1 /*
2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
3 * Copyright (c) 2019-2020, NVIDIA CORPORATION. All rights reserved.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
8 #include <assert.h>
9 #include <errno.h>
10 #include <stdbool.h>
11
12 #include <arch_helpers.h>
13 #include <bpmp_ipc.h>
14 #include <common/debug.h>
15 #include <drivers/delay_timer.h>
16 #include <lib/mmio.h>
17 #include <lib/psci/psci.h>
18 #include <se.h>
19 #include <tegra_platform.h>
20
21 #include "se_private.h"
22
23 /*******************************************************************************
24 * Constants and Macros
25 ******************************************************************************/
26 #define ERR_STATUS_SW_CLEAR U(0xFFFFFFFF)
27 #define INT_STATUS_SW_CLEAR U(0xFFFFFFFF)
28 #define MAX_TIMEOUT_MS U(1000) /* Max. timeout of 1s */
29 #define NUM_SE_REGS_TO_SAVE U(4)
30
31 #define BYTES_IN_WORD U(4)
32 #define SHA256_MAX_HASH_RESULT U(7)
33 #define SHA256_DST_SIZE U(32)
34 #define SHA_FIRST_OP U(1)
35 #define MAX_SHA_ENGINE_CHUNK_SIZE U(0xFFFFFF)
36 #define SHA256_MSG_LENGTH_ONETIME U(0xFFFF)
37
38 /*******************************************************************************
39 * Data structure and global variables
40 ******************************************************************************/
41 static uint32_t se_regs[NUM_SE_REGS_TO_SAVE];
42
43 /*
44 * Check that SE operation has completed after kickoff.
45 *
46 * This function is invoked after an SE operation has been started,
47 * and it checks the following conditions:
48 *
49 * 1. SE_STATUS = IDLE
50 * 2. AHB bus data transfer is complete.
51 * 3. SE_ERR_STATUS is clean.
52 */
tegra_se_is_operation_complete(void)53 static bool tegra_se_is_operation_complete(void)
54 {
55 uint32_t val = 0, timeout = 0, sha_status, aes_status;
56 int32_t ret = 0;
57 bool se_is_busy, txn_has_errors, txn_successful;
58
59 /*
60 * Poll the status register to check if the operation
61 * completed.
62 */
63 do {
64 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS);
65 se_is_busy = ((val & CTX_SAVE_AUTO_SE_BUSY) != 0U);
66
67 /* sleep until SE finishes */
68 if (se_is_busy) {
69 mdelay(1);
70 timeout++;
71 }
72
73 } while (se_is_busy && (timeout < MAX_TIMEOUT_MS));
74
75 /* any transaction errors? */
76 txn_has_errors = (tegra_se_read_32(SHA_ERR_STATUS) != 0U) ||
77 (tegra_se_read_32(AES0_ERR_STATUS) != 0U);
78
79 /* transaction successful? */
80 sha_status = tegra_se_read_32(SHA_INT_STATUS) & SHA_SE_OP_DONE;
81 aes_status = tegra_se_read_32(AES0_INT_STATUS) & AES0_SE_OP_DONE;
82 txn_successful = (sha_status == SHA_SE_OP_DONE) &&
83 (aes_status == AES0_SE_OP_DONE);
84
85 if ((timeout == MAX_TIMEOUT_MS) || txn_has_errors || !txn_successful) {
86 ERROR("%s: Atomic context save operation failed!\n",
87 __func__);
88 ret = -ECANCELED;
89 }
90
91 return (ret == 0);
92 }
93
94 /*
95 * Wait for SE engine to be idle and clear any pending interrupts, before
96 * starting the next SE operation.
