]> git.ipfire.org Git - thirdparty/u-boot.git/blame - arch/arm/mach-stm32mp/bsec.c
projects / thirdparty / u-boot.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""
[thirdparty/u-boot.git] / arch / arm / mach-stm32mp / bsec.c
CommitLineData
19f58992
PD		 1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2018, STMicroelectronics - All Rights Reserved
4 */
5
b66bfdf2
PD		 6#define LOG_CATEGORY UCLASS_MISC
7
d678a59d 8#include <common.h>
622c956c 9#include <clk.h>
19f58992 10#include <dm.h>
f7ae49fc 11#include <log.h>
19f58992 12#include <misc.h>
33a909a4 13#include <tee.h>
19f58992 14#include <asm/io.h>
bd3f60d2 15#include <asm/arch/bsec.h>
d859c611 16#include <asm/arch/stm32mp1_smc.h>
33a909a4 17#include <dm/device.h>
b66bfdf2 18#include <dm/device_compat.h>
d859c611 19#include <linux/arm-smccc.h>
ee7d7723 20#include <linux/iopoll.h>
1e94b46f 21#include <linux/printk.h>
19f58992 22
0c20f53b 23#define BSEC_OTP_UPPER_START 32
19f58992
PD		 24#define BSEC_TIMEOUT_US 10000
25
26/* BSEC REGISTER OFFSET (base relative) */
27#define BSEC_OTP_CONF_OFF 0x000
28#define BSEC_OTP_CTRL_OFF 0x004
29#define BSEC_OTP_WRDATA_OFF 0x008
30#define BSEC_OTP_STATUS_OFF 0x00C
31#define BSEC_OTP_LOCK_OFF 0x010
bd3f60d2 32#define BSEC_DENABLE_OFF 0x014
19f58992
PD		 33#define BSEC_DISTURBED_OFF 0x01C
34#define BSEC_ERROR_OFF 0x034
7ae22d72
PD		 35#define BSEC_WRLOCK_OFF 0x04C /* OTP write permananet lock */
36#define BSEC_SPLOCK_OFF 0x064 /* OTP write sticky lock */
37#define BSEC_SWLOCK_OFF 0x07C /* shadow write sticky lock */
38#define BSEC_SRLOCK_OFF 0x094 /* shadow read sticky lock */
19f58992
PD		 39#define BSEC_OTP_DATA_OFF 0x200
40
41/* BSEC_CONFIGURATION Register MASK */
42#define BSEC_CONF_POWER_UP 0x001
43
44/* BSEC_CONTROL Register */
45#define BSEC_READ 0x000
46#define BSEC_WRITE 0x100
0c20f53b 47#define BSEC_LOCK 0x200
19f58992
PD		 48
49/* LOCK Register */
50#define OTP_LOCK_MASK 0x1F
51#define OTP_LOCK_BANK_SHIFT 0x05
52#define OTP_LOCK_BIT_MASK 0x01
53
54/* STATUS Register */
55#define BSEC_MODE_BUSY_MASK 0x08
56#define BSEC_MODE_PROGFAIL_MASK 0x10
57#define BSEC_MODE_PWR_MASK 0x20
58
bd3f60d2
PD		 59/* DENABLE Register */
60#define BSEC_DENABLE_DBGSWENABLE BIT(10)
61
19f58992
PD		 62/*
63 * OTP Lock services definition
64 * Value must corresponding to the bit number in the register
65 */
66#define BSEC_LOCK_PROGRAM 0x04
67
33a909a4
PD		 68#define PTA_BSEC_UUID { 0x94cf71ad, 0x80e6, 0x40b5, \
69 { 0xa7, 0xc6, 0x3d, 0xc5, 0x01, 0xeb, 0x28, 0x03 } }
70
71/*
72 * Read OTP memory
73 *
74 * [in] value[0].a OTP start offset in byte
75 * [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
76 * [out] memref[1].buffer Output buffer to store read values
77 * [out] memref[1].size Size of OTP to be read
78 *
79 * Return codes:
80 * TEE_SUCCESS - Invoke command success
81 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param
82 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
83 */
84#define PTA_BSEC_READ_MEM 0x0
85
0c20f53b 86/*
33a909a4
PD		 87 * Write OTP memory
88 *
89 * [in] value[0].a OTP start offset in byte
90 * [in] value[0].b Access type (0:shadow, 1:fuse, 2:lock)
91 * [in] memref[1].buffer Input buffer to read values
