Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 36a1e4b7f56c2cc33bca4afd426b6a3636dc8be5 / . / drivers / st / bsec / bsec.c
blob: aaecf1f83a0cf2235b7812973d7c9df91071f75b [file] [log] [blame]
Yann Gautier36a1e4b2019-01-17 14:52:47 +0100[diff] [blame^]1/*
2 * Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <assert.h>
8#include <limits.h>
9
10#include <libfdt.h>
11
12#include <platform_def.h>
13
14#include <arch_helpers.h>
15#include <common/debug.h>
16#include <drivers/st/bsec.h>
17#include <lib/mmio.h>
18#include <lib/spinlock.h>
19
20#define BSEC_IP_VERSION_1_0 0x10
21#define BSEC_COMPAT "st,stm32mp15-bsec"
22
23#define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
24
25static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __unused;
26
27static uint32_t bsec_power_safmem(bool power);
28
29/* BSEC access protection */
30static spinlock_t bsec_spinlock;
31static uintptr_t bsec_base;
32
33static void bsec_lock(void)
34{
35 const uint32_t mask = SCTLR_M_BIT | SCTLR_C_BIT;
36
37 /* Lock is currently required only when MMU and cache are enabled */
38 if ((read_sctlr() & mask) == mask) {
39 spin_lock(&bsec_spinlock);
40 }
41}
42
43static void bsec_unlock(void)
44{
45 const uint32_t mask = SCTLR_M_BIT | SCTLR_C_BIT;
46
47 /* Unlock is required only when MMU and cache are enabled */
48 if ((read_sctlr() & mask) == mask) {
49 spin_unlock(&bsec_spinlock);
50 }
51}
52
53static int bsec_get_dt_node(struct dt_node_info *info)
54{
55 int node;
56
57 node = dt_get_node(info, -1, BSEC_COMPAT);
58 if (node < 0) {
59 return -FDT_ERR_NOTFOUND;
60 }
61
62 return node;
63}
64
65#if defined(IMAGE_BL32)
66static void enable_non_secure_access(uint32_t otp)
67{
68 otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
69
70 if (bsec_shadow_register(otp) != BSEC_OK) {
71 panic();
72 }
73}
74
75static bool non_secure_can_access(uint32_t otp)
76{
77 return (otp_nsec_access[otp / __WORD_BIT] &
78 BIT(otp % __WORD_BIT)) != 0;
79}
80
81static int bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
82{
83 int bsec_subnode;
84
85 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
86 const fdt32_t *cuint;
87 uint32_t reg;
88 uint32_t i;
89 uint32_t size;
90 uint8_t status;
91
92 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
93 if (cuint == NULL) {
94 panic();
95 }
96
97 reg = fdt32_to_cpu(*cuint) / sizeof(uint32_t);
98 if (reg < STM32MP1_UPPER_OTP_START) {
99 continue;
100 }
101
102 status = fdt_get_status(bsec_subnode);
103 if ((status & DT_NON_SECURE) == 0U) {
104 continue;
105 }
106
107 size = fdt32_to_cpu(*(cuint + 1)) / sizeof(uint32_t);
108
109 if ((fdt32_to_cpu(*(cuint + 1)) % sizeof(uint32_t)) != 0) {
110 size++;
111 }
112
113 for (i = reg; i < (reg + size); i++) {
114 enable_non_secure_access(i);
115 }
116 }
117
118 return 0;
119}
120#endif
121
122static uint32_t otp_bank_offset(uint32_t otp)
123{
124 assert(otp <= STM32MP1_OTP_MAX_ID);
125
126 return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
127 sizeof(uint32_t);
128}
129
130static uint32_t bsec_check_error(uint32_t otp)
131{
132 uint32_t bit = BIT(otp & BSEC_OTP_MASK);
133 uint32_t bank = otp_bank_offset(otp);
134
135 if ((mmio_read_32(bsec_base + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
136 return BSEC_DISTURBED;
137 }
138
139 if ((mmio_read_32(bsec_base + BSEC_ERROR_OFF + bank) & bit) != 0U) {
140 return BSEC_ERROR;
141 }
142
143 return BSEC_OK;
144}
145
146/*
147 * bsec_probe: initialize BSEC driver.
