1 /* 2 * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. 3 * Copyright (c) 2017-2020, NVIDIA CORPORATION. All rights reserved. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 8 #include <arch_helpers.h> 9 #include <assert.h> 10 #include <common/debug.h> 11 #include <drivers/delay_timer.h> 12 #include <errno.h> 13 #include <lib/mmio.h> 14 #include <lib/psci/psci.h> 15 #include <se_private.h> 16 #include <security_engine.h> 17 #include <tegra_platform.h> 18 19 /******************************************************************************* 20 * Constants and Macros 21 ******************************************************************************/ 22 23 #define TIMEOUT_100MS 100U /* Timeout in 100ms */ 24 #define RNG_AES_KEY_INDEX 1 25 26 /******************************************************************************* 27 * Data structure and global variables 28 ******************************************************************************/ 29 30 /* The security engine contexts are formatted as follows: 31 * 32 * SE1 CONTEXT: 33 * #--------------------------------# 34 * | Random Data 1 Block | 35 * #--------------------------------# 36 * | Sticky Bits 2 Blocks | 37 * #--------------------------------# 38 * | Key Table 64 Blocks | 39 * | For each Key (x16): | 40 * | Key: 2 Blocks | 41 * | Original-IV: 1 Block | 42 * | Updated-IV: 1 Block | 43 * #--------------------------------# 44 * | RSA Keys 64 Blocks | 45 * #--------------------------------# 46 * | Known Pattern 1 Block | 47 * #--------------------------------# 48 * 49 * SE2/PKA1 CONTEXT: 50 * #--------------------------------# 51 * | Random Data 1 Block | 52 * #--------------------------------# 53 * | Sticky Bits 2 Blocks | 54 * #--------------------------------# 55 * | Key Table 64 Blocks | 56 * | For each Key (x16): | 57 * | Key: 2 Blocks | 58 * | Original-IV: 1 Block | 59 * | Updated-IV: 1 Block | 60 * #--------------------------------# 61 * | RSA Keys 64 Blocks | 62 * #--------------------------------# 63 * | PKA sticky bits 1 Block | 64 * #--------------------------------# 65 * | PKA keys 512 Blocks | 66 * #--------------------------------# 67 * | Known Pattern 1 Block | 68 * #--------------------------------# 69 */ 70 71 /* Known pattern data for T210 */ 72 static const uint8_t se_ctx_known_pattern_data[SE_CTX_KNOWN_PATTERN_SIZE] = { 73 /* 128 bit AES block */ 74 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 75 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 76 }; 77 78 /* SE input and output linked list buffers */ 79 static tegra_se_io_lst_t se1_src_ll_buf; 80 static tegra_se_io_lst_t se1_dst_ll_buf; 81 82 /* SE2 input and output linked list buffers */ 83 static tegra_se_io_lst_t se2_src_ll_buf; 84 static tegra_se_io_lst_t se2_dst_ll_buf; 85 86 /* SE1 context buffer, 132 blocks */ 87 static __aligned(64) uint8_t se1_ctx_buf[SE_CTX_DRBG_BUFER_SIZE]; 88 89 /* SE1 security engine device handle */ 90 static tegra_se_dev_t se_dev_1 = { 91 .se_num = 1, 92 /* Setup base address for se */ 93 .se_base = TEGRA_SE1_BASE, 94 /* Setup context size in AES blocks */ 95 .ctx_size_blks = SE_CTX_SAVE_SIZE_BLOCKS_SE1, 96 /* Setup SRC buffers for SE operations */ 97 .src_ll_buf = &se1_src_ll_buf, 98 /* Setup DST buffers for SE operations */ 99 .dst_ll_buf = &se1_dst_ll_buf, 100 /* Setup context save destination */ 101 .ctx_save_buf = (uint32_t *)&se1_ctx_buf 102 }; 103 104 /* SE2 security engine device handle (T210B01 only) */ 105 static tegra_se_dev_t se_dev_2 = { 106 .se_num = 2, 107 /* Setup base address for se */ 108 .se_base = TEGRA_SE2_BASE, 109 /* Setup context size in AES blocks */ 110 .ctx_size_blks = SE_CTX_SAVE_SIZE_BLOCKS_SE2, 111 /* Setup SRC buffers for SE operations */ 112 .src_ll_buf = &se2_src_ll_buf, 113 /* Setup DST buffers for SE operations */ 114 .dst_ll_buf = &se2_dst_ll_buf, 115 /* Setup context save destination */ 116 .ctx_save_buf = (uint32_t *)(TEGRA_TZRAM_CARVEOUT_BASE + 0x1000) 117 }; 118 119 static bool ecid_valid; 120 121 /******************************************************************************* 122 * Functions Definition 123 ******************************************************************************/ 124 125 static void tegra_se_make_data_coherent(const tegra_se_dev_t *se_dev) 126 { 127 flush_dcache_range(((uint64_t)(se_dev->src_ll_buf)), 128 sizeof(tegra_se_io_lst_t)); 129 flush_dcache_range(((uint64_t)(se_dev->dst_ll_buf)), 130 sizeof(tegra_se_io_lst_t)); 131 } 132 133 /* 134 * Check that SE operation has completed after kickoff 135 * This function is invoked after an SE operation has been started, 136 * and it checks the following conditions: 137 * 1. SE_INT_STATUS = SE_OP_DONE 138 * 2. SE_STATUS = IDLE 139 * 3. AHB bus data transfer complete. 