static int jr_hw_reset(void)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
uint32_t timeout = 100000;
uint32_t jrint, jrcr;
sec_out32(®s->jrcr, JRCR_RESET);
do {
jrint = sec_in32(®s->jrint);
} while (((jrint & JRINT_ERR_HALT_MASK) ==
JRINT_ERR_HALT_INPROGRESS) && --timeout);
jrint = sec_in32(®s->jrint);
if (((jrint & JRINT_ERR_HALT_MASK) !=
JRINT_ERR_HALT_INPROGRESS) && timeout == 0)
return -1;
timeout = 100000;
sec_out32(®s->jrcr, JRCR_RESET);
do {
jrcr = sec_in32(®s->jrcr);
} while ((jrcr & JRCR_RESET) && --timeout);
if (timeout == 0)
return -1;
return 0;
}
/*
* By default, the TRNG runs for 200 clocks per sample;
* 1200 clocks per sample generates better entropy.
*/
static void kick_trng(int ent_delay)
{
ccsr_sec_t __iomem *sec =
(ccsr_sec_t __iomem *)CONFIG_SYS_FSL_SEC_ADDR;
struct rng4tst __iomem *rng =
(struct rng4tst __iomem *)&sec->rng;
u32 val;
/* put RNG4 into program mode */
sec_setbits32(&rng->rtmctl, RTMCTL_PRGM);
/* rtsdctl bits 0-15 contain "Entropy Delay, which defines the
* length (in system clocks) of each Entropy sample taken
* */
val = sec_in32(&rng->rtsdctl);
val = (val & ~RTSDCTL_ENT_DLY_MASK) |
(ent_delay << RTSDCTL_ENT_DLY_SHIFT);
sec_out32(&rng->rtsdctl, val);
/* min. freq. count, equal to 1/4 of the entropy sample length */
sec_out32(&rng->rtfreqmin, ent_delay >> 2);
/* disable maximum frequency count */
sec_out32(&rng->rtfreqmax, RTFRQMAX_DISABLE);
/*
* select raw sampling in both entropy shifter
* and statistical checker
*/
sec_setbits32(&rng->rtmctl, RTMCTL_SAMP_MODE_RAW_ES_SC);
/* put RNG4 into run mode */
sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM);
}
int sec_reset(void)
{
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t mcfgr = sec_in32(&sec->mcfgr);
uint32_t timeout = 100000;
mcfgr |= MCFGR_SWRST;
sec_out32(&sec->mcfgr, mcfgr);
mcfgr |= MCFGR_DMA_RST;
sec_out32(&sec->mcfgr, mcfgr);
do {
mcfgr = sec_in32(&sec->mcfgr);
} while ((mcfgr & MCFGR_DMA_RST) == MCFGR_DMA_RST && --timeout);
if (timeout == 0)
return -1;
timeout = 100000;
do {
mcfgr = sec_in32(&sec->mcfgr);
} while ((mcfgr & MCFGR_SWRST) == MCFGR_SWRST && --timeout);
if (timeout == 0)
return -1;
return 0;
}
/*!
* CAAM page allocation:
* Allocates a partition from secure memory, with the id
* equal to partion_num. This will de-allocate the page
* if it is already allocated. The partition will have
* full access permissions. The permissions are set before,
* running a job descriptor. A memory page of secure RAM
* is allocated for the partition.
*
* @param page Number of the page to allocate.
* @param partition Number of the partition to allocate.