97 */
tegra_se_is_ready(void)98 static bool tegra_se_is_ready(void)
99 {
100 int32_t ret = 0;
101 uint32_t val = 0, timeout = 0;
102 bool se_is_ready;
103
104 /* Wait for previous operation to finish */
105 do {
106 val = tegra_se_read_32(CTX_SAVE_AUTO_STATUS);
107 se_is_ready = (val == CTX_SAVE_AUTO_SE_READY);
108
109 /* sleep until SE is ready */
110 if (!se_is_ready) {
111 mdelay(1);
112 timeout++;
113 }
114
115 } while (!se_is_ready && (timeout < MAX_TIMEOUT_MS));
116
117 if (timeout == MAX_TIMEOUT_MS) {
118 ERROR("%s: SE is not ready!\n", __func__);
119 ret = -ETIMEDOUT;
120 }
121
122 /* Clear any pending interrupts from previous operation */
123 tegra_se_write_32(AES0_INT_STATUS, INT_STATUS_SW_CLEAR);
124 tegra_se_write_32(AES1_INT_STATUS, INT_STATUS_SW_CLEAR);
125 tegra_se_write_32(RSA_INT_STATUS, INT_STATUS_SW_CLEAR);
126 tegra_se_write_32(SHA_INT_STATUS, INT_STATUS_SW_CLEAR);
127
128 /* Clear error status for each engine seen from current port */
129 tegra_se_write_32(AES0_ERR_STATUS, ERR_STATUS_SW_CLEAR);
130 tegra_se_write_32(AES1_ERR_STATUS, ERR_STATUS_SW_CLEAR);
131 tegra_se_write_32(RSA_ERR_STATUS, ERR_STATUS_SW_CLEAR);
132 tegra_se_write_32(SHA_ERR_STATUS, ERR_STATUS_SW_CLEAR);
133
134 return (ret == 0);
135 }
136
137 /*
138 * During System Suspend, this handler triggers the hardware context
139 * save operation.
140 */
tegra_se_save_context(void)141 static int32_t tegra_se_save_context(void)
142 {
143 int32_t ret = -ECANCELED;
144
145 /*
146 * 1. Ensure all SE Driver including RNG1/PKA1 are shut down.
147 * TSEC/R5s are powergated/idle. All tasks on SE1~SE4, RNG1,
148 * PKA1 are wrapped up. SE0 is ready for use.
149 * 2. Clear interrupt/error in SE0 status register.
150 * 3. Scrub SE0 register to avoid false failure for illegal
151 * configuration. Probably not needed, dependent on HW
152 * implementation.
153 * 4. Check SE is ready for HW CTX_SAVE by polling
154 * SE_CTX_SAVE_AUTO_STATUS.SE_READY.
155 *
156 * Steps 1-4 are executed by tegra_se_is_ready().
157 *
158 * 5. Issue context save command.
159 * 6. Check SE is busy with CTX_SAVE, the command in step5 was not
160 * dropped for ongoing traffic in any of SE port/engine.
161 * 7. Poll SE register or wait for SE APB interrupt for task completion
162 * a. Polling: Read SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE
163 * b. Interrupt: After receiving interrupt from SE APB, read
164 * SE_CTX_SAVE_AUTO_STATUS.BUSY till it reports IDLE.
165 * 8. Check AES0 and SHA ERR_STATUS to ensure no error case.
166 * 9. Check AES0 and SHA INT_STATUS to ensure operation has successfully
167 * completed.
168 *
169 * Steps 6-9 are executed by tegra_se_is_operation_complete().
170 */
171 if (tegra_se_is_ready()) {
172
173 /* Issue context save command */
174 tegra_se_write_32(AES0_OPERATION, SE_OP_CTX_SAVE);
175
176 /* Wait for operation to finish */
177 if (tegra_se_is_operation_complete()) {
178 ret = 0;
179 }
180 }
181
182 return ret;
183 }
184
185 /*
186 * Check that SE operation has completed after kickoff
187 * This function is invoked after an SE operation has been started,
188 * and it checks the following conditions:
189 * 1. SE0_INT_STATUS = SE0_OP_DONE
190 * 2. SE0_STATUS = IDLE
191 * 3. SE0_ERR_STATUS is clean.