140 * 4. SE_ERR_STATUS is clean. 141 */ 142 static int32_t tegra_se_operation_complete(const tegra_se_dev_t *se_dev) 143 { 144 uint32_t val = 0; 145 int32_t ret = 0; 146 uint32_t timeout; 147 148 /* Poll the SE interrupt register to ensure H/W operation complete */ 149 val = tegra_se_read_32(se_dev, SE_INT_STATUS_REG_OFFSET); 150 for (timeout = 0; (SE_INT_OP_DONE(val) == SE_INT_OP_DONE_CLEAR) && 151 (timeout < TIMEOUT_100MS); timeout++) { 152 mdelay(1); 153 val = tegra_se_read_32(se_dev, SE_INT_STATUS_REG_OFFSET); 154 } 155 156 if (timeout == TIMEOUT_100MS) { 157 ERROR("%s: ERR: Atomic context save operation timeout!\n", 158 __func__); 159 ret = -ETIMEDOUT; 160 } 161 162 /* Poll the SE status idle to ensure H/W operation complete */ 163 if (ret == 0) { 164 val = tegra_se_read_32(se_dev, SE_STATUS_OFFSET); 165 for (timeout = 0; (val != 0U) && (timeout < TIMEOUT_100MS); 166 timeout++) { 167 mdelay(1); 168 val = tegra_se_read_32(se_dev, SE_STATUS_OFFSET); 169 } 170 171 if (timeout == TIMEOUT_100MS) { 172 ERROR("%s: ERR: MEM_INTERFACE and SE state " 173 "idle state timeout.\n", __func__); 174 ret = -ETIMEDOUT; 175 } 176 } 177 178 /* Check AHB bus transfer complete */ 179 if (ret == 0) { 180 val = mmio_read_32(TEGRA_AHB_ARB_BASE + ARAHB_MEM_WRQUE_MST_ID_OFFSET); 181 for (timeout = 0; ((val & (ARAHB_MST_ID_SE_MASK | ARAHB_MST_ID_SE2_MASK)) != 0U) && 182 (timeout < TIMEOUT_100MS); timeout++) { 183 mdelay(1); 184 val = mmio_read_32(TEGRA_AHB_ARB_BASE + ARAHB_MEM_WRQUE_MST_ID_OFFSET); 185 } 186 187 if (timeout == TIMEOUT_100MS) { 188 ERROR("%s: SE write over AHB timeout.\n", __func__); 189 ret = -ETIMEDOUT; 190 } 191 } 192 193 /* Ensure that no errors are thrown during operation */ 194 if (ret == 0) { 195 val = tegra_se_read_32(se_dev, SE_ERR_STATUS_REG_OFFSET); 196 if (val != 0U) { 197 ERROR("%s: error during SE operation! 0x%x", __func__, val); 198 ret = -ENOTSUP; 199 } 200 } 201 202 return ret; 203 } 204 205 /* 206 * Wait for SE engine to be idle and clear pending interrupts before 207 * starting the next SE operation. 208 */ 209 static int32_t tegra_se_operation_prepare(const tegra_se_dev_t *se_dev) 210 { 211 int32_t ret = 0; 212 uint32_t val = 0; 213 uint32_t timeout; 214 215 /* disable SE interrupt to prevent interrupt issued by SE operation */ 216 tegra_se_write_32(se_dev, SE_INT_ENABLE_REG_OFFSET, 0U); 217 218 /* Wait for previous operation to finish */ 219 val = tegra_se_read_32(se_dev, SE_STATUS_OFFSET); 220 for (timeout = 0; (val != 0U) && (timeout < TIMEOUT_100MS); timeout++) { 221 mdelay(1); 222 val = tegra_se_read_32(se_dev, SE_STATUS_OFFSET); 223 } 224 225 if (timeout == TIMEOUT_100MS) { 226 ERROR("%s: ERR: SE status is not idle!\n", __func__); 227 ret = -ETIMEDOUT; 228 } 229 230 /* Clear any pending interrupts from previous operation */ 231 val = tegra_se_read_32(se_dev, SE_INT_STATUS_REG_OFFSET); 232 tegra_se_write_32(se_dev, SE_INT_STATUS_REG_OFFSET, val); 233 return ret; 234 } 235 236 /* 237 * SE atomic context save. At SC7 entry, SE driver triggers the 238 * hardware automatically performs the context save operation. 