1 /*
2 * Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <limits.h>
9
10 #include <libfdt.h>
11
12 #include <platform_def.h>
13
14 #include <arch_helpers.h>
15 #include <common/debug.h>
16 #include <drivers/st/bsec.h>
17 #include <lib/mmio.h>
18 #include <lib/spinlock.h>
19
20 #define BSEC_IP_VERSION_1_0 0x10
21 #define BSEC_COMPAT "st,stm32mp15-bsec"
22
23 #define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
24
25 static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __unused;
26
27 static uint32_t bsec_power_safmem(bool power);
28
29 /* BSEC access protection */
30 static spinlock_t bsec_spinlock;
31 static uintptr_t bsec_base;
32
bsec_lock(void)33 static void bsec_lock(void)
34 {
35 if (stm32mp_lock_available()) {
36 spin_lock(&bsec_spinlock);
37 }
38 }
39
bsec_unlock(void)40 static void bsec_unlock(void)
41 {
42 if (stm32mp_lock_available()) {
43 spin_unlock(&bsec_spinlock);
44 }
45 }
46
bsec_get_dt_node(struct dt_node_info * info)47 static int bsec_get_dt_node(struct dt_node_info *info)
48 {
49 int node;
50
51 node = dt_get_node(info, -1, BSEC_COMPAT);
52 if (node < 0) {
53 return -FDT_ERR_NOTFOUND;
54 }
55
56 return node;
57 }
58
59 #if defined(IMAGE_BL32)
enable_non_secure_access(uint32_t otp)60 static void enable_non_secure_access(uint32_t otp)
61 {
62 otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
63
64 if (bsec_shadow_register(otp) != BSEC_OK) {
65 panic();
66 }
67 }
68
non_secure_can_access(uint32_t otp)69 static bool non_secure_can_access(uint32_t otp)
70 {
71 return (otp_nsec_access[otp / __WORD_BIT] &
72 BIT(otp % __WORD_BIT)) != 0;
73 }
74
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)75 static int bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
76 {
77 int bsec_subnode;
78
79 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
80 const fdt32_t *cuint;
81 uint32_t reg;
82 uint32_t i;
83 uint32_t size;
84 uint8_t status;
85
86 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
87 if (cuint == NULL) {
88 panic();
89 }
90
91 reg = fdt32_to_cpu(*cuint) / sizeof(uint32_t);
92 if (reg < STM32MP1_UPPER_OTP_START) {
93 continue;
94 }
95
96 status = fdt_get_status(bsec_subnode);
97 if ((status & DT_NON_SECURE) == 0U) {
98 continue;
99 }
100
101 size = fdt32_to_cpu(*(cuint + 1)) / sizeof(uint32_t);
102
103 if ((fdt32_to_cpu(*(cuint + 1)) % sizeof(uint32_t)) != 0) {
104 size++;
105 }
106
107 for (i = reg; i < (reg + size); i++) {
108 enable_non_secure_access(i);
109 }
110 }
111
112 return 0;
113 }
114 #endif
115
otp_bank_offset(uint32_t otp)116 static uint32_t otp_bank_offset(uint32_t otp)
117 {
118 assert(otp <= STM32MP1_OTP_MAX_ID);
119
120 return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
121 sizeof(uint32_t);
122 }
123
bsec_check_error(uint32_t otp)124 static uint32_t bsec_check_error(uint32_t otp)
125 {
126 uint32_t bit = BIT(otp & BSEC_OTP_MASK);
127 uint32_t bank = otp_bank_offset(otp);
128
129 if ((mmio_read_32(bsec_base + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
130 return BSEC_DISTURBED;
131 }
132
133 if ((mmio_read_32(bsec_base + BSEC_ERROR_OFF + bank) & bit) != 0U) {
134 return BSEC_ERROR;
135 }
136
137 return BSEC_OK;
138 }
139
140 /*
141 * bsec_probe: initialize BSEC driver.
142 * return value: BSEC_OK if no error.
143 */
bsec_probe(void)144 uint32_t bsec_probe(void)
145 {
146 void *fdt;
147 int node;
148 struct dt_node_info bsec_info;
149
150 if (fdt_get_address(&fdt) == 0) {
151 panic();
152 }
153
154 node = bsec_get_dt_node(&bsec_info);
155 if (node < 0) {
156 panic();
157 }
158
159 bsec_base = bsec_info.base;
160
161 #if defined(IMAGE_BL32)
162 bsec_dt_otp_nsec_access(fdt, node);
163 #endif
164 return BSEC_OK;
165 }
166
167 /*
168 * bsec_get_base: return BSEC base address.
