1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright 2022 Microsoft
4 *
5 * Driver for the NXP LX2160A-series Security Fuse Processor (SFP).
6 */
7
8 #include <assert.h>
9 #include <drivers/ls_sfp.h>
10 #include <io.h>
11 #include <kernel/boot.h>
12 #include <kernel/delay.h>
13 #include <kernel/dt.h>
14 #include <kernel/panic.h>
15 #include <kernel/tee_time.h>
16 #include <libfdt.h>
17 #include <mm/core_memprot.h>
18 #include <util.h>
19
20 /**
21 * struct ls_sfp_registers - Memory map of the SFP registers.
22 * @rsvd0[0x8]: Reserved.
23 * @ingr: Instruction Register.
24 * @svhesr: Secret Value Hamming Error Status Registers.
25 * @sfpcr: SFP Configuration Register.
26 * @rsvd1[0x3]: Reserved.
27 * @version: SFP Version Register.
28 * @rsvd2[0x71]: Reserved.
29 * @ospr0: OEM Security Policy Register 0.
30 * @ospr1: OEM Security Policy Register 1.
31 * @dcvr0: Debug Challenge Value Register 0.
32 * @dcvr1: Debug Challenge Value Register 1.
33 * @drvr0: Debug Response Value Register 0.
34 * @drvr1: Debug Response Value Register 1
35 * @fswpr: Factory Section Write Protect Register.
36 * @fuidr0: Factory Unique ID Register 0.
37 * @fuidr1: Factory Unique ID Register 1.
38 * @isbccr: ISBC Configuration Register.
39 * @fspfr[0x3]: Factory Scratch Pad Fuse Registers.
40 * @otpmkr[0x8]: One Time Programmable Master Key.
41 * @srkhr[0x8]: Super Root Key Hash.
42 * @ouidr[0x5]: OEM Unique ID Scratch Pad Fuse Registers.
43 */
44 static struct ls_sfp_registers {
45 uint32_t rsvd0[0x8]; /* 0x000 */
46 uint32_t ingr; /* 0x020 */
47 uint32_t svhesr; /* 0x024 */
48 uint32_t sfpcr; /* 0x028 */
49 uint32_t rsvd1[0x3]; /* 0x02C */
50 uint32_t version; /* 0x038 */
51 uint32_t rsvd2[0x71]; /* 0x03C */
52 uint32_t ospr0; /* 0x200 */
53 uint32_t ospr1; /* 0x204 */
54 uint32_t dcvr0; /* 0x208 */
55 uint32_t dcvr1; /* 0x20C */
56 uint32_t drvr0; /* 0x210 */
57 uint32_t drvr1; /* 0x214 */
58 uint32_t fswpr; /* 0x218 */
59 uint32_t fuidr0; /* 0x21C */
60 uint32_t fuidr1; /* 0x220 */
61 uint32_t isbccr; /* 0x224 */
62 uint32_t fspfr[0x3]; /* 0x228 */
63 uint32_t otpmkr[0x8]; /* 0x234 */
64 uint32_t srkhr[0x8]; /* 0x254 */
65 uint32_t ouidr[0x5]; /* 0x274 */
66 } *sfp_regs;
67
68 /**
69 * struct ls_gpio_info - Data struct containing GPIO specific information.
70 * @gpio_pin: GPIO pin number.
71 * @gpio_chip: GPIO controller instance data.
72 */
73 static struct ls_gpio_info {
74 uint32_t gpio_pin;
75 struct ls_gpio_chip_data gpio_chip;
76 } gpio_info;
77
78 /**
79 * ls_sfp_init() - Get SFP info from the embedded device tree and initialize
80 * sfp_regs and gpio_info.
81 *
82 * Return: TEE_SUCCESS or > 0 on error.
