1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Intel MAX10 Board Management Controller Secure Update Driver |
4 | * |
5 | * Copyright (C) 2019-2022 Intel Corporation. All rights reserved. |
6 | * |
7 | */ |
8 | #include <linux/bitfield.h> |
9 | #include <linux/device.h> |
10 | #include <linux/firmware.h> |
11 | #include <linux/mfd/intel-m10-bmc.h> |
12 | #include <linux/mod_devicetable.h> |
13 | #include <linux/module.h> |
14 | #include <linux/platform_device.h> |
15 | #include <linux/slab.h> |
16 | |
17 | struct m10bmc_sec; |
18 | |
19 | struct m10bmc_sec_ops { |
20 | int (*rsu_status)(struct m10bmc_sec *sec); |
21 | }; |
22 | |
23 | struct m10bmc_sec { |
24 | struct device *dev; |
25 | struct intel_m10bmc *m10bmc; |
26 | struct fw_upload *fwl; |
27 | char *fw_name; |
28 | u32 fw_name_id; |
29 | bool cancel_request; |
30 | const struct m10bmc_sec_ops *ops; |
31 | }; |
32 | |
33 | static DEFINE_XARRAY_ALLOC(fw_upload_xa); |
34 | |
35 | /* Root Entry Hash (REH) support */ |
36 | #define REH_SHA256_SIZE 32 |
37 | #define REH_SHA384_SIZE 48 |
38 | #define REH_MAGIC GENMASK(15, 0) |
39 | #define REH_SHA_NUM_BYTES GENMASK(31, 16) |
40 | |
41 | static int m10bmc_sec_write(struct m10bmc_sec *sec, const u8 *buf, u32 offset, u32 size) |
42 | { |
43 | struct intel_m10bmc *m10bmc = sec->m10bmc; |
44 | unsigned int stride = regmap_get_reg_stride(map: m10bmc->regmap); |
45 | u32 write_count = size / stride; |
46 | u32 leftover_offset = write_count * stride; |
47 | u32 leftover_size = size - leftover_offset; |
48 | u32 leftover_tmp = 0; |
49 | int ret; |
50 | |
51 | if (sec->m10bmc->flash_bulk_ops) |
52 | return sec->m10bmc->flash_bulk_ops->write(m10bmc, buf, offset, size); |
53 | |
54 | if (WARN_ON_ONCE(stride > sizeof(leftover_tmp))) |
55 | return -EINVAL; |
56 | |
57 | ret = regmap_bulk_write(map: m10bmc->regmap, M10BMC_STAGING_BASE + offset, |
58 | val: buf + offset, val_count: write_count); |
59 | if (ret) |
60 | return ret; |
61 | |
62 | /* If size is not aligned to stride, handle the remainder bytes with regmap_write() */ |
63 | if (leftover_size) { |
64 | memcpy(&leftover_tmp, buf + leftover_offset, leftover_size); |
65 | ret = regmap_write(map: m10bmc->regmap, M10BMC_STAGING_BASE + offset + leftover_offset, |
66 | val: leftover_tmp); |
67 | if (ret) |
68 | return ret; |
69 | } |
70 | |
71 | return 0; |
72 | } |
73 | |
74 | static int m10bmc_sec_read(struct m10bmc_sec *sec, u8 *buf, u32 addr, u32 size) |
75 | { |
76 | struct intel_m10bmc *m10bmc = sec->m10bmc; |
77 | unsigned int stride = regmap_get_reg_stride(map: m10bmc->regmap); |
78 | u32 read_count = size / stride; |
79 | u32 leftover_offset = read_count * stride; |
80 | u32 leftover_size = size - leftover_offset; |
81 | u32 leftover_tmp; |
82 | int ret; |
83 | |
84 | if (sec->m10bmc->flash_bulk_ops) |
85 | return sec->m10bmc->flash_bulk_ops->read(m10bmc, buf, addr, size); |
86 | |
87 | if (WARN_ON_ONCE(stride > sizeof(leftover_tmp))) |
88 | return -EINVAL; |
89 | |
90 | ret = regmap_bulk_read(map: m10bmc->regmap, reg: addr, val: buf, val_count: read_count); |
91 | if (ret) |
92 | return ret; |
93 | |
94 | /* If size is not aligned to stride, handle the remainder bytes with regmap_read() */ |
