2 * CAAM control-plane driver backend
3 * Controller-level driver, kernel property detection, initialization
5 * Copyright 2008-2012 Freescale Semiconductor, Inc.
8 #include <linux/of_address.h>
9 #include <linux/of_irq.h>
15 #include "desc_constr.h"
19 * Descriptor to instantiate RNG State Handle 0 in normal mode and
20 * load the JDKEK, TDKEK and TDSK registers
22 static void build_instantiation_desc(u32 *desc, int handle, int do_sk)
24 u32 *jump_cmd, op_flags;
26 init_job_desc(desc, 0);
28 op_flags = OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG |
29 (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT;
31 /* INIT RNG in non-test mode */
32 append_operation(desc, op_flags);
34 if (!handle && do_sk) {
36 * For SH0, Secure Keys must be generated as well
40 jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1);
41 set_jump_tgt_here(desc, jump_cmd);
44 * load 1 to clear written reg:
45 * resets the done interrrupt and returns the RNG to idle.
47 append_load_imm_u32(desc, 1, LDST_SRCDST_WORD_CLRW);
49 /* Initialize State Handle */
50 append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG |
54 append_jump(desc, JUMP_CLASS_CLASS1 | JUMP_TYPE_HALT);
57 /* Descriptor for deinstantiation of State Handle 0 of the RNG block. */
58 static void build_deinstantiation_desc(u32 *desc, int handle)
60 init_job_desc(desc, 0);
62 /* Uninstantiate State Handle 0 */
63 append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG |
64 (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INITFINAL);
66 append_jump(desc, JUMP_CLASS_CLASS1 | JUMP_TYPE_HALT);
70 * run_descriptor_deco0 - runs a descriptor on DECO0, under direct control of
71 * the software (no JR/QI used).
72 * @ctrldev - pointer to device
73 * @status - descriptor status, after being run
75 * Return: - 0 if no error occurred
76 * - -ENODEV if the DECO couldn't be acquired
77 * - -EAGAIN if an error occurred while executing the descriptor
79 static inline int run_descriptor_deco0(struct device *ctrldev, u32 *desc,
82 struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev);
83 struct caam_full __iomem *topregs;
84 unsigned int timeout = 100000;
85 u32 deco_dbg_reg, flags;
88 /* Set the bit to request direct access to DECO0 */
89 topregs = (struct caam_full __iomem *)ctrlpriv->ctrl;
90 setbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE);
92 while (!(rd_reg32(&topregs->ctrl.deco_rq) & DECORR_DEN0) &&
97 dev_err(ctrldev, "failed to acquire DECO 0\n");
98 clrbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE);
102 for (i = 0; i < desc_len(desc); i++)
103 wr_reg32(&topregs->deco.descbuf[i], *(desc + i));
105 flags = DECO_JQCR_WHL;
107 * If the descriptor length is longer than 4 words, then the
108 * FOUR bit in JRCTRL register must be set.
110 if (desc_len(desc) >= 4)
111 flags |= DECO_JQCR_FOUR;
113 /* Instruct the DECO to execute it */
114 wr_reg32(&topregs->deco.jr_ctl_hi, flags);
118 deco_dbg_reg = rd_reg32(&topregs->deco.desc_dbg);
120 * If an error occured in the descriptor, then
121 * the DECO status field will be set to 0x0D
123 if ((deco_dbg_reg & DESC_DBG_DECO_STAT_MASK) ==
124 DESC_DBG_DECO_STAT_HOST_ERR)
127 } while ((deco_dbg_reg & DESC_DBG_DECO_STAT_VALID) && --timeout);
129 *status = rd_reg32(&topregs->deco.op_status_hi) &
130 DECO_OP_STATUS_HI_ERR_MASK;
132 /* Mark the DECO as free */
133 clrbits32(&topregs->ctrl.deco_rq, DECORR_RQD0ENABLE);
142 * instantiate_rng - builds and executes a descriptor on DECO0,
143 * which initializes the RNG block.
144 * @ctrldev - pointer to device
145 * @state_handle_mask - bitmask containing the instantiation status
146 * for the RNG4 state handles which exist in
147 * the RNG4 block: 1 if it's been instantiated
148 * by an external entry, 0 otherwise.
149 * @gen_sk - generate data to be loaded into the JDKEK, TDKEK and TDSK;
150 * Caution: this can be done only once; if the keys need to be
151 * regenerated, a POR is required
153 * Return: - 0 if no error occurred
154 * - -ENOMEM if there isn't enough memory to allocate the descriptor
155 * - -ENODEV if DECO0 couldn't be acquired
156 * - -EAGAIN if an error occurred when executing the descriptor
157 * f.i. there was a RNG hardware error due to not "good enough"
158 * entropy being aquired.