92 * [in] memref[1].size Size of OTP to be written
93 *
94 * Return codes:
95 * TEE_SUCCESS - Invoke command success
96 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param
97 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller
0c20f53b 98 */
33a909a4
PD		 99#define PTA_BSEC_WRITE_MEM 0x1
100
101/* value of PTA_BSEC access type = value[in] b */
102#define SHADOW_ACCESS 0
103#define FUSE_ACCESS 1
104#define LOCK_ACCESS 2
0c20f53b 105
19f58992 106/**
7ae22d72
PD		 107 * bsec_lock() - manage lock for each type SR/SP/SW
108 * @address: address of bsec IP register
19f58992 109 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
7ae22d72 110 * Return: true if locked else false
19f58992 111 */
3e0b12af 112static bool bsec_read_lock(void __iomem *address, u32 otp)
19f58992
PD		 113{
114 u32 bit;
115 u32 bank;
116
117 bit = 1 << (otp & OTP_LOCK_MASK);
118 bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
119
3e0b12af 120 return !!(readl((address + bank)) & bit);
19f58992
PD		 121}
122
123/**
7ae22d72
PD		 124 * bsec_check_error() - Check status of one otp
125 * @base: base address of bsec IP
19f58992 126 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
7ae22d72 127 * Return: 0 if no error, -EAGAIN or -ENOTSUPP
19f58992 128 */
3e0b12af 129static u32 bsec_check_error(void __iomem *base, u32 otp)
19f58992
PD		 130{
131 u32 bit;
132 u32 bank;
133
134 bit = 1 << (otp & OTP_LOCK_MASK);
135 bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
136
7ae22d72
PD		 137 if (readl(base + BSEC_DISTURBED_OFF + bank) & bit)
138 return -EAGAIN;
139 else if (readl(base + BSEC_ERROR_OFF + bank) & bit)
140 return -ENOTSUPP;
141
142 return 0;
19f58992
PD		 143}
144
145/**
146 * bsec_read_SR_lock() - read SR lock (Shadowing)
147 * @base: base address of bsec IP
148 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
149 * Return: true if locked else false
150 */
3e0b12af 151static bool bsec_read_SR_lock(void __iomem *base, u32 otp)
19f58992
PD		 152{
153 return bsec_read_lock(base + BSEC_SRLOCK_OFF, otp);
154}
155
156/**
157 * bsec_read_SP_lock() - read SP lock (program Lock)
158 * @base: base address of bsec IP
159 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
160 * Return: true if locked else false
161 */
3e0b12af 162static bool bsec_read_SP_lock(void __iomem *base, u32 otp)
19f58992
PD		 163{
164 return bsec_read_lock(base + BSEC_SPLOCK_OFF, otp);
165}
166
167/**
168 * bsec_SW_lock() - manage SW lock (Write in Shadow)
169 * @base: base address of bsec IP
170 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
171 * Return: true if locked else false
172 */
3e0b12af 173static bool bsec_read_SW_lock(void __iomem *base, u32 otp)
19f58992
PD		 174{
175 return bsec_read_lock(base + BSEC_SWLOCK_OFF, otp);
176}
177
178/**
179 * bsec_power_safmem() - Activate or deactivate safmem power
180 * @base: base address of bsec IP
181 * @power: true to power up , false to power down
182 * Return: 0 if succeed
183 */
3e0b12af 184static int bsec_power_safmem(void __iomem *base, bool power)
19f58992
PD		 185{
186 u32 val;
187 u32 mask;
188
189 if (power) {
190 setbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
