xref: /openbmc/linux/drivers/fpga/intel-m10-bmc-sec-update.c (revision 1ac731c529cd4d6adbce134754b51ff7d822b145)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Intel MAX10 Board Management Controller Secure Update Driver
4  *
5  * Copyright (C) 2019-2022 Intel Corporation. All rights reserved.
6  *
7  */
8 #include <linux/bitfield.h>
9 #include <linux/device.h>
10 #include <linux/firmware.h>
11 #include <linux/mfd/intel-m10-bmc.h>
12 #include <linux/mod_devicetable.h>
13 #include <linux/module.h>
14 #include <linux/platform_device.h>
15 #include <linux/slab.h>
16 
17 struct m10bmc_sec;
18 
19 struct m10bmc_sec_ops {
20 	int (*rsu_status)(struct m10bmc_sec *sec);
21 };
22 
23 struct m10bmc_sec {
24 	struct device *dev;
25 	struct intel_m10bmc *m10bmc;
26 	struct fw_upload *fwl;
27 	char *fw_name;
28 	u32 fw_name_id;
29 	bool cancel_request;
30 	const struct m10bmc_sec_ops *ops;
31 };
32 
33 static DEFINE_XARRAY_ALLOC(fw_upload_xa);
34 
35 /* Root Entry Hash (REH) support */
36 #define REH_SHA256_SIZE		32
37 #define REH_SHA384_SIZE		48
38 #define REH_MAGIC		GENMASK(15, 0)
39 #define REH_SHA_NUM_BYTES	GENMASK(31, 16)
40 
m10bmc_sec_write(struct m10bmc_sec * sec,const u8 * buf,u32 offset,u32 size)41 static int m10bmc_sec_write(struct m10bmc_sec *sec, const u8 *buf, u32 offset, u32 size)
42 {
43 	struct intel_m10bmc *m10bmc = sec->m10bmc;
44 	unsigned int stride = regmap_get_reg_stride(m10bmc->regmap);
45 	u32 write_count = size / stride;
46 	u32 leftover_offset = write_count * stride;
47 	u32 leftover_size = size - leftover_offset;
48 	u32 leftover_tmp = 0;
49 	int ret;
50 
51 	if (sec->m10bmc->flash_bulk_ops)
52 		return sec->m10bmc->flash_bulk_ops->write(m10bmc, buf, offset, size);
53 
54 	if (WARN_ON_ONCE(stride > sizeof(leftover_tmp)))
55 		return -EINVAL;
56 
57 	ret = regmap_bulk_write(m10bmc->regmap, M10BMC_STAGING_BASE + offset,
58 				buf + offset, write_count);
59 	if (ret)
60 		return ret;
61 
62 	/* If size is not aligned to stride, handle the remainder bytes with regmap_write() */
63 	if (leftover_size) {
64 		memcpy(&leftover_tmp, buf + leftover_offset, leftover_size);
65 		ret = regmap_write(m10bmc->regmap, M10BMC_STAGING_BASE + offset + leftover_offset,
66 				   leftover_tmp);
67 		if (ret)
68 			return ret;
69 	}
70 
71 	return 0;
72 }
73 
m10bmc_sec_read(struct m10bmc_sec * sec,u8 * buf,u32 addr,u32 size)74 static int m10bmc_sec_read(struct m10bmc_sec *sec, u8 *buf, u32 addr, u32 size)
75 {
76 	struct intel_m10bmc *m10bmc = sec->m10bmc;
77 	unsigned int stride = regmap_get_reg_stride(m10bmc->regmap);
78 	u32 read_count = size / stride;
79 	u32 leftover_offset = read_count * stride;
80 	u32 leftover_size = size - leftover_offset;
81 	u32 leftover_tmp;
82 	int ret;
83 
84 	if (sec->m10bmc->flash_bulk_ops)
85 		return sec->m10bmc->flash_bulk_ops->read(m10bmc, buf, addr, size);
86 
87 	if (WARN_ON_ONCE(stride > sizeof(leftover_tmp)))
88 		return -EINVAL;
89 
90 	ret = regmap_bulk_read(m10bmc->regmap, addr, buf, read_count);
91 	if (ret)
92 		return ret;
93 
94 	/* If size is not aligned to stride, handle the remainder bytes with regmap_read() */
95 	if (leftover_size) {
96 		ret = regmap_read(m10bmc->regmap, addr + leftover_offset, &leftover_tmp);
97 		if (ret)
98 			return ret;
99 		memcpy(buf + leftover_offset, &leftover_tmp, leftover_size);
100 	}
101 
102 	return 0;
103 }
104 
105 
106 static ssize_t
show_root_entry_hash(struct device * dev,u32 exp_magic,u32 prog_addr,u32 reh_addr,char * buf)107 show_root_entry_hash(struct device *dev, u32 exp_magic,
108 		     u32 prog_addr, u32 reh_addr, char *buf)
109 {
110 	struct m10bmc_sec *sec = dev_get_drvdata(dev);