148 * return value: BSEC_OK if no error.
149 */
150uint32_t bsec_probe(void)
151{
152 void *fdt;
153 int node;
154 struct dt_node_info bsec_info;
155
156 if (fdt_get_address(&fdt) == 0) {
157 panic();
158 }
159
160 node = bsec_get_dt_node(&bsec_info);
161 if (node < 0) {
162 panic();
163 }
164
165 bsec_base = bsec_info.base;
166
167#if defined(IMAGE_BL32)
168 bsec_dt_otp_nsec_access(fdt, node);
169#endif
170 return BSEC_OK;
171}
172
173/*
174 * bsec_get_base: return BSEC base address.
175 */
176uint32_t bsec_get_base(void)
177{
178 return bsec_base;
179}
180
181/*
182 * bsec_set_config: enable and configure BSEC.
183 * cfg: pointer to param structure used to set register.
184 * return value: BSEC_OK if no error.
185 */
186uint32_t bsec_set_config(struct bsec_config *cfg)
187{
188 uint32_t value;
189 int32_t result;
190
191 value = ((((uint32_t)cfg->freq << BSEC_CONF_FRQ_SHIFT) &
192 BSEC_CONF_FRQ_MASK) |
193 (((uint32_t)cfg->pulse_width << BSEC_CONF_PRG_WIDTH_SHIFT) &
194 BSEC_CONF_PRG_WIDTH_MASK) |
195 (((uint32_t)cfg->tread << BSEC_CONF_TREAD_SHIFT) &
196 BSEC_CONF_TREAD_MASK));
197
198 bsec_lock();
199
200 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, value);
201
202 bsec_unlock();
203
204 result = bsec_power_safmem((bool)cfg->power &
205 BSEC_CONF_POWER_UP_MASK);
206 if (result != BSEC_OK) {
207 return result;
208 }
209
210 value = ((((uint32_t)cfg->upper_otp_lock << UPPER_OTP_LOCK_SHIFT) &
211 UPPER_OTP_LOCK_MASK) |
212 (((uint32_t)cfg->den_lock << DENREG_LOCK_SHIFT) &
213 DENREG_LOCK_MASK) |
214 (((uint32_t)cfg->prog_lock << GPLOCK_LOCK_SHIFT) &
215 GPLOCK_LOCK_MASK));
216
217 bsec_lock();
218
219 mmio_write_32(bsec_base + BSEC_OTP_LOCK_OFF, value);
220
221 bsec_unlock();
222
223 return BSEC_OK;
224}
225
226/*
227 * bsec_get_config: return config parameters set in BSEC registers.
228 * cfg: config param return.
229 * return value: BSEC_OK if no error.
230 */
231uint32_t bsec_get_config(struct bsec_config *cfg)
232{
233 uint32_t value;
234
235 if (cfg == NULL) {
236 return BSEC_INVALID_PARAM;
237 }
238
239 value = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
240 cfg->power = (uint8_t)((value & BSEC_CONF_POWER_UP_MASK) >>
241 BSEC_CONF_POWER_UP_SHIFT);
242 cfg->freq = (uint8_t)((value & BSEC_CONF_FRQ_MASK) >>
243 BSEC_CONF_FRQ_SHIFT);
244 cfg->pulse_width = (uint8_t)((value & BSEC_CONF_PRG_WIDTH_MASK) >>
245 BSEC_CONF_PRG_WIDTH_SHIFT);
246 cfg->tread = (uint8_t)((value & BSEC_CONF_TREAD_MASK) >>
247 BSEC_CONF_TREAD_SHIFT);
248
249 value = mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF);
250 cfg->upper_otp_lock = (uint8_t)((value & UPPER_OTP_LOCK_MASK) >>
251 UPPER_OTP_LOCK_SHIFT);
252 cfg->den_lock = (uint8_t)((value & DENREG_LOCK_MASK) >>
253 DENREG_LOCK_SHIFT);
254 cfg->prog_lock = (uint8_t)((value & GPLOCK_LOCK_MASK) >>
255 GPLOCK_LOCK_SHIFT);
256
257 return BSEC_OK;
258}
259
260/*
261 * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
262 * otp: OTP number.
263 * return value: BSEC_OK if no error.
