1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * Copyright (c) 2019-2020, NVIDIA CORPORATION. All rights reserved. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 8 #include <assert.h> 9 #include <errno.h> 10 #include <stdbool.h> 11 12 #include <arch_helpers.h> 13 #include <bpmp_ipc.h> 14 #include <common/debug.h> 15 #include <drivers/delay_timer.h> 16 #include <lib/mmio.h> 17 #include <lib/psci/psci.h> 18 #include <se.h> 19 #include <tegra_platform.h> 20 21 #include "se_private.h" 22 23 /******************************************************************************* 24 * Constants and Macros 25 ******************************************************************************/ 26 #define ERR_STATUS_SW_CLEAR U(0xFFFFFFFF) 27 #define INT_STATUS_SW_CLEAR U(0xFFFFFFFF) 28 #define MAX_TIMEOUT_MS U(100) /* Timeout in 100ms */ 29 #define NUM_SE_REGS_TO_SAVE U(4) 30 31 #define SE0_MAX_BUSY_TIMEOUT_MS U(100) /* 100ms Timeout Expired */ 32 #define BYTES_IN_WORD U(4) 33 #define SHA256_MAX_HASH_RESULT U(7) 34 #define SHA256_DST_SIZE U(32) 35 #define SHA_FIRST_OP U(1) 36 #define MAX_SHA_ENGINE_CHUNK_SIZE U(0xFFFFFF) 37 #define SHA256_MSG_LENGTH_ONETIME U(0xFFFF) 38 39 /******************************************************************************* 40 * Data structure and global variables 41 ******************************************************************************/ 42 static uint32_t se_regs[NUM_SE_REGS_TO_SAVE]; 43 44 /* 45 * Check that SE operation has completed after kickoff. 46 * 47 * This function is invoked after an SE operation has been started, 48 * and it checks the following conditions: 49 * 50 * 1. SE_STATUS = IDLE 51 * 2. AHB bus data transfer is complete. 52 * 3. SE_ERR_STATUS is clean. 53 */ 54 static bool tegra_se_is_operation_complete(void) 55 { 56 uint32_t val = 0, timeout = 0, sha_status, aes_status; 57 int32_t ret = 0; 58 bool se_is_busy, txn_has_errors, txn_successful; 59 60 /* 61 * Poll the status register to check if the operation 62 * completed. 63 */ 64 do { 65 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS); 66 se_is_busy = ((val & CTX_SAVE_AUTO_SE_BUSY) != 0U); 67 68 /* sleep until SE finishes */ 69 if (se_is_busy) { 70 mdelay(1); 71 timeout++; 72 } 73 74 } while (se_is_busy && (timeout < MAX_TIMEOUT_MS)); 75 76 /* any transaction errors? */ 77 txn_has_errors = (tegra_se_read_32(SHA_ERR_STATUS) != 0U) || 78 (tegra_se_read_32(AES0_ERR_STATUS) != 0U); 79 80 /* transaction successful? */ 81 sha_status = tegra_se_read_32(SHA_INT_STATUS) & SHA_SE_OP_DONE; 82 aes_status = tegra_se_read_32(AES0_INT_STATUS) & AES0_SE_OP_DONE; 83 txn_successful = (sha_status == SHA_SE_OP_DONE) && 84 (aes_status == AES0_SE_OP_DONE); 85 86 if ((timeout == MAX_TIMEOUT_MS) || txn_has_errors || !txn_successful) { 87 ERROR("%s: Atomic context save operation failed!\n", 88 __func__); 89 ret = -ECANCELED; 90 } 91 92 return (ret == 0); 93 } 94 95 /* 96 * Wait for SE engine to be idle and clear any pending interrupts, before 97 * starting the next SE operation. 98 */ 99 static bool tegra_se_is_ready(void) 100 { 101 int32_t ret = 0; 102 uint32_t val = 0, timeout = 0; 103 bool se_is_ready; 104 105 /* Wait for previous operation to finish */ 106 do { 107 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS); 108 se_is_ready = (val == CTX_SAVE_AUTO_SE_READY); 109 110 /* sleep until SE is ready */ 111 if (!se_is_ready) { 112 mdelay(1); 113 timeout++; 114 } 115 116 } while (!se_is_ready && (timeout < MAX_TIMEOUT_MS)); 117 118 if (timeout == MAX_TIMEOUT_MS) { 119 ERROR("%s: SE is not ready!