blob: 85be8e23bdba191f4a919183150baa69bf2f7217 [file] [log] [blame]
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +02001// SPDX-License-Identifier: GPL-2.0+ OR BSD-3-Clause
2/*
3 * Copyright (C) 2019, STMicroelectronics - All Rights Reserved
4 */
5
6#include <common.h>
7#include <command.h>
8#include <console.h>
Patrick Delaunayeb653ac2020-11-06 19:01:29 +01009#include <log.h>
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +020010#include <misc.h>
Patrick Delaunay33a909a2023-01-06 13:20:15 +010011#include <asm/arch/bsec.h>
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +020012#include <dm/device.h>
13#include <dm/uclass.h>
14
Patrick Delaunaye83cef82022-09-15 18:11:41 +020015/*
16 * Closed device: OTP0
17 * STM32MP15x: bit 6 of OPT0
18 * STM32MP13x: 0b111111 = 0x3F for OTP_SECURED closed device
19 */
Patrick Delaunayd3551b82021-06-28 14:56:02 +020020#define STM32_OTP_CLOSE_ID 0
Patrick Delaunaye83cef82022-09-15 18:11:41 +020021#define STM32_OTP_STM32MP13x_CLOSE_MASK 0x3F
22#define STM32_OTP_STM32MP15x_CLOSE_MASK BIT(6)
Patrick Delaunayd3551b82021-06-28 14:56:02 +020023
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +020024/* PKH is the first element of the key list */
25#define STM32KEY_PKH 0
26
27struct stm32key {
28 char *name;
29 char *desc;
30 u8 start;
31 u8 size;
32};
33
Patrick Delaunaye83cef82022-09-15 18:11:41 +020034const struct stm32key stm32mp13_list[] = {
35 [STM32KEY_PKH] = {
36 .name = "PKHTH",
37 .desc = "Hash of the 8 ECC Public Keys Hashes Table (ECDSA is the authentication algorithm)",
38 .start = 24,
39 .size = 8,
40 },
41 {
42 .name = "EDMK",
43 .desc = "Encryption/Decryption Master Key",
44 .start = 92,
45 .size = 4,
46 }
47};
48
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +020049const struct stm32key stm32mp15_list[] = {
50 [STM32KEY_PKH] = {
51 .name = "PKH",
52 .desc = "Hash of the ECC Public Key (ECDSA is the authentication algorithm)",
53 .start = 24,
54 .size = 8,
55 }
56};
57
58/* index of current selected key in stm32key list, 0 = PKH by default */
59static u8 stm32key_index;
60
61static u8 get_key_nb(void)
62{
Patrick Delaunaye83cef82022-09-15 18:11:41 +020063 if (IS_ENABLED(CONFIG_STM32MP13x))
64 return ARRAY_SIZE(stm32mp13_list);
65
66 if (IS_ENABLED(CONFIG_STM32MP15x))
67 return ARRAY_SIZE(stm32mp15_list);
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +020068}
69
70static const struct stm32key *get_key(u8 index)
71{
Patrick Delaunaye83cef82022-09-15 18:11:41 +020072 if (IS_ENABLED(CONFIG_STM32MP13x))
73 return &stm32mp13_list[index];
74
75 if (IS_ENABLED(CONFIG_STM32MP15x))
76 return &stm32mp15_list[index];
77}
78
79static u32 get_otp_close_mask(void)
80{
81 if (IS_ENABLED(CONFIG_STM32MP13x))
82 return STM32_OTP_STM32MP13x_CLOSE_MASK;
83
84 if (IS_ENABLED(CONFIG_STM32MP15x))
85 return STM32_OTP_STM32MP15x_CLOSE_MASK;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +020086}
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +020087
Patrick Delaunaye00e1f32021-06-28 14:56:01 +020088static int get_misc_dev(struct udevice **dev)
89{
90 int ret;
91
92 ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(stm32mp_bsec), dev);
93 if (ret)
94 log_err("Can't find stm32mp_bsec driver\n");
95
96 return ret;
97}
98
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +020099static void read_key_value(const struct stm32key *key, u32 addr)
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200100{
101 int i;
102
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200103 for (i = 0; i < key->size; i++) {
104 printf("%s OTP %i: [%08x] %08x\n", key->name, key->start + i,
105 addr, __be32_to_cpu(*(u32 *)addr));
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200106 addr += 4;
107 }
108}
109
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200110static int read_key_otp(struct udevice *dev, const struct stm32key *key, bool print, bool *locked)
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200111{
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200112 int i, word, ret;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200113 int nb_invalid = 0, nb_zero = 0, nb_lock = 0, nb_lock_err = 0;
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200114 u32 val, lock;
115 bool status;
116
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200117 for (i = 0, word = key->start; i < key->size; i++, word++) {
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200118 ret = misc_read(dev, STM32_BSEC_OTP(word), &val, 4);
119 if (ret != 4)
120 val = ~0x0;
121 ret = misc_read(dev, STM32_BSEC_LOCK(word), &lock, 4);
122 if (ret != 4)
Patrick Delaunayc6327ba2022-09-15 18:11:38 +0200123 lock = BSEC_LOCK_ERROR;