264 */
265uint32_t bsec_shadow_register(uint32_t otp)
266{
267 uint32_t result;
268 bool power_up = false;
269
270 if (otp > STM32MP1_OTP_MAX_ID) {
271 return BSEC_INVALID_PARAM;
272 }
273
274 /* Check if shadowing of OTP is locked */
275 if (bsec_read_sr_lock(otp)) {
276 VERBOSE("BSEC: OTP %i is locked and will not be refreshed\n",
277 otp);
278 }
279
280 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
281 result = bsec_power_safmem(true);
282
283 if (result != BSEC_OK) {
284 return result;
285 }
286
287 power_up = true;
288 }
289
290 bsec_lock();
291
292 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
293 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
294
295 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
296 ;
297 }
298
299 result = bsec_check_error(otp);
300
301 bsec_unlock();
302
303 if (power_up) {
304 if (bsec_power_safmem(false) != BSEC_OK) {
305 panic();
306 }
307 }
308
309 return result;
310}
311
312/*
313 * bsec_read_otp: read an OTP data value.
314 * val: read value.
315 * otp: OTP number.
316 * return value: BSEC_OK if no error.
317 */
318uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
319{
320 uint32_t result;
321
322 if (otp > STM32MP1_OTP_MAX_ID) {
323 return BSEC_INVALID_PARAM;
324 }
325
326 bsec_lock();
327
328 *val = mmio_read_32(bsec_base + BSEC_OTP_DATA_OFF +
329 (otp * sizeof(uint32_t)));
330
331 result = bsec_check_error(otp);
332
333 bsec_unlock();
334
335 return result;
336}
337
338/*
339 * bsec_write_otp: write value in BSEC data register.
340 * val: value to write.
341 * otp: OTP number.
342 * return value: BSEC_OK if no error.
343 */
344uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
345{
346 uint32_t result;
347
348 if (otp > STM32MP1_OTP_MAX_ID) {
349 return BSEC_INVALID_PARAM;
350 }
351
352 /* Check if programming of OTP is locked */
353 if (bsec_read_sw_lock(otp)) {
354 VERBOSE("BSEC: OTP %i is locked and write will be ignored\n",
355 otp);
356 }
357
358 bsec_lock();
359
360 mmio_write_32(bsec_base + BSEC_OTP_DATA_OFF +
361 (otp * sizeof(uint32_t)), val);
362
363 result = bsec_check_error(otp);
364
365 bsec_unlock();
366
367 return result;
368}
369
370/*
371 * bsec_program_otp: program a bit in SAFMEM after the prog.
372 * The OTP data is not refreshed.
373 * val: value to program.
374 * otp: OTP number.
375 * return value: BSEC_OK if no error.
376 */
377uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
378{
379 uint32_t result;
380 bool power_up = false;
381
382 if (otp > STM32MP1_OTP_MAX_ID) {
383 return BSEC_INVALID_PARAM;
384 }
385
386 /* Check if programming of OTP is locked */
387 if (bsec_read_sp_lock(otp)) {
388 WARN("BSEC: OTP locked, prog will be ignored\n");
389 }
390
391 if ((mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF) &
392 BIT(BSEC_LOCK_PROGRAM)) != 0U) {
393 WARN("BSEC: GPLOCK activated, prog will be ignored\n");
394 }
395
396 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
397 result = bsec_power_safmem(true);
398
399 if (result != BSEC_OK) {
400 return result;
401 }
402
403 power_up = true;
404 }
405
406 bsec_lock();
407
408 /* Set value in write register */
409 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, val);
410
411 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
412 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
413
414 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
415 ;
416 }
417
418 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
419 result = BSEC_PROG_FAIL;
420 } else {
421 result = bsec_check_error(otp);
422 }
423
424 bsec_unlock();
425
426 if (power_up) {
427 if (bsec_power_safmem(false) != BSEC_OK) {
428 panic();
429 }
430 }
431
432 return result;
433}
434
435/*
436 * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
437 * otp: OTP number.
438 * return value: BSEC_OK if no error.
