Commit graph

32 commits

Author SHA1 Message Date
Patrick Delaunay
7b802e1acf stm32mp: bsec: add check on null size in misc ops
Add a protection in misc bsec ops for request with null size.

For example OP-TEE error occurs when get_eth_nb() return 0 in
setup_mac_address() for unknown part number because U-Boot read 0 OTPs.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2023-06-16 11:16:31 +02:00
Patrick Delaunay
a33885ff49 stm32mp: Add support of STM32MP13x in bsec driver
Add support for "st,stm32mp13-bsec" for STM32MP13x in the
bsec driver based on OP-TEE pseudo TA STM32MP BSEC.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2023-01-12 16:37:13 +01:00
Patrick Delaunay
33a909a42a stm32mp: Add OP-TEE support in bsec driver
When OP-TEE is used, the SMC for BSEC management are not available and
the STM32MP BSEC pseudo TA must be used (it is mandatory for STM32MP13
and it is a new feature for STM32MP15x).

The BSEC driver try to open a session to this PTA BSEC at probe
and use it for OTP read or write access to fuse or to shadow.

This patch also adapts the commands stm32key and stboard to handle
the BSEC_LOCK_PERM lock value instead of 1.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2023-01-12 16:37:13 +01:00
Patrick Delaunay
27bad4e7fc stm32mp: cosmetic: Update of bsec driver
Remove unnecessary return in stm32mp_bsec_write_lock and replace tab
by space for plat_auto opts.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2023-01-12 16:37:13 +01:00
Patrick Delaunay
3865a7ec95 arm: stm32mp: move the get_otp helper function in bsec
As the get_otp() helper function in bsec are common for all STM32MP family,
move this function in bsec driver

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-06-17 09:58:21 +02:00
Patrick Delaunay
2d48d99c4a stm32mp1: bsec: add missing dev in function comment
Add the missing @dev reference in some function description.

Fixes: b66bfdf238 ("arm: stm32mp: bsec: migrate trace to log macro")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-03-15 09:10:52 +01:00
Patrick Delaunay
0c20f53b3f stm32mp: bsec: add permanent lock write support
Add support of the permanent lock support in U-Boot proper
when BSEC is not managed by secure monitor (TF-A SP_MIN or OP-TEE).

This patch avoid issue with stm32key command and fuse command
on basic boot for this missing feature of U-Boot BSEC driver.

Reported-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Tested-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-03-15 09:10:52 +01:00
Patrick Delaunay
f42045b2e7 stm32mp15: replace CONFIG_TFABOOT when it is possible
In some part of STM32MP15 support the CONFIG_TFABOOT can be replaced
by other config: CONFIG_ARMV7_PSCI and CONFIG_ARM_SMCCC.

This patch also simplifies the code in cpu.c, stm32mp1_ram.c and
clk_stml32mp1.c as execution of U-Boot in sysram (boot without SPL and
without TFA) is not supported: the associated initialization code is
present only in SPL.

This cleanup patch is a preliminary step to support SPL load of OP-TEE
in secure world, with SPL in secure world and U-Boot in no-secure world.

Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-11-10 17:07:31 +01:00
Patrick Delaunay
9788708f03 arm: stm32mp: bsec: Update OTP shadow registers in SPL
Currently the upper OTP (after 57) are shadowed in U-Boot proper,
when TFABOOT is not used.

This choice cause an issue when U-Boot is not executed after SPL,
so this BSEC initialization is moved in SPL and no more executed in U-Boot,
so it is still executed only one time.

After this patch this BSEC initialization is done in FSBL: SPL or TF-A.

To force this initialization in all the case, the probe of the BSEC
driver is forced in SPL in the arch st32mp function: spl_board_init().

Even if today BSEC driver is already probed in STM32MP15x clock driver
clk_stm32mp1.c because get_cpu_type() is called in
stm32mp1_get_max_opp_freq() function.

Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-11-10 17:06:51 +01:00
Patrick Delaunay
622c956cad stm32mp: bsec: manage clock when present in device tree
Enable the clocks during bsec probe when they are present in device tree.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-03-11 17:50:10 +01:00
Patrick Delaunay
b66bfdf238 arm: stm32mp: bsec: migrate trace to log macro
Define LOG_CATEGORY, change pr_debug to dev_dbg and remove "bsec:"
header as it is managed by log macro (dev->name is displayed)

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2021-01-13 09:52:58 +01:00
Simon Glass
65e25bea59 dm: Rename DM_GET_DRIVER() to DM_DRIVER_GET()
In the spirit of using the same base name for all of these related macros,
rename this to have the operation at the end. This is not widely used so
the impact is fairly small.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-05 12:26:35 -07:00
Simon Glass
8a8d24bdf1 dm: treewide: Rename ..._platdata variables to just ..._plat
Try to maintain some consistency between these variables by using _plat as
a suffix for them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:09 -07:00
Simon Glass
d1998a9fde dm: treewide: Rename ofdata_to_platdata() to of_to_plat()
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:09 -07:00
Simon Glass
c69cda25c9 dm: treewide: Rename dev_get_platdata() to dev_get_plat()
Rename this to be consistent with the change from 'platdata'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:09 -07:00
Simon Glass
caa4daa2ae dm: treewide: Rename 'platdata' variables to just 'plat'
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).

Rename some of the latter variables to end with 'plat' for consistency.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:08 -07:00
Simon Glass
41575d8e4c dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.

Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 08:00:25 -07:00
Patrick Delaunay
4e9e358fe8 arm: stm32mp: bsec: use IS_ENABLED to prevent ifdef
Use IS_ENABLED to prevent ifdef in bsec driver.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13 09:52:49 +02:00
Patrick Delaunay
bd3f60d29c arm: stm32mp: protect DBGMCU_IDC access with BSEC
As debugger must be totally closed on Sec closed chip,
the DBGMCU_IDC register is no more accessible (self
hosted debug is disabled with OTP).

This patch adds a function bsec_dbgswenable() to check
if the DBGMCU registers are available before to access them:
BSEC_DENABLE.DBGSWENABLE = self hosted debug status.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-07-07 16:01:23 +02:00
Patrick Delaunay
95bd49a5aa arm: stm32mp: spl: add bsec driver in SPL
Add the bsec driver in SPL, as it is needed by SOC part number detection
to found the supported OPP.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-07-07 16:01:23 +02:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Patrick Delaunay
654706be84 configs: stm32mp1: replace STM32MP1_TRUSTED by TFABOOT
Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp
specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT
introduced by the commit 535d76a121 ("armv8: layerscape: Add TFABOOT
support").
This config CONFIG_TFABOOT is activated for the trusted boot chain,
when U-Boot is loaded by TF-A.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-04-15 09:08:37 +02:00
Patrick Delaunay
7ae22d7278 arm: stm32mp: bsec: add permanent lock support in bsec driver
Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver.
The write access only available for Trusted boot mode, based on new
SMC STM32_SMC_WRLOCK_OTP.

With the fuse command, the permanent lock status is accessed with
0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program
divided by u32 size), for example:

Read lock status of fuse 57 (0x39)

  STM32MP> fuse sense 0 0x10000039 1

  Sensing bank 0:

  Word 0x10000039: 00000000

Set permanent lock of fuse 57 (0x39)

  STM32MP> fuse prog 0 0x10000039 1

  Sensing bank 0:

  Word 0x10000039: 00000000

WARNING: the OTP lock is updated only after reboot

WARING: Programming lock or fuses is an irreversible operation!
        This may brick your system.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
2020-03-24 14:05:35 +01:00
Patrick Delaunay
df2d1b8fc4 arm: stm32mp: bsec: remove unneeded test
Remove the test offs < 0 , as offs is unsigned.

