1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3 * Copyright (c) 2017-2021, STMicroelectronics
4 */
5
6 #include <assert.h>
7 #include <config.h>
8 #include <drivers/stm32_bsec.h>
9 #include <io.h>
10 #include <kernel/delay.h>
11 #include <kernel/dt.h>
12 #include <kernel/boot.h>
13 #include <kernel/spinlock.h>
14 #include <libfdt.h>
15 #include <limits.h>
16 #include <mm/core_memprot.h>
17 #include <platform_config.h>
18 #include <stm32_util.h>
19 #include <string.h>
20 #include <tee_api_defines.h>
21 #include <types_ext.h>
22 #include <util.h>
23
24 #define BSEC_OTP_MASK GENMASK_32(4, 0)
25 #define BSEC_OTP_BANK_SHIFT 5
26
27 /* Permanent lock bitmasks */
28 #define ADDR_LOWER_OTP_PERLOCK_SHIFT 3
29 #define DATA_LOWER_OTP_PERLOCK_BIT 3
30 #define DATA_LOWER_OTP_PERLOCK_MASK GENMASK_32(2, 0)
31 #define ADDR_UPPER_OTP_PERLOCK_SHIFT 4
32 #define DATA_UPPER_OTP_PERLOCK_BIT 1
33 #define DATA_UPPER_OTP_PERLOCK_MASK GENMASK_32(3, 0)
34
35 /* BSEC register offset */
36 #define BSEC_OTP_CONF_OFF 0x000U
37 #define BSEC_OTP_CTRL_OFF 0x004U
38 #define BSEC_OTP_WRDATA_OFF 0x008U
39 #define BSEC_OTP_STATUS_OFF 0x00CU
40 #define BSEC_OTP_LOCK_OFF 0x010U
41 #define BSEC_DEN_OFF 0x014U
42 #define BSEC_FEN_OFF 0x018U
43 #define BSEC_DISTURBED_OFF 0x01CU
44 #define BSEC_DISTURBED1_OFF 0x020U
45 #define BSEC_DISTURBED2_OFF 0x024U
46 #define BSEC_ERROR_OFF 0x034U
47 #define BSEC_ERROR1_OFF 0x038U
48 #define BSEC_ERROR2_OFF 0x03CU
49 #define BSEC_WRLOCK_OFF 0x04CU
50 #define BSEC_WRLOCK1_OFF 0x050U
51 #define BSEC_WRLOCK2_OFF 0x054U
52 #define BSEC_SPLOCK_OFF 0x064U
53 #define BSEC_SPLOCK1_OFF 0x068U
54 #define BSEC_SPLOCK2_OFF 0x06CU
55 #define BSEC_SWLOCK_OFF 0x07CU
56 #define BSEC_SWLOCK1_OFF 0x080U
57 #define BSEC_SWLOCK2_OFF 0x084U
58 #define BSEC_SRLOCK_OFF 0x094U
59 #define BSEC_SRLOCK1_OFF 0x098U
60 #define BSEC_SRLOCK2_OFF 0x09CU
61 #define BSEC_JTAG_IN_OFF 0x0ACU
62 #define BSEC_JTAG_OUT_OFF 0x0B0U
63 #define BSEC_SCRATCH_OFF 0x0B4U
64 #define BSEC_OTP_DATA_OFF 0x200U
65 #define BSEC_IPHW_CFG_OFF 0xFF0U
66 #define BSEC_IPVR_OFF 0xFF4U
67 #define BSEC_IP_ID_OFF 0xFF8U
68 #define BSEC_IP_MAGIC_ID_OFF 0xFFCU
69
70 /* BSEC_CONFIGURATION Register */
71 #define BSEC_CONF_POWER_UP_MASK BIT(0)
72 #define BSEC_CONF_POWER_UP_SHIFT 0
73 #define BSEC_CONF_FRQ_MASK GENMASK_32(2, 1)
74 #define BSEC_CONF_FRQ_SHIFT 1
75 #define BSEC_CONF_PRG_WIDTH_MASK GENMASK_32(6, 3)
76 #define BSEC_CONF_PRG_WIDTH_SHIFT 3
77 #define BSEC_CONF_TREAD_MASK GENMASK_32(8, 7)
78 #define BSEC_CONF_TREAD_SHIFT 7
79
80 /* BSEC_CONTROL Register */
81 #define BSEC_READ 0x000U
82 #define BSEC_WRITE 0x100U
83 #define BSEC_LOCK 0x200U
84
85 /* BSEC_STATUS Register */
86 #define BSEC_MODE_STATUS_MASK GENMASK_32(2, 0)
87 #define BSEC_MODE_BUSY_MASK BIT(3)
88 #define BSEC_MODE_PROGFAIL_MASK BIT(4)
89 #define BSEC_MODE_PWR_MASK BIT(5)
90 #define BSEC_MODE_BIST1_LOCK_MASK BIT(6)
91 #define BSEC_MODE_BIST2_LOCK_MASK BIT(7)
92