95 | if (leftover_size) { |
96 | ret = regmap_read(map: m10bmc->regmap, reg: addr + leftover_offset, val: &leftover_tmp); |
97 | if (ret) |
98 | return ret; |
99 | memcpy(buf + leftover_offset, &leftover_tmp, leftover_size); |
100 | } |
101 | |
102 | return 0; |
103 | } |
104 | |
105 | |
106 | static ssize_t |
107 | show_root_entry_hash(struct device *dev, u32 exp_magic, |
108 | u32 prog_addr, u32 reh_addr, char *buf) |
109 | { |
110 | struct m10bmc_sec *sec = dev_get_drvdata(dev); |
111 | int sha_num_bytes, i, ret, cnt = 0; |
112 | u8 hash[REH_SHA384_SIZE]; |
113 | u32 magic; |
114 | |
115 | ret = m10bmc_sec_read(sec, buf: (u8 *)&magic, addr: prog_addr, size: sizeof(magic)); |
116 | if (ret) |
117 | return ret; |
118 | |
119 | if (FIELD_GET(REH_MAGIC, magic) != exp_magic) |
120 | return sysfs_emit(buf, fmt: "hash not programmed\n" ); |
121 | |
122 | sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8; |
123 | if (sha_num_bytes != REH_SHA256_SIZE && |
124 | sha_num_bytes != REH_SHA384_SIZE) { |
125 | dev_err(sec->dev, "%s bad sha num bytes %d\n" , __func__, |
126 | sha_num_bytes); |
127 | return -EINVAL; |
128 | } |
129 | |
130 | ret = m10bmc_sec_read(sec, buf: hash, addr: reh_addr, size: sha_num_bytes); |
131 | if (ret) { |
132 | dev_err(dev, "failed to read root entry hash\n" ); |
133 | return ret; |
134 | } |
135 | |
136 | for (i = 0; i < sha_num_bytes; i++) |
137 | cnt += sprintf(buf: buf + cnt, fmt: "%02x" , hash[i]); |
138 | cnt += sprintf(buf: buf + cnt, fmt: "\n" ); |
139 | |
140 | return cnt; |
141 | } |
142 | |
143 | #define DEVICE_ATTR_SEC_REH_RO(_name) \ |
144 | static ssize_t _name##_root_entry_hash_show(struct device *dev, \ |
145 | struct device_attribute *attr, \ |
146 | char *buf) \ |
147 | { \ |
148 | struct m10bmc_sec *sec = dev_get_drvdata(dev); \ |
149 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; \ |
150 | \ |
151 | return show_root_entry_hash(dev, csr_map->_name##_magic, \ |
152 | csr_map->_name##_prog_addr, \ |
153 | csr_map->_name##_reh_addr, \ |
154 | buf); \ |
155 | } \ |
156 | static DEVICE_ATTR_RO(_name##_root_entry_hash) |
157 | |
158 | DEVICE_ATTR_SEC_REH_RO(bmc); |
159 | DEVICE_ATTR_SEC_REH_RO(sr); |
160 | DEVICE_ATTR_SEC_REH_RO(pr); |
161 | |
162 | #define CSK_BIT_LEN 128U |
163 | #define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32) |
164 | |
165 | static ssize_t |
166 | show_canceled_csk(struct device *dev, u32 addr, char *buf) |
167 | { |
168 | unsigned int i, size = CSK_32ARRAY_SIZE * sizeof(u32); |
169 | struct m10bmc_sec *sec = dev_get_drvdata(dev); |
170 | DECLARE_BITMAP(csk_map, CSK_BIT_LEN); |
171 | __le32 csk_le32[CSK_32ARRAY_SIZE]; |
172 | u32 csk32[CSK_32ARRAY_SIZE]; |
173 | int ret; |
174 | |
175 | ret = m10bmc_sec_read(sec, buf: (u8 *)&csk_le32, addr, size); |
176 | if (ret) { |
177 | dev_err(sec->dev, "failed to read CSK vector\n" ); |
178 | return ret; |
179 | } |
180 | |
181 | for (i = 0; i < CSK_32ARRAY_SIZE; i++) |
182 | csk32[i] = le32_to_cpu(((csk_le32[i]))); |
183 | |
184 | bitmap_from_arr32(bitmap: csk_map, buf: csk32, CSK_BIT_LEN); |
185 | bitmap_complement(dst: csk_map, src: csk_map, CSK_BIT_LEN); |
