1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2012-2019 ARM Limited or its affiliates. */ 3 4 #include <linux/kernel.h> 5 #include <linux/module.h> 6 7 #include <linux/crypto.h> 8 #include <linux/moduleparam.h> 9 #include <linux/types.h> 10 #include <linux/interrupt.h> 11 #include <linux/platform_device.h> 12 #include <linux/slab.h> 13 #include <linux/spinlock.h> 14 #include <linux/of.h> 15 #include <linux/clk.h> 16 #include <linux/of_address.h> 17 18 #include "cc_driver.h" 19 #include "cc_request_mgr.h" 20 #include "cc_buffer_mgr.h" 21 #include "cc_debugfs.h" 22 #include "cc_cipher.h" 23 #include "cc_aead.h" 24 #include "cc_hash.h" 25 #include "cc_ivgen.h" 26 #include "cc_sram_mgr.h" 27 #include "cc_pm.h" 28 #include "cc_fips.h" 29 30 bool cc_dump_desc; 31 module_param_named(dump_desc, cc_dump_desc, bool, 0600); 32 MODULE_PARM_DESC(cc_dump_desc, "Dump descriptors to kernel log as debugging aid"); 33 bool cc_dump_bytes; 34 module_param_named(dump_bytes, cc_dump_bytes, bool, 0600); 35 MODULE_PARM_DESC(cc_dump_bytes, "Dump buffers to kernel log as debugging aid"); 36 37 static bool cc_sec_disable; 38 module_param_named(sec_disable, cc_sec_disable, bool, 0600); 39 MODULE_PARM_DESC(cc_sec_disable, "Disable security functions"); 40 41 struct cc_hw_data { 42 char *name; 43 enum cc_hw_rev rev; 44 u32 sig; 45 u32 cidr_0123; 46 u32 pidr_0124; 47 int std_bodies; 48 }; 49 50 #define CC_NUM_IDRS 4 51 52 /* Note: PIDR3 holds CMOD/Rev so ignored for HW identification purposes */ 53 static const u32 pidr_0124_offsets[CC_NUM_IDRS] = { 54 CC_REG(PERIPHERAL_ID_0), CC_REG(PERIPHERAL_ID_1), 55 CC_REG(PERIPHERAL_ID_2), CC_REG(PERIPHERAL_ID_4) 56 }; 57 58 static const u32 cidr_0123_offsets[CC_NUM_IDRS] = { 59 CC_REG(COMPONENT_ID_0), CC_REG(COMPONENT_ID_1), 60 CC_REG(COMPONENT_ID_2), CC_REG(COMPONENT_ID_3) 61 }; 62 63 /* Hardware revisions defs. */ 64 65 /* The 703 is a OSCCA only variant of the 713 */ 66 static const struct cc_hw_data cc703_hw = { 67 .name = "703", .rev = CC_HW_REV_713, .cidr_0123 = 0xB105F00DU, 68 .pidr_0124 = 0x040BB0D0U, .std_bodies = CC_STD_OSCCA 69 }; 70 71 static const struct cc_hw_data cc713_hw = { 72 .name = "713", .rev = CC_HW_REV_713, .cidr_0123 = 0xB105F00DU, 73 .pidr_0124 = 0x040BB0D0U, .std_bodies = CC_STD_ALL 74 }; 75 76 static const struct cc_hw_data cc712_hw = { 77 .name = "712", .rev = CC_HW_REV_712, .sig = 0xDCC71200U, 78 .std_bodies = CC_STD_ALL 79 }; 80 81 static const struct cc_hw_data cc710_hw = { 82 .name = "710", .rev = CC_HW_REV_710, .sig = 0xDCC63200U, 83 .std_bodies = CC_STD_ALL 84 }; 85 86 static const struct cc_hw_data cc630p_hw = { 87 .name = "630P", .rev = CC_HW_REV_630, .sig = 0xDCC63000U, 88 .std_bodies = CC_STD_ALL 89 }; 90 91 static const struct of_device_id arm_ccree_dev_of_match[] = { 92 { .compatible = "arm,cryptocell-703-ree", .data = &cc703_hw }, 93 { .compatible = "arm,cryptocell-713-ree", .data = &cc713_hw }, 94 { .compatible = "arm,cryptocell-712-ree", .data = &cc712_hw }, 95 { .compatible = "arm,cryptocell-710-ree", .data = &cc710_hw }, 96 { .compatible = "arm,cryptocell-630p-ree", .data = &cc630p_hw }, 97 {} 98 }; 99 MODULE_DEVICE_TABLE(of, arm_ccree_dev_of_match); 100 101 static u32 cc_read_idr(struct cc_drvdata *drvdata, const u32 *idr_offsets) 102 { 103 int i; 104 union { 105 u8 regs[CC_NUM_IDRS]; 106 __le32 val; 107 } idr; 108 109 for (i = 0; i < CC_NUM_IDRS; ++i) 110 idr.regs[i] = cc_ioread(drvdata, idr_offsets[i]); 111 112 return le32_to_cpu(idr.val); 113 } 114 115 void __dump_byte_array(const char *name, const u8 *buf, size_t len) 116 { 117 char prefix[64]; 118 119 if (!buf) 120 return; 121 122 snprintf(prefix, sizeof(prefix), "%s[%zu]: ", name, len); 123 124 print_hex_dump(KERN_DEBUG, prefix, DUMP_PREFIX_ADDRESS, 16, 1, buf, 125 len, false); 126 } 127 128 static irqreturn_t cc_isr(int irq, void *dev_id) 129 { 130 struct cc_drvdata *drvdata = (struct cc_drvdata *)dev_id; 131 struct device *dev = drvdata_to_dev(drvdata); 132 u32 irr; 133 u32 imr; 134 135 /* STAT_OP_TYPE_GENERIC STAT_PHASE_0: Interrupt */ 136 137 /* read the interrupt status */ 138 irr = cc_ioread(drvdata, CC_REG(HOST_IRR)); 139 dev_dbg(dev, "Got IRR=0x%08X\n", irr); 140 141 if (irr == 0) /* Probably shared interrupt line */ 142 return IRQ_NONE; 143 144 imr = cc_ioread(drvdata, CC_REG(HOST_IMR)); 145 146 /* clear interrupt - must be before processing events */ 147 cc_iowrite(drvdata, CC_REG(HOST_ICR), irr); 148 149 drvdata->irq = irr; 150 /* Completion interrupt - most probable */ 151 if (irr & drvdata->comp_mask) { 152 /* Mask all completion interrupts - will be unmasked in 153 * deferred service handler 154 */ 155 cc_iowrite(drvdata, CC_REG(HOST_IMR), imr | drvdata->comp_mask); 156 irr &= ~drvdata->comp_mask; 157 complete_request(drvdata); 158 } 159 #ifdef CONFIG_CRYPTO_FIPS 160 /* TEE FIPS interrupt */ 161 if (irr & CC_GPR0_IRQ_MASK) { 162 /* Mask interrupt - will be unmasked in Deferred service 163 * handler 164 */ 165 cc_iowrite(drvdata, CC_REG(HOST_IMR), imr | CC_GPR0_IRQ_MASK); 166 irr &= ~CC_GPR0_IRQ_MASK; 167 fips_handler(drvdata); 168 } 169 #endif 170 /* AXI error interrupt */ 171 if (irr & CC_AXI_ERR_IRQ_MASK) { 172 u32 axi_err; 173 174 /* Read the AXI error ID */ 175 axi_err = cc_ioread(drvdata, CC_REG(AXIM_MON_ERR)); 176 dev_dbg(dev, "AXI completion error: axim_mon_err=0x%08X\n", 177 axi_err); 178 179 irr &= ~CC_AXI_ERR_IRQ_MASK; 180 } 181 182 if (irr) { 183 dev_dbg_ratelimited(dev, "IRR includes unknown cause bits (0x%08X)\n", 184 irr); 185 /* Just warning */ 186 } 187 188 return IRQ_HANDLED; 189 } 190 191 int init_cc_regs(struct cc_drvdata *drvdata, bool is_probe) 192 { 193 unsigned int val, cache_params; 194 struct device *dev = drvdata_to_dev(drvdata); 195 196 /* Unmask all AXI interrupt sources AXI_CFG1 register */ 197 /* AXI interrupt config are obsoleted startign at cc7x3 */ 198 if (drvdata->hw_rev <= CC_HW_REV_712) { 199 val = cc_ioread(drvdata, CC_REG(AXIM_CFG)); 