* @return 0 on success, ERROR_IN_PAGE_ALLOC otherwise
*/
int caam_page_alloc(uint8_t page_num, uint8_t partition_num)
{
uint32_t temp_reg;
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t sm_vid = SM_VERSION(sec_in32(&sec->smvid));
uint32_t jr_id = 0;
/*
* De-Allocate partition_num if already allocated to ARM core
*/
if (sec_in32(CAAM_SMPO_0) & PARTITION_OWNER(partition_num)) {
temp_reg = secmem_set_cmd(PARTITION(partition_num) |
CMD_PART_DEALLOC);
if (temp_reg & SMCSJR_AERR) {
printf("Error: De-allocation status 0x%X\n", temp_reg);
return ERROR_IN_PAGE_ALLOC;
}
}
/* set the access rights to allow full access */
sec_out32(CAAM_SMAG1JR(sm_vid, jr_id, partition_num), 0xF);
sec_out32(CAAM_SMAG2JR(sm_vid, jr_id, partition_num), 0xF);
sec_out32(CAAM_SMAPJR(sm_vid, jr_id, partition_num), 0xFF);
/* Now need to allocate partition_num of secure RAM. */
/* De-Allocate page_num by starting with a page inquiry command */
temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY);
/* if the page is owned, de-allocate it */
if ((temp_reg & SMCSJR_PO) == PAGE_OWNED) {
temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_PAGE_DEALLOC);
if (temp_reg & SMCSJR_AERR) {
printf("Error: Allocation status 0x%X\n", temp_reg);
return ERROR_IN_PAGE_ALLOC;
}
}
/* Allocate page_num to partition_num */
temp_reg = secmem_set_cmd(PAGE(page_num) | PARTITION(partition_num)
| CMD_PAGE_ALLOC);
if (temp_reg & SMCSJR_AERR) {
printf("Error: Allocation status 0x%X\n", temp_reg);
return ERROR_IN_PAGE_ALLOC;
}
/* page inquiry command to ensure that the page was allocated */
temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY);
/* if the page is not owned => problem */
if ((temp_reg & SMCSJR_PO) != PAGE_OWNED) {
printf("Allocation of page %d in partition %d failed 0x%X\n",
temp_reg, page_num, partition_num);
return ERROR_IN_PAGE_ALLOC;
}
return 0;
}
int sec_init(void)
{
int ret = 0;
#ifdef CONFIG_PHYS_64BIT
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t mcr = sec_in32(&sec->mcfgr);
sec_out32(&sec->mcfgr, mcr | 1 << MCFGR_PS_SHIFT);
#endif
ret = jr_init();
if (ret < 0) {
printf("SEC initialization failed\n");
return -1;
}
if (get_rng_vid() >= 4) {
if (rng_init() < 0) {
printf("RNG instantiation failed\n");
return -1;
}
printf("SEC: RNG instantiated\n");
}
return ret;
}
/* -1 --- error, can't enqueue -- no space available */
static int jr_enqueue(uint32_t *desc_addr,
void (*callback)(uint32_t desc, uint32_t status, void *arg),
void *arg)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
int head = jr.head;
dma_addr_t desc_phys_addr = virt_to_phys(desc_addr);
if (sec_in32(®s->irsa) == 0 ||
CIRC_SPACE(jr.head, jr.tail, jr.size) <= 0)
return -1;
jr.input_ring[head] = desc_phys_addr;
jr.info[head].desc_phys_addr = desc_phys_addr;
jr.info[head].desc_addr = (uint32_t)desc_addr;
jr.info[head].callback = (void *)callback;
jr.info[head].arg = arg;
jr.info[head].op_done = 0;
jr.head = (head + 1) & (jr.size - 1);
sec_out32(®s->irja, 1);
return 0;
}
static inline void jr_disable_irq(void)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
uint32_t jrcfg = sec_in32(®s->jrcfg1);
jrcfg = jrcfg | JR_INTMASK;
sec_out32(®s->jrcfg1, jrcfg);
}
static inline void start_jr0(void)
{
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
u32 ctpr_ms = sec_in32(&sec->ctpr_ms);
u32 scfgr = sec_in32(&sec->scfgr);
if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_INCL) {
/* VIRT_EN_INCL = 1 & VIRT_EN_POR = 1 or
* VIRT_EN_INCL = 1 & VIRT_EN_POR = 0 & SEC_SCFGR_VIRT_EN = 1
*/
if ((ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) ||
(!(ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) &&
(scfgr & SEC_SCFGR_VIRT_EN)))
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
} else {
/* VIRT_EN_INCL = 0 && VIRT_EN_POR_VALUE = 1 */
if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR)
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
}
}
static int jr_dequeue(void)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
int head = jr.head;
int tail = jr.tail;
int idx, i, found;
void (*callback)(uint32_t desc, uint32_t status, void *arg);
void *arg = NULL;
while (sec_in32(®s->orsf) && CIRC_CNT(jr.head, jr.tail, jr.size)) {
found = 0;
dma_addr_t op_desc = jr.output_ring[jr.tail].desc;
uint32_t status = jr.output_ring[jr.tail].status;
uint32_t desc_virt;
for (i = 0; CIRC_CNT(head, tail + i, jr.size) >= 1; i++) {
idx = (tail + i) & (jr.size - 1);
if (op_desc == jr.info[idx].desc_phys_addr) {
desc_virt = jr.info[idx].desc_addr;
found = 1;
break;
}
}
/* Error condition if match not found */
if (!found)
return -1;
jr.info[idx].op_done = 1;
callback = (void *)jr.info[idx].callback;
arg = jr.info[idx].arg;
/* When the job on tail idx gets done, increment
* tail till the point where job completed out of oredr has
* been taken into account
*/
if (idx == tail)
do {
tail = (tail + 1) & (jr.size - 1);
} while (jr.info[tail].op_done);
jr.tail = tail;
jr.read_idx = (jr.read_idx + 1) & (jr.size - 1);
sec_out32(®s->orjr, 1);
jr.info[idx].op_done = 0;
callback(desc_virt, status, arg);
}
return 0;
}
/*
* By default, the TRNG runs for 200 clocks per sample;
* 1200 clocks per sample generates better entropy.