93 /* BSEC_DEBUG */
94 #define BSEC_HDPEN BIT(4)
95 #define BSEC_SPIDEN BIT(5)
96 #define BSEC_SPINDEN BIT(6)
97 #define BSEC_DBGSWGEN BIT(10)
98 #define BSEC_DEN_ALL_MSK GENMASK_32(10, 0)
99
100 /*
101 * OTP Lock services definition
102 * Value must corresponding to the bit position in the register
103 */
104 #define BSEC_LOCK_UPPER_OTP 0x00
105 #define BSEC_LOCK_DEBUG 0x02
106 #define BSEC_LOCK_PROGRAM 0x04
107
108 /* Timeout when polling on status */
109 #define BSEC_TIMEOUT_US 10000
110
111 #define BITS_PER_WORD (CHAR_BIT * sizeof(uint32_t))
112
113 struct bsec_dev {
114 struct io_pa_va base;
115 unsigned int upper_base;
116 unsigned int max_id;
117 uint32_t *nsec_access;
118 };
119
120 /* Only 1 instance of BSEC is expected per platform */
121 static struct bsec_dev bsec_dev;
122
123 /* BSEC access protection */
124 static unsigned int lock = SPINLOCK_UNLOCK;
125
bsec_lock(void)126 static uint32_t bsec_lock(void)
127 {
128 return may_spin_lock(&lock);
129 }
130
bsec_unlock(uint32_t exceptions)131 static void bsec_unlock(uint32_t exceptions)
132 {
133 may_spin_unlock(&lock, exceptions);
134 }
135
otp_max_id(void)136 static uint32_t otp_max_id(void)
137 {
138 return bsec_dev.max_id;
139 }
140
otp_upper_base(void)141 static uint32_t otp_upper_base(void)
142 {
143 return bsec_dev.upper_base;
144 }
145
otp_bank_offset(uint32_t otp_id)146 static uint32_t otp_bank_offset(uint32_t otp_id)
147 {
148 assert(otp_id <= otp_max_id());
149
150 return ((otp_id & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
151 sizeof(uint32_t);
152 }
153
bsec_base(void)154 static vaddr_t bsec_base(void)
155 {
156 return io_pa_or_va_secure(&bsec_dev.base, BSEC_IP_MAGIC_ID_OFF + 1);
157 }
158
bsec_status(void)159 static uint32_t bsec_status(void)
160 {
161 return io_read32(bsec_base() + BSEC_OTP_STATUS_OFF);
162 }
163
164 /*
165 * Check that BSEC interface does not report an error
166 * @otp_id : OTP number
167 * @check_disturbed: check only error (false) or all sources (true)
168 * Return a TEE_Result compliant value
169 */
check_no_error(uint32_t otp_id,bool check_disturbed)170 static TEE_Result check_no_error(uint32_t otp_id, bool check_disturbed)
171 {
172 uint32_t bit = BIT(otp_id & BSEC_OTP_MASK);
173 uint32_t bank = otp_bank_offset(otp_id);
174
175 if (io_read32(bsec_base() + BSEC_ERROR_OFF + bank) & bit)
176 return TEE_ERROR_GENERIC;
177
178 if (check_disturbed &&
179 io_read32(bsec_base() + BSEC_DISTURBED_OFF + bank) & bit)
180 return TEE_ERROR_GENERIC;
181
182 return TEE_SUCCESS;
183 }
184
power_up_safmem(void)185 static TEE_Result power_up_safmem(void)
186 {
187 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
188
189 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, BSEC_CONF_POWER_UP_MASK,
190 BSEC_CONF_POWER_UP_MASK);
191
192 /*
193 * If a timeout is detected, test the condition again to consider
194 * cases where timeout is due to the executing TEE thread rescheduling.