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200124 if (print)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200125 printf("%s OTP %i: %08x lock : %08x\n", key->name, word, val, lock);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200126 if (val == ~0x0)
127 nb_invalid++;
128 else if (val == 0x0)
129 nb_zero++;
Patrick Delaunayc6327ba2022-09-15 18:11:38 +0200130 if (lock & BSEC_LOCK_PERM)
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200131 nb_lock++;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200132 if (lock & BSEC_LOCK_ERROR)
133 nb_lock_err++;
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200134 }
135
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200136 status = nb_lock_err || (nb_lock == key->size);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200137 if (locked)
138 *locked = status;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200139 if (nb_lock_err && print)
140 printf("%s lock is invalid!\n", key->name);
141 else if (!status && print)
142 printf("%s is not locked!\n", key->name);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200143
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200144 if (nb_invalid == key->size) {
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200145 if (print)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200146 printf("%s is invalid!\n", key->name);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200147 return -EINVAL;
148 }
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200149 if (nb_zero == key->size) {
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200150 if (print)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200151 printf("%s is free!\n", key->name);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200152 return -ENOENT;
153 }
154
155 return 0;
156}
157
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200158static int read_close_status(struct udevice *dev, bool print, bool *closed)
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200159{
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200160 int word, ret, result;
Patrick Delaunaye83cef82022-09-15 18:11:41 +0200161 u32 val, lock, mask;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200162 bool status;
163
164 result = 0;
165 word = STM32_OTP_CLOSE_ID;
166 ret = misc_read(dev, STM32_BSEC_OTP(word), &val, 4);
167 if (ret < 0)
168 result = ret;
169 if (ret != 4)
170 val = 0x0;
171
172 ret = misc_read(dev, STM32_BSEC_LOCK(word), &lock, 4);
173 if (ret < 0)
174 result = ret;
175 if (ret != 4)
176 lock = BSEC_LOCK_ERROR;
177
Patrick Delaunaye83cef82022-09-15 18:11:41 +0200178 mask = get_otp_close_mask();
179 status = (val & mask) == mask;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200180 if (closed)
181 *closed = status;
182 if (print)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200183 printf("OTP %d: closed status: %d lock : %08x\n", word, status, lock);
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200184
185 return result;
186}
187
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200188static int fuse_key_value(struct udevice *dev, const struct stm32key *key, u32 addr, bool print)
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200189{
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200190 u32 word, val;
191 int i, ret;
192
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200193 for (i = 0, word = key->start; i < key->size; i++, word++, addr += 4) {
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200194 val = __be32_to_cpu(*(u32 *)addr);
Patrick Delaunayfe240902021-06-28 14:55:59 +0200195 if (print)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200196 printf("Fuse %s OTP %i : %08x\n", key->name, word, val);
Patrick Delaunayfe240902021-06-28 14:55:59 +0200197
198 ret = misc_write(dev, STM32_BSEC_OTP(word), &val, 4);
199 if (ret != 4) {
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200200 log_err("Fuse %s OTP %i failed\n", key->name, word);
Patrick Delaunayfe240902021-06-28 14:55:59 +0200201 return ret;
202 }
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200203 /* on success, lock the OTP for the key */
Patrick Delaunayc6327ba2022-09-15 18:11:38 +0200204 val = BSEC_LOCK_PERM;
Patrick Delaunay3da25522021-06-28 14:56:00 +0200205 ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
206 if (ret != 4) {
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200207 log_err("Lock %s OTP %i failed\n", key->name, word);
Patrick Delaunay3da25522021-06-28 14:56:00 +0200208 return ret;
209 }
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200210 }
Patrick Delaunayfe240902021-06-28 14:55:59 +0200211
