1 /*
2  * Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <limits.h>
9 
10 #include <libfdt.h>
11 
12 #include <platform_def.h>
13 
14 #include <arch_helpers.h>
15 #include <common/debug.h>
16 #include <drivers/st/bsec.h>
17 #include <lib/mmio.h>
18 #include <lib/spinlock.h>
19 
20 #define BSEC_IP_VERSION_1_0	0x10
21 #define BSEC_COMPAT		"st,stm32mp15-bsec"
22 
23 #define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
24 
25 static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __unused;
26 
27 static uint32_t bsec_power_safmem(bool power);
28 
29 /* BSEC access protection */
30 static spinlock_t bsec_spinlock;
31 static uintptr_t bsec_base;
32 
bsec_lock(void)33 static void bsec_lock(void)
34 {
35 	if (stm32mp_lock_available()) {
36 		spin_lock(&bsec_spinlock);
37 	}
38 }
39 
bsec_unlock(void)40 static void bsec_unlock(void)
41 {
42 	if (stm32mp_lock_available()) {
43 		spin_unlock(&bsec_spinlock);
44 	}
45 }
46 
bsec_get_dt_node(struct dt_node_info * info)47 static int bsec_get_dt_node(struct dt_node_info *info)
48 {
49 	int node;
50 
51 	node = dt_get_node(info, -1, BSEC_COMPAT);
52 	if (node < 0) {
53 		return -FDT_ERR_NOTFOUND;
54 	}
55 
56 	return node;
57 }
58 
59 #if defined(IMAGE_BL32)
enable_non_secure_access(uint32_t otp)60 static void enable_non_secure_access(uint32_t otp)
61 {
62 	otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
63 
64 	if (bsec_shadow_register(otp) != BSEC_OK) {
65 		panic();
66 	}
67 }
68 
non_secure_can_access(uint32_t otp)69 static bool non_secure_can_access(uint32_t otp)
70 {
71 	return (otp_nsec_access[otp / __WORD_BIT] &
72 		BIT(otp % __WORD_BIT)) != 0;
73 }
74 
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)75 static int bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
76 {
77 	int bsec_subnode;
78 
79 	fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
80 		const fdt32_t *cuint;
81 		uint32_t reg;
82 		uint32_t i;
83 		uint32_t size;
84 		uint8_t status;
85 
86 		cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
87 		if (cuint == NULL) {
88 			panic();
89 		}
90 
91 		reg = fdt32_to_cpu(*cuint) / sizeof(uint32_t);
92 		if (reg < STM32MP1_UPPER_OTP_START) {
93 			continue;
94 		}
95 
96 		status = fdt_get_status(bsec_subnode);
97 		if ((status & DT_NON_SECURE) == 0U)  {
98 			continue;
99 		}
100 
101 		size = fdt32_to_cpu(*(cuint + 1)) / sizeof(uint32_t);
102 
103 		if ((fdt32_to_cpu(*(cuint + 1)) % sizeof(uint32_t)) != 0) {
104 			size++;
105 		}
106 
107 		for (i = reg; i < (reg + size); i++) {
108 			enable_non_secure_access(i);
109 		}
110 	}
111 
112 	return 0;
113 }
114 #endif
115 
otp_bank_offset(uint32_t otp)116 static uint32_t otp_bank_offset(uint32_t otp)
117 {
118 	assert(otp <= STM32MP1_OTP_MAX_ID);
119 
120 	return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
121 	       sizeof(uint32_t);
122 }
123 
bsec_check_error(uint32_t otp)124 static uint32_t bsec_check_error(uint32_t otp)
125 {
126 	uint32_t bit = BIT(otp & BSEC_OTP_MASK);
127 	uint32_t bank = otp_bank_offset(otp);
128 
129 	if ((mmio_read_32(bsec_base + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
130 		return BSEC_DISTURBED;
131 	}
132 
133 	if ((mmio_read_32(bsec_base + BSEC_ERROR_OFF + bank) & bit) != 0U) {
134 		return BSEC_ERROR;
135 	}
136 
137 	return BSEC_OK;
138 }
139 
140 /*
141  * bsec_probe: initialize BSEC driver.