200 cc_iowrite(drvdata, CC_REG(AXIM_CFG), val & ~CC_AXI_IRQ_MASK); 201 dev_dbg(dev, "AXIM_CFG=0x%08X\n", 202 cc_ioread(drvdata, CC_REG(AXIM_CFG))); 203 } 204 205 /* Clear all pending interrupts */ 206 val = cc_ioread(drvdata, CC_REG(HOST_IRR)); 207 dev_dbg(dev, "IRR=0x%08X\n", val); 208 cc_iowrite(drvdata, CC_REG(HOST_ICR), val); 209 210 /* Unmask relevant interrupt cause */ 211 val = drvdata->comp_mask | CC_AXI_ERR_IRQ_MASK; 212 213 if (drvdata->hw_rev >= CC_HW_REV_712) 214 val |= CC_GPR0_IRQ_MASK; 215 216 cc_iowrite(drvdata, CC_REG(HOST_IMR), ~val); 217 218 cache_params = (drvdata->coherent ? CC_COHERENT_CACHE_PARAMS : 0x0); 219 220 val = cc_ioread(drvdata, CC_REG(AXIM_CACHE_PARAMS)); 221 222 if (is_probe) 223 dev_dbg(dev, "Cache params previous: 0x%08X\n", val); 224 225 cc_iowrite(drvdata, CC_REG(AXIM_CACHE_PARAMS), cache_params); 226 val = cc_ioread(drvdata, CC_REG(AXIM_CACHE_PARAMS)); 227 228 if (is_probe) 229 dev_dbg(dev, "Cache params current: 0x%08X (expect: 0x%08X)\n", 230 val, cache_params); 231 232 return 0; 233 } 234 235 static int init_cc_resources(struct platform_device *plat_dev) 236 { 237 struct resource *req_mem_cc_regs = NULL; 238 struct cc_drvdata *new_drvdata; 239 struct device *dev = &plat_dev->dev; 240 struct device_node *np = dev->of_node; 241 u32 val, hw_rev_pidr, sig_cidr; 242 u64 dma_mask; 243 const struct cc_hw_data *hw_rev; 244 const struct of_device_id *dev_id; 245 struct clk *clk; 246 int rc = 0; 247 248 new_drvdata = devm_kzalloc(dev, sizeof(*new_drvdata), GFP_KERNEL); 249 if (!new_drvdata) 250 return -ENOMEM; 251 252 dev_id = of_match_node(arm_ccree_dev_of_match, np); 253 if (!dev_id) 254 return -ENODEV; 255 256 hw_rev = (struct cc_hw_data *)dev_id->data; 257 new_drvdata->hw_rev_name = hw_rev->name; 258 new_drvdata->hw_rev = hw_rev->rev; 259 new_drvdata->std_bodies = hw_rev->std_bodies; 260 261 if (hw_rev->rev >= CC_HW_REV_712) { 262 new_drvdata->axim_mon_offset = CC_REG(AXIM_MON_COMP); 263 new_drvdata->sig_offset = CC_REG(HOST_SIGNATURE_712); 264 new_drvdata->ver_offset = CC_REG(HOST_VERSION_712); 265 } else { 266 new_drvdata->axim_mon_offset = CC_REG(AXIM_MON_COMP8); 267 new_drvdata->sig_offset = CC_REG(HOST_SIGNATURE_630); 268 new_drvdata->ver_offset = CC_REG(HOST_VERSION_630); 269 } 270 271 new_drvdata->comp_mask = CC_COMP_IRQ_MASK; 272 273 platform_set_drvdata(plat_dev, new_drvdata); 274 new_drvdata->plat_dev = plat_dev; 275 276 clk = devm_clk_get(dev, NULL); 277 if (IS_ERR(clk)) 278 switch (PTR_ERR(clk)) { 279 /* Clock is optional so this might be fine */ 280 case -ENOENT: 281 break; 282 283 /* Clock not available, let's try again soon */ 284 case -EPROBE_DEFER: 285 return -EPROBE_DEFER; 286 287 default: 288 dev_err(dev, "Error getting clock: %ld\n", 289 PTR_ERR(clk)); 290 return PTR_ERR(clk); 291 } 292 new_drvdata->clk = clk; 293 294 new_drvdata->coherent = of_dma_is_coherent(np); 295 296 /* Get device resources */ 297 /* First CC registers