83 */
ls_sfp_init(void)84 static TEE_Result ls_sfp_init(void)
85 {
86 size_t size = 0;
87 int node = 0;
88 int rc = 0;
89 int povdd_node = 0;
90 int prop_len = 0;
91 vaddr_t ctrl_base = 0;
92 struct ls_gpio_chip_data *gc = NULL;
93 const char *fdt_prop_gpio = "povdd-gpio-controller";
94 const char *fdt_prop_pin = "povdd-gpio-pin";
95 const fdt32_t *gpio_val = NULL;
96 const fdt32_t *pin_val = NULL;
97 void *fdt = get_embedded_dt();
98
99 if (!fdt) {
100 EMSG("Unable to get the Embedded DTB, SFP init failed");
101 return TEE_ERROR_GENERIC;
102 }
103
104 node = fdt_node_offset_by_compatible(fdt, node, "fsl,lx2160a-sfp");
105 if (node <= 0) {
106 EMSG("Unable to find SFP FDT node - rc = 0x%#"PRIx32, rc);
107 return TEE_ERROR_ITEM_NOT_FOUND;
108 }
109
110 rc = dt_map_dev(fdt, node, &ctrl_base, &size);
111 if (rc < 0) {
112 EMSG("Unable to get SFP virtual address - rc = 0x%#"PRIx32, rc);
113 return TEE_ERROR_GENERIC;
114 }
115
116 povdd_node = fdt_path_offset(fdt, "/povdd");
117 if (povdd_node <= 0) {
118 EMSG("Unable to find POVDD FDT node - rc = 0x%#"PRIx32,
119 povdd_node);
120 return TEE_ERROR_ITEM_NOT_FOUND;
121 }
122
123 sfp_regs = (struct ls_sfp_registers *)ctrl_base;
124
125 gpio_val = fdt_getprop(fdt, povdd_node, fdt_prop_gpio, &prop_len);
126 if (!gpio_val) {
127 EMSG("Missing %s from POVDD FDT node", fdt_prop_gpio);
128 return TEE_ERROR_ITEM_NOT_FOUND;
129 }
130
131 pin_val = fdt_getprop(fdt, povdd_node, fdt_prop_pin, &prop_len);
132 if (!pin_val) {
133 EMSG("Missing %s from POVDD FDT node", fdt_prop_pin);
134 return TEE_ERROR_ITEM_NOT_FOUND;
135 }
136
137 gc = &gpio_info.gpio_chip;
138 gc->gpio_controller = (uint8_t)fdt32_to_cpu(*gpio_val);
139 gpio_info.gpio_pin = fdt32_to_cpu(*pin_val);
140
141 return ls_gpio_init(gc);
142 }
143
144 /**
145 * ls_sfp_program_fuses() - Write to fuses and verify that the correct value was
146 * written.
147 *
148 * Return: TEE_SUCCESS or > 0 on error.
149 */
ls_sfp_program_fuses(void)150 static TEE_Result ls_sfp_program_fuses(void)
151 {
152 struct gpio_chip *gc = NULL;
153 uint32_t pin = gpio_info.gpio_pin;
154 vaddr_t sfp_ingr_va = (vaddr_t)&sfp_regs->ingr;
155 uint64_t timeout = 0;
156
157 /* Enable POVDD */
158 gc = &gpio_info.gpio_chip.chip;
159
160 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to HIGH",
161 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin);
162 gc->ops->set_direction(gc, pin, GPIO_DIR_OUT);
163 gc->ops->set_value(gc, pin, GPIO_LEVEL_HIGH);
164
165 if (gc->ops->get_value(gc, pin) != GPIO_LEVEL_HIGH) {
166 EMSG("Error setting POVDD to HIGH");
167 return TEE_ERROR_GENERIC;
168 }
169
170 /* TA_PROG_SFP ramp rate requires up to 5ms for stability */
171 mdelay(5);
172
173 /* Send SFP write command */
174 io_write32(sfp_ingr_va, SFP_INGR_PROGFB_CMD);
175
176 /* Wait until fuse programming is successful */
177 timeout = timeout_init_us(SFP_INGR_FUSE_TIMEOUT);
178 while (io_read32(sfp_ingr_va) & SFP_INGR_PROGFB_CMD) {
179 if (timeout_elapsed(timeout)) {
180 EMSG("SFP fusing timed out");
181 return TEE_ERROR_GENERIC;
182 }
183 }
184
