#include <linux/iopoll.h>
#define BSEC_OTP_MAX_VALUE 95
-
-#ifndef CONFIG_STM32MP1_TRUSTED
#define BSEC_TIMEOUT_US 10000
/* BSEC REGISTER OFFSET (base relative) */
#define BSEC_OTP_LOCK_OFF 0x010
#define BSEC_DISTURBED_OFF 0x01C
#define BSEC_ERROR_OFF 0x034
-#define BSEC_SPLOCK_OFF 0x064 /* Program safmem sticky lock */
-#define BSEC_SWLOCK_OFF 0x07C /* write in OTP sticky lock */
-#define BSEC_SRLOCK_OFF 0x094 /* shadowing sticky lock */
+#define BSEC_WRLOCK_OFF 0x04C /* OTP write permananet lock */
+#define BSEC_SPLOCK_OFF 0x064 /* OTP write sticky lock */
+#define BSEC_SWLOCK_OFF 0x07C /* shadow write sticky lock */
+#define BSEC_SRLOCK_OFF 0x094 /* shadow read sticky lock */
#define BSEC_OTP_DATA_OFF 0x200
/* BSEC_CONFIGURATION Register MASK */
#define BSEC_LOCK_PROGRAM 0x04
/**
- * bsec_check_error() - Check status of one otp
- * @base: base address of bsec IP
+ * bsec_lock() - manage lock for each type SR/SP/SW
+ * @address: address of bsec IP register
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
- * Return: 0 if no error, -EAGAIN or -ENOTSUPP
+ * Return: true if locked else false
*/
-static u32 bsec_check_error(u32 base, u32 otp)
+static bool bsec_read_lock(u32 address, u32 otp)
{
u32 bit;
u32 bank;
bit = 1 << (otp & OTP_LOCK_MASK);
bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
- if (readl(base + BSEC_DISTURBED_OFF + bank) & bit)
- return -EAGAIN;
- else if (readl(base + BSEC_ERROR_OFF + bank) & bit)
- return -ENOTSUPP;
-
- return 0;
+ return !!(readl(address + bank) & bit);
}
+#ifndef CONFIG_STM32MP1_TRUSTED
/**
- * bsec_lock() - manage lock for each type SR/SP/SW
- * @address: address of bsec IP register
+ * bsec_check_error() - Check status of one otp
+ * @base: base address of bsec IP
* @otp: otp number (0 - BSEC_OTP_MAX_VALUE)
- * Return: true if locked else false
+ * Return: 0 if no error, -EAGAIN or -ENOTSUPP
*/
-static bool bsec_read_lock(u32 address, u32 otp)
+static u32 bsec_check_error(u32 base, u32 otp)
{
u32 bit;
u32 bank;
bit = 1 << (otp & OTP_LOCK_MASK);
bank = ((otp >> OTP_LOCK_BANK_SHIFT) & OTP_LOCK_MASK) * sizeof(u32);
- return !!(readl(address + bank) & bit);
+ if (readl(base + BSEC_DISTURBED_OFF + bank) & bit)
+ return -EAGAIN;
+ else if (readl(base + BSEC_ERROR_OFF + bank) & bit)
+ return -ENOTSUPP;
+
+ return 0;
}
/**
#endif
}
+static int stm32mp_bsec_read_lock(struct udevice *dev, u32 *val, u32 otp)
+{
+ struct stm32mp_bsec_platdata *plat = dev_get_platdata(dev);
+
+ /* return OTP permanent write lock status */
+ *val = bsec_read_lock(plat->base + BSEC_WRLOCK_OFF, otp);
+
+ return 0;
+}
+
static int stm32mp_bsec_write_otp(struct udevice *dev, u32 val, u32 otp)
{
#ifdef CONFIG_STM32MP1_TRUSTED
#endif
}
+static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
+{
+#ifdef CONFIG_STM32MP1_TRUSTED
+ if (val == 1)
+ return stm32_smc_exec(STM32_SMC_BSEC,
+ STM32_SMC_WRLOCK_OTP,
+ otp, 0);
+ if (val == 0)