195 */
196 while (!timeout_elapsed(timeout_ref))
197 if (bsec_status() & BSEC_MODE_PWR_MASK)
198 break;
199
200 if (bsec_status() & BSEC_MODE_PWR_MASK)
201 return TEE_SUCCESS;
202
203 return TEE_ERROR_GENERIC;
204 }
205
power_down_safmem(void)206 static TEE_Result power_down_safmem(void)
207 {
208 uint64_t timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
209
210 io_mask32(bsec_base() + BSEC_OTP_CONF_OFF, 0, BSEC_CONF_POWER_UP_MASK);
211
212 /*
213 * If a timeout is detected, test the condition again to consider
214 * cases where timeout is due to the executing TEE thread rescheduling.
215 */
216 while (!timeout_elapsed(timeout_ref))
217 if (!(bsec_status() & BSEC_MODE_PWR_MASK))
218 break;
219
220 if (!(bsec_status() & BSEC_MODE_PWR_MASK))
221 return TEE_SUCCESS;
222
223 return TEE_ERROR_GENERIC;
224 }
225
stm32_bsec_shadow_register(uint32_t otp_id)226 TEE_Result stm32_bsec_shadow_register(uint32_t otp_id)
227 {
228 TEE_Result result = 0;
229 uint32_t exceptions = 0;
230 uint64_t timeout_ref = 0;
231 bool locked = false;
232
233 /* Check if shadowing of OTP is locked, informative only */
234 result = stm32_bsec_read_sr_lock(otp_id, &locked);
235 if (result)
236 return result;
237
238 if (locked)
239 DMSG("BSEC shadow warning: OTP locked");
240
241 exceptions = bsec_lock();
242
243 result = power_up_safmem();
244 if (result)
245 goto out;
246
247 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_READ);
248
249 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
250 while (!timeout_elapsed(timeout_ref))
251 if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
252 break;
253
254 if (bsec_status() & BSEC_MODE_BUSY_MASK)
255 result = TEE_ERROR_BUSY;
256 else
257 result = check_no_error(otp_id, true /* check-disturbed */);
258
259 power_down_safmem();
260
261 out:
262 bsec_unlock(exceptions);
263
264 return result;
265 }
266
stm32_bsec_read_otp(uint32_t * value,uint32_t otp_id)267 TEE_Result stm32_bsec_read_otp(uint32_t *value, uint32_t otp_id)
268 {
269 if (otp_id > otp_max_id())
270 return TEE_ERROR_BAD_PARAMETERS;
271
272 *value = io_read32(bsec_base() + BSEC_OTP_DATA_OFF +
273 (otp_id * sizeof(uint32_t)));
274
275 return TEE_SUCCESS;
276 }
277
stm32_bsec_shadow_read_otp(uint32_t * otp_value,uint32_t otp_id)278 TEE_Result stm32_bsec_shadow_read_otp(uint32_t *otp_value, uint32_t otp_id)
279 {
280 TEE_Result result = 0;
281
282 result = stm32_bsec_shadow_register(otp_id);
283 if (result) {
284 EMSG("BSEC %"PRIu32" Shadowing Error %#"PRIx32, otp_id, result);
285 return result;
286 }
287
288 result = stm32_bsec_read_otp(otp_value, otp_id);
289 if (result)
290 EMSG("BSEC %"PRIu32" Read Error %#"PRIx32, otp_id, result);
291
292 return result;
293 }
294