439 */
440uint32_t bsec_permanent_lock_otp(uint32_t otp)
441{
442 uint32_t result;
443 bool power_up = false;
444 uint32_t data;
445 uint32_t addr;
446
447 if (otp > STM32MP1_OTP_MAX_ID) {
448 return BSEC_INVALID_PARAM;
449 }
450
451 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
452 result = bsec_power_safmem(true);
453
454 if (result != BSEC_OK) {
455 return result;
456 }
457
458 power_up = true;
459 }
460
461 if (otp < STM32MP1_UPPER_OTP_START) {
462 addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
463 data = DATA_LOWER_OTP_PERLOCK_BIT <<
464 ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
465 } else {
466 addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
467 data = DATA_UPPER_OTP_PERLOCK_BIT <<
468 (otp & DATA_UPPER_OTP_PERLOCK_MASK);
469 }
470
471 bsec_lock();
472
473 /* Set value in write register */
474 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, data);
475
476 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
477 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF,
478 addr | BSEC_WRITE | BSEC_LOCK);
479
480 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
481 ;
482 }
483
484 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
485 result = BSEC_PROG_FAIL;
486 } else {
487 result = bsec_check_error(otp);
488 }
489
490 bsec_unlock();
491
492 if (power_up) {
493 if (bsec_power_safmem(false) != BSEC_OK) {
494 panic();
495 }
496 }
497
498 return result;
499}
500
501/*
502 * bsec_write_debug_conf: write value in debug feature
503 * to enable/disable debug service.
504 * val: value to write.
505 * return value: BSEC_OK if no error.
506 */
507uint32_t bsec_write_debug_conf(uint32_t val)
508{
509 uint32_t result = BSEC_ERROR;
510 uint32_t masked_val = val & BSEC_DEN_ALL_MSK;
511
512 bsec_lock();
513
514 mmio_write_32(bsec_base + BSEC_DEN_OFF, masked_val);
515
516 if ((mmio_read_32(bsec_base + BSEC_DEN_OFF) ^ masked_val) == 0U) {
517 result = BSEC_OK;
518 }
519
520 bsec_unlock();
521
522 return result;
523}
524
525/*
526 * bsec_read_debug_conf: read debug configuration.
527 */
528uint32_t bsec_read_debug_conf(void)
529{
530 return mmio_read_32(bsec_base + BSEC_DEN_OFF);
531}
532
533/*
534 * bsec_get_status: return status register value.
535 */
536uint32_t bsec_get_status(void)
537{
538 return mmio_read_32(bsec_base + BSEC_OTP_STATUS_OFF);
539}
540
541/*
542 * bsec_get_hw_conf: return hardware configuration.
543 */
544uint32_t bsec_get_hw_conf(void)
545{
546 return mmio_read_32(bsec_base + BSEC_IPHW_CFG_OFF);
547}
548
549/*
550 * bsec_get_version: return BSEC version.
551 */
552uint32_t bsec_get_version(void)
553{
554 return mmio_read_32(bsec_base + BSEC_IPVR_OFF);
555}
556
557/*
558 * bsec_get_id: return BSEC ID.
559 */
560uint32_t bsec_get_id(void)
561{
562 return mmio_read_32(bsec_base + BSEC_IP_ID_OFF);
563}
564
565/*
566 * bsec_get_magic_id: return BSEC magic number.
567 */
568uint32_t bsec_get_magic_id(void)
569{
570 return mmio_read_32(bsec_base + BSEC_IP_MAGIC_ID_OFF);
571}
572
573/*
574 * bsec_write_sr_lock: write shadow-read lock.
575 * otp: OTP number.
576 * value: value to write in the register.
577 * Must be always 1.
578 * return: true if OTP is locked, else false.
579 */
580bool bsec_write_sr_lock(uint32_t otp, uint32_t value)
581{
582 bool result = false;
583 uint32_t bank = otp_bank_offset(otp);
584 uint32_t bank_value;
585 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
586
587 bsec_lock();
588
589 bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
590
591 if ((bank_value & otp_mask) == value) {
592 /*
593 * In case of write don't need to write,
594 * the lock is already set.
595 */
596 if (value != 0U) {
597 result = true;
598 }
599 } else {
600 if (value != 0U) {
601 bank_value = bank_value | otp_mask;
602 } else {
603 bank_value = bank_value & ~otp_mask;
604 }
605
606 /*
607 * We can write 0 in all other OTP
608 * if the lock is activated in one of other OTP.