space */ 298 req_mem_cc_regs = platform_get_resource(plat_dev, IORESOURCE_MEM, 0); 299 /* Map registers space */ 300 new_drvdata->cc_base = devm_ioremap_resource(dev, req_mem_cc_regs); 301 if (IS_ERR(new_drvdata->cc_base)) { 302 dev_err(dev, "Failed to ioremap registers"); 303 return PTR_ERR(new_drvdata->cc_base); 304 } 305 306 dev_dbg(dev, "Got MEM resource (%s): %pR\n", req_mem_cc_regs->name, 307 req_mem_cc_regs); 308 dev_dbg(dev, "CC registers mapped from %pa to 0x%p\n", 309 &req_mem_cc_regs->start, new_drvdata->cc_base); 310 311 /* Then IRQ */ 312 new_drvdata->irq = platform_get_irq(plat_dev, 0); 313 if (new_drvdata->irq < 0) { 314 dev_err(dev, "Failed getting IRQ resource\n"); 315 return new_drvdata->irq; 316 } 317 318 rc = devm_request_irq(dev, new_drvdata->irq, cc_isr, 319 IRQF_SHARED, "ccree", new_drvdata); 320 if (rc) { 321 dev_err(dev, "Could not register to interrupt %d\n", 322 new_drvdata->irq); 323 return rc; 324 } 325 dev_dbg(dev, "Registered to IRQ: %d\n", new_drvdata->irq); 326 327 init_completion(&new_drvdata->hw_queue_avail); 328 329 if (!plat_dev->dev.dma_mask) 330 plat_dev->dev.dma_mask = &plat_dev->dev.coherent_dma_mask; 331 332 dma_mask = DMA_BIT_MASK(DMA_BIT_MASK_LEN); 333 while (dma_mask > 0x7fffffffUL) { 334 if (dma_supported(&plat_dev->dev, dma_mask)) { 335 rc = dma_set_coherent_mask(&plat_dev->dev, dma_mask); 336 if (!rc) 337 break; 338 } 339 dma_mask >>= 1; 340 } 341 342 if (rc) { 343 dev_err(dev, "Failed in dma_set_mask, mask=%llx\n", dma_mask); 344 return rc; 345 } 346 347 rc = cc_clk_on(new_drvdata); 348 if (rc) { 349 dev_err(dev, "Failed to enable clock"); 350 return rc; 351 } 352 353 new_drvdata->sec_disabled = cc_sec_disable; 354 355 if (hw_rev->rev <= CC_HW_REV_712) { 356 /* Verify correct mapping */ 357 val = cc_ioread(new_drvdata, new_drvdata->sig_offset); 358 if (val != hw_rev->sig) { 359 dev_err(dev, "Invalid CC signature: SIGNATURE=0x%08X != expected=0x%08X\n", 360 val, hw_rev->sig); 361 rc = -EINVAL; 362 goto post_clk_err; 363 } 364 sig_cidr = val; 365 hw_rev_pidr = cc_ioread(new_drvdata, new_drvdata->ver_offset); 366 } else { 367 /* Verify correct mapping */ 368 val = cc_read_idr(new_drvdata, pidr_0124_offsets); 369 if (val != hw_rev->pidr_0124) { 370 dev_err(dev, "Invalid CC PIDR: PIDR0124=0x%08X != expected=0x%08X\n", 371 val, hw_rev->pidr_0124); 372 rc = -EINVAL; 373 goto post_clk_err; 374 } 375 hw_rev_pidr = val; 376 377 val = cc_read_idr(new_drvdata, cidr_0123_offsets); 378 if (val != hw_rev->cidr_0123) { 379 dev_err(dev, "Invalid CC CIDR: CIDR0123=0x%08X != expected=0x%08X\n", 380 val, hw_rev->cidr_0123); 381 rc = -EINVAL; 382 goto post_clk_err; 383 } 384 sig_cidr = val; 385 386 /* Check security disable state */ 387 val = cc_ioread(new_drvdata, CC_REG(SECURITY_DISABLED)); 388 val &= CC_SECURITY_DISABLED_MASK; 389 new_drvdata->sec_disabled |= !!val; 390 391 if (!new_drvdata->sec_disabled) { 392 new_drvdata->comp_mask |= CC_CPP_SM4_ABORT_MASK; 393 if (new_drvdata->std_bodies & CC_STD_NIST) 394 new_drvdata->comp_mask |= CC_CPP_AES_ABORT_MASK; 395 } 396 } 397 398 if (new_drvdata->sec_disabled) 399 dev_info(dev, "Security Disabled mode is in effect. Security functions disabled.