\n", __func__); 120 ret = -ETIMEDOUT; 121 } 122 123 /* Clear any pending interrupts from previous operation */ 124 tegra_se_write_32(AES0_INT_STATUS, INT_STATUS_SW_CLEAR); 125 tegra_se_write_32(AES1_INT_STATUS, INT_STATUS_SW_CLEAR); 126 tegra_se_write_32(RSA_INT_STATUS, INT_STATUS_SW_CLEAR); 127 tegra_se_write_32(SHA_INT_STATUS, INT_STATUS_SW_CLEAR); 128 129 /* Clear error status for each engine seen from current port */ 130 tegra_se_write_32(AES0_ERR_STATUS, ERR_STATUS_SW_CLEAR); 131 tegra_se_write_32(AES1_ERR_STATUS, ERR_STATUS_SW_CLEAR); 132 tegra_se_write_32(RSA_ERR_STATUS, ERR_STATUS_SW_CLEAR); 133 tegra_se_write_32(SHA_ERR_STATUS, ERR_STATUS_SW_CLEAR); 134 135 return (ret == 0); 136 } 137 138 /* 139 * During System Suspend, this handler triggers the hardware context 140 * save operation. 141 */ 142 static int32_t tegra_se_save_context(void) 143 { 144 int32_t ret = -ECANCELED; 145 146 /* 147 * 1. Ensure all SE Driver including RNG1/PKA1 are shut down. 148 * TSEC/R5s are powergated/idle. All tasks on SE1~SE4, RNG1, 149 * PKA1 are wrapped up. SE0 is ready for use. 150 * 2. Clear interrupt/error in SE0 status register. 151 * 3. Scrub SE0 register to avoid false failure for illegal 152 * configuration. Probably not needed, dependent on HW 153 * implementation. 154 * 4. Check SE is ready for HW CTX_SAVE by polling 155 * SE_CTX_SAVE_AUTO_STATUS.SE_READY. 156 * 157 * Steps 1-4 are executed by tegra_se_is_ready(). 158 * 159 * 5. Issue context save command. 160 * 6. Check SE is busy with CTX_SAVE, the command in step5 was not 161 * dropped for ongoing traffic in any of SE port/engine. 162 * 7. Poll SE register or wait for SE APB interrupt for task completion 163 * a. Polling: Read SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE 164 * b. Interrupt: After receiving interrupt from SE APB, read 165 * SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE. 166 * 8. Check AES0 and SHA ERR_STATUS to ensure no error case. 167 * 9. Check AES0 and SHA INT_STATUS to ensure operation has successfully 168 * completed. 169 * 170 * Steps 6-9 are executed by tegra_se_is_operation_complete(). 171 */ 172 if (tegra_se_is_ready()) { 173 174 /* Issue context save command */ 175 tegra_se_write_32(AES0_OPERATION, SE_OP_CTX_SAVE); 176 177 /* Wait for operation to finish */ 178 if (tegra_se_is_operation_complete()) { 179 ret = 0; 180 } 181 } 182 183 return ret; 184 } 185 186 /* 187 * Check that SE operation has completed after kickoff 188 * This function is invoked after an SE operation has been started, 189 * and it checks the following conditions: 190 * 1. SE0_INT_STATUS = SE0_OP_DONE 191 * 2. SE0_STATUS = IDLE 192 * 3. SE0_ERR_STATUS is clean. 