169 */
bsec_get_base(void)170 uint32_t bsec_get_base(void)
171 {
172 return bsec_base;
173 }
174
175 /*
176 * bsec_set_config: enable and configure BSEC.
177 * cfg: pointer to param structure used to set register.
178 * return value: BSEC_OK if no error.
179 */
bsec_set_config(struct bsec_config * cfg)180 uint32_t bsec_set_config(struct bsec_config *cfg)
181 {
182 uint32_t value;
183 int32_t result;
184
185 value = ((((uint32_t)cfg->freq << BSEC_CONF_FRQ_SHIFT) &
186 BSEC_CONF_FRQ_MASK) |
187 (((uint32_t)cfg->pulse_width << BSEC_CONF_PRG_WIDTH_SHIFT) &
188 BSEC_CONF_PRG_WIDTH_MASK) |
189 (((uint32_t)cfg->tread << BSEC_CONF_TREAD_SHIFT) &
190 BSEC_CONF_TREAD_MASK));
191
192 bsec_lock();
193
194 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, value);
195
196 bsec_unlock();
197
198 result = bsec_power_safmem((bool)cfg->power &
199 BSEC_CONF_POWER_UP_MASK);
200 if (result != BSEC_OK) {
201 return result;
202 }
203
204 value = ((((uint32_t)cfg->upper_otp_lock << UPPER_OTP_LOCK_SHIFT) &
205 UPPER_OTP_LOCK_MASK) |
206 (((uint32_t)cfg->den_lock << DENREG_LOCK_SHIFT) &
207 DENREG_LOCK_MASK) |
208 (((uint32_t)cfg->prog_lock << GPLOCK_LOCK_SHIFT) &
209 GPLOCK_LOCK_MASK));
210
211 bsec_lock();
212
213 mmio_write_32(bsec_base + BSEC_OTP_LOCK_OFF, value);
214
215 bsec_unlock();
216
217 return BSEC_OK;
218 }
219
220 /*
221 * bsec_get_config: return config parameters set in BSEC registers.
222 * cfg: config param return.
223 * return value: BSEC_OK if no error.
224 */
bsec_get_config(struct bsec_config * cfg)225 uint32_t bsec_get_config(struct bsec_config *cfg)
226 {
227 uint32_t value;
228
229 if (cfg == NULL) {
230 return BSEC_INVALID_PARAM;
231 }
232
233 value = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
234 cfg->power = (uint8_t)((value & BSEC_CONF_POWER_UP_MASK) >>
235 BSEC_CONF_POWER_UP_SHIFT);
236 cfg->freq = (uint8_t)((value & BSEC_CONF_FRQ_MASK) >>
237 BSEC_CONF_FRQ_SHIFT);
238 cfg->pulse_width = (uint8_t)((value & BSEC_CONF_PRG_WIDTH_MASK) >>
239 BSEC_CONF_PRG_WIDTH_SHIFT);
240 cfg->tread = (uint8_t)((value & BSEC_CONF_TREAD_MASK) >>
241 BSEC_CONF_TREAD_SHIFT);
242
243 value = mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF);
244 cfg->upper_otp_lock = (uint8_t)((value & UPPER_OTP_LOCK_MASK) >>
245 UPPER_OTP_LOCK_SHIFT);
246 cfg->den_lock = (uint8_t)((value & DENREG_LOCK_MASK) >>
247 DENREG_LOCK_SHIFT);
248 cfg->prog_lock = (uint8_t)((value & GPLOCK_LOCK_MASK) >>
249 GPLOCK_LOCK_SHIFT);
250
251 return BSEC_OK;
252 }
253
254 /*
255 * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
256 * otp: OTP number.
257 * return value: BSEC_OK if no error.
