Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 6b39d35dcecbfec3d6e70dce87fa2a967eaf0dc0^! / . / drivers / misc / Kconfig
commit6b39d35dcecbfec3d6e70dce87fa2a967eaf0dc0[log] [tgz]
authorSean Anderson <sean.anderson@seco.com>Fri Apr 22 14:34:18 2022 -0400
committerPeng Fan <peng.fan@nxp.com>Mon Jun 20 09:18:25 2022 +0800
tree57486ef14538ceb8b9ff74e7277eba9d83003e8e
parent8936edd8731b722c47b7737b5cf3019b1c04f1bd [diff] [blame]
arm: layerscape: Add sfp driver

This adds a driver for the Security Fuse Processor (SFP) present on
LS1012A, LS1021A, LS1043A, and LS1046A processors. It holds the
Super-Root Key (SRK), One-Time-Programmable Master Key (OTPMK), and
other "security" related fuses. Similar devices (sharing the same name)
are present on other processors, but for the moment this just supports
the LS2 variants.

The mirror registers are loaded during power-on reset. All mirror
registers must be programmed or read at once. Because of this, `fuse
prog` will program all fuses, even though only one might be specified.
To prevent accidentally burning through all your fuse programming cycles
with something like `fuse prog 0 0 A B C D`, we limit ourselves to one
programming cycle per reset. Fuses are numbered based on their address.
The fuse at 0x1e80200 is 0, the fuse at 0x1e80204 is 1, etc.

The TA_PROG_SFP supply must be enabled when programming fuses, but must
be disabled when reading them. Typically this supply is enabled by
inserting a jumper or by setting a register in the board's FPGA. I've
also added support for using a regulator. This could be helpful for
automatically issuing the FPGA write, or for toggling a GPIO controlling
the supply.

I suggest using the following procedure for programming:

1. Override the fuses you wish to program
   => fuse override 0 2 A B C D
2. Inspect the values and ensure that they are what you expect
   => fuse sense 0 2 4
3. Enable TA_PROG_SFP
4. Issue a program command using OSPR0 as a dummy. Since it contains the
   write-protect bit you will usually want to write it last anyway.
   => fuse prog 0 0 0
5. Disable TA_PROG_SFP
6. Read back the fuses and ensure they are correct
   => fuse read 0 2 4

Signed-off-by: Sean Anderson <sean.anderson@seco.com>

diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index f368d52..31b10f9 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig

@@ -289,6 +289,20 @@
 	help
 	  This selects support for the eFUSE on Ingenic JZ4780 SoCs.
 
+config LS2_SFP
+	bool "Layerscape Security Fuse Processor"
+	depends on FSL_LSCH2 || ARCH_LS1021A
+	depends on MISC
+	imply DM_REGULATOR
+	help
+	  This adds support for the Security Fuse Processor found on Layerscape
+	  SoCs. It contains various fuses related to secure boot, including the
+	  Super Root Key hash, One-Time-Programmable Master Key, Debug
+	  Challenge/Response values, and others. Fuses are numbered according
+	  to their four-byte offset from the start of the bank.
+
+	  If you don't need to read/program fuses, say 'n'.
+
 config MXC_OCOTP
 	bool "Enable MXC OCOTP Driver"
 	depends on ARCH_IMX8M || ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP || ARCH_VF610