191 mask = BSEC_MODE_PWR_MASK;
192 } else {
193 clrbits_le32(base + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP);
194 mask = 0;
195 }
196
197 /* waiting loop */
198 return readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
199 val, (val & BSEC_MODE_PWR_MASK) == mask,
200 BSEC_TIMEOUT_US);
201}
202
203/**
204 * bsec_shadow_register() - copy safmen otp to bsec data
2d48d99c 205 * @dev: bsec IP device
19f58992
PD		 206 * @base: base address of bsec IP
207 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
208 * Return: 0 if no error
209 */
3e0b12af 210static int bsec_shadow_register(struct udevice *dev, void __iomem *base, u32 otp)
19f58992
PD		 211{
212 u32 val;
213 int ret;
214 bool power_up = false;
215
216 /* check if shadowing of otp is locked */
217 if (bsec_read_SR_lock(base, otp))
b66bfdf2
PD		 218 dev_dbg(dev, "OTP %d is locked and refreshed with 0\n",
219 otp);
19f58992
PD		 220
221 /* check if safemem is power up */
222 val = readl(base + BSEC_OTP_STATUS_OFF);
223 if (!(val & BSEC_MODE_PWR_MASK)) {
224 ret = bsec_power_safmem(base, true);
225 if (ret)
226 return ret;
815bc8bc 227 power_up = true;
19f58992
PD		 228 }
229 /* set BSEC_OTP_CTRL_OFF with the otp value*/
230 writel(otp | BSEC_READ, base + BSEC_OTP_CTRL_OFF);
231
232 /* check otp status*/
233 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
234 val, (val & BSEC_MODE_BUSY_MASK) == 0,
235 BSEC_TIMEOUT_US);
236 if (ret)
237 return ret;
238
239 ret = bsec_check_error(base, otp);
240
241 if (power_up)
242 bsec_power_safmem(base, false);
243
244 return ret;
245}
246
247/**
248 * bsec_read_shadow() - read an otp data value from shadow
2d48d99c 249 * @dev: bsec IP device
19f58992
PD		 250 * @base: base address of bsec IP
251 * @val: read value
252 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
253 * Return: 0 if no error
254 */
3e0b12af
PC		 255static int bsec_read_shadow(struct udevice *dev, void __iomem *base, u32 *val,
256 u32 otp)
19f58992
PD		 257{
258 *val = readl(base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
259
260 return bsec_check_error(base, otp);
261}
262
263/**
264 * bsec_write_shadow() - write value in BSEC data register in shadow
2d48d99c 265 * @dev: bsec IP device
19f58992
PD		 266 * @base: base address of bsec IP
267 * @val: value to write
268 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
269 * Return: 0 if no error
270 */
3e0b12af 271static int bsec_write_shadow(struct udevice *dev, void __iomem *base, u32 val, u32 otp)
19f58992
PD		 272{
273 /* check if programming of otp is locked */
274 if (bsec_read_SW_lock(base, otp))
b66bfdf2 275 dev_dbg(dev, "OTP %d is lock, write will be ignore\n", otp);
19f58992
PD		 276
277 writel(val, base + BSEC_OTP_DATA_OFF + otp * sizeof(u32));
278
279 return bsec_check_error(base, otp);
280}
281
282/**
283 * bsec_program_otp() - program a bit in SAFMEM
2d48d99c 284 * @dev: bsec IP device
19f58992
PD		 285 * @base: base address of bsec IP
286 * @val: value to program
287 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
288 * after the function the otp data is not refreshed in shadow
289 * Return: 0 if no error
290 */
3e0b12af 291static int bsec_program_otp(struct udevice *dev, void __iomem *base, u32 val, u32 otp)