186 | return bitmap_print_to_pagebuf(list: 1, buf, maskp: csk_map, CSK_BIT_LEN); |
187 | } |
188 | |
189 | #define DEVICE_ATTR_SEC_CSK_RO(_name) \ |
190 | static ssize_t _name##_canceled_csks_show(struct device *dev, \ |
191 | struct device_attribute *attr, \ |
192 | char *buf) \ |
193 | { \ |
194 | struct m10bmc_sec *sec = dev_get_drvdata(dev); \ |
195 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; \ |
196 | \ |
197 | return show_canceled_csk(dev, \ |
198 | csr_map->_name##_prog_addr + CSK_VEC_OFFSET, \ |
199 | buf); \ |
200 | } \ |
201 | static DEVICE_ATTR_RO(_name##_canceled_csks) |
202 | |
203 | #define CSK_VEC_OFFSET 0x34 |
204 | |
205 | DEVICE_ATTR_SEC_CSK_RO(bmc); |
206 | DEVICE_ATTR_SEC_CSK_RO(sr); |
207 | DEVICE_ATTR_SEC_CSK_RO(pr); |
208 | |
209 | #define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */ |
210 | |
211 | static ssize_t flash_count_show(struct device *dev, |
212 | struct device_attribute *attr, char *buf) |
213 | { |
214 | struct m10bmc_sec *sec = dev_get_drvdata(dev); |
215 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
216 | unsigned int num_bits; |
217 | u8 *flash_buf; |
218 | int cnt, ret; |
219 | |
220 | num_bits = FLASH_COUNT_SIZE * 8; |
221 | |
222 | flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL); |
223 | if (!flash_buf) |
224 | return -ENOMEM; |
225 | |
226 | ret = m10bmc_sec_read(sec, buf: flash_buf, addr: csr_map->rsu_update_counter, |
227 | FLASH_COUNT_SIZE); |
228 | if (ret) { |
229 | dev_err(sec->dev, "failed to read flash count\n" ); |
230 | goto exit_free; |
231 | } |
232 | cnt = num_bits - bitmap_weight(src: (unsigned long *)flash_buf, nbits: num_bits); |
233 | |
234 | exit_free: |
235 | kfree(objp: flash_buf); |
236 | |
237 | return ret ? : sysfs_emit(buf, fmt: "%u\n" , cnt); |
238 | } |
239 | static DEVICE_ATTR_RO(flash_count); |
240 | |
241 | static struct attribute *m10bmc_security_attrs[] = { |
242 | &dev_attr_flash_count.attr, |
243 | &dev_attr_bmc_root_entry_hash.attr, |
244 | &dev_attr_sr_root_entry_hash.attr, |
245 | &dev_attr_pr_root_entry_hash.attr, |
246 | &dev_attr_sr_canceled_csks.attr, |
247 | &dev_attr_pr_canceled_csks.attr, |
248 | &dev_attr_bmc_canceled_csks.attr, |
249 | NULL, |
250 | }; |
251 | |
252 | static struct attribute_group m10bmc_security_attr_group = { |
253 | .name = "security" , |
254 | .attrs = m10bmc_security_attrs, |
255 | }; |
256 | |
257 | static const struct attribute_group *m10bmc_sec_attr_groups[] = { |
258 | &m10bmc_security_attr_group, |
259 | NULL, |
260 | }; |
261 | |
262 | static void log_error_regs(struct m10bmc_sec *sec, u32 doorbell) |
263 | { |
264 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
265 | u32 auth_result; |
266 | |
267 | dev_err(sec->dev, "Doorbell: 0x%08x\n" , doorbell); |
268 | |
269 | if (!m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->auth_result, val: &auth_result)) |
270 | dev_err(sec->dev, "RSU auth result: 0x%08x\n" , auth_result); |
271 | } |
272 | |
273 | static int m10bmc_sec_n3000_rsu_status(struct m10bmc_sec *sec) |
274 | { |
275 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
276 | u32 doorbell; |
277 | int ret; |
278 | |
279 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: &doorbell); |
