blob: b3c15ee8bab354fd0c86c435c4a9499de07699ac [file] [log] [blame]
Yann Gautier36a1e4b2019-01-17 14:52:47 +01001/*
2 * Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <assert.h>
8#include <limits.h>
9
10#include <libfdt.h>
11
12#include <platform_def.h>
13
14#include <arch_helpers.h>
15#include <common/debug.h>
16#include <drivers/st/bsec.h>
17#include <lib/mmio.h>
18#include <lib/spinlock.h>
19
20#define BSEC_IP_VERSION_1_0 0x10
21#define BSEC_COMPAT "st,stm32mp15-bsec"
22
23#define OTP_ACCESS_SIZE (round_up(OTP_MAX_SIZE, __WORD_BIT) / __WORD_BIT)
24
25static uint32_t otp_nsec_access[OTP_ACCESS_SIZE] __unused;
26
27static uint32_t bsec_power_safmem(bool power);
28
29/* BSEC access protection */
30static spinlock_t bsec_spinlock;
31static uintptr_t bsec_base;
32
33static void bsec_lock(void)
34{
Yann Gautierf540a592019-05-22 19:13:51 +020035 if (stm32mp_lock_available()) {
Yann Gautier36a1e4b2019-01-17 14:52:47 +010036 spin_lock(&bsec_spinlock);
37 }
38}
39
40static void bsec_unlock(void)
41{
Yann Gautierf540a592019-05-22 19:13:51 +020042 if (stm32mp_lock_available()) {
Yann Gautier36a1e4b2019-01-17 14:52:47 +010043 spin_unlock(&bsec_spinlock);
44 }
45}
46
47static int bsec_get_dt_node(struct dt_node_info *info)
48{
49 int node;
50
51 node = dt_get_node(info, -1, BSEC_COMPAT);
52 if (node < 0) {
53 return -FDT_ERR_NOTFOUND;
54 }
55
56 return node;
57}
58
59#if defined(IMAGE_BL32)
60static void enable_non_secure_access(uint32_t otp)
61{
62 otp_nsec_access[otp / __WORD_BIT] |= BIT(otp % __WORD_BIT);
63
64 if (bsec_shadow_register(otp) != BSEC_OK) {
65 panic();
66 }
67}
68
69static bool non_secure_can_access(uint32_t otp)
70{
71 return (otp_nsec_access[otp / __WORD_BIT] &
72 BIT(otp % __WORD_BIT)) != 0;
73}
74
75static int bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
76{
77 int bsec_subnode;
78
79 fdt_for_each_subnode(bsec_subnode, fdt, bsec_node) {
80 const fdt32_t *cuint;
81 uint32_t reg;
82 uint32_t i;
83 uint32_t size;
84 uint8_t status;
85
86 cuint = fdt_getprop(fdt, bsec_subnode, "reg", NULL);
87 if (cuint == NULL) {
88 panic();
89 }
90
91 reg = fdt32_to_cpu(*cuint) / sizeof(uint32_t);
92 if (reg < STM32MP1_UPPER_OTP_START) {
93 continue;
94 }
95
96 status = fdt_get_status(bsec_subnode);
97 if ((status & DT_NON_SECURE) == 0U) {
98 continue;
99 }
100
101 size = fdt32_to_cpu(*(cuint + 1)) / sizeof(uint32_t);
102
103 if ((fdt32_to_cpu(*(cuint + 1)) % sizeof(uint32_t)) != 0) {
104 size++;
105 }
106
107 for (i = reg; i < (reg + size); i++) {
108 enable_non_secure_access(i);
109 }
110 }
111
112 return 0;
113}
114#endif
115
116static uint32_t otp_bank_offset(uint32_t otp)
117{
118 assert(otp <= STM32MP1_OTP_MAX_ID);
119
120 return ((otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT) *
121 sizeof(uint32_t);
122}
123
124static uint32_t bsec_check_error(uint32_t otp)
125{
126 uint32_t bit = BIT(otp & BSEC_OTP_MASK);
127 uint32_t bank = otp_bank_offset(otp);
128
129 if ((mmio_read_32(bsec_base + BSEC_DISTURBED_OFF + bank) & bit) != 0U) {
130 return BSEC_DISTURBED;
131 }
132
133 if ((mmio_read_32(bsec_base + BSEC_ERROR_OFF + bank) & bit) != 0U) {
134 return BSEC_ERROR;
135 }
136
137 return BSEC_OK;
138}
139
140/*
141 * bsec_probe: initialize BSEC driver.