192 */
tegra_se_sha256_hash_operation_complete(void)193 static int32_t tegra_se_sha256_hash_operation_complete(void)
194 {
195 uint32_t val = 0U;
196
197 /* Poll the SE interrupt register to ensure H/W operation complete */
198 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET);
199 while (SE0_INT_OP_DONE(val) == SE0_INT_OP_DONE_CLEAR) {
200 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET);
201 if (SE0_INT_OP_DONE(val) != SE0_INT_OP_DONE_CLEAR) {
202 break;
203 }
204 }
205
206 /* Poll the SE status idle to ensure H/W operation complete */
207 val = tegra_se_read_32(SE0_SHA_STATUS_0);
208 while (val != SE0_SHA_STATUS_IDLE) {
209 val = tegra_se_read_32(SE0_SHA_STATUS_0);
210 if (val == SE0_SHA_STATUS_IDLE) {
211 break;
212 }
213 }
214
215 /* Ensure that no errors are thrown during operation */
216 val = tegra_se_read_32(SE0_ERR_STATUS_REG_OFFSET);
217 if (val != 0U) {
218 ERROR("%s: error during SE operation! 0x%x", __func__,
219 val);
220 return -ENOTSUP;
221 }
222
223 return 0;
224 }
225
226 /*
227 * Security engine primitive normal operations
228 */
tegra_se_start_normal_operation(uint64_t src_addr,uint32_t nbytes,uint32_t last_buf,uint32_t src_len_inbytes)229 static int32_t tegra_se_start_normal_operation(uint64_t src_addr,
230 uint32_t nbytes, uint32_t last_buf, uint32_t src_len_inbytes)
231 {
232 uint32_t val = 0U;
233 uint32_t src_in_lo;
234 uint32_t src_in_msb;
235 uint32_t src_in_hi;
236 int32_t ret = 0;
237
238 if ((src_addr == 0ULL) || (nbytes == 0U))
239 return -EINVAL;
240
241 src_in_lo = (uint32_t)src_addr;
242 src_in_msb = (uint32_t)((src_addr >> 32U) & 0xFFU);
243 src_in_hi = ((src_in_msb << SE0_IN_HI_ADDR_HI_0_MSB_SHIFT) |
244 (nbytes & MAX_SHA_ENGINE_CHUNK_SIZE));
245
246 /* set SRC_IN_ADDR_LO and SRC_IN_ADDR_HI*/
247 tegra_se_write_32(SE0_IN_ADDR, src_in_lo);
248 tegra_se_write_32(SE0_IN_HI_ADDR_HI, src_in_hi);
249
250 val = tegra_se_read_32(SE0_INT_STATUS_REG_OFFSET);
251 if (val > 0U) {
252 tegra_se_write_32(SE0_INT_STATUS_REG_OFFSET, 0x0U);
253 }
254
255 /* Enable SHA interrupt for SE0 Operation */
256 tegra_se_write_32(SE0_SHA_INT_ENABLE, 0x1aU);
257
258 /* flush to DRAM for SE to use the updated contents */
259 flush_dcache_range(src_addr, src_len_inbytes);
260
261 /* Start SHA256 operation */
262 if (last_buf == 1U) {
263 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START |
264 SE0_UNIT_OPERATION_PKT_LASTBUF_FIELD);
265 } else {
266 tegra_se_write_32(SE0_OPERATION_REG_OFFSET, SE0_OP_START);
267 }
268
269 return ret;
270 }
271
tegra_se_calculate_sha256_hash(uint64_t src_addr,uint32_t src_len_inbyte)272 static int32_t tegra_se_calculate_sha256_hash(uint64_t src_addr,
273 uint32_t src_len_inbyte)
274 {
275 uint32_t val, last_buf, i;
276 int32_t ret = 0;
277 uint32_t operations;
278 uint64_t src_len_inbits;
279 uint32_t len_bits_msb;
280 uint32_t len_bits_lsb;
281 uint32_t number_of_operations, max_bytes, bytes_left, remaining_bytes;
282
283 if (src_len_inbyte > MAX_SHA_ENGINE_CHUNK_SIZE) {
284 ERROR("SHA input chunk size too big: 0x%x\n", src_len_inbyte);
285 return -EINVAL;
286 }
287
288 if (src_addr == 0ULL) {
289 return -EINVAL;
290 }
291
292 /* number of bytes per operation */
293 max_bytes = (SHA256_HASH_SIZE_BYTES * SHA256_MSG_LENGTH_ONETIME);
294
295 src_len_inbits = (uint32_t)(src_len_inbyte * 8U);
296 len_bits_msb = (uint32_t)(src_len_inbits >> 32U);
297 len_bits_lsb = (uint32_t)src_len_inbits;
298
299 /* program SE0_CONFIG for SHA256 operation */
300 val = (uint32_t)(SE0_CONFIG_ENC_ALG_SHA | SE0_CONFIG_ENC_MODE_SHA256 |
301 SE0_CONFIG_DEC_ALG_NOP | SE0_CONFIG_DST_HASHREG);
302 tegra_se_write_32(SE0_SHA_CONFIG, val);
303
304 /* set SE0_SHA_MSG_LENGTH registers */
305 tegra_se_write_32(SE0_SHA_MSG_LENGTH_0, len_bits_lsb);
306 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb);
307 tegra_se_write_32(SE0_SHA_MSG_LENGTH_1, len_bits_msb);
308
309 /* zero out unused SE0_SHA_MSG_LENGTH and SE0_SHA_MSG_LEFT */
310 tegra_se_write_32(SE0_SHA_MSG_LENGTH_2, 0U);
311 tegra_se_write_32(SE0_SHA_MSG_LENGTH_3, 0U);
312 tegra_se_write_32(SE0_SHA_MSG_LEFT_1, 0U);
313 tegra_se_write_32(SE0_SHA_MSG_LEFT_2, 0U);
314 tegra_se_write_32(SE0_SHA_MSG_LEFT_3, 0U);
315
316 number_of_operations = (src_len_inbyte / max_bytes);
317 remaining_bytes = (src_len_inbyte % max_bytes);
318 if (remaining_bytes > 0U) {
319 number_of_operations += 1U;
320 }
321
322 /*
323 * 1. Operations == 1: program SE0_SHA_TASK register to initiate SHA256
324 * hash generation by setting
325 * 1(SE0_SHA_CONFIG_HW_INIT_HASH) to SE0_SHA_TASK
326 * and start SHA256-normal operation.
