1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2020 Intel Corporation
8 #include "ifpga_sec_mgr.h"
11 static const char * const rsu_prog[] = {"IDLE", "PREPARING", "SLEEPING",
12 "READY", "AUTHENTICATING", "COPYING", "CANCELLATION", "PROGRAMMING_KEY",
14 static const char * const rsu_statl[] = {"NORMAL", "TIMEOUT", "AUTH_FAIL",
15 "COPY_FAIL", "FATAL", "PKVL_REJECT", "NON_INCR", "ERASE_FAIL",
17 static const char * const rsu_stath[] = {"NIOS_OK", "USER_OK", "FACTORY_OK",
18 "USER_FAIL", "FACTORY_FAIL", "NIOS_FLASH_ERR", "FPGA_FLASH_ERR"};
20 static const char *rsu_progress_name(uint32_t prog)
22 if (prog > SEC_PROGRESS_PKVL_PROM_DONE)
25 return rsu_prog[prog];
28 static const char *rsu_status_name(uint32_t stat)
30 if (stat >= SEC_STATUS_NIOS_OK) {
31 if (stat > SEC_STATUS_FPGA_FLASH_ERR)
34 return rsu_stath[stat-SEC_STATUS_NIOS_OK];
36 if (stat > SEC_STATUS_WEAROUT)
39 return rsu_statl[stat];
43 static bool secure_start_done(uint32_t doorbell)
45 return (SEC_STATUS_G(doorbell) == SEC_STATUS_ERASE_FAIL ||
46 SEC_STATUS_G(doorbell) == SEC_STATUS_WEAROUT ||
47 (SEC_PROGRESS_G(doorbell) != SEC_PROGRESS_IDLE &&
48 SEC_PROGRESS_G(doorbell) != SEC_PROGRESS_RSU_DONE));
51 static bool secure_prog_ready(uint32_t doorbell)
53 return (SEC_PROGRESS_G(doorbell) != SEC_PROGRESS_READY);
56 static int poll_timeout(struct intel_max10_device *dev, uint32_t offset,
57 bool (*cond)(uint32_t), uint32_t interval_ms, uint32_t timeout_ms)
63 ret = max10_sys_read(dev, offset, &val);
66 "Failed to read max10 register 0x%x [e:%d]\n",
73 "Read 0x%08x from max10 register 0x%x "
74 "[poll success]\n", val, offset);
78 if (timeout_ms > interval_ms)
79 timeout_ms -= interval_ms;
82 if (timeout_ms == 0) {
84 "Read 0x%08x from max10 register 0x%x "
85 "[poll timeout]\n", val, offset);
95 static int n3000_secure_update_start(struct intel_max10_device *dev)
97 uint32_t doorbell = 0;
102 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
105 "Failed to read max10 doorbell register [e:%d]\n",
110 prog = SEC_PROGRESS_G(doorbell);
111 if ((prog != SEC_PROGRESS_IDLE) && (prog != SEC_PROGRESS_RSU_DONE)) {
112 dev_debug(dev, "Current RSU progress is %s\n",
113 rsu_progress_name(prog));
117 ret = max10_sys_update_bits(dev, MAX10_DOORBELL,
118 RSU_REQUEST | HOST_STATUS, RSU_REQUEST);
121 "Failed to updt max10 doorbell register [e:%d]\n",
126 ret = poll_timeout(dev, MAX10_DOORBELL, secure_start_done,
127 IFPGA_SEC_START_INTERVAL_MS, IFPGA_SEC_START_TIMEOUT_MS);
130 "Failed to poll max10 doorbell register [e:%d]\n",
135 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
138 "Failed to read max10 doorbell register [e:%d]\n",
143 status = SEC_STATUS_G(doorbell);
144 if (status == SEC_STATUS_WEAROUT)
147 if (status == SEC_STATUS_ERASE_FAIL)
153 static int n3000_cancel(struct ifpga_sec_mgr *smgr)
155 struct intel_max10_device *dev = NULL;
156 uint32_t doorbell = 0;
160 if (!smgr || !smgr->max10_dev)
162 dev = (struct intel_max10_device *)smgr->max10_dev;
164 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
167 "Failed to read max10 doorbell register [e:%d]\n",
172 prog = SEC_PROGRESS_G(doorbell);
173 if (prog == SEC_PROGRESS_IDLE)
175 if (prog != SEC_PROGRESS_READY)
178 return max10_sys_update_bits(dev, MAX10_DOORBELL, HOST_STATUS,
179 HOST_STATUS_S(HOST_STATUS_ABORT_RSU));
182 static int n3000_prepare(struct ifpga_sec_mgr *smgr)
184 struct intel_max10_device *dev = NULL;
188 if (!smgr || !smgr->max10_dev)
190 dev = (struct intel_max10_device *)smgr->max10_dev;
192 ret = n3000_secure_update_start(dev);
197 if (++retry > IFPGA_RSU_START_RETRY)
200 ret = n3000_secure_update_start(dev);
202 if (retry > IFPGA_RSU_START_RETRY) {