111 	int sha_num_bytes, i, ret, cnt = 0;
112 	u8 hash[REH_SHA384_SIZE];
113 	u32 magic;
114 
115 	ret = m10bmc_sec_read(sec, (u8 *)&magic, prog_addr, sizeof(magic));
116 	if (ret)
117 		return ret;
118 
119 	if (FIELD_GET(REH_MAGIC, magic) != exp_magic)
120 		return sysfs_emit(buf, "hash not programmed\n");
121 
122 	sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8;
123 	if (sha_num_bytes != REH_SHA256_SIZE &&
124 	    sha_num_bytes != REH_SHA384_SIZE) {
125 		dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__,
126 			sha_num_bytes);
127 		return -EINVAL;
128 	}
129 
130 	ret = m10bmc_sec_read(sec, hash, reh_addr, sha_num_bytes);
131 	if (ret) {
132 		dev_err(dev, "failed to read root entry hash\n");
133 		return ret;
134 	}
135 
136 	for (i = 0; i < sha_num_bytes; i++)
137 		cnt += sprintf(buf + cnt, "%02x", hash[i]);
138 	cnt += sprintf(buf + cnt, "\n");
139 
140 	return cnt;
141 }
142 
143 #define DEVICE_ATTR_SEC_REH_RO(_name)						\
144 static ssize_t _name##_root_entry_hash_show(struct device *dev, \
145 					    struct device_attribute *attr, \
146 					    char *buf) \
147 {										\
148 	struct m10bmc_sec *sec = dev_get_drvdata(dev);				\
149 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;	\
150 										\
151 	return show_root_entry_hash(dev, csr_map->_name##_magic,		\
152 				    csr_map->_name##_prog_addr,			\
153 				    csr_map->_name##_reh_addr,			\
154 				    buf);					\
155 }										\
156 static DEVICE_ATTR_RO(_name##_root_entry_hash)
157 
158 DEVICE_ATTR_SEC_REH_RO(bmc);
159 DEVICE_ATTR_SEC_REH_RO(sr);
160 DEVICE_ATTR_SEC_REH_RO(pr);
161 
162 #define CSK_BIT_LEN		128U
163 #define CSK_32ARRAY_SIZE	DIV_ROUND_UP(CSK_BIT_LEN, 32)
164 
165 static ssize_t
show_canceled_csk(struct device * dev,u32 addr,char * buf)166 show_canceled_csk(struct device *dev, u32 addr, char *buf)
167 {
168 	unsigned int i, size = CSK_32ARRAY_SIZE * sizeof(u32);
169 	struct m10bmc_sec *sec = dev_get_drvdata(dev);
170 	DECLARE_BITMAP(csk_map, CSK_BIT_LEN);
171 	__le32 csk_le32[CSK_32ARRAY_SIZE];
172 	u32 csk32[CSK_32ARRAY_SIZE];
173 	int ret;
174 
175 	ret = m10bmc_sec_read(sec, (u8 *)&csk_le32, addr, size);
176 	if (ret) {
177 		dev_err(sec->dev, "failed to read CSK vector\n");
178 		return ret;
179 	}
180 
181 	for (i = 0; i < CSK_32ARRAY_SIZE; i++)
182 		csk32[i] = le32_to_cpu(((csk_le32[i])));
183 
184 	bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN);
185 	bitmap_complement(csk_map, csk_map, CSK_BIT_LEN);
186 	return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN);
187 }
188 
189 #define DEVICE_ATTR_SEC_CSK_RO(_name)						\
190 static ssize_t _name##_canceled_csks_show(struct device *dev, \
191 					  struct device_attribute *attr, \
192 					  char *buf) \
193 {										\
194 	struct m10bmc_sec *sec = dev_get_drvdata(dev);				\
195 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;	\
196 										\
197 	return show_canceled_csk(dev,						\
198 				 csr_map->_name##_prog_addr + CSK_VEC_OFFSET,	\
199 				 buf);						\
200 }										\
201 static DEVICE_ATTR_RO(_name##_canceled_csks)
202 
203 #define CSK_VEC_OFFSET 0x34
204 
205 DEVICE_ATTR_SEC_CSK_RO(bmc);
206 DEVICE_ATTR_SEC_CSK_RO(sr);
207 DEVICE_ATTR_SEC_CSK_RO(pr);
208 
209 #define FLASH_COUNT_SIZE 4096	/* count stored as inverted bit vector */
210 
flash_count_show(struct device * dev,struct device_attribute * attr,char * buf)211 static ssize_t flash_count_show(struct device *dev,
212 				struct device_attribute *attr, char *buf)
213 {
214 	struct m10bmc_sec *sec = dev_get_drvdata(dev);
215 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
216 	unsigned int num_bits;
217 	u8 *flash_buf;