185 /* Check for SFP fuse programming error */
186 if (io_read32(sfp_ingr_va) & SFP_INGR_ERROR_MASK) {
187 EMSG("Error writing SFP fuses");
188 return TEE_ERROR_GENERIC;
189 }
190
191 DMSG("Programmed fuse successfully");
192
193 /* Disable POVDD */
194 DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to LOW",
195 (uint32_t)gpio_info.gpio_chip.gpio_controller, pin);
196 gc->ops->set_value(gc, pin, GPIO_LEVEL_LOW);
197 gc->ops->set_direction(gc, pin, GPIO_DIR_IN);
198
199 return TEE_SUCCESS;
200 }
201
ls_sfp_read(struct ls_sfp_data * data)202 TEE_Result ls_sfp_read(struct ls_sfp_data *data)
203 {
204 if (!sfp_regs) {
205 EMSG("SFP driver not initialized");
206 return TEE_ERROR_GENERIC;
207 }
208
209 if (!data)
210 return TEE_ERROR_BAD_PARAMETERS;
211
212 data->ingr = io_read32((vaddr_t)&sfp_regs->ingr);
213 data->svhesr = io_read32((vaddr_t)&sfp_regs->svhesr);
214 data->sfpcr = io_read32((vaddr_t)&sfp_regs->sfpcr);
215 data->version = io_read32((vaddr_t)&sfp_regs->version);
216 data->ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
217 data->ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
218 data->dcvr0 = io_read32((vaddr_t)&sfp_regs->dcvr0);
219 data->dcvr1 = io_read32((vaddr_t)&sfp_regs->dcvr1);
220 data->drvr0 = io_read32((vaddr_t)&sfp_regs->drvr0);
221 data->drvr1 = io_read32((vaddr_t)&sfp_regs->drvr1);
222 data->fswpr = io_read32((vaddr_t)&sfp_regs->fswpr);
223 data->fuidr0 = io_read32((vaddr_t)&sfp_regs->fuidr0);
224 data->fuidr1 = io_read32((vaddr_t)&sfp_regs->fuidr1);
225 data->isbccr = io_read32((vaddr_t)&sfp_regs->isbccr);
226
227 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->fspfr); ++i)
228 data->fspfr[i] = io_read32((vaddr_t)&sfp_regs->fspfr[i]);
229
230 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->otpmkr); ++i)
231 data->otpmkr[i] = io_read32((vaddr_t)&sfp_regs->otpmkr[i]);
232
233 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->srkhr); ++i)
234 data->srkhr[i] = io_read32((vaddr_t)&sfp_regs->srkhr[i]);
235
236 for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->ouidr); ++i)
237 data->ouidr[i] = io_read32((vaddr_t)&sfp_regs->ouidr[i]);
238
239 return TEE_SUCCESS;
240 }
241
ls_sfp_get_debug_level(uint32_t * dblev)242 TEE_Result ls_sfp_get_debug_level(uint32_t *dblev)
243 {
244 if (!sfp_regs) {
245 EMSG("SFP driver not initialized");
246 return TEE_ERROR_GENERIC;
247 }
248
249 if (!dblev)
250 return TEE_ERROR_BAD_PARAMETERS;
251
252 *dblev = io_read32((vaddr_t)&sfp_regs->ospr1) & SFP_OSPR1_DBLEV_MASK;
253
254 return TEE_SUCCESS;
255 }
256
ls_sfp_get_its(uint32_t * its)257 TEE_Result ls_sfp_get_its(uint32_t *its)
258 {
259 if (!sfp_regs) {
260 EMSG("SFP driver not initialized");
261 return TEE_ERROR_GENERIC;
262 }
263
264 if (!its)
265 return TEE_ERROR_BAD_PARAMETERS;
266
267 *its = io_read32((vaddr_t)&sfp_regs->ospr0) & SFP_OSPR0_ITS;
268
269 return TEE_SUCCESS;
270 }
271
ls_sfp_get_ouid(uint32_t index,uint32_t * ouid)272 TEE_Result ls_sfp_get_ouid(uint32_t index, uint32_t *ouid)
273 {
274 if (!sfp_regs) {
275 EMSG("SFP driver not initialized");
276 return TEE_ERROR_GENERIC;