160 static int instantiate_rng(struct device *ctrldev, int state_handle_mask,
163 struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev);
164 struct caam_full __iomem *topregs;
165 struct rng4tst __iomem *r4tst;
166 u32 *desc, status, rdsta_val;
169 topregs = (struct caam_full __iomem *)ctrlpriv->ctrl;
170 r4tst = &topregs->ctrl.r4tst[0];
172 desc = kmalloc(CAAM_CMD_SZ * 7, GFP_KERNEL);
176 for (sh_idx = 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) {
178 * If the corresponding bit is set, this state handle
179 * was initialized by somebody else, so it's left alone.
181 if ((1 << sh_idx) & state_handle_mask)
184 /* Create the descriptor for instantiating RNG State Handle */
185 build_instantiation_desc(desc, sh_idx, gen_sk);
187 /* Try to run it through DECO0 */
188 ret = run_descriptor_deco0(ctrldev, desc, &status);
191 * If ret is not 0, or descriptor status is not 0, then
192 * something went wrong. No need to try the next state
193 * handle (if available), bail out here.
194 * Also, if for some reason, the State Handle didn't get
195 * instantiated although the descriptor has finished
196 * without any error (HW optimizations for later
197 * CAAM eras), then try again.
200 rd_reg32(&topregs->ctrl.r4tst[0].rdsta) & RDSTA_IFMASK;
201 if (status || !(rdsta_val & (1 << sh_idx)))
206 dev_info(ctrldev, "Instantiated RNG4 SH%d\n", sh_idx);
207 /* Clear the contents before recreating the descriptor */
208 memset(desc, 0x00, CAAM_CMD_SZ * 7);
217 * deinstantiate_rng - builds and executes a descriptor on DECO0,
218 * which deinitializes the RNG block.
219 * @ctrldev - pointer to device
220 * @state_handle_mask - bitmask containing the instantiation status
221 * for the RNG4 state handles which exist in
222 * the RNG4 block: 1 if it's been instantiated
224 * Return: - 0 if no error occurred
225 * - -ENOMEM if there isn't enough memory to allocate the descriptor
226 * - -ENODEV if DECO0 couldn't be acquired
227 * - -EAGAIN if an error occurred when executing the descriptor
229 static int deinstantiate_rng(struct device *ctrldev, int state_handle_mask)
234 desc = kmalloc(CAAM_CMD_SZ * 3, GFP_KERNEL);
238 for (sh_idx = 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) {
240 * If the corresponding bit is set, then it means the state
241 * handle was initialized by us, and thus it needs to be
242 * deintialized as well
244 if ((1 << sh_idx) & state_handle_mask) {
246 * Create the descriptor for deinstantating this state
249 build_deinstantiation_desc(desc, sh_idx);
251 /* Try to run it through DECO0 */
252 ret = run_descriptor_deco0(ctrldev, desc, &status);
256 "Failed to deinstantiate RNG4 SH%d\n",
260 dev_info(ctrldev, "Deinstantiated RNG4 SH%d\n", sh_idx);
269 static int caam_remove(struct platform_device *pdev)
271 struct device *ctrldev;
272 struct caam_drv_private *ctrlpriv;
273 struct caam_full __iomem *topregs;
276 ctrldev = &pdev->dev;
277 ctrlpriv = dev_get_drvdata(ctrldev);
278 topregs = (struct caam_full __iomem *)ctrlpriv->ctrl;
280 /* Remove platform devices for JobRs */
281 for (ring = 0; ring < ctrlpriv->total_jobrs; ring++) {
282 if (ctrlpriv->jrpdev[ring])
283 of_device_unregister(ctrlpriv->jrpdev[ring]);
286 /* De-initialize RNG state handles initialized by this driver. */
287 if (ctrlpriv->rng4_sh_init)
288 deinstantiate_rng(ctrldev, ctrlpriv->rng4_sh_init);
290 /* Shut down debug views */
291 #ifdef CONFIG_DEBUG_FS
292 debugfs_remove_recursive(ctrlpriv->dfs_root);
295 /* Unmap controller region */
296 iounmap(&topregs->ctrl);
298 kfree(ctrlpriv->jrpdev);
305 * kick_trng - sets the various parameters for enabling the initialization
306 * of the RNG4 block in CAAM
307 * @pdev - pointer to the platform device
308 * @ent_delay - Defines the length (in system clocks) of each entropy sample.