280 | if (ret) |
281 | return ret; |
282 | |
283 | return FIELD_GET(DRBL_RSU_STATUS, doorbell); |
284 | } |
285 | |
286 | static int m10bmc_sec_n6000_rsu_status(struct m10bmc_sec *sec) |
287 | { |
288 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
289 | u32 auth_result; |
290 | int ret; |
291 | |
292 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->auth_result, val: &auth_result); |
293 | if (ret) |
294 | return ret; |
295 | |
296 | return FIELD_GET(AUTH_RESULT_RSU_STATUS, auth_result); |
297 | } |
298 | |
299 | static bool rsu_status_ok(u32 status) |
300 | { |
301 | return (status == RSU_STAT_NORMAL || |
302 | status == RSU_STAT_NIOS_OK || |
303 | status == RSU_STAT_USER_OK || |
304 | status == RSU_STAT_FACTORY_OK); |
305 | } |
306 | |
307 | static bool rsu_progress_done(u32 progress) |
308 | { |
309 | return (progress == RSU_PROG_IDLE || |
310 | progress == RSU_PROG_RSU_DONE); |
311 | } |
312 | |
313 | static bool rsu_progress_busy(u32 progress) |
314 | { |
315 | return (progress == RSU_PROG_AUTHENTICATING || |
316 | progress == RSU_PROG_COPYING || |
317 | progress == RSU_PROG_UPDATE_CANCEL || |
318 | progress == RSU_PROG_PROGRAM_KEY_HASH); |
319 | } |
320 | |
321 | static int m10bmc_sec_progress_status(struct m10bmc_sec *sec, u32 *doorbell_reg, |
322 | u32 *progress, u32 *status) |
323 | { |
324 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
325 | int ret; |
326 | |
327 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: doorbell_reg); |
328 | if (ret) |
329 | return ret; |
330 | |
331 | ret = sec->ops->rsu_status(sec); |
332 | if (ret < 0) |
333 | return ret; |
334 | |
335 | *status = ret; |
336 | *progress = rsu_prog(*doorbell_reg); |
337 | |
338 | return 0; |
339 | } |
340 | |
341 | static enum fw_upload_err rsu_check_idle(struct m10bmc_sec *sec) |
342 | { |
343 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
344 | u32 doorbell; |
345 | int ret; |
346 | |
347 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: &doorbell); |
348 | if (ret) |
349 | return FW_UPLOAD_ERR_RW_ERROR; |
350 | |
351 | if (!rsu_progress_done(rsu_prog(doorbell))) { |
352 | log_error_regs(sec, doorbell); |
353 | return FW_UPLOAD_ERR_BUSY; |
354 | } |
355 | |
356 | return FW_UPLOAD_ERR_NONE; |
357 | } |
358 | |
359 | static inline bool rsu_start_done(u32 doorbell_reg, u32 progress, u32 status) |
360 | { |
361 | if (doorbell_reg & DRBL_RSU_REQUEST) |
362 | return false; |
363 | |
364 | if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT) |
365 | return true; |
366 | |
367 | if (!rsu_progress_done(progress)) |
368 | return true; |
369 | |
370 | return false; |
371 | } |
372 | |
373 | static enum fw_upload_err rsu_update_init(struct m10bmc_sec *sec) |
374 | { |
375 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
376 | u32 doorbell_reg, progress, status; |
377 | int ret, err; |
378 | |
379 | ret = m10bmc_sys_update_bits(m10bmc: sec->m10bmc, offset: csr_map->doorbell, |
380 | DRBL_RSU_REQUEST | DRBL_HOST_STATUS, |
381 | DRBL_RSU_REQUEST | |
382 | FIELD_PREP(DRBL_HOST_STATUS, |
383 | HOST_STATUS_IDLE)); |
384 | if (ret) |
385 | return FW_UPLOAD_ERR_RW_ERROR; |
386 | |
387 | ret = read_poll_timeout(m10bmc_sec_progress_status, err, |