193 */ 194 static int32_t tegra_se_sha256_hash_operation_complete(void) 195 { 196 uint32_t val = 0U; 197 198 /* Poll the SE interrupt register to ensure H/W operation complete */ 199 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 200 while (SE0_INT_OP_DONE(val) == SE0_INT_OP_DONE_CLEAR) { 201 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 202 if (SE0_INT_OP_DONE(val) != SE0_INT_OP_DONE_CLEAR) { 203 break; 204 } 205 } 206 207 /* Poll the SE status idle to ensure H/W operation complete */ 208 val = tegra_se_read_32(SE0_SHA_STATUS_0); 209 while (val != SE0_SHA_STATUS_IDLE) { 210 val = tegra_se_read_32(SE0_SHA_STATUS_0); 211 if (val == SE0_SHA_STATUS_IDLE) { 212 break; 213 } 214 } 215 216 /* Ensure that no errors are thrown during operation */ 217 val = tegra_se_read_32(SE0_ERR_STATUS_REG_OFFSET); 218 if (val != 0U) { 219 ERROR("%s: error during SE operation! 0x%x", __func__, 220 val); 221 return -ENOTSUP; 222 } 223 224 return 0; 225 } 226 227 /* 228 * Security engine primitive normal operations 229 */ 230 static int32_t tegra_se_start_normal_operation(uint64_t src_addr, 231 uint32_t nbytes, uint32_t last_buf, uint32_t src_len_inbytes) 232 { 233 uint32_t val = 0U; 234 uint32_t src_in_lo; 235 uint32_t src_in_msb; 236 uint32_t src_in_hi; 237 int32_t ret = 0; 238 239 if ((src_addr == 0ULL) || (nbytes == 0U)) 240 return -EINVAL; 241 242 src_in_lo = (uint32_t)src_addr; 243 src_in_msb = (uint32_t)((src_addr >> 32U) & 0xFFU); 244 src_in_hi = ((src_in_msb << SE0_IN_HI_ADDR_HI_0_MSB_SHIFT) | 245 (nbytes & MAX_SHA_ENGINE_CHUNK_SIZE)); 246 247 /* set SRC_IN_ADDR_LO and SRC_IN_ADDR_HI*/ 248 tegra_se_write_32(SE0_IN_ADDR, src_in_lo); 249 tegra_se_write_32(SE0_IN_HI_ADDR_HI, src_in_hi); 250 251 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET); 252 if (val > 0U) { 253 tegra_se_write_32(SE0_INT_STATUS_REG_OFFSET, 0x0U); 254 } 255 256 /* Enable SHA interrupt for SE0 Operation */ 257 tegra_se_write_32(SE0_SHA_INT_ENABLE, 0x1aU); 258 259 /* flush to DRAM for SE to use the updated contents */ 260 flush_dcache_range(src_addr, src_len_inbytes); 261 262 /* Start SHA256 operation */ 263 if (last_buf == 1U) { 264 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START | 265 SE0_UNIT_OPERATION_PKT_LASTBUF_FIELD); 266 } else { 267 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START); 268 } 269 270 return ret; 271 } 272 273 static int32_t tegra_se_calculate_sha256_hash(uint64_t src_addr, 274 uint32_t src_len_inbyte) 275 { 276 uint32_t val, last_buf, i; 277 int32_t ret = 0; 278 uint32_t operations; 279 uint64_t src_len_inbits; 280 uint32_t len_bits_msb; 281 uint32_t len_bits_lsb; 282 uint32_t number_of_operations, max_bytes, bytes_left, remaining_bytes; 283 284 if (src_len_inbyte > MAX_SHA_ENGINE_CHUNK_SIZE) { 285 ERROR("SHA input chunk size too big: 0x%x\n", src_len_inbyte); 286 return -EINVAL; 287 } 288 289 if (src_addr == 0ULL) { 290 return -EINVAL; 291 } 292 293 /* number of bytes per operation */ 294 max_bytes = (SHA256_HASH_SIZE_BYTES * SHA256_MSG_LENGTH_ONETIME); 295 296 src_len_inbits = (uint32_t)(src_len_inbyte * 8U); 297 len_bits_msb = (uint32_t)(src_len_inbits >> 32U); 298 len_bits_lsb = (uint32_t)src_len_inbits; 299 300 /* program SE0_CONFIG for SHA256 operation */ 301 val = (uint32_t)(SE0_CONFIG_ENC_ALG_SHA | SE0_CONFIG_ENC_MODE_SHA256 | 302 SE0_CONFIG_DEC_ALG_NOP | SE0_CONFIG_DST_HASHREG); 303 tegra_se_write_32(SE0_SHA_CONFIG, val); 304 305 /* set SE0_SHA_MSG_LENGTH registers */ 306 tegra_se_write_32(SE0_SHA_MSG_LENGTH_0, len_bits_lsb); 307 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb); 308 tegra_se_write_32(SE0_SHA_MSG_LENGTH_1, len_bits_msb); 309 310 /* zero out unused SE0_SHA_MSG_LENGTH and SE0_SHA_MSG_LEFT */ 311 tegra_se_write_32(SE0_SHA_MSG_LENGTH_2, 0U); 312 