239 */ 240 static int32_t tegra_se_context_save_atomic(const tegra_se_dev_t *se_dev) 241 { 242 int32_t ret = 0; 243 uint32_t val = 0; 244 uint32_t blk_count_limit = 0; 245 uint32_t block_count; 246 247 /* Check that previous operation is finalized */ 248 ret = tegra_se_operation_prepare(se_dev); 249 250 /* Read the context save progress counter: block_count 251 * Ensure no previous context save has been triggered 252 * SE_CTX_SAVE_AUTO.CURR_CNT == 0 253 */ 254 if (ret == 0) { 255 val = tegra_se_read_32(se_dev, SE_CTX_SAVE_AUTO_REG_OFFSET); 256 block_count = SE_CTX_SAVE_GET_BLK_COUNT(val); 257 if (block_count != 0U) { 258 ERROR("%s: ctx_save triggered multiple times\n", 259 __func__); 260 ret = -EALREADY; 261 } 262 } 263 264 /* Set the destination block count when the context save complete */ 265 if (ret == 0) { 266 blk_count_limit = block_count + se_dev->ctx_size_blks; 267 } 268 269 /* Program SE_CONFIG register as for RNG operation 270 * SE_CONFIG.ENC_ALG = RNG 271 * SE_CONFIG.DEC_ALG = NOP 272 * SE_CONFIG.ENC_MODE is ignored 273 * SE_CONFIG.DEC_MODE is ignored 274 * SE_CONFIG.DST = MEMORY 275 */ 276 if (ret == 0) { 277 val = (SE_CONFIG_ENC_ALG_RNG | 278 SE_CONFIG_DEC_ALG_NOP | 279 SE_CONFIG_DST_MEMORY); 280 tegra_se_write_32(se_dev, SE_CONFIG_REG_OFFSET, val); 281 282 tegra_se_make_data_coherent(se_dev); 283 284 /* SE_CTX_SAVE operation */ 285 tegra_se_write_32(se_dev, SE_OPERATION_REG_OFFSET, 286 SE_OP_CTX_SAVE); 287 288 ret = tegra_se_operation_complete(se_dev); 289 } 290 291 /* Check that context has written the correct number of blocks */ 292 if (ret == 0) { 293 val = tegra_se_read_32(se_dev, SE_CTX_SAVE_AUTO_REG_OFFSET); 294 if (SE_CTX_SAVE_GET_BLK_COUNT(val) != blk_count_limit) { 295 ERROR("%s: expected %d blocks but %d were written\n", 296 __func__, blk_count_limit, val); 297 ret = -ECANCELED; 298 } 299 } 300 301 return ret; 302 } 303 304 /* 305 * Security engine primitive operations, including normal operation 306 * and the context save operation. 307 */ 308 static int tegra_se_perform_operation(const tegra_se_dev_t *se_dev, uint32_t nbytes, 309 bool context_save) 310 { 311 uint32_t nblocks = nbytes / TEGRA_SE_AES_BLOCK_SIZE; 312 int ret = 0; 313 314 assert(se_dev); 315 316 /* Use device buffers for in and out */ 317 tegra_se_write_32(se_dev, SE_OUT_LL_ADDR_REG_OFFSET, ((uint64_t)(se_dev->dst_ll_buf))); 318 tegra_se_write_32(se_dev, SE_IN_LL_ADDR_REG_OFFSET, ((uint64_t)(se_dev->src_ll_buf))); 319 320 /* Check that previous operation is finalized */ 321 ret = tegra_se_operation_prepare(se_dev); 322 if (ret != 0) { 323 goto op_error; 324 } 325 326 /* Program SE operation size */ 327 if (nblocks) { 328 tegra_se_write_32(se_dev, SE_BLOCK_COUNT_REG_OFFSET, nblocks - 1); 329 } 330 331 /* Make SE LL data coherent before the SE operation */ 332 tegra_se_make_data_coherent(se_dev); 333 334 /* Start hardware operation */ 335 if (context_save) 336 tegra_se_write_32(se_dev, SE_OPERATION_REG_OFFSET, SE_OP_CTX_SAVE); 337 else 338 tegra_se_write_32(se_dev, SE_OPERATION_REG_OFFSET, SE_OP_START); 339 340 /* Wait for operation to finish */ 341 ret = tegra_se_operation_complete(se_dev); 342 343 op_error: 344 return ret; 345 } 346 347 /* 348 * Normal security engine operations other than the context save 349 */ 350 int tegra_se_start_normal_operation(const tegra_se_dev_t *se_dev, uint32_t nbytes) 351 { 352 return tegra_se_perform_operation(se_dev, nbytes, false); 353 } 354 355 /* 356 * Security engine context save operation 357 */ 358 int tegra_se_start_ctx_save_operation(const tegra_se_dev_t *se_dev, uint32_t nbytes) 359 { 360 return tegra_se_perform_operation(se_dev, nbytes, true); 361 } 362 363 /* 364 * Security Engine sequence to generat SRK 365 * SE and SE2 will generate different SRK by different 366 * entropy seeds. 367 */ 368 static int tegra_se_generate_srk(const tegra_se_dev_t *se_dev) 369 { 370 int ret = PSCI_E_INTERN_FAIL; 371 uint32_t val; 372 373 /* Confgure the following hardware register settings: 374 * SE_CONFIG.DEC_ALG = NOP 375 * SE_CONFIG.ENC_ALG = RNG 376 * SE_CONFIG.DST = SRK 377 * SE_OPERATION.OP = START 378 * SE_CRYPTO_LAST_BLOCK = 0 379 */ 380 se_dev->src_ll_buf->last_buff_num = 0; 381 se_dev->dst_ll_buf->last_buff_num = 0; 382 383 /* Configure random number generator */ 384 if (ecid_valid) 385 val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_ENTROPY); 386 else 387 val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY); 388 tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val); 389 390 /* Configure output destination = SRK */ 391 val = (SE_CONFIG_ENC_ALG_RNG | 392 SE_CONFIG_DEC_ALG_NOP | 393 SE_CONFIG_DST_SRK); 394 tegra_se_write_32(se_dev, SE_CONFIG_REG_OFFSET, val); 395 396 /* Perform hardware operation */ 397 ret = tegra_se_start_normal_operation(se_dev, 0); 398 399 return ret; 400 } 401 402 /* 403 * Generate plain text random data to some memory location using 404 * SE/SE2's SP800-90 random number generator. The random data size 405 * must be some multiple of the AES block size (16 bytes). 