609 * Write 0 has no effect.
610 */
611 mmio_write_32(bsec_base + BSEC_SRLOCK_OFF + bank, bank_value);
612 result = true;
613 }
614
615 bsec_unlock();
616
617 return result;
618}
619
620/*
621 * bsec_read_sr_lock: read shadow-read lock.
622 * otp: OTP number.
623 * return: true if otp is locked, else false.
624 */
625bool bsec_read_sr_lock(uint32_t otp)
626{
627 uint32_t bank = otp_bank_offset(otp);
628 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
629 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
630
631 return (bank_value & otp_mask) != 0U;
632}
633
634/*
635 * bsec_write_sw_lock: write shadow-write lock.
636 * otp: OTP number.
637 * value: Value to write in the register.
638 * Must be always 1.
639 * return: true if OTP is locked, else false.
640 */
641bool bsec_write_sw_lock(uint32_t otp, uint32_t value)
642{
643 bool result = false;
644 uint32_t bank = otp_bank_offset(otp);
645 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
646 uint32_t bank_value;
647
648 bsec_lock();
649
650 bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
651
652 if ((bank_value & otp_mask) == value) {
653 /*
654 * In case of write don't need to write,
655 * the lock is already set.
656 */
657 if (value != 0U) {
658 result = true;
659 }
660 } else {
661 if (value != 0U) {
662 bank_value = bank_value | otp_mask;
663 } else {
664 bank_value = bank_value & ~otp_mask;
665 }
666
667 /*
668 * We can write 0 in all other OTP
669 * if the lock is activated in one of other OTP.
670 * Write 0 has no effect.
671 */
672 mmio_write_32(bsec_base + BSEC_SWLOCK_OFF + bank, bank_value);
673 result = true;
674 }
675
676 bsec_unlock();
677
678 return result;
679}
680
681/*
682 * bsec_read_sw_lock: read shadow-write lock.
683 * otp: OTP number.
684 * return: true if OTP is locked, else false.
685 */
686bool bsec_read_sw_lock(uint32_t otp)
687{
688 uint32_t bank = otp_bank_offset(otp);
689 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
690 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
691
692 return (bank_value & otp_mask) != 0U;
693}
694
695/*
696 * bsec_write_sp_lock: write shadow-program lock.
697 * otp: OTP number.
698 * value: Value to write in the register.
699 * Must be always 1.
700 * return: true if OTP is locked, else false.
701 */
702bool bsec_write_sp_lock(uint32_t otp, uint32_t value)
703{
704 bool result = false;
705 uint32_t bank = otp_bank_offset(otp);
706 uint32_t bank_value;
707 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
708
709 bsec_lock();
710
711 bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
712
713 if ((bank_value & otp_mask) == value) {
714 /*
715 * In case of write don't need to write,
716 * the lock is already set.
717 */
718 if (value != 0U) {
719 result = true;
720 }
721 } else {
722 if (value != 0U) {
723 bank_value = bank_value | otp_mask;
724 } else {
725 bank_value = bank_value & ~otp_mask;
726 }
727
728 /*
729 * We can write 0 in all other OTP
730 * if the lock is activated in one of other OTP.
731 * Write 0 has no effect.
732 */
733 mmio_write_32(bsec_base + BSEC_SPLOCK_OFF + bank, bank_value);
734 result = true;
735 }
736
737 bsec_unlock();
738
739 return result;
740}
741
742/*
743 * bsec_read_sp_lock: read shadow-program lock.
744 * otp: OTP number.
745 * return: true if OTP is locked, else false.
746 */
747bool bsec_read_sp_lock(uint32_t otp)
748{
749 uint32_t bank = otp_bank_offset(otp);
750 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
751 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
752
753 return (bank_value & otp_mask) != 0U;
754}
755
756/*
757 * bsec_wr_lock: Read permanent lock status.
758 * otp: OTP number.
759 * return: true if OTP is locked, else false.
760 */
761bool bsec_wr_lock(uint32_t otp)
762{
763 uint32_t bank = otp_bank_offset(otp);
764 uint32_t lock_bit = BIT(otp & BSEC_OTP_MASK);
765
766 if ((mmio_read_32(bsec_base + BSEC_WRLOCK_OFF + bank) &
767 lock_bit) != 0U) {
768 /*
769 * In case of write don't need to write,
770 * the lock is already set.