212 return 0;
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200213}
214
215static int confirm_prog(void)
216{
217 puts("Warning: Programming fuses is an irreversible operation!\n"
218 " This may brick your system.\n"
219 " Use this command only if you are sure of what you are doing!\n"
220 "\nReally perform this fuse programming? <y/N>\n");
221
222 if (confirm_yesno())
223 return 1;
224
225 puts("Fuse programming aborted\n");
226 return 0;
227}
228
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200229static void display_key_info(const struct stm32key *key)
230{
231 printf("%s : %s\n", key->name, key->desc);
232 printf("\tOTP%d..%d\n", key->start, key->start + key->size);
233}
234
235static int do_stm32key_list(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
236{
237 int i;
238
239 for (i = 0; i < get_key_nb(); i++)
240 display_key_info(get_key(i));
241
242 return CMD_RET_SUCCESS;
243}
244
245static int do_stm32key_select(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
246{
247 const struct stm32key *key;
248 int i;
249
250 if (argc == 1) {
251 printf("Selected key:\n");
252 key = get_key(stm32key_index);
253 display_key_info(key);
254 return CMD_RET_SUCCESS;
255 }
256
257 for (i = 0; i < get_key_nb(); i++) {
258 key = get_key(i);
259 if (!strcmp(key->name, argv[1])) {
260 printf("%s selected\n", key->name);
261 stm32key_index = i;
262 return CMD_RET_SUCCESS;
263 }
264 }
265
266 printf("Unknown key %s\n", argv[1]);
267
268 return CMD_RET_FAILURE;
269}
270
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200271static int do_stm32key_read(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200272{
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200273 const struct stm32key *key;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200274 struct udevice *dev;
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200275 u32 addr;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200276 int ret, i;
277 int result;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200278
279 ret = get_misc_dev(&dev);
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200280
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200281 if (argc == 1) {
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200282 if (ret)
283 return CMD_RET_FAILURE;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200284 key = get_key(stm32key_index);
285 ret = read_key_otp(dev, key, true, NULL);
286 if (ret != -ENOENT)
287 return CMD_RET_FAILURE;
288 return CMD_RET_SUCCESS;
289 }
290
291 if (!strcmp("-a", argv[1])) {
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200292 if (ret)
293 return CMD_RET_FAILURE;
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200294 result = CMD_RET_SUCCESS;
295 for (i = 0; i < get_key_nb(); i++) {
296 key = get_key(i);
297 ret = read_key_otp(dev, key, true, NULL);
298 if (ret != -ENOENT)
299 result = CMD_RET_FAILURE;
300 }
301 ret = read_close_status(dev, true, NULL);
302 if (ret)
303 result = CMD_RET_FAILURE;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200304
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200305 return result;
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200306 }
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200307
Simon Glass7e5f4602021-07-24 09:03:29 -0600308 addr = hextoul(argv[1], NULL);
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200309 if (!addr)
310 return CMD_RET_USAGE;
311
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200312 key = get_key(stm32key_index);
313 printf("Read %s at 0x%08x\n", key->name, addr);
314 read_key_value(key, addr);
Patrick Delaunayf4cb5d62019-07-05 17:20:17 +0200315
316 return CMD_RET_SUCCESS;
317}
318
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200319static int do_stm32key_fuse(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
320{
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200321 const struct stm32key *key = get_key(stm32key_index);
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200322 struct udevice *dev;
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200323 u32 addr;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200324 int ret;
325 bool yes = false, lock;
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200326
327 if (argc < 2)
328 return CMD_RET_USAGE;
329
330 if (argc == 3) {
331 if (strcmp(argv[1], "-y"))
332 return CMD_RET_USAGE;
333 yes = true;
334 }
335
Simon Glass7e5f4602021-07-24 09:03:29 -0600336 addr = hextoul(argv[argc - 1], NULL);
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200337 if (!addr)
338 return CMD_RET_USAGE;
339
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200340 ret = get_misc_dev(&dev);
