/* * CAAM control-plane driver backend * Controller-level driver, kernel property detection, initialization * * Copyright 2008-2012 Freescale Semiconductor, Inc. */ #include #include #include #include "compat.h" #include "regs.h" #include "intern.h" #include "jr.h" #include "desc_constr.h" #include "error.h" /* * Descriptor to instantiate RNG State Handle 0 in normal mode and * load the JDKEK, TDKEK and TDSK registers */ static void build_instantiation_desc(u32 *desc, int handle, int do_sk) { u32 *jump_cmd, op_flags; init_job_desc(desc, 0); op_flags = OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT; /* INIT RNG in non-test mode */ append_operation(desc, op_flags); if (!handle && do_sk) { /* * For SH0, Secure Keys must be generated as well */ /* wait for done */ jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1); set_jump_tgt_here(desc, jump_cmd); /* * load 1 to clear written reg: * resets the done interrrupt and returns the RNG to idle. */ append_load_imm_u32(desc, 1, LDST_SRCDST_WORD_CLRW); /* Initialize State Handle */ append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | OP_ALG_AAI_RNG4_SK); } append_jump(desc, JUMP_CLASS_CLASS1 | JUMP_TYPE_HALT); } /* Descriptor for deinstantiation of State Handle 0 of the RNG block. */ static void build_deinstantiation_desc(u32 *desc, int handle) { init_job_desc(desc, 0); /* Uninstantiate State Handle 0 */ append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INITFINAL); append_jump(desc, JUMP_CLASS_CLASS1 | JUMP_TYPE_HALT); } /* * run_descriptor_deco0 - runs a descriptor on DECO0, under direct control of * the software (no JR/QI used). * @ctrldev - pointer to device * @status - descriptor status, after being run * * Return: - 0 if no error occurred * - -ENODEV if the DECO couldn't be acquired * - -EAGAIN if an error occurred while executing the descriptor */ static inline int run_descriptor_deco0(struct device *ctrldev, u32 *desc, u32 *status) { struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev); struct caam_full __iomem *topregs; unsigned int timeout = 100000; u32 deco_dbg_reg, flags; int i; /* Set the bit to request direct access to DECO0 */ topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; setbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE); while (!(rd_reg32(&topregs->ctrl.deco_rq) & DECORR_DEN0) && --timeout) cpu_relax(); if (!timeout) { dev_err(ctrldev, "failed to acquire DECO 0\n"); clrbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE); return -ENODEV; } for (i = 0; i < desc_len(desc); i++) wr_reg32(&topregs->deco.descbuf[i], *(desc + i)); flags = DECO_JQCR_WHL; /* * If the descriptor length is longer than 4 words, then the * FOUR bit in JRCTRL register must be set. */ if (desc_len(desc) >= 4) flags |= DECO_JQCR_FOUR; /* Instruct the DECO to execute it */ wr_reg32(&topregs->deco.jr_ctl_hi, flags); timeout = 10000000; do { deco_dbg_reg = rd_reg32(&topregs->deco.desc_dbg); /* * If an error occured in the descriptor, then * the DECO status field will be set to 0x0D */ if ((deco_dbg_reg & DESC_DBG_DECO_STAT_MASK) == DESC_DBG_DECO_STAT_HOST_ERR) break; cpu_relax(); } while ((deco_dbg_reg & DESC_DBG_DECO_STAT_VALID) && --timeout); *status = rd_reg32(&topregs->deco.op_status_hi) & DECO_OP_STATUS_HI_ERR_MASK; /* Mark the DECO as free */ clrbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE); if (!timeout) return -EAGAIN; return 0; } /* * instantiate_rng - builds and executes a descriptor on DECO0, * which initializes the RNG block. * @ctrldev - pointer to device * @state_handle_mask - bitmask containing