310 static void kick_trng(struct platform_device *pdev, int ent_delay)
312 struct device *ctrldev = &pdev->dev;
313 struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev);
314 struct caam_full __iomem *topregs;
315 struct rng4tst __iomem *r4tst;
318 topregs = (struct caam_full __iomem *)ctrlpriv->ctrl;
319 r4tst = &topregs->ctrl.r4tst[0];
321 /* put RNG4 into program mode */
322 setbits32(&r4tst->rtmctl, RTMCTL_PRGM);
325 * Performance-wise, it does not make sense to
326 * set the delay to a value that is lower
327 * than the last one that worked (i.e. the state handles
328 * were instantiated properly. Thus, instead of wasting
329 * time trying to set the values controlling the sample
330 * frequency, the function simply returns.
332 val = (rd_reg32(&r4tst->rtsdctl) & RTSDCTL_ENT_DLY_MASK)
333 >> RTSDCTL_ENT_DLY_SHIFT;
334 if (ent_delay <= val) {
335 /* put RNG4 into run mode */
336 clrbits32(&r4tst->rtmctl, RTMCTL_PRGM);
340 val = rd_reg32(&r4tst->rtsdctl);
341 val = (val & ~RTSDCTL_ENT_DLY_MASK) |
342 (ent_delay << RTSDCTL_ENT_DLY_SHIFT);
343 wr_reg32(&r4tst->rtsdctl, val);
344 /* min. freq. count, equal to 1/4 of the entropy sample length */
345 wr_reg32(&r4tst->rtfrqmin, ent_delay >> 2);
346 /* max. freq. count, equal to 8 times the entropy sample length */
347 wr_reg32(&r4tst->rtfrqmax, ent_delay << 3);
348 /* put RNG4 into run mode */
349 clrbits32(&r4tst->rtmctl, RTMCTL_PRGM);
353 * caam_get_era() - Return the ERA of the SEC on SoC, based
354 * on "sec-era" propery in the DTS. This property is updated by u-boot.
356 int caam_get_era(void)
358 struct device_node *caam_node;
359 for_each_compatible_node(caam_node, NULL, "fsl,sec-v4.0") {
360 const uint32_t *prop = (uint32_t *)of_get_property(caam_node,
363 return prop ? *prop : -ENOTSUPP;
368 EXPORT_SYMBOL(caam_get_era);
370 /* Probe routine for CAAM top (controller) level */
371 static int caam_probe(struct platform_device *pdev)
373 int ret, ring, rspec, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN;
376 struct device_node *nprop, *np;
377 struct caam_ctrl __iomem *ctrl;
378 struct caam_full __iomem *topregs;
379 struct caam_drv_private *ctrlpriv;
380 #ifdef CONFIG_DEBUG_FS
381 struct caam_perfmon *perfmon;
385 ctrlpriv = kzalloc(sizeof(struct caam_drv_private), GFP_KERNEL);
390 dev_set_drvdata(dev, ctrlpriv);
391 ctrlpriv->pdev = pdev;
392 nprop = pdev->dev.of_node;
394 /* Get configuration properties from device tree */
395 /* First, get register page */
396 ctrl = of_iomap(nprop, 0);
398 dev_err(dev, "caam: of_iomap() failed\n");
401 ctrlpriv->ctrl = (struct caam_ctrl __force *)ctrl;
403 /* topregs used to derive pointers to CAAM sub-blocks only */
404 topregs = (struct caam_full __iomem *)ctrl;
406 /* Get the IRQ of the controller (for security violations only) */
407 ctrlpriv->secvio_irq = irq_of_parse_and_map(nprop, 0);
410 * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
411 * long pointers in master configuration register
413 setbits32(&topregs->ctrl.mcr, MCFGR_WDENABLE |
414 (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0));
416 if (sizeof(dma_addr_t) == sizeof(u64))
417 if (of_device_is_compatible(nprop, "fsl,sec-v5.0"))
418 dma_set_mask(dev, DMA_BIT_MASK(40));
420 dma_set_mask(dev, DMA_BIT_MASK(36));
422 dma_set_mask(dev, DMA_BIT_MASK(32));
425 * Detect and enable JobRs
426 * First, find out how many ring spec'ed, allocate references
427 * for all, then go probe each one.