406 */ 407 static int tegra_se_lp_generate_random_data(tegra_se_dev_t *se_dev) 408 { 409 int ret = 0; 410 uint32_t val; 411 412 /* Set some arbitrary memory location to store the random data */ 413 se_dev->dst_ll_buf->last_buff_num = 0; 414 if (!se_dev->ctx_save_buf) { 415 ERROR("%s: ERR: context save buffer NULL pointer!\n", __func__); 416 return PSCI_E_NOT_PRESENT; 417 } 418 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&(((tegra_se_context_t *) 419 se_dev->ctx_save_buf)->rand_data))); 420 se_dev->dst_ll_buf->buffer[0].data_len = SE_CTX_SAVE_RANDOM_DATA_SIZE; 421 422 423 /* Confgure the following hardware register settings: 424 * SE_CONFIG.DEC_ALG = NOP 425 * SE_CONFIG.ENC_ALG = RNG 426 * SE_CONFIG.ENC_MODE = KEY192 427 * SE_CONFIG.DST = MEMORY 428 */ 429 val = (SE_CONFIG_ENC_ALG_RNG | 430 SE_CONFIG_DEC_ALG_NOP | 431 SE_CONFIG_ENC_MODE_KEY192 | 432 SE_CONFIG_DST_MEMORY); 433 tegra_se_write_32(se_dev, SE_CONFIG_REG_OFFSET, val); 434 435 /* Program the RNG options in SE_CRYPTO_CONFIG as follows: 436 * XOR_POS = BYPASS 437 * INPUT_SEL = RANDOM (Entropy or LFSR) 438 * HASH_ENB = DISABLE 439 */ 440 val = (SE_CRYPTO_INPUT_RANDOM | 441 SE_CRYPTO_XOR_BYPASS | 442 SE_CRYPTO_CORE_ENCRYPT | 443 SE_CRYPTO_HASH_DISABLE | 444 SE_CRYPTO_KEY_INDEX(RNG_AES_KEY_INDEX) | 445 SE_CRYPTO_IV_ORIGINAL); 446 tegra_se_write_32(se_dev, SE_CRYPTO_REG_OFFSET, val); 447 448 /* Configure RNG */ 449 if (ecid_valid) 450 val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR); 451 else 452 val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_LFSR); 453 tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val); 454 455 /* SE normal operation */ 456 ret = tegra_se_start_normal_operation(se_dev, SE_CTX_SAVE_RANDOM_DATA_SIZE); 457 458 return ret; 459 } 460 461 /* 462 * Encrypt memory blocks with SRK as part of the security engine context. 463 * The data blocks include: random data and the known pattern data, where 464 * the random data is the first block and known pattern is the last block. 465 */ 466 static int tegra_se_lp_data_context_save(tegra_se_dev_t *se_dev, 467 uint64_t src_addr, uint64_t dst_addr, uint32_t data_size) 468 { 469 int ret = 0; 470 471 se_dev->src_ll_buf->last_buff_num = 0; 472 se_dev->dst_ll_buf->last_buff_num = 0; 473 se_dev->src_ll_buf->buffer[0].addr = src_addr; 474 se_dev->src_ll_buf->buffer[0].data_len = data_size; 475 se_dev->dst_ll_buf->buffer[0].addr = dst_addr; 476 se_dev->dst_ll_buf->buffer[0].data_len = data_size; 477 478 /* By setting the context source from memory and calling the context save 479 * operation, the SE encrypts the memory data with SRK. 480 */ 481 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, SE_CTX_SAVE_SRC_MEM); 482 483 ret = tegra_se_start_ctx_save_operation(se_dev, data_size); 484 485 return ret; 486 } 487 488 /* 489 * Context save the key table access control sticky bits and 490 * security status of each key-slot. The encrypted sticky-bits are 491 * 32 bytes (2 AES blocks) and formatted as the following structure: 492 * { bit in registers bit in context save 493 * SECURITY_0[4] 158 494 * SE_RSA_KEYTABLE_ACCE4SS_1[2:0] 157:155 495 * SE_RSA_KEYTABLE_ACCE4SS_0[2:0] 154:152 496 * SE_RSA_SECURITY_PERKEY_0[1:0] 151:150 497 * SE_CRYPTO_KEYTABLE_ACCESS_15[7:0] 149:142 498 * ..., 499 * SE_CRYPTO_KEYTABLE_ACCESS_0[7:0] 29:22 500 * SE_CRYPTO_SECURITY_PERKEY_0[15:0] 21:6 501 * SE_TZRAM_SECURITY_0[1:0] 5:4 502 * SE_SECURITY_0[16] 3:3 503 * SE_SECURITY_0[2:0] } 2:0 504 */ 505 static int tegra_se_lp_sticky_bits_context_save(tegra_se_dev_t *se_dev) 506 { 507 int ret = PSCI_E_INTERN_FAIL; 508 uint32_t val = 0; 509 510 se_dev->dst_ll_buf->last_buff_num = 0; 511 if (!se_dev->ctx_save_buf) { 512 ERROR("%s: ERR: context save buffer NULL pointer!\n", __func__); 513 return PSCI_E_NOT_PRESENT; 514 } 515 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&(((tegra_se_context_t *) 516 se_dev->ctx_save_buf)->sticky_bits))); 517 se_dev->dst_ll_buf->buffer[0].data_len = SE_CTX_SAVE_STICKY_BITS_SIZE; 518 519 /* 520 * The 1st AES block save the sticky-bits context 1 - 16 bytes (0 - 3 words). 