19f58992
PD		 292{
293 u32 ret;
294 bool power_up = false;
295
296 if (bsec_read_SP_lock(base, otp))
b66bfdf2 297 dev_dbg(dev, "OTP %d locked, prog will be ignore\n", otp);
19f58992
PD		 298
299 if (readl(base + BSEC_OTP_LOCK_OFF) & (1 << BSEC_LOCK_PROGRAM))
b66bfdf2 300 dev_dbg(dev, "Global lock, prog will be ignore\n");
19f58992
PD		 301
302 /* check if safemem is power up */
303 if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
304 ret = bsec_power_safmem(base, true);
305 if (ret)
306 return ret;
307
308 power_up = true;
309 }
310 /* set value in write register*/
311 writel(val, base + BSEC_OTP_WRDATA_OFF);
312
313 /* set BSEC_OTP_CTRL_OFF with the otp value */
314 writel(otp | BSEC_WRITE, base + BSEC_OTP_CTRL_OFF);
315
316 /* check otp status*/
317 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
318 val, (val & BSEC_MODE_BUSY_MASK) == 0,
319 BSEC_TIMEOUT_US);
320 if (ret)
321 return ret;
322
323 if (val & BSEC_MODE_PROGFAIL_MASK)
324 ret = -EACCES;
325 else
326 ret = bsec_check_error(base, otp);
327
328 if (power_up)
329 bsec_power_safmem(base, false);
330
331 return ret;
332}
333
0c20f53b
PD		 334/**
335 * bsec_permanent_lock_otp() - permanent lock of OTP in SAFMEM
336 * @dev: bsec IP device
337 * @base: base address of bsec IP
338 * @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
339 * Return: 0 if no error
340 */
3e0b12af 341static int bsec_permanent_lock_otp(struct udevice *dev, void __iomem *base, uint32_t otp)
0c20f53b
PD		 342{
343 int ret;
344 bool power_up = false;
345 u32 val, addr;
346
347 /* check if safemem is power up */
348 if (!(readl(base + BSEC_OTP_STATUS_OFF) & BSEC_MODE_PWR_MASK)) {
349 ret = bsec_power_safmem(base, true);
350 if (ret)
351 return ret;
352
353 power_up = true;
354 }
355
356 /*
357 * low OTPs = 2 bits word for low OTPs, 1 bits per word for upper OTP
358 * and only 16 bits used in WRDATA
359 */
360 if (otp < BSEC_OTP_UPPER_START) {
361 addr = otp / 8;
362 val = 0x03 << ((otp * 2) & 0xF);
363 } else {
364 addr = BSEC_OTP_UPPER_START / 8 +
365 ((otp - BSEC_OTP_UPPER_START) / 16);
366 val = 0x01 << (otp & 0xF);
367 }
368
369 /* set value in write register*/
370 writel(val, base + BSEC_OTP_WRDATA_OFF);
371
372 /* set BSEC_OTP_CTRL_OFF with the otp addr and lock request*/
373 writel(addr | BSEC_WRITE | BSEC_LOCK, base + BSEC_OTP_CTRL_OFF);
374
375 /* check otp status*/
376 ret = readl_poll_timeout(base + BSEC_OTP_STATUS_OFF,
377 val, (val & BSEC_MODE_BUSY_MASK) == 0,
378 BSEC_TIMEOUT_US);
379 if (ret)
380 return ret;
381
382 if (val & BSEC_MODE_PROGFAIL_MASK)
383 ret = -EACCES;
384 else
385 ret = bsec_check_error(base, otp);
386
387 if (power_up)
388 bsec_power_safmem(base, false);
389
390 return ret;
391}
392
19f58992 393/* BSEC MISC driver *******************************************************/
8a8d24bd 394struct stm32mp_bsec_plat {
3e0b12af 395 void __iomem *base;
19f58992
PD		 396};
397
33a909a4
PD		 398struct stm32mp_bsec_priv {
399 struct udevice *tee;
400};
401
0d0266c4
PD		 402struct stm32mp_bsec_drvdata {
403 int size;
404 bool ta;
405};
406
19f58992
PD		 407static int stm32mp_bsec_read_otp(struct udevice *dev, u32 *val, u32 otp)
