1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3 * Copyright (c) 2017-2021, STMicroelectronics
4 */
5
6 #include <assert.h>
7 #include <config.h>
8 #include <drivers/stm32_bsec.h>
9 #include <io.h>
10 #include <kernel/delay.h>
11 #include <kernel/dt.h>
12 #include <kernel/boot.h>
13 #include <kernel/pm.h>
14 #include <kernel/spinlock.h>
15 #include <libfdt.h>
16 #include <limits.h>
17 #include <mm/core_memprot.h>
18 #include <platform_config.h>
19 #include <stm32_util.h>
20 #include <string.h>
21 #include <tee_api_defines.h>
22 #include <types_ext.h>
23 #include <util.h>
24
25 #ifdef CFG_STM32MP13
26 #define DT_BSEC_COMPAT "st,stm32mp13-bsec"
27 #endif
28 #ifdef CFG_STM32MP15
29 #define DT_BSEC_COMPAT "st,stm32mp15-bsec"
30 #endif
31
32 #define BSEC_OTP_MASK GENMASK_32(4, 0)
33 #define BSEC_OTP_BANK_SHIFT U(5)
34
35 /* Permanent lock bitmasks */
36 #define DATA_LOWER_OTP_PERLOCK_BIT U(3)
37 #define DATA_UPPER_OTP_PERLOCK_BIT U(1)
38
39 /* BSEC register offset */
40 #define BSEC_OTP_CONF_OFF U(0x000)
41 #define BSEC_OTP_CTRL_OFF U(0x004)
42 #define BSEC_OTP_WRDATA_OFF U(0x008)
43 #define BSEC_OTP_STATUS_OFF U(0x00C)
44 #define BSEC_OTP_LOCK_OFF U(0x010)
45 #define BSEC_DEN_OFF U(0x014)
46 #define BSEC_FEN_OFF U(0x018)
47 #define BSEC_DISTURBED_OFF U(0x01C)
48 #define BSEC_DISTURBED1_OFF U(0x020)
49 #define BSEC_DISTURBED2_OFF U(0x024)
50 #define BSEC_ERROR_OFF U(0x034)
51 #define BSEC_ERROR1_OFF U(0x038)
52 #define BSEC_ERROR2_OFF U(0x03C)
53 #define BSEC_WRLOCK_OFF U(0x04C)
54 #define BSEC_WRLOCK1_OFF U(0x050)
55 #define BSEC_WRLOCK2_OFF U(0x054)
56 #define BSEC_SPLOCK_OFF U(0x064)
57 #define BSEC_SPLOCK1_OFF U(0x068)
58 #define BSEC_SPLOCK2_OFF U(0x06C)
59 #define BSEC_SWLOCK_OFF U(0x07C)
60 #define BSEC_SWLOCK1_OFF U(0x080)
61 #define BSEC_SWLOCK2_OFF U(0x084)
62 #define BSEC_SRLOCK_OFF U(0x094)
63 #define BSEC_SRLOCK1_OFF U(0x098)
64 #define BSEC_SRLOCK2_OFF U(0x09C)
65 #define BSEC_JTAG_IN_OFF U(0x0AC)
66 #define BSEC_JTAG_OUT_OFF U(0x0B0)
67 #define BSEC_SCRATCH_OFF U(0x0B4)
68 #define BSEC_OTP_DATA_OFF U(0x200)
69 #define BSEC_IPHW_CFG_OFF U(0xFF0)
70 #define BSEC_IPVR_OFF U(0xFF4)
71 #define BSEC_IP_ID_OFF U(0xFF8)
72 #define BSEC_IP_MAGIC_ID_OFF U(0xFFC)
73
74 /* BSEC_CONFIGURATION Register */
75 #define BSEC_CONF_POWER_UP_MASK BIT(0)
76 #define BSEC_CONF_POWER_UP_SHIFT U(0)
77 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1)
78 #define BSEC_CONF_FRQ_SHIFT U(1)
79 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3)
80 #define BSEC_CONF_PRG_WIDTH_SHIFT U(3)
81 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7)
82 #define BSEC_CONF_TREAD_SHIFT U(7)
83
84 /* BSEC_CONTROL Register */
85 #define BSEC_READ U(0x000)
86 #define BSEC_WRITE U(0x100)
87 #define BSEC_LOCK U(0x200)
88
89 /* BSEC_STATUS Register */
90 #define BSEC_MODE_SECURED BIT(0)
91 #define BSEC_MODE_INVALID BIT(2)
92 #define BSEC_MODE_BUSY BIT(3)
93 #define BSEC_MODE_PROGFAIL BIT(4)
94 #define BSEC_MODE_PWR BIT(5)
95 #define BSEC_MODE_CLOSED BIT(8)
96
97 /*
98 * OTP Lock services definition
99 * Value must corresponding to the bit position in the register
100 */
101 #define BSEC_LOCK_UPPER_OTP U(0x00)
102 #define BSEC_LOCK_DEBUG U(0x02)