stm32_bsec_write_otp(uint32_t value,uint32_t otp_id)295 TEE_Result stm32_bsec_write_otp(uint32_t value, uint32_t otp_id)
296 {
297 TEE_Result result = 0;
298 uint32_t exceptions = 0;
299 vaddr_t otp_data_base = bsec_base() + BSEC_OTP_DATA_OFF;
300 bool locked = false;
301
302 /* Check if write of OTP is locked, informative only */
303 result = stm32_bsec_read_sw_lock(otp_id, &locked);
304 if (result)
305 return result;
306
307 if (locked)
308 DMSG("BSEC write warning: OTP locked");
309
310 exceptions = bsec_lock();
311
312 io_write32(otp_data_base + (otp_id * sizeof(uint32_t)), value);
313
314 bsec_unlock(exceptions);
315
316 return TEE_SUCCESS;
317 }
318
319 #ifdef CFG_STM32_BSEC_WRITE
stm32_bsec_program_otp(uint32_t value,uint32_t otp_id)320 TEE_Result stm32_bsec_program_otp(uint32_t value, uint32_t otp_id)
321 {
322 TEE_Result result = 0;
323 uint32_t exceptions = 0;
324 uint64_t timeout_ref = 0;
325 bool locked = false;
326
327 /* Check if shadowing of OTP is locked, informative only */
328 result = stm32_bsec_read_sp_lock(otp_id, &locked);
329 if (result)
330 return result;
331
332 if (locked)
333 DMSG("BSEC program warning: OTP locked");
334
335 if (io_read32(bsec_base() + BSEC_OTP_LOCK_OFF) & BIT(BSEC_LOCK_PROGRAM))
336 DMSG("BSEC program warning: GPLOCK activated");
337
338 exceptions = bsec_lock();
339
340 result = power_up_safmem();
341 if (result)
342 goto out;
343
344 io_write32(bsec_base() + BSEC_OTP_WRDATA_OFF, value);
345 io_write32(bsec_base() + BSEC_OTP_CTRL_OFF, otp_id | BSEC_WRITE);
346
347 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
348 while (!timeout_elapsed(timeout_ref))
349 if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
350 break;
351
352 if (bsec_status() & BSEC_MODE_BUSY_MASK)
353 result = TEE_ERROR_BUSY;
354 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK)
355 result = TEE_ERROR_BAD_PARAMETERS;
356 else
357 result = check_no_error(otp_id, true /* check-disturbed */);
358
359 power_down_safmem();
360
361 out:
362 bsec_unlock(exceptions);
363
364 return result;
365 }
366 #endif /*CFG_STM32_BSEC_WRITE*/
367
stm32_bsec_permanent_lock_otp(uint32_t otp_id)368 TEE_Result stm32_bsec_permanent_lock_otp(uint32_t otp_id)
369 {
370 TEE_Result result = 0;
371 uint32_t data = 0;
372 uint32_t addr = 0;
373 uint32_t exceptions = 0;
374 vaddr_t base = bsec_base();
375 uint64_t timeout_ref = 0;
376
377 if (otp_id > otp_max_id())
378 return TEE_ERROR_BAD_PARAMETERS;
379
380 if (otp_id < otp_upper_base()) {
381 addr = otp_id >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
382 data = DATA_LOWER_OTP_PERLOCK_BIT <<
383 ((otp_id & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
384 } else {
385 addr = (otp_id >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
386 data = DATA_UPPER_OTP_PERLOCK_BIT <<