+ return 0; /* nothing to do */
+
+ return -EINVAL;
+#else
+ return -ENOTSUPP;
+#endif
+}
+
static int stm32mp_bsec_read(struct udevice *dev, int offset,
void *buf, int size)
{
int ret;
int i;
- bool shadow = true;
+ bool shadow = true, lock = false;
int nb_otp = size / sizeof(u32);
int otp;
unsigned int offs = offset;
- if (offs >= STM32_BSEC_OTP_OFFSET) {
+ if (offs >= STM32_BSEC_LOCK_OFFSET) {
+ offs -= STM32_BSEC_LOCK_OFFSET;
+ lock = true;
+ } else if (offs >= STM32_BSEC_OTP_OFFSET) {
offs -= STM32_BSEC_OTP_OFFSET;
shadow = false;
}
for (i = otp; i < (otp + nb_otp) && i <= BSEC_OTP_MAX_VALUE; i++) {
u32 *addr = &((u32 *)buf)[i - otp];
- if (shadow)
+ if (lock)
+ ret = stm32mp_bsec_read_lock(dev, addr, i);
+ else if (shadow)
ret = stm32mp_bsec_read_shadow(dev, addr, i);
else
ret = stm32mp_bsec_read_otp(dev, addr, i);
{
int ret = 0;
int i;
- bool shadow = true;
+ bool shadow = true, lock = false;
int nb_otp = size / sizeof(u32);
int otp;
unsigned int offs = offset;
- if (offs >= STM32_BSEC_OTP_OFFSET) {
+ if (offs >= STM32_BSEC_LOCK_OFFSET) {
+ offs -= STM32_BSEC_LOCK_OFFSET;
+ lock = true;
+ } else if (offs >= STM32_BSEC_OTP_OFFSET) {
offs -= STM32_BSEC_OTP_OFFSET;
shadow = false;
}
for (i = otp; i < otp + nb_otp && i <= BSEC_OTP_MAX_VALUE; i++) {
u32 *val = &((u32 *)buf)[i - otp];
- if (shadow)
+ if (lock)
+ ret = stm32mp_bsec_write_lock(dev, *val, i);
+ else if (shadow)
ret = stm32mp_bsec_write_shadow(dev, *val, i);
else
ret = stm32mp_bsec_write_otp(dev, *val, i);
- OTP_58[15:0] = MAC_ADDR[47:32]
To program a MAC address on virgin OTP words above, you can use the fuse command
-on bank 0 to access to internal OTP:
+on bank 0 to access to internal OTP and lock them:
Prerequisite: check if a MAC address isn't yet programmed in OTP
-1) check OTP: their value must be equal to 0
+1) check OTP: their value must be equal to 0::
- STM32MP> fuse sense 0 57 2
- Sensing bank 0:
- Word 0x00000039: 00000000 00000000
+ STM32MP> fuse sense 0 57 2
+ Sensing bank 0:
+ Word 0x00000039: 00000000 00000000
+
+2) check environment variable::
+
+ STM32MP> env print ethaddr
+ ## Error: "ethaddr" not defined
-2) check environment variable
+3) check lock status of fuse 57 & 58 (at 0x39, 0=unlocked, 1=locked)::
- STM32MP> env print ethaddr
- ## Error: "ethaddr" not defined
+ STM32MP> fuse sense 0 0x10000039 2
+ Sensing bank 0:
+ Word 0x10000039: 00000000 00000000
Example to set mac address "12:34:56:78:9a:bc"
Sensing bank 0:
Word 0x00000039: 78563412 0000bc9a
-3) next REBOOT, in the trace::
+3) Lock OTP::
+
+ STM32MP> fuse prog 0 0x10000039 1 1
+
+ STM32MP> fuse sense 0 0x10000039 2
+ Sensing bank 0:
+ Word 0x10000039: 00000001 00000001
+
+4) next REBOOT, in the trace::
### Setting environment from OTP MAC address = "12:34:56:78:9a:bc"
-4) check env update::
+5) check env update::
STM32MP> env print ethaddr
ethaddr=12:34:56:78:9a:bc
projects / u-boot.git / commitdiff