103 #define BSEC_LOCK_PROGRAM U(0x04)
104
105 /* Timeout when polling on status */
106 #define BSEC_TIMEOUT_US U(10000)
107
108 struct bsec_dev {
109 struct io_pa_va base;
110 unsigned int upper_base;
111 unsigned int max_id;
112 uint32_t *nsec_access;
113 };
114
115 /* Only 1 instance of BSEC is expected per platform */
116 static struct bsec_dev bsec_dev;
117
118 /* BSEC access protection */
119 static unsigned int lock = SPINLOCK_UNLOCK;
120
bsec_lock(void)121 static uint32_t bsec_lock(void)
122 {
123 return may_spin_lock(&lock);
124 }
125
bsec_unlock(uint32_t exceptions)126 static void bsec_unlock(uint32_t exceptions)
127 {
128 may_spin_unlock(&lock, exceptions);
129 }
130
otp_max_id(void)131 static uint32_t otp_max_id(void)
132 {
133 return bsec_dev.max_id;
134 }
135
otp_upper_base(void)136 static uint32_t otp_upper_base(void)
137 {
138 return bsec_dev.upper_base;
139 }
140
otp_bank_offset(uint32_t otp_id)141 static uint32_t otp_bank_offset(uint32_t otp_id)
142 {
143 assert(otp_id <= otp_max_id());
144
145 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
146 sizeof(uint32_t);
147 }
148
bsec_base(void)149 static vaddr_t bsec_base(void)
150 {
151 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1);
152 }
153
bsec_status(void)154 static uint32_t bsec_status(void)
155 {
156 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
157 }
158
state_is_invalid_mode(void)159 static bool state_is_invalid_mode(void)
160 {
161 return bsec_status() & BSEC_MODE_INVALID;
162 }
163
state_is_secured_mode(void)164 static bool state_is_secured_mode(void)
165 {
166 return bsec_status() & BSEC_MODE_SECURED;
167 }
168
state_is_closed_mode(void)169 static bool state_is_closed_mode(void)
170 {
171 uint32_t otp_cfg = 0;
172 uint32_t close_mode = 0;
173 TEE_Result res = TEE_ERROR_GENERIC;
174
175 if (IS_ENABLED(CFG_STM32MP13))
176 return bsec_status() & BSEC_MODE_CLOSED;
177
178 res = stm32_bsec_find_otp_in_nvmem_layout("cfg0_otp", &otp_cfg, NULL);
179 if (res)
180 panic("CFG0 OTP not found");
181
182 if (stm32_bsec_read_otp(&close_mode, otp_cfg))
183 panic("Unable to read OTP");
184
185 return close_mode & CFG0_OTP_CLOSED_DEVICE;
186 }
187
188 /*
189 * Check that BSEC interface does not report an error
190 * @otp_id : OTP number
191 * @check_disturbed: check only error (false) or all sources (true)
192 * Return a TEE_Result compliant value
193 */
check_no_error(uint32_t otp_id,bool check_disturbed)194 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
195 {
196 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
197 uint32_t bank = otp_bank_offset(otp_id);
198
199 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
200 return TEE_ERROR_GENERIC;
201
202 if (check_disturbed &&
203 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
204 return TEE_ERROR_GENERIC;
205
206 return TEE_SUCCESS;
207 }
208
power_up_safmem(void)209 static TEE_Result power_up_safmem(void)
210 {
211 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
212
213 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
214 BSEC_CONF_POWER_UP_MASK);
215
216 /*
217 * If a timeout is detected, test the condition again to consider
218 * cases where timeout is due to the executing TEE thread rescheduling.