*/
static void kick_trng(int ent_delay)
{
ccsr_sec_t __iomem *sec =
(ccsr_sec_t __iomem *)CONFIG_SYS_FSL_SEC_ADDR;
struct rng4tst __iomem *rng =
(struct rng4tst __iomem *)&sec->rng;
u32 val;
/* put RNG4 into program mode */
sec_setbits32(&rng->rtmctl, RTMCTL_PRGM);
/* rtsdctl bits 0-15 contain "Entropy Delay, which defines the
* length (in system clocks) of each Entropy sample taken
* */
val = sec_in32(&rng->rtsdctl);
val = (val & ~RTSDCTL_ENT_DLY_MASK) |
(ent_delay << RTSDCTL_ENT_DLY_SHIFT);
sec_out32(&rng->rtsdctl, val);
/* min. freq. count, equal to 1/4 of the entropy sample length */
sec_out32(&rng->rtfreqmin, ent_delay >> 2);
/* max. freq. count, equal to 8 times the entropy sample length */
sec_out32(&rng->rtfreqmax, ent_delay << 3);
/* put RNG4 into run mode */
sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM);
}
/*!
* Secure memory run command
*
* @param sec_mem_cmd Secure memory command register
* @return cmd_status Secure memory command status register
*/
uint32_t secmem_set_cmd(uint32_t sec_mem_cmd)
{
uint32_t temp_reg;
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t sm_vid = SM_VERSION(sec_in32(&sec->smvid));
uint32_t jr_id = 0;
sec_out32(CAAM_SMCJR(sm_vid, jr_id), sec_mem_cmd);
do {
temp_reg = sec_in32(CAAM_SMCSJR(sm_vid, jr_id));
} while (temp_reg & CMD_COMPLETE);
return temp_reg;
}
static void jr_initregs(void)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
phys_addr_t ip_base = virt_to_phys((void *)jr.input_ring);
phys_addr_t op_base = virt_to_phys((void *)jr.output_ring);
#ifdef CONFIG_PHYS_64BIT
sec_out32(®s->irba_h, ip_base >> 32);
#else
sec_out32(®s->irba_h, 0x0);
#endif
sec_out32(®s->irba_l, (uint32_t)ip_base);
#ifdef CONFIG_PHYS_64BIT
sec_out32(®s->orba_h, op_base >> 32);
#else
sec_out32(®s->orba_h, 0x0);
#endif
sec_out32(®s->orba_l, (uint32_t)op_base);
sec_out32(®s->ors, JR_SIZE);
sec_out32(®s->irs, JR_SIZE);
if (!jr.irq)
jr_disable_irq();
}
/* -1 --- error, can't enqueue -- no space available */
static int jr_enqueue(uint32_t *desc_addr,
void (*callback)(uint32_t status, void *arg),
void *arg)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
int head = jr.head;
uint32_t desc_word;
int length = desc_len(desc_addr);
int i;
#ifdef CONFIG_PHYS_64BIT
uint32_t *addr_hi, *addr_lo;
#endif
/* The descriptor must be submitted to SEC block as per endianness
* of the SEC Block.
* So, if the endianness of Core and SEC block is different, each word
* of the descriptor will be byte-swapped.
*/
for (i = 0; i < length; i++) {
desc_word = desc_addr[i];
sec_out32((uint32_t *)&desc_addr[i], desc_word);
}
phys_addr_t desc_phys_addr = virt_to_phys(desc_addr);
if (sec_in32(®s->irsa) == 0 ||
CIRC_SPACE(jr.head, jr.tail, jr.size) <= 0)
return -1;
jr.info[head].desc_phys_addr = desc_phys_addr;
jr.info[head].callback = (void *)callback;
jr.info[head].arg = arg;
jr.info[head].op_done = 0;
unsigned long start = (unsigned long)&jr.info[head] &
~(ARCH_DMA_MINALIGN - 1);
unsigned long end = ALIGN((unsigned long)&jr.info[head] +
sizeof(struct jr_info), ARCH_DMA_MINALIGN);
flush_dcache_range(start, end);
#ifdef CONFIG_PHYS_64BIT
/* Write the 64 bit Descriptor address on Input Ring.