258 */
bsec_shadow_register(uint32_t otp)259 uint32_t bsec_shadow_register(uint32_t otp)
260 {
261 uint32_t result;
262 bool power_up = false;
263
264 if (otp > STM32MP1_OTP_MAX_ID) {
265 return BSEC_INVALID_PARAM;
266 }
267
268 /* Check if shadowing of OTP is locked */
269 if (bsec_read_sr_lock(otp)) {
270 VERBOSE("BSEC: OTP %i is locked and will not be refreshed\n",
271 otp);
272 }
273
274 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
275 result = bsec_power_safmem(true);
276
277 if (result != BSEC_OK) {
278 return result;
279 }
280
281 power_up = true;
282 }
283
284 bsec_lock();
285
286 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
287 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
288
289 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
290 ;
291 }
292
293 result = bsec_check_error(otp);
294
295 bsec_unlock();
296
297 if (power_up) {
298 if (bsec_power_safmem(false) != BSEC_OK) {
299 panic();
300 }
301 }
302
303 return result;
304 }
305
306 /*
307 * bsec_read_otp: read an OTP data value.
308 * val: read value.
309 * otp: OTP number.
310 * return value: BSEC_OK if no error.
311 */
bsec_read_otp(uint32_t * val,uint32_t otp)312 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
313 {
314 uint32_t result;
315
316 if (otp > STM32MP1_OTP_MAX_ID) {
317 return BSEC_INVALID_PARAM;
318 }
319
320 bsec_lock();
321
322 *val = mmio_read_32(bsec_base + BSEC_OTP_DATA_OFF +
323 (otp * sizeof(uint32_t)));
324
325 result = bsec_check_error(otp);
326
327 bsec_unlock();
328
329 return result;
330 }
331
332 /*
333 * bsec_write_otp: write value in BSEC data register.
334 * val: value to write.
335 * otp: OTP number.
336 * return value: BSEC_OK if no error.
337 */
bsec_write_otp(uint32_t val,uint32_t otp)338 uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
339 {
340 uint32_t result;
341
342 if (otp > STM32MP1_OTP_MAX_ID) {
343 return BSEC_INVALID_PARAM;
344 }
345
346 /* Check if programming of OTP is locked */
347 if (bsec_read_sw_lock(otp)) {
348 VERBOSE("BSEC: OTP %i is locked and write will be ignored\n",
349 otp);
350 }
351
352 bsec_lock();
353
354 mmio_write_32(bsec_base + BSEC_OTP_DATA_OFF +
355 (otp * sizeof(uint32_t)), val);
356
357 result = bsec_check_error(otp);
358
359 bsec_unlock();
360
361 return result;
362 }
363
364 /*
365 * bsec_program_otp: program a bit in SAFMEM after the prog.
366 * The OTP data is not refreshed.
367 * val: value to program.
368 * otp: OTP number.
369 * return value: BSEC_OK if no error.
370 */
bsec_program_otp(uint32_t val,uint32_t otp)371 uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
372 {
373 uint32_t result;
374 bool power_up = false;
375
376 if (otp > STM32MP1_OTP_MAX_ID) {
377 return BSEC_INVALID_PARAM;
378 }
379
380 /* Check if programming of OTP is locked */
381 if (bsec_read_sp_lock(otp)) {
382 WARN("BSEC: OTP locked, prog will be ignored\n");
383 }
384
385 if ((mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF) &
386 BIT(BSEC_LOCK_PROGRAM)) != 0U) {
387 WARN("BSEC: GPLOCK activated, prog will be ignored\n");
388 }
389
390 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
391 result = bsec_power_safmem(true);
392
393 if (result != BSEC_OK) {
394 return result;
395 }
396
397 power_up = true;
398 }
399
400 bsec_lock();
401
402 /* Set value in write register */
403 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, val);
404
405 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
406 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
407
408 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
409 ;
410 }
411
412 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
413 result = BSEC_PROG_FAIL;
414 } else {
415 result = bsec_check_error(otp);
416 }
417
418 bsec_unlock();
419
420 if (power_up) {
421 if (bsec_power_safmem(false) != BSEC_OK) {
422 panic();
423 }
424 }
425
426 return result;
427 }
428
429 /*
430 * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
431 * otp: OTP number.
432 * return value: BSEC_OK if no error.