142 * return value: BSEC_OK if no error.
143 */
144uint32_t bsec_probe(void)
145{
146 void *fdt;
147 int node;
148 struct dt_node_info bsec_info;
149
150 if (fdt_get_address(&fdt) == 0) {
151 panic();
152 }
153
154 node = bsec_get_dt_node(&bsec_info);
155 if (node < 0) {
156 panic();
157 }
158
159 bsec_base = bsec_info.base;
160
161#if defined(IMAGE_BL32)
162 bsec_dt_otp_nsec_access(fdt, node);
163#endif
164 return BSEC_OK;
165}
166
167/*
168 * bsec_get_base: return BSEC base address.
169 */
170uint32_t bsec_get_base(void)
171{
172 return bsec_base;
173}
174
175/*
176 * bsec_set_config: enable and configure BSEC.
177 * cfg: pointer to param structure used to set register.
178 * return value: BSEC_OK if no error.
179 */
180uint32_t bsec_set_config(struct bsec_config *cfg)
181{
182 uint32_t value;
183 int32_t result;
184
185 value = ((((uint32_t)cfg->freq << BSEC_CONF_FRQ_SHIFT) &
186 BSEC_CONF_FRQ_MASK) |
187 (((uint32_t)cfg->pulse_width << BSEC_CONF_PRG_WIDTH_SHIFT) &
188 BSEC_CONF_PRG_WIDTH_MASK) |
189 (((uint32_t)cfg->tread << BSEC_CONF_TREAD_SHIFT) &
190 BSEC_CONF_TREAD_MASK));
191
192 bsec_lock();
193
194 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, value);
195
196 bsec_unlock();
197
198 result = bsec_power_safmem((bool)cfg->power &
199 BSEC_CONF_POWER_UP_MASK);
200 if (result != BSEC_OK) {
201 return result;
202 }
203
204 value = ((((uint32_t)cfg->upper_otp_lock << UPPER_OTP_LOCK_SHIFT) &
205 UPPER_OTP_LOCK_MASK) |
206 (((uint32_t)cfg->den_lock << DENREG_LOCK_SHIFT) &
207 DENREG_LOCK_MASK) |
208 (((uint32_t)cfg->prog_lock << GPLOCK_LOCK_SHIFT) &
209 GPLOCK_LOCK_MASK));
210
211 bsec_lock();
212
213 mmio_write_32(bsec_base + BSEC_OTP_LOCK_OFF, value);
214
215 bsec_unlock();
216
217 return BSEC_OK;
218}
219
220/*
221 * bsec_get_config: return config parameters set in BSEC registers.
222 * cfg: config param return.
223 * return value: BSEC_OK if no error.
224 */
225uint32_t bsec_get_config(struct bsec_config *cfg)
226{
227 uint32_t value;
228
229 if (cfg == NULL) {
230 return BSEC_INVALID_PARAM;
231 }
232
233 value = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
234 cfg->power = (uint8_t)((value & BSEC_CONF_POWER_UP_MASK) >>
235 BSEC_CONF_POWER_UP_SHIFT);
236 cfg->freq = (uint8_t)((value & BSEC_CONF_FRQ_MASK) >>
237 BSEC_CONF_FRQ_SHIFT);
238 cfg->pulse_width = (uint8_t)((value & BSEC_CONF_PRG_WIDTH_MASK) >>
239 BSEC_CONF_PRG_WIDTH_SHIFT);
240 cfg->tread = (uint8_t)((value & BSEC_CONF_TREAD_MASK) >>
241 BSEC_CONF_TREAD_SHIFT);
242
243 value = mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF);
244 cfg->upper_otp_lock = (uint8_t)((value & UPPER_OTP_LOCK_MASK) >>
245 UPPER_OTP_LOCK_SHIFT);
246 cfg->den_lock = (uint8_t)((value & DENREG_LOCK_MASK) >>
247 DENREG_LOCK_SHIFT);
248 cfg->prog_lock = (uint8_t)((value & GPLOCK_LOCK_MASK) >>
249 GPLOCK_LOCK_SHIFT);
250
251 return BSEC_OK;
252}
253
254/*
255 * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
256 * otp: OTP number.
257 * return value: BSEC_OK if no error.
