1 /*
2 * Copyright (c) 2017-2024, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <limits.h>
9
10 #include <arch_helpers.h>
11 #include <common/debug.h>
12 #include <drivers/st/bsec.h>
13 #include <drivers/st/bsec2_reg.h>
14 #include <lib/mmio.h>
15 #include <lib/spinlock.h>
16 #include <libfdt.h>
17
18 #include <platform_def.h>
19
20 #define BSEC_IP_VERSION_1_1 U(0x11)
21 #define BSEC_IP_VERSION_2_0 U(0x20)
22 #define BSEC_IP_ID_2 U(0x100032)
23
24 /*
25 * IP configuration
26 */
27 #define BSEC_OTP_MASK GENMASK(4, 0)
28 #define BSEC_OTP_BANK_SHIFT 5
29 #define BSEC_TIMEOUT_VALUE U(0xFFFF)
30
31 #define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
32
33 static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __maybe_unused;
34
35 static uint32_t bsec_shadow_register(uint32_t otp);
36 static uint32_t bsec_power_safmem(bool power);
37 static uint32_t bsec_get_version(void);
38 static uint32_t bsec_get_id(void);
39 static uint32_t bsec_get_status(void);
40 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value);
41
42 /* BSEC access protection */
43 static spinlock_t bsec_spinlock;
44
bsec_lock(void)45 static void bsec_lock(void)
46 {
47 if (stm32mp_lock_available()) {
48 spin_lock(&bsec_spinlock);
49 }
50 }
51
bsec_unlock(void)52 static void bsec_unlock(void)
53 {
54 if (stm32mp_lock_available()) {
55 spin_unlock(&bsec_spinlock);
56 }
57 }
58
is_otp_invalid_mode(void)59 static bool is_otp_invalid_mode(void)
60 {
61 bool ret = ((bsec_get_status() & BSEC_OTP_STATUS_INVALID) == BSEC_OTP_STATUS_INVALID);
62
63 if (ret) {
64 ERROR("OTP mode is OTP-INVALID\n");
65 }
66
67 return ret;
68 }
69
70 #if defined(IMAGE_BL32)
bsec_get_dt_node(struct dt_node_info * info)71 static int bsec_get_dt_node(struct dt_node_info *info)
72 {
73 int node;
74
75 node = dt_get_node(info, -1, DT_BSEC_COMPAT);
76 if (node < 0) {
77 return -FDT_ERR_NOTFOUND;
78 }
79
80 return node;
81 }
82
enable_non_secure_access(uint32_t otp)83 static void enable_non_secure_access(uint32_t otp)
84 {
85 otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
86
87 if (bsec_shadow_register(otp) != BSEC_OK) {
88 panic();
89 }
90 }
91
non_secure_can_access(uint32_t otp)92 static bool non_secure_can_access(uint32_t otp)
93 {
94 return (otp_nsec_access[otp / __WORD_BIT] &
95 BIT(otp % __WORD_BIT)) != 0U;
96 }
97
bsec_dt_otp_nsec_access(void * fdt,int bsec_node)98 static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
99 {
100 int bsec_subnode;
101
102 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
103 const fdt32_t *cuint;
104 uint32_t otp;
105 uint32_t i;
106 uint32_t size;
107 uint32_t offset;
108 uint32_t length;
109
110 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
111 if (cuint == NULL) {
112 panic();
113 }
114
115 offset = fdt32_to_cpu(*cuint);
116 cuint++;
117 length = fdt32_to_cpu(*cuint);
118
119 otp = offset / sizeof(uint32_t);
120
121 if (otp < STM32MP1_UPPER_OTP_START) {
122 unsigned int otp_end = round_up(offset + length,
123 sizeof(uint32_t)) /
124 sizeof(uint32_t);
125
126 if (otp_end > STM32MP1_UPPER_OTP_START) {
127 /*
128 * OTP crosses Lower/Upper boundary, consider
129 * only the upper part.