142  * return value: BSEC_OK if no error.
143  */
bsec_probe(void)144 uint32_t bsec_probe(void)
145 {
146 	void *fdt;
147 	int node;
148 	struct dt_node_info bsec_info;
149 
150 	if (fdt_get_address(&fdt) == 0) {
151 		panic();
152 	}
153 
154 	node = bsec_get_dt_node(&bsec_info);
155 	if (node < 0) {
156 		panic();
157 	}
158 
159 	bsec_base = bsec_info.base;
160 
161 #if defined(IMAGE_BL32)
162 	bsec_dt_otp_nsec_access(fdt, node);
163 #endif
164 	return BSEC_OK;
165 }
166 
167 /*
168  * bsec_get_base: return BSEC base address.
169  */
bsec_get_base(void)170 uint32_t bsec_get_base(void)
171 {
172 	return bsec_base;
173 }
174 
175 /*
176  * bsec_set_config: enable and configure BSEC.
177  * cfg: pointer to param structure used to set register.
178  * return value: BSEC_OK if no error.
179  */
bsec_set_config(struct bsec_config * cfg)180 uint32_t bsec_set_config(struct bsec_config *cfg)
181 {
182 	uint32_t value;
183 	int32_t result;
184 
185 	value = ((((uint32_t)cfg->freq << BSEC_CONF_FRQ_SHIFT) &
186 						BSEC_CONF_FRQ_MASK) |
187 		 (((uint32_t)cfg->pulse_width << BSEC_CONF_PRG_WIDTH_SHIFT) &
188 						BSEC_CONF_PRG_WIDTH_MASK) |
189 		 (((uint32_t)cfg->tread << BSEC_CONF_TREAD_SHIFT) &
190 						BSEC_CONF_TREAD_MASK));
191 
192 	bsec_lock();
193 
194 	mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, value);
195 
196 	bsec_unlock();
197 
198 	result = bsec_power_safmem((bool)cfg->power &
199 				   BSEC_CONF_POWER_UP_MASK);
200 	if (result != BSEC_OK) {
201 		return result;
202 	}
203 
204 	value = ((((uint32_t)cfg->upper_otp_lock << UPPER_OTP_LOCK_SHIFT) &
205 						UPPER_OTP_LOCK_MASK) |
206 		 (((uint32_t)cfg->den_lock << DENREG_LOCK_SHIFT) &
207 						DENREG_LOCK_MASK) |
208 		 (((uint32_t)cfg->prog_lock << GPLOCK_LOCK_SHIFT) &
209 						GPLOCK_LOCK_MASK));
210 
211 	bsec_lock();
212 
213 	mmio_write_32(bsec_base + BSEC_OTP_LOCK_OFF, value);
214 
215 	bsec_unlock();
216 
217 	return BSEC_OK;
218 }
219 
220 /*
221  * bsec_get_config: return config parameters set in BSEC registers.
222  * cfg: config param return.
223  * return value: BSEC_OK if no error.
224  */
bsec_get_config(struct bsec_config * cfg)225 uint32_t bsec_get_config(struct bsec_config *cfg)
226 {
227 	uint32_t value;
228 
229 	if (cfg == NULL) {
230 		return BSEC_INVALID_PARAM;
231 	}
232 
233 	value = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
234 	cfg->power = (uint8_t)((value & BSEC_CONF_POWER_UP_MASK) >>
235 						BSEC_CONF_POWER_UP_SHIFT);
236 	cfg->freq = (uint8_t)((value & BSEC_CONF_FRQ_MASK) >>
237 						BSEC_CONF_FRQ_SHIFT);
238 	cfg->pulse_width = (uint8_t)((value & BSEC_CONF_PRG_WIDTH_MASK) >>
239 						BSEC_CONF_PRG_WIDTH_SHIFT);
240 	cfg->tread = (uint8_t)((value & BSEC_CONF_TREAD_MASK) >>
241 						BSEC_CONF_TREAD_SHIFT);
242 
243 	value = mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF);
244 	cfg->upper_otp_lock = (uint8_t)((value & UPPER_OTP_LOCK_MASK) >>
245 						UPPER_OTP_LOCK_SHIFT);
246 	cfg->den_lock = (uint8_t)((value & DENREG_LOCK_MASK) >>
247 						DENREG_LOCK_SHIFT);
248 	cfg->prog_lock = (uint8_t)((value & GPLOCK_LOCK_MASK) >>
249 						GPLOCK_LOCK_SHIFT);
250 
251 	return BSEC_OK;
252 }
253 
254 /*
255  * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
256  * otp: OTP number.
