1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3 * Copyright (c) 2017-2022, STMicroelectronics
4 */
5
6 #ifndef __DRIVERS_STM32_BSEC_H
7 #define __DRIVERS_STM32_BSEC_H
8
9 #include <compiler.h>
10 #include <stdint.h>
11 #include <tee_api.h>
12
13 /* BSEC_DEBUG */
14 #define BSEC_HDPEN BIT(4)
15 #define BSEC_SPIDEN BIT(5)
16 #define BSEC_SPINDEN BIT(6)
17 #define BSEC_DBGSWGEN BIT(10)
18 #define BSEC_DEBUG_ALL (BSEC_HDPEN | \
19 BSEC_SPIDEN | \
20 BSEC_SPINDEN | \
21 BSEC_DBGSWGEN)
22
23 #define BSEC_BITS_PER_WORD (8U * sizeof(uint32_t))
24 #define BSEC_BYTES_PER_WORD sizeof(uint32_t)
25
26 /* BSEC different global states */
27 enum stm32_bsec_sec_state {
28 BSEC_STATE_SEC_CLOSED,
29 BSEC_STATE_SEC_OPEN,
30 BSEC_STATE_INVALID
31 };
32
33 /*
34 * Load OTP from SAFMEM and provide its value
35 * @value: Output read value
36 * @otp_id: OTP number
37 * Return a TEE_Result compliant return value
38 */
39 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *value, uint32_t otp_id);
40
41 /*
42 * Copy SAFMEM OTP to BSEC data.
43 * @otp_id: OTP number.
44 * Return a TEE_Result compliant return value
45 */
46 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id);
47
48 /*
49 * Read an OTP data value
50 * @value: Output read value
51 * @otp_id: OTP number
52 * Return a TEE_Result compliant return value
53 */
54 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id);
55
56 /*
57 * Write value in BSEC data register
58 * @value: Value to write
59 * @otp_id: OTP number
60 * Return a TEE_Result compliant return value
61 */
62 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id);
63
64 /*
65 * Program a bit in SAFMEM without BSEC data refresh
66 * @value: Value to program.
67 * @otp_id: OTP number.
68 * Return a TEE_Result compliant return value
69 */
70 #ifdef CFG_STM32_BSEC_WRITE
71 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id);
72 #else
stm32_bsec_program_otp(uint32_t value __unused,uint32_t otp_id __unused)73 static inline TEE_Result stm32_bsec_program_otp(uint32_t value __unused,
74 uint32_t otp_id __unused)
75 {
76 return TEE_ERROR_NOT_SUPPORTED;
77 }
78 #endif
79
80 /*
81 * Permanent lock of OTP in SAFMEM
82 * @otp_id: OTP number
83 * Return a TEE_Result compliant return value
84 */
85 #ifdef CFG_STM32_BSEC_WRITE
86 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id);
87 #else
stm32_bsec_permanent_lock_otp(uint32_t otp_id __unused)88 static inline TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id __unused)
89 {
90 return TEE_ERROR_NOT_SUPPORTED;
91 }
92 #endif
93
94 /*
95 * Enable/disable debug service
96 * @value: Value to write
97 * Return a TEE_Result compliant return value
98 */
99 TEE_Result stm32_bsec_write_debug_conf(uint32_t value);
100
101 /* Return debug configuration read from BSEC */
102 uint32_t stm32_bsec_read_debug_conf(void);
103
104 /*
105 * Write shadow-read lock
106 * @otp_id: OTP number
107 * Return a TEE_Result compliant return value
108 */
109 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id);
110
111 /*
112 * Read shadow-read lock
113 * @otp_id: OTP number
114 * @locked: (out) true if shadow-read is locked, false if not locked.
115 * Return a TEE_Result compliant return value
116 */
117 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked);
118
119 /*
120 * Write shadow-write lock
121 * @otp_id: OTP number
122 * Return a TEE_Result compliant return value
123 */
124 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id);
125
126 /*
127 * Read shadow-write lock
128 * @otp_id: OTP number
129 * @locked: (out) true if shadow-write is locked, false if not locked.
130 * Return a TEE_Result compliant return value
131 */
132 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked);
133
134 /*
135 * Write shadow-program lock
136 * @otp_id: OTP number
137 * Return a TEE_Result compliant return value
138 */
139 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id);
140
141 /*
142 * Read shadow-program lock
143 * @otp_id: OTP number
144 * @locked: (out) true if shadow-program is locked, false if not locked.
145 * Return a TEE_Result compliant return value
146 */
147 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked);
148
149 /*
150 * Read permanent lock status
151 * @otp_id: OTP number
152 * @locked: (out) true if permanent lock is locked, false if not locked.
153 * Return a TEE_Result compliant return value
154 */
155 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked);
156
157 /*
158 * Return true if OTP can be read, false otherwise
159 * @otp_id: OTP number
160 */
161 bool stm32_bsec_can_access_otp(uint32_t otp_id);
162
163 /*
164 * Return true if non-secure world is allowed to read the target OTP
165 * @otp_id: OTP number
166 */
167 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id);
168
169 /*
170 * Find and get OTP location from its name.
171 * @name: sub-node name to look up.
172 * @otp_id: pointer to output OTP number or NULL.
173 * @otp_bit_offset: pointer to output OTP bit offset in the NVMEM cell or NULL.
174 * @otp_bit_len: pointer to output OTP length in bits or NULL.
175 * Return a TEE_Result compliant status
176 */
177 TEE_Result stm32_bsec_find_otp_in_nvmem_layout(const char *name,
178 uint32_t *otp_id,
179 uint8_t *otp_bit_offset,
180 size_t *otp_bit_len);
181
182 /*
183 * Find and get OTP location from its phandle.
184 * @phandle: node phandle to look up.
185 * @otp_id: pointer to read OTP number or NULL.
186 * @otp_bit_offset: pointer to read offset in OTP in bits or NULL.
187 * @otp_bit_len: pointer to read OTP length in bits or NULL.
188 * Return a TEE_Result compliant status
189 */
190 TEE_Result stm32_bsec_find_otp_by_phandle(const uint32_t phandle,
191 uint32_t *otp_id,
192 uint8_t *otp_bit_offset,
193 size_t *otp_bit_len);
194
195 /*
196 * Get BSEC global sec state.
197 * @sec_state: Global BSEC current sec state
198 * Return a TEE_Result compliant status
199 */
200 TEE_Result stm32_bsec_get_state(enum stm32_bsec_sec_state *sec_state);
201
202 #endif /*__DRIVERS_STM32_BSEC_H*/
203