327 * 2. 1 < Operations < number_of_operations: program SE0_SHA_TASK to
328 * 0(SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE) to load
329 * intermediate SHA256 digest result from
330 * HASH_RESULT register to continue SHA256
331 * generation and start SHA256-normal operation.
332 * 3. Operations == number_of_operations: continue with step 2 and set
333 * max_bytes to bytes_left to process final
334 * hash-result generation and start SHA256-normal
335 * operation.
336 */
337 bytes_left = src_len_inbyte;
338 for (operations = 1U; operations <= number_of_operations;
339 operations++) {
340 if (operations == SHA_FIRST_OP) {
341 val = SE0_SHA_CONFIG_HW_INIT_HASH;
342 } else {
343 /* Load intermediate SHA digest result to
344 * SHA:HASH_RESULT(0..7) to continue the SHA
345 * calculation and tell the SHA engine to use it.
346 */
347 for (i = 0U; (i / BYTES_IN_WORD) <=
348 SHA256_MAX_HASH_RESULT; i += BYTES_IN_WORD) {
349 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 +
350 i);
351 tegra_se_write_32(SE0_SHA_HASH_RESULT_0 + i,
352 val);
353 }
354 val = SE0_SHA_CONFIG_HW_INIT_HASH_DISABLE;
355 if (len_bits_lsb <= (max_bytes * 8U)) {
356 len_bits_lsb = (remaining_bytes * 8U);
357 } else {
358 len_bits_lsb -= (max_bytes * 8U);
359 }
360 tegra_se_write_32(SE0_SHA_MSG_LEFT_0, len_bits_lsb);
361 }
362 tegra_se_write_32(SE0_SHA_TASK_CONFIG, val);
363
364 max_bytes = (SHA256_HASH_SIZE_BYTES *
365 SHA256_MSG_LENGTH_ONETIME);
366 if (bytes_left < max_bytes) {
367 max_bytes = bytes_left;
368 last_buf = 1U;
369 } else {
370 bytes_left = bytes_left - max_bytes;
371 last_buf = 0U;
372 }
373 /* start operation */
374 ret = tegra_se_start_normal_operation(src_addr, max_bytes,
375 last_buf, src_len_inbyte);
376 if (ret != 0) {
377 ERROR("Error during SE operation! 0x%x", ret);
378 return -EINVAL;
379 }
380 }
381
382 return ret;
383 }
384
tegra_se_save_sha256_pmc_scratch(void)385 static int32_t tegra_se_save_sha256_pmc_scratch(void)
386 {
387 uint32_t val = 0U, hash_offset = 0U, scratch_offset = 0U;
388 int32_t ret;
389
390 /* Check SE0 operation status */
391 ret = tegra_se_sha256_hash_operation_complete();
392 if (ret != 0) {
393 ERROR("SE operation complete Failed! 0x%x", ret);
394 return ret;
395 }
396
397 for (scratch_offset = SECURE_SCRATCH_TZDRAM_SHA256_HASH_START;
398 scratch_offset <= SECURE_SCRATCH_TZDRAM_SHA256_HASH_END;
399 scratch_offset += BYTES_IN_WORD) {
400 val = tegra_se_read_32(SE0_SHA_HASH_RESULT_0 + hash_offset);
401 mmio_write_32((uint32_t)(TEGRA_SCRATCH_BASE + scratch_offset),
402 val);
403 hash_offset += BYTES_IN_WORD;
404 }
405 return 0;
406 }
407
408 /*
409 * Handler to generate SHA256 and save HASH-result to pmc-scratch register
410 */
tegra_se_calculate_save_sha256(uint64_t src_addr,uint32_t src_len_inbyte)411 int32_t tegra_se_calculate_save_sha256(uint64_t src_addr,
412 uint32_t src_len_inbyte)
413 {
414 uint32_t security;
415 int32_t val = 0;
416
417 /* Set SE_SOFT_SETTINGS=SE_SECURE to prevent NS process to change SE
418 * registers.