130 */
131 otp = STM32MP1_UPPER_OTP_START;
132 length -= (STM32MP1_UPPER_OTP_START *
133 sizeof(uint32_t)) - offset;
134 offset = STM32MP1_UPPER_OTP_START *
135 sizeof(uint32_t);
136
137 WARN("OTP crosses Lower/Upper boundary\n");
138 } else {
139 continue;
140 }
141 }
142
143 if ((fdt_getprop(fdt, bsec_subnode,
144 "st,non-secure-otp", NULL)) == NULL) {
145 continue;
146 }
147
148 if (((offset % sizeof(uint32_t)) != 0U) ||
149 ((length % sizeof(uint32_t)) != 0U)) {
150 ERROR("Unaligned non-secure OTP\n");
151 panic();
152 }
153
154 size = length / sizeof(uint32_t);
155
156 for (i = otp; i < (otp + size); i++) {
157 enable_non_secure_access(i);
158 }
159 }
160 }
161
bsec_late_init(void)162 static void bsec_late_init(void)
163 {
164 void *fdt;
165 int node;
166 struct dt_node_info bsec_info;
167
168 if (fdt_get_address(&fdt) == 0) {
169 EARLY_ERROR("%s: DT not found\n", __func__);
170 panic();
171 }
172
173 node = bsec_get_dt_node(&bsec_info);
174 if (node < 0) {
175 EARLY_ERROR("%s: BSEC node not found\n", __func__);
176 panic();
177 }
178
179 assert(bsec_info.base == BSEC_BASE);
180
181 bsec_dt_otp_nsec_access(fdt, node);
182 }
183 #endif
184
otp_bank_offset(uint32_t otp)185 static uint32_t otp_bank_offset(uint32_t otp)
186 {
187 assert(otp <= STM32MP1_OTP_MAX_ID);
188
189 return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
190 sizeof(uint32_t);
191 }
192
otp_bit_mask(uint32_t otp)193 static uint32_t otp_bit_mask(uint32_t otp)
194 {
195 return BIT(otp & BSEC_OTP_MASK);
196 }
197
198 /*
199 * bsec_check_error: check BSEC error status.
200 * otp: OTP number.
201 * check_disturbed: check only error (false),
202 * or error and disturbed status (true).
203 * return value: BSEC_OK if no error.
204 */
bsec_check_error(uint32_t otp,bool check_disturbed)205 static uint32_t bsec_check_error(uint32_t otp, bool check_disturbed)
206 {
207 uint32_t bit = otp_bit_mask(otp);
208 uint32_t bank = otp_bank_offset(otp);
209
210 if ((mmio_read_32(BSEC_BASE + BSEC_ERROR_OFF + bank) & bit) != 0U) {
211 return BSEC_ERROR;
212 }
213
214 if (!check_disturbed) {
215 return BSEC_OK;
216 }
217
218 if ((mmio_read_32(BSEC_BASE + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
219 return BSEC_DISTURBED;
220 }
221
222 return BSEC_OK;
223 }
224
225 /*
226 * bsec_probe: initialize BSEC driver.
227 * return value: BSEC_OK if no error.
228 */
bsec_probe(void)229 uint32_t bsec_probe(void)
230 {
231 uint32_t version;
232 uint32_t id;
233
234 if (is_otp_invalid_mode()) {
235 EARLY_ERROR("%s: otp_invalid_mod\n", __func__);
236 return BSEC_ERROR;
237 }
238
239 version = bsec_get_version();
240 id = bsec_get_id();
241
242 if (((version != BSEC_IP_VERSION_1_1) &&
243 (version != BSEC_IP_VERSION_2_0)) ||
244 (id != BSEC_IP_ID_2)) {
245 EARLY_ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id);
246 panic();
247 }
248
249 #if defined(IMAGE_BL32)
250 bsec_late_init();
251 #endif
252 return BSEC_OK;
253 }
254
255 /*
256 * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
257 * otp: OTP number.
258 * return value: BSEC_OK if no error.
259 */
bsec_shadow_register(uint32_t otp)260 static uint32_t bsec_shadow_register(uint32_t otp)
261 {
262 uint32_t result;
263 bool value;
264 bool power_up = false;
265
266 if (is_otp_invalid_mode()) {
267 return BSEC_ERROR;
268 }
269
270 result = bsec_read_sr_lock(otp, &value);
271 if (result != BSEC_OK) {
272 ERROR("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
273 return result;
274 }
275
276 if (value) {
277 VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n",
278 otp);
279 }
280
281 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
282 result = bsec_power_safmem(true);
283
284 if (result != BSEC_OK) {
285 return result;
286 }
287
288 power_up = true;
289 }
290
291 bsec_lock();
292
293 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
294
295 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
296 ;
297 }
298
299 result = bsec_check_error(otp, true);
300
301 bsec_unlock();
302
303 if (power_up) {
304 if (bsec_power_safmem(false) != BSEC_OK) {
305 panic();
306 }
307 }
308
309 return result;
310 }
311
312 /*
313 * bsec_read_otp: read an OTP data value.