430 for_each_available_child_of_node(nprop, np)
431 if (of_device_is_compatible(np, "fsl,sec-v4.0-job-ring") ||
432 of_device_is_compatible(np, "fsl,sec4.0-job-ring"))
435 ctrlpriv->jrpdev = kzalloc(sizeof(struct platform_device *) * rspec,
437 if (ctrlpriv->jrpdev == NULL) {
438 iounmap(&topregs->ctrl);
443 ctrlpriv->total_jobrs = 0;
444 for_each_available_child_of_node(nprop, np)
445 if (of_device_is_compatible(np, "fsl,sec-v4.0-job-ring") ||
446 of_device_is_compatible(np, "fsl,sec4.0-job-ring")) {
447 ctrlpriv->jrpdev[ring] =
448 of_platform_device_create(np, NULL, dev);
449 if (!ctrlpriv->jrpdev[ring]) {
450 pr_warn("JR%d Platform device creation error\n",
454 ctrlpriv->total_jobrs++;
458 /* Check to see if QI present. If so, enable */
459 ctrlpriv->qi_present = !!(rd_reg64(&topregs->ctrl.perfmon.comp_parms) &
461 if (ctrlpriv->qi_present) {
462 ctrlpriv->qi = (struct caam_queue_if __force *)&topregs->qi;
463 /* This is all that's required to physically enable QI */
464 wr_reg32(&topregs->qi.qi_control_lo, QICTL_DQEN);
467 /* If no QI and no rings specified, quit and go home */
468 if ((!ctrlpriv->qi_present) && (!ctrlpriv->total_jobrs)) {
469 dev_err(dev, "no queues configured, terminating\n");
474 cha_vid = rd_reg64(&topregs->ctrl.perfmon.cha_id);
477 * If SEC has RNG version >= 4 and RNG state handle has not been
478 * already instantiated, do RNG instantiation
480 if ((cha_vid & CHA_ID_RNG_MASK) >> CHA_ID_RNG_SHIFT >= 4) {
481 ctrlpriv->rng4_sh_init =
482 rd_reg32(&topregs->ctrl.r4tst[0].rdsta);
484 * If the secure keys (TDKEK, JDKEK, TDSK), were already
485 * generated, signal this to the function that is instantiating
486 * the state handles. An error would occur if RNG4 attempts
487 * to regenerate these keys before the next POR.
489 gen_sk = ctrlpriv->rng4_sh_init & RDSTA_SKVN ? 0 : 1;
490 ctrlpriv->rng4_sh_init &= RDSTA_IFMASK;
493 rd_reg32(&topregs->ctrl.r4tst[0].rdsta) &
496 * If either SH were instantiated by somebody else
497 * (e.g. u-boot) then it is assumed that the entropy
498 * parameters are properly set and thus the function
499 * setting these (kick_trng(...)) is skipped.
500 * Also, if a handle was instantiated, do not change
501 * the TRNG parameters.
503 if (!(ctrlpriv->rng4_sh_init || inst_handles)) {
504 kick_trng(pdev, ent_delay);
508 * if instantiate_rng(...) fails, the loop will rerun
509 * and the kick_trng(...) function will modfiy the
510 * upper and lower limits of the entropy sampling
511 * interval, leading to a sucessful initialization of
514 ret = instantiate_rng(dev, inst_handles,
516 } while ((ret == -EAGAIN) && (ent_delay < RTSDCTL_ENT_DLY_MAX));
518 dev_err(dev, "failed to instantiate RNG");
523 * Set handles init'ed by this module as the complement of the
524 * already initialized ones
526 ctrlpriv->rng4_sh_init = ~ctrlpriv->rng4_sh_init & RDSTA_IFMASK;
528 /* Enable RDB bit so that RNG works faster */
529 setbits32(&topregs->ctrl.scfgr, SCFGR_RDBENABLE);
532 /* NOTE: RTIC detection ought to go here, around Si time */
534 caam_id = rd_reg64(&topregs->ctrl.perfmon.caam_id);
536 /* Report "alive" for developer to see */
537 dev_info(dev, "device ID = 0x%016llx (Era %d)\n", caam_id,
539 dev_info(dev, "job rings = %d, qi = %d\n",