388 | err < 0 || rsu_start_done(doorbell_reg, progress, status), |
389 | NIOS_HANDSHAKE_INTERVAL_US, |
390 | NIOS_HANDSHAKE_TIMEOUT_US, |
391 | false, |
392 | sec, &doorbell_reg, &progress, &status); |
393 | |
394 | if (ret == -ETIMEDOUT) { |
395 | log_error_regs(sec, doorbell: doorbell_reg); |
396 | return FW_UPLOAD_ERR_TIMEOUT; |
397 | } else if (err) { |
398 | return FW_UPLOAD_ERR_RW_ERROR; |
399 | } |
400 | |
401 | if (status == RSU_STAT_WEAROUT) { |
402 | dev_warn(sec->dev, "Excessive flash update count detected\n" ); |
403 | return FW_UPLOAD_ERR_WEAROUT; |
404 | } else if (status == RSU_STAT_ERASE_FAIL) { |
405 | log_error_regs(sec, doorbell: doorbell_reg); |
406 | return FW_UPLOAD_ERR_HW_ERROR; |
407 | } |
408 | |
409 | return FW_UPLOAD_ERR_NONE; |
410 | } |
411 | |
412 | static enum fw_upload_err rsu_prog_ready(struct m10bmc_sec *sec) |
413 | { |
414 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
415 | unsigned long poll_timeout; |
416 | u32 doorbell, progress; |
417 | int ret; |
418 | |
419 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: &doorbell); |
420 | if (ret) |
421 | return FW_UPLOAD_ERR_RW_ERROR; |
422 | |
423 | poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS); |
424 | while (rsu_prog(doorbell) == RSU_PROG_PREPARE) { |
425 | msleep(RSU_PREP_INTERVAL_MS); |
426 | if (time_after(jiffies, poll_timeout)) |
427 | break; |
428 | |
429 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: &doorbell); |
430 | if (ret) |
431 | return FW_UPLOAD_ERR_RW_ERROR; |
432 | } |
433 | |
434 | progress = rsu_prog(doorbell); |
435 | if (progress == RSU_PROG_PREPARE) { |
436 | log_error_regs(sec, doorbell); |
437 | return FW_UPLOAD_ERR_TIMEOUT; |
438 | } else if (progress != RSU_PROG_READY) { |
439 | log_error_regs(sec, doorbell); |
440 | return FW_UPLOAD_ERR_HW_ERROR; |
441 | } |
442 | |
443 | return FW_UPLOAD_ERR_NONE; |
444 | } |
445 | |
446 | static enum fw_upload_err rsu_send_data(struct m10bmc_sec *sec) |
447 | { |
448 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
449 | u32 doorbell_reg, status; |
450 | int ret; |
451 | |
452 | ret = m10bmc_sys_update_bits(m10bmc: sec->m10bmc, offset: csr_map->doorbell, |
453 | DRBL_HOST_STATUS, |
454 | FIELD_PREP(DRBL_HOST_STATUS, |
455 | HOST_STATUS_WRITE_DONE)); |
456 | if (ret) |
457 | return FW_UPLOAD_ERR_RW_ERROR; |
458 | |
459 | ret = regmap_read_poll_timeout(sec->m10bmc->regmap, |
460 | csr_map->base + csr_map->doorbell, |
461 | doorbell_reg, |
462 | rsu_prog(doorbell_reg) != RSU_PROG_READY, |
463 | NIOS_HANDSHAKE_INTERVAL_US, |
464 | NIOS_HANDSHAKE_TIMEOUT_US); |
465 | |
466 | if (ret == -ETIMEDOUT) { |
467 | log_error_regs(sec, doorbell: doorbell_reg); |
468 | return FW_UPLOAD_ERR_TIMEOUT; |
469 | } else if (ret) { |
470 | return FW_UPLOAD_ERR_RW_ERROR; |
471 | } |
472 | |
473 | ret = sec->ops->rsu_status(sec); |
474 | if (ret < 0) |
475 | return FW_UPLOAD_ERR_HW_ERROR; |
476 | status = ret; |
477 | |
478 | if (!rsu_status_ok(status)) { |
479 | log_error_regs(sec, doorbell: doorbell_reg); |
480 | return FW_UPLOAD_ERR_HW_ERROR; |
481 | } |
482 | |
483 | return FW_UPLOAD_ERR_NONE; |
484 | } |
485 | |