257  * return value: BSEC_OK if no error.
258  */
bsec_shadow_register(uint32_t otp)259 uint32_t bsec_shadow_register(uint32_t otp)
260 {
261 	uint32_t result;
262 	bool power_up = false;
263 
264 	if (otp > STM32MP1_OTP_MAX_ID) {
265 		return BSEC_INVALID_PARAM;
266 	}
267 
268 	/* Check if shadowing of OTP is locked */
269 	if (bsec_read_sr_lock(otp)) {
270 		VERBOSE("BSEC: OTP %i is locked and will not be refreshed\n",
271 			otp);
272 	}
273 
274 	if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
275 		result = bsec_power_safmem(true);
276 
277 		if (result != BSEC_OK) {
278 			return result;
279 		}
280 
281 		power_up = true;
282 	}
283 
284 	bsec_lock();
285 
286 	/* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
287 	mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
288 
289 	while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
290 		;
291 	}
292 
293 	result = bsec_check_error(otp);
294 
295 	bsec_unlock();
296 
297 	if (power_up) {
298 		if (bsec_power_safmem(false) != BSEC_OK) {
299 			panic();
300 		}
301 	}
302 
303 	return result;
304 }
305 
306 /*
307  * bsec_read_otp: read an OTP data value.
308  * val: read value.
309  * otp: OTP number.
310  * return value: BSEC_OK if no error.
311  */
bsec_read_otp(uint32_t * val,uint32_t otp)312 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
313 {
314 	uint32_t result;
315 
316 	if (otp > STM32MP1_OTP_MAX_ID) {
317 		return BSEC_INVALID_PARAM;
318 	}
319 
320 	bsec_lock();
321 
322 	*val = mmio_read_32(bsec_base + BSEC_OTP_DATA_OFF +
323 			    (otp * sizeof(uint32_t)));
324 
325 	result = bsec_check_error(otp);
326 
327 	bsec_unlock();
328 
329 	return result;
330 }
331 
332 /*
333  * bsec_write_otp: write value in BSEC data register.
334  * val: value to write.
335  * otp: OTP number.
336  * return value: BSEC_OK if no error.
337  */
bsec_write_otp(uint32_t val,uint32_t otp)338 uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
339 {
340 	uint32_t result;
341 
342 	if (otp > STM32MP1_OTP_MAX_ID) {
343 		return BSEC_INVALID_PARAM;
344 	}
345 
346 	/* Check if programming of OTP is locked */
347 	if (bsec_read_sw_lock(otp)) {
348 		VERBOSE("BSEC: OTP %i is locked and write will be ignored\n",
349 			otp);
350 	}
351 
352 	bsec_lock();
353 
354 	mmio_write_32(bsec_base + BSEC_OTP_DATA_OFF +
355 		      (otp * sizeof(uint32_t)), val);
356 
357 	result = bsec_check_error(otp);
358 
359 	bsec_unlock();
360 
361 	return result;
362 }
363 
364 /*
365  * bsec_program_otp: program a bit in SAFMEM after the prog.
366  *	The OTP data is not refreshed.
367  * val: value to program.
368  * otp: OTP number.
369  * return value: BSEC_OK if no error.