540 ctrlpriv->total_jobrs, ctrlpriv->qi_present);
542 #ifdef CONFIG_DEBUG_FS
544 * FIXME: needs better naming distinction, as some amalgamation of
545 * "caam" and nprop->full_name. The OF name isn't distinctive,
546 * but does separate instances
548 perfmon = (struct caam_perfmon __force *)&ctrl->perfmon;
550 ctrlpriv->dfs_root = debugfs_create_dir("caam", NULL);
551 ctrlpriv->ctl = debugfs_create_dir("ctl", ctrlpriv->dfs_root);
553 /* Controller-level - performance monitor counters */
554 ctrlpriv->ctl_rq_dequeued =
555 debugfs_create_u64("rq_dequeued",
556 S_IRUSR | S_IRGRP | S_IROTH,
557 ctrlpriv->ctl, &perfmon->req_dequeued);
558 ctrlpriv->ctl_ob_enc_req =
559 debugfs_create_u64("ob_rq_encrypted",
560 S_IRUSR | S_IRGRP | S_IROTH,
561 ctrlpriv->ctl, &perfmon->ob_enc_req);
562 ctrlpriv->ctl_ib_dec_req =
563 debugfs_create_u64("ib_rq_decrypted",
564 S_IRUSR | S_IRGRP | S_IROTH,
565 ctrlpriv->ctl, &perfmon->ib_dec_req);
566 ctrlpriv->ctl_ob_enc_bytes =
567 debugfs_create_u64("ob_bytes_encrypted",
568 S_IRUSR | S_IRGRP | S_IROTH,
569 ctrlpriv->ctl, &perfmon->ob_enc_bytes);
570 ctrlpriv->ctl_ob_prot_bytes =
571 debugfs_create_u64("ob_bytes_protected",
572 S_IRUSR | S_IRGRP | S_IROTH,
573 ctrlpriv->ctl, &perfmon->ob_prot_bytes);
574 ctrlpriv->ctl_ib_dec_bytes =
575 debugfs_create_u64("ib_bytes_decrypted",
576 S_IRUSR | S_IRGRP | S_IROTH,
577 ctrlpriv->ctl, &perfmon->ib_dec_bytes);
578 ctrlpriv->ctl_ib_valid_bytes =
579 debugfs_create_u64("ib_bytes_validated",
580 S_IRUSR | S_IRGRP | S_IROTH,
581 ctrlpriv->ctl, &perfmon->ib_valid_bytes);
583 /* Controller level - global status values */
584 ctrlpriv->ctl_faultaddr =
585 debugfs_create_u64("fault_addr",
586 S_IRUSR | S_IRGRP | S_IROTH,
587 ctrlpriv->ctl, &perfmon->faultaddr);
588 ctrlpriv->ctl_faultdetail =
589 debugfs_create_u32("fault_detail",
590 S_IRUSR | S_IRGRP | S_IROTH,
591 ctrlpriv->ctl, &perfmon->faultdetail);
592 ctrlpriv->ctl_faultstatus =
593 debugfs_create_u32("fault_status",
594 S_IRUSR | S_IRGRP | S_IROTH,
595 ctrlpriv->ctl, &perfmon->status);
597 /* Internal covering keys (useful in non-secure mode only) */
598 ctrlpriv->ctl_kek_wrap.data = &ctrlpriv->ctrl->kek[0];
599 ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32);
600 ctrlpriv->ctl_kek = debugfs_create_blob("kek",
604 &ctrlpriv->ctl_kek_wrap);
606 ctrlpriv->ctl_tkek_wrap.data = &ctrlpriv->ctrl->tkek[0];
607 ctrlpriv->ctl_tkek_wrap.size = KEK_KEY_SIZE * sizeof(u32);
608 ctrlpriv->ctl_tkek = debugfs_create_blob("tkek",
612 &ctrlpriv->ctl_tkek_wrap);
614 ctrlpriv->ctl_tdsk_wrap.data = &ctrlpriv->ctrl->tdsk[0];
615 ctrlpriv->ctl_tdsk_wrap.size = KEK_KEY_SIZE * sizeof(u32);
616 ctrlpriv->ctl_tdsk = debugfs_create_blob("tdsk",
620 &ctrlpriv->ctl_tdsk_wrap);
625 static struct of_device_id caam_match[] = {
627 .compatible = "fsl,sec-v4.0",
630 .compatible = "fsl,sec4.0",
634 MODULE_DEVICE_TABLE(of, caam_match);
636 static struct platform_driver caam_driver = {
639 .owner = THIS_MODULE,
640 .of_match_table = caam_match,
643 .remove = caam_remove,
646 module_platform_driver(caam_driver);
648 MODULE_LICENSE("GPL");
649 MODULE_DESCRIPTION("FSL CAAM request backend");
650 MODULE_AUTHOR("Freescale Semiconductor - NMG/STC");