521 * The 2nd AES block save the sticky-bits context 17 - 32 bytes (4 - 7 words). 522 */ 523 for (int i = 0; i < 2; i++) { 524 val = SE_CTX_SAVE_SRC_STICKY_BITS | 525 SE_CTX_SAVE_STICKY_WORD_QUAD(i); 526 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 527 528 /* SE context save operation */ 529 ret = tegra_se_start_ctx_save_operation(se_dev, 530 SE_CTX_SAVE_STICKY_BITS_SIZE); 531 if (ret) 532 break; 533 se_dev->dst_ll_buf->buffer[0].addr += SE_CTX_SAVE_STICKY_BITS_SIZE; 534 } 535 536 return ret; 537 } 538 539 static int tegra_se_aeskeytable_context_save(tegra_se_dev_t *se_dev) 540 { 541 uint32_t val = 0; 542 int ret = 0; 543 544 se_dev->dst_ll_buf->last_buff_num = 0; 545 if (!se_dev->ctx_save_buf) { 546 ERROR("%s: ERR: context save buffer NULL pointer!\n", __func__); 547 ret = -EINVAL; 548 goto aes_keytable_save_err; 549 } 550 551 /* AES key context save */ 552 for (int slot = 0; slot < TEGRA_SE_AES_KEYSLOT_COUNT; slot++) { 553 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 554 ((tegra_se_context_t *)se_dev-> 555 ctx_save_buf)->key_slots[slot].key))); 556 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_KEY_128_SIZE; 557 for (int i = 0; i < 2; i++) { 558 val = SE_CTX_SAVE_SRC_AES_KEYTABLE | 559 SE_CTX_SAVE_KEY_INDEX(slot) | 560 SE_CTX_SAVE_WORD_QUAD(i); 561 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 562 563 /* SE context save operation */ 564 ret = tegra_se_start_ctx_save_operation(se_dev, 565 TEGRA_SE_KEY_128_SIZE); 566 if (ret) { 567 ERROR("%s: ERR: AES key CTX_SAVE OP failed, " 568 "slot=%d, word_quad=%d.\n", 569 __func__, slot, i); 570 goto aes_keytable_save_err; 571 } 572 se_dev->dst_ll_buf->buffer[0].addr += TEGRA_SE_KEY_128_SIZE; 573 } 574 575 /* OIV context save */ 576 se_dev->dst_ll_buf->last_buff_num = 0; 577 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 578 ((tegra_se_context_t *)se_dev-> 579 ctx_save_buf)->key_slots[slot].oiv))); 580 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_AES_IV_SIZE; 581 582 val = SE_CTX_SAVE_SRC_AES_KEYTABLE | 583 SE_CTX_SAVE_KEY_INDEX(slot) | 584 SE_CTX_SAVE_WORD_QUAD_ORIG_IV; 585 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 586 587 /* SE context save operation */ 588 ret = tegra_se_start_ctx_save_operation(se_dev, TEGRA_SE_AES_IV_SIZE); 589 if (ret) { 590 ERROR("%s: ERR: OIV CTX_SAVE OP failed, slot=%d.\n", 591 __func__, slot); 592 goto aes_keytable_save_err; 593 } 594 595 /* UIV context save */ 596 se_dev->dst_ll_buf->last_buff_num = 0; 597 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 598 ((tegra_se_context_t *)se_dev-> 599 ctx_save_buf)->key_slots[slot].uiv))); 600 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_AES_IV_SIZE; 601 602 val = SE_CTX_SAVE_SRC_AES_KEYTABLE | 603 SE_CTX_SAVE_KEY_INDEX(slot) | 604 SE_CTX_SAVE_WORD_QUAD_UPD_IV; 605 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 606 607 /* SE context save operation */ 608 ret = tegra_se_start_ctx_save_operation(se_dev, TEGRA_SE_AES_IV_SIZE); 609 if (ret) { 610 ERROR("%s: ERR: UIV CTX_SAVE OP failed, slot=%d\n", 611 __func__, slot); 612 goto aes_keytable_save_err; 613 } 614 } 615 616 aes_keytable_save_err: 617 return ret; 618 } 619 620 static int tegra_se_lp_rsakeytable_context_save(tegra_se_dev_t *se_dev) 621 { 622 uint32_t val = 0; 623 int ret = 0; 624 /* For T210, First the modulus and then exponent must be 625 * encrypted and saved. This is repeated for SLOT 0 626 * and SLOT 1. Hence the order: 627 * SLOT 0 modulus : RSA_KEY_INDEX : 1 628 * SLOT 0 exponent : RSA_KEY_INDEX : 0 629 * SLOT 1 modulus : RSA_KEY_INDEX : 3 630 * SLOT 1 exponent : RSA_KEY_INDEX : 2 631 */ 632 const unsigned int key_index_mod[TEGRA_SE_RSA_KEYSLOT_COUNT][2] = { 633 /* RSA key slot 0 */ 634 {SE_RSA_KEY_INDEX_SLOT0_MOD, SE_RSA_KEY_INDEX_SLOT0_EXP}, 635 /* RSA key slot 1 */ 636 {SE_RSA_KEY_INDEX_SLOT1_MOD, SE_RSA_KEY_INDEX_SLOT1_EXP}, 637 }; 638 639 se_dev->dst_ll_buf->last_buff_num = 0; 640 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 641 ((tegra_se_context_t *)se_dev-> 642 ctx_save_buf)->rsa_keys))); 643 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_KEY_128_SIZE; 644 645 for (int slot = 0; slot < TEGRA_SE_RSA_KEYSLOT_COUNT; slot++) { 646 /* loop for modulus and exponent */ 647 for (int index = 0; index < 2; index++) { 648 for (int word_quad = 0; word_quad < 16; word_quad++) { 649 val = SE_CTX_SAVE_SRC_RSA_KEYTABLE | 650 SE_CTX_SAVE_RSA_KEY_INDEX( 651 key_index_mod[slot][index]) | 652 SE_CTX_RSA_WORD_QUAD(word_quad); 653 tegra_se_write_32(se_dev, 654 SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 655 656 /* SE context save operation */ 657 ret = tegra_se_start_ctx_save_operation(se_dev, 658 TEGRA_SE_KEY_128_SIZE); 659 if (ret) { 660 ERROR("%s: ERR: slot=%d.