feat(zynqmp): protect eFuses from non-secure access

When configuration option ZYNQMP_SECURE_EFUSES is defined then Xilinx
ZynqMP's PS eFuses can only be accesses from secure state.

This enables eFuses to be reserved and protected only for security use
cases for example in OP-TEE.

Change-Id: I866905e35ce488f50f5f6e1b4667b08a9fa2386d
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index ea8a5d1..1f04a95 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -60,6 +60,10 @@
     $(eval $(call add_define,IPI_CRC_CHECK))
 endif
 
+ifdef ZYNQMP_SECURE_EFUSES
+    $(eval $(call add_define,ZYNQMP_SECURE_EFUSES))
+endif
+
 PLAT_INCLUDES		:=	-Iinclude/plat/arm/common/			\
 				-Iinclude/plat/arm/common/aarch64/		\
 				-Iplat/xilinx/common/include/			\
diff --git a/plat/xilinx/zynqmp/pm_service/pm_defs.h b/plat/xilinx/zynqmp/pm_service/pm_defs.h
index d48df55..bf5ecfe 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@@ -245,6 +245,7 @@
  * @PM_RET_SUCCESS:		success
  * @PM_RET_ERROR_ARGS:		illegal arguments provided (deprecated)
  * @PM_RET_ERROR_NOTSUPPORTED:	feature not supported  (deprecated)
+ * @PM_RET_ERROR_NOT_ENABLED:	feature is not enabled
  * @PM_RET_ERROR_INTERNAL:	internal error
  * @PM_RET_ERROR_CONFLICT:	conflict
  * @PM_RET_ERROR_ACCESS:	access rights violation
@@ -258,6 +259,7 @@
 	PM_RET_SUCCESS,
 	PM_RET_ERROR_ARGS = 1,
 	PM_RET_ERROR_NOTSUPPORTED = 4,
+	PM_RET_ERROR_NOT_ENABLED = 29,
 	PM_RET_ERROR_INTERNAL = 2000,
 	PM_RET_ERROR_CONFLICT = 2001,
 	PM_RET_ERROR_ACCESS = 2002,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index a136ebc..f24387a 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -520,6 +520,13 @@
 	{
 		uint32_t value;
 
+#if defined(ZYNQMP_SECURE_EFUSES)
+		if (is_caller_non_secure(flags)) {
+			SMC_RET1(handle,
+				 (((uint64_t)PM_RET_ERROR_NOT_ENABLED) << 32) |
+				 (uint64_t)PM_RET_ERROR_ACCESS);
+		}
+#endif
 		ret = pm_efuse_access(pm_arg[0], pm_arg[1], &value);
 		SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
 	}