387 (otp_id & DATA_UPPER_OTP_PERLOCK_MASK);
388 }
389
390 exceptions = bsec_lock();
391
392 result = power_up_safmem();
393 if (result)
394 goto out;
395
396 io_write32(base + BSEC_OTP_WRDATA_OFF, data);
397 io_write32(base + BSEC_OTP_CTRL_OFF, addr | BSEC_WRITE | BSEC_LOCK);
398
399 timeout_ref = timeout_init_us(BSEC_TIMEOUT_US);
400 while (!timeout_elapsed(timeout_ref))
401 if (!(bsec_status() & BSEC_MODE_BUSY_MASK))
402 break;
403
404 if (bsec_status() & BSEC_MODE_BUSY_MASK)
405 result = TEE_ERROR_BUSY;
406 else if (bsec_status() & BSEC_MODE_PROGFAIL_MASK)
407 result = TEE_ERROR_BAD_PARAMETERS;
408 else
409 result = check_no_error(otp_id, false /* not-disturbed */);
410
411 power_down_safmem();
412
413 out:
414 bsec_unlock(exceptions);
415
416 return result;
417 }
418
419 #ifdef CFG_STM32_BSEC_WRITE
stm32_bsec_write_debug_conf(uint32_t value)420 TEE_Result stm32_bsec_write_debug_conf(uint32_t value)
421 {
422 TEE_Result result = TEE_ERROR_GENERIC;
423 uint32_t masked_val = value & BSEC_DEN_ALL_MSK;
424 uint32_t exceptions = 0;
425
426 exceptions = bsec_lock();
427
428 io_write32(bsec_base() + BSEC_DEN_OFF, value);
429
430 if ((io_read32(bsec_base() + BSEC_DEN_OFF) ^ masked_val) == 0U)
431 result = TEE_SUCCESS;
432
433 bsec_unlock(exceptions);
434
435 return result;
436 }
437 #endif /*CFG_STM32_BSEC_WRITE*/
438
stm32_bsec_read_debug_conf(void)439 uint32_t stm32_bsec_read_debug_conf(void)
440 {
441 return io_read32(bsec_base() + BSEC_DEN_OFF);
442 }
443
set_bsec_lock(uint32_t otp_id,size_t lock_offset)444 static TEE_Result set_bsec_lock(uint32_t otp_id, size_t lock_offset)
445 {
446 uint32_t bank = otp_bank_offset(otp_id);
447 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
448 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
449 uint32_t exceptions = 0;
450
451 if (otp_id > STM32MP1_OTP_MAX_ID)
452 return TEE_ERROR_BAD_PARAMETERS;
453
454 exceptions = bsec_lock();
455
456 io_write32(lock_addr, otp_mask);
457
458 bsec_unlock(exceptions);
459
460 return TEE_SUCCESS;
461 }
462
stm32_bsec_set_sr_lock(uint32_t otp_id)463 TEE_Result stm32_bsec_set_sr_lock(uint32_t otp_id)
464 {
465 return set_bsec_lock(otp_id, BSEC_SRLOCK_OFF);
466 }
467
stm32_bsec_set_sw_lock(uint32_t otp_id)468 TEE_Result stm32_bsec_set_sw_lock(uint32_t otp_id)
469 {
470 return set_bsec_lock(otp_id, BSEC_SWLOCK_OFF);
471 }
472
stm32_bsec_set_sp_lock(uint32_t otp_id)473 TEE_Result stm32_bsec_set_sp_lock(uint32_t otp_id)
474 {
475 return set_bsec_lock(otp_id, BSEC_SPLOCK_OFF);
476 }
477
read_bsec_lock(uint32_t otp_id,bool * locked,size_t lock_offset)478 static TEE_Result read_bsec_lock(uint32_t otp_id, bool *locked,
479 size_t lock_offset)
480 {
481 uint32_t bank = otp_bank_offset(otp_id);