370  */
bsec_program_otp(uint32_t val,uint32_t otp)371 uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
372 {
373 	uint32_t result;
374 	bool power_up = false;
375 
376 	if (otp > STM32MP1_OTP_MAX_ID) {
377 		return BSEC_INVALID_PARAM;
378 	}
379 
380 	/* Check if programming of OTP is locked */
381 	if (bsec_read_sp_lock(otp)) {
382 		WARN("BSEC: OTP locked, prog will be ignored\n");
383 	}
384 
385 	if ((mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF) &
386 	     BIT(BSEC_LOCK_PROGRAM)) != 0U) {
387 		WARN("BSEC: GPLOCK activated, prog will be ignored\n");
388 	}
389 
390 	if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
391 		result = bsec_power_safmem(true);
392 
393 		if (result != BSEC_OK) {
394 			return result;
395 		}
396 
397 		power_up = true;
398 	}
399 
400 	bsec_lock();
401 
402 	/* Set value in write register */
403 	mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, val);
404 
405 	/* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
406 	mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
407 
408 	while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
409 		;
410 	}
411 
412 	if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
413 		result = BSEC_PROG_FAIL;
414 	} else {
415 		result = bsec_check_error(otp);
416 	}
417 
418 	bsec_unlock();
419 
420 	if (power_up) {
421 		if (bsec_power_safmem(false) != BSEC_OK) {
422 			panic();
423 		}
424 	}
425 
426 	return result;
427 }
428 
429 /*
430  * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
431  * otp: OTP number.
432  * return value: BSEC_OK if no error.
433  */
bsec_permanent_lock_otp(uint32_t otp)434 uint32_t bsec_permanent_lock_otp(uint32_t otp)
435 {
436 	uint32_t result;
437 	bool power_up = false;
438 	uint32_t data;
439 	uint32_t addr;
440 
441 	if (otp > STM32MP1_OTP_MAX_ID) {
442 		return BSEC_INVALID_PARAM;
443 	}
444 
445 	if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
446 		result = bsec_power_safmem(true);
447 
448 		if (result != BSEC_OK) {
449 			return result;
450 		}
451 
452 		power_up = true;
453 	}
454 
455 	if (otp < STM32MP1_UPPER_OTP_START) {
456 		addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
457 		data = DATA_LOWER_OTP_PERLOCK_BIT <<
458 		       ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
459 	} else {
460 		addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
461 		data = DATA_UPPER_OTP_PERLOCK_BIT <<
462 		       (otp & DATA_UPPER_OTP_PERLOCK_MASK);
463 	}
464 
465 	bsec_lock();
466 
467 	/* Set value in write register */
468 	mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, data);
469 
470 	/* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
471 	mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF,
472 		      addr | BSEC_WRITE | BSEC_LOCK);
473 
474 	while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
475 		;
476 	}
477 
478 	if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
479 		result = BSEC_PROG_FAIL;
480 	} else {
481 		result = bsec_check_error(otp);
482 	}
483 
484 	bsec_unlock();
485 
486 	if (power_up) {
487 		if (bsec_power_safmem(false) != BSEC_OK) {
488 			panic();
489 		}
490 	}
491 
492 	return result;
493 }
494 
495 /*
496  * bsec_write_debug_conf: write value in debug feature
497  *	to enable/disable debug service.
498  * val: value to write.
499  * return value: BSEC_OK if no error.
500  */
bsec_write_debug_conf(uint32_t val)501 uint32_t bsec_write_debug_conf(uint32_t val)
502 {
503 	uint32_t result = BSEC_ERROR;
504 	uint32_t masked_val = val & BSEC_DEN_ALL_MSK;
505 
506 	bsec_lock();
507 
508 	mmio_write_32(bsec_base + BSEC_DEN_OFF, masked_val);
509 
510 	if ((mmio_read_32(bsec_base + BSEC_DEN_OFF) ^ masked_val) == 0U) {
511 		result = BSEC_OK;
512 	}
513 
514 	bsec_unlock();
515 
516 	return result;
517 }
518 
519 /*
520  * bsec_read_debug_conf: read debug configuration.