486 | static int rsu_check_complete(struct m10bmc_sec *sec, u32 *doorbell_reg) |
487 | { |
488 | u32 progress, status; |
489 | |
490 | if (m10bmc_sec_progress_status(sec, doorbell_reg, progress: &progress, status: &status)) |
491 | return -EIO; |
492 | |
493 | if (!rsu_status_ok(status)) |
494 | return -EINVAL; |
495 | |
496 | if (rsu_progress_done(progress)) |
497 | return 0; |
498 | |
499 | if (rsu_progress_busy(progress)) |
500 | return -EAGAIN; |
501 | |
502 | return -EINVAL; |
503 | } |
504 | |
505 | static enum fw_upload_err rsu_cancel(struct m10bmc_sec *sec) |
506 | { |
507 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
508 | u32 doorbell; |
509 | int ret; |
510 | |
511 | ret = m10bmc_sys_read(m10bmc: sec->m10bmc, offset: csr_map->doorbell, val: &doorbell); |
512 | if (ret) |
513 | return FW_UPLOAD_ERR_RW_ERROR; |
514 | |
515 | if (rsu_prog(doorbell) != RSU_PROG_READY) |
516 | return FW_UPLOAD_ERR_BUSY; |
517 | |
518 | ret = m10bmc_sys_update_bits(m10bmc: sec->m10bmc, offset: csr_map->doorbell, |
519 | DRBL_HOST_STATUS, |
520 | FIELD_PREP(DRBL_HOST_STATUS, |
521 | HOST_STATUS_ABORT_RSU)); |
522 | if (ret) |
523 | return FW_UPLOAD_ERR_RW_ERROR; |
524 | |
525 | return FW_UPLOAD_ERR_CANCELED; |
526 | } |
527 | |
528 | static enum fw_upload_err m10bmc_sec_prepare(struct fw_upload *fwl, |
529 | const u8 *data, u32 size) |
530 | { |
531 | struct m10bmc_sec *sec = fwl->dd_handle; |
532 | u32 ret; |
533 | |
534 | sec->cancel_request = false; |
535 | |
536 | if (!size || size > M10BMC_STAGING_SIZE) |
537 | return FW_UPLOAD_ERR_INVALID_SIZE; |
538 | |
539 | if (sec->m10bmc->flash_bulk_ops) |
540 | if (sec->m10bmc->flash_bulk_ops->lock_write(sec->m10bmc)) |
541 | return FW_UPLOAD_ERR_BUSY; |
542 | |
543 | ret = rsu_check_idle(sec); |
544 | if (ret != FW_UPLOAD_ERR_NONE) |
545 | goto unlock_flash; |
546 | |
547 | m10bmc_fw_state_set(m10bmc: sec->m10bmc, new_state: M10BMC_FW_STATE_SEC_UPDATE_PREPARE); |
548 | |
549 | ret = rsu_update_init(sec); |
550 | if (ret != FW_UPLOAD_ERR_NONE) |
551 | goto fw_state_exit; |
552 | |
553 | ret = rsu_prog_ready(sec); |
554 | if (ret != FW_UPLOAD_ERR_NONE) |
555 | goto fw_state_exit; |
556 | |
557 | if (sec->cancel_request) { |
558 | ret = rsu_cancel(sec); |
559 | goto fw_state_exit; |
560 | } |
561 | |
562 | m10bmc_fw_state_set(m10bmc: sec->m10bmc, new_state: M10BMC_FW_STATE_SEC_UPDATE_WRITE); |
563 | |
564 | return FW_UPLOAD_ERR_NONE; |
565 | |
566 | fw_state_exit: |
567 | m10bmc_fw_state_set(m10bmc: sec->m10bmc, new_state: M10BMC_FW_STATE_NORMAL); |
568 | |
569 | unlock_flash: |
570 | if (sec->m10bmc->flash_bulk_ops) |
571 | sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc); |
572 | return ret; |
573 | } |
574 | |
575 | #define WRITE_BLOCK_SIZE 0x4000 /* Default write-block size is 0x4000 bytes */ |
576 | |
577 | static enum fw_upload_err m10bmc_sec_fw_write(struct fw_upload *fwl, const u8 *data, |
578 | u32 offset, u32 size, u32 *written) |
579 | { |
580 | struct m10bmc_sec *sec = fwl->dd_handle; |
581 | const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; |
582 | struct intel_m10bmc *m10bmc = sec->m10bmc; |
583 | u32 blk_size, doorbell; |
584 | int ret; |
585 | |
586 | if (sec->cancel_request) |