482 uint32_t otp_mask = BIT(otp_id & BSEC_OTP_MASK);
483 vaddr_t lock_addr = bsec_base() + bank + lock_offset;
484
485 if (otp_id > STM32MP1_OTP_MAX_ID)
486 return TEE_ERROR_BAD_PARAMETERS;
487
488 *locked = (io_read32(lock_addr) & otp_mask) != 0;
489
490 return TEE_SUCCESS;
491 }
492
stm32_bsec_read_sr_lock(uint32_t otp_id,bool * locked)493 TEE_Result stm32_bsec_read_sr_lock(uint32_t otp_id, bool *locked)
494 {
495 return read_bsec_lock(otp_id, locked, BSEC_SRLOCK_OFF);
496 }
497
stm32_bsec_read_sw_lock(uint32_t otp_id,bool * locked)498 TEE_Result stm32_bsec_read_sw_lock(uint32_t otp_id, bool *locked)
499 {
500 return read_bsec_lock(otp_id, locked, BSEC_SWLOCK_OFF);
501 }
502
stm32_bsec_read_sp_lock(uint32_t otp_id,bool * locked)503 TEE_Result stm32_bsec_read_sp_lock(uint32_t otp_id, bool *locked)
504 {
505 return read_bsec_lock(otp_id, locked, BSEC_SPLOCK_OFF);
506 }
507
stm32_bsec_read_permanent_lock(uint32_t otp_id,bool * locked)508 TEE_Result stm32_bsec_read_permanent_lock(uint32_t otp_id, bool *locked)
509 {
510 return read_bsec_lock(otp_id, locked, BSEC_WRLOCK_OFF);
511 }
512
stm32_bsec_otp_lock(uint32_t service)513 TEE_Result stm32_bsec_otp_lock(uint32_t service)
514 {
515 vaddr_t addr = bsec_base() + BSEC_OTP_LOCK_OFF;
516
517 switch (service) {
518 case BSEC_LOCK_UPPER_OTP:
519 io_write32(addr, BIT(BSEC_LOCK_UPPER_OTP));
520 break;
521 case BSEC_LOCK_DEBUG:
522 io_write32(addr, BIT(BSEC_LOCK_DEBUG));
523 break;
524 case BSEC_LOCK_PROGRAM:
525 io_write32(addr, BIT(BSEC_LOCK_PROGRAM));
526 break;
527 default:
528 return TEE_ERROR_BAD_PARAMETERS;
529 }
530
531 return TEE_SUCCESS;
532 }
533
nsec_access_array_size(void)534 static size_t nsec_access_array_size(void)
535 {
536 size_t upper_count = otp_max_id() - otp_upper_base() + 1;
537
538 return ROUNDUP(upper_count, BITS_PER_WORD) / BITS_PER_WORD;
539 }
540
nsec_access_granted(unsigned int index)541 static bool nsec_access_granted(unsigned int index)
542 {
543 uint32_t *array = bsec_dev.nsec_access;
544
545 return array &&
546 (index / BITS_PER_WORD) < nsec_access_array_size() &&
547 array[index / BITS_PER_WORD] & BIT(index % BITS_PER_WORD);
548 }
549
stm32_bsec_nsec_can_access_otp(uint32_t otp_id)550 bool stm32_bsec_nsec_can_access_otp(uint32_t otp_id)
551 {
552 return otp_id < otp_upper_base() ||
553 nsec_access_granted(otp_id - otp_upper_base());
554 }
555
556 #ifdef CFG_EMBED_DTB
enable_nsec_access(unsigned int otp_id)557 static void enable_nsec_access(unsigned int otp_id)
558 {
559 unsigned int idx = (otp_id - otp_upper_base()) / BITS_PER_WORD;
560
561 if (otp_id < otp_upper_base())
562 return;
563
564 if (otp_id > otp_max_id() || stm32_bsec_shadow_register(otp_id))
565 panic();
566
567 bsec_dev.nsec_access[idx] |= BIT(otp_id % BITS_PER_WORD);
568 }
