Re: [PATCH 3/3] nvmem: stm32: add OP-TEE support for STM32MP13x

[Patrick DELAUNAY <patrick.delaunay@foss.st.com>]

Hi,

On 11/1/22 08:26, Srinivas Kandagatla wrote:
>
>
> On 28/10/2022 15:52, Patrick Delaunay wrote:
>> For boot with OP-TEE on STM32MP13, the communication with the secure
>> world no more use STMicroelectronics SMC but communication with the
>> BSEC TA, for data access (read/write) or lock operation:
>> - all the request are sent to OP-TEE trusted application,
>> - for upper OTP with ECC protection and with word programming only
>>    each OTP are permanently locked when programmed to avoid ECC error
>>    on the second write operation
>>
>> Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
>> ---
>
> For some reason I pushed this patch without a full review, This is now 
> reverted from nvmem-next.


Ok


>
> Why not add TEE client based new driver instead of ifdefing around 
> this driver? Also I see there is not much common across both drivers 
> anyway.


I hesitate between the 2 solutions. I choose this update to handle the 
STM32MP15 support with OP-TEE.

For backward compatibility reason the same driver STM32 ROMEM associated 
to compatible "st,stm32mp15-bsec" should be kept.

- the lower OTP can directly accessible by Linux (the IP is not secured) 
=> boot with SPL

- the upper OTP and the write operation are requested by 
STMicroelectronics SMCs

    => boot with TF-A SPMIN and old OP-TEE (before migration to STM32 
BSEC PTA)


But in the future OP-TEE the access to OTP should be also done with 
STM32 BSEC PTA...


I can manage this compatibility by detection in STM32 romem driver if 
the booth access are managed in the same driver.

This patch can be added in the serie to understood the detection mechanism.


>
>
>>
>>   drivers/nvmem/stm32-romem.c | 450 +++++++++++++++++++++++++++++++++++-
>>   1 file changed, 446 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/nvmem/stm32-romem.c b/drivers/nvmem/stm32-romem.c
>> index 6de565639d5f..dfdedbcca9b9 100644
>> --- a/drivers/nvmem/stm32-romem.c
>> +++ b/drivers/nvmem/stm32-romem.c
>> @@ -11,6 +11,7 @@
>>   #include <linux/module.h>
>>   #include <linux/nvmem-provider.h>
>>   #include <linux/of_device.h>
>> +#include <linux/tee_drv.h>
>>     /* BSEC secure service access from non-secure */
>>   #define STM32_SMC_BSEC            0x82001003
>> @@ -25,14 +26,22 @@
>>   struct stm32_romem_cfg {
>>       int size;
>>       u8 lower;
>> +    bool ta;
>>   };
>>     struct stm32_romem_priv {
>>       void __iomem *base;
>>       struct nvmem_config cfg;
>>       u8 lower;
>> +    struct device *ta;
>>   };
>>   +struct device *stm32_bsec_pta_find(struct device *dev);
>> +static int stm32_bsec_pta_read(void *context, unsigned int offset, 
>> void *buf,
>> +                   size_t bytes);
>> +static int stm32_bsec_pta_write(void *context, unsigned int offset, 
>> void *buf,
>> +                size_t bytes);
>> +
>>   static int stm32_romem_read(void *context, unsigned int offset, 
>> void *buf,
>>                   size_t bytes)
>>   {
>> @@ -173,15 +182,25 @@ static int stm32_romem_probe(struct 
>> platform_device *pdev)
>>       } else {
>>           priv->cfg.size = cfg->size;
>>           priv->lower = cfg->lower;
>> -        priv->cfg.reg_read = stm32_bsec_read;
>> -        priv->cfg.reg_write = stm32_bsec_write;
>> +        if (cfg->ta) {
>> +            priv->ta = stm32_bsec_pta_find(dev);
>> +            /* wait for OP-TEE client driver to be up and ready */
>> +            if (!priv->ta)
>> +                return -EPROBE_DEFER;
>> +
>> +            priv->cfg.reg_read = stm32_bsec_pta_read;
>> +            priv->cfg.reg_write = stm32_bsec_pta_write;
>> +        } else {
>> +            priv->cfg.reg_read = stm32_bsec_read;
>> +            priv->cfg.reg_write = stm32_bsec_write;
>> +        }
>>       }
>>         return PTR_ERR_OR_ZERO(devm_nvmem_register(dev, &priv->cfg));
>>   }
>>     /*
>> - * STM32MP15 BSEC OTP regions: 4096 OTP bits (with 3072 effective bits)
>> + * STM32MP15/13 BSEC OTP regions: 4096 OTP bits (with 3072 effective 
>> bits)
>>    * => 96 x 32-bits data words
>>    * - Lower: 1K bits, 2:1 redundancy, incremental bit programming
>>    *   => 32 (x 32-bits) lower shadow registers = words 0 to 31
>> @@ -191,6 +210,13 @@ static int stm32_romem_probe(struct 
>> platform_device *pdev)
>>   static const struct stm32_romem_cfg stm32mp15_bsec_cfg = {
>>       .size = 384,
>>       .lower = 32,
>> +    .ta = false,
>> +};
>> +
>> +static const struct stm32_romem_cfg stm32mp13_bsec_cfg = {
>> +    .size = 384,
>> +    .lower = 32,
>> +    .ta = true,
>>   };
>>     static const struct of_device_id stm32_romem_of_match[] = {
>> @@ -198,6 +224,8 @@ static const struct of_device_id 
>> stm32_romem_of_match[] = {
>>           .compatible = "st,stm32mp15-bsec",
>>           .data = (void *)&stm32mp15_bsec_cfg,
>>       }, {
>> +        .compatible = "st,stm32mp13-bsec",
>> +        .data = (void *)&stm32mp13_bsec_cfg,
>
> missing sentinel, which caused a regression in next.


Ok, sorry for my error in the rebase conflict.


Patrick


>
>
> --srini
>>       },
>>   };
>>   MODULE_DEVICE_TABLE(of, stm32_romem_of_match);
>> @@ -209,7 +237,421 @@ static struct platform_driver 
>> stm32_romem_driver = {
>>           .of_match_table = of_match_ptr(stm32_romem_of_match),
>>       },
>>   };
>> -module_platform_driver(stm32_romem_driver);
>> +
>> +#if IS_ENABLED(CONFIG_OPTEE)
>>
....


>> +
>> +module_init(stm32_romem_init);
>> +module_exit(stm32_romem_exit);
>>     MODULE_AUTHOR("Fabrice Gasnier <fabrice.gasnier@st.com>");
>>   MODULE_DESCRIPTION("STMicroelectronics STM32 RO-MEM");