419 */
420 security = tegra_se_read_32(SE0_SECURITY);
421 tegra_se_write_32(SE0_SECURITY, security | SE0_SECURITY_SE_SOFT_SETTING);
422
423 /* Bootrom enable IN_ID bit in SE0_SHA_GSCID_0 register during SC7-exit, causing
424 * SE0 ignores SE0 operation, and therefore failure of 2nd iteration of SC7 cycle.
425 */
426 tegra_se_write_32(SE0_SHA_GSCID_0, 0x0U);
427
428 /* Calculate SHA256 of BL31 */
429 val = tegra_se_calculate_sha256_hash(src_addr, src_len_inbyte);
430 if (val != 0) {
431 ERROR("%s: SHA256 generation failed\n", __func__);
432 return val;
433 }
434
435 /*
436 * Reset SE_SECURE to previous value.
437 */
438 tegra_se_write_32(SE0_SECURITY, security);
439
440 /* copy sha256_dst to PMC Scratch register */
441 val = tegra_se_save_sha256_pmc_scratch();
442 if (val != 0) {
443 ERROR("%s: SE0 status Error.\n", __func__);
444 }
445
446 return val;
447 }
448
449 /*
450 * Handler to power down the SE hardware blocks - SE, RNG1 and PKA1. This
451 * needs to be called only during System Suspend.
452 */
tegra_se_suspend(void)453 int32_t tegra_se_suspend(void)
454 {
455 int32_t ret = 0;
456
457 /* initialise communication channel with BPMP */
458 assert(tegra_bpmp_ipc_init() == 0);
459
460 /* Enable SE clock before SE context save */
461 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE);
462 assert(ret == 0);
463
464 /* save SE registers */
465 se_regs[0] = mmio_read_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT);
466 se_regs[1] = mmio_read_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL);
467 se_regs[2] = mmio_read_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT);
468 se_regs[3] = mmio_read_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT);
469
470 /* Save SE context. The BootROM restores it during System Resume */
471 ret = tegra_se_save_context();
472 if (ret != 0) {
473 ERROR("%s: context save failed (%d)\n", __func__, ret);
474 }
475
476 /* Disable SE clock after SE context save */
477 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE);
478 assert(ret == 0);
479
480 return ret;
481 }
482
483 /*
484 * Handler to power up the SE hardware block(s) during System Resume.
485 */
tegra_se_resume(void)486 void tegra_se_resume(void)
487 {
488 int32_t ret = 0;
489
490 /* initialise communication channel with BPMP */
491 assert(tegra_bpmp_ipc_init() == 0);
492
493 /* Enable SE clock before SE context restore */
494 ret = tegra_bpmp_ipc_enable_clock(TEGRA194_CLK_SE);
495 assert(ret == 0);
496
497 /*
498 * When TZ takes over after System Resume, TZ should first reconfigure
499 * SE_MUTEX_WATCHDOG_NS_LIMIT, PKA1_MUTEX_WATCHDOG_NS_LIMIT,
500 * RNG1_MUTEX_WATCHDOG_NS_LIMIT and SE_ENTROPY_SRC_AGE_CTRL before
501 * other operations.
502 */
503 mmio_write_32(TEGRA_SE0_BASE + SE0_MUTEX_WATCHDOG_NS_LIMIT, se_regs[0]);
504 mmio_write_32(TEGRA_SE0_BASE + SE0_AES0_ENTROPY_SRC_AGE_CTRL, se_regs[1]);
505 mmio_write_32(TEGRA_RNG1_BASE + RNG1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[2]);
506 mmio_write_32(TEGRA_PKA1_BASE + PKA1_MUTEX_WATCHDOG_NS_LIMIT, se_regs[3]);
507
508 /* Disable SE clock after SE context restore */
509 ret = tegra_bpmp_ipc_disable_clock(TEGRA194_CLK_SE);
510 assert(ret == 0);
511 }
512