tegra_se_write_32(SE0_SHA_MSG_LENGTH_3, 0U); 313 tegra_se_write_32(SE0_SHA_MSG_LEFT_1, 0U); 314 tegra_se_write_32(SE0_SHA_MSG_LEFT_2, 0U); 315 tegra_se_write_32(SE0_SHA_MSG_LEFT_3, 0U); 316 317 number_of_operations = (src_len_inbyte / max_bytes); 318 remaining_bytes = (src_len_inbyte % max_bytes); 319 if (remaining_bytes > 0U) { 320 number_of_operations += 1U; 321 } 322 323 /* 324 * 1. Operations == 1: program SE0_SHA_TASK register to initiate SHA256 325 * hash generation by setting 326 * 1(SE0_SHA_CONFIG_HW_INIT_HASH) to SE0_SHA_TASK 327 * and start SHA256-normal operation. 328 * 2. 1 < Operations < number_of_operations: program SE0_SHA_TASK to 329 * 0(SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE) to load 330 * intermediate SHA256 digest result from 331 * HASH_RESULT register to continue SHA256 332 * generation and start SHA256-normal operation. 333 * 3. Operations == number_of_operations: continue with step 2 and set 334 * max_bytes to bytes_left to process final 335 * hash-result generation and start SHA256-normal 336 * operation. 337 */ 338 bytes_left = src_len_inbyte; 339 for (operations = 1U; operations <= number_of_operations; 340 operations++) { 341 if (operations == SHA_FIRST_OP) { 342 val = SE0_SHA_CONFIG_HW_INIT_HASH; 343 } else { 344 /* Load intermediate SHA digest result to 345 * SHA:HASH_RESULT(0..7) to continue the SHA 346 * calculation and tell the SHA engine to use it. 347 */ 348 for (i = 0U; (i / BYTES_IN_WORD) <= 349 SHA256_MAX_HASH_RESULT; i += BYTES_IN_WORD) { 350 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + 351 i); 352 tegra_se_write_32(SE0_SHA_HASH_RESULT_0 + i, 353 val); 354 } 355 val = SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE; 356 if (len_bits_lsb <= (max_bytes * 8U)) { 357 len_bits_lsb = (remaining_bytes * 8U); 358 } else { 359 len_bits_lsb -= (max_bytes * 8U); 360 } 361 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb); 362 } 363 tegra_se_write_32(SE0_SHA_TASK_CONFIG, val); 364 365 max_bytes = (SHA256_HASH_SIZE_BYTES * 366 SHA256_MSG_LENGTH_ONETIME); 367 if (bytes_left < max_bytes) { 368 max_bytes = bytes_left; 369 last_buf = 1U; 370 } else { 371 bytes_left = bytes_left - max_bytes; 372 last_buf = 0U; 373 } 374 /* start operation */ 375 ret = tegra_se_start_normal_operation(src_addr, max_bytes, 376 last_buf, src_len_inbyte); 377 if (ret != 0) { 378 ERROR("Error during SE operation! 0x%x", ret); 379 return -EINVAL; 380 } 381 } 382 383 return ret; 384 } 385 386 static int32_t tegra_se_save_sha256_pmc_scratch(void) 387 { 388 uint32_t val = 0U, hash_offset = 0U, scratch_offset = 0U; 389 int32_t ret; 390 391 /* Check SE0 operation status */ 392 ret = tegra_se_sha256_hash_operation_complete(); 393 if (ret != 0) { 394 ERROR("SE operation complete Failed! 0x%x", ret); 395 return ret; 396 } 397 398 for (scratch_offset = SECURE_SCRATCH_TZDRAM_SHA256_HASH_START; 399 scratch_offset <= SECURE_SCRATCH_TZDRAM_SHA256_HASH_END; 400 scratch_offset += BYTES_IN_WORD) { 401 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + hash_offset); 402 mmio_write_32((uint32_t)(TEGRA_SCRATCH_BASE + scratch_offset), 403 val); 404 hash_offset += BYTES_IN_WORD; 405 } 406 return 0; 407 } 408 409 /* 410 * Handler to generate SHA256 and save HASH-result to pmc-scratch register 411 */ 412 int32_t tegra_se_calculate_save_sha256(uint64_t src_addr, 413 uint32_t src_len_inbyte) 414 { 415 uint32_t security; 416 int32_t val = 0; 417 418 /* Set SE_SOFT_SETTINGS=SE_SECURE to prevent NS process to change SE 419 * registers. 