the instantiation status * for the RNG4 state handles which exist in * the RNG4 block: 1 if it's been instantiated * by an external entry, 0 otherwise. * @gen_sk - generate data to be loaded into the JDKEK, TDKEK and TDSK; * Caution: this can be done only once; if the keys need to be * regenerated, a POR is required * * Return: - 0 if no error occurred * - -ENOMEM if there isn't enough memory to allocate the descriptor * - -ENODEV if DECO0 couldn't be acquired * - -EAGAIN if an error occurred when executing the descriptor * f.i. there was a RNG hardware error due to not "good enough" * entropy being aquired. */ static int instantiate_rng(struct device *ctrldev, int state_handle_mask, int gen_sk) { struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev); struct caam_full __iomem *topregs; struct rng4tst __iomem *r4tst; u32 *desc, status, rdsta_val; int ret = 0, sh_idx; topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; r4tst = &topregs->ctrl.r4tst[0]; desc = kmalloc(CAAM_CMD_SZ * 7, GFP_KERNEL); if (!desc) return -ENOMEM; for (sh_idx = 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) { /* * If the corresponding bit is set, this state handle * was initialized by somebody else, so it's left alone. */ if ((1 << sh_idx) & state_handle_mask) continue; /* Create the descriptor for instantiating RNG State Handle */ build_instantiation_desc(desc, sh_idx, gen_sk); /* Try to run it through DECO0 */ ret = run_descriptor_deco0(ctrldev, desc, &status); /* * If ret is not 0, or descriptor status is not 0, then * something went wrong. No need to try the next state * handle (if available), bail out here. * Also, if for some reason, the State Handle didn't get * instantiated although the descriptor has finished * without any error (HW optimizations for later * CAAM eras), then try again. */ rdsta_val = rd_reg32(&topregs->ctrl.r4tst[0].rdsta) & RDSTA_IFMASK; if (status || !(rdsta_val & (1 << sh_idx))) ret = -EAGAIN; if (ret) break; dev_info(ctrldev, "Instantiated RNG4 SH%d\n", sh_idx); /* Clear the contents before recreating the descriptor */ memset(desc, 0x00, CAAM_CMD_SZ * 7); } kfree(desc); return ret; } /* * deinstantiate_rng - builds and executes a descriptor on DECO0, * which deinitializes the RNG block. * @ctrldev - pointer to device * @state_handle_mask - bitmask containing the instantiation status * for the RNG4 state handles which exist in * the RNG4 block: 1 if it's been instantiated * * Return: - 0 if no error occurred * - -ENOMEM if there isn't enough memory to allocate the descriptor * - -ENODEV if DECO0 couldn't be acquired * - -EAGAIN if an error occurred when executing the descriptor */ static int deinstantiate_rng(struct device *ctrldev, int state_handle_mask) { u32 *desc, status; int sh_idx, ret = 0; desc = kmalloc(CAAM_CMD_SZ * 3, GFP_KERNEL); if (!desc) return -ENOMEM; for (sh_idx = 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) { /* * If the corresponding bit is set, then it means the state * handle was initialized by us, and thus it needs to be * deintialized as well */ if ((1 << sh_idx) & state_handle_mask) { /* * Create the descriptor for deinstantating this state * handle */ build_deinstantiation_desc(desc, sh_idx); /* Try to run it through DECO0 */ ret = run_descriptor_deco0(ctrldev, desc, &status); if (ret || status) { dev_err(ctrldev, "Failed to deinstantiate RNG4 SH%d\n", sh_idx); break; } dev_info(ctrldev, "Deinstantiated RNG4 SH%d\n", sh_idx); } } kfree(desc); return ret; } static int caam_remove(struct platform_device *pdev) { struct device *ctrldev; struct