, src_len_inbyte); 376 if (ret != 0) { 377 ERROR("Error during SE operation! 0x%x", ret); 378 return -EINVAL; 379 } 380 } 381 382 return ret; 383 } 384 385 static int32_t tegra_se_save_sha256_pmc_scratch(void) 386 { 387 uint32_t val = 0U, hash_offset = 0U, scratch_offset = 0U; 388 int32_t ret; 389 390 /* Check SE0 operation status */ 391 ret = tegra_se_sha256_hash_operation_complete(); 392 if (ret != 0) { 393 ERROR("SE operation complete Failed! 0x%x", ret); 394 return ret; 395 } 396 397 for (scratch_offset = SECURE_SCRATCH_TZDRAM_SHA256_HASH_START; 398 scratch_offset <= SECURE_SCRATCH_TZDRAM_SHA256_HASH_END; 399 scratch_offset += BYTES_IN_WORD) { 400 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + hash_offset); 401 mmio_write_32((uint32_t)(TEGRA_SCRATCH_BASE + scratch_offset), 402 val); 403 hash_offset += BYTES_IN_WORD; 404 } 405 return 0; 406 } 407 408 /* 409 * Handler to generate SHA256 and save HASH-result to pmc-scratch register 410 */ 411 int32_t tegra_se_calculate_save_sha256(uint64_t src_addr, 412 uint32_t src_len_inbyte) 413 { 414 uint32_t security; 415 int32_t val = 0; 416 417 /* Set SE_SOFT_SETTINGS=SE_SECURE to prevent NS process to change SE 418 * registers. 419 */ 420 security = tegra_se_read_32(SE0_SECURITY); 421 tegra_se_write_32(SE0_SECURITY, security | SE0_SECURITY_SE_SOFT_SETTING); 422 423 /* Bootrom enable IN_ID bit in SE0_SHA_GSCID_0 register during SC7-exit, causing 424 * SE0 ignores SE0 operation, and therefore failure of 2nd iteration of SC7 cycle. 425 */ 426 tegra_se_write_32(SE0_SHA_GSCID_0, 0x0U); 427 428 /* Calculate SHA256 of BL31 */ 429 val = tegra_se_calculate_sha256_hash(src_addr, src_len_inbyte); 430 if (val != 0) { 431 ERROR("%s: SHA256 generation failed\n", __func__); 432 return val; 433 } 434 435 /* 436 * Reset SE_SECURE to previous value. 437 */ 438 tegra_se_write_32(SE0_SECURITY, security); 439 440 /* copy sha256_dst to PMC Scratch register */ 441 val = tegra_se_save_sha256_pmc_scratch(); 442 if (val != 0) { 443 ERROR("%s: SE0 status Error.\n", __func__); 444 } 445 446 return val; 447 } 448 449 /* 450 * Handler to power down the SE hardware blocks - SE, RNG1 and PKA1. This 451 * needs to be called only during System Suspend. 452 */ 453 int32_t tegra_se_suspend(void) 454 { 455 int32_t ret = 0; 456 457 /* initialise communication channel with BPMP */ 458 assert(tegra_bpmp_ipc_init() == 0); 459 460 /* Enable SE clock before SE context save */ 461 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE); 462 assert(ret == 0); 463 464 /* save SE registers */ 465 se_regs[0] = mmio_read_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT); 466 se_regs[1] = mmio_read_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL); 467 se_regs[2] = mmio_read_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT); 468 se_regs[3] = mmio_read_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT); 469 470 /* Save SE context. The BootROM restores it during System Resume */ 471 ret = tegra_se_save_context(); 472 if (ret != 0) { 473 ERROR("%s: context save failed (%d)\n", __func__, ret); 474 } 475 476 /* Disable SE clock after SE context save */ 477 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE); 478 assert(ret == 0); 479 480 return ret; 481 } 482 483 /* 484 * Handler to power up the SE hardware block(s) during System Resume. 485 */ 486 void tegra_se_resume(void) 487 { 488 int32_t ret = 0; 489 490 /* initialise communication channel with BPMP */ 491 assert(tegra_bpmp_ipc_init() == 0); 492 493 /* Enable SE clock before SE context restore */ 494 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE); 495 assert(ret == 0); 496 497 /* 498 * When TZ takes over after System Resume, TZ should first reconfigure 499 * SE_MUTEX_WATCHDOG_NS_LIMIT, PKA1_MUTEX_WATCHDOG_NS_LIMIT, 500 * RNG1_MUTEX_WATCHDOG_NS_LIMIT and SE_ENTROPY_SRC_AGE_CTRL before 501 * other operations. 502 */ 503 mmio_write_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT, se_regs[0]); 504 mmio_write_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL, se_regs[1]); 505 mmio_write_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[2]); 506 mmio_write_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[3]); 507 508 /* Disable SE clock after SE context restore */ 509 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE); 510 assert(ret == 0); 511 } 512