203 dev_err(dev, "Failed to start secure flash update\n");
210 static int n3000_bulk_write(struct intel_max10_device *dev, uint32_t addr,
211 char *buf, uint32_t len)
221 "Length of data block is not 4 bytes aligned [e:%u]\n",
227 for (i = 0; i < n; i++) {
229 v = *(uint32_t *)(buf + p);
230 ret = max10_reg_write(dev, addr + p, v);
233 "Failed to write to staging area 0x%08x [e:%d]\n",
243 static int n3000_write_blk(struct ifpga_sec_mgr *smgr, char *buf,
244 uint32_t offset, uint32_t len)
246 struct intel_max10_device *dev = NULL;
247 uint32_t doorbell = 0;
252 if (!smgr || !smgr->max10_dev)
254 dev = (struct intel_max10_device *)smgr->max10_dev;
256 if (offset + len > dev->staging_area_size) {
258 "Write position would be out of staging area [e:%u]\n",
259 dev->staging_area_size);
263 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
266 "Failed to read max10 doorbell register [e:%d]\n",
271 prog = SEC_PROGRESS_G(doorbell);
272 if (prog == SEC_PROGRESS_PREPARE)
274 else if (prog != SEC_PROGRESS_READY)
279 len += 4 - m; /* make length to 4 bytes align */
281 return n3000_bulk_write(dev, dev->staging_area_base + offset, buf, len);
284 static int n3000_write_done(struct ifpga_sec_mgr *smgr)
286 struct intel_max10_device *dev = NULL;
287 uint32_t doorbell = 0;
292 if (!smgr || !smgr->max10_dev)
294 dev = (struct intel_max10_device *)smgr->max10_dev;
296 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
299 "Failed to read max10 doorbell register [e:%d]\n",
304 prog = SEC_PROGRESS_G(doorbell);
305 if (prog != SEC_PROGRESS_READY)
308 ret = max10_sys_update_bits(dev, MAX10_DOORBELL, HOST_STATUS,
309 HOST_STATUS_S(HOST_STATUS_WRITE_DONE));
312 "Failed to update max10 doorbell register [e:%d]\n",
317 ret = poll_timeout(dev, MAX10_DOORBELL, secure_prog_ready,
318 IFPGA_NIOS_HANDSHAKE_INTERVAL_MS,
319 IFPGA_NIOS_HANDSHAKE_TIMEOUT_MS);
322 "Failed to poll max10 doorbell register [e:%d]\n",
327 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
330 "Failed to read max10 doorbell register [e:%d]\n",
335 status = SEC_STATUS_G(doorbell);
337 case SEC_STATUS_NORMAL:
338 case SEC_STATUS_NIOS_OK:
339 case SEC_STATUS_USER_OK:
340 case SEC_STATUS_FACTORY_OK:
351 static int n3000_check_complete(struct ifpga_sec_mgr *smgr)
353 struct intel_max10_device *dev = NULL;
354 uint32_t doorbell = 0;
359 if (!smgr || !smgr->max10_dev)
361 dev = (struct intel_max10_device *)smgr->max10_dev;
363 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
366 "Failed to read max10 doorbell register [e:%d]\n",
371 status = SEC_STATUS_G(doorbell);
373 case SEC_STATUS_NORMAL:
374 case SEC_STATUS_NIOS_OK:
375 case SEC_STATUS_USER_OK:
376 case SEC_STATUS_FACTORY_OK:
377 case SEC_STATUS_WEAROUT:
383 prog = SEC_PROGRESS_G(doorbell);
385 case SEC_PROGRESS_IDLE:
386 case SEC_PROGRESS_RSU_DONE:
388 case SEC_PROGRESS_AUTHENTICATING:
389 case SEC_PROGRESS_COPYING:
390 case SEC_PROGRESS_UPDATE_CANCEL:
391 case SEC_PROGRESS_PROGRAM_KEY_HASH:
393 case SEC_PROGRESS_PREPARE:
394 case SEC_PROGRESS_READY:
403 static int n3000_reload_fpga(struct intel_max10_device *dev, int page)
407 dev_info(dev, "Reload FPGA\n");
409 if (!dev || ((page != 0) && (page != 1))) {
410 dev_err(dev, "Input parameter of %s is invalid\n", __func__);
415 if (dev->flags & MAX10_FLAGS_SECURE) {
416 ret = max10_sys_update_bits(dev, FPGA_RECONF_REG,
420 "Failed to update max10 reconfig register [e:%d]\n",
424 ret = max10_sys_update_bits(dev, FPGA_RECONF_REG,
425 SFPGA_RP_LOAD | SFPGA_RECONF_PAGE,
426 SFPGA_RP_LOAD | SFPGA_PAGE(page));
429 "Failed to update max10 reconfig register [e:%d]\n",
434 ret = max10_sys_update_bits(dev, RSU_REG, FPGA_RP_LOAD, 0);
437 "Failed to update max10 rsu register [e:%d]\n",