* The 32 bit hign and low part of the address will
* depend on endianness of SEC block.
*/
#ifdef CONFIG_SYS_FSL_SEC_LE
addr_lo = (uint32_t *)(&jr.input_ring[head]);
addr_hi = (uint32_t *)(&jr.input_ring[head]) + 1;
#elif defined(CONFIG_SYS_FSL_SEC_BE)
addr_hi = (uint32_t *)(&jr.input_ring[head]);
addr_lo = (uint32_t *)(&jr.input_ring[head]) + 1;
#endif /* ifdef CONFIG_SYS_FSL_SEC_LE */
sec_out32(addr_hi, (uint32_t)(desc_phys_addr >> 32));
sec_out32(addr_lo, (uint32_t)(desc_phys_addr));
#else
/* Write the 32 bit Descriptor address on Input Ring. */
sec_out32(&jr.input_ring[head], desc_phys_addr);
#endif /* ifdef CONFIG_PHYS_64BIT */
start = (unsigned long)&jr.input_ring[head] & ~(ARCH_DMA_MINALIGN - 1);
end = ALIGN((unsigned long)&jr.input_ring[head] +
sizeof(dma_addr_t), ARCH_DMA_MINALIGN);
flush_dcache_range(start, end);
jr.head = (head + 1) & (jr.size - 1);
/* Invalidate output ring */
start = (unsigned long)jr.output_ring &
~(ARCH_DMA_MINALIGN - 1);
end = ALIGN((unsigned long)jr.output_ring + jr.op_size,
ARCH_DMA_MINALIGN);
invalidate_dcache_range(start, end);
sec_out32(®s->irja, 1);
return 0;
}
int sec_init(void)
{
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t mcr = sec_in32(&sec->mcfgr);
int ret = 0;
#ifdef CONFIG_FSL_CORENET
uint32_t liodnr;
uint32_t liodn_ns;
uint32_t liodn_s;
#endif
/*
* Modifying CAAM Read/Write Attributes
* For LS2080A
* For AXI Write - Cacheable, Write Back, Write allocate
* For AXI Read - Cacheable, Read allocate
* Only For LS2080a, to solve CAAM coherency issues
*/
#ifdef CONFIG_LS2080A
mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0xb << MCFGR_AWCACHE_SHIFT);
mcr = (mcr & ~MCFGR_ARCACHE_MASK) | (0x6 << MCFGR_ARCACHE_SHIFT);
#else
mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0x2 << MCFGR_AWCACHE_SHIFT);
#endif
#ifdef CONFIG_PHYS_64BIT
mcr |= (1 << MCFGR_PS_SHIFT);
#endif
sec_out32(&sec->mcfgr, mcr);
#ifdef CONFIG_FSL_CORENET
liodnr = sec_in32(&sec->jrliodnr[0].ls);
liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT;
liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
#endif
ret = jr_init();
if (ret < 0) {
printf("SEC initialization failed\n");
return -1;
}
#ifdef CONFIG_FSL_CORENET
ret = sec_config_pamu_table(liodn_ns, liodn_s);
if (ret < 0)
return -1;
pamu_enable();
#endif
if (get_rng_vid() >= 4) {
if (rng_init() < 0) {
printf("RNG instantiation failed\n");
return -1;
}
printf("SEC: RNG instantiated\n");
}
return ret;
}
static inline void jr_reset_liodn(void)
{
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
sec_out32(&sec->jrliodnr[0].ls, 0);
}
int inline_cnstr_jobdesc_blob_dek(uint32_t *desc, const uint8_t *plain_txt,
uint8_t *dek_blob, uint32_t in_sz)
{
ccsr_sec_t *sec = (void *)CONFIG_SYS_FSL_SEC_ADDR;
uint32_t sm_vid = SM_VERSION(sec_in32(&sec->smvid));
uint32_t jr_id = 0;
uint32_t ret = 0;
u32 aad_w1, aad_w2;
/* output blob will have 32 bytes key blob in beginning and
* 16 byte HMAC identifier at end of data blob */
uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE;
/* Setting HDR for blob */
uint8_t wrapped_key_hdr[8] = {HDR_TAG, 0x00, WRP_HDR_SIZE + out_sz,
HDR_PAR, HAB_MOD, HAB_ALG, in_sz, HAB_FLG};
/* initialize the blob array */