314 * val: read value.
315 * otp: OTP number.
316 * return value: BSEC_OK if no error.
317 */
bsec_read_otp(uint32_t * val,uint32_t otp)318 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
319 {
320 if (is_otp_invalid_mode()) {
321 return BSEC_ERROR;
322 }
323
324 if (otp > STM32MP1_OTP_MAX_ID) {
325 return BSEC_INVALID_PARAM;
326 }
327
328 *val = mmio_read_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
329 (otp * sizeof(uint32_t)));
330
331 return BSEC_OK;
332 }
333
334 /*
335 * bsec_write_otp: write value in BSEC data register.
336 * val: value to write.
337 * otp: OTP number.
338 * return value: BSEC_OK if no error.
339 */
bsec_write_otp(uint32_t val,uint32_t otp)340 uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
341 {
342 uint32_t result;
343 bool value;
344
345 if (is_otp_invalid_mode()) {
346 return BSEC_ERROR;
347 }
348
349 result = bsec_read_sw_lock(otp, &value);
350 if (result != BSEC_OK) {
351 ERROR("BSEC: %u Sticky-write bit read Error %u\n", otp, result);
352 return result;
353 }
354
355 if (value) {
356 VERBOSE("BSEC: OTP %u is locked and write will be ignored\n",
357 otp);
358 }
359
360 /* Ensure integrity of each register access sequence */
361 bsec_lock();
362
363 mmio_write_32(BSEC_BASE + BSEC_OTP_DATA_OFF +
364 (otp * sizeof(uint32_t)), val);
365
366 bsec_unlock();
367
368 return result;
369 }
370
371 /*
372 * bsec_program_otp: program a bit in SAFMEM after the prog.
373 * The OTP data is not refreshed.
374 * val: value to program.
375 * otp: OTP number.
376 * return value: BSEC_OK if no error.
377 */
bsec_program_otp(uint32_t val,uint32_t otp)378 uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
379 {
380 uint32_t result;
381 bool power_up = false;
382 bool sp_lock;
383 bool perm_lock;
384
385 if (is_otp_invalid_mode()) {
386 return BSEC_ERROR;
387 }
388
389 result = bsec_read_sp_lock(otp, &sp_lock);
390 if (result != BSEC_OK) {
391 ERROR("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
392 return result;
393 }
394
395 result = bsec_read_permanent_lock(otp, &perm_lock);
396 if (result != BSEC_OK) {
397 ERROR("BSEC: %u permanent bit read Error %u\n", otp, result);
398 return result;
399 }
400
401 if (sp_lock || perm_lock) {
402 WARN("BSEC: OTP locked, prog will be ignored\n");
403 return BSEC_PROG_FAIL;
404 }
405
406 if ((mmio_read_32(BSEC_BASE + BSEC_OTP_LOCK_OFF) & GPLOCK_LOCK_MASK) != 0U) {
407 WARN("BSEC: GPLOCK activated, prog will be ignored\n");
408 }
409
410 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
411 result = bsec_power_safmem(true);
412
413 if (result != BSEC_OK) {
414 return result;
415 }
416
417 power_up = true;
418 }
419
420 bsec_lock();
421
422 mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, val);
423
424 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
425
426 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
427 ;
428 }
429
430 if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
431 result = BSEC_PROG_FAIL;
432 } else {
433 result = bsec_check_error(otp, true);
434 }
435
436 bsec_unlock();
437
438 if (power_up) {
439 if (bsec_power_safmem(false) != BSEC_OK) {
440 panic();
441 }
442 }
443
444 return result;
445 }
446
447 /*
448 * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
449 * otp: OTP number.
450 * return value: BSEC_OK if no error.