218 	int cnt, ret;
219 
220 	num_bits = FLASH_COUNT_SIZE * 8;
221 
222 	flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL);
223 	if (!flash_buf)
224 		return -ENOMEM;
225 
226 	ret = m10bmc_sec_read(sec, flash_buf, csr_map->rsu_update_counter,
227 			      FLASH_COUNT_SIZE);
228 	if (ret) {
229 		dev_err(sec->dev, "failed to read flash count\n");
230 		goto exit_free;
231 	}
232 	cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits);
233 
234 exit_free:
235 	kfree(flash_buf);
236 
237 	return ret ? : sysfs_emit(buf, "%u\n", cnt);
238 }
239 static DEVICE_ATTR_RO(flash_count);
240 
241 static struct attribute *m10bmc_security_attrs[] = {
242 	&dev_attr_flash_count.attr,
243 	&dev_attr_bmc_root_entry_hash.attr,
244 	&dev_attr_sr_root_entry_hash.attr,
245 	&dev_attr_pr_root_entry_hash.attr,
246 	&dev_attr_sr_canceled_csks.attr,
247 	&dev_attr_pr_canceled_csks.attr,
248 	&dev_attr_bmc_canceled_csks.attr,
249 	NULL,
250 };
251 
252 static struct attribute_group m10bmc_security_attr_group = {
253 	.name = "security",
254 	.attrs = m10bmc_security_attrs,
255 };
256 
257 static const struct attribute_group *m10bmc_sec_attr_groups[] = {
258 	&m10bmc_security_attr_group,
259 	NULL,
260 };
261 
log_error_regs(struct m10bmc_sec * sec,u32 doorbell)262 static void log_error_regs(struct m10bmc_sec *sec, u32 doorbell)
263 {
264 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
265 	u32 auth_result;
266 
267 	dev_err(sec->dev, "Doorbell: 0x%08x\n", doorbell);
268 
269 	if (!m10bmc_sys_read(sec->m10bmc, csr_map->auth_result, &auth_result))
270 		dev_err(sec->dev, "RSU auth result: 0x%08x\n", auth_result);
271 }
272 
m10bmc_sec_n3000_rsu_status(struct m10bmc_sec * sec)273 static int m10bmc_sec_n3000_rsu_status(struct m10bmc_sec *sec)
274 {
275 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
276 	u32 doorbell;
277 	int ret;
278 
279 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
280 	if (ret)
281 		return ret;
282 
283 	return FIELD_GET(DRBL_RSU_STATUS, doorbell);
284 }
285 
m10bmc_sec_n6000_rsu_status(struct m10bmc_sec * sec)286 static int m10bmc_sec_n6000_rsu_status(struct m10bmc_sec *sec)
287 {
288 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
289 	u32 auth_result;
290 	int ret;
291 
292 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->auth_result, &auth_result);
293 	if (ret)
294 		return ret;
295 
296 	return FIELD_GET(AUTH_RESULT_RSU_STATUS, auth_result);
297 }
298 
rsu_status_ok(u32 status)299 static bool rsu_status_ok(u32 status)
300 {
301 	return (status == RSU_STAT_NORMAL ||
302 		status == RSU_STAT_NIOS_OK ||
303 		status == RSU_STAT_USER_OK ||
304 		status == RSU_STAT_FACTORY_OK);
305 }
306 
rsu_progress_done(u32 progress)307 static bool rsu_progress_done(u32 progress)
308 {
309 	return (progress == RSU_PROG_IDLE ||
310 		progress == RSU_PROG_RSU_DONE);
311 }
312 
rsu_progress_busy(u32 progress)313 static bool rsu_progress_busy(u32 progress)
314 {
315 	return (progress == RSU_PROG_AUTHENTICATING ||
316 		progress == RSU_PROG_COPYING ||
317 		progress == RSU_PROG_UPDATE_CANCEL ||
318 		progress == RSU_PROG_PROGRAM_KEY_HASH);
319 }
320 
m10bmc_sec_progress_status(struct m10bmc_sec * sec,u32 * doorbell_reg,u32 * progress,u32 * status)321 static int m10bmc_sec_progress_status(struct m10bmc_sec *sec, u32 *doorbell_reg,
322 				      u32 *progress, u32 *status)
323 {
324 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
325 	int ret;
326 
327 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, doorbell_reg);
328 	if (ret)
329 		return ret;
330 
331 	ret = sec->ops->rsu_status(sec);
332 	if (ret < 0)
333 		return ret;
334 
335 	*status = ret;
