1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2018, STMicroelectronics - All Rights Reserved
4 */
5
6 #define LOG_CATEGORY UCLASS_MISC
7
8 #include <common.h>
9 #include <clk.h>
10 #include <dm.h>
11 #include <log.h>
12 #include <misc.h>
13 #include <tee.h>
14 #include <asm/io.h>
15 #include <asm/arch/bsec.h>
16 #include <asm/arch/stm32mp1_smc.h>
17 #include <dm/device.h>
18 #include <dm/device_compat.h>
19 #include <linux/arm-smccc.h>
20 #include <linux/iopoll.h>
21
22 #define BSEC_OTP_MAX_VALUE 95
23 #define BSEC_OTP_UPPER_START 32
24 #define BSEC_TIMEOUT_US 10000
25
26 /* BSEC REGISTER OFFSET (base relative) */
27 #define BSEC_OTP_CONF_OFF 0x000
28 #define BSEC_OTP_CTRL_OFF 0x004
29 #define BSEC_OTP_WRDATA_OFF 0x008
30 #define BSEC_OTP_STATUS_OFF 0x00C
31 #define BSEC_OTP_LOCK_OFF 0x010
32 #define BSEC_DENABLE_OFF 0x014
33 #define BSEC_DISTURBED_OFF 0x01C
34 #define BSEC_ERROR_OFF 0x034
35 #define BSEC_WRLOCK_OFF 0x04C /* OTP write permananet lock */
36 #define BSEC_SPLOCK_OFF 0x064 /* OTP write sticky lock */
37 #define BSEC_SWLOCK_OFF 0x07C /* shadow write sticky lock */
38 #define BSEC_SRLOCK_OFF 0x094 /* shadow read sticky lock */
39 #define BSEC_OTP_DATA_OFF 0x200
40
41 /* BSEC_CONFIGURATION Register MASK */
42 #define BSEC_CONF_POWER_UP 0x001
43
44 /* BSEC_CONTROL Register */
45 #define BSEC_READ 0x000
46 #define BSEC_WRITE 0x100
47 #define BSEC_LOCK 0x200
48
49 /* LOCK Register */
50 #define OTP_LOCK_MASK 0x1F
51 #define OTP_LOCK_BANK_SHIFT 0x05
52 #define OTP_LOCK_BIT_MASK 0x01
53
54 /* STATUS Register */
55 #define BSEC_MODE_BUSY_MASK 0x08
56 #define BSEC_MODE_PROGFAIL_MASK 0x10
57 #define BSEC_MODE_PWR_MASK 0x20
58
59 /* DENABLE Register */
60 #define BSEC_DENABLE_DBGSWENABLE BIT(10)
61
62 /*
63 * OTP Lock services definition
64 * Value must corresponding to the bit number in the register
65 */
66 #define BSEC_LOCK_PROGRAM 0x04
67
68 #define PTA_BSEC_UUID { 0x94cf71ad, 0x80e6, 0x40b5, \
69 { 0xa7, 0xc6, 0x3d, 0xc5, 0x01, 0xeb, 0x28, 0x03 } }
70
71 /*
72 * Read OTP memory
73 *
74 * [in] value[0].a OTP start offset in byte
75 * [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
76 * [out] memref[1].buffer Output buffer to store read values
77 * [out] memref[1].size Size of OTP to be read
78 *
79 * Return codes:
80 * TEE_SUCCESS - Invoke command success
81 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param
82 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
83 */
84 #define PTA_BSEC_READ_MEM 0x0
85
86 /*
87 * Write OTP memory
88 *
89 * [in] value[0].a OTP start offset in byte
90 * [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
91 * [in] memref[1].buffer Input buffer to read values
92 * [in] memref[1].size Size of OTP to be written
93 *
94 * Return codes:
95 * TEE_SUCCESS - Invoke command success
96 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param
97 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
98 */
99 #define PTA_BSEC_WRITE_MEM 0x1
100
101 /* value of PTA_BSEC access type = value[in] b */
102 #define SHADOW_ACCESS 0
103 #define FUSE_ACCESS 1
104 #define LOCK_ACCESS 2
105
106 /**
107 * bsec_lock() - manage lock for each type SR/SP/SW
108 * @address: address of bsec IP register
109 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
110 * Return: true if locked else false
111 */
bsec_read_lock(u32 address,u32 otp)112 static bool bsec_read_lock(u32 address, u32 otp)
113 {
114 u32 bit;
115 u32 bank;
116
117 bit = 1 << (otp & OTP_LOCK_MASK);
118 bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
119
120 return !!(readl(address + bank) & bit);
121 }
122
123 /**
124 * bsec_check_error() - Check status of one otp
125 * @base: base address of bsec IP
126 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
127 * Return: 0 if no error, -EAGAIN or -ENOTSUPP
128 */
bsec_check_error(u32 base,u32 otp)129 static u32 bsec_check_error(u32 base, u32 otp)
130 {
131 u32 bit;
132 u32 bank;
133
134 bit = 1 << (otp & OTP_LOCK_MASK);
135 bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
136
137 if (readl(base + BSEC_DISTURBED_OFF + bank) & bit)
138 return -EAGAIN;
139 else if (readl(base + BSEC_ERROR_OFF + bank) & bit)
140 return -ENOTSUPP;
141
142 return 0;
143 }
144
145 /**
146 * bsec_read_SR_lock() - read SR lock (Shadowing)
147 * @base: base address of bsec IP
148 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
149 * Return: true if locked else false
150 */
bsec_read_SR_lock(u32 base,u32 otp)151 static bool bsec_read_SR_lock(u32 base, u32 otp)
152 {
153 return bsec_read_lock(base + BSEC_SRLOCK_OFF, otp);
154 }
155
156 /**
157 * bsec_read_SP_lock() - read SP lock (program Lock)
158 * @base: base address of bsec IP
159 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
160 * Return: true if locked else false
161 */
bsec_read_SP_lock(u32 base,u32 otp)162 static bool bsec_read_SP_lock(u32 base, u32 otp)
163 {
164 return bsec_read_lock(base + BSEC_SPLOCK_OFF, otp);
165 }
166
167 /**
168 * bsec_SW_lock() - manage SW lock (Write in Shadow)
169 * @base: base address of bsec IP
170 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
171 * Return: true if locked else false
172 */
bsec_read_SW_lock(u32 base,u32 otp)173 static bool bsec_read_SW_lock(u32 base, u32 otp)
174 {
175 return bsec_read_lock(base + BSEC_SWLOCK_OFF, otp);
176 }
177
178 /**
179 * bsec_power_safmem() - Activate or deactivate safmem power
180 * @base: base address of bsec IP
181 * @power: true to power up , false to power down
182 * Return: 0 if succeed
183 */
bsec_power_safmem(u32 base,bool power)184 static int bsec_power_safmem(u32 base, bool power)
185 {
186 u32 val;
187 u32 mask;
188
189 if (power) {
190 setbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
191 mask = BSEC_MODE_PWR_MASK;
192 } else {
193 clrbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
194 mask = 0;
195 }
196
197 /* waiting loop */
198 return readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
199 val, (val & BSEC_MODE_PWR_MASK) == mask,
200 BSEC_TIMEOUT_US);
201 }
202
203 /**
204 * bsec_shadow_register() - copy safmen otp to bsec data
205 * @dev: bsec IP device
206 * @base: base address of bsec IP
207 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
208 * Return: 0 if no error
209 */
bsec_shadow_register(struct udevice * dev,u32 base,u32 otp)210 static int bsec_shadow_register(struct udevice *dev, u32 base, u32 otp)
211 {
212 u32 val;
213 int ret;
214 bool power_up = false;
215
216 /* check if shadowing of otp is locked */
217 if (bsec_read_SR_lock(base, otp))
218 dev_dbg(dev, "OTP %d is locked and refreshed with 0\n",
219 otp);
220
221 /* check if safemem is power up */
222 val = readl(base + BSEC_OTP_STATUS_OFF);
223 if (!(val & BSEC_MODE_PWR_MASK)) {
224 ret = bsec_power_safmem(base, true);
225 if (ret)
226 return ret;
227 power_up = true;
228 }
229 /* set BSEC_OTP_CTRL_OFF with the otp value*/
230 writel(otp | BSEC_READ, base + BSEC_OTP_CTRL_OFF);
231
232 /* check otp status*/
233 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
234 val, (val & BSEC_MODE_BUSY_MASK) == 0,
235 BSEC_TIMEOUT_US);
236 if (ret)
237 return ret;
238
239 ret = bsec_check_error(base, otp);
240
241 if (power_up)
242 bsec_power_safmem(base, false);
243
244 return ret;
245 }
246
247 /**
248 * bsec_read_shadow() - read an otp data value from shadow
249 * @dev: bsec IP device
250 * @base: base address of bsec IP
251 * @val: read value
252 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
253 * Return: 0 if no error
254 */
bsec_read_shadow(struct udevice * dev,u32 base,u32 * val,u32 otp)255 static int bsec_read_shadow(struct udevice *dev, u32 base, u32 *val, u32 otp)
256 {
257 *val = readl(base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
258
259 return bsec_check_error(base, otp);
260 }
261
262 /**
263 * bsec_write_shadow() - write value in BSEC data register in shadow
264 * @dev: bsec IP device
265 * @base: base address of bsec IP
266 * @val: value to write
267 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
268 * Return: 0 if no error
269 */
bsec_write_shadow(struct udevice * dev,u32 base,u32 val,u32 otp)270 static int bsec_write_shadow(struct udevice *dev, u32 base, u32 val, u32 otp)
271 {
272 /* check if programming of otp is locked */
273 if (bsec_read_SW_lock(base, otp))
274 dev_dbg(dev, "OTP %d is lock, write will be ignore\n", otp);
275
276 writel(val, base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
277
278 return bsec_check_error(base, otp);
279 }
280
281 /**
282 * bsec_program_otp() - program a bit in SAFMEM
283 * @dev: bsec IP device
284 * @base: base address of bsec IP
285 * @val: value to program
286 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
287 * after the function the otp data is not refreshed in shadow
288 * Return: 0 if no error
289 */
bsec_program_otp(struct udevice * dev,long base,u32 val,u32 otp)290 static int bsec_program_otp(struct udevice *dev, long base, u32 val, u32 otp)
291 {
292 u32 ret;
293 bool power_up = false;
294
295 if (bsec_read_SP_lock(base, otp))
296 dev_dbg(dev, "OTP %d locked, prog will be ignore\n", otp);
297
298 if (readl(base + BSEC_OTP_LOCK_OFF) & (1 << BSEC_LOCK_PROGRAM))
299 dev_dbg(dev, "Global lock, prog will be ignore\n");
300
301 /* check if safemem is power up */
302 if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
303 ret = bsec_power_safmem(base, true);
304 if (ret)
305 return ret;
306
307 power_up = true;
308 }
309 /* set value in write register*/
310 writel(val, base + BSEC_OTP_WRDATA_OFF);
311
312 /* set BSEC_OTP_CTRL_OFF with the otp value */
313 writel(otp | BSEC_WRITE, base + BSEC_OTP_CTRL_OFF);
314
315 /* check otp status*/
316 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
317 val, (val & BSEC_MODE_BUSY_MASK) == 0,
318 BSEC_TIMEOUT_US);
319 if (ret)
320 return ret;
321
322 if (val & BSEC_MODE_PROGFAIL_MASK)
323 ret = -EACCES;
324 else
325 ret = bsec_check_error(base, otp);
326
327 if (power_up)
328 bsec_power_safmem(base, false);
329
330 return ret;
331 }
332
333 /**
334 * bsec_permanent_lock_otp() - permanent lock of OTP in SAFMEM
335 * @dev: bsec IP device
336 * @base: base address of bsec IP
337 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
338 * Return: 0 if no error
339 */
bsec_permanent_lock_otp(struct udevice * dev,long base,uint32_t otp)340 static int bsec_permanent_lock_otp(struct udevice *dev, long base, uint32_t otp)
341 {
342 int ret;
343 bool power_up = false;
344 u32 val, addr;
345
346 /* check if safemem is power up */
347 if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
348 ret = bsec_power_safmem(base, true);
349 if (ret)
350 return ret;
351
352 power_up = true;
353 }
354
355 /*
356 * low OTPs = 2 bits word for low OTPs, 1 bits per word for upper OTP
357 * and only 16 bits used in WRDATA
358 */
359 if (otp < BSEC_OTP_UPPER_START) {
360 addr = otp / 8;
361 val = 0x03 << ((otp * 2) & 0xF);
362 } else {
363 addr = BSEC_OTP_UPPER_START / 8 +
364 ((otp - BSEC_OTP_UPPER_START) / 16);
365 val = 0x01 << (otp & 0xF);
366 }
367
368 /* set value in write register*/
369 writel(val, base + BSEC_OTP_WRDATA_OFF);
370
371 /* set BSEC_OTP_CTRL_OFF with the otp addr and lock request*/
372 writel(addr | BSEC_WRITE | BSEC_LOCK, base + BSEC_OTP_CTRL_OFF);
373
374 /* check otp status*/
375 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
376 val, (val & BSEC_MODE_BUSY_MASK) == 0,
377 BSEC_TIMEOUT_US);
378 if (ret)
379 return ret;
380
381 if (val & BSEC_MODE_PROGFAIL_MASK)
382 ret = -EACCES;
383 else
384 ret = bsec_check_error(base, otp);
385
386 if (power_up)
387 bsec_power_safmem(base, false);
388
389 return ret;
390 }
391
392 /* BSEC MISC driver *******************************************************/
393 struct stm32mp_bsec_plat {
394 u32 base;
395 };
396
397 struct stm32mp_bsec_priv {
398 struct udevice *tee;
399 };
400
stm32mp_bsec_read_otp(struct udevice * dev,u32 * val,u32 otp)401 static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp)
402 {
403 struct stm32mp_bsec_plat *plat;
404 u32 tmp_data = 0;
405 int ret;
406
407 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
408 return stm32_smc(STM32_SMC_BSEC,
409 STM32_SMC_READ_OTP,
410 otp, 0, val);
411
412 plat = dev_get_plat(dev);
413
414 /* read current shadow value */
415 ret = bsec_read_shadow(dev, plat->base, &tmp_data, otp);
416 if (ret)
417 return ret;
418
419 /* copy otp in shadow */
420 ret = bsec_shadow_register(dev, plat->base, otp);
421 if (ret)
422 return ret;
423
424 ret = bsec_read_shadow(dev, plat->base, val, otp);
425 if (ret)
426 return ret;
427
428 /* restore shadow value */
429 ret = bsec_write_shadow(dev, plat->base, tmp_data, otp);
430
431 return ret;
432 }
433
stm32mp_bsec_read_shadow(struct udevice * dev,u32 * val,u32 otp)434 static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp)
435 {
436 struct stm32mp_bsec_plat *plat;
437
438 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
439 return stm32_smc(STM32_SMC_BSEC,
440 STM32_SMC_READ_SHADOW,
441 otp, 0, val);
442
443 plat = dev_get_plat(dev);
444
445 return bsec_read_shadow(dev, plat->base, val, otp);
446 }
447
stm32mp_bsec_read_lock(struct udevice * dev,u32 * val,u32 otp)448 static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp)
449 {
450 struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
451 u32 wrlock;
452
453 /* return OTP permanent write lock status */
454 wrlock = bsec_read_lock(plat->base + BSEC_WRLOCK_OFF, otp);
455
456 *val = 0;
457 if (wrlock)
458 *val = BSEC_LOCK_PERM;
459
460 return 0;
461 }
462
stm32mp_bsec_write_otp(struct udevice * dev,u32 val,u32 otp)463 static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
464 {
465 struct stm32mp_bsec_plat *plat;
466
467 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
468 return stm32_smc_exec(STM32_SMC_BSEC,
469 STM32_SMC_PROG_OTP,
470 otp, val);
471
472 plat = dev_get_plat(dev);
473
474 return bsec_program_otp(dev, plat->base, val, otp);
475
476 }
477
stm32mp_bsec_write_shadow(struct udevice * dev,u32 val,u32 otp)478 static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp)
479 {
480 struct stm32mp_bsec_plat *plat;
481
482 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
483 return stm32_smc_exec(STM32_SMC_BSEC,
484 STM32_SMC_WRITE_SHADOW,
485 otp, val);
486
487 plat = dev_get_plat(dev);
488
489 return bsec_write_shadow(dev, plat->base, val, otp);
490 }
491
stm32mp_bsec_write_lock(struct udevice * dev,u32 val,u32 otp)492 static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
493 {
494 struct stm32mp_bsec_plat *plat;
495
496 /* only permanent write lock is supported in U-Boot */
497 if (!(val & BSEC_LOCK_PERM)) {
498 dev_dbg(dev, "lock option without BSEC_LOCK_PERM: %x\n", val);
499 return 0; /* nothing to do */
500 }
501
502 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
503 return stm32_smc_exec(STM32_SMC_BSEC,
504 STM32_SMC_WRLOCK_OTP,
505 otp, 0);
506
507 plat = dev_get_plat(dev);
508
509 return bsec_permanent_lock_otp(dev, plat->base, otp);
510 }
511
bsec_pta_open_session(struct udevice * tee,u32 * tee_session)512 static int bsec_pta_open_session(struct udevice *tee, u32 *tee_session)
513 {
514 const struct tee_optee_ta_uuid uuid = PTA_BSEC_UUID;
515 struct tee_open_session_arg arg;
516 int rc;
517
518 memset(&arg, 0, sizeof(arg));
519 tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
520 arg.clnt_login = TEE_LOGIN_REE_KERNEL;
521 rc = tee_open_session(tee, &arg, 0, NULL);
522 if (rc < 0)
523 return -ENODEV;
524
525 *tee_session = arg.session;
526
527 return 0;
528 }
529
bsec_optee_open(struct udevice * dev)530 static int bsec_optee_open(struct udevice *dev)
531 {
532 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
533 struct udevice *tee;
534 u32 tee_session;
535 int rc;
536
537 tee = tee_find_device(NULL, NULL, NULL, NULL);
538 if (!tee)
539 return -ENODEV;
540
541 /* try to open the STM32 BSEC TA */
542 rc = bsec_pta_open_session(tee, &tee_session);
543 if (rc)
544 return rc;
545
546 tee_close_session(tee, tee_session);
547
548 priv->tee = tee;
549
550 return 0;
551 }
552
bsec_optee_pta(struct udevice * dev,int cmd,int type,int offset,void * buff,ulong size)553 static int bsec_optee_pta(struct udevice *dev, int cmd, int type, int offset,
554 void *buff, ulong size)
555 {
556 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
557 u32 tee_session;
558 struct tee_invoke_arg arg;
559 struct tee_param param[2];
560 struct tee_shm *fw_shm;
561 int rc;
562
563 rc = bsec_pta_open_session(priv->tee, &tee_session);
564 if (rc)
565 return rc;
566
567 rc = tee_shm_register(priv->tee, buff, size, 0, &fw_shm);
568 if (rc)
569 goto close_session;
570
571 memset(&arg, 0, sizeof(arg));
572 arg.func = cmd;
573 arg.session = tee_session;
574
575 memset(param, 0, sizeof(param));
576
577 param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT;
578 param[0].u.value.a = offset;
579 param[0].u.value.b = type;
580
581 if (cmd == PTA_BSEC_WRITE_MEM)
582 param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
583 else
584 param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
585
586 param[1].u.memref.shm = fw_shm;
587 param[1].u.memref.size = size;
588
589 rc = tee_invoke_func(priv->tee, &arg, 2, param);
590 if (rc < 0 || arg.ret != 0) {
591 dev_err(priv->tee,
592 "PTA_BSEC invoke failed TEE err: %x, err:%x\n",
593 arg.ret, rc);
594 if (!rc)
595 rc = -EIO;
596 }
597
598 tee_shm_free(fw_shm);
599
600 close_session:
601 tee_close_session(priv->tee, tee_session);
602
603 return rc;
604 }
605
stm32mp_bsec_read(struct udevice * dev,int offset,void * buf,int size)606 static int stm32mp_bsec_read(struct udevice *dev, int offset,
607 void *buf, int size)
608 {
609 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
610 int ret;
611 int i;
612 bool shadow = true, lock = false;
613 int nb_otp = size / sizeof(u32);
614 int otp, cmd;
615 unsigned int offs = offset;
616
617 if (offs >= STM32_BSEC_LOCK_OFFSET) {
618 offs -= STM32_BSEC_LOCK_OFFSET;
619 lock = true;
620 } else if (offs >= STM32_BSEC_OTP_OFFSET) {
621 offs -= STM32_BSEC_OTP_OFFSET;
622 shadow = false;
623 }
624
625 if ((offs % 4) || (size % 4))
626 return -EINVAL;
627
628 if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
629 cmd = FUSE_ACCESS;
630 if (shadow)
631 cmd = SHADOW_ACCESS;
632 if (lock)
633 cmd = LOCK_ACCESS;
634 ret = bsec_optee_pta(dev, PTA_BSEC_READ_MEM, cmd, offs, buf, size);
635 if (ret)
636 return ret;
637
638 return size;
639 }
640
641 otp = offs / sizeof(u32);
642
643 for (i = otp; i < (otp + nb_otp) && i <= BSEC_OTP_MAX_VALUE; i++) {
644 u32 *addr = &((u32 *)buf)[i - otp];
645
646 if (lock)
647 ret = stm32mp_bsec_read_lock(dev, addr, i);
648 else if (shadow)
649 ret = stm32mp_bsec_read_shadow(dev, addr, i);
650 else
651 ret = stm32mp_bsec_read_otp(dev, addr, i);
652
653 if (ret)
654 break;
655 }
656 if (ret)
657 return ret;
658 else
659 return (i - otp) * 4;
660 }
661
stm32mp_bsec_write(struct udevice * dev,int offset,const void * buf,int size)662 static int stm32mp_bsec_write(struct udevice *dev, int offset,
663 const void *buf, int size)
664 {
665 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
666 int ret = 0;
667 int i;
668 bool shadow = true, lock = false;
669 int nb_otp = size / sizeof(u32);
670 int otp, cmd;
671 unsigned int offs = offset;
672
673 if (offs >= STM32_BSEC_LOCK_OFFSET) {
674 offs -= STM32_BSEC_LOCK_OFFSET;
675 lock = true;
676 } else if (offs >= STM32_BSEC_OTP_OFFSET) {
677 offs -= STM32_BSEC_OTP_OFFSET;
678 shadow = false;
679 }
680
681 if ((offs % 4) || (size % 4))
682 return -EINVAL;
683
684 if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
685 cmd = FUSE_ACCESS;
686 if (shadow)
687 cmd = SHADOW_ACCESS;
688 if (lock)
689 cmd = LOCK_ACCESS;
690 ret = bsec_optee_pta(dev, PTA_BSEC_WRITE_MEM, cmd, offs, (void *)buf, size);
691 if (ret)
692 return ret;
693
694 return size;
695 }
696
697 otp = offs / sizeof(u32);
698
699 for (i = otp; i < otp + nb_otp && i <= BSEC_OTP_MAX_VALUE; i++) {
700 u32 *val = &((u32 *)buf)[i - otp];
701
702 if (lock)
703 ret = stm32mp_bsec_write_lock(dev, *val, i);
704 else if (shadow)
705 ret = stm32mp_bsec_write_shadow(dev, *val, i);
706 else
707 ret = stm32mp_bsec_write_otp(dev, *val, i);
708 if (ret)
709 break;
710 }
711 if (ret)
712 return ret;
713 else
714 return (i - otp) * 4;
715 }
716
717 static const struct misc_ops stm32mp_bsec_ops = {
718 .read = stm32mp_bsec_read,
719 .write = stm32mp_bsec_write,
720 };
721
stm32mp_bsec_of_to_plat(struct udevice * dev)722 static int stm32mp_bsec_of_to_plat(struct udevice *dev)
723 {
724 struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
725
726 plat->base = (u32)dev_read_addr_ptr(dev);
727
728 return 0;
729 }
730
stm32mp_bsec_probe(struct udevice * dev)731 static int stm32mp_bsec_probe(struct udevice *dev)
732 {
733 int otp;
734 struct stm32mp_bsec_plat *plat;
735 struct clk_bulk clk_bulk;
736 int ret;
737
738 ret = clk_get_bulk(dev, &clk_bulk);
739 if (!ret) {
740 ret = clk_enable_bulk(&clk_bulk);
741 if (ret)
742 return ret;
743 }
744
745 if (IS_ENABLED(CONFIG_OPTEE))
746 bsec_optee_open(dev);
747
748 /*
749 * update unlocked shadow for OTP cleared by the rom code
750 * only executed in SPL, it is done in TF-A for TFABOOT
751 */
752 if (IS_ENABLED(CONFIG_SPL_BUILD)) {
753 plat = dev_get_plat(dev);
754
755 for (otp = 57; otp <= BSEC_OTP_MAX_VALUE; otp++)
756 if (!bsec_read_SR_lock(plat->base, otp))
757 bsec_shadow_register(dev, plat->base, otp);
758 }
759
760 return 0;
761 }
762
763 static const struct udevice_id stm32mp_bsec_ids[] = {
764 { .compatible = "st,stm32mp13-bsec" },
765 { .compatible = "st,stm32mp15-bsec" },
766 {}
767 };
768
769 U_BOOT_DRIVER(stm32mp_bsec) = {
770 .name = "stm32mp_bsec",
771 .id = UCLASS_MISC,
772 .of_match = stm32mp_bsec_ids,
773 .of_to_plat = stm32mp_bsec_of_to_plat,
774 .plat_auto = sizeof(struct stm32mp_bsec_plat),
775 .priv_auto = sizeof(struct stm32mp_bsec_priv),
776 .ops = &stm32mp_bsec_ops,
777 .probe = stm32mp_bsec_probe,
778 };
779
bsec_dbgswenable(void)780 bool bsec_dbgswenable(void)
781 {
782 struct udevice *dev;
783 struct stm32mp_bsec_plat *plat;
784 int ret;
785
786 ret = uclass_get_device_by_driver(UCLASS_MISC,
787 DM_DRIVER_GET(stm32mp_bsec), &dev);
788 if (ret || !dev) {
789 log_debug("bsec driver not available\n");
790 return false;
791 }
792
793 plat = dev_get_plat(dev);
794 if (readl(plat->base + BSEC_DENABLE_OFF) & BSEC_DENABLE_DBGSWENABLE)
795 return true;
796
797 return false;
798 }
799
get_otp(int index,int shift,int mask)800 u32 get_otp(int index, int shift, int mask)
801 {
802 int ret;
803 struct udevice *dev;
804 u32 otp = 0;
805
806 ret = uclass_get_device_by_driver(UCLASS_MISC,
807 DM_DRIVER_GET(stm32mp_bsec),
808 &dev);
809
810 if (!ret)
811 ret = misc_read(dev, STM32_BSEC_SHADOW(index),
812 &otp, sizeof(otp));
813
814 return (otp >> shift) & mask;
815 }
816