451 */
452 #if defined(IMAGE_BL32)
bsec_permanent_lock_otp(uint32_t otp)453 uint32_t bsec_permanent_lock_otp(uint32_t otp)
454 {
455 uint32_t result;
456 bool power_up = false;
457 uint32_t data;
458 uint32_t addr;
459
460 if (is_otp_invalid_mode()) {
461 return BSEC_ERROR;
462 }
463
464 if (otp > STM32MP1_OTP_MAX_ID) {
465 return BSEC_INVALID_PARAM;
466 }
467
468 if ((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) {
469 result = bsec_power_safmem(true);
470
471 if (result != BSEC_OK) {
472 return result;
473 }
474
475 power_up = true;
476 }
477
478 if (otp < STM32MP1_UPPER_OTP_START) {
479 addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
480 data = DATA_LOWER_OTP_PERLOCK_BIT <<
481 ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
482 } else {
483 addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
484 data = DATA_UPPER_OTP_PERLOCK_BIT <<
485 (otp & DATA_UPPER_OTP_PERLOCK_MASK);
486 }
487
488 bsec_lock();
489
490 mmio_write_32(BSEC_BASE + BSEC_OTP_WRDATA_OFF, data);
491
492 mmio_write_32(BSEC_BASE + BSEC_OTP_CTRL_OFF,
493 addr | BSEC_WRITE | BSEC_LOCK);
494
495 while ((bsec_get_status() & BSEC_OTP_STATUS_BUSY) != 0U) {
496 ;
497 }
498
499 if ((bsec_get_status() & BSEC_OTP_STATUS_PROGFAIL) != 0U) {
500 result = BSEC_PROG_FAIL;
501 } else {
502 result = bsec_check_error(otp, false);
503 }
504
505 bsec_unlock();
506
507 if (power_up) {
508 if (bsec_power_safmem(false) != BSEC_OK) {
509 panic();
510 }
511 }
512
513 return result;
514 }
515 #endif
516
517 /*
518 * bsec_read_debug_conf: return debug configuration register value.
519 */
bsec_read_debug_conf(void)520 uint32_t bsec_read_debug_conf(void)
521 {
522 return mmio_read_32(BSEC_BASE + BSEC_DEN_OFF);
523 }
524
525 /*
526 * bsec_write_scratch: write value in scratch register.
527 * val: value to write.
528 * return value: none.
529 */
bsec_write_scratch(uint32_t val)530 void bsec_write_scratch(uint32_t val)
531 {
532 #if defined(IMAGE_BL32)
533 if (is_otp_invalid_mode()) {
534 return;
535 }
536
537 bsec_lock();
538 mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
539 bsec_unlock();
540 #else
541 mmio_write_32(BSEC_BASE + BSEC_SCRATCH_OFF, val);
542 #endif
543 }
544
545 /*
546 * bsec_get_status: return status register value.
547 */
bsec_get_status(void)548 static uint32_t bsec_get_status(void)
549 {
550 return mmio_read_32(BSEC_BASE + BSEC_OTP_STATUS_OFF);
551 }
552
553 /*
554 * bsec_get_version: return BSEC version register value.
555 */
bsec_get_version(void)556 static uint32_t bsec_get_version(void)
557 {
558 return mmio_read_32(BSEC_BASE + BSEC_IPVR_OFF) & BSEC_IPVR_MSK;
559 }
560
561 /*
562 * bsec_get_id: return BSEC ID register value.
563 */
bsec_get_id(void)564 static uint32_t bsec_get_id(void)
565 {
566 return mmio_read_32(BSEC_BASE + BSEC_IP_ID_OFF);
567 }
568
569 /*
570 * bsec_set_sr_lock: set shadow-read lock.
571 * otp: OTP number.
572 * return value: BSEC_OK if no error.
573 */
bsec_set_sr_lock(uint32_t otp)574 uint32_t bsec_set_sr_lock(uint32_t otp)
575 {
576 uint32_t bank = otp_bank_offset(otp);
577 uint32_t otp_mask = otp_bit_mask(otp);
578
579 if (is_otp_invalid_mode()) {
580 return BSEC_ERROR;
581 }
582
583 if (otp > STM32MP1_OTP_MAX_ID) {
584 return BSEC_INVALID_PARAM;
585 }
586
587 bsec_lock();
588 mmio_write_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank, otp_mask);
589 bsec_unlock();
590
591 return BSEC_OK;
592 }
593
594 /*
595 * bsec_read_sr_lock: read shadow-read lock.