\n", 661 __func__, slot); 662 goto rsa_keytable_save_err; 663 } 664 665 /* Update the pointer to the next word quad */ 666 se_dev->dst_ll_buf->buffer[0].addr += 667 TEGRA_SE_KEY_128_SIZE; 668 } 669 } 670 } 671 672 rsa_keytable_save_err: 673 return ret; 674 } 675 676 static int tegra_se_pkakeytable_sticky_bits_save(tegra_se_dev_t *se_dev) 677 { 678 int ret = 0; 679 680 se_dev->dst_ll_buf->last_buff_num = 0; 681 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 682 ((tegra_se2_context_blob_t *)se_dev-> 683 ctx_save_buf)->pka_ctx.sticky_bits))); 684 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_AES_BLOCK_SIZE; 685 686 /* PKA1 sticky bits are 1 AES block (16 bytes) */ 687 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, 688 SE_CTX_SAVE_SRC_PKA1_STICKY_BITS | 689 SE_CTX_STICKY_WORD_QUAD_WORDS_0_3); 690 691 /* SE context save operation */ 692 ret = tegra_se_start_ctx_save_operation(se_dev, 0); 693 if (ret) { 694 ERROR("%s: ERR: PKA1 sticky bits CTX_SAVE OP failed\n", 695 __func__); 696 goto pka_sticky_bits_save_err; 697 } 698 699 pka_sticky_bits_save_err: 700 return ret; 701 } 702 703 static int tegra_se_pkakeytable_context_save(tegra_se_dev_t *se_dev) 704 { 705 uint32_t val = 0; 706 int ret = 0; 707 708 se_dev->dst_ll_buf->last_buff_num = 0; 709 se_dev->dst_ll_buf->buffer[0].addr = ((uint64_t)(&( 710 ((tegra_se2_context_blob_t *)se_dev-> 711 ctx_save_buf)->pka_ctx.pka_keys))); 712 se_dev->dst_ll_buf->buffer[0].data_len = TEGRA_SE_KEY_128_SIZE; 713 714 /* for each slot, save word quad 0-127 */ 715 for (int slot = 0; slot < TEGRA_SE_PKA1_KEYSLOT_COUNT; slot++) { 716 for (int word_quad = 0; word_quad < 512/4; word_quad++) { 717 val = SE_CTX_SAVE_SRC_PKA1_KEYTABLE | 718 SE_CTX_PKA1_WORD_QUAD_L((slot * 128) + 719 word_quad) | 720 SE_CTX_PKA1_WORD_QUAD_H((slot * 128) + 721 word_quad); 722 tegra_se_write_32(se_dev, 723 SE_CTX_SAVE_CONFIG_REG_OFFSET, val); 724 725 /* SE context save operation */ 726 ret = tegra_se_start_ctx_save_operation(se_dev, 727 TEGRA_SE_KEY_128_SIZE); 728 if (ret) { 729 ERROR("%s: ERR: pka1 keytable ctx save error\n", 730 __func__); 731 goto pka_keytable_save_err; 732 } 733 734 /* Update the pointer to the next word quad */ 735 se_dev->dst_ll_buf->buffer[0].addr += 736 TEGRA_SE_KEY_128_SIZE; 737 } 738 } 739 740 pka_keytable_save_err: 741 return ret; 742 } 743 744 static int tegra_se_save_SRK(tegra_se_dev_t *se_dev) 745 { 746 tegra_se_write_32(se_dev, SE_CTX_SAVE_CONFIG_REG_OFFSET, 747 SE_CTX_SAVE_SRC_SRK); 748 749 /* SE context save operation */ 750 return tegra_se_start_ctx_save_operation(se_dev, 0); 751 } 752 753 /* 754 * Lock both SE from non-TZ clients. 755 */ 756 static inline void tegra_se_lock(tegra_se_dev_t *se_dev) 757 { 758 uint32_t val; 759 760 assert(se_dev); 761 val = tegra_se_read_32(se_dev, SE_SECURITY_REG_OFFSET); 762 val |= SE_SECURITY_TZ_LOCK_SOFT(SE_SECURE); 763 tegra_se_write_32(se_dev, SE_SECURITY_REG_OFFSET, val); 764 } 765 766 /* 767 * Use SRK to encrypt SE state and save to TZRAM carveout 768 */ 769 static int tegra_se_context_save_sw(tegra_se_dev_t *se_dev) 770 { 771 int err = 0; 772 773 assert(se_dev); 774 775 /* Lock entire SE/SE2 as TZ protected */ 776 tegra_se_lock(se_dev); 777 778 INFO("%s: generate SRK\n", __func__); 779 /* Generate SRK */ 780 err = tegra_se_generate_srk(se_dev); 781 if (err) { 782 ERROR("%s: ERR: SRK generation failed\n", __func__); 783 return err; 784 } 785 786 INFO("%s: generate random data\n", __func__); 787 /* Generate random data */ 788 err = tegra_se_lp_generate_random_data(se_dev); 789 if (err) { 790 ERROR("%s: ERR: LP random pattern generation failed\n", __func__); 791 return err; 