This patch solves the warnings when compiling with W=1
on stm32mp1 board:

In function ‘stm32mp_bsec_read’:
arch/arm/mach-stm32mp/bsec.c:368:11: warning:
comparison of unsigned expression < 0 is always false [-Wtype-limits]
  368 |  if (offs < 0 || (offs % 4) || (size % 4))
      |           ^
In function ‘stm32mp_bsec_write’:
arch/arm/mach-stm32mp/bsec.c:405:11: warning:
comparison of unsigned expression < 0 is always false [-Wtype-limits]
  405 |  if (offs < 0 || (offs % 4) || (size % 4))
      |           ^

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
2020-03-24 14:05:35 +01:00
Patrick Delaunay
0c8620d2ff bsec: update after MISC u-class update
Since the commit 8729b1ae2c ("misc: Update read() and
write() methods to return bytes xfered"); The misc bsec driver
need to be adapted to reflect the number of transferred bytes.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-08-27 11:19:23 +02:00
Patrick Delaunay
745b676d00 stm32mp1: bsec: Fix warnings when compiling with W=1
This patch solves the following warnings:

arch/arm/mach-stm32mp/bsec.c: In function 'stm32mp_bsec_read':
warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  if (offset >= STM32_BSEC_OTP_OFFSET) {
             ^~
arch/arm/mach-stm32mp/bsec.c: In function 'stm32mp_bsec_write':
warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  if (offset >= STM32_BSEC_OTP_OFFSET) {
             ^~
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-07-12 11:50:54 +02:00
Patrick Delaunay
ee7d772370 stm32mp1: cosmetic: bsec: reorder include files
Reorder the include files in alphabetic order.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-05-23 11:36:46 +02:00
Patrick Delaunay
815bc8bc94 stm32mp1: bsec: shadow all the upper OTP (no secure) during boot
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-04-12 16:09:13 +02:00
Patrick Delaunay
bfe1f08f88 stm32mp1: bsec: use device tree new compatible
Update bsec driver to use the device tree provided by Kernel.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-04-12 16:09:13 +02:00
Patrick Delaunay
d859c61139 stm32mp1: bsec: access with SMC for trusted boot
As BSEC is secure aware, all register access need to be done
by TF-A for TRUSTED boot chain, when U-Boot is executed in
normal world.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-04-12 16:09:13 +02:00
Bin Meng
4854ebc57e arm: stm32mp: Remove DM_FLAG_PRE_RELOC flag
When a driver declares DM_FLAG_PRE_RELOC flag, it wishes to be
bound before relocation. However due to a bug in the DM core,
the flag only takes effect when devices are statically declared
via U_BOOT_DEVICE(). This bug has been fixed recently by commit
"dm: core: Respect drivers with the DM_FLAG_PRE_RELOC flag in
lists_bind_fdt()", but with the fix, it has a side effect that
all existing drivers that declared DM_FLAG_PRE_RELOC flag will
be bound before relocation now. This may expose potential boot
failure on some boards due to insufficient memory during the
pre-relocation stage.

To mitigate this potential impact, the following changes are
implemented:

- Remove DM_FLAG_PRE_RELOC flag in the driver, if the driver
  only supports configuration from device tree (OF_CONTROL)
- Keep DM_FLAG_PRE_RELOC flag in the driver only if the device
  is statically declared via U_BOOT_DEVICE()
- Surround DM_FLAG_PRE_RELOC flag with OF_CONTROL check, for
  drivers that support both statically declared devices and
  configuration from device tree

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
2018-11-14 09:16:28 -08:00
Patrick Delaunay
19f589923a stm32mp1: add bsec driver
Add a MISC driver with read and write access to BSEC IP
(Boot and Security and OTP control)
- offset 0: shadowed values
- offset 0x80000000: OTP fuse box values (SAFMEM)

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
2018-05-26 18:19:18 -04:00