569
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)570 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
571 {
572 int bsec_subnode = 0;
573
574 bsec_dev.nsec_access = calloc(nsec_access_array_size(),
575 sizeof(*bsec_dev.nsec_access));
576 if (!bsec_dev.nsec_access)
577 panic();
578
579 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
580 const fdt32_t *cuint = NULL;
581 unsigned int otp_id = 0;
582 unsigned int i = 0;
583 size_t size = 0;
584 uint32_t offset = 0;
585 uint32_t length = 0;
586
587 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
588 assert(cuint);
589
590 offset = fdt32_to_cpu(*cuint);
591 cuint++;
592 length = fdt32_to_cpu(*cuint);
593
594 otp_id = offset / sizeof(uint32_t);
595
596 if (otp_id < STM32MP1_UPPER_OTP_START) {
597 unsigned int otp_end = ROUNDUP(offset + length,
598 sizeof(uint32_t)) /
599 sizeof(uint32_t);
600
601 if (otp_end > STM32MP1_UPPER_OTP_START) {
602 /*
603 * OTP crosses Lower/Upper boundary, consider
604 * only the upper part.
605 */
606 otp_id = STM32MP1_UPPER_OTP_START;
607 length -= (STM32MP1_UPPER_OTP_START *
608 sizeof(uint32_t)) - offset;
609 offset = STM32MP1_UPPER_OTP_START *
610 sizeof(uint32_t);
611
612 DMSG("OTP crosses Lower/Upper boundary");
613 } else {
614 continue;
615 }
616 }
617
618 if (!fdt_getprop(fdt, bsec_subnode, "st,non-secure-otp", NULL))
619 continue;
620
621 if ((offset % sizeof(uint32_t)) || (length % sizeof(uint32_t)))
622 panic("Unaligned non-secure OTP");
623
624 size = length / sizeof(uint32_t);
625
626 if (otp_id + size > STM32MP1_OTP_MAX_ID)
627 panic("OTP range oversized");
628
629 for (i = otp_id; i < otp_id + size; i++)
630 enable_nsec_access(i);
631 }
632 }
633
initialize_bsec_from_dt(void)634 static void initialize_bsec_from_dt(void)
635 {
636 void *fdt = NULL;
637 int node = 0;
638 struct dt_node_info bsec_info = { };
639
640 fdt = get_embedded_dt();
641 node = fdt_node_offset_by_compatible(fdt, 0, "st,stm32mp15-bsec");
642 if (node < 0)
643 panic();
644
645 _fdt_fill_device_info(fdt, &bsec_info, node);
646
647 if (bsec_info.reg != bsec_dev.base.pa ||
648 !(bsec_info.status & DT_STATUS_OK_SEC))
649 panic();
650
651 bsec_dt_otp_nsec_access(fdt, node);
652 }
653 #else
initialize_bsec_from_dt(void)654 static void initialize_bsec_from_dt(void)
655 {
656 }
657 #endif /*CFG_EMBED_DTB*/
658
initialize_bsec(void)659 static TEE_Result initialize_bsec(void)
660 {
661 struct stm32_bsec_static_cfg cfg = { };
662
663 stm32mp_get_bsec_static_cfg(&cfg);
664
665 bsec_dev.base.pa = cfg.base;
666 bsec_dev.upper_base = cfg.upper_start;
667 bsec_dev.max_id = cfg.max_id;
668
669 if (IS_ENABLED(CFG_EMBED_DTB))
670 initialize_bsec_from_dt();
671
672 return TEE_SUCCESS;
673 }
674
675 early_init(initialize_bsec);
676