Add support for "st,stm32mp13-bsec" for STM32MP13x in the
bsec driver based on OP-TEE pseudo TA STM32MP BSEC.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
When OP-TEE is used, the SMC for BSEC management are not available and
the STM32MP BSEC pseudo TA must be used (it is mandatory for STM32MP13
and it is a new feature for STM32MP15x).
The BSEC driver try to open a session to this PTA BSEC at probe
and use it for OTP read or write access to fuse or to shadow.
This patch also adapts the commands stm32key and stboard to handle
the BSEC_LOCK_PERM lock value instead of 1.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Remove unnecessary return in stm32mp_bsec_write_lock and replace tab
by space for plat_auto opts.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
As the get_otp() helper function in bsec are common for all STM32MP family,
move this function in bsec driver
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add the missing @dev reference in some function description.
Fixes: b66bfdf238 ("arm: stm32mp: bsec: migrate trace to log macro")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add support of the permanent lock support in U-Boot proper
when BSEC is not managed by secure monitor (TF-A SP_MIN or OP-TEE).
This patch avoid issue with stm32key command and fuse command
on basic boot for this missing feature of U-Boot BSEC driver.
Reported-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Tested-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
In some part of STM32MP15 support the CONFIG_TFABOOT can be replaced
by other config: CONFIG_ARMV7_PSCI and CONFIG_ARM_SMCCC.
This patch also simplifies the code in cpu.c, stm32mp1_ram.c and
clk_stml32mp1.c as execution of U-Boot in sysram (boot without SPL and
without TFA) is not supported: the associated initialization code is
present only in SPL.
This cleanup patch is a preliminary step to support SPL load of OP-TEE
in secure world, with SPL in secure world and U-Boot in no-secure world.
Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Currently the upper OTP (after 57) are shadowed in U-Boot proper,
when TFABOOT is not used.
This choice cause an issue when U-Boot is not executed after SPL,
so this BSEC initialization is moved in SPL and no more executed in U-Boot,
so it is still executed only one time.
After this patch this BSEC initialization is done in FSBL: SPL or TF-A.
To force this initialization in all the case, the probe of the BSEC
driver is forced in SPL in the arch st32mp function: spl_board_init().
Even if today BSEC driver is already probed in STM32MP15x clock driver
clk_stm32mp1.c because get_cpu_type() is called in
stm32mp1_get_max_opp_freq() function.
Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Enable the clocks during bsec probe when they are present in device tree.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Define LOG_CATEGORY, change pr_debug to dev_dbg and remove "bsec:"
header as it is managed by log macro (dev->name is displayed)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
In the spirit of using the same base name for all of these related macros,
rename this to have the operation at the end. This is not widely used so
the impact is fairly small.
Signed-off-by: Simon Glass <sjg@chromium.org>
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.
Signed-off-by: Simon Glass <sjg@chromium.org>
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use IS_ENABLED to prevent ifdef in bsec driver.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
As debugger must be totally closed on Sec closed chip,
the DBGMCU_IDC register is no more accessible (self
hosted debug is disabled with OTP).
This patch adds a function bsec_dbgswenable() to check
if the DBGMCU registers are available before to access them:
BSEC_DENABLE.DBGSWENABLE = self hosted debug status.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Add the bsec driver in SPL, as it is needed by SOC part number detection
to found the supported OPP.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp
specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT
introduced by the commit 535d76a121 ("armv8: layerscape: Add TFABOOT
support").
This config CONFIG_TFABOOT is activated for the trusted boot chain,
when U-Boot is loaded by TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver.
The write access only available for Trusted boot mode, based on new
SMC STM32_SMC_WRLOCK_OTP.
With the fuse command, the permanent lock status is accessed with
0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program
divided by u32 size), for example:
Read lock status of fuse 57 (0x39)
STM32MP> fuse sense 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
Set permanent lock of fuse 57 (0x39)
STM32MP> fuse prog 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
WARNING: the OTP lock is updated only after reboot
WARING: Programming lock or fuses is an irreversible operation!
This may brick your system.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Remove the test offs < 0 , as offs is unsigned.
This patch solves the warnings when compiling with W=1
on stm32mp1 board:
In function ‘stm32mp_bsec_read’:
arch/arm/mach-stm32mp/bsec.c:368:11: warning:
comparison of unsigned expression < 0 is always false [-Wtype-limits]
368 | if (offs < 0 || (offs % 4) || (size % 4))
| ^
In function ‘stm32mp_bsec_write’:
arch/arm/mach-stm32mp/bsec.c:405:11: warning:
comparison of unsigned expression < 0 is always false [-Wtype-limits]
405 | if (offs < 0 || (offs % 4) || (size % 4))
| ^
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Since the commit 8729b1ae2c ("misc: Update read() and
write() methods to return bytes xfered"); The misc bsec driver
need to be adapted to reflect the number of transferred bytes.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
This patch solves the following warnings:
arch/arm/mach-stm32mp/bsec.c: In function 'stm32mp_bsec_read':
warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (offset >= STM32_BSEC_OTP_OFFSET) {
^~
arch/arm/mach-stm32mp/bsec.c: In function 'stm32mp_bsec_write':
warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (offset >= STM32_BSEC_OTP_OFFSET) {
^~
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
As BSEC is secure aware, all register access need to be done
by TF-A for TRUSTED boot chain, when U-Boot is executed in
normal world.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
When a driver declares DM_FLAG_PRE_RELOC flag, it wishes to be
bound before relocation. However due to a bug in the DM core,
the flag only takes effect when devices are statically declared
via U_BOOT_DEVICE(). This bug has been fixed recently by commit
"dm: core: Respect drivers with the DM_FLAG_PRE_RELOC flag in
lists_bind_fdt()", but with the fix, it has a side effect that
all existing drivers that declared DM_FLAG_PRE_RELOC flag will
be bound before relocation now. This may expose potential boot
failure on some boards due to insufficient memory during the
pre-relocation stage.
To mitigate this potential impact, the following changes are
implemented:
- Remove DM_FLAG_PRE_RELOC flag in the driver, if the driver
only supports configuration from device tree (OF_CONTROL)
- Keep DM_FLAG_PRE_RELOC flag in the driver only if the device
is statically declared via U_BOOT_DEVICE()
- Surround DM_FLAG_PRE_RELOC flag with OF_CONTROL check, for
drivers that support both statically declared devices and
configuration from device tree
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
Add a MISC driver with read and write access to BSEC IP
(Boot and Security and OTP control)
- offset 0: shadowed values
- offset 0x80000000: OTP fuse box values (SAFMEM)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>