caam_drv_private *ctrlpriv; struct caam_full __iomem *topregs; int ring, ret = 0; ctrldev = &pdev->dev; ctrlpriv = dev_get_drvdata(ctrldev); topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; /* Remove platform devices for JobRs */ for (ring = 0; ring < ctrlpriv->total_jobrs; ring++) { if (ctrlpriv->jrpdev[ring]) of_device_unregister(ctrlpriv->jrpdev[ring]); } /* De-initialize RNG state handles initialized by this driver. */ if (ctrlpriv->rng4_sh_init) deinstantiate_rng(ctrldev, ctrlpriv->rng4_sh_init); /* Shut down debug views */ #ifdef CONFIG_DEBUG_FS debugfs_remove_recursive(ctrlpriv->dfs_root); #endif /* Unmap controller region */ iounmap(&topregs->ctrl); return ret; } /* * kick_trng - sets the various parameters for enabling the initialization * of the RNG4 block in CAAM * @pdev - pointer to the platform device * @ent_delay - Defines the length (in system clocks) of each entropy sample. */ static void kick_trng(struct platform_device *pdev, int ent_delay) { struct device *ctrldev = &pdev->dev; struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev); struct caam_full __iomem *topregs; struct rng4tst __iomem *r4tst; u32 val; topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; r4tst = &topregs->ctrl.r4tst[0]; /* put RNG4 into program mode */ setbits32(&r4tst->rtmctl, RTMCTL_PRGM); /* * Performance-wise, it does not make sense to * set the delay to a value that is lower * than the last one that worked (i.e. the state handles * were instantiated properly. Thus, instead of wasting * time trying to set the values controlling the sample * frequency, the function simply returns. */ val = (rd_reg32(&r4tst->rtsdctl) & RTSDCTL_ENT_DLY_MASK) >> RTSDCTL_ENT_DLY_SHIFT; if (ent_delay <= val) { /* put RNG4 into run mode */ clrbits32(&r4tst->rtmctl, RTMCTL_PRGM); return; } val = rd_reg32(&r4tst->rtsdctl); val = (val & ~RTSDCTL_ENT_DLY_MASK) | (ent_delay << RTSDCTL_ENT_DLY_SHIFT); wr_reg32(&r4tst->rtsdctl, val); /* min. freq. count, equal to 1/4 of the entropy sample length */ wr_reg32(&r4tst->rtfrqmin, ent_delay >> 2); /* max. freq. count, equal to 8 times the entropy sample length */ wr_reg32(&r4tst->rtfrqmax, ent_delay << 3); /* put RNG4 into run mode */ clrbits32(&r4tst->rtmctl, RTMCTL_PRGM); } /** * caam_get_era() - Return the ERA of the SEC on SoC, based * on "sec-era" propery in the DTS. This property is updated by u-boot. **/ int caam_get_era(void) { struct device_node *caam_node; for_each_compatible_node(caam_node, NULL, "fsl,sec-v4.0") { const uint32_t *prop = (uint32_t *)of_get_property(caam_node, "fsl,sec-era", NULL); return prop ? *prop : -ENOTSUPP; } return -ENOTSUPP; } EXPORT_SYMBOL(caam_get_era); /* Probe routine for CAAM top (controller) level */ static int caam_probe(struct platform_device *pdev) { int ret, ring, rspec, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN; u64 caam_id; struct device *dev; struct device_node *nprop, *np; struct caam_ctrl __iomem *ctrl; struct caam_full __iomem *topregs; struct caam_drv_private *ctrlpriv; #ifdef CONFIG_DEBUG_FS struct caam_perfmon *perfmon; #endif u64 cha_vid; ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(struct caam_drv_private), GFP_KERNEL); if (!ctrlpriv) return -ENOMEM; dev = &pdev->dev; dev_set_drvdata(dev, ctrlpriv); ctrlpriv->pdev = pdev; nprop = pdev->dev.of_node; /* Get configuration properties from device tree */ /* First, get register page */ ctrl = of_iomap(nprop, 0); if (ctrl == NULL) { dev_err(dev, "caam: of_iomap() failed\n"); return -ENOMEM; } ctrlpriv->ctrl = (struct caam_ctrl __force *)ctrl; /* topregs used