258 */
259uint32_t bsec_shadow_register(uint32_t otp)
260{
261 uint32_t result;
262 bool power_up = false;
263
264 if (otp > STM32MP1_OTP_MAX_ID) {
265 return BSEC_INVALID_PARAM;
266 }
267
268 /* Check if shadowing of OTP is locked */
269 if (bsec_read_sr_lock(otp)) {
270 VERBOSE("BSEC: OTP %i is locked and will not be refreshed\n",
271 otp);
272 }
273
274 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
275 result = bsec_power_safmem(true);
276
277 if (result != BSEC_OK) {
278 return result;
279 }
280
281 power_up = true;
282 }
283
284 bsec_lock();
285
286 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
287 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_READ);
288
289 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
290 ;
291 }
292
293 result = bsec_check_error(otp);
294
295 bsec_unlock();
296
297 if (power_up) {
298 if (bsec_power_safmem(false) != BSEC_OK) {
299 panic();
300 }
301 }
302
303 return result;
304}
305
306/*
307 * bsec_read_otp: read an OTP data value.
308 * val: read value.
309 * otp: OTP number.
310 * return value: BSEC_OK if no error.
311 */
312uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
313{
314 uint32_t result;
315
316 if (otp > STM32MP1_OTP_MAX_ID) {
317 return BSEC_INVALID_PARAM;
318 }
319
320 bsec_lock();
321
322 *val = mmio_read_32(bsec_base + BSEC_OTP_DATA_OFF +
323 (otp * sizeof(uint32_t)));
324
325 result = bsec_check_error(otp);
326
327 bsec_unlock();
328
329 return result;
330}
331
332/*
333 * bsec_write_otp: write value in BSEC data register.
334 * val: value to write.
335 * otp: OTP number.
336 * return value: BSEC_OK if no error.
337 */
338uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
339{
340 uint32_t result;
341
342 if (otp > STM32MP1_OTP_MAX_ID) {
343 return BSEC_INVALID_PARAM;
344 }
345
346 /* Check if programming of OTP is locked */
347 if (bsec_read_sw_lock(otp)) {
348 VERBOSE("BSEC: OTP %i is locked and write will be ignored\n",
349 otp);
350 }
351
352 bsec_lock();
353
354 mmio_write_32(bsec_base + BSEC_OTP_DATA_OFF +
355 (otp * sizeof(uint32_t)), val);
356
357 result = bsec_check_error(otp);
358
359 bsec_unlock();
360
361 return result;
362}
363
364/*
365 * bsec_program_otp: program a bit in SAFMEM after the prog.
366 * The OTP data is not refreshed.
367 * val: value to program.
368 * otp: OTP number.
369 * return value: BSEC_OK if no error.
370 */
371uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
372{
373 uint32_t result;
374 bool power_up = false;
375
376 if (otp > STM32MP1_OTP_MAX_ID) {
377 return BSEC_INVALID_PARAM;
378 }
379
380 /* Check if programming of OTP is locked */
381 if (bsec_read_sp_lock(otp)) {
382 WARN("BSEC: OTP locked, prog will be ignored\n");
383 }
384
385 if ((mmio_read_32(bsec_base + BSEC_OTP_LOCK_OFF) &
386 BIT(BSEC_LOCK_PROGRAM)) != 0U) {
387 WARN("BSEC: GPLOCK activated, prog will be ignored\n");
388 }
389
390 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
391 result = bsec_power_safmem(true);
392
393 if (result != BSEC_OK) {
394 return result;
395 }
396
397 power_up = true;
398 }
399
400 bsec_lock();
401
402 /* Set value in write register */
403 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, val);
404
405 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
406 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF, otp | BSEC_WRITE);
407
408 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
409 ;
410 }
411
412 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
413 result = BSEC_PROG_FAIL;
414 } else {
415 result = bsec_check_error(otp);
416 }
417
418 bsec_unlock();
419
420 if (power_up) {
421 if (bsec_power_safmem(false) != BSEC_OK) {
422 panic();
423 }
424 }
425
426 return result;
427}
428
429/*
430 * bsec_permanent_lock_otp: permanent lock of OTP in SAFMEM.
431 * otp: OTP number.
432 * return value: BSEC_OK if no error.