521  */
bsec_read_debug_conf(void)522 uint32_t bsec_read_debug_conf(void)
523 {
524 	return mmio_read_32(bsec_base + BSEC_DEN_OFF);
525 }
526 
527 /*
528  * bsec_get_status: return status register value.
529  */
bsec_get_status(void)530 uint32_t bsec_get_status(void)
531 {
532 	return mmio_read_32(bsec_base + BSEC_OTP_STATUS_OFF);
533 }
534 
535 /*
536  * bsec_get_hw_conf: return hardware configuration.
537  */
bsec_get_hw_conf(void)538 uint32_t bsec_get_hw_conf(void)
539 {
540 	return mmio_read_32(bsec_base + BSEC_IPHW_CFG_OFF);
541 }
542 
543 /*
544  * bsec_get_version: return BSEC version.
545  */
bsec_get_version(void)546 uint32_t bsec_get_version(void)
547 {
548 	return mmio_read_32(bsec_base + BSEC_IPVR_OFF);
549 }
550 
551 /*
552  * bsec_get_id: return BSEC ID.
553  */
bsec_get_id(void)554 uint32_t bsec_get_id(void)
555 {
556 	return mmio_read_32(bsec_base + BSEC_IP_ID_OFF);
557 }
558 
559 /*
560  * bsec_get_magic_id: return BSEC magic number.
561  */
bsec_get_magic_id(void)562 uint32_t bsec_get_magic_id(void)
563 {
564 	return mmio_read_32(bsec_base + BSEC_IP_MAGIC_ID_OFF);
565 }
566 
567 /*
568  * bsec_write_sr_lock: write shadow-read lock.
569  * otp: OTP number.
570  * value: value to write in the register.
571  *	Must be always 1.
572  * return: true if OTP is locked, else false.
573  */
bsec_write_sr_lock(uint32_t otp,uint32_t value)574 bool bsec_write_sr_lock(uint32_t otp, uint32_t value)
575 {
576 	bool result = false;
577 	uint32_t bank = otp_bank_offset(otp);
578 	uint32_t bank_value;
579 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
580 
581 	bsec_lock();
582 
583 	bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
584 
585 	if ((bank_value & otp_mask) == value) {
586 		/*
587 		 * In case of write don't need to write,
588 		 * the lock is already set.
589 		 */
590 		if (value != 0U) {
591 			result = true;
592 		}
593 	} else {
594 		if (value != 0U) {
595 			bank_value = bank_value | otp_mask;
596 		} else {
597 			bank_value = bank_value & ~otp_mask;
598 		}
599 
600 		/*
601 		 * We can write 0 in all other OTP
602 		 * if the lock is activated in one of other OTP.
603 		 * Write 0 has no effect.
604 		 */
605 		mmio_write_32(bsec_base + BSEC_SRLOCK_OFF + bank, bank_value);
606 		result = true;
607 	}
608 
609 	bsec_unlock();
610 
611 	return result;
612 }
613 
614 /*
615  * bsec_read_sr_lock: read shadow-read lock.
616  * otp: OTP number.
617  * return: true if otp is locked, else false.
618  */
bsec_read_sr_lock(uint32_t otp)619 bool bsec_read_sr_lock(uint32_t otp)
620 {
621 	uint32_t bank = otp_bank_offset(otp);
622 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
623 	uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
624 
625 	return (bank_value & otp_mask) != 0U;
626 }
627 
628 /*
629  * bsec_write_sw_lock: write shadow-write lock.
630  * otp: OTP number.
631  * value: Value to write in the register.
632  *	Must be always 1.
633  * return: true if OTP is locked, else false.