420 */ 421 security = tegra_se_read_32(SE0_SECURITY); 422 tegra_se_write_32(SE0_SECURITY, security | SE0_SECURITY_SE_SOFT_SETTING); 423 424 /* Bootrom enable IN_ID bit in SE0_SHA_GSCID_0 register during SC7-exit, causing 425 * SE0 ignores SE0 operation, and therefore failure of 2nd iteration of SC7 cycle. 426 */ 427 tegra_se_write_32(SE0_SHA_GSCID_0, 0x0U); 428 429 /* Calculate SHA256 of BL31 */ 430 val = tegra_se_calculate_sha256_hash(src_addr, src_len_inbyte); 431 if (val != 0) { 432 ERROR("%s: SHA256 generation failed\n", __func__); 433 return val; 434 } 435 436 /* 437 * Reset SE_SECURE to previous value. 438 */ 439 tegra_se_write_32(SE0_SECURITY, security); 440 441 /* copy sha256_dst to PMC Scratch register */ 442 val = tegra_se_save_sha256_pmc_scratch(); 443 if (val != 0) { 444 ERROR("%s: SE0 status Error.\n", __func__); 445 } 446 447 return val; 448 } 449 450 /* 451 * Handler to power down the SE hardware blocks - SE, RNG1 and PKA1. This 452 * needs to be called only during System Suspend. 453 */ 454 int32_t tegra_se_suspend(void) 455 { 456 int32_t ret = 0; 457 458 /* initialise communication channel with BPMP */ 459 assert(tegra_bpmp_ipc_init() == 0); 460 461 /* Enable SE clock before SE context save */ 462 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE); 463 assert(ret == 0); 464 465 /* save SE registers */ 466 se_regs[0] = mmio_read_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT); 467 se_regs[1] = mmio_read_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL); 468 se_regs[2] = mmio_read_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT); 469 se_regs[3] = mmio_read_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT); 470 471 /* Save SE context. The BootROM restores it during System Resume */ 472 ret = tegra_se_save_context(); 473 if (ret != 0) { 474 ERROR("%s: context save failed (%d)\n", __func__, ret); 475 } 476 477 /* Disable SE clock after SE context save */ 478 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE); 479 assert(ret == 0); 480 481 return ret; 482 } 483 484 /* 485 * Handler to power up the SE hardware block(s) during System Resume. 486 */ 487 void tegra_se_resume(void) 488 { 489 int32_t ret = 0; 490 491 /* initialise communication channel with BPMP */ 492 assert(tegra_bpmp_ipc_init() == 0); 493 494 /* Enable SE clock before SE context restore */ 495 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE); 496 assert(ret == 0); 497 498 /* 499 * When TZ takes over after System Resume, TZ should first reconfigure 500 * SE_MUTEX_WATCHDOG_NS_LIMIT, PKA1_MUTEX_WATCHDOG_NS_LIMIT, 501 * RNG1_MUTEX_WATCHDOG_NS_LIMIT and SE_ENTROPY_SRC_AGE_CTRL before 502 * other operations. 503 */ 504 mmio_write_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT, se_regs[0]); 505 mmio_write_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL, se_regs[1]); 506 mmio_write_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[2]); 507 mmio_write_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[3]); 508 509 /* Disable SE clock after SE context restore */ 510 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE); 511 assert(ret == 0); 512 } 513