433 */
434uint32_t bsec_permanent_lock_otp(uint32_t otp)
435{
436 uint32_t result;
437 bool power_up = false;
438 uint32_t data;
439 uint32_t addr;
440
441 if (otp > STM32MP1_OTP_MAX_ID) {
442 return BSEC_INVALID_PARAM;
443 }
444
445 if ((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) {
446 result = bsec_power_safmem(true);
447
448 if (result != BSEC_OK) {
449 return result;
450 }
451
452 power_up = true;
453 }
454
455 if (otp < STM32MP1_UPPER_OTP_START) {
456 addr = otp >> ADDR_LOWER_OTP_PERLOCK_SHIFT;
457 data = DATA_LOWER_OTP_PERLOCK_BIT <<
458 ((otp & DATA_LOWER_OTP_PERLOCK_MASK) << 1U);
459 } else {
460 addr = (otp >> ADDR_UPPER_OTP_PERLOCK_SHIFT) + 2U;
461 data = DATA_UPPER_OTP_PERLOCK_BIT <<
462 (otp & DATA_UPPER_OTP_PERLOCK_MASK);
463 }
464
465 bsec_lock();
466
467 /* Set value in write register */
468 mmio_write_32(bsec_base + BSEC_OTP_WRDATA_OFF, data);
469
470 /* Set BSEC_OTP_CTRL_OFF and set ADDR with the OTP value */
471 mmio_write_32(bsec_base + BSEC_OTP_CTRL_OFF,
472 addr | BSEC_WRITE | BSEC_LOCK);
473
474 while ((bsec_get_status() & BSEC_MODE_BUSY_MASK) != 0U) {
475 ;
476 }
477
478 if ((bsec_get_status() & BSEC_MODE_PROGFAIL_MASK) != 0U) {
479 result = BSEC_PROG_FAIL;
480 } else {
481 result = bsec_check_error(otp);
482 }
483
484 bsec_unlock();
485
486 if (power_up) {
487 if (bsec_power_safmem(false) != BSEC_OK) {
488 panic();
489 }
490 }
491
492 return result;
493}
494
495/*
496 * bsec_write_debug_conf: write value in debug feature
497 * to enable/disable debug service.
498 * val: value to write.
499 * return value: BSEC_OK if no error.
500 */
501uint32_t bsec_write_debug_conf(uint32_t val)
502{
503 uint32_t result = BSEC_ERROR;
504 uint32_t masked_val = val & BSEC_DEN_ALL_MSK;
505
506 bsec_lock();
507
508 mmio_write_32(bsec_base + BSEC_DEN_OFF, masked_val);
509
510 if ((mmio_read_32(bsec_base + BSEC_DEN_OFF) ^ masked_val) == 0U) {
511 result = BSEC_OK;
512 }
513
514 bsec_unlock();
515
516 return result;
517}
518
519/*
520 * bsec_read_debug_conf: read debug configuration.
521 */
522uint32_t bsec_read_debug_conf(void)
523{
524 return mmio_read_32(bsec_base + BSEC_DEN_OFF);
525}
526
527/*
528 * bsec_get_status: return status register value.
529 */
530uint32_t bsec_get_status(void)
531{
532 return mmio_read_32(bsec_base + BSEC_OTP_STATUS_OFF);
533}
534
535/*
536 * bsec_get_hw_conf: return hardware configuration.
537 */
538uint32_t bsec_get_hw_conf(void)
539{
540 return mmio_read_32(bsec_base + BSEC_IPHW_CFG_OFF);
541}
542
543/*
544 * bsec_get_version: return BSEC version.
545 */
546uint32_t bsec_get_version(void)
547{
548 return mmio_read_32(bsec_base + BSEC_IPVR_OFF);
549}
550
551/*
552 * bsec_get_id: return BSEC ID.
553 */
554uint32_t bsec_get_id(void)
555{
556 return mmio_read_32(bsec_base + BSEC_IP_ID_OFF);
557}
558
559/*
560 * bsec_get_magic_id: return BSEC magic number.
561 */
562uint32_t bsec_get_magic_id(void)
563{
564 return mmio_read_32(bsec_base + BSEC_IP_MAGIC_ID_OFF);
565}
566
567/*
568 * bsec_write_sr_lock: write shadow-read lock.
569 * otp: OTP number.
570 * value: value to write in the register.
571 * Must be always 1.
572 * return: true if OTP is locked, else false.
573 */
574bool bsec_write_sr_lock(uint32_t otp, uint32_t value)
575{
576 bool result = false;
577 uint32_t bank = otp_bank_offset(otp);
578 uint32_t bank_value;
579 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
580
581 bsec_lock();
582
583 bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
584
585 if ((bank_value & otp_mask) == value) {
586 /*
587 * In case of write don't need to write,
588 * the lock is already set.
589 */
590 if (value != 0U) {
591 result = true;
592 }
593 } else {
594 if (value != 0U) {
595 bank_value = bank_value | otp_mask;
596 } else {
597 bank_value = bank_value & ~otp_mask;
598 }
599
600 /*
601 * We can write 0 in all other OTP
602 * if the lock is activated in one of other OTP.