\n"); 400 401 /* Display HW versions */ 402 dev_info(dev, "ARM CryptoCell %s Driver: HW version 0x%08X/0x%8X, Driver version %s\n", 403 hw_rev->name, hw_rev_pidr, sig_cidr, DRV_MODULE_VERSION); 404 405 rc = init_cc_regs(new_drvdata, true); 406 if (rc) { 407 dev_err(dev, "init_cc_regs failed\n"); 408 goto post_clk_err; 409 } 410 411 rc = cc_debugfs_init(new_drvdata); 412 if (rc) { 413 dev_err(dev, "Failed registering debugfs interface\n"); 414 goto post_regs_err; 415 } 416 417 rc = cc_fips_init(new_drvdata); 418 if (rc) { 419 dev_err(dev, "CC_FIPS_INIT failed 0x%x\n", rc); 420 goto post_debugfs_err; 421 } 422 rc = cc_sram_mgr_init(new_drvdata); 423 if (rc) { 424 dev_err(dev, "cc_sram_mgr_init failed\n"); 425 goto post_fips_init_err; 426 } 427 428 new_drvdata->mlli_sram_addr = 429 cc_sram_alloc(new_drvdata, MAX_MLLI_BUFF_SIZE); 430 if (new_drvdata->mlli_sram_addr == NULL_SRAM_ADDR) { 431 dev_err(dev, "Failed to alloc MLLI Sram buffer\n"); 432 rc = -ENOMEM; 433 goto post_sram_mgr_err; 434 } 435 436 rc = cc_req_mgr_init(new_drvdata); 437 if (rc) { 438 dev_err(dev, "cc_req_mgr_init failed\n"); 439 goto post_sram_mgr_err; 440 } 441 442 rc = cc_buffer_mgr_init(new_drvdata); 443 if (rc) { 444 dev_err(dev, "buffer_mgr_init failed\n"); 445 goto post_req_mgr_err; 446 } 447 448 rc = cc_pm_init(new_drvdata); 449 if (rc) { 450 dev_err(dev, "ssi_power_mgr_init failed\n"); 451 goto post_buf_mgr_err; 452 } 453 454 rc = cc_ivgen_init(new_drvdata); 455 if (rc) { 456 dev_err(dev, "cc_ivgen_init failed\n"); 457 goto post_buf_mgr_err; 458 } 459 460 /* Allocate crypto algs */ 461 rc = cc_cipher_alloc(new_drvdata); 462 if (rc) { 463 dev_err(dev, "cc_cipher_alloc failed\n"); 464 goto post_ivgen_err; 465 } 466 467 /* hash must be allocated before aead since hash exports APIs */ 468 rc = cc_hash_alloc(new_drvdata); 469 if (rc) { 470 dev_err(dev, "cc_hash_alloc failed\n"); 471 goto post_cipher_err; 472 } 473 474 rc = cc_aead_alloc(new_drvdata); 475 if (rc) { 476 dev_err(dev, "cc_aead_alloc failed\n"); 477 goto post_hash_err; 478 } 479 480 /* All set, we can allow autosuspend */ 481 cc_pm_go(new_drvdata); 482 483 /* If we got here and FIPS mode is enabled 484 * it means all FIPS test passed, so let TEE 485 * know we're good. 486 */ 487 cc_set_ree_fips_status(new_drvdata, true); 488 489 return 0; 490 491 post_hash_err: 492 cc_hash_free(new_drvdata); 493 post_cipher_err: 494 cc_cipher_free(new_drvdata); 495 post_ivgen_err: 496 cc_ivgen_fini(new_drvdata); 497 post_buf_mgr_err: 498 cc_buffer_mgr_fini(new_drvdata); 499 post_req_mgr_err: 500 cc_req_mgr_fini(new_drvdata); 501 post_sram_mgr_err: 502 cc_sram_mgr_fini(new_drvdata); 503 post_fips_init_err: 504 cc_fips_fini(new_drvdata); 505 post_debugfs_err: 506 