587 | return rsu_cancel(sec); |
588 | |
589 | ret = m10bmc_sys_read(m10bmc, offset: csr_map->doorbell, val: &doorbell); |
590 | if (ret) { |
591 | return FW_UPLOAD_ERR_RW_ERROR; |
592 | } else if (rsu_prog(doorbell) != RSU_PROG_READY) { |
593 | log_error_regs(sec, doorbell); |
594 | return FW_UPLOAD_ERR_HW_ERROR; |
595 | } |
596 | |
597 | WARN_ON_ONCE(WRITE_BLOCK_SIZE % regmap_get_reg_stride(m10bmc->regmap)); |
598 | blk_size = min_t(u32, WRITE_BLOCK_SIZE, size); |
599 | ret = m10bmc_sec_write(sec, buf: data, offset, size: blk_size); |
600 | if (ret) |
601 | return FW_UPLOAD_ERR_RW_ERROR; |
602 | |
603 | *written = blk_size; |
604 | return FW_UPLOAD_ERR_NONE; |
605 | } |
606 | |
607 | static enum fw_upload_err m10bmc_sec_poll_complete(struct fw_upload *fwl) |
608 | { |
609 | struct m10bmc_sec *sec = fwl->dd_handle; |
610 | unsigned long poll_timeout; |
611 | u32 doorbell, result; |
612 | int ret; |
613 | |
614 | if (sec->cancel_request) |
615 | return rsu_cancel(sec); |
616 | |
617 | m10bmc_fw_state_set(m10bmc: sec->m10bmc, new_state: M10BMC_FW_STATE_SEC_UPDATE_PROGRAM); |
618 | |
619 | result = rsu_send_data(sec); |
620 | if (result != FW_UPLOAD_ERR_NONE) |
621 | return result; |
622 | |
623 | poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS); |
624 | do { |
625 | msleep(RSU_COMPLETE_INTERVAL_MS); |
626 | ret = rsu_check_complete(sec, doorbell_reg: &doorbell); |
627 | } while (ret == -EAGAIN && !time_after(jiffies, poll_timeout)); |
628 | |
629 | if (ret == -EAGAIN) { |
630 | log_error_regs(sec, doorbell); |
631 | return FW_UPLOAD_ERR_TIMEOUT; |
632 | } else if (ret == -EIO) { |
633 | return FW_UPLOAD_ERR_RW_ERROR; |
634 | } else if (ret) { |
635 | log_error_regs(sec, doorbell); |
636 | return FW_UPLOAD_ERR_HW_ERROR; |
637 | } |
638 | |
639 | return FW_UPLOAD_ERR_NONE; |
640 | } |
641 | |
642 | /* |
643 | * m10bmc_sec_cancel() may be called asynchronously with an on-going update. |
644 | * All other functions are called sequentially in a single thread. To avoid |
645 | * contention on register accesses, m10bmc_sec_cancel() must only update |
646 | * the cancel_request flag. Other functions will check this flag and handle |
647 | * the cancel request synchronously. |
648 | */ |
649 | static void m10bmc_sec_cancel(struct fw_upload *fwl) |
650 | { |
651 | struct m10bmc_sec *sec = fwl->dd_handle; |
652 | |
653 | sec->cancel_request = true; |
654 | } |
655 | |
656 | static void m10bmc_sec_cleanup(struct fw_upload *fwl) |
657 | { |
658 | struct m10bmc_sec *sec = fwl->dd_handle; |
659 | |
660 | (void)rsu_cancel(sec); |
661 | |
662 | m10bmc_fw_state_set(m10bmc: sec->m10bmc, new_state: M10BMC_FW_STATE_NORMAL); |
663 | |
664 | if (sec->m10bmc->flash_bulk_ops) |
665 | sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc); |
666 | } |
667 | |
668 | static const struct fw_upload_ops m10bmc_ops = { |
669 | .prepare = m10bmc_sec_prepare, |
670 | .write = m10bmc_sec_fw_write, |
671 | .poll_complete = m10bmc_sec_poll_complete, |
672 | .cancel = m10bmc_sec_cancel, |
673 | .cleanup = m10bmc_sec_cleanup, |
674 | }; |
675 | |
676 | static const struct m10bmc_sec_ops m10sec_n3000_ops = { |
677 | .rsu_status = m10bmc_sec_n3000_rsu_status, |