408{
8a8d24bd 409 struct stm32mp_bsec_plat *plat;
19f58992
PD		 410 u32 tmp_data = 0;
411 int ret;
412
f42045b2 413 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
4e9e358f
PD		 414 return stm32_smc(STM32_SMC_BSEC,
415 STM32_SMC_READ_OTP,
416 otp, 0, val);
417
c69cda25 418 plat = dev_get_plat(dev);
4e9e358f 419
19f58992 420 /* read current shadow value */
b66bfdf2 421 ret = bsec_read_shadow(dev, plat->base, &tmp_data, otp);
19f58992
PD		 422 if (ret)
423 return ret;
424
425 /* copy otp in shadow */
b66bfdf2 426 ret = bsec_shadow_register(dev, plat->base, otp);
19f58992
PD		 427 if (ret)
428 return ret;
429
b66bfdf2 430 ret = bsec_read_shadow(dev, plat->base, val, otp);
19f58992
PD		 431 if (ret)
432 return ret;
433
434 /* restore shadow value */
b66bfdf2 435 ret = bsec_write_shadow(dev, plat->base, tmp_data, otp);
4e9e358f 436
19f58992
PD		 437 return ret;
438}
439
440static int stm32mp_bsec_read_shadow(struct udevice *dev, u32 *val, u32 otp)
441{
8a8d24bd 442 struct stm32mp_bsec_plat *plat;
4e9e358f 443
f42045b2 444 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
4e9e358f
PD		 445 return stm32_smc(STM32_SMC_BSEC,
446 STM32_SMC_READ_SHADOW,
447 otp, 0, val);
448
c69cda25 449 plat = dev_get_plat(dev);
19f58992 450
b66bfdf2 451 return bsec_read_shadow(dev, plat->base, val, otp);
19f58992
PD		 452}
453
7ae22d72
PD		 454static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp)
455{
8a8d24bd 456 struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
0c20f53b 457 u32 wrlock;
7ae22d72
PD		 458
459 /* return OTP permanent write lock status */
0c20f53b
PD		 460 wrlock = bsec_read_lock(plat->base + BSEC_WRLOCK_OFF, otp);
461
462 *val = 0;
463 if (wrlock)
464 *val = BSEC_LOCK_PERM;
7ae22d72
PD		 465
466 return 0;
467}
468
19f58992
PD		 469static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
470{
8a8d24bd 471 struct stm32mp_bsec_plat *plat;
4e9e358f 472
f42045b2 473 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
4e9e358f
PD		 474 return stm32_smc_exec(STM32_SMC_BSEC,
475 STM32_SMC_PROG_OTP,
476 otp, val);
477
c69cda25 478 plat = dev_get_plat(dev);
19f58992 479
b66bfdf2 480 return bsec_program_otp(dev, plat->base, val, otp);
4e9e358f 481
19f58992
PD		 482}
483
484static int stm32mp_bsec_write_shadow(struct udevice *dev, u32 val, u32 otp)
485{
8a8d24bd 486 struct stm32mp_bsec_plat *plat;
4e9e358f 487
f42045b2 488 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
4e9e358f
PD		 489 return stm32_smc_exec(STM32_SMC_BSEC,
490 STM32_SMC_WRITE_SHADOW,
491 otp, val);
492
c69cda25 493 plat = dev_get_plat(dev);
19f58992 494
b66bfdf2 495 return bsec_write_shadow(dev, plat->base, val, otp);
19f58992
PD		 496}
497
7ae22d72
PD		 498static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
499{
0c20f53b
PD		 500 struct stm32mp_bsec_plat *plat;
501
502 /* only permanent write lock is supported in U-Boot */
503 if (!(val & BSEC_LOCK_PERM)) {
504 dev_dbg(dev, "lock option without BSEC_LOCK_PERM: %x\n", val);
505 return 0; /* nothing to do */
506 }
4e9e358f 507
0c20f53b 508 if (IS_ENABLED(CONFIG_ARM_SMCCC) && !IS_ENABLED(CONFIG_SPL_BUILD))
7ae22d72
PD		 509 return stm32_smc_exec(STM32_SMC_BSEC,