memset(dek_blob, 0, out_sz + 8);
/* Copy the header into the DEK blob buffer */
memcpy(dek_blob, wrapped_key_hdr, sizeof(wrapped_key_hdr));
/* allocating secure memory */
ret = caam_page_alloc(PAGE_1, PARTITION_1);
if (ret)
return ret;
/* Write DEK to secure memory */
memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
unsigned long start = (unsigned long)SEC_MEM_PAGE1 &
~(ARCH_DMA_MINALIGN - 1);
unsigned long end = ALIGN(start + 0x1000, ARCH_DMA_MINALIGN);
flush_dcache_range(start, end);
/* Now configure the access rights of the partition */
sec_out32(CAAM_SMAG1JR(sm_vid, jr_id, PARTITION_1), KS_G1);
sec_out32(CAAM_SMAG2JR(sm_vid, jr_id, PARTITION_1), 0);
sec_out32(CAAM_SMAPJR(sm_vid, jr_id, PARTITION_1), PERM);
/* construct aad for AES */
aad_w1 = (in_sz << OP_ALG_ALGSEL_SHIFT) | KEY_AES_SRC | LD_CCM_MODE;
aad_w2 = 0x0;
init_job_desc(desc, 0);
append_cmd(desc, CMD_LOAD | CLASS_2 | KEY_IMM | KEY_ENC |
(0x0c << LDST_OFFSET_SHIFT) | 0x08);
append_u32(desc, aad_w1);
append_u32(desc, aad_w2);
append_cmd_ptr(desc, (dma_addr_t)SEC_MEM_PAGE1, in_sz, CMD_SEQ_IN_PTR);
append_cmd_ptr(desc, (dma_addr_t)dek_blob + 8, out_sz, CMD_SEQ_OUT_PTR);
append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB |
OP_PCLID_SECMEM);
return ret;
}
static int jr_dequeue(void)
{
struct jr_regs *regs = (struct jr_regs *)CONFIG_SYS_FSL_JR0_ADDR;
int head = jr.head;
int tail = jr.tail;
int idx, i, found;
void (*callback)(uint32_t status, void *arg);
void *arg = NULL;
#ifdef CONFIG_PHYS_64BIT
uint32_t *addr_hi, *addr_lo;
#else
uint32_t *addr;
#endif
while (sec_in32(®s->orsf) && CIRC_CNT(jr.head, jr.tail, jr.size)) {
found = 0;
phys_addr_t op_desc;
#ifdef CONFIG_PHYS_64BIT
/* Read the 64 bit Descriptor address from Output Ring.
* The 32 bit hign and low part of the address will
* depend on endianness of SEC block.
*/
#ifdef CONFIG_SYS_FSL_SEC_LE
addr_lo = (uint32_t *)(&jr.output_ring[jr.tail].desc);
addr_hi = (uint32_t *)(&jr.output_ring[jr.tail].desc) + 1;
#elif defined(CONFIG_SYS_FSL_SEC_BE)
addr_hi = (uint32_t *)(&jr.output_ring[jr.tail].desc);
addr_lo = (uint32_t *)(&jr.output_ring[jr.tail].desc) + 1;
#endif /* ifdef CONFIG_SYS_FSL_SEC_LE */
op_desc = ((u64)sec_in32(addr_hi) << 32) |
((u64)sec_in32(addr_lo));
#else
/* Read the 32 bit Descriptor address from Output Ring. */
addr = (uint32_t *)&jr.output_ring[jr.tail].desc;
op_desc = sec_in32(addr);
#endif /* ifdef CONFIG_PHYS_64BIT */
uint32_t status = sec_in32(&jr.output_ring[jr.tail].status);
for (i = 0; CIRC_CNT(head, tail + i, jr.size) >= 1; i++) {
idx = (tail + i) & (jr.size - 1);
if (op_desc == jr.info[idx].desc_phys_addr) {
found = 1;
break;
}
}
/* Error condition if match not found */
if (!found)
return -1;
jr.info[idx].op_done = 1;
callback = (void *)jr.info[idx].callback;
arg = jr.info[idx].arg;
/* When the job on tail idx gets done, increment
* tail till the point where job completed out of oredr has
* been taken into account
*/
if (idx == tail)
do {
tail = (tail + 1) & (jr.size - 1);
} while (jr.info[tail].op_done);
jr.tail = tail;
jr.read_idx = (jr.read_idx + 1) & (jr.size - 1);
sec_out32(®s->orjr, 1);
jr.info[idx].op_done = 0;
callback(status, arg);
}
return 0;
}