603 * Write 0 has no effect.
604 */
605 mmio_write_32(bsec_base + BSEC_SRLOCK_OFF + bank, bank_value);
606 result = true;
607 }
608
609 bsec_unlock();
610
611 return result;
612}
613
614/*
615 * bsec_read_sr_lock: read shadow-read lock.
616 * otp: OTP number.
617 * return: true if otp is locked, else false.
618 */
619bool bsec_read_sr_lock(uint32_t otp)
620{
621 uint32_t bank = otp_bank_offset(otp);
622 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
623 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SRLOCK_OFF + bank);
624
625 return (bank_value & otp_mask) != 0U;
626}
627
628/*
629 * bsec_write_sw_lock: write shadow-write lock.
630 * otp: OTP number.
631 * value: Value to write in the register.
632 * Must be always 1.
633 * return: true if OTP is locked, else false.
634 */
635bool bsec_write_sw_lock(uint32_t otp, uint32_t value)
636{
637 bool result = false;
638 uint32_t bank = otp_bank_offset(otp);
639 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
640 uint32_t bank_value;
641
642 bsec_lock();
643
644 bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
645
646 if ((bank_value & otp_mask) == value) {
647 /*
648 * In case of write don't need to write,
649 * the lock is already set.
650 */
651 if (value != 0U) {
652 result = true;
653 }
654 } else {
655 if (value != 0U) {
656 bank_value = bank_value | otp_mask;
657 } else {
658 bank_value = bank_value & ~otp_mask;
659 }
660
661 /*
662 * We can write 0 in all other OTP
663 * if the lock is activated in one of other OTP.
664 * Write 0 has no effect.
665 */
666 mmio_write_32(bsec_base + BSEC_SWLOCK_OFF + bank, bank_value);
667 result = true;
668 }
669
670 bsec_unlock();
671
672 return result;
673}
674
675/*
676 * bsec_read_sw_lock: read shadow-write lock.
677 * otp: OTP number.
678 * return: true if OTP is locked, else false.
679 */
680bool bsec_read_sw_lock(uint32_t otp)
681{
682 uint32_t bank = otp_bank_offset(otp);
683 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
684 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SWLOCK_OFF + bank);
685
686 return (bank_value & otp_mask) != 0U;
687}
688
689/*
690 * bsec_write_sp_lock: write shadow-program lock.
691 * otp: OTP number.
692 * value: Value to write in the register.
693 * Must be always 1.
694 * return: true if OTP is locked, else false.
695 */
696bool bsec_write_sp_lock(uint32_t otp, uint32_t value)
697{
698 bool result = false;
699 uint32_t bank = otp_bank_offset(otp);
700 uint32_t bank_value;
701 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
702
703 bsec_lock();
704
705 bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
706
707 if ((bank_value & otp_mask) == value) {
708 /*
709 * In case of write don't need to write,
710 * the lock is already set.
711 */
712 if (value != 0U) {
713 result = true;
714 }
715 } else {
716 if (value != 0U) {
717 bank_value = bank_value | otp_mask;
718 } else {
719 bank_value = bank_value & ~otp_mask;
720 }
721
722 /*
723 * We can write 0 in all other OTP
724 * if the lock is activated in one of other OTP.
725 * Write 0 has no effect.
726 */
727 mmio_write_32(bsec_base + BSEC_SPLOCK_OFF + bank, bank_value);
728 result = true;
729 }
730
731 bsec_unlock();
732
733 return result;
734}
735
736/*
737 * bsec_read_sp_lock: read shadow-program lock.
738 * otp: OTP number.
739 * return: true if OTP is locked, else false.
740 */
741bool bsec_read_sp_lock(uint32_t otp)
742{
743 uint32_t bank = otp_bank_offset(otp);
744 uint32_t otp_mask = BIT(otp & BSEC_OTP_MASK);
745 uint32_t bank_value = mmio_read_32(bsec_base + BSEC_SPLOCK_OFF + bank);
746
747 return (bank_value & otp_mask) != 0U;
748}
749
750/*
751 * bsec_wr_lock: Read permanent lock status.
752 * otp: OTP number.
753 * return: true if OTP is locked, else false.
754 */
755bool bsec_wr_lock(uint32_t otp)
756{
757 uint32_t bank = otp_bank_offset(otp);
758 uint32_t lock_bit = BIT(otp & BSEC_OTP_MASK);
759
760 if ((mmio_read_32(bsec_base + BSEC_WRLOCK_OFF + bank) &
761 lock_bit) != 0U) {
762 /*
763 * In case of write don't need to write,
764 * the lock is already set.