596 * otp: OTP number.
597 * value: read value (true or false).
598 * return value: BSEC_OK if no error.
599 */
bsec_read_sr_lock(uint32_t otp,bool * value)600 uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
601 {
602 uint32_t bank = otp_bank_offset(otp);
603 uint32_t otp_mask = otp_bit_mask(otp);
604 uint32_t bank_value;
605
606 if (otp > STM32MP1_OTP_MAX_ID) {
607 return BSEC_INVALID_PARAM;
608 }
609
610 bank_value = mmio_read_32(BSEC_BASE + BSEC_SRLOCK_OFF + bank);
611
612 *value = ((bank_value & otp_mask) != 0U);
613
614 return BSEC_OK;
615 }
616
617 /*
618 * bsec_set_sw_lock: set shadow-write lock.
619 * otp: OTP number.
620 * return value: BSEC_OK if no error.
621 */
bsec_set_sw_lock(uint32_t otp)622 uint32_t bsec_set_sw_lock(uint32_t otp)
623 {
624 uint32_t bank = otp_bank_offset(otp);
625 uint32_t otp_mask = otp_bit_mask(otp);
626
627 if (is_otp_invalid_mode()) {
628 return BSEC_ERROR;
629 }
630
631 if (otp > STM32MP1_OTP_MAX_ID) {
632 return BSEC_INVALID_PARAM;
633 }
634
635 bsec_lock();
636 mmio_write_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank, otp_mask);
637 bsec_unlock();
638
639 return BSEC_OK;
640 }
641
642 /*
643 * bsec_read_sw_lock: read shadow-write lock.
644 * otp: OTP number.
645 * value: read value (true or false).
646 * return value: BSEC_OK if no error.
647 */
bsec_read_sw_lock(uint32_t otp,bool * value)648 uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
649 {
650 uint32_t bank = otp_bank_offset(otp);
651 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
652 uint32_t bank_value;
653
654 if (otp > STM32MP1_OTP_MAX_ID) {
655 return BSEC_INVALID_PARAM;
656 }
657
658 bank_value = mmio_read_32(BSEC_BASE + BSEC_SWLOCK_OFF + bank);
659
660 *value = ((bank_value & otp_mask) != 0U);
661
662 return BSEC_OK;
663 }
664
665 /*
666 * bsec_set_sp_lock: set shadow-program lock.
667 * otp: OTP number.
668 * return value: BSEC_OK if no error.
669 */
bsec_set_sp_lock(uint32_t otp)670 uint32_t bsec_set_sp_lock(uint32_t otp)
671 {
672 uint32_t bank = otp_bank_offset(otp);
673 uint32_t otp_mask = otp_bit_mask(otp);
674
675 if (is_otp_invalid_mode()) {
676 return BSEC_ERROR;
677 }
678
679 if (otp > STM32MP1_OTP_MAX_ID) {
680 return BSEC_INVALID_PARAM;
681 }
682
683 bsec_lock();
684 mmio_write_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank, otp_mask);
685 bsec_unlock();
686
687 return BSEC_OK;
688 }
689
690 /*
691 * bsec_read_sp_lock: read shadow-program lock.
692 * otp: OTP number.
693 * value: read value (true or false).
694 * return value: BSEC_OK if no error.
695 */
bsec_read_sp_lock(uint32_t otp,bool * value)696 uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
697 {
698 uint32_t bank = otp_bank_offset(otp);
699 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
700 uint32_t bank_value;
701
702 if (otp > STM32MP1_OTP_MAX_ID) {
703 return BSEC_INVALID_PARAM;
704 }
705
706 bank_value = mmio_read_32(BSEC_BASE + BSEC_SPLOCK_OFF + bank);
707
708 *value = ((bank_value & otp_mask) != 0U);
709
710 return BSEC_OK;
711 }
712
713 /*
714 * bsec_read_permanent_lock: Read permanent lock status.
715 * otp: OTP number.
716 * value: read value (true or false).
717 * return value: BSEC_OK if no error.