cc_debugfs_fini(new_drvdata); 507 post_regs_err: 508 fini_cc_regs(new_drvdata); 509 post_clk_err: 510 cc_clk_off(new_drvdata); 511 return rc; 512 } 513 514 void fini_cc_regs(struct cc_drvdata *drvdata) 515 { 516 /* Mask all interrupts */ 517 cc_iowrite(drvdata, CC_REG(HOST_IMR), 0xFFFFFFFF); 518 } 519 520 static void cleanup_cc_resources(struct platform_device *plat_dev) 521 { 522 struct cc_drvdata *drvdata = 523 (struct cc_drvdata *)platform_get_drvdata(plat_dev); 524 525 cc_aead_free(drvdata); 526 cc_hash_free(drvdata); 527 cc_cipher_free(drvdata); 528 cc_ivgen_fini(drvdata); 529 cc_pm_fini(drvdata); 530 cc_buffer_mgr_fini(drvdata); 531 cc_req_mgr_fini(drvdata); 532 cc_sram_mgr_fini(drvdata); 533 cc_fips_fini(drvdata); 534 cc_debugfs_fini(drvdata); 535 fini_cc_regs(drvdata); 536 cc_clk_off(drvdata); 537 } 538 539 int cc_clk_on(struct cc_drvdata *drvdata) 540 { 541 struct clk *clk = drvdata->clk; 542 int rc; 543 544 if (IS_ERR(clk)) 545 /* Not all devices have a clock associated with CCREE */ 546 return 0; 547 548 rc = clk_prepare_enable(clk); 549 if (rc) 550 return rc; 551 552 return 0; 553 } 554 555 unsigned int cc_get_default_hash_len(struct cc_drvdata *drvdata) 556 { 557 if (drvdata->hw_rev >= CC_HW_REV_712) 558 return HASH_LEN_SIZE_712; 559 else 560 return HASH_LEN_SIZE_630; 561 } 562 563 void cc_clk_off(struct cc_drvdata *drvdata) 564 { 565 struct clk *clk = drvdata->clk; 566 567 if (IS_ERR(clk)) 568 /* Not all devices have a clock associated with CCREE */ 569 return; 570 571 clk_disable_unprepare(clk); 572 } 573 574 static int ccree_probe(struct platform_device *plat_dev) 575 { 576 int rc; 577 struct device *dev = &plat_dev->dev; 578 579 /* Map registers space */ 580 rc = init_cc_resources(plat_dev); 581 if (rc) 582 return rc; 583 584 dev_info(dev, "ARM ccree device initialized\n"); 585 586 return 0; 587 } 588 589 static int ccree_remove(struct platform_device *plat_dev) 590 { 591 struct device *dev = &plat_dev->dev; 592 593 dev_dbg(dev, "Releasing ccree resources...\n"); 594 595 cleanup_cc_resources(plat_dev); 596 597 dev_info(dev, "ARM ccree device terminated\n"); 598 599 return 0; 600 } 601 602 static struct platform_driver ccree_driver = { 603 .driver = { 604 .name = "ccree", 605 .of_match_table = arm_ccree_dev_of_match, 606 #ifdef CONFIG_PM 607 .pm = &ccree_pm, 608 #endif 609 }, 610 .probe = ccree_probe, 611 .remove = ccree_remove, 612 }; 613 614 static int __init ccree_init(void) 615 { 616 cc_hash_global_init(); 617 cc_debugfs_global_init(); 618 619 return platform_driver_register(&ccree_driver); 620 } 621 module_init(ccree_init); 622 623 static void __exit ccree_exit(void) 624 { 625 platform_driver_unregister(&ccree_driver); 626 cc_debugfs_global_fini(); 627 } 628 module_exit(ccree_exit); 629 630 /* Module description */ 631 MODULE_DESCRIPTION("ARM TrustZone CryptoCell REE Driver"); 632 MODULE_VERSION(DRV_MODULE_VERSION); 633 MODULE_AUTHOR("ARM"); 634 MODULE_LICENSE("GPL v2"); 635