765 */
766 return true;
767 }
768
769 return false;
770}
771
772/*
773 * bsec_otp_lock: Lock Upper OTP or Global programming or debug enable
774 * service: Service to lock see header file.
775 * value: Value to write must always set to 1 (only use for debug purpose).
776 * return: BSEC_OK if succeed.
777 */
778uint32_t bsec_otp_lock(uint32_t service, uint32_t value)
779{
780 uintptr_t reg = bsec_base + BSEC_OTP_LOCK_OFF;
781
782 switch (service) {
783 case BSEC_LOCK_UPPER_OTP:
784 mmio_write_32(reg, value << BSEC_LOCK_UPPER_OTP);
785 break;
786 case BSEC_LOCK_DEBUG:
787 mmio_write_32(reg, value << BSEC_LOCK_DEBUG);
788 break;
789 case BSEC_LOCK_PROGRAM:
790 mmio_write_32(reg, value << BSEC_LOCK_PROGRAM);
791 break;
792 default:
793 return BSEC_INVALID_PARAM;
794 }
795
796 return BSEC_OK;
797}
798
799/*
800 * bsec_power_safmem: Activate or deactivate SAFMEM power.
801 * power: true to power up, false to power down.
802 * return: BSEC_OK if succeed.
803 */
804static uint32_t bsec_power_safmem(bool power)
805{
806 uint32_t register_val;
807 uint32_t timeout = BSEC_TIMEOUT_VALUE;
808
809 bsec_lock();
810
811 register_val = mmio_read_32(bsec_base + BSEC_OTP_CONF_OFF);
812
813 if (power) {
814 register_val |= BSEC_CONF_POWER_UP_MASK;
815 } else {
816 register_val &= ~BSEC_CONF_POWER_UP_MASK;
817 }
818
819 mmio_write_32(bsec_base + BSEC_OTP_CONF_OFF, register_val);
820
821 /* Waiting loop */
822 if (power) {
823 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) == 0U) &&
824 (timeout != 0U)) {
825 timeout--;
826 }
827 } else {
828 while (((bsec_get_status() & BSEC_MODE_PWR_MASK) != 0U) &&
829 (timeout != 0U)) {
830 timeout--;
831 }
832 }
833
834 bsec_unlock();
835
836 if (timeout == 0U) {
837 return BSEC_TIMEOUT;
838 }
839
840 return BSEC_OK;
841}
842
843/*
844 * bsec_mode_is_closed_device: read OTP secure sub-mode.
845 * return: false if open_device and true of closed_device.
846 */
847bool bsec_mode_is_closed_device(void)
848{
849 uint32_t value;
850
851 if ((bsec_shadow_register(DATA0_OTP) != BSEC_OK) ||
852 (bsec_read_otp(&value, DATA0_OTP) != BSEC_OK)) {
853 return true;
854 }
855
856 return (value & DATA0_OTP_SECURED) == DATA0_OTP_SECURED;
857}
858
859/*
860 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
861 * otp_value: read value.
862 * word: OTP number.
863 * return value: BSEC_OK if no error.
864 */
865uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word)
866{
867 uint32_t result;
868
869 result = bsec_shadow_register(word);
870 if (result != BSEC_OK) {
871 ERROR("BSEC: %u Shadowing Error %i\n", word, result);
872 return result;
873 }
874
875 result = bsec_read_otp(otp_value, word);
876 if (result != BSEC_OK) {
877 ERROR("BSEC: %u Read Error %i\n", word, result);
878 }
879
880 return result;
881}
882
883/*
884 * bsec_check_nsec_access_rights: check non-secure access rights to target OTP.
885 * otp: OTP number.
886 * return: BSEC_OK if authorized access.
887 */
888uint32_t bsec_check_nsec_access_rights(uint32_t otp)
889{
890#if defined(IMAGE_BL32)
891 if (otp > STM32MP1_OTP_MAX_ID) {
892 return BSEC_INVALID_PARAM;
893 }
894
895 if (otp >= STM32MP1_UPPER_OTP_START) {
896 /* Check if BSEC is in OTP-SECURED closed_device state. */
897 if (bsec_mode_is_closed_device()) {
898 if (!non_secure_can_access(otp)) {
899 return BSEC_ERROR;
900 }
901 }
902 }
903#endif
904
905 return BSEC_OK;
906}
907