341 if (ret)
342 return CMD_RET_FAILURE;
343
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200344 if (read_key_otp(dev, key, !yes, &lock) != -ENOENT) {
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200345 printf("Error: can't fuse again the OTP\n");
346 return CMD_RET_FAILURE;
347 }
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200348 if (lock) {
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200349 printf("Error: %s is locked\n", key->name);
Patrick Delaunayd3551b82021-06-28 14:56:02 +0200350 return CMD_RET_FAILURE;
351 }
352
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200353 if (!yes) {
354 printf("Writing %s with\n", key->name);
355 read_key_value(key, addr);
356 }
357
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200358 if (!yes && !confirm_prog())
359 return CMD_RET_FAILURE;
360
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200361 if (fuse_key_value(dev, key, addr, !yes))
Patrick Delaunayfe240902021-06-28 14:55:59 +0200362 return CMD_RET_FAILURE;
363
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200364 printf("%s updated !\n", key->name);
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200365
366 return CMD_RET_SUCCESS;
367}
368
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200369static int do_stm32key_close(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
370{
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200371 const struct stm32key *key;
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200372 bool yes, lock, closed;
373 struct udevice *dev;
374 u32 val;
375 int ret;
376
377 yes = false;
378 if (argc == 2) {
379 if (strcmp(argv[1], "-y"))
380 return CMD_RET_USAGE;
381 yes = true;
382 }
383
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200384 ret = get_misc_dev(&dev);
385 if (ret)
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200386 return CMD_RET_FAILURE;
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200387
388 if (read_close_status(dev, !yes, &closed))
389 return CMD_RET_FAILURE;
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200390
391 if (closed) {
392 printf("Error: already closed!\n");
393 return CMD_RET_FAILURE;
394 }
395
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200396 /* check PKH status before to close */
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200397 key = get_key(STM32KEY_PKH);
398 ret = read_key_otp(dev, key, !yes, &lock);
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200399 if (ret) {
400 if (ret == -ENOENT)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200401 printf("Error: %s not programmed!\n", key->name);
Patrick Delaunay8921b3d2022-09-15 18:11:39 +0200402 return CMD_RET_FAILURE;
403 }
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200404 if (!lock)
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200405 printf("Warning: %s not locked!\n", key->name);
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200406
407 if (!yes && !confirm_prog())
408 return CMD_RET_FAILURE;
409
Patrick Delaunaye83cef82022-09-15 18:11:41 +0200410 val = get_otp_close_mask();
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200411 ret = misc_write(dev, STM32_BSEC_OTP(STM32_OTP_CLOSE_ID), &val, 4);
412 if (ret != 4) {
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200413 printf("Error: can't update OTP %d\n", STM32_OTP_CLOSE_ID);
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200414 return CMD_RET_FAILURE;
415 }
416
417 printf("Device is closed !\n");
418
419 return CMD_RET_SUCCESS;
420}
421
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200422static char stm32key_help_text[] =
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200423 "list : list the supported key with description\n"
424 "stm32key select [<key>] : Select the key identified by <key> or display the key used for read/fuse command\n"
425 "stm32key read [<addr> | -a ] : Read the curent key at <addr> or current / all (-a) key in OTP\n"
426 "stm32key fuse [-y] <addr> : Fuse the current key at addr in OTP\n"
427 "stm32key close [-y] : Close the device\n";
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200428
Patrick Delaunayfd1f4c92022-09-15 18:11:40 +0200429U_BOOT_CMD_WITH_SUBCMDS(stm32key, "Manage key on STM32", stm32key_help_text,
430 U_BOOT_SUBCMD_MKENT(list, 1, 0, do_stm32key_list),
431 U_BOOT_SUBCMD_MKENT(select, 2, 0, do_stm32key_select),
Patrick Delaunaybc78d5f2021-06-28 14:55:58 +0200432 U_BOOT_SUBCMD_MKENT(read, 2, 0, do_stm32key_read),
Patrick Delaunay80cfc6c2021-06-28 14:56:03 +0200433 U_BOOT_SUBCMD_MKENT(fuse, 3, 0, do_stm32key_fuse),
434 U_BOOT_SUBCMD_MKENT(close, 2, 0, do_stm32key_close));