771 */
772 return true;
773 }
774
775 return false;
776}
777
778/*
779 * bsec_otp_lock: Lock Upper OTP or Global programming or debug enable
780 * service: Service to lock see header file.
781 * value: Value to write must always set to 1 (only use for debug purpose).
782 * return: BSEC_OK if succeed.
783 */
784uint32_t bsec_otp_lock(uint32_t service, uint32_t value)
785{
786 uintptr_t reg = bsec_base + BSEC_OTP_LOCK_OFF;
787
788 switch (service) {
789 case BSEC_LOCK_UPPER_OTP:
790 mmio_write_32(reg, value << BSEC_LOCK_UPPER_OTP);
791 break;
792 case BSEC_LOCK_DEBUG:
793 mmio_write_32(reg, value << BSEC_LOCK_DEBUG);
794 break;
795 case BSEC_LOCK_PROGRAM:
796 mmio_write_32(reg, value << BSEC_LOCK_PROGRAM);
797 break;
798 default:
799 return BSEC_INVALID_PARAM;
800 }
801
802 return BSEC_OK;
803}
804
805/*
806 * bsec_power_safmem: Activate or deactivate SAFMEM power.
807 * power: true to power up, false to power down.
808 * return: BSEC_OK if succeed.
809 */
810static uint32_t bsec_power_safmem(bool power)
811{
812 uint32_t register_val;
813 uint32_t timeout = BSEC_TIMEOUT_VALUE;
814
815 bsec_lock();
816
817 register_val = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
818
819 if (power) {
820 register_val |= BSEC_CONF_POWER_UP_MASK;
821 } else {
822 register_val &= ~BSEC_CONF_POWER_UP_MASK;
823 }
824
825 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, register_val);
826
827 /* Waiting loop */
828 if (power) {
829 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) &&
830 (timeout != 0U)) {
831 timeout--;
832 }
833 } else {
834 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) != 0U) &&
835 (timeout != 0U)) {
836 timeout--;
837 }
838 }
839
840 bsec_unlock();
841
842 if (timeout == 0U) {
843 return BSEC_TIMEOUT;
844 }
845
846 return BSEC_OK;
847}
848
849/*
850 * bsec_mode_is_closed_device: read OTP secure sub-mode.
851 * return: false if open_device and true of closed_device.
852 */
853bool bsec_mode_is_closed_device(void)
854{
855 uint32_t value;
856
857 if ((bsec_shadow_register(DATA0_OTP) != BSEC_OK) ||
858 (bsec_read_otp(&value, DATA0_OTP) != BSEC_OK)) {
859 return true;
860 }
861
862 return (value & DATA0_OTP_SECURED) == DATA0_OTP_SECURED;
863}
864
865/*
866 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
867 * otp_value: read value.
868 * word: OTP number.
869 * return value: BSEC_OK if no error.
870 */
871uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word)
872{
873 uint32_t result;
874
875 result = bsec_shadow_register(word);
876 if (result != BSEC_OK) {
877 ERROR("BSEC: %u Shadowing Error %i\n", word, result);
878 return result;
879 }
880
881 result = bsec_read_otp(otp_value, word);
882 if (result != BSEC_OK) {
883 ERROR("BSEC: %u Read Error %i\n", word, result);
884 }
885
886 return result;
887}
888
889/*
890 * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
891 * otp: OTP number.
892 * return: BSEC_OK if authorized access.
893 */
894uint32_t bsec_check_nsec_access_rights(uint32_t otp)
895{
896#if defined(IMAGE_BL32)
897 if (otp > STM32MP1_OTP_MAX_ID) {
898 return BSEC_INVALID_PARAM;
899 }
900
901 if (otp >= STM32MP1_UPPER_OTP_START) {
902 /* Check if BSEC is in OTP-SECURED closed_device state. */
903 if (bsec_mode_is_closed_device()) {
904 if (!non_secure_can_access(otp)) {
905 return BSEC_ERROR;
906 }
907 }
908 }
909#endif
910
911 return BSEC_OK;
912}
913