1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3  * Copyright (c) 2017-2021, STMicroelectronics
4  */
5 
6 #include <assert.h>
7 #include <config.h>
8 #include <drivers/stm32_bsec.h>
9 #include <io.h>
10 #include <kernel/delay.h>
11 #include <kernel/dt.h>
12 #include <kernel/boot.h>
13 #include <kernel/pm.h>
14 #include <kernel/spinlock.h>
15 #include <libfdt.h>
16 #include <limits.h>
17 #include <mm/core_memprot.h>
18 #include <platform_config.h>
19 #include <stm32_util.h>
20 #include <string.h>
21 #include <tee_api_defines.h>
22 #include <types_ext.h>
23 #include <util.h>
24 
25 #ifdef CFG_STM32MP13
26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec"
27 #endif
28 #ifdef CFG_STM32MP15
29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec"
30 #endif
31 
32 #define BSEC_OTP_MASK			GENMASK_32(4, 0)
33 #define BSEC_OTP_BANK_SHIFT		U(5)
34 
35 /* Permanent lock bitmasks */
36 #define DATA_LOWER_OTP_PERLOCK_BIT	U(3)
37 #define DATA_UPPER_OTP_PERLOCK_BIT	U(1)
38 
39 /* BSEC register offset */
40 #define BSEC_OTP_CONF_OFF		U(0x000)
41 #define BSEC_OTP_CTRL_OFF		U(0x004)
42 #define BSEC_OTP_WRDATA_OFF		U(0x008)
43 #define BSEC_OTP_STATUS_OFF		U(0x00C)
44 #define BSEC_OTP_LOCK_OFF		U(0x010)
45 #define BSEC_DEN_OFF			U(0x014)
46 #define BSEC_FEN_OFF			U(0x018)
47 #define BSEC_DISTURBED_OFF		U(0x01C)
48 #define BSEC_DISTURBED1_OFF		U(0x020)
49 #define BSEC_DISTURBED2_OFF		U(0x024)
50 #define BSEC_ERROR_OFF			U(0x034)
51 #define BSEC_ERROR1_OFF			U(0x038)
52 #define BSEC_ERROR2_OFF			U(0x03C)
53 #define BSEC_WRLOCK_OFF			U(0x04C)
54 #define BSEC_WRLOCK1_OFF		U(0x050)
55 #define BSEC_WRLOCK2_OFF		U(0x054)
56 #define BSEC_SPLOCK_OFF			U(0x064)
57 #define BSEC_SPLOCK1_OFF		U(0x068)
58 #define BSEC_SPLOCK2_OFF		U(0x06C)
59 #define BSEC_SWLOCK_OFF			U(0x07C)
60 #define BSEC_SWLOCK1_OFF		U(0x080)
61 #define BSEC_SWLOCK2_OFF		U(0x084)
62 #define BSEC_SRLOCK_OFF			U(0x094)
63 #define BSEC_SRLOCK1_OFF		U(0x098)
64 #define BSEC_SRLOCK2_OFF		U(0x09C)
65 #define BSEC_JTAG_IN_OFF		U(0x0AC)
66 #define BSEC_JTAG_OUT_OFF		U(0x0B0)
67 #define BSEC_SCRATCH_OFF		U(0x0B4)
68 #define BSEC_OTP_DATA_OFF		U(0x200)
69 #define BSEC_IPHW_CFG_OFF		U(0xFF0)
70 #define BSEC_IPVR_OFF			U(0xFF4)
71 #define BSEC_IP_ID_OFF			U(0xFF8)
72 #define BSEC_IP_MAGIC_ID_OFF		U(0xFFC)
73 
74 /* BSEC_CONFIGURATION Register */
75 #define BSEC_CONF_POWER_UP_MASK		BIT(0)
76 #define BSEC_CONF_POWER_UP_SHIFT	U(0)
77 #define BSEC_CONF_FRQ_MASK		GENMASK_32(2, 1)
78 #define BSEC_CONF_FRQ_SHIFT		U(1)
79 #define BSEC_CONF_PRG_WIDTH_MASK	GENMASK_32(6, 3)
80 #define BSEC_CONF_PRG_WIDTH_SHIFT	U(3)
81 #define BSEC_CONF_TREAD_MASK		GENMASK_32(8, 7)
82 #define BSEC_CONF_TREAD_SHIFT		U(7)
83 
84 /* BSEC_CONTROL Register */
85 #define BSEC_READ			U(0x000)
86 #define BSEC_WRITE			U(0x100)
87 #define BSEC_LOCK			U(0x200)
88 
89 /* BSEC_STATUS Register */
90 #define BSEC_MODE_SECURED		BIT(0)
91 #define BSEC_MODE_INVALID		BIT(2)
92 #define BSEC_MODE_BUSY			BIT(3)
93 #define BSEC_MODE_PROGFAIL		BIT(4)
94 #define BSEC_MODE_PWR			BIT(5)
95 #define BSEC_MODE_CLOSED		BIT(8)
96 
97 /*
98  * OTP Lock services definition
99  * Value must corresponding to the bit position in the register
100  */
101 #define BSEC_LOCK_UPPER_OTP		U(0x00)
102 #define BSEC_LOCK_DEBUG			U(0x02)
103 #define BSEC_LOCK_PROGRAM		U(0x04)
104 
105 /* Timeout when polling on status */
106 #define BSEC_TIMEOUT_US			U(10000)
107 
108 struct bsec_dev {
109 	struct io_pa_va base;
110 	unsigned int upper_base;
111 	unsigned int max_id;
112 	uint32_t *nsec_access;
113 };
114 
115 /* Only 1 instance of BSEC is expected per platform */
116 static struct bsec_dev bsec_dev;
117 
118 /* BSEC access protection */
119 static unsigned int lock = SPINLOCK_UNLOCK;
120 
bsec_lock(void)121 static uint32_t bsec_lock(void)
122 {
123 	return may_spin_lock(&lock);
124 }
125 
bsec_unlock(uint32_t exceptions)126 static void bsec_unlock(uint32_t exceptions)
127 {
128 	may_spin_unlock(&lock, exceptions);
129 }
130 
otp_max_id(void)131 static uint32_t otp_max_id(void)
132 {
133 	return bsec_dev.max_id;
134 }
135 
otp_upper_base(void)136 static uint32_t otp_upper_base(void)
137 {
138 	return bsec_dev.upper_base;
139 }
140 
otp_bank_offset(uint32_t otp_id)141 static uint32_t otp_bank_offset(uint32_t otp_id)
142 {
143 	assert(otp_id <= otp_max_id());
144 
145 	return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
146 		sizeof(uint32_t);
147 }
148 
bsec_base(void)149 static vaddr_t bsec_base(void)
150 {
151 	return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1);
152 }
153 
bsec_status(void)154 static uint32_t bsec_status(void)
155 {
156 	return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
157 }
158 
state_is_invalid_mode(void)159 static bool state_is_invalid_mode(void)
160 {
161 	return bsec_status() & BSEC_MODE_INVALID;
162 }
163 
state_is_secured_mode(void)164 static bool state_is_secured_mode(void)
165 {
166 	return bsec_status() & BSEC_MODE_SECURED;
167 }
168 
state_is_closed_mode(void)169 static bool state_is_closed_mode(void)
170 {
171 	uint32_t otp_cfg = 0;
172 	uint32_t close_mode = 0;
173 	TEE_Result res = TEE_ERROR_GENERIC;
174 
175 	if (IS_ENABLED(CFG_STM32MP13))
176 		return bsec_status() & BSEC_MODE_CLOSED;
177 
178 	res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg, NULL);
179 	if (res)
180 		panic("CFG0 OTP not found");
181 
182 	if (stm32_bsec_read_otp(&close_mode, otp_cfg))
183 		panic("Unable to read OTP");
184 
185 	return close_mode & CFG0_OTP_CLOSED_DEVICE;
186 }
187 
188 /*
189  * Check that BSEC interface does not report an error
190  * @otp_id : OTP number
191  * @check_disturbed: check only error (false) or all sources (true)
192  * Return a TEE_Result compliant value
193  */
check_no_error(uint32_t otp_id,bool check_disturbed)194 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
195 {
196 	uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
197 	uint32_t bank = otp_bank_offset(otp_id);
198 
199 	if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
200 		return TEE_ERROR_GENERIC;
201 
202 	if (check_disturbed &&
203 	    io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
204 		return TEE_ERROR_GENERIC;
205 
206 	return TEE_SUCCESS;
207 }
208 
power_up_safmem(void)209 static TEE_Result power_up_safmem(void)
210 {
211 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
212 
213 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
214 		  BSEC_CONF_POWER_UP_MASK);
215 
216 	/*
217 	 * If a timeout is detected, test the condition again to consider
218 	 * cases where timeout is due to the executing TEE thread rescheduling.
219 	 */
220 	while (!timeout_elapsed(timeout_ref))
221 		if (bsec_status() & BSEC_MODE_PWR)
222 			break;
223 
224 	if (bsec_status() & BSEC_MODE_PWR)
225 		return TEE_SUCCESS;
226 
227 	return TEE_ERROR_GENERIC;
228 }
229 
power_down_safmem(void)230 static TEE_Result power_down_safmem(void)
231 {
232 	uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
233 
234 	io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
235 
236 	/*
237 	 * If a timeout is detected, test the condition again to consider
238 	 * cases where timeout is due to the executing TEE thread rescheduling.
239 	 */
240 	while (!timeout_elapsed(timeout_ref))
241 		if (!(bsec_status() & BSEC_MODE_PWR))
242 			break;
243 
244 	if (!(bsec_status() & BSEC_MODE_PWR))
245 		return TEE_SUCCESS;
246 
247 	return TEE_ERROR_GENERIC;
248 }
249 
stm32_bsec_shadow_register(uint32_t otp_id)250 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
251 {
252 	TEE_Result result = 0;
253 	uint32_t exceptions = 0;
254 	uint64_t timeout_ref = 0;
255 	bool locked = false;
256 
257 	/* Check if shadowing of OTP is locked, informative only */
258 	result = stm32_bsec_read_sr_lock(otp_id, &locked);
259 	if (result)
260 		return result;
261 
262 	if (locked)
263 		DMSG("BSEC shadow warning: OTP locked");
264 
265 	if (state_is_invalid_mode())
266 		return TEE_ERROR_SECURITY;
267 
268 	exceptions = bsec_lock();
269 
270 	result = power_up_safmem();
271 	if (result)
272 		goto out;
273 
274 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
275 
276 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
277 	while (!timeout_elapsed(timeout_ref))
278 		if (!(bsec_status() & BSEC_MODE_BUSY))
279 			break;
280 
281 	if (bsec_status() & BSEC_MODE_BUSY)
282 		result = TEE_ERROR_BUSY;
283 	else
284 		result = check_no_error(otp_id, true /* check-disturbed */);
285 
286 	power_down_safmem();
287 
288 out:
289 	bsec_unlock(exceptions);
290 
291 	return result;
292 }
293 
stm32_bsec_read_otp(uint32_t * value,uint32_t otp_id)294 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
295 {
296 	if (otp_id > otp_max_id())
297 		return TEE_ERROR_BAD_PARAMETERS;
298 
299 	if (state_is_invalid_mode())
300 		return TEE_ERROR_SECURITY;
301 
302 	*value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
303 			   (otp_id * sizeof(uint32_t)));
304 
305 	return TEE_SUCCESS;
306 }
307 
stm32_bsec_shadow_read_otp(uint32_t * otp_value,uint32_t otp_id)308 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
309 {
310 	TEE_Result result = 0;
311 
312 	result = stm32_bsec_shadow_register(otp_id);
313 	if (result) {
314 		EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
315 		return result;
316 	}
317 
318 	result = stm32_bsec_read_otp(otp_value, otp_id);
319 	if (result)
320 		EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
321 
322 	return result;
323 }
324 
stm32_bsec_write_otp(uint32_t value,uint32_t otp_id)325 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
326 {
327 	TEE_Result result = 0;
328 	uint32_t exceptions = 0;
329 	vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
330 	bool locked = false;
331 
332 	/* Check if write of OTP is locked, informative only */
333 	result = stm32_bsec_read_sw_lock(otp_id, &locked);
334 	if (result)
335 		return result;
336 
337 	if (locked)
338 		DMSG("BSEC write warning: OTP locked");
339 
340 	if (state_is_invalid_mode())
341 		return TEE_ERROR_SECURITY;
342 
343 	exceptions = bsec_lock();
344 
345 	io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
346 
347 	bsec_unlock(exceptions);
348 
349 	return TEE_SUCCESS;
350 }
351 
352 #ifdef CFG_STM32_BSEC_WRITE
stm32_bsec_program_otp(uint32_t value,uint32_t otp_id)353 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
354 {
355 	TEE_Result result = 0;
356 	uint32_t exceptions = 0;
357 	uint64_t timeout_ref = 0;
358 	bool locked = false;
359 
360 	/* Check if shadowing of OTP is locked, informative only */
361 	result = stm32_bsec_read_sp_lock(otp_id, &locked);
362 	if (result)
363 		return result;
364 
365 	if (locked)
366 		DMSG("BSEC program warning: OTP locked");
367 
368 	if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
369 		DMSG("BSEC program warning: GPLOCK activated");
370 
371 	if (state_is_invalid_mode())
372 		return TEE_ERROR_SECURITY;
373 
374 	exceptions = bsec_lock();
375 
376 	result = power_up_safmem();
377 	if (result)
378 		goto out;
379 
380 	io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
381 	io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
382 
383 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
384 	while (!timeout_elapsed(timeout_ref))
385 		if (!(bsec_status() & BSEC_MODE_BUSY))
386 			break;
387 
388 	if (bsec_status() & BSEC_MODE_BUSY)
389 		result = TEE_ERROR_BUSY;
390 	else if (bsec_status() & BSEC_MODE_PROGFAIL)
391 		result = TEE_ERROR_BAD_PARAMETERS;
392 	else
393 		result = check_no_error(otp_id, true /* check-disturbed */);
394 
395 	power_down_safmem();
396 
397 out:
398 	bsec_unlock(exceptions);
399 
400 	return result;
401 }
402 #endif /*CFG_STM32_BSEC_WRITE*/
403 
stm32_bsec_permanent_lock_otp(uint32_t otp_id)404 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
405 {
406 	TEE_Result result = 0;
407 	uint32_t data = 0;
408 	uint32_t addr = 0;
409 	uint32_t exceptions = 0;
410 	vaddr_t base = bsec_base();
411 	uint64_t timeout_ref = 0;
412 	uint32_t upper_base = otp_upper_base();
413 
414 	if (otp_id > otp_max_id())
415 		return TEE_ERROR_BAD_PARAMETERS;
416 
417 	/*
418 	 * 2 bits per words for lower OTPs: 2:1 Redundancy
419 	 * 1 bit per word for upper OTPs : ECC support
420 	 * e.g with 32 lower and 64 upper OTPs:
421 	 * OTP word to be    ADDR[6:0]   WRDATA[31:0]
422 	 *     locked
423 	 *       0             0x00      0x0000 0003
424 	 *       1             0x00      0x0000 000C
425 	 *      ...             ...              ...
426 	 *       7             0x00      0x0000 C000
427 	 *       8             0x01      0x0000 0003
428 	 *      ...             ...              ...
429 	 *      31             0x03      0x0000 C000
430 	 *      32             0x04      0x0000 0001
431 	 *      33             0x04      0x0000 0002
432 	 *      95             0x07      0x0000 8000
433 	 */
434 	if (otp_id < upper_base) {
435 		addr = otp_id / 8U;
436 		data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF);
437 	} else {
438 		addr = upper_base / 8U + (otp_id - upper_base) / 16U;
439 		data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF);
440 	}
441 
442 	if (state_is_invalid_mode())
443 		return TEE_ERROR_SECURITY;
444 
445 	exceptions = bsec_lock();
446 
447 	result = power_up_safmem();
448 	if (result)
449 		goto out;
450 
451 	io_write32(base + BSEC_OTP_WRDATA_OFF, data);
452 	io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
453 
454 	timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
455 	while (!timeout_elapsed(timeout_ref))
456 		if (!(bsec_status() & BSEC_MODE_BUSY))
457 			break;
458 
459 	if (bsec_status() & BSEC_MODE_BUSY)
460 		result = TEE_ERROR_BUSY;
461 	else if (bsec_status() & BSEC_MODE_PROGFAIL)
462 		result = TEE_ERROR_BAD_PARAMETERS;
463 	else
464 		result = check_no_error(otp_id, false /* not-disturbed */);
465 
466 #ifdef CFG_STM32MP13
467 	io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK);
468 #endif
469 
470 	power_down_safmem();
471 
472 out:
473 	bsec_unlock(exceptions);
474 
475 	return result;
476 }
477 
stm32_bsec_write_debug_conf(uint32_t value)478 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
479 {
480 	TEE_Result result = TEE_ERROR_GENERIC;
481 	uint32_t exceptions = 0;
482 
483 	if (state_is_invalid_mode())
484 		return TEE_ERROR_SECURITY;
485 
486 	exceptions = bsec_lock();
487 
488 	io_write32(bsec_base() + BSEC_DEN_OFF, value);
489 
490 	if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ value) == 0U)
491 		result = TEE_SUCCESS;
492 
493 	bsec_unlock(exceptions);
494 
495 	return result;
496 }
497 
stm32_bsec_read_debug_conf(void)498 uint32_t stm32_bsec_read_debug_conf(void)
499 {
500 	return io_read32(bsec_base() + BSEC_DEN_OFF);
501 }
502 
set_bsec_lock(uint32_t otp_id,size_t lock_offset)503 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
504 {
505 	uint32_t bank = otp_bank_offset(otp_id);
506 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
507 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
508 	uint32_t exceptions = 0;
509 
510 	if (otp_id > STM32MP1_OTP_MAX_ID)
511 		return TEE_ERROR_BAD_PARAMETERS;
512 
513 	if (state_is_invalid_mode())
514 		return TEE_ERROR_SECURITY;
515 
516 	exceptions = bsec_lock();
517 
518 	io_write32(lock_addr, otp_mask);
519 
520 	bsec_unlock(exceptions);
521 
522 	return TEE_SUCCESS;
523 }
524 
stm32_bsec_set_sr_lock(uint32_t otp_id)525 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
526 {
527 	return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
528 }
529 
stm32_bsec_set_sw_lock(uint32_t otp_id)530 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
531 {
532 	return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
533 }
534 
stm32_bsec_set_sp_lock(uint32_t otp_id)535 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
536 {
537 	return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
538 }
539 
read_bsec_lock(uint32_t otp_id,bool * locked,size_t lock_offset)540 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
541 				 size_t lock_offset)
542 {
543 	uint32_t bank = otp_bank_offset(otp_id);
544 	uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
545 	vaddr_t lock_addr = bsec_base() + bank + lock_offset;
546 
547 	if (otp_id > STM32MP1_OTP_MAX_ID)
548 		return TEE_ERROR_BAD_PARAMETERS;
549 
550 	if (state_is_invalid_mode())
551 		return TEE_ERROR_SECURITY;
552 
553 	*locked = (io_read32(lock_addr) & otp_mask) != 0;
554 
555 	return TEE_SUCCESS;
556 }
557 
stm32_bsec_read_sr_lock(uint32_t otp_id,bool * locked)558 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
559 {
560 	return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
561 }
562 
stm32_bsec_read_sw_lock(uint32_t otp_id,bool * locked)563 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
564 {
565 	return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
566 }
567 
stm32_bsec_read_sp_lock(uint32_t otp_id,bool * locked)568 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
569 {
570 	return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
571 }
572 
stm32_bsec_read_permanent_lock(uint32_t otp_id,bool * locked)573 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
574 {
575 	return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
576 }
577 
nsec_access_array_size(void)578 static size_t nsec_access_array_size(void)
579 {
580 	size_t upper_count = otp_max_id() - otp_upper_base() + 1;
581 
582 	return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD);
583 }
584 
nsec_access_granted(unsigned int index)585 static bool nsec_access_granted(unsigned int index)
586 {
587 	uint32_t *array = bsec_dev.nsec_access;
588 
589 	return array &&
590 	       (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() &&
591 	       array[index / BSEC_BITS_PER_WORD] &
592 	       BIT(index % BSEC_BITS_PER_WORD);
593 }
594 
stm32_bsec_can_access_otp(uint32_t otp_id)595 bool stm32_bsec_can_access_otp(uint32_t otp_id)
596 {
597 	return (otp_id <= otp_max_id()) && !state_is_invalid_mode();
598 }
599 
stm32_bsec_nsec_can_access_otp(uint32_t otp_id)600 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
601 {
602 	return otp_id < otp_upper_base() ||
603 	       nsec_access_granted(otp_id - otp_upper_base());
604 }
605 
606 struct nvmem_layout {
607 	char *name;
608 	uint32_t otp_id;
609 	size_t bit_len;
610 };
611 
612 static struct nvmem_layout *nvmem_layout;
613 static size_t nvmem_layout_count;
614 
stm32_bsec_find_otp_in_nvmem_layout(const char * name,uint32_t * otp_id,size_t * otp_bit_len)615 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
616 					       uint32_t *otp_id,
617 					       size_t *otp_bit_len)
618 {
619 	size_t i = 0;
620 
621 	if (!name)
622 		return TEE_ERROR_BAD_PARAMETERS;
623 
624 	for (i = 0; i < nvmem_layout_count; i++) {
625 		if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name))
626 			continue;
627 
628 		if (otp_id)
629 			*otp_id = nvmem_layout[i].otp_id;
630 
631 		if (otp_bit_len)
632 			*otp_bit_len = nvmem_layout[i].bit_len;
633 
634 		DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i,
635 		     nvmem_layout[i].otp_id, nvmem_layout[i].bit_len);
636 
637 		return TEE_SUCCESS;
638 	}
639 
640 	DMSG("nvmem %s failed", name);
641 
642 	return TEE_ERROR_ITEM_NOT_FOUND;
643 };
644 
stm32_bsec_get_state(uint32_t * state)645 TEE_Result stm32_bsec_get_state(uint32_t *state)
646 {
647 	if (!state)
648 		return TEE_ERROR_BAD_PARAMETERS;
649 
650 	if (state_is_invalid_mode() || !state_is_secured_mode()) {
651 		*state = BSEC_STATE_INVALID;
652 	} else {
653 		if (state_is_closed_mode())
654 			*state = BSEC_STATE_SEC_CLOSED;
655 		else
656 			*state = BSEC_STATE_SEC_OPEN;
657 	}
658 
659 	return TEE_SUCCESS;
660 }
661 
662 #ifdef CFG_EMBED_DTB
enable_nsec_access(unsigned int otp_id)663 static void enable_nsec_access(unsigned int otp_id)
664 {
665 	unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD;
666 
667 	if (otp_id < otp_upper_base())
668 		return;
669 
670 	if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id))
671 		panic();
672 
673 	bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD);
674 }
675 
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)676 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
677 {
678 	int bsec_subnode = 0;
679 
680 	bsec_dev.nsec_access = calloc(nsec_access_array_size(),
681 				      sizeof(*bsec_dev.nsec_access));
682 	if (!bsec_dev.nsec_access)
683 		panic();
684 
685 	fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
686 		unsigned int reg_offset = 0;
687 		unsigned int reg_size = 0;
688 		unsigned int otp_id = 0;
689 		unsigned int i = 0;
690 		size_t size = 0;
691 
692 		reg_offset = _fdt_reg_base_address(fdt, bsec_subnode);
693 		reg_size = _fdt_reg_size(fdt, bsec_subnode);
694 
695 		assert(reg_offset != DT_INFO_INVALID_REG &&
696 		       reg_size != DT_INFO_INVALID_REG_SIZE);
697 
698 		otp_id = reg_offset / sizeof(uint32_t);
699 
700 		if (otp_id < STM32MP1_UPPER_OTP_START) {
701 			unsigned int otp_end =
702 				ROUNDUP_DIV(reg_offset + reg_size,
703 					    sizeof(uint32_t));
704 
705 			if (otp_end > STM32MP1_UPPER_OTP_START) {
706 				/*
707 				 * OTP crosses Lower/Upper boundary, consider
708 				 * only the upper part.
709 				 */
710 				otp_id = STM32MP1_UPPER_OTP_START;
711 				reg_size -= (STM32MP1_UPPER_OTP_START *
712 					     sizeof(uint32_t)) - reg_offset;
713 				reg_offset = STM32MP1_UPPER_OTP_START *
714 					     sizeof(uint32_t);
715 
716 				DMSG("OTP crosses Lower/Upper boundary");
717 			} else {
718 				continue;
719 			}
720 		}
721 
722 		/* Handle different kinds of non-secure accesses */
723 		if (fdt_getprop(fdt, bsec_subnode,
724 				"st,non-secure-otp-provisioning", NULL)) {
725 			bool locked = false;
726 			bool locked_2 = false;
727 
728 			/* Check if write of OTP is locked */
729 			if (stm32_bsec_read_permanent_lock(otp_id, &locked))
730 				panic("Cannot read permanent lock");
731 
732 			/*
733 			 * Check if fuses of the subnode
734 			 * have the same lock status
735 			 */
736 			for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) {
737 				if (stm32_bsec_read_permanent_lock(otp_id + i,
738 								   &locked_2))
739 					panic("Cannot read permanent lock");
740 
741 				if (locked != locked_2) {
742 					EMSG("Inconsistent status OTP ID %u",
743 					     otp_id + i);
744 					locked = true;
745 				}
746 			}
747 
748 			if (locked) {
749 				DMSG("BSEC: OTP locked");
750 				continue;
751 			}
752 		} else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp",
753 					NULL)) {
754 			continue;
755 		}
756 
757 		if ((reg_offset % sizeof(uint32_t)) ||
758 		    (reg_size % sizeof(uint32_t)))
759 			panic("Unaligned non-secure OTP");
760 
761 		size = reg_size / sizeof(uint32_t);
762 
763 		if (otp_id + size > OTP_MAX_SIZE)
764 			panic("OTP range oversized");
765 
766 		for (i = otp_id; i < otp_id + size; i++)
767 			enable_nsec_access(i);
768 	}
769 }
770 
save_dt_nvmem_layout(void * fdt,int bsec_node)771 static void save_dt_nvmem_layout(void *fdt, int bsec_node)
772 {
773 	int cell_max = 0;
774 	int cell_cnt = 0;
775 	int node = 0;
776 
777 	fdt_for_each_subnode(node, fdt, bsec_node)
778 		cell_max++;
779 	if (!cell_max)
780 		return;
781 
782 	nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout));
783 	if (!nvmem_layout)
784 		panic();
785 
786 	fdt_for_each_subnode(node, fdt, bsec_node) {
787 		unsigned int reg_offset = 0;
788 		unsigned int reg_length = 0;
789 		const char *string = NULL;
790 		const char *s = NULL;
791 		int len = 0;
792 		struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt];
793 
794 		string = fdt_get_name(fdt, node, &len);
795 		if (!string || !len)
796 			continue;
797 
798 		reg_offset = _fdt_reg_base_address(fdt, node);
799 		reg_length = _fdt_reg_size(fdt, node);
800 
801 		if (reg_offset == DT_INFO_INVALID_REG ||
802 		    reg_length == DT_INFO_INVALID_REG_SIZE) {
803 			DMSG("Malformed nvmem %s: ignored", string);
804 			continue;
805 		}
806 
807 		if (reg_offset % sizeof(uint32_t)) {
808 			DMSG("Misaligned nvmem %s: ignored", string);
809 			continue;
810 		}
811 		layout_cell->otp_id = reg_offset / sizeof(uint32_t);
812 		layout_cell->bit_len = reg_length * CHAR_BIT;
813 
814 		s = strchr(string, '@');
815 		if (s)
816 			len = s - string;
817 
818 		layout_cell->name = strndup(string, len);
819 		if (!layout_cell->name)
820 			panic();
821 		cell_cnt++;
822 		DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt,
823 		     layout_cell->name, layout_cell->otp_id,
824 		     layout_cell->bit_len);
825 	}
826 
827 	if (cell_cnt != cell_max) {
828 		nvmem_layout = realloc(nvmem_layout,
829 				       cell_cnt * sizeof(*nvmem_layout));
830 		if (!nvmem_layout)
831 			panic();
832 	}
833 
834 	nvmem_layout_count = cell_cnt;
835 }
836 
initialize_bsec_from_dt(void)837 static void initialize_bsec_from_dt(void)
838 {
839 	void *fdt = NULL;
840 	int node = 0;
841 	struct dt_node_info bsec_info = { };
842 
843 	fdt = get_embedded_dt();
844 	node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT);
845 	if (node < 0)
846 		panic();
847 
848 	_fdt_fill_device_info(fdt, &bsec_info, node);
849 
850 	if (bsec_info.reg != bsec_dev.base.pa ||
851 	    !(bsec_info.status & DT_STATUS_OK_SEC))
852 		panic();
853 
854 	bsec_dt_otp_nsec_access(fdt, node);
855 
856 	save_dt_nvmem_layout(fdt, node);
857 }
858 #else
initialize_bsec_from_dt(void)859 static void initialize_bsec_from_dt(void)
860 {
861 }
862 #endif /*CFG_EMBED_DTB*/
863 
bsec_pm(enum pm_op op,uint32_t pm_hint __unused,const struct pm_callback_handle * hdl __unused)864 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused,
865 			  const struct pm_callback_handle *hdl __unused)
866 {
867 	static uint32_t debug_conf;
868 
869 	assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME);
870 
871 	if (op == PM_OP_SUSPEND)
872 		debug_conf = stm32_bsec_read_debug_conf();
873 	else
874 		stm32_bsec_write_debug_conf(debug_conf);
875 
876 	return TEE_SUCCESS;
877 }
878 DECLARE_KEEP_PAGER(bsec_pm);
879 
initialize_bsec(void)880 static TEE_Result initialize_bsec(void)
881 {
882 	struct stm32_bsec_static_cfg cfg = { };
883 
884 	stm32mp_get_bsec_static_cfg(&cfg);
885 
886 	bsec_dev.base.pa = cfg.base;
887 	bsec_dev.upper_base = cfg.upper_start;
888 	bsec_dev.max_id = cfg.max_id;
889 
890 	if (state_is_invalid_mode())
891 		panic();
892 
893 	if (IS_ENABLED(CFG_EMBED_DTB))
894 		initialize_bsec_from_dt();
895 
896 	register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec");
897 
898 	return TEE_SUCCESS;
899 }
900 
901 early_init(initialize_bsec);
902