433 */
bsec_permanent_lock_otp(uint32_t otp)434 uint32_t bsec_permanent_lock_otp(uint32_t otp)
435 {
436 uint32_t result;
437 bool power_up = false;
438 uint32_t data;
439 uint32_t addr;
440
441 if (otp > STM32MP1_OTP_MAX_ID) {
442 return BSEC_INVALID_PARAM;
443 }
444
445 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
446 result = bsec_power_safmem(true);
447
448 if (result != BSEC_OK) {
449 return result;
450 }
451
452 power_up = true;
453 }
454
455 if (otp < STM32MP1_UPPER_OTP_START) {
456 addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
457 data = DATA_LOWER_OTP_PERLOCK_BIT <<
458 ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
459 } else {
460 addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
461 data = DATA_UPPER_OTP_PERLOCK_BIT <<
462 (otp & DATA_UPPER_OTP_PERLOCK_MASK);
463 }
464
465 bsec_lock();
466
467 /* Set value in write register */
468 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, data);
469
470 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
471 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF,
472 addr | BSEC_WRITE | BSEC_LOCK);
473
474 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
475 ;
476 }
477
478 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
479 result = BSEC_PROG_FAIL;
480 } else {
481 result = bsec_check_error(otp);
482 }
483
484 bsec_unlock();
485
486 if (power_up) {
487 if (bsec_power_safmem(false) != BSEC_OK) {
488 panic();
489 }
490 }
491
492 return result;
493 }
494
495 /*
496 * bsec_write_debug_conf: write value in debug feature
497 * to enable/disable debug service.
498 * val: value to write.
499 * return value: BSEC_OK if no error.
500 */
bsec_write_debug_conf(uint32_t val)501 uint32_t bsec_write_debug_conf(uint32_t val)
502 {
503 uint32_t result = BSEC_ERROR;
504 uint32_t masked_val = val & BSEC_DEN_ALL_MSK;
505
506 bsec_lock();
507
508 mmio_write_32(bsec_base + BSEC_DEN_OFF, masked_val);
509
510 if ((mmio_read_32(bsec_base + BSEC_DEN_OFF) ^ masked_val) == 0U) {
511 result = BSEC_OK;
512 }
513
514 bsec_unlock();
515
516 return result;
517 }
518
519 /*
520 * bsec_read_debug_conf: read debug configuration.
521 */
bsec_read_debug_conf(void)522 uint32_t bsec_read_debug_conf(void)
523 {
524 return mmio_read_32(bsec_base + BSEC_DEN_OFF);
525 }
526
527 /*
528 * bsec_get_status: return status register value.
529 */
bsec_get_status(void)530 uint32_t bsec_get_status(void)
531 {
532 return mmio_read_32(bsec_base + BSEC_OTP_STATUS_OFF);
533 }
534
535 /*
536 * bsec_get_hw_conf: return hardware configuration.
537 */
bsec_get_hw_conf(void)538 uint32_t bsec_get_hw_conf(void)
539 {
540 return mmio_read_32(bsec_base + BSEC_IPHW_CFG_OFF);
541 }
542
543 /*
544 * bsec_get_version: return BSEC version.
545 */
bsec_get_version(void)546 uint32_t bsec_get_version(void)
547 {
548 return mmio_read_32(bsec_base + BSEC_IPVR_OFF);
549 }
550
551 /*
552 * bsec_get_id: return BSEC ID.
553 */
bsec_get_id(void)554 uint32_t bsec_get_id(void)
555 {
556 return mmio_read_32(bsec_base + BSEC_IP_ID_OFF);
557 }
558
559 /*
560 * bsec_get_magic_id: return BSEC magic number.
561 */
bsec_get_magic_id(void)562 uint32_t bsec_get_magic_id(void)
563 {
564 return mmio_read_32(bsec_base + BSEC_IP_MAGIC_ID_OFF);
565 }
566
567 /*
568 * bsec_write_sr_lock: write shadow-read lock.
569 * otp: OTP number.
570 * value: value to write in the register.
571 * Must be always 1.
572 * return: true if OTP is locked, else false.
573 */
bsec_write_sr_lock(uint32_t otp,uint32_t value)574 bool bsec_write_sr_lock(uint32_t otp, uint32_t value)
575 {
576 bool result = false;
577 uint32_t bank = otp_bank_offset(otp);
578 uint32_t bank_value;
579 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
580
581 bsec_lock();
582
583 bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
584
585 if ((bank_value & otp_mask) == value) {
586 /*
587 * In case of write don't need to write,
588 * the lock is already set.
589 */
590 if (value != 0U) {
591 result = true;
592 }
593 } else {
594 if (value != 0U) {
595 bank_value = bank_value | otp_mask;
596 } else {
597 bank_value = bank_value & ~otp_mask;
598 }
599
600 /*
601 * We can write 0 in all other OTP
602 * if the lock is activated in one of other OTP.
603 * Write 0 has no effect.
604 */
605 mmio_write_32(bsec_base + BSEC_SRLOCK_OFF + bank, bank_value);
606 result = true;
607 }
608
609 bsec_unlock();
610
611 return result;
612 }
613
614 /*
615 * bsec_read_sr_lock: read shadow-read lock.
616 * otp: OTP number.
617 * return: true if otp is locked, else false.
618 */
bsec_read_sr_lock(uint32_t otp)619 bool bsec_read_sr_lock(uint32_t otp)
620 {
621 uint32_t bank = otp_bank_offset(otp);
622 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
623 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
624
625 return (bank_value & otp_mask) != 0U;
626 }
627
628 /*
629 * bsec_write_sw_lock: write shadow-write lock.
630 * otp: OTP number.
631 * value: Value to write in the register.
632 * Must be always 1.
633 * return: true if OTP is locked, else false.
634 */
bsec_write_sw_lock(uint32_t otp,uint32_t value)635 bool bsec_write_sw_lock(uint32_t otp, uint32_t value)
636 {
637 bool result = false;
638 uint32_t bank = otp_bank_offset(otp);
639 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
640 uint32_t bank_value;
641
642 bsec_lock();
643
644 bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
645
646 if ((bank_value & otp_mask) == value) {
647 /*
648 * In case of write don't need to write,
649 * the lock is already set.
650 */
651 if (value != 0U) {
652 result = true;
653 }
654 } else {
655 if (value != 0U) {
656 bank_value = bank_value | otp_mask;
657 } else {
658 bank_value = bank_value & ~otp_mask;
659 }
660
661 /*
662 * We can write 0 in all other OTP
663 * if the lock is activated in one of other OTP.
664 * Write 0 has no effect.
665 */
666 mmio_write_32(bsec_base + BSEC_SWLOCK_OFF + bank, bank_value);
667 result = true;
668 }
669
670 bsec_unlock();
671
672 return result;
673 }
674
675 /*
676 * bsec_read_sw_lock: read shadow-write lock.
677 * otp: OTP number.
678 * return: true if OTP is locked, else false.
679 */
bsec_read_sw_lock(uint32_t otp)680 bool bsec_read_sw_lock(uint32_t otp)
681 {
682 uint32_t bank = otp_bank_offset(otp);
683 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
684 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
685
686 return (bank_value & otp_mask) != 0U;
687 }
688
689 /*
690 * bsec_write_sp_lock: write shadow-program lock.
691 * otp: OTP number.
692 * value: Value to write in the register.
693 * Must be always 1.
694 * return: true if OTP is locked, else false.
695 */
bsec_write_sp_lock(uint32_t otp,uint32_t value)696 bool bsec_write_sp_lock(uint32_t otp, uint32_t value)
697 {
698 bool result = false;
699 uint32_t bank = otp_bank_offset(otp);
700 uint32_t bank_value;
701 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
702
703 bsec_lock();
704
705 bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
706
707 if ((bank_value & otp_mask) == value) {
708 /*
709 * In case of write don't need to write,
710 * the lock is already set.
711 */
712 if (value != 0U) {
713 result = true;
714 }
715 } else {
716 if (value != 0U) {
717 bank_value = bank_value | otp_mask;
718 } else {
719 bank_value = bank_value & ~otp_mask;
720 }
721
722 /*
723 * We can write 0 in all other OTP
724 * if the lock is activated in one of other OTP.
725 * Write 0 has no effect.
726 */
727 mmio_write_32(bsec_base + BSEC_SPLOCK_OFF + bank, bank_value);
728 result = true;
729 }
730
731 bsec_unlock();
732
733 return result;
734 }
735
736 /*
737 * bsec_read_sp_lock: read shadow-program lock.
738 * otp: OTP number.
739 * return: true if OTP is locked, else false.
740 */
bsec_read_sp_lock(uint32_t otp)741 bool bsec_read_sp_lock(uint32_t otp)
742 {
743 uint32_t bank = otp_bank_offset(otp);
744 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
745 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
746
747 return (bank_value & otp_mask) != 0U;
748 }
749
750 /*
751 * bsec_wr_lock: Read permanent lock status.
752 * otp: OTP number.
753 * return: true if OTP is locked, else false.
754 */
bsec_wr_lock(uint32_t otp)755 bool bsec_wr_lock(uint32_t otp)
756 {
757 uint32_t bank = otp_bank_offset(otp);
758 uint32_t lock_bit = BIT(otp & BSEC_OTP_MASK);
759
760 if ((mmio_read_32(bsec_base + BSEC_WRLOCK_OFF + bank) &
761 lock_bit) != 0U) {
762 /*
763 * In case of write don't need to write,
764 * the lock is already set.
765 */
766 return true;
767 }
768
769 return false;
770 }
771
772 /*
773 * bsec_otp_lock: Lock Upper OTP or Global programming or debug enable
774 * service: Service to lock see header file.
775 * value: Value to write must always set to 1 (only use for debug purpose).
776 * return: BSEC_OK if succeed.
777 */
bsec_otp_lock(uint32_t service,uint32_t value)778 uint32_t bsec_otp_lock(uint32_t service, uint32_t value)
779 {
780 uintptr_t reg = bsec_base + BSEC_OTP_LOCK_OFF;
781
782 switch (service) {
783 case BSEC_LOCK_UPPER_OTP:
784 mmio_write_32(reg, value << BSEC_LOCK_UPPER_OTP);
785 break;
786 case BSEC_LOCK_DEBUG:
787 mmio_write_32(reg, value << BSEC_LOCK_DEBUG);
788 break;
789 case BSEC_LOCK_PROGRAM:
790 mmio_write_32(reg, value << BSEC_LOCK_PROGRAM);
791 break;
792 default:
793 return BSEC_INVALID_PARAM;
794 }
795
796 return BSEC_OK;
797 }
798
799 /*
800 * bsec_power_safmem: Activate or deactivate SAFMEM power.
801 * power: true to power up, false to power down.
802 * return: BSEC_OK if succeed.
803 */
bsec_power_safmem(bool power)804 static uint32_t bsec_power_safmem(bool power)
805 {
806 uint32_t register_val;
807 uint32_t timeout = BSEC_TIMEOUT_VALUE;
808
809 bsec_lock();
810
811 register_val = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
812
813 if (power) {
814 register_val |= BSEC_CONF_POWER_UP_MASK;
815 } else {
816 register_val &= ~BSEC_CONF_POWER_UP_MASK;
817 }
818
819 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, register_val);
820
821 /* Waiting loop */
822 if (power) {
823 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) &&
824 (timeout != 0U)) {
825 timeout--;
826 }
827 } else {
828 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) != 0U) &&
829 (timeout != 0U)) {
830 timeout--;
831 }
832 }
833
834 bsec_unlock();
835
836 if (timeout == 0U) {
837 return BSEC_TIMEOUT;
838 }
839
840 return BSEC_OK;
841 }
842
843 /*
844 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
845 * otp_value: read value.
846 * word: OTP number.
847 * return value: BSEC_OK if no error.
848 */
bsec_shadow_read_otp(uint32_t * otp_value,uint32_t word)849 uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word)
850 {
851 uint32_t result;
852
853 result = bsec_shadow_register(word);
854 if (result != BSEC_OK) {
855 ERROR("BSEC: %u Shadowing Error %i\n", word, result);
856 return result;
857 }
858
859 result = bsec_read_otp(otp_value, word);
860 if (result != BSEC_OK) {
861 ERROR("BSEC: %u Read Error %i\n", word, result);
862 }
863
864 return result;
865 }
866
867 /*
868 * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
869 * otp: OTP number.
870 * return: BSEC_OK if authorized access.
871 */
bsec_check_nsec_access_rights(uint32_t otp)872 uint32_t bsec_check_nsec_access_rights(uint32_t otp)
873 {
874 #if defined(IMAGE_BL32)
875 if (otp > STM32MP1_OTP_MAX_ID) {
876 return BSEC_INVALID_PARAM;
877 }
878
879 if (otp >= STM32MP1_UPPER_OTP_START) {
880 /* Check if BSEC is in OTP-SECURED closed_device state. */
881 if (stm32mp_is_closed_device()) {
882 if (!non_secure_can_access(otp)) {
883 return BSEC_ERROR;
884 }
885 }
886 }
887 #endif
888
889 return BSEC_OK;
890 }
891
892