219 */
220 while (!timeout_elapsed(timeout_ref))
221 if (bsec_status() & BSEC_MODE_PWR)
222 break;
223
224 if (bsec_status() & BSEC_MODE_PWR)
225 return TEE_SUCCESS;
226
227 return TEE_ERROR_GENERIC;
228 }
229
power_down_safmem(void)230 static TEE_Result power_down_safmem(void)
231 {
232 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
233
234 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
235
236 /*
237 * If a timeout is detected, test the condition again to consider
238 * cases where timeout is due to the executing TEE thread rescheduling.
239 */
240 while (!timeout_elapsed(timeout_ref))
241 if (!(bsec_status() & BSEC_MODE_PWR))
242 break;
243
244 if (!(bsec_status() & BSEC_MODE_PWR))
245 return TEE_SUCCESS;
246
247 return TEE_ERROR_GENERIC;
248 }
249
stm32_bsec_shadow_register(uint32_t otp_id)250 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
251 {
252 TEE_Result result = 0;
253 uint32_t exceptions = 0;
254 uint64_t timeout_ref = 0;
255 bool locked = false;
256
257 /* Check if shadowing of OTP is locked, informative only */
258 result = stm32_bsec_read_sr_lock(otp_id, &locked);
259 if (result)
260 return result;
261
262 if (locked)
263 DMSG("BSEC shadow warning: OTP locked");
264
265 if (state_is_invalid_mode())
266 return TEE_ERROR_SECURITY;
267
268 exceptions = bsec_lock();
269
270 result = power_up_safmem();
271 if (result)
272 goto out;
273
274 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
275
276 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
277 while (!timeout_elapsed(timeout_ref))
278 if (!(bsec_status() & BSEC_MODE_BUSY))
279 break;
280
281 if (bsec_status() & BSEC_MODE_BUSY)
282 result = TEE_ERROR_BUSY;
283 else
284 result = check_no_error(otp_id, true /* check-disturbed */);
285
286 power_down_safmem();
287
288 out:
289 bsec_unlock(exceptions);
290
291 return result;
292 }
293
stm32_bsec_read_otp(uint32_t * value,uint32_t otp_id)294 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
295 {
296 if (otp_id > otp_max_id())
297 return TEE_ERROR_BAD_PARAMETERS;
298
299 if (state_is_invalid_mode())
300 return TEE_ERROR_SECURITY;
301
302 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
303 (otp_id * sizeof(uint32_t)));
304
305 return TEE_SUCCESS;
306 }
307
stm32_bsec_shadow_read_otp(uint32_t * otp_value,uint32_t otp_id)308 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
309 {
310 TEE_Result result = 0;
311
312 result = stm32_bsec_shadow_register(otp_id);
313 if (result) {
314 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
315 return result;
316 }
317
318 result = stm32_bsec_read_otp(otp_value, otp_id);
319 if (result)
320 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
321
322 return result;
323 }
324
stm32_bsec_write_otp(uint32_t value,uint32_t otp_id)325 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
326 {
327 TEE_Result result = 0;
328 uint32_t exceptions = 0;
329 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
330 bool locked = false;
331
332 /* Check if write of OTP is locked, informative only */
333 result = stm32_bsec_read_sw_lock(otp_id, &locked);
334 if (result)
335 return result;
336
337 if (locked)
338 DMSG("BSEC write warning: OTP locked");
339
340 if (state_is_invalid_mode())
341 return TEE_ERROR_SECURITY;
342
343 exceptions = bsec_lock();
344
345 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
346
347 bsec_unlock(exceptions);
348
349 return TEE_SUCCESS;
350 }
351
352 #ifdef CFG_STM32_BSEC_WRITE
stm32_bsec_program_otp(uint32_t value,uint32_t otp_id)353 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
354 {
355 TEE_Result result = 0;
356 uint32_t exceptions = 0;
357 uint64_t timeout_ref = 0;
358 bool locked = false;
359
360 /* Check if shadowing of OTP is locked, informative only */
361 result = stm32_bsec_read_sp_lock(otp_id, &locked);
362 if (result)
363 return result;
364
365 if (locked)
366 DMSG("BSEC program warning: OTP locked");
367
368 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
369 DMSG("BSEC program warning: GPLOCK activated");
370
371 if (state_is_invalid_mode())
372 return TEE_ERROR_SECURITY;
373
374 exceptions = bsec_lock();
375
376 result = power_up_safmem();
377 if (result)
378 goto out;
379
380 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
381 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
382
383 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
384 while (!timeout_elapsed(timeout_ref))
385 if (!(bsec_status() & BSEC_MODE_BUSY))
386 break;
387
388 if (bsec_status() & BSEC_MODE_BUSY)
389 result = TEE_ERROR_BUSY;
390 else if (bsec_status() & BSEC_MODE_PROGFAIL)
391 result = TEE_ERROR_BAD_PARAMETERS;
392 else
393 result = check_no_error(otp_id, true /* check-disturbed */);
394
395 power_down_safmem();
396
397 out:
398 bsec_unlock(exceptions);
399
400 return result;
401 }
402 #endif /*CFG_STM32_BSEC_WRITE*/
403
stm32_bsec_permanent_lock_otp(uint32_t otp_id)404 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
405 {
406 TEE_Result result = 0;
407 uint32_t data = 0;
408 uint32_t addr = 0;
409 uint32_t exceptions = 0;
410 vaddr_t base = bsec_base();
411 uint64_t timeout_ref = 0;
412 uint32_t upper_base = otp_upper_base();
413
414 if (otp_id > otp_max_id())
415 return TEE_ERROR_BAD_PARAMETERS;
416
417 /*
418 * 2 bits per words for lower OTPs: 2:1 Redundancy
419 * 1 bit per word for upper OTPs : ECC support
420 * e.g with 32 lower and 64 upper OTPs:
421 * OTP word to be ADDR[6:0] WRDATA[31:0]
422 * locked
423 * 0 0x00 0x0000 0003
424 * 1 0x00 0x0000 000C
425 * ... ... ...
426 * 7 0x00 0x0000 C000
427 * 8 0x01 0x0000 0003
428 * ... ... ...
429 * 31 0x03 0x0000 C000
430 * 32 0x04 0x0000 0001
431 * 33 0x04 0x0000 0002
432 * 95 0x07 0x0000 8000
433 */
434 if (otp_id < upper_base) {
435 addr = otp_id / 8U;
436 data = DATA_LOWER_OTP_PERLOCK_BIT << ((otp_id * 2U) & 0xF);
437 } else {
438 addr = upper_base / 8U + (otp_id - upper_base) / 16U;
439 data = DATA_UPPER_OTP_PERLOCK_BIT << (otp_id & 0xF);
440 }
441
442 if (state_is_invalid_mode())
443 return TEE_ERROR_SECURITY;
444
445 exceptions = bsec_lock();
446
447 result = power_up_safmem();
448 if (result)
449 goto out;
450
451 io_write32(base + BSEC_OTP_WRDATA_OFF, data);
452 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
453
454 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
455 while (!timeout_elapsed(timeout_ref))
456 if (!(bsec_status() & BSEC_MODE_BUSY))
457 break;
458
459 if (bsec_status() & BSEC_MODE_BUSY)
460 result = TEE_ERROR_BUSY;
461 else if (bsec_status() & BSEC_MODE_PROGFAIL)
462 result = TEE_ERROR_BAD_PARAMETERS;
463 else
464 result = check_no_error(otp_id, false /* not-disturbed */);
465
466 #ifdef CFG_STM32MP13
467 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_READ | BSEC_LOCK);
468 #endif
469
470 power_down_safmem();
471
472 out:
473 bsec_unlock(exceptions);
474
475 return result;
476 }
477
stm32_bsec_write_debug_conf(uint32_t value)478 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
479 {
480 TEE_Result result = TEE_ERROR_GENERIC;
481 uint32_t exceptions = 0;
482
483 if (state_is_invalid_mode())
484 return TEE_ERROR_SECURITY;
485
486 exceptions = bsec_lock();
487
488 io_write32(bsec_base() + BSEC_DEN_OFF, value);
489
490 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ value) == 0U)
491 result = TEE_SUCCESS;
492
493 bsec_unlock(exceptions);
494
495 return result;
496 }
497
stm32_bsec_read_debug_conf(void)498 uint32_t stm32_bsec_read_debug_conf(void)
499 {
500 return io_read32(bsec_base() + BSEC_DEN_OFF);
501 }
502
set_bsec_lock(uint32_t otp_id,size_t lock_offset)503 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
504 {
505 uint32_t bank = otp_bank_offset(otp_id);
506 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
507 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
508 uint32_t exceptions = 0;
509
510 if (otp_id > STM32MP1_OTP_MAX_ID)
511 return TEE_ERROR_BAD_PARAMETERS;
512
513 if (state_is_invalid_mode())
514 return TEE_ERROR_SECURITY;
515
516 exceptions = bsec_lock();
517
518 io_write32(lock_addr, otp_mask);
519
520 bsec_unlock(exceptions);
521
522 return TEE_SUCCESS;
523 }
524
stm32_bsec_set_sr_lock(uint32_t otp_id)525 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
526 {
527 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
528 }
529
stm32_bsec_set_sw_lock(uint32_t otp_id)530 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
531 {
532 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
533 }
534
stm32_bsec_set_sp_lock(uint32_t otp_id)535 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
536 {
537 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
538 }
539
read_bsec_lock(uint32_t otp_id,bool * locked,size_t lock_offset)540 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
541 size_t lock_offset)
542 {
543 uint32_t bank = otp_bank_offset(otp_id);
544 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
545 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
546
547 if (otp_id > STM32MP1_OTP_MAX_ID)
548 return TEE_ERROR_BAD_PARAMETERS;
549
550 if (state_is_invalid_mode())
551 return TEE_ERROR_SECURITY;
552
553 *locked = (io_read32(lock_addr) & otp_mask) != 0;
554
555 return TEE_SUCCESS;
556 }
557
stm32_bsec_read_sr_lock(uint32_t otp_id,bool * locked)558 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
559 {
560 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
561 }
562
stm32_bsec_read_sw_lock(uint32_t otp_id,bool * locked)563 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
564 {
565 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
566 }
567
stm32_bsec_read_sp_lock(uint32_t otp_id,bool * locked)568 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
569 {
570 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
571 }
572
stm32_bsec_read_permanent_lock(uint32_t otp_id,bool * locked)573 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
574 {
575 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
576 }
577
nsec_access_array_size(void)578 static size_t nsec_access_array_size(void)
579 {
580 size_t upper_count = otp_max_id() - otp_upper_base() + 1;
581
582 return ROUNDUP_DIV(upper_count, BSEC_BITS_PER_WORD);
583 }
584
nsec_access_granted(unsigned int index)585 static bool nsec_access_granted(unsigned int index)
586 {
587 uint32_t *array = bsec_dev.nsec_access;
588
589 return array &&
590 (index / BSEC_BITS_PER_WORD) < nsec_access_array_size() &&
591 array[index / BSEC_BITS_PER_WORD] &
592 BIT(index % BSEC_BITS_PER_WORD);
593 }
594
stm32_bsec_can_access_otp(uint32_t otp_id)595 bool stm32_bsec_can_access_otp(uint32_t otp_id)
596 {
597 return (otp_id <= otp_max_id()) && !state_is_invalid_mode();
598 }
599
stm32_bsec_nsec_can_access_otp(uint32_t otp_id)600 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
601 {
602 return otp_id < otp_upper_base() ||
603 nsec_access_granted(otp_id - otp_upper_base());
604 }
605
606 struct nvmem_layout {
607 char *name;
608 uint32_t otp_id;
609 size_t bit_len;
610 };
611
612 static struct nvmem_layout *nvmem_layout;
613 static size_t nvmem_layout_count;
614
stm32_bsec_find_otp_in_nvmem_layout(const char * name,uint32_t * otp_id,size_t * otp_bit_len)615 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
616 uint32_t *otp_id,
617 size_t *otp_bit_len)
618 {
619 size_t i = 0;
620
621 if (!name)
622 return TEE_ERROR_BAD_PARAMETERS;
623
624 for (i = 0; i < nvmem_layout_count; i++) {
625 if (!nvmem_layout[i].name || strcmp(name, nvmem_layout[i].name))
626 continue;
627
628 if (otp_id)
629 *otp_id = nvmem_layout[i].otp_id;
630
631 if (otp_bit_len)
632 *otp_bit_len = nvmem_layout[i].bit_len;
633
634 DMSG("nvmem %s = %zu: %"PRId32" %zu", name, i,
635 nvmem_layout[i].otp_id, nvmem_layout[i].bit_len);
636
637 return TEE_SUCCESS;
638 }
639
640 DMSG("nvmem %s failed", name);
641
642 return TEE_ERROR_ITEM_NOT_FOUND;
643 };
644
stm32_bsec_get_state(uint32_t * state)645 TEE_Result stm32_bsec_get_state(uint32_t *state)
646 {
647 if (!state)
648 return TEE_ERROR_BAD_PARAMETERS;
649
650 if (state_is_invalid_mode() || !state_is_secured_mode()) {
651 *state = BSEC_STATE_INVALID;
652 } else {
653 if (state_is_closed_mode())
654 *state = BSEC_STATE_SEC_CLOSED;
655 else
656 *state = BSEC_STATE_SEC_OPEN;
657 }
658
659 return TEE_SUCCESS;
660 }
661
662 #ifdef CFG_EMBED_DTB
enable_nsec_access(unsigned int otp_id)663 static void enable_nsec_access(unsigned int otp_id)
664 {
665 unsigned int idx = (otp_id - otp_upper_base()) / BSEC_BITS_PER_WORD;
666
667 if (otp_id < otp_upper_base())
668 return;
669
670 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id))
671 panic();
672
673 bsec_dev.nsec_access[idx] |= BIT(otp_id % BSEC_BITS_PER_WORD);
674 }
675
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)676 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
677 {
678 int bsec_subnode = 0;
679
680 bsec_dev.nsec_access = calloc(nsec_access_array_size(),
681 sizeof(*bsec_dev.nsec_access));
682 if (!bsec_dev.nsec_access)
683 panic();
684
685 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
686 unsigned int reg_offset = 0;
687 unsigned int reg_size = 0;
688 unsigned int otp_id = 0;
689 unsigned int i = 0;
690 size_t size = 0;
691
692 reg_offset = _fdt_reg_base_address(fdt, bsec_subnode);
693 reg_size = _fdt_reg_size(fdt, bsec_subnode);
694
695 assert(reg_offset != DT_INFO_INVALID_REG &&
696 reg_size != DT_INFO_INVALID_REG_SIZE);
697
698 otp_id = reg_offset / sizeof(uint32_t);
699
700 if (otp_id < STM32MP1_UPPER_OTP_START) {
701 unsigned int otp_end =
702 ROUNDUP_DIV(reg_offset + reg_size,
703 sizeof(uint32_t));
704
705 if (otp_end > STM32MP1_UPPER_OTP_START) {
706 /*
707 * OTP crosses Lower/Upper boundary, consider
708 * only the upper part.
709 */
710 otp_id = STM32MP1_UPPER_OTP_START;
711 reg_size -= (STM32MP1_UPPER_OTP_START *
712 sizeof(uint32_t)) - reg_offset;
713 reg_offset = STM32MP1_UPPER_OTP_START *
714 sizeof(uint32_t);
715
716 DMSG("OTP crosses Lower/Upper boundary");
717 } else {
718 continue;
719 }
720 }
721
722 /* Handle different kinds of non-secure accesses */
723 if (fdt_getprop(fdt, bsec_subnode,
724 "st,non-secure-otp-provisioning", NULL)) {
725 bool locked = false;
726 bool locked_2 = false;
727
728 /* Check if write of OTP is locked */
729 if (stm32_bsec_read_permanent_lock(otp_id, &locked))
730 panic("Cannot read permanent lock");
731
732 /*
733 * Check if fuses of the subnode
734 * have the same lock status
735 */
736 for (i = 1; i < (reg_size / sizeof(uint32_t)); i++) {
737 if (stm32_bsec_read_permanent_lock(otp_id + i,
738 &locked_2))
739 panic("Cannot read permanent lock");
740
741 if (locked != locked_2) {
742 EMSG("Inconsistent status OTP ID %u",
743 otp_id + i);
744 locked = true;
745 }
746 }
747
748 if (locked) {
749 DMSG("BSEC: OTP locked");
750 continue;
751 }
752 } else if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp",
753 NULL)) {
754 continue;
755 }
756
757 if ((reg_offset % sizeof(uint32_t)) ||
758 (reg_size % sizeof(uint32_t)))
759 panic("Unaligned non-secure OTP");
760
761 size = reg_size / sizeof(uint32_t);
762
763 if (otp_id + size > OTP_MAX_SIZE)
764 panic("OTP range oversized");
765
766 for (i = otp_id; i < otp_id + size; i++)
767 enable_nsec_access(i);
768 }
769 }
770
save_dt_nvmem_layout(void * fdt,int bsec_node)771 static void save_dt_nvmem_layout(void *fdt, int bsec_node)
772 {
773 int cell_max = 0;
774 int cell_cnt = 0;
775 int node = 0;
776
777 fdt_for_each_subnode(node, fdt, bsec_node)
778 cell_max++;
779 if (!cell_max)
780 return;
781
782 nvmem_layout = calloc(cell_max, sizeof(*nvmem_layout));
783 if (!nvmem_layout)
784 panic();
785
786 fdt_for_each_subnode(node, fdt, bsec_node) {
787 unsigned int reg_offset = 0;
788 unsigned int reg_length = 0;
789 const char *string = NULL;
790 const char *s = NULL;
791 int len = 0;
792 struct nvmem_layout *layout_cell = &nvmem_layout[cell_cnt];
793
794 string = fdt_get_name(fdt, node, &len);
795 if (!string || !len)
796 continue;
797
798 reg_offset = _fdt_reg_base_address(fdt, node);
799 reg_length = _fdt_reg_size(fdt, node);
800
801 if (reg_offset == DT_INFO_INVALID_REG ||
802 reg_length == DT_INFO_INVALID_REG_SIZE) {
803 DMSG("Malformed nvmem %s: ignored", string);
804 continue;
805 }
806
807 if (reg_offset % sizeof(uint32_t)) {
808 DMSG("Misaligned nvmem %s: ignored", string);
809 continue;
810 }
811 layout_cell->otp_id = reg_offset / sizeof(uint32_t);
812 layout_cell->bit_len = reg_length * CHAR_BIT;
813
814 s = strchr(string, '@');
815 if (s)
816 len = s - string;
817
818 layout_cell->name = strndup(string, len);
819 if (!layout_cell->name)
820 panic();
821 cell_cnt++;
822 DMSG("nvmem[%d] = %s %"PRId32" %zu", cell_cnt,
823 layout_cell->name, layout_cell->otp_id,
824 layout_cell->bit_len);
825 }
826
827 if (cell_cnt != cell_max) {
828 nvmem_layout = realloc(nvmem_layout,
829 cell_cnt * sizeof(*nvmem_layout));
830 if (!nvmem_layout)
831 panic();
832 }
833
834 nvmem_layout_count = cell_cnt;
835 }
836
initialize_bsec_from_dt(void)837 static void initialize_bsec_from_dt(void)
838 {
839 void *fdt = NULL;
840 int node = 0;
841 struct dt_node_info bsec_info = { };
842
843 fdt = get_embedded_dt();
844 node = fdt_node_offset_by_compatible(fdt, 0, DT_BSEC_COMPAT);
845 if (node < 0)
846 panic();
847
848 _fdt_fill_device_info(fdt, &bsec_info, node);
849
850 if (bsec_info.reg != bsec_dev.base.pa ||
851 !(bsec_info.status & DT_STATUS_OK_SEC))
852 panic();
853
854 bsec_dt_otp_nsec_access(fdt, node);
855
856 save_dt_nvmem_layout(fdt, node);
857 }
858 #else
initialize_bsec_from_dt(void)859 static void initialize_bsec_from_dt(void)
860 {
861 }
862 #endif /*CFG_EMBED_DTB*/
863
bsec_pm(enum pm_op op,uint32_t pm_hint __unused,const struct pm_callback_handle * hdl __unused)864 static TEE_Result bsec_pm(enum pm_op op, uint32_t pm_hint __unused,
865 const struct pm_callback_handle *hdl __unused)
866 {
867 static uint32_t debug_conf;
868
869 assert(op == PM_OP_SUSPEND || op == PM_OP_RESUME);
870
871 if (op == PM_OP_SUSPEND)
872 debug_conf = stm32_bsec_read_debug_conf();
873 else
874 stm32_bsec_write_debug_conf(debug_conf);
875
876 return TEE_SUCCESS;
877 }
878 DECLARE_KEEP_PAGER(bsec_pm);
879
initialize_bsec(void)880 static TEE_Result initialize_bsec(void)
881 {
882 struct stm32_bsec_static_cfg cfg = { };
883
884 stm32mp_get_bsec_static_cfg(&cfg);
885
886 bsec_dev.base.pa = cfg.base;
887 bsec_dev.upper_base = cfg.upper_start;
888 bsec_dev.max_id = cfg.max_id;
889
890 if (state_is_invalid_mode())
891 panic();
892
893 if (IS_ENABLED(CFG_EMBED_DTB))
894 initialize_bsec_from_dt();
895
896 register_pm_core_service_cb(bsec_pm, NULL, "stm32_bsec");
897
898 return TEE_SUCCESS;
899 }
900
901 early_init(initialize_bsec);
902