634  */
bsec_write_sw_lock(uint32_t otp,uint32_t value)635 bool bsec_write_sw_lock(uint32_t otp, uint32_t value)
636 {
637 	bool result = false;
638 	uint32_t bank = otp_bank_offset(otp);
639 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
640 	uint32_t bank_value;
641 
642 	bsec_lock();
643 
644 	bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
645 
646 	if ((bank_value & otp_mask) == value) {
647 		/*
648 		 * In case of write don't need to write,
649 		 * the lock is already set.
650 		 */
651 		if (value != 0U) {
652 			result = true;
653 		}
654 	} else {
655 		if (value != 0U) {
656 			bank_value = bank_value | otp_mask;
657 		} else {
658 			bank_value = bank_value & ~otp_mask;
659 		}
660 
661 		/*
662 		 * We can write 0 in all other OTP
663 		 * if the lock is activated in one of other OTP.
664 		 * Write 0 has no effect.
665 		 */
666 		mmio_write_32(bsec_base + BSEC_SWLOCK_OFF + bank, bank_value);
667 		result = true;
668 	}
669 
670 	bsec_unlock();
671 
672 	return result;
673 }
674 
675 /*
676  * bsec_read_sw_lock: read shadow-write lock.
677  * otp: OTP number.
678  * return: true if OTP is locked, else false.
679  */
bsec_read_sw_lock(uint32_t otp)680 bool bsec_read_sw_lock(uint32_t otp)
681 {
682 	uint32_t bank = otp_bank_offset(otp);
683 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
684 	uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
685 
686 	return (bank_value & otp_mask) != 0U;
687 }
688 
689 /*
690  * bsec_write_sp_lock: write shadow-program lock.
691  * otp: OTP number.
692  * value: Value to write in the register.
693  *	Must be always 1.
694  * return: true if OTP is locked, else false.
695  */
bsec_write_sp_lock(uint32_t otp,uint32_t value)696 bool bsec_write_sp_lock(uint32_t otp, uint32_t value)
697 {
698 	bool result = false;
699 	uint32_t bank = otp_bank_offset(otp);
700 	uint32_t bank_value;
701 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
702 
703 	bsec_lock();
704 
705 	bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
706 
707 	if ((bank_value & otp_mask) == value) {
708 		/*
709 		 * In case of write don't need to write,
710 		 * the lock is already set.
711 		 */
712 		if (value != 0U) {
713 			result = true;
714 		}
715 	} else {
716 		if (value != 0U) {
717 			bank_value = bank_value | otp_mask;
718 		} else {
719 			bank_value = bank_value & ~otp_mask;
720 		}
721 
722 		/*
723 		 * We can write 0 in all other OTP
724 		 * if the lock is activated in one of other OTP.
725 		 * Write 0 has no effect.
726 		 */
727 		mmio_write_32(bsec_base + BSEC_SPLOCK_OFF + bank, bank_value);
728 		result = true;
729 	}
730 
731 	bsec_unlock();
732 
733 	return result;
734 }
735 
736 /*
737  * bsec_read_sp_lock: read shadow-program lock.
738  * otp: OTP number.
739  * return: true if OTP is locked, else false.
740  */
bsec_read_sp_lock(uint32_t otp)741 bool bsec_read_sp_lock(uint32_t otp)
742 {
743 	uint32_t bank = otp_bank_offset(otp);
744 	uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
745 	uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
746 
747 	return (bank_value & otp_mask) != 0U;
748 }
749 
750 /*
751  * bsec_wr_lock: Read permanent lock status.
752  * otp: OTP number.
753  * return: true if OTP is locked, else false.
754  */
bsec_wr_lock(uint32_t otp)755 bool bsec_wr_lock(uint32_t otp)
756 {
757 	uint32_t bank = otp_bank_offset(otp);
758 	uint32_t lock_bit = BIT(otp & BSEC_OTP_MASK);
759 
760 	if ((mmio_read_32(bsec_base + BSEC_WRLOCK_OFF + bank) &
761 	     lock_bit) != 0U) {
762 		/*
763 		 * In case of write don't need to write,
764 		 * the lock is already set.