441 ret = max10_sys_update_bits(dev, RSU_REG,
442 FPGA_RP_LOAD | FPGA_RECONF_PAGE,
443 FPGA_RP_LOAD | FPGA_PAGE(page));
446 "Failed to update max10 rsu register [e:%d]\n",
452 ret = max10_sys_update_bits(dev, FPGA_RECONF_REG, COUNTDOWN_START, 0);
455 "Failed to update max10 reconfig register [e:%d]\n",
460 ret = max10_sys_update_bits(dev, FPGA_RECONF_REG, COUNTDOWN_START,
464 "Failed to update max10 reconfig register [e:%d]\n",
469 dev_err(dev, "Failed to reload FPGA\n");
474 static int n3000_reload_bmc(struct intel_max10_device *dev, int page)
479 dev_info(dev, "Reload BMC\n");
481 if (!dev || ((page != 0) && (page != 1))) {
482 dev_err(dev, "Input parameter of %s is invalid\n", __func__);
487 if (dev->flags & MAX10_FLAGS_SECURE) {
488 ret = max10_sys_update_bits(dev, MAX10_DOORBELL,
489 CONFIG_SEL | REBOOT_REQ,
490 CONFIG_SEL_S(page) | REBOOT_REQ);
492 val = (page == 0) ? 0x1 : 0x3;
493 ret = max10_reg_write(dev, IFPGA_DUAL_CFG_CTRL1, val);
496 "Failed to write to dual config1 register [e:%d]\n",
501 ret = max10_reg_write(dev, IFPGA_DUAL_CFG_CTRL0, 0x1);
508 "Failed to write to dual config0 register [e:%d]\n",
515 dev_err(dev, "Failed to reload BMC\n");
520 static int n3000_reload(struct ifpga_sec_mgr *smgr, int type, int page)
525 if (!smgr || !smgr->max10_dev)
528 if (type == IFPGA_BOOT_TYPE_FPGA) {
529 psel = (page == IFPGA_BOOT_PAGE_FACTORY ? 0 : 1);
530 ret = n3000_reload_fpga(smgr->max10_dev, psel);
531 } else if (type == IFPGA_BOOT_TYPE_BMC) {
532 psel = (page == IFPGA_BOOT_PAGE_FACTORY ? 1 : 0);
533 ret = n3000_reload_bmc(smgr->max10_dev, psel);
541 static uint64_t n3000_get_hw_errinfo(struct ifpga_sec_mgr *smgr)
543 struct intel_max10_device *dev = NULL;
544 uint32_t doorbell = 0;
547 uint32_t auth_result = 0;
550 if (!smgr || !smgr->max10_dev)
552 dev = (struct intel_max10_device *)smgr->max10_dev;
554 ret = max10_sys_read(dev, MAX10_DOORBELL, &doorbell);
556 dev_err(dev, "Failed to read max10 doorbell register [e:%d]\n",
560 stat = SEC_STATUS_G(doorbell);
561 prog = SEC_PROGRESS_G(doorbell);
562 dev_debug(dev, "Current RSU status is %s, progress is %s\n",
563 rsu_status_name(stat), rsu_progress_name(prog));
565 ret = max10_sys_read(dev, MAX10_AUTH_RESULT, &auth_result);
568 "Failed to read authenticate result register [e:%d]\n",
573 return (uint64_t)doorbell << 32 | (uint64_t)auth_result;
576 static const struct ifpga_sec_ops n3000_sec_ops = {
577 .prepare = n3000_prepare,
578 .write_blk = n3000_write_blk,
579 .write_done = n3000_write_done,
580 .check_complete = n3000_check_complete,
581 .reload = n3000_reload,
582 .cancel = n3000_cancel,
584 .get_hw_errinfo = n3000_get_hw_errinfo,
587 int init_sec_mgr(struct ifpga_fme_hw *fme)
589 struct ifpga_hw *hw = NULL;
590 opae_share_data *sd = NULL;
591 struct ifpga_sec_mgr *smgr = NULL;
593 if (!fme || !fme->max10_dev)
596 smgr = (struct ifpga_sec_mgr *)malloc(sizeof(*smgr));
598 dev_err(NULL, "Failed to allocate memory for security manager\n");
603 hw = (struct ifpga_hw *)fme->parent;
604 if (hw && hw->adapter && hw->adapter->shm.ptr) {
605 sd = (opae_share_data *)hw->adapter->shm.ptr;
606 smgr->rsu_control = &sd->rsu_ctrl;
607 smgr->rsu_status = &sd->rsu_stat;
609 smgr->rsu_control = NULL;
610 smgr->rsu_status = NULL;
613 if (hw && (hw->pci_data->device_id == IFPGA_N3000_DID) &&
614 (hw->pci_data->vendor_id == IFPGA_N3000_VID)) {
615 smgr->ops = &n3000_sec_ops;
616 smgr->copy_speed = IFPGA_N3000_COPY_SPEED;
618 dev_err(NULL, "No operation for security manager\n");
623 smgr->max10_dev = fme->max10_dev;
628 void release_sec_mgr(struct ifpga_fme_hw *fme)
630 struct ifpga_sec_mgr *smgr = NULL;
633 smgr = (struct ifpga_sec_mgr *)fme->sec_mgr;