678 | }; |
679 | |
680 | static const struct m10bmc_sec_ops m10sec_n6000_ops = { |
681 | .rsu_status = m10bmc_sec_n6000_rsu_status, |
682 | }; |
683 | |
684 | #define SEC_UPDATE_LEN_MAX 32 |
685 | static int m10bmc_sec_probe(struct platform_device *pdev) |
686 | { |
687 | char buf[SEC_UPDATE_LEN_MAX]; |
688 | struct m10bmc_sec *sec; |
689 | struct fw_upload *fwl; |
690 | unsigned int len; |
691 | int ret; |
692 | |
693 | sec = devm_kzalloc(dev: &pdev->dev, size: sizeof(*sec), GFP_KERNEL); |
694 | if (!sec) |
695 | return -ENOMEM; |
696 | |
697 | sec->dev = &pdev->dev; |
698 | sec->m10bmc = dev_get_drvdata(dev: pdev->dev.parent); |
699 | sec->ops = (struct m10bmc_sec_ops *)platform_get_device_id(pdev)->driver_data; |
700 | dev_set_drvdata(dev: &pdev->dev, data: sec); |
701 | |
702 | ret = xa_alloc(xa: &fw_upload_xa, id: &sec->fw_name_id, entry: sec, |
703 | xa_limit_32b, GFP_KERNEL); |
704 | if (ret) |
705 | return ret; |
706 | |
707 | len = scnprintf(buf, SEC_UPDATE_LEN_MAX, fmt: "secure-update%d" , |
708 | sec->fw_name_id); |
709 | sec->fw_name = kmemdup_nul(s: buf, len, GFP_KERNEL); |
710 | if (!sec->fw_name) { |
711 | ret = -ENOMEM; |
712 | goto fw_name_fail; |
713 | } |
714 | |
715 | fwl = firmware_upload_register(THIS_MODULE, parent: sec->dev, name: sec->fw_name, |
716 | ops: &m10bmc_ops, dd_handle: sec); |
717 | if (IS_ERR(ptr: fwl)) { |
718 | dev_err(sec->dev, "Firmware Upload driver failed to start\n" ); |
719 | ret = PTR_ERR(ptr: fwl); |
720 | goto fw_uploader_fail; |
721 | } |
722 | |
723 | sec->fwl = fwl; |
724 | return 0; |
725 | |
726 | fw_uploader_fail: |
727 | kfree(objp: sec->fw_name); |
728 | fw_name_fail: |
729 | xa_erase(&fw_upload_xa, index: sec->fw_name_id); |
730 | return ret; |
731 | } |
732 | |
733 | static void m10bmc_sec_remove(struct platform_device *pdev) |
734 | { |
735 | struct m10bmc_sec *sec = dev_get_drvdata(dev: &pdev->dev); |
736 | |
737 | firmware_upload_unregister(fw_upload: sec->fwl); |
738 | kfree(objp: sec->fw_name); |
739 | xa_erase(&fw_upload_xa, index: sec->fw_name_id); |
740 | } |
741 | |
742 | static const struct platform_device_id intel_m10bmc_sec_ids[] = { |
743 | { |
744 | .name = "n3000bmc-sec-update" , |
745 | .driver_data = (kernel_ulong_t)&m10sec_n3000_ops, |
746 | }, |
747 | { |
748 | .name = "d5005bmc-sec-update" , |
749 | .driver_data = (kernel_ulong_t)&m10sec_n3000_ops, |
750 | }, |
751 | { |
752 | .name = "n6000bmc-sec-update" , |
753 | .driver_data = (kernel_ulong_t)&m10sec_n6000_ops, |
754 | }, |
755 | { } |
756 | }; |
757 | MODULE_DEVICE_TABLE(platform, intel_m10bmc_sec_ids); |
758 | |
759 | static struct platform_driver intel_m10bmc_sec_driver = { |
760 | .probe = m10bmc_sec_probe, |
761 | .remove_new = m10bmc_sec_remove, |
762 | .driver = { |
763 | .name = "intel-m10bmc-sec-update" , |
764 | .dev_groups = m10bmc_sec_attr_groups, |
765 | }, |
766 | .id_table = intel_m10bmc_sec_ids, |
767 | }; |
768 | module_platform_driver(intel_m10bmc_sec_driver); |
769 | |
770 | MODULE_AUTHOR("Intel Corporation" ); |
771 | MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update" ); |
772 | MODULE_LICENSE("GPL" ); |
773 | MODULE_IMPORT_NS(INTEL_M10_BMC_CORE); |
774 | |