510 STM32_SMC_WRLOCK_OTP,
511 otp, 0);
0c20f53b
PD		 512
513 plat = dev_get_plat(dev);
514
515 return bsec_permanent_lock_otp(dev, plat->base, otp);
7ae22d72
PD		 516}
517
33a909a4
PD		 518static int bsec_pta_open_session(struct udevice *tee, u32 *tee_session)
519{
520 const struct tee_optee_ta_uuid uuid = PTA_BSEC_UUID;
521 struct tee_open_session_arg arg;
522 int rc;
523
524 memset(&arg, 0, sizeof(arg));
525 tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
526 arg.clnt_login = TEE_LOGIN_REE_KERNEL;
527 rc = tee_open_session(tee, &arg, 0, NULL);
528 if (rc < 0)
529 return -ENODEV;
530
531 *tee_session = arg.session;
532
533 return 0;
534}
535
536static int bsec_optee_open(struct udevice *dev)
537{
538 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
539 struct udevice *tee;
540 u32 tee_session;
541 int rc;
542
543 tee = tee_find_device(NULL, NULL, NULL, NULL);
544 if (!tee)
545 return -ENODEV;
546
547 /* try to open the STM32 BSEC TA */
548 rc = bsec_pta_open_session(tee, &tee_session);
549 if (rc)
550 return rc;
551
552 tee_close_session(tee, tee_session);
553
554 priv->tee = tee;
555
556 return 0;
557}
558
559static int bsec_optee_pta(struct udevice *dev, int cmd, int type, int offset,
560 void *buff, ulong size)
561{
562 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
563 u32 tee_session;
564 struct tee_invoke_arg arg;
565 struct tee_param param[2];
566 struct tee_shm *fw_shm;
567 int rc;
568
569 rc = bsec_pta_open_session(priv->tee, &tee_session);
570 if (rc)
571 return rc;
572
573 rc = tee_shm_register(priv->tee, buff, size, 0, &fw_shm);
574 if (rc)
575 goto close_session;
576
577 memset(&arg, 0, sizeof(arg));
578 arg.func = cmd;
579 arg.session = tee_session;
580
581 memset(param, 0, sizeof(param));
582
583 param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT;
584 param[0].u.value.a = offset;
585 param[0].u.value.b = type;
586
587 if (cmd == PTA_BSEC_WRITE_MEM)
588 param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INPUT;
589 else
590 param[1].attr = TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
591
592 param[1].u.memref.shm = fw_shm;
593 param[1].u.memref.size = size;
594
595 rc = tee_invoke_func(priv->tee, &arg, 2, param);
596 if (rc < 0 || arg.ret != 0) {
597 dev_err(priv->tee,
598 "PTA_BSEC invoke failed TEE err: %x, err:%x\n",
599 arg.ret, rc);
600 if (!rc)
601 rc = -EIO;
602 }
603
604 tee_shm_free(fw_shm);
605
606close_session:
607 tee_close_session(priv->tee, tee_session);
608
609 return rc;
610}
611
19f58992
PD		 612static int stm32mp_bsec_read(struct udevice *dev, int offset,
613 void *buf, int size)
614{
33a909a4 615 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
0d0266c4 616 struct stm32mp_bsec_drvdata *data = (struct stm32mp_bsec_drvdata *)dev_get_driver_data(dev);
19f58992
PD		 617 int ret;
618 int i;
7ae22d72 619 bool shadow = true, lock = false;
19f58992 620 int nb_otp = size / sizeof(u32);
33a909a4 621 int otp, cmd;
745b676d 622 unsigned int offs = offset;
19f58992 623
7ae22d72
PD		 624 if (offs >= STM32_BSEC_LOCK_OFFSET) {
625 offs -= STM32_BSEC_LOCK_OFFSET;
626 lock = true;
627 } else if (offs >= STM32_BSEC_OTP_OFFSET) {
745b676d 628 offs -= STM32_BSEC_OTP_OFFSET;
19f58992
PD		 629 shadow = false;
630 }
19f58992 631
7b802e1a 632 if ((offs % 4) || (size % 4) || !size)
19f58992 633 return -EINVAL;
19f58992 634
33a909a4
PD		 635 if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
636 cmd = FUSE_ACCESS;
637 if (shadow)
638 cmd = SHADOW_ACCESS;
639 if (lock)
640 cmd = LOCK_ACCESS;
641 ret = bsec_optee_pta(dev, PTA_BSEC_READ_MEM, cmd, offs, buf, size);
642 if (ret)
643 return ret;
644
645 return size;
646 }
647
0c8620d2
PD		 648 otp = offs / sizeof(u32);
649
0d0266c4 650 for (i = otp; i < (otp + nb_otp) && i < data->size; i++) {
19f58992
PD		 651 u32 *addr = &((u32 *)buf)[i - otp];
652
7ae22d72
PD		 653 if (lock)
654 ret = stm32mp_bsec_read_lock(dev, addr, i);
655 else if (shadow)
19f58992
PD		 656 ret = stm32mp_bsec_read_shadow(dev, addr, i);
657 else
658 ret = stm32mp_bsec_read_otp(dev, addr, i);
659
660 if (ret)
661 break;
662 }
0c8620d2
PD		 663 if (ret)
664 return ret;
665 else
666 return (i - otp) * 4;
19f58992
PD		 667}
668
669static int stm32mp_bsec_write(struct udevice *dev, int offset,
670 const void *buf, int size)
671{
33a909a4 672 struct stm32mp_bsec_priv *priv = dev_get_priv(dev);
0d0266c4 673 struct stm32mp_bsec_drvdata *data = (struct stm32mp_bsec_drvdata *)dev_get_driver_data(dev);
19f58992
PD		 674 int ret = 0;
675 int i;
7ae22d72 676 bool shadow = true, lock = false;
19f58992 677 int nb_otp = size / sizeof(u32);
33a909a4 678 int otp, cmd;
745b676d 679 unsigned int offs = offset;
19f58992 680
7ae22d72
PD		 681 if (offs >= STM32_BSEC_LOCK_OFFSET) {
682 offs -= STM32_BSEC_LOCK_OFFSET;
683 lock = true;
684 } else if (offs >= STM32_BSEC_OTP_OFFSET) {
745b676d 685 offs -= STM32_BSEC_OTP_OFFSET;
19f58992
PD		 686 shadow = false;
687 }
19f58992 688
7b802e1a 689 if ((offs % 4) || (size % 4) || !size)
19f58992 690 return -EINVAL;
19f58992 691
33a909a4
PD		 692 if (IS_ENABLED(CONFIG_OPTEE) && priv->tee) {
693 cmd = FUSE_ACCESS;
694 if (shadow)
695 cmd = SHADOW_ACCESS;
696 if (lock)
697 cmd = LOCK_ACCESS;
698 ret = bsec_optee_pta(dev, PTA_BSEC_WRITE_MEM, cmd, offs, (void *)buf, size);
699 if (ret)
700 return ret;
701
702 return size;
703 }
704
0c8620d2
PD		 705 otp = offs / sizeof(u32);
706
0d0266c4 707 for (i = otp; i < otp + nb_otp && i < data->size; i++) {
19f58992
PD		 708 u32 *val = &((u32 *)buf)[i - otp];
709
7ae22d72
PD		 710 if (lock)
711 ret = stm32mp_bsec_write_lock(dev, *val, i);
712 else if (shadow)
19f58992
PD		 713 ret = stm32mp_bsec_write_shadow(dev, *val, i);
714 else
715 ret = stm32mp_bsec_write_otp(dev, *val, i);
716 if (ret)
717 break;
718 }
0c8620d2
PD		 719 if (ret)
720 return ret;
721 else
722 return (i - otp) * 4;
19f58992
PD		 723}
724
725static const struct misc_ops stm32mp_bsec_ops = {
726 .read = stm32mp_bsec_read,
727 .write = stm32mp_bsec_write,
728};
729
d1998a9f 730static int stm32mp_bsec_of_to_plat(struct udevice *dev)
19f58992 731{
8a8d24bd 732 struct stm32mp_bsec_plat *plat = dev_get_plat(dev);
19f58992 733
3e0b12af 734 plat->base = dev_read_addr_ptr(dev);
19f58992
PD		 735
736 return 0;
737}
738
815bc8bc
PD		 739static int stm32mp_bsec_probe(struct udevice *dev)
740{
0d0266c4 741 struct stm32mp_bsec_drvdata *data = (struct stm32mp_bsec_drvdata *)dev_get_driver_data(dev);
815bc8bc 742 int otp;
8a8d24bd 743 struct stm32mp_bsec_plat *plat;
622c956c
PD		 744 struct clk_bulk clk_bulk;
745 int ret;
746
747 ret = clk_get_bulk(dev, &clk_bulk);
748 if (!ret) {
749 ret = clk_enable_bulk(&clk_bulk);
750 if (ret)
751 return ret;
752 }
815bc8bc 753
33a909a4 754 if (IS_ENABLED(CONFIG_OPTEE))
0d0266c4
PD		 755 ret = bsec_optee_open(dev);
756 else
757 ret = -ENOTSUPP;
758 /* failed if OP-TEE TA is required */
759 if (data->ta && !ret)
760 return ret;
33a909a4 761
95bd49a5
PD		 762 /*
763 * update unlocked shadow for OTP cleared by the rom code
9788708f 764 * only executed in SPL, it is done in TF-A for TFABOOT
95bd49a5 765 */
0d0266c4 766 if (IS_ENABLED(CONFIG_SPL_BUILD) && !data->ta) {
c69cda25 767 plat = dev_get_plat(dev);
4e9e358f 768
0d0266c4
PD		 769 /* here 57 is the value for STM32MP15x ROM code, only MPU with SPL support*/
770 for (otp = 57; otp < data->size; otp++)
4e9e358f 771 if (!bsec_read_SR_lock(plat->base, otp))
b66bfdf2 772 bsec_shadow_register(dev, plat->base, otp);
4e9e358f 773 }
815bc8bc
PD		 774
775 return 0;
776}
815bc8bc 777
0d0266c4
PD		 778static const struct stm32mp_bsec_drvdata stm32mp13_data = {
779 .size = 96,
780 .ta = true,
781};
782
783static const struct stm32mp_bsec_drvdata stm32mp15_data = {
784 .size = 96,
785 .ta = false,
786};
e508b597
PD		 787
788static const struct stm32mp_bsec_drvdata stm32mp25_data = {
789 .size = 368, /* 384 but no access to HWKEY and STM32PRVKEY */
790 .ta = true,
791};
792
19f58992 793static const struct udevice_id stm32mp_bsec_ids[] = {
0d0266c4
PD		 794 { .compatible = "st,stm32mp13-bsec", .data = (ulong)&stm32mp13_data},
795 { .compatible = "st,stm32mp15-bsec", .data = (ulong)&stm32mp15_data},
e508b597 796 { .compatible = "st,stm32mp25-bsec", .data = (ulong)&stm32mp25_data},
19f58992
PD		 797 {}
798};
799
800U_BOOT_DRIVER(stm32mp_bsec) = {
801 .name = "stm32mp_bsec",
802 .id = UCLASS_MISC,
803 .of_match = stm32mp_bsec_ids,
d1998a9f 804 .of_to_plat = stm32mp_bsec_of_to_plat,
27bad4e7 805 .plat_auto = sizeof(struct stm32mp_bsec_plat),
33a909a4 806 .priv_auto = sizeof(struct stm32mp_bsec_priv),
19f58992 807 .ops = &stm32mp_bsec_ops,
815bc8bc 808 .probe = stm32mp_bsec_probe,
19f58992 809};
bd3f60d2
PD		 810
811bool bsec_dbgswenable(void)
812{
813 struct udevice *dev;
8a8d24bd 814 struct stm32mp_bsec_plat *plat;
bd3f60d2
PD		 815 int ret;
816
817 ret = uclass_get_device_by_driver(UCLASS_MISC,
65e25bea 818 DM_DRIVER_GET(stm32mp_bsec), &dev);
bd3f60d2 819 if (ret || !dev) {
b66bfdf2 820 log_debug("bsec driver not available\n");
bd3f60d2
PD		 821 return false;
822 }
823
c69cda25 824 plat = dev_get_plat(dev);
bd3f60d2
PD		 825 if (readl(plat->base + BSEC_DENABLE_OFF) & BSEC_DENABLE_DBGSWENABLE)
826 return true;
827
828 return false;
829}
3865a7ec
PD		 830
831u32 get_otp(int index, int shift, int mask)
832{
833 int ret;
834 struct udevice *dev;
835 u32 otp = 0;
836
837 ret = uclass_get_device_by_driver(UCLASS_MISC,
838 DM_DRIVER_GET(stm32mp_bsec),
839 &dev);
840
841 if (!ret)
842 ret = misc_read(dev, STM32_BSEC_SHADOW(index),
843 &otp, sizeof(otp));
844
845 return (otp >> shift) & mask;
846}
"Das U-Boot" Source Tree