to derive pointers to CAAM sub-blocks only */ topregs = (struct caam_full __iomem *)ctrl; /* Get the IRQ of the controller (for security violations only) */ ctrlpriv->secvio_irq = irq_of_parse_and_map(nprop, 0); /* * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel, * long pointers in master configuration register */ setbits32(&topregs->ctrl.mcr, MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0)); if (sizeof(dma_addr_t) == sizeof(u64)) if (of_device_is_compatible(nprop, "fsl,sec-v5.0")) dma_set_mask(dev, DMA_BIT_MASK(40)); else dma_set_mask(dev, DMA_BIT_MASK(36)); else dma_set_mask(dev, DMA_BIT_MASK(32)); /* * Detect and enable JobRs * First, find out how many ring spec'ed, allocate references * for all, then go probe each one. */ rspec = 0; for_each_available_child_of_node(nprop, np) if (of_device_is_compatible(np, "fsl,sec-v4.0-job-ring") || of_device_is_compatible(np, "fsl,sec4.0-job-ring")) rspec++; ctrlpriv->jrpdev = devm_kzalloc(&pdev->dev, sizeof(struct platform_device *) * rspec, GFP_KERNEL); if (ctrlpriv->jrpdev == NULL) { iounmap(&topregs->ctrl); return -ENOMEM; } ring = 0; ctrlpriv->total_jobrs = 0; for_each_available_child_of_node(nprop, np) if (of_device_is_compatible(np, "fsl,sec-v4.0-job-ring") || of_device_is_compatible(np, "fsl,sec4.0-job-ring")) { ctrlpriv->jrpdev[ring] = of_platform_device_create(np, NULL, dev); if (!ctrlpriv->jrpdev[ring]) { pr_warn("JR%d Platform device creation error\n", ring); continue; } ctrlpriv->total_jobrs++; ring++; } /* Check to see if QI present. If so, enable */ ctrlpriv->qi_present = !!(rd_reg64(&topregs->ctrl.perfmon.comp_parms) & CTPR_QI_MASK); if (ctrlpriv->qi_present) { ctrlpriv->qi = (struct caam_queue_if __force *)&topregs->qi; /* This is all that's required to physically enable QI */ wr_reg32(&topregs->qi.qi_control_lo, QICTL_DQEN); } /* If no QI and no rings specified, quit and go home */ if ((!ctrlpriv->qi_present) && (!ctrlpriv->total_jobrs)) { dev_err(dev, "no queues configured, terminating\n"); caam_remove(pdev); return -ENOMEM; } cha_vid = rd_reg64(&topregs->ctrl.perfmon.cha_id); /* * If SEC has RNG version >= 4 and RNG state handle has not been * already instantiated, do RNG instantiation */ if ((cha_vid & CHA_ID_RNG_MASK) >> CHA_ID_RNG_SHIFT >= 4) { ctrlpriv->rng4_sh_init = rd_reg32(&topregs->ctrl.r4tst[0].rdsta); /* * If the secure keys (TDKEK, JDKEK, TDSK), were already * generated, signal this to the function that is instantiating * the state handles. An error would occur if RNG4 attempts * to regenerate these keys before the next POR. */ gen_sk = ctrlpriv->rng4_sh_init & RDSTA_SKVN ? 0 : 1; ctrlpriv->rng4_sh_init &= RDSTA_IFMASK; do { int inst_handles = rd_reg32(&topregs->ctrl.r4tst[0].rdsta) & RDSTA_IFMASK; /* * If either SH were instantiated by somebody else * (e.g. u-boot) then it is assumed that the entropy * parameters are properly set and thus the function * setting these (kick_trng(...)) is skipped. * Also, if a handle was instantiated, do not change * the TRNG parameters. */ if (!(ctrlpriv->rng4_sh_init || inst_handles)) { kick_trng(pdev, ent_delay); ent_delay += 400; } /* * if instantiate_rng(...) fails, the loop will rerun * and the kick_trng(...) function will modfiy the * upper and lower limits of the entropy sampling * interval, leading to a sucessful initialization of * the RNG. */ ret = instantiate_rng(dev, inst_handles, gen_sk); } while ((ret == -EAGAIN) && (ent_delay < RTSDCTL_ENT_DLY_MAX)); if (ret) { dev_err(dev, "failed to instantiate RNG"); caam_remove(pdev); return ret; } /* * Set handles init'ed by