336 	*progress = rsu_prog(*doorbell_reg);
337 
338 	return 0;
339 }
340 
rsu_check_idle(struct m10bmc_sec * sec)341 static enum fw_upload_err rsu_check_idle(struct m10bmc_sec *sec)
342 {
343 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
344 	u32 doorbell;
345 	int ret;
346 
347 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
348 	if (ret)
349 		return FW_UPLOAD_ERR_RW_ERROR;
350 
351 	if (!rsu_progress_done(rsu_prog(doorbell))) {
352 		log_error_regs(sec, doorbell);
353 		return FW_UPLOAD_ERR_BUSY;
354 	}
355 
356 	return FW_UPLOAD_ERR_NONE;
357 }
358 
rsu_start_done(u32 doorbell_reg,u32 progress,u32 status)359 static inline bool rsu_start_done(u32 doorbell_reg, u32 progress, u32 status)
360 {
361 	if (doorbell_reg & DRBL_RSU_REQUEST)
362 		return false;
363 
364 	if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT)
365 		return true;
366 
367 	if (!rsu_progress_done(progress))
368 		return true;
369 
370 	return false;
371 }
372 
rsu_update_init(struct m10bmc_sec * sec)373 static enum fw_upload_err rsu_update_init(struct m10bmc_sec *sec)
374 {
375 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
376 	u32 doorbell_reg, progress, status;
377 	int ret, err;
378 
379 	ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
380 				     DRBL_RSU_REQUEST | DRBL_HOST_STATUS,
381 				     DRBL_RSU_REQUEST |
382 				     FIELD_PREP(DRBL_HOST_STATUS,
383 						HOST_STATUS_IDLE));
384 	if (ret)
385 		return FW_UPLOAD_ERR_RW_ERROR;
386 
387 	ret = read_poll_timeout(m10bmc_sec_progress_status, err,
388 				err < 0 || rsu_start_done(doorbell_reg, progress, status),
389 				NIOS_HANDSHAKE_INTERVAL_US,
390 				NIOS_HANDSHAKE_TIMEOUT_US,
391 				false,
392 				sec, &doorbell_reg, &progress, &status);
393 
394 	if (ret == -ETIMEDOUT) {
395 		log_error_regs(sec, doorbell_reg);
396 		return FW_UPLOAD_ERR_TIMEOUT;
397 	} else if (err) {
398 		return FW_UPLOAD_ERR_RW_ERROR;
399 	}
400 
401 	if (status == RSU_STAT_WEAROUT) {
402 		dev_warn(sec->dev, "Excessive flash update count detected\n");
403 		return FW_UPLOAD_ERR_WEAROUT;
404 	} else if (status == RSU_STAT_ERASE_FAIL) {
405 		log_error_regs(sec, doorbell_reg);
406 		return FW_UPLOAD_ERR_HW_ERROR;
407 	}
408 
409 	return FW_UPLOAD_ERR_NONE;
410 }
411 
rsu_prog_ready(struct m10bmc_sec * sec)412 static enum fw_upload_err rsu_prog_ready(struct m10bmc_sec *sec)
413 {
414 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
415 	unsigned long poll_timeout;
416 	u32 doorbell, progress;
417 	int ret;
418 
419 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
420 	if (ret)
421 		return FW_UPLOAD_ERR_RW_ERROR;
422 
423 	poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS);
424 	while (rsu_prog(doorbell) == RSU_PROG_PREPARE) {
425 		msleep(RSU_PREP_INTERVAL_MS);
426 		if (time_after(jiffies, poll_timeout))
427 			break;
428 
429 		ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
430 		if (ret)
431 			return FW_UPLOAD_ERR_RW_ERROR;
432 	}
433 
434 	progress = rsu_prog(doorbell);
435 	if (progress == RSU_PROG_PREPARE) {
436 		log_error_regs(sec, doorbell);
437 		return FW_UPLOAD_ERR_TIMEOUT;
438 	} else if (progress != RSU_PROG_READY) {
439 		log_error_regs(sec, doorbell);
440 		return FW_UPLOAD_ERR_HW_ERROR;
441 	}
442 
443 	return FW_UPLOAD_ERR_NONE;
444 }
445 
rsu_send_data(struct m10bmc_sec * sec)446 static enum fw_upload_err rsu_send_data(struct m10bmc_sec *sec)
447 {
448 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
449 	u32 doorbell_reg, status;
450 	int ret;
451 
452 	ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
453 				     DRBL_HOST_STATUS,
454 				     FIELD_PREP(DRBL_HOST_STATUS,
455 						HