mirror of
https://source.denx.de/u-boot/u-boot.git
synced 2025-11-04 10:21:25 +01:00
7b802e1acf
Add a protection in misc bsec ops for request with null size. For example OP-TEE error occurs when get_eth_nb() return 0 in setup_mac_address() for unknown part number because U-Boot read 0 OTPs. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
816 lines
19 KiB
C
816 lines
19 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2018, STMicroelectronics - All Rights Reserved
|
|
*/
|
|
|
|
#define LOG_CATEGORY UCLASS_MISC
|
|
|
|
#include <common.h>
|
|
#include <clk.h>
|
|
#include <dm.h>
|
|
#include <log.h>
|
|
#include <misc.h>
|
|
#include <tee.h>
|
|
#include <asm/io.h>
|
|
#include <asm/arch/bsec.h>
|
|
#include <asm/arch/stm32mp1_smc.h>
|
|
#include <dm/device.h>
|
|
#include <dm/device_compat.h>
|
|
#include <linux/arm-smccc.h>
|
|
#include <linux/iopoll.h>
|
|
|
|
#define BSEC_OTP_MAX_VALUE 95
|
|
#define BSEC_OTP_UPPER_START 32
|
|
#define BSEC_TIMEOUT_US 10000
|
|
|
|
/* BSEC REGISTER OFFSET (base relative) */
|
|
#define BSEC_OTP_CONF_OFF 0x000
|
|
#define BSEC_OTP_CTRL_OFF 0x004
|
|
#define BSEC_OTP_WRDATA_OFF 0x008
|
|
#define BSEC_OTP_STATUS_OFF 0x00C
|
|
#define BSEC_OTP_LOCK_OFF 0x010
|
|
#define BSEC_DENABLE_OFF 0x014
|
|
#define BSEC_DISTURBED_OFF 0x01C
|
|
#define BSEC_ERROR_OFF 0x034
|
|
#define BSEC_WRLOCK_OFF 0x04C /* OTP write permananet lock */
|
|
#define BSEC_SPLOCK_OFF 0x064 /* OTP write sticky lock */
|
|
#define BSEC_SWLOCK_OFF 0x07C /* shadow write sticky lock */
|
|
#define BSEC_SRLOCK_OFF 0x094 /* shadow read sticky lock */
|
|
#define BSEC_OTP_DATA_OFF 0x200
|
|
|
|
/* BSEC_CONFIGURATION Register MASK */
|
|
#define BSEC_CONF_POWER_UP 0x001
|
|
|
|
/* BSEC_CONTROL Register */
|
|
#define BSEC_READ 0x000
|
|
#define BSEC_WRITE 0x100
|
|
#define BSEC_LOCK 0x200
|
|
|
|
/* LOCK Register */
|
|
#define OTP_LOCK_MASK 0x1F
|
|
#define OTP_LOCK_BANK_SHIFT 0x05
|
|
#define OTP_LOCK_BIT_MASK 0x01
|
|
|
|
/* STATUS Register */
|
|
#define BSEC_MODE_BUSY_MASK 0x08
|
|
#define BSEC_MODE_PROGFAIL_MASK 0x10
|
|
#define BSEC_MODE_PWR_MASK 0x20
|
|
|
|
/* DENABLE Register */
|
|
#define BSEC_DENABLE_DBGSWENABLE BIT(10)
|
|
|
|
/*
|
|
* OTP Lock services definition
|
|
* Value must corresponding to the bit number in the register
|
|
*/
|
|
#define BSEC_LOCK_PROGRAM 0x04
|
|
|
|
#define PTA_BSEC_UUID { 0x94cf71ad, 0x80e6, 0x40b5, \
|
|
{ 0xa7, 0xc6, 0x3d, 0xc5, 0x01, 0xeb, 0x28, 0x03 } }
|
|
|
|
/*
|
|
* Read OTP memory
|
|
*
|
|
* [in] value[0].a OTP start offset in byte
|
|
* [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
|
|
* [out] memref[1].buffer Output buffer to store read values
|
|
* [out] memref[1].size Size of OTP to be read
|
|
*
|
|
* Return codes:
|
|
* TEE_SUCCESS - Invoke command success
|
|
* TEE_ERROR_BAD_PARAMETERS - Incorrect input param
|
|
* TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
|
|
*/
|
|
#define PTA_BSEC_READ_MEM 0x0
|
|
|
|
/*
|
|
* Write OTP memory
|
|
*
|
|
* [in] value[0].a OTP start offset in byte
|
|
* [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
|
|
* [in] memref[1].buffer Input buffer to read values
|
|
* [in] memref[1].size Size of OTP to be written
|
|
*
|
|
* Return codes:
|
|
* TEE_SUCCESS - Invoke command success
|
|
* TEE_ERROR_BAD_PARAMETERS - Incorrect input param
|
|
* TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
|
|
*/
|
|
#define PTA_BSEC_WRITE_MEM 0x1
|
|
|
|
/* value of PTA_BSEC access type = value[in] b */
|
|
#define SHADOW_ACCESS 0
|
|
#define FUSE_ACCESS 1
|
|
#define LOCK_ACCESS 2
|
|
|
|
/**
|
|
* bsec_lock() - manage lock for each type SR/SP/SW
|
|
* @address: address of bsec IP register
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: true if locked else false
|
|
*/
|
|
static bool bsec_read_lock(u32 address, u32 otp)
|
|
{
|
|
u32 bit;
|
|
u32 bank;
|
|
|
|
bit = 1 << (otp & OTP_LOCK_MASK);
|
|
bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
|
|
|
|
return !!(readl(address + bank) & bit);
|
|
}
|
|
|
|
/**
|
|
* bsec_check_error() - Check status of one otp
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: 0 if no error, -EAGAIN or -ENOTSUPP
|
|
*/
|
|
static u32 bsec_check_error(u32 base, u32 otp)
|
|
{
|
|
u32 bit;
|
|
u32 bank;
|
|
|
|
bit = 1 << (otp & OTP_LOCK_MASK);
|
|
bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
|
|
|
|
if (readl(base + BSEC_DISTURBED_OFF + bank) & bit)
|
|
return -EAGAIN;
|
|
else if (readl(base + BSEC_ERROR_OFF + bank) & bit)
|
|
return -ENOTSUPP;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* bsec_read_SR_lock() - read SR lock (Shadowing)
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: true if locked else false
|
|
*/
|
|
static bool bsec_read_SR_lock(u32 base, u32 otp)
|
|
{
|
|
return bsec_read_lock(base + BSEC_SRLOCK_OFF, otp);
|
|
}
|
|
|
|
/**
|
|
* bsec_read_SP_lock() - read SP lock (program Lock)
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: true if locked else false
|
|
*/
|
|
static bool bsec_read_SP_lock(u32 base, u32 otp)
|
|
{
|
|
return bsec_read_lock(base + BSEC_SPLOCK_OFF, otp);
|
|
}
|
|
|
|
/**
|
|
* bsec_SW_lock() - manage SW lock (Write in Shadow)
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: true if locked else false
|
|
*/
|
|
static bool bsec_read_SW_lock(u32 base, u32 otp)
|
|
{
|
|
return bsec_read_lock(base + BSEC_SWLOCK_OFF, otp);
|
|
}
|
|
|
|
/**
|
|
* bsec_power_safmem() - Activate or deactivate safmem power
|
|
* @base: base address of bsec IP
|
|
* @power: true to power up , false to power down
|
|
* Return: 0 if succeed
|
|
*/
|
|
static int bsec_power_safmem(u32 base, bool power)
|
|
{
|
|
u32 val;
|
|
u32 mask;
|
|
|
|
if (power) {
|
|
setbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
|
|
mask = BSEC_MODE_PWR_MASK;
|
|
} else {
|
|
clrbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
|
|
mask = 0;
|
|
}
|
|
|
|
/* waiting loop */
|
|
return readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
|
|
val, (val & BSEC_MODE_PWR_MASK) == mask,
|
|
BSEC_TIMEOUT_US);
|
|
}
|
|
|
|
/**
|
|
* bsec_shadow_register() - copy safmen otp to bsec data
|
|
* @dev: bsec IP device
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: 0 if no error
|
|
*/
|
|
static int bsec_shadow_register(struct udevice *dev, u32 base, u32 otp)
|
|
{
|
|
u32 val;
|
|
int ret;
|
|
bool power_up = false;
|
|
|
|
/* check if shadowing of otp is locked */
|
|
if (bsec_read_SR_lock(base, otp))
|
|
dev_dbg(dev, "OTP %d is locked and refreshed with 0\n",
|
|
otp);
|
|
|
|
/* check if safemem is power up */
|
|
val = readl(base + BSEC_OTP_STATUS_OFF);
|
|
if (!(val & BSEC_MODE_PWR_MASK)) {
|
|
ret = bsec_power_safmem(base, true);
|
|
if (ret)
|
|
return ret;
|
|
power_up = true;
|
|
}
|
|
/* set BSEC_OTP_CTRL_OFF with the otp value*/
|
|
writel(otp | BSEC_READ, base + BSEC_OTP_CTRL_OFF);
|
|
|
|
/* check otp status*/
|
|
ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
|
|
val, (val & BSEC_MODE_BUSY_MASK) == 0,
|
|
BSEC_TIMEOUT_US);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = bsec_check_error(base, otp);
|
|
|
|
if (power_up)
|
|
bsec_power_safmem(base, false);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* bsec_read_shadow() - read an otp data value from shadow
|
|
* @dev: bsec IP device
|
|
* @base: base address of bsec IP
|
|
* @val: read value
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: 0 if no error
|
|
*/
|
|
static int bsec_read_shadow(struct udevice *dev, u32 base, u32 *val, u32 otp)
|
|
{
|
|
*val = readl(base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
|
|
|
|
return bsec_check_error(base, otp);
|
|
}
|
|
|
|
/**
|
|
* bsec_write_shadow() - write value in BSEC data register in shadow
|
|
* @dev: bsec IP device
|
|
* @base: base address of bsec IP
|
|
* @val: value to write
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: 0 if no error
|
|
*/
|
|
static int bsec_write_shadow(struct udevice *dev, u32 base, u32 val, u32 otp)
|
|
{
|
|
/* check if programming of otp is locked */
|
|
if (bsec_read_SW_lock(base, otp))
|
|
dev_dbg(dev, "OTP %d is lock, write will be ignore\n", otp);
|
|
|
|
writel(val, base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
|
|
|
|
return bsec_check_error(base, otp);
|
|
}
|
|
|
|
/**
|
|
* bsec_program_otp() - program a bit in SAFMEM
|
|
* @dev: bsec IP device
|
|
* @base: base address of bsec IP
|
|
* @val: value to program
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* after the function the otp data is not refreshed in shadow
|
|
* Return: 0 if no error
|
|
*/
|
|
static int bsec_program_otp(struct udevice *dev, long base, u32 val, u32 otp)
|
|
{
|
|
u32 ret;
|
|
bool power_up = false;
|
|
|
|
if (bsec_read_SP_lock(base, otp))
|
|
dev_dbg(dev, "OTP %d locked, prog will be ignore\n", otp);
|
|
|
|
if (readl(base + BSEC_OTP_LOCK_OFF) & (1 << BSEC_LOCK_PROGRAM))
|
|
dev_dbg(dev, "Global lock, prog will be ignore\n");
|
|
|
|
/* check if safemem is power up */
|
|
if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
|
|
ret = bsec_power_safmem(base, true);
|
|
if (ret)
|
|
return ret;
|
|
|
|
power_up = true;
|
|
}
|
|
/* set value in write register*/
|
|
writel(val, base + BSEC_OTP_WRDATA_OFF);
|
|
|
|
/* set BSEC_OTP_CTRL_OFF with the otp value */
|
|
writel(otp | BSEC_WRITE, base + BSEC_OTP_CTRL_OFF);
|
|
|
|
/* check otp status*/
|
|
ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
|
|
val, (val & BSEC_MODE_BUSY_MASK) == 0,
|
|
BSEC_TIMEOUT_US);
|
|
if (ret)
|
|
return ret;
|
|
|
|
if (val & BSEC_MODE_PROGFAIL_MASK)
|
|
ret = -EACCES;
|
|
else
|
|
ret = bsec_check_error(base, otp);
|
|
|
|
if (power_up)
|
|
bsec_power_safmem(base, false);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* bsec_permanent_lock_otp() - permanent lock of OTP in SAFMEM
|
|
* @dev: bsec IP device
|
|
* @base: base address of bsec IP
|
|
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
|
|
* Return: 0 if no error
|
|
*/
|
|
static int bsec_permanent_lock_otp(struct udevice *dev, long base, uint32_t otp)
|
|
{
|
|
int ret;
|
|
bool power_up = false;
|
|
u32 val, addr;
|
|
|
|
/* check if safemem is power up */
|
|
if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
|
|
ret = bsec_power_safmem(base, true);
|
|
if (ret)
|
|
return ret;
|
|
|
|
power_up = true;
|
|
}
|
|
|
|
/*
|
|
* low OTPs = 2 bits word for low OTPs, 1 bits per word for upper OTP
|
|
* and only 16 bits used in WRDATA
|
|
*/
|
|
if (otp < BSEC_OTP_UPPER_START) {
|
|
addr = otp / 8;
|
|
val = 0x03 << ((otp * 2) & 0xF);
|
|
} else {
|
|
addr = BSEC_OTP_UPPER_START / 8 +
|
|
((otp - BSEC_OTP_UPPER_START) / 16);
|
|
val = 0x01 << (otp & 0xF);
|
|
}
|
|
|
|
/* set value in write register*/
|
|
writel(val, base + BSEC_OTP_WRDATA_OFF);
|
|
|
|
/* set BSEC_OTP_CTRL_OFF with the otp addr and lock request*/
|
|
writel(addr | BSEC_WRITE | BSEC_LOCK, base + BSEC_OTP_CTRL_OFF);
|
|
|
|
/* check otp status*/
|
|
ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
|
|
val, (val & BSEC_MODE_BUSY_MASK) == 0,
|
|
BSEC_TIMEOUT_US);
|
|
if (ret)
|
|
return ret;
|
|
|
|
if (val & BSEC_MODE_PROGFAIL_MASK)
|
|
ret = -EACCES;
|
|
else
|
|
ret = bsec_check_error(base, otp);
|
|
|
|
if (power_up)
|
|
bsec_power_safmem(base, false);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* BSEC MISC driver *******************************************************/
|
|
struct stm32mp_bsec_plat {
|
|
u32 base;
|
|
};
|
|
|
|
struct stm32mp_bsec_priv {
|
|
struct udevice *tee;
|
|
};
|
|
|
|
static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat;
|
|
u32 tmp_data = 0;
|
|
int ret;
|
|
|
|
if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
|
|
return stm32_smc(STM32_SMC_BSEC,
|
|
STM32_SMC_READ_OTP,
|
|
otp, 0, val);
|
|
|
|
plat = dev_get_plat(dev);
|
|
|
|
/* read current shadow value */
|
|
ret = bsec_read_shadow(dev, plat->base, &tmp_data, otp);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/* copy otp in shadow */
|
|
ret = bsec_shadow_register(dev, plat->base, otp);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = bsec_read_shadow(dev, plat->base, val, otp);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/* restore shadow value */
|
|
ret = bsec_write_shadow(dev, plat->base, tmp_data, otp);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat;
|
|
|
|
if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
|
|
return stm32_smc(STM32_SMC_BSEC,
|
|
STM32_SMC_READ_SHADOW,
|
|
otp, 0, val);
|
|
|
|
plat = dev_get_plat(dev);
|
|
|
|
return bsec_read_shadow(dev, plat->base, val, otp);
|
|
}
|
|
|
|
static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
|
|
u32 wrlock;
|
|
|
|
/* return OTP permanent write lock status */
|
|
wrlock = bsec_read_lock(plat->base + BSEC_WRLOCK_OFF, otp);
|
|
|
|
*val = 0;
|
|
if (wrlock)
|
|
*val = BSEC_LOCK_PERM;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat;
|
|
|
|
if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
|
|
return stm32_smc_exec(STM32_SMC_BSEC,
|
|
STM32_SMC_PROG_OTP,
|
|
otp, val);
|
|
|
|
plat = dev_get_plat(dev);
|
|
|
|
return bsec_program_otp(dev, plat->base, val, otp);
|
|
|
|
}
|
|
|
|
static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat;
|
|
|
|
if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
|
|
return stm32_smc_exec(STM32_SMC_BSEC,
|
|
STM32_SMC_WRITE_SHADOW,
|
|
otp, val);
|
|
|
|
plat = dev_get_plat(dev);
|
|
|
|
return bsec_write_shadow(dev, plat->base, val, otp);
|
|
}
|
|
|
|
static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
|
|
{
|
|
struct stm32mp_bsec_plat *plat;
|
|
|
|
/* only permanent write lock is supported in U-Boot */
|
|
if (!(val & BSEC_LOCK_PERM)) {
|
|
dev_dbg(dev, "lock option without BSEC_LOCK_PERM: %x\n", val);
|
|
return 0; /* nothing to do */
|
|
}
|
|
|
|
if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
|
|
return stm32_smc_exec(STM32_SMC_BSEC,
|
|
STM32_SMC_WRLOCK_OTP,
|
|
otp, 0);
|
|
|
|
plat = dev_get_plat(dev);
|
|
|
|
return bsec_permanent_lock_otp(dev, plat->base, otp);
|
|
}
|
|
|
|
static int bsec_pta_open_session(struct udevice *tee, u32 *tee_session)
|
|
{
|
|
const struct tee_optee_ta_uuid uuid = PTA_BSEC_UUID;
|
|
struct tee_open_session_arg arg;
|
|
int rc;
|
|
|
|
memset(&arg, 0, sizeof(arg));
|
|
tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
|
|
arg.clnt_login = TEE_LOGIN_REE_KERNEL;
|
|
rc = tee_open_session(tee, &arg, 0, NULL);
|
|
if (rc < 0)
|
|
return -ENODEV;
|
|
|
|
*tee_session = arg.session;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int bsec_optee_open(struct udevice *dev)
|
|
{
|
|
struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
|
|
struct udevice *tee;
|
|
u32 tee_session;
|
|
int rc;
|
|
|
|
tee = tee_find_device(NULL, NULL, NULL, NULL);
|
|
if (!tee)
|
|
return -ENODEV;
|
|
|
|
/* try to open the STM32 BSEC TA */
|
|
rc = bsec_pta_open_session(tee, &tee_session);
|
|
if (rc)
|
|
return rc;
|
|
|
|
tee_close_session(tee, tee_session);
|
|
|
|
priv->tee = tee;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int bsec_optee_pta(struct udevice *dev, int cmd, int type, int offset,
|
|
void *buff, ulong size)
|
|
{
|
|
struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
|
|
u32 tee_session;
|
|
struct tee_invoke_arg arg;
|
|
struct tee_param param[2];
|
|
struct tee_shm *fw_shm;
|
|
int rc;
|
|
|
|
rc = bsec_pta_open_session(priv->tee, &tee_session);
|
|
if (rc)
|
|
return rc;
|
|
|
|
rc = tee_shm_register(priv->tee, buff, size, 0, &fw_shm);
|
|
if (rc)
|
|
goto close_session;
|
|
|
|
memset(&arg, 0, sizeof(arg));
|
|
arg.func = cmd;
|
|
arg.session = tee_session;
|
|
|
|
memset(param, 0, sizeof(param));
|
|
|
|
param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT;
|
|
param[0].u.value.a = offset;
|
|
param[0].u.value.b = type;
|
|
|
|
if (cmd == PTA_BSEC_WRITE_MEM)
|
|
param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
|
|
else
|
|
param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
|
|
|
|
param[1].u.memref.shm = fw_shm;
|
|
param[1].u.memref.size = size;
|
|
|
|
rc = tee_invoke_func(priv->tee, &arg, 2, param);
|
|
if (rc < 0 || arg.ret != 0) {
|
|
dev_err(priv->tee,
|
|
"PTA_BSEC invoke failed TEE err: %x, err:%x\n",
|
|
arg.ret, rc);
|
|
if (!rc)
|
|
rc = -EIO;
|
|
}
|
|
|
|
tee_shm_free(fw_shm);
|
|
|
|
close_session:
|
|
tee_close_session(priv->tee, tee_session);
|
|
|
|
return rc;
|
|
}
|
|
|
|
static int stm32mp_bsec_read(struct udevice *dev, int offset,
|
|
void *buf, int size)
|
|
{
|
|
struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
|
|
int ret;
|
|
int i;
|
|
bool shadow = true, lock = false;
|
|
int nb_otp = size / sizeof(u32);
|
|
int otp, cmd;
|
|
unsigned int offs = offset;
|
|
|
|
if (offs >= STM32_BSEC_LOCK_OFFSET) {
|
|
offs -= STM32_BSEC_LOCK_OFFSET;
|
|
lock = true;
|
|
} else if (offs >= STM32_BSEC_OTP_OFFSET) {
|
|
offs -= STM32_BSEC_OTP_OFFSET;
|
|
shadow = false;
|
|
}
|
|
|
|
if ((offs % 4) || (size % 4) || !size)
|
|
return -EINVAL;
|
|
|
|
if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
|
|
cmd = FUSE_ACCESS;
|
|
if (shadow)
|
|
cmd = SHADOW_ACCESS;
|
|
if (lock)
|
|
cmd = LOCK_ACCESS;
|
|
ret = bsec_optee_pta(dev, PTA_BSEC_READ_MEM, cmd, offs, buf, size);
|
|
if (ret)
|
|
return ret;
|
|
|
|
return size;
|
|
}
|
|
|
|
otp = offs / sizeof(u32);
|
|
|
|
for (i = otp; i < (otp + nb_otp) && i <= BSEC_OTP_MAX_VALUE; i++) {
|
|
u32 *addr = &((u32 *)buf)[i - otp];
|
|
|
|
if (lock)
|
|
ret = stm32mp_bsec_read_lock(dev, addr, i);
|
|
else if (shadow)
|
|
ret = stm32mp_bsec_read_shadow(dev, addr, i);
|
|
else
|
|
ret = stm32mp_bsec_read_otp(dev, addr, i);
|
|
|
|
if (ret)
|
|
break;
|
|
}
|
|
if (ret)
|
|
return ret;
|
|
else
|
|
return (i - otp) * 4;
|
|
}
|
|
|
|
static int stm32mp_bsec_write(struct udevice *dev, int offset,
|
|
const void *buf, int size)
|
|
{
|
|
struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
|
|
int ret = 0;
|
|
int i;
|
|
bool shadow = true, lock = false;
|
|
int nb_otp = size / sizeof(u32);
|
|
int otp, cmd;
|
|
unsigned int offs = offset;
|
|
|
|
if (offs >= STM32_BSEC_LOCK_OFFSET) {
|
|
offs -= STM32_BSEC_LOCK_OFFSET;
|
|
lock = true;
|
|
} else if (offs >= STM32_BSEC_OTP_OFFSET) {
|
|
offs -= STM32_BSEC_OTP_OFFSET;
|
|
shadow = false;
|
|
}
|
|
|
|
if ((offs % 4) || (size % 4) || !size)
|
|
return -EINVAL;
|
|
|
|
if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
|
|
cmd = FUSE_ACCESS;
|
|
if (shadow)
|
|
cmd = SHADOW_ACCESS;
|
|
if (lock)
|
|
cmd = LOCK_ACCESS;
|
|
ret = bsec_optee_pta(dev, PTA_BSEC_WRITE_MEM, cmd, offs, (void *)buf, size);
|
|
if (ret)
|
|
return ret;
|
|
|
|
return size;
|
|
}
|
|
|
|
otp = offs / sizeof(u32);
|
|
|
|
for (i = otp; i < otp + nb_otp && i <= BSEC_OTP_MAX_VALUE; i++) {
|
|
u32 *val = &((u32 *)buf)[i - otp];
|
|
|
|
if (lock)
|
|
ret = stm32mp_bsec_write_lock(dev, *val, i);
|
|
else if (shadow)
|
|
ret = stm32mp_bsec_write_shadow(dev, *val, i);
|
|
else
|
|
ret = stm32mp_bsec_write_otp(dev, *val, i);
|
|
if (ret)
|
|
break;
|
|
}
|
|
if (ret)
|
|
return ret;
|
|
else
|
|
return (i - otp) * 4;
|
|
}
|
|
|
|
static const struct misc_ops stm32mp_bsec_ops = {
|
|
.read = stm32mp_bsec_read,
|
|
.write = stm32mp_bsec_write,
|
|
};
|
|
|
|
static int stm32mp_bsec_of_to_plat(struct udevice *dev)
|
|
{
|
|
struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
|
|
|
|
plat->base = (u32)dev_read_addr_ptr(dev);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int stm32mp_bsec_probe(struct udevice *dev)
|
|
{
|
|
int otp;
|
|
struct stm32mp_bsec_plat *plat;
|
|
struct clk_bulk clk_bulk;
|
|
int ret;
|
|
|
|
ret = clk_get_bulk(dev, &clk_bulk);
|
|
if (!ret) {
|
|
ret = clk_enable_bulk(&clk_bulk);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
if (IS_ENABLED(CONFIG_OPTEE))
|
|
bsec_optee_open(dev);
|
|
|
|
/*
|
|
* update unlocked shadow for OTP cleared by the rom code
|
|
* only executed in SPL, it is done in TF-A for TFABOOT
|
|
*/
|
|
if (IS_ENABLED(CONFIG_SPL_BUILD)) {
|
|
plat = dev_get_plat(dev);
|
|
|
|
for (otp = 57; otp <= BSEC_OTP_MAX_VALUE; otp++)
|
|
if (!bsec_read_SR_lock(plat->base, otp))
|
|
bsec_shadow_register(dev, plat->base, otp);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static const struct udevice_id stm32mp_bsec_ids[] = {
|
|
{ .compatible = "st,stm32mp13-bsec" },
|
|
{ .compatible = "st,stm32mp15-bsec" },
|
|
{}
|
|
};
|
|
|
|
U_BOOT_DRIVER(stm32mp_bsec) = {
|
|
.name = "stm32mp_bsec",
|
|
.id = UCLASS_MISC,
|
|
.of_match = stm32mp_bsec_ids,
|
|
.of_to_plat = stm32mp_bsec_of_to_plat,
|
|
.plat_auto = sizeof(struct stm32mp_bsec_plat),
|
|
.priv_auto = sizeof(struct stm32mp_bsec_priv),
|
|
.ops = &stm32mp_bsec_ops,
|
|
.probe = stm32mp_bsec_probe,
|
|
};
|
|
|
|
bool bsec_dbgswenable(void)
|
|
{
|
|
struct udevice *dev;
|
|
struct stm32mp_bsec_plat *plat;
|
|
int ret;
|
|
|
|
ret = uclass_get_device_by_driver(UCLASS_MISC,
|
|
DM_DRIVER_GET(stm32mp_bsec), &dev);
|
|
if (ret || !dev) {
|
|
log_debug("bsec driver not available\n");
|
|
return false;
|
|
}
|
|
|
|
plat = dev_get_plat(dev);
|
|
if (readl(plat->base + BSEC_DENABLE_OFF) & BSEC_DENABLE_DBGSWENABLE)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
u32 get_otp(int index, int shift, int mask)
|
|
{
|
|
int ret;
|
|
struct udevice *dev;
|
|
u32 otp = 0;
|
|
|
|
ret = uclass_get_device_by_driver(UCLASS_MISC,
|
|
DM_DRIVER_GET(stm32mp_bsec),
|
|
&dev);
|
|
|
|
if (!ret)
|
|
ret = misc_read(dev, STM32_BSEC_SHADOW(index),
|
|
&otp, sizeof(otp));
|
|
|
|
return (otp >> shift) & mask;
|
|
}
|