this module as the complement of the * already initialized ones */ ctrlpriv->rng4_sh_init = ~ctrlpriv->rng4_sh_init & RDSTA_IFMASK; /* Enable RDB bit so that RNG works faster */ setbits32(&topregs->ctrl.scfgr, SCFGR_RDBENABLE); } /* NOTE: RTIC detection ought to go here, around Si time */ caam_id = rd_reg64(&topregs->ctrl.perfmon.caam_id); /* Report "alive" for developer to see */ dev_info(dev, "device ID = 0x%016llx (Era %d)\n", caam_id, caam_get_era()); dev_info(dev, "job rings = %d, qi = %d\n", ctrlpriv->total_jobrs, ctrlpriv->qi_present); #ifdef CONFIG_DEBUG_FS /* * FIXME: needs better naming distinction, as some amalgamation of * "caam" and nprop->full_name. The OF name isn't distinctive, * but does separate instances */ perfmon = (struct caam_perfmon __force *)&ctrl->perfmon; ctrlpriv->dfs_root = debugfs_create_dir("caam", NULL); ctrlpriv->ctl = debugfs_create_dir("ctl", ctrlpriv->dfs_root); /* Controller-level - performance monitor counters */ ctrlpriv->ctl_rq_dequeued = debugfs_create_u64("rq_dequeued", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->req_dequeued); ctrlpriv->ctl_ob_enc_req = debugfs_create_u64("ob_rq_encrypted", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_enc_req); ctrlpriv->ctl_ib_dec_req = debugfs_create_u64("ib_rq_decrypted", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_dec_req); ctrlpriv->ctl_ob_enc_bytes = debugfs_create_u64("ob_bytes_encrypted", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_enc_bytes); ctrlpriv->ctl_ob_prot_bytes = debugfs_create_u64("ob_bytes_protected", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_prot_bytes); ctrlpriv->ctl_ib_dec_bytes = debugfs_create_u64("ib_bytes_decrypted", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_dec_bytes); ctrlpriv->ctl_ib_valid_bytes = debugfs_create_u64("ib_bytes_validated", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_valid_bytes); /* Controller level - global status values */ ctrlpriv->ctl_faultaddr = debugfs_create_u64("fault_addr", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->faultaddr); ctrlpriv->ctl_faultdetail = debugfs_create_u32("fault_detail", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->faultdetail); ctrlpriv->ctl_faultstatus = debugfs_create_u32("fault_status", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->status); /* Internal covering keys (useful in non-secure mode only) */ ctrlpriv->ctl_kek_wrap.data = &ctrlpriv->ctrl->kek[0]; ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_kek = debugfs_create_blob("kek", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_kek_wrap); ctrlpriv->ctl_tkek_wrap.data = &ctrlpriv->ctrl->tkek[0]; ctrlpriv->ctl_tkek_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_tkek = debugfs_create_blob("tkek", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_tkek_wrap); ctrlpriv->ctl_tdsk_wrap.data = &ctrlpriv->ctrl->tdsk[0]; ctrlpriv->ctl_tdsk_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_tdsk = debugfs_create_blob("tdsk", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_tdsk_wrap); #endif return 0; } static struct of_device_id caam_match[] = { { .compatible = "fsl,sec-v4.0", }, { .compatible = "fsl,sec4.0", }, {}, }; MODULE_DEVICE_TABLE(of, caam_match); static struct platform_driver caam_driver = { .driver = { .name = "caam", .owner = THIS_MODULE, .of_match_table = caam_match, }, .probe = caam_probe, .remove = caam_remove, }; module_platform_driver(caam_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("FSL CAAM request backend"); MODULE_AUTHOR("Freescale Semiconductor - NMG/STC");