792 } 793 794 INFO("%s: encrypt random data\n", __func__); 795 /* Encrypt the random data block */ 796 err = tegra_se_lp_data_context_save(se_dev, 797 ((uint64_t)(&(((tegra_se_context_t *)se_dev-> 798 ctx_save_buf)->rand_data))), 799 ((uint64_t)(&(((tegra_se_context_t *)se_dev-> 800 ctx_save_buf)->rand_data))), 801 SE_CTX_SAVE_RANDOM_DATA_SIZE); 802 if (err) { 803 ERROR("%s: ERR: random pattern encryption failed\n", __func__); 804 return err; 805 } 806 807 INFO("%s: save SE sticky bits\n", __func__); 808 /* Save AES sticky bits context */ 809 err = tegra_se_lp_sticky_bits_context_save(se_dev); 810 if (err) { 811 ERROR("%s: ERR: sticky bits context save failed\n", __func__); 812 return err; 813 } 814 815 INFO("%s: save AES keytables\n", __func__); 816 /* Save AES key table context */ 817 err = tegra_se_aeskeytable_context_save(se_dev); 818 if (err) { 819 ERROR("%s: ERR: LP keytable save failed\n", __func__); 820 return err; 821 } 822 823 /* RSA key slot table context save */ 824 INFO("%s: save RSA keytables\n", __func__); 825 err = tegra_se_lp_rsakeytable_context_save(se_dev); 826 if (err) { 827 ERROR("%s: ERR: rsa key table context save failed\n", __func__); 828 return err; 829 } 830 831 /* Only SE2 has an interface with PKA1; thus, PKA1's context is saved 832 * via SE2. 833 */ 834 if (se_dev->se_num == 2) { 835 /* Encrypt PKA1 sticky bits on SE2 only */ 836 INFO("%s: save PKA sticky bits\n", __func__); 837 err = tegra_se_pkakeytable_sticky_bits_save(se_dev); 838 if (err) { 839 ERROR("%s: ERR: PKA sticky bits context save failed\n", __func__); 840 return err; 841 } 842 843 /* Encrypt PKA1 keyslots on SE2 only */ 844 INFO("%s: save PKA keytables\n", __func__); 845 err = tegra_se_pkakeytable_context_save(se_dev); 846 if (err) { 847 ERROR("%s: ERR: PKA key table context save failed\n", __func__); 848 return err; 849 } 850 } 851 852 /* Encrypt known pattern */ 853 if (se_dev->se_num == 1) { 854 err = tegra_se_lp_data_context_save(se_dev, 855 ((uint64_t)(&se_ctx_known_pattern_data)), 856 ((uint64_t)(&(((tegra_se_context_blob_t *)se_dev->ctx_save_buf)->known_pattern))), 857 SE_CTX_KNOWN_PATTERN_SIZE); 858 } else if (se_dev->se_num == 2) { 859 err = tegra_se_lp_data_context_save(se_dev, 860 ((uint64_t)(&se_ctx_known_pattern_data)), 861 ((uint64_t)(&(((tegra_se2_context_blob_t *)se_dev->ctx_save_buf)->known_pattern))), 862 SE_CTX_KNOWN_PATTERN_SIZE); 863 } 864 if (err) { 865 ERROR("%s: ERR: save LP known pattern failure\n", __func__); 866 return err; 867 } 868 869 /* Write lp context buffer address into PMC scratch register */ 870 if (se_dev->se_num == 1) { 871 /* SE context address, support T210 only */ 872 mmio_write_32((uint64_t)TEGRA_PMC_BASE + PMC_SCRATCH43_REG_OFFSET, 873 ((uint64_t)(se_dev->ctx_save_buf))); 874 } else if (se_dev->se_num == 2) { 875 /* SE2 & PKA1 context address */ 876 mmio_write_32((uint64_t)TEGRA_PMC_BASE + PMC_SECURE_SCRATCH116_OFFSET, 877 ((uint64_t)(se_dev->ctx_save_buf))); 878 } 879 880 /* Saves SRK to PMC secure scratch registers for BootROM, which 881 * verifies and restores the security engine context on warm boot. 882 */ 883 err = tegra_se_save_SRK(se_dev); 884 if (err < 0) { 885 ERROR("%s: ERR: LP SRK save failure\n", __func__); 886 return err; 887 } 888 889 INFO("%s: SE context save done \n", __func__); 890 891 return err; 892 } 893 894 /* 895 * Initialize the SE engine handle 896 */ 897 void tegra_se_init(void) 898 { 899 uint32_t val = 0; 900 INFO("%s: start SE init\n", __func__); 901 902 /* Generate random SRK to initialize DRBG */ 903 tegra_se_generate_srk(&se_dev_1); 904 905 if (tegra_chipid_is_t210_b01()) { 906 tegra_se_generate_srk(&se_dev_2); 907 } 908 909 /* determine if ECID is valid */ 910 val = mmio_read_32(TEGRA_FUSE_BASE + FUSE_JTAG_SECUREID_VALID); 911 ecid_valid = (val == ECID_VALID); 912 913 INFO("%s: SE init done\n", __func__); 914 } 915 916 static void tegra_se_enable_clocks(void) 917 { 918 uint32_t val = 0; 919 920 /* Enable entropy clock */ 921 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_W); 922 val |= ENTROPY_CLK_ENB_BIT; 923 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_W, val); 924 925 /* De-Assert Entropy Reset */ 926 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_RST_DEVICES_W); 