718 */
bsec_read_permanent_lock(uint32_t otp,bool * value)719 static uint32_t bsec_read_permanent_lock(uint32_t otp, bool *value)
720 {
721 uint32_t bank = otp_bank_offset(otp);
722 uint32_t otp_mask = otp_bit_mask(otp);
723 uint32_t bank_value;
724
725 if (otp > STM32MP1_OTP_MAX_ID) {
726 return BSEC_INVALID_PARAM;
727 }
728
729 bank_value = mmio_read_32(BSEC_BASE + BSEC_WRLOCK_OFF + bank);
730
731 *value = ((bank_value & otp_mask) != 0U);
732
733 return BSEC_OK;
734 }
735
736 /*
737 * bsec_power_safmem: Activate or deactivate SAFMEM power.
738 * power: true to power up, false to power down.
739 * return value: BSEC_OK if no error.
740 */
bsec_power_safmem(bool power)741 static uint32_t bsec_power_safmem(bool power)
742 {
743 uint32_t register_val;
744 uint32_t timeout = BSEC_TIMEOUT_VALUE;
745
746 bsec_lock();
747
748 register_val = mmio_read_32(BSEC_BASE + BSEC_OTP_CONF_OFF);
749
750 if (power) {
751 register_val |= BSEC_CONF_POWER_UP_MASK;
752 } else {
753 register_val &= ~BSEC_CONF_POWER_UP_MASK;
754 }
755
756 mmio_write_32(BSEC_BASE + BSEC_OTP_CONF_OFF, register_val);
757
758 if (power) {
759 while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) == 0U) &&
760 (timeout != 0U)) {
761 timeout--;
762 }
763 } else {
764 while (((bsec_get_status() & BSEC_OTP_STATUS_PWRON) != 0U) &&
765 (timeout != 0U)) {
766 timeout--;
767 }
768 }
769
770 bsec_unlock();
771
772 if (timeout == 0U) {
773 return BSEC_TIMEOUT;
774 }
775
776 return BSEC_OK;
777 }
778
779 /*
780 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value.
781 * val: read value.
782 * otp: OTP number.
783 * return value: BSEC_OK if no error.
784 */
bsec_shadow_read_otp(uint32_t * val,uint32_t otp)785 uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
786 {
787 uint32_t result;
788
789 result = bsec_shadow_register(otp);
790 if (result != BSEC_OK) {
791 ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
792 return result;
793 }
794
795 result = bsec_read_otp(val, otp);
796 if (result != BSEC_OK) {
797 ERROR("BSEC: %u Read Error %u\n", otp, result);
798 }
799
800 return result;
801 }
802
803 #if defined(IMAGE_BL32)
804 /*
805 * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
806 * otp: OTP number.
807 * return value: BSEC_OK if authorized access.
808 */
bsec_check_nsec_access_rights(uint32_t otp)809 uint32_t bsec_check_nsec_access_rights(uint32_t otp)
810 {
811 if (otp > STM32MP1_OTP_MAX_ID) {
812 return BSEC_INVALID_PARAM;
813 }
814
815 if (otp >= STM32MP1_UPPER_OTP_START) {
816 if (!non_secure_can_access(otp)) {
817 return BSEC_ERROR;
818 }
819 }
820
821 return BSEC_OK;
822 }
823 #endif
824
bsec_get_secure_state(void)825 uint32_t bsec_get_secure_state(void)
826 {
827 uint32_t status = bsec_get_status();
828 uint32_t result = BSEC_STATE_INVALID;
829 uint32_t otp_enc_id __maybe_unused;
830 uint32_t otp_bit_len __maybe_unused;
831 int res __maybe_unused;
832
833 if ((status & BSEC_OTP_STATUS_INVALID) != 0U) {
834 result = BSEC_STATE_INVALID;
835 } else {
836 if ((status & BSEC_OTP_STATUS_SECURE) != 0U) {
837 if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
838 result = BSEC_STATE_SEC_CLOSED;
839 } else {
840 result = BSEC_STATE_SEC_OPEN;
841 }
842 } else {
843 /* OTP modes OPEN1 and OPEN2 are not supported */
844 result = BSEC_STATE_INVALID;
845 }
846 }
847
848 return result;
849 }
850