1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright 2022 Microsoft
4  *
5  * Driver for the NXP LX2160A-series Security Fuse Processor (SFP).
6  */
7 
8 #include <assert.h>
9 #include <drivers/ls_sfp.h>
10 #include <io.h>
11 #include <kernel/boot.h>
12 #include <kernel/delay.h>
13 #include <kernel/dt.h>
14 #include <kernel/panic.h>
15 #include <kernel/tee_time.h>
16 #include <libfdt.h>
17 #include <mm/core_memprot.h>
18 #include <util.h>
19 
20 /**
21  * struct ls_sfp_registers - Memory map of the SFP registers.
22  * @rsvd0[0x8]:		Reserved.
23  * @ingr:		Instruction Register.
24  * @svhesr:		Secret Value Hamming Error Status Registers.
25  * @sfpcr:		SFP Configuration Register.
26  * @rsvd1[0x3]:		Reserved.
27  * @version:		SFP Version Register.
28  * @rsvd2[0x71]:	Reserved.
29  * @ospr0:		OEM Security Policy Register 0.
30  * @ospr1:		OEM Security Policy Register 1.
31  * @dcvr0:		Debug Challenge Value Register 0.
32  * @dcvr1:		Debug Challenge Value Register 1.
33  * @drvr0:		Debug Response Value Register 0.
34  * @drvr1:		Debug Response Value Register 1
35  * @fswpr:		Factory Section Write Protect Register.
36  * @fuidr0:		Factory Unique ID Register 0.
37  * @fuidr1:		Factory Unique ID Register 1.
38  * @isbccr:		ISBC Configuration Register.
39  * @fspfr[0x3]:		Factory Scratch Pad Fuse Registers.
40  * @otpmkr[0x8]:	One Time Programmable Master Key.
41  * @srkhr[0x8]:		Super Root Key Hash.
42  * @ouidr[0x5]:		OEM Unique ID Scratch Pad Fuse Registers.
43  */
44 static struct ls_sfp_registers {
45 	uint32_t rsvd0[0x8];	/* 0x000 */
46 	uint32_t ingr;		/* 0x020 */
47 	uint32_t svhesr;	/* 0x024 */
48 	uint32_t sfpcr;		/* 0x028 */
49 	uint32_t rsvd1[0x3];	/* 0x02C */
50 	uint32_t version;	/* 0x038 */
51 	uint32_t rsvd2[0x71];	/* 0x03C */
52 	uint32_t ospr0;		/* 0x200 */
53 	uint32_t ospr1;		/* 0x204 */
54 	uint32_t dcvr0;		/* 0x208 */
55 	uint32_t dcvr1;		/* 0x20C */
56 	uint32_t drvr0;		/* 0x210 */
57 	uint32_t drvr1;		/* 0x214 */
58 	uint32_t fswpr;		/* 0x218 */
59 	uint32_t fuidr0;	/* 0x21C */
60 	uint32_t fuidr1;	/* 0x220 */
61 	uint32_t isbccr;	/* 0x224 */
62 	uint32_t fspfr[0x3];	/* 0x228 */
63 	uint32_t otpmkr[0x8];	/* 0x234 */
64 	uint32_t srkhr[0x8];	/* 0x254 */
65 	uint32_t ouidr[0x5];	/* 0x274 */
66 } *sfp_regs;
67 
68 /**
69  * struct ls_gpio_info - Data struct containing GPIO specific information.
70  * @gpio_pin:		GPIO pin number.
71  * @gpio_chip:	GPIO controller instance data.
72  */
73 static struct ls_gpio_info {
74 	uint32_t gpio_pin;
75 	struct ls_gpio_chip_data gpio_chip;
76 } gpio_info;
77 
78 /**
79  * ls_sfp_init() - Get SFP info from the embedded device tree and initialize
80  *		   sfp_regs and gpio_info.
81  *
82  * Return:	TEE_SUCCESS or > 0 on error.
83  */
ls_sfp_init(void)84 static TEE_Result ls_sfp_init(void)
85 {
86 	size_t size = 0;
87 	int node = 0;
88 	int rc = 0;
89 	int povdd_node = 0;
90 	int prop_len = 0;
91 	vaddr_t ctrl_base = 0;
92 	struct ls_gpio_chip_data *gc = NULL;
93 	const char *fdt_prop_gpio = "povdd-gpio-controller";
94 	const char *fdt_prop_pin = "povdd-gpio-pin";
95 	const fdt32_t *gpio_val = NULL;
96 	const fdt32_t *pin_val = NULL;
97 	void *fdt = get_embedded_dt();
98 
99 	if (!fdt) {
100 		EMSG("Unable to get the Embedded DTB, SFP init failed");
101 		return TEE_ERROR_GENERIC;
102 	}
103 
104 	node = fdt_node_offset_by_compatible(fdt, node, "fsl,lx2160a-sfp");
105 	if (node <= 0) {
106 		EMSG("Unable to find SFP FDT node - rc = 0x%#"PRIx32, rc);
107 		return TEE_ERROR_ITEM_NOT_FOUND;
108 	}
109 
110 	rc = dt_map_dev(fdt, node, &ctrl_base, &size);
111 	if (rc < 0) {
112 		EMSG("Unable to get SFP virtual address - rc = 0x%#"PRIx32, rc);
113 		return TEE_ERROR_GENERIC;
114 	}
115 
116 	povdd_node = fdt_path_offset(fdt, "/povdd");
117 	if (povdd_node <= 0) {
118 		EMSG("Unable to find POVDD FDT node - rc = 0x%#"PRIx32,
119 		     povdd_node);
120 		return TEE_ERROR_ITEM_NOT_FOUND;
121 	}
122 
123 	sfp_regs = (struct ls_sfp_registers *)ctrl_base;
124 
125 	gpio_val = fdt_getprop(fdt, povdd_node, fdt_prop_gpio, &prop_len);
126 	if (!gpio_val) {
127 		EMSG("Missing %s from POVDD FDT node", fdt_prop_gpio);
128 		return TEE_ERROR_ITEM_NOT_FOUND;
129 	}
130 
131 	pin_val = fdt_getprop(fdt, povdd_node, fdt_prop_pin, &prop_len);
132 	if (!pin_val) {
133 		EMSG("Missing %s from POVDD FDT node", fdt_prop_pin);
134 		return TEE_ERROR_ITEM_NOT_FOUND;
135 	}
136 
137 	gc = &gpio_info.gpio_chip;
138 	gc->gpio_controller = (uint8_t)fdt32_to_cpu(*gpio_val);
139 	gpio_info.gpio_pin = fdt32_to_cpu(*pin_val);
140 
141 	return ls_gpio_init(gc);
142 }
143 
144 /**
145  * ls_sfp_program_fuses() - Write to fuses and verify that the correct value was
146  *			    written.
147  *
148  * Return:	TEE_SUCCESS or > 0 on error.
149  */
ls_sfp_program_fuses(void)150 static TEE_Result ls_sfp_program_fuses(void)
151 {
152 	struct gpio_chip *gc = NULL;
153 	uint32_t pin = gpio_info.gpio_pin;
154 	vaddr_t sfp_ingr_va = (vaddr_t)&sfp_regs->ingr;
155 	uint64_t timeout = 0;
156 
157 	/* Enable POVDD */
158 	gc = &gpio_info.gpio_chip.chip;
159 
160 	DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to HIGH",
161 	     (uint32_t)gpio_info.gpio_chip.gpio_controller, pin);
162 	gc->ops->set_direction(gc, pin, GPIO_DIR_OUT);
163 	gc->ops->set_value(gc, pin, GPIO_LEVEL_HIGH);
164 
165 	if (gc->ops->get_value(gc, pin) != GPIO_LEVEL_HIGH) {
166 		EMSG("Error setting POVDD to HIGH");
167 		return TEE_ERROR_GENERIC;
168 	}
169 
170 	/* TA_PROG_SFP ramp rate requires up to 5ms for stability */
171 	mdelay(5);
172 
173 	/* Send SFP write command */
174 	io_write32(sfp_ingr_va, SFP_INGR_PROGFB_CMD);
175 
176 	/* Wait until fuse programming is successful */
177 	timeout = timeout_init_us(SFP_INGR_FUSE_TIMEOUT);
178 	while (io_read32(sfp_ingr_va) & SFP_INGR_PROGFB_CMD) {
179 		if (timeout_elapsed(timeout)) {
180 			EMSG("SFP fusing timed out");
181 			return TEE_ERROR_GENERIC;
182 		}
183 	}
184 
185 	/* Check for SFP fuse programming error */
186 	if (io_read32(sfp_ingr_va) & SFP_INGR_ERROR_MASK) {
187 		EMSG("Error writing SFP fuses");
188 		return TEE_ERROR_GENERIC;
189 	}
190 
191 	DMSG("Programmed fuse successfully");
192 
193 	/* Disable POVDD */
194 	DMSG("Set GPIO %"PRIu32" pin %"PRIu32" to LOW",
195 	     (uint32_t)gpio_info.gpio_chip.gpio_controller, pin);
196 	gc->ops->set_value(gc, pin, GPIO_LEVEL_LOW);
197 	gc->ops->set_direction(gc, pin, GPIO_DIR_IN);
198 
199 	return TEE_SUCCESS;
200 }
201 
ls_sfp_read(struct ls_sfp_data * data)202 TEE_Result ls_sfp_read(struct ls_sfp_data *data)
203 {
204 	if (!sfp_regs) {
205 		EMSG("SFP driver not initialized");
206 		return TEE_ERROR_GENERIC;
207 	}
208 
209 	if (!data)
210 		return TEE_ERROR_BAD_PARAMETERS;
211 
212 	data->ingr = io_read32((vaddr_t)&sfp_regs->ingr);
213 	data->svhesr = io_read32((vaddr_t)&sfp_regs->svhesr);
214 	data->sfpcr = io_read32((vaddr_t)&sfp_regs->sfpcr);
215 	data->version = io_read32((vaddr_t)&sfp_regs->version);
216 	data->ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
217 	data->ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
218 	data->dcvr0 = io_read32((vaddr_t)&sfp_regs->dcvr0);
219 	data->dcvr1 = io_read32((vaddr_t)&sfp_regs->dcvr1);
220 	data->drvr0 = io_read32((vaddr_t)&sfp_regs->drvr0);
221 	data->drvr1 = io_read32((vaddr_t)&sfp_regs->drvr1);
222 	data->fswpr = io_read32((vaddr_t)&sfp_regs->fswpr);
223 	data->fuidr0 = io_read32((vaddr_t)&sfp_regs->fuidr0);
224 	data->fuidr1 = io_read32((vaddr_t)&sfp_regs->fuidr1);
225 	data->isbccr = io_read32((vaddr_t)&sfp_regs->isbccr);
226 
227 	for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->fspfr); ++i)
228 		data->fspfr[i] = io_read32((vaddr_t)&sfp_regs->fspfr[i]);
229 
230 	for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->otpmkr); ++i)
231 		data->otpmkr[i] = io_read32((vaddr_t)&sfp_regs->otpmkr[i]);
232 
233 	for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->srkhr); ++i)
234 		data->srkhr[i] = io_read32((vaddr_t)&sfp_regs->srkhr[i]);
235 
236 	for (uint32_t i = 0; i < ARRAY_SIZE(sfp_regs->ouidr); ++i)
237 		data->ouidr[i] = io_read32((vaddr_t)&sfp_regs->ouidr[i]);
238 
239 	return TEE_SUCCESS;
240 }
241 
ls_sfp_get_debug_level(uint32_t * dblev)242 TEE_Result ls_sfp_get_debug_level(uint32_t *dblev)
243 {
244 	if (!sfp_regs) {
245 		EMSG("SFP driver not initialized");
246 		return TEE_ERROR_GENERIC;
247 	}
248 
249 	if (!dblev)
250 		return TEE_ERROR_BAD_PARAMETERS;
251 
252 	*dblev = io_read32((vaddr_t)&sfp_regs->ospr1) & SFP_OSPR1_DBLEV_MASK;
253 
254 	return TEE_SUCCESS;
255 }
256 
ls_sfp_get_its(uint32_t * its)257 TEE_Result ls_sfp_get_its(uint32_t *its)
258 {
259 	if (!sfp_regs) {
260 		EMSG("SFP driver not initialized");
261 		return TEE_ERROR_GENERIC;
262 	}
263 
264 	if (!its)
265 		return TEE_ERROR_BAD_PARAMETERS;
266 
267 	*its = io_read32((vaddr_t)&sfp_regs->ospr0) & SFP_OSPR0_ITS;
268 
269 	return TEE_SUCCESS;
270 }
271 
ls_sfp_get_ouid(uint32_t index,uint32_t * ouid)272 TEE_Result ls_sfp_get_ouid(uint32_t index, uint32_t *ouid)
273 {
274 	if (!sfp_regs) {
275 		EMSG("SFP driver not initialized");
276 		return TEE_ERROR_GENERIC;
277 	}
278 
279 	if (!ouid)
280 		return TEE_ERROR_BAD_PARAMETERS;
281 
282 	if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
283 		DMSG("Index greater or equal to ouid: %"PRIu32" >= %zu",
284 		     index, ARRAY_SIZE(sfp_regs->ouidr));
285 		return TEE_ERROR_BAD_PARAMETERS;
286 	}
287 
288 	*ouid = io_read32((vaddr_t)&sfp_regs->ouidr[index]);
289 
290 	return TEE_SUCCESS;
291 }
292 
ls_sfp_get_sb(uint32_t * sb)293 TEE_Result ls_sfp_get_sb(uint32_t *sb)
294 {
295 	if (!sfp_regs) {
296 		EMSG("SFP driver not initialized");
297 		return TEE_ERROR_GENERIC;
298 	}
299 
300 	if (!sb)
301 		return TEE_ERROR_BAD_PARAMETERS;
302 
303 	*sb = io_read32((vaddr_t)&sfp_regs->sfpcr) & SFP_SFPCR_SB;
304 
305 	return TEE_SUCCESS;
306 }
307 
ls_sfp_get_srkh(uint32_t index,uint32_t * srkh)308 TEE_Result ls_sfp_get_srkh(uint32_t index, uint32_t *srkh)
309 {
310 	if (!sfp_regs) {
311 		EMSG("SFP driver not initialized");
312 		return TEE_ERROR_GENERIC;
313 	}
314 
315 	if (!srkh)
316 		return TEE_ERROR_BAD_PARAMETERS;
317 
318 	if (index >= ARRAY_SIZE(sfp_regs->srkhr)) {
319 		DMSG("Index greater or equal to srkhr: %"PRIu32" >= %zu",
320 		     index, ARRAY_SIZE(sfp_regs->srkhr));
321 		return TEE_ERROR_BAD_PARAMETERS;
322 	}
323 
324 	*srkh = io_read32((vaddr_t)&sfp_regs->srkhr[index]);
325 
326 	return TEE_SUCCESS;
327 }
328 
ls_sfp_set_debug_level(uint32_t dblev)329 TEE_Result ls_sfp_set_debug_level(uint32_t dblev)
330 {
331 	uint32_t ospr1 = 0;
332 
333 	if (!sfp_regs) {
334 		EMSG("SFP driver not initialized");
335 		return TEE_ERROR_GENERIC;
336 	}
337 
338 	if (!dblev)
339 		return TEE_SUCCESS;
340 
341 	ospr1 = io_read32((vaddr_t)&sfp_regs->ospr1);
342 	if (ospr1 & SFP_OSPR1_DBLEV_MASK) {
343 		DMSG("Debug level has already been fused");
344 		return TEE_ERROR_SECURITY;
345 	}
346 
347 	io_write32((vaddr_t)&sfp_regs->ospr1, ospr1 | dblev);
348 
349 	return ls_sfp_program_fuses();
350 }
351 
ls_sfp_set_its_wp(void)352 TEE_Result ls_sfp_set_its_wp(void)
353 {
354 	uint32_t ospr0 = 0;
355 
356 	if (!sfp_regs) {
357 		EMSG("SFP driver not initialized");
358 		return TEE_ERROR_GENERIC;
359 	}
360 
361 	ospr0 = io_read32((vaddr_t)&sfp_regs->ospr0);
362 	if (ospr0 & (SFP_OSPR0_WP | SFP_OSPR0_ITS)) {
363 		DMSG("SFP is already fused");
364 		return TEE_ERROR_SECURITY;
365 	}
366 
367 	ospr0 |= SFP_OSPR0_WP | SFP_OSPR0_ITS;
368 	io_write32((vaddr_t)&sfp_regs->ospr0, ospr0);
369 
370 	return ls_sfp_program_fuses();
371 }
372 
ls_sfp_set_ouid(uint32_t index,uint32_t ouid)373 TEE_Result ls_sfp_set_ouid(uint32_t index, uint32_t ouid)
374 {
375 	if (!sfp_regs) {
376 		EMSG("SFP driver not initialized");
377 		return TEE_ERROR_GENERIC;
378 	}
379 
380 	if (index >= ARRAY_SIZE(sfp_regs->ouidr)) {
381 		DMSG("Index greater or equal to ouid: %"PRIu32" >= %"PRIu32,
382 		     index, ARRAY_SIZE(sfp_regs->ouidr));
383 		return TEE_ERROR_BAD_PARAMETERS;
384 	}
385 
386 	io_write32((vaddr_t)&sfp_regs->ouidr[index], ouid);
387 
388 	return ls_sfp_program_fuses();
389 }
390 
ls_sfp_status(void)391 TEE_Result ls_sfp_status(void)
392 {
393 	if (!sfp_regs)
394 		return TEE_ERROR_GENERIC;
395 
396 	return TEE_SUCCESS;
397 }
398 
399 driver_init(ls_sfp_init);
400