277 }
278
279 if (!ouid)
280 return TEE_ERROR_BAD_PARAMETERS;
281
282 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
283 DMSG("Index greater or equal to ouid: %"PRIu32" >= %zu",
284 index, ARRAY_SIZE(sfp_regs->ouidr));
285 return TEE_ERROR_BAD_PARAMETERS;
286 }
287
288 *ouid = io_read32((vaddr_t)&sfp_regs->ouidr[index]);
289
290 return TEE_SUCCESS;
291 }
292
ls_sfp_get_sb(uint32_t * sb)293 TEE_Result ls_sfp_get_sb(uint32_t *sb)
294 {
295 if (!sfp_regs) {
296 EMSG("SFP driver not initialized");
297 return TEE_ERROR_GENERIC;
298 }
299
300 if (!sb)
301 return TEE_ERROR_BAD_PARAMETERS;
302
303 *sb = io_read32((vaddr_t)&sfp_regs->sfpcr) & SFP_SFPCR_SB;
304
305 return TEE_SUCCESS;
306 }
307
ls_sfp_get_srkh(uint32_t index,uint32_t * srkh)308 TEE_Result ls_sfp_get_srkh(uint32_t index, uint32_t *srkh)
309 {
310 if (!sfp_regs) {
311 EMSG("SFP driver not initialized");
312 return TEE_ERROR_GENERIC;
313 }
314
315 if (!srkh)
316 return TEE_ERROR_BAD_PARAMETERS;
317
318 if (index >= ARRAY_SIZE(sfp_regs->srkhr)) {
319 DMSG("Index greater or equal to srkhr: %"PRIu32" >= %zu",
320 index, ARRAY_SIZE(sfp_regs->srkhr));
321 return TEE_ERROR_BAD_PARAMETERS;
322 }
323
324 *srkh = io_read32((vaddr_t)&sfp_regs->srkhr[index]);
325
326 return TEE_SUCCESS;
327 }
328
ls_sfp_set_debug_level(uint32_t dblev)329 TEE_Result ls_sfp_set_debug_level(uint32_t dblev)
330 {
331 uint32_t ospr1 = 0;
332
333 if (!sfp_regs) {
334 EMSG("SFP driver not initialized");
335 return TEE_ERROR_GENERIC;
336 }
337
338 if (!dblev)
339 return TEE_SUCCESS;
340
341 ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
342 if (ospr1 & SFP_OSPR1_DBLEV_MASK) {
343 DMSG("Debug level has already been fused");
344 return TEE_ERROR_SECURITY;
345 }
346
347 io_write32((vaddr_t)&sfp_regs->ospr1, ospr1 | dblev);
348
349 return ls_sfp_program_fuses();
350 }
351
ls_sfp_set_its_wp(void)352 TEE_Result ls_sfp_set_its_wp(void)
353 {
354 uint32_t ospr0 = 0;
355
356 if (!sfp_regs) {
357 EMSG("SFP driver not initialized");
358 return TEE_ERROR_GENERIC;
359 }
360
361 ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
362 if (ospr0 & (SFP_OSPR0_WP | SFP_OSPR0_ITS)) {
363 DMSG("SFP is already fused");
364 return TEE_ERROR_SECURITY;
365 }
366
367 ospr0 |= SFP_OSPR0_WP | SFP_OSPR0_ITS;
368 io_write32((vaddr_t)&sfp_regs->ospr0, ospr0);
369
370 return ls_sfp_program_fuses();
371 }
372
ls_sfp_set_ouid(uint32_t index,uint32_t ouid)373 TEE_Result ls_sfp_set_ouid(uint32_t index, uint32_t ouid)
374 {
375 if (!sfp_regs) {
376 EMSG("SFP driver not initialized");
377 return TEE_ERROR_GENERIC;
378 }
379
380 if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
381 DMSG("Index greater or equal to ouid: %"PRIu32" >= %"PRIu32,
382 index, ARRAY_SIZE(sfp_regs->ouidr));
383 return TEE_ERROR_BAD_PARAMETERS;
384 }
385
386 io_write32((vaddr_t)&sfp_regs->ouidr[index], ouid);
387
388 return ls_sfp_program_fuses();
389 }
390
ls_sfp_status(void)391 TEE_Result ls_sfp_status(void)
392 {
393 if (!sfp_regs)
394 return TEE_ERROR_GENERIC;
395
396 return TEE_SUCCESS;
397 }
398
399 driver_init(ls_sfp_init);
400