927 val &= ~ENTROPY_RESET_BIT; 928 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_RST_DEVICES_W, val); 929 930 /* 931 * Switch SE clock source to CLK_M, to make sure SE clock 932 * is on when saving SE context 933 */ 934 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_RST_CTL_CLK_SRC_SE, 935 SE_CLK_SRC_CLK_M); 936 937 /* Enable SE clock */ 938 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_V); 939 val |= SE_CLK_ENB_BIT; 940 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_V, val); 941 942 /* De-Assert SE Reset */ 943 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_RST_DEVICES_V); 944 val &= ~SE_RESET_BIT; 945 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_RST_DEVICES_V, val); 946 } 947 948 static void tegra_se_disable_clocks(void) 949 { 950 uint32_t val = 0; 951 952 /* Disable entropy clock */ 953 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_W); 954 val &= ~ENTROPY_CLK_ENB_BIT; 955 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_W, val); 956 957 /* Disable SE clock */ 958 val = mmio_read_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_V); 959 val &= ~SE_CLK_ENB_BIT; 960 mmio_write_32(TEGRA_CAR_RESET_BASE + TEGRA_CLK_OUT_ENB_V, val); 961 } 962 963 /* 964 * Security engine power suspend entry point. 965 * This function is invoked from PSCI power domain suspend handler. 966 */ 967 int32_t tegra_se_suspend(void) 968 { 969 int32_t ret = 0; 970 uint32_t val = 0; 971 972 /* SE does not use SMMU in EL3, disable SMMU. 973 * This will be re-enabled by kernel on resume */ 974 val = mmio_read_32(TEGRA_MC_BASE + MC_SMMU_PPCS_ASID_0); 975 val &= ~PPCS_SMMU_ENABLE; 976 mmio_write_32(TEGRA_MC_BASE + MC_SMMU_PPCS_ASID_0, val); 977 978 tegra_se_enable_clocks(); 979 980 if (tegra_chipid_is_t210_b01()) { 981 /* It is T210 B01, Atomic context save se2 and pka1 */ 982 INFO("%s: SE2/PKA1 atomic context save\n", __func__); 983 ret = tegra_se_context_save_atomic(&se_dev_2); 984 if (ret != 0) { 985 ERROR("%s: SE2 ctx save failed (%d)\n", __func__, ret); 986 } 987 988 ret = tegra_se_context_save_atomic(&se_dev_1); 989 if (ret != 0) { 990 ERROR("%s: SE1 ctx save failed (%d)\n", __func__, ret); 991 } 992 } else { 993 /* It is T210, SW context save se */ 994 INFO("%s: SE1 legacy(SW) context save\n", __func__); 995 ret = tegra_se_context_save_sw(&se_dev_1); 996 if (ret != 0) { 997 ERROR("%s: SE1 ctx save failed (%d)\n", __func__, ret); 998 } 999 } 1000 1001 tegra_se_disable_clocks(); 1002 1003 return ret; 1004 } 1005 1006 /* 1007 * Save TZRAM to shadow TZRAM in AON 1008 */ 1009 int32_t tegra_se_save_tzram(void) 1010 { 1011 uint32_t val = 0; 1012 int32_t ret = 0; 1013 uint32_t timeout; 1014 1015 INFO("%s: SE TZRAM save start\n", __func__); 1016 tegra_se_enable_clocks(); 1017 1018 val = (SE_TZRAM_OP_REQ_INIT | SE_TZRAM_OP_MODE_SAVE); 1019 tegra_se_write_32(&se_dev_1, SE_TZRAM_OPERATION, val); 1020 1021 val = tegra_se_read_32(&se_dev_1, SE_TZRAM_OPERATION); 1022 for (timeout = 0; (SE_TZRAM_OP_BUSY(val) == SE_TZRAM_OP_BUSY_ON) && 1023 (timeout < TIMEOUT_100MS); timeout++) { 1024 mdelay(1); 1025 val = tegra_se_read_32(&se_dev_1, SE_TZRAM_OPERATION); 1026 } 1027 1028 if (timeout == TIMEOUT_100MS) { 1029 ERROR("%s: ERR: TZRAM save timeout!\n", __func__); 1030 ret = -ETIMEDOUT; 1031 } 1032 1033 if (ret == 0) { 1034 INFO("%s: SE TZRAM save done!\n", __func__); 1035 } 1036 1037 tegra_se_disable_clocks(); 1038 1039 return ret; 1040 } 1041 1042 /* 1043 * The function is invoked by SE resume 1044 */ 1045 static void tegra_se_warm_boot_resume(const tegra_se_dev_t *se_dev) 1046 { 1047 uint32_t val; 1048 1049 assert(se_dev); 1050 1051 /* Lock RNG source to ENTROPY on resume */ 1052 val = DRBG_RO_ENT_IGNORE_MEM_ENABLE | 1053 DRBG_RO_ENT_SRC_LOCK_ENABLE | 1054 DRBG_RO_ENT_SRC_ENABLE; 1055 tegra_se_write_32(se_dev, SE_RNG_SRC_CONFIG_REG_OFFSET, val); 1056 1057 /* Set a random value to SRK to initialize DRBG */ 1058 tegra_se_generate_srk(se_dev); 1059 } 1060 1061 /* 1062 * The function is invoked on SC7 resume 1063 */ 1064 void tegra_se_resume(void) 1065 { 1066 tegra_se_warm_boot_resume(&se_dev_1); 1067 1068 if (tegra_chipid_is_t210_b01()) { 1069 tegra_se_warm_boot_resume(&se_dev_2); 1070 } 1071 } 1072