765 		 */
766 		return true;
767 	}
768 
769 	return false;
770 }
771 
772 /*
773  * bsec_otp_lock: Lock Upper OTP or Global programming or debug enable
774  * service: Service to lock see header file.
775  * value: Value to write must always set to 1 (only use for debug purpose).
776  * return: BSEC_OK if succeed.
777  */
bsec_otp_lock(uint32_t service,uint32_t value)778 uint32_t bsec_otp_lock(uint32_t service, uint32_t value)
779 {
780 	uintptr_t reg = bsec_base + BSEC_OTP_LOCK_OFF;
781 
782 	switch (service) {
783 	case BSEC_LOCK_UPPER_OTP:
784 		mmio_write_32(reg, value << BSEC_LOCK_UPPER_OTP);
785 		break;
786 	case BSEC_LOCK_DEBUG:
787 		mmio_write_32(reg, value << BSEC_LOCK_DEBUG);
788 		break;
789 	case BSEC_LOCK_PROGRAM:
790 		mmio_write_32(reg, value << BSEC_LOCK_PROGRAM);
791 		break;
792 	default:
793 		return BSEC_INVALID_PARAM;
794 	}
795 
796 	return BSEC_OK;
797 }
798 
799 /*
800  * bsec_power_safmem: Activate or deactivate SAFMEM power.
801  * power: true to power up, false to power down.
802  * return: BSEC_OK if succeed.
803  */
bsec_power_safmem(bool power)804 static uint32_t bsec_power_safmem(bool power)
805 {
806 	uint32_t register_val;
807 	uint32_t timeout = BSEC_TIMEOUT_VALUE;
808 
809 	bsec_lock();
810 
811 	register_val = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
812 
813 	if (power) {
814 		register_val |= BSEC_CONF_POWER_UP_MASK;
815 	} else {
816 		register_val &= ~BSEC_CONF_POWER_UP_MASK;
817 	}
818 
819 	mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, register_val);
820 
821 	/* Waiting loop */
822 	if (power) {
823 		while (((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) &&
824 		       (timeout != 0U)) {
825 			timeout--;
826 		}
827 	} else {
828 		while (((bsec_get_status() & BSEC_MODE_PWR_MASK) != 0U) &&
829 		       (timeout != 0U)) {
830 			timeout--;
831 		}
832 	}
833 
834 	bsec_unlock();
835 
836 	if (timeout == 0U) {
837 		return BSEC_TIMEOUT;
838 	}
839 
840 	return BSEC_OK;
841 }
842 
843 /*
844  * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
845  * otp_value: read value.
846  * word: OTP number.
847  * return value: BSEC_OK if no error.
848  */
bsec_shadow_read_otp(uint32_t * otp_value,uint32_t word)849 uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word)
850 {
851 	uint32_t result;
852 
853 	result = bsec_shadow_register(word);
854 	if (result != BSEC_OK) {
855 		ERROR("BSEC: %u Shadowing Error %i\n", word, result);
856 		return result;
857 	}
858 
859 	result = bsec_read_otp(otp_value, word);
860 	if (result != BSEC_OK) {
861 		ERROR("BSEC: %u Read Error %i\n", word, result);
862 	}
863 
864 	return result;
865 }
866 
867 /*
868  * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
869  * otp: OTP number.
870  * return: BSEC_OK if authorized access.
871  */
bsec_check_nsec_access_rights(uint32_t otp)872 uint32_t bsec_check_nsec_access_rights(uint32_t otp)
873 {
874 #if defined(IMAGE_BL32)
875 	if (otp > STM32MP1_OTP_MAX_ID) {
876 		return BSEC_INVALID_PARAM;
877 	}
878 
879 	if (otp >= STM32MP1_UPPER_OTP_START) {
880 		/* Check if BSEC is in OTP-SECURED closed_device state. */
881 		if (stm32mp_is_closed_device()) {
882 			if (!non_secure_can_access(otp)) {
883 				return BSEC_ERROR;
884 			}
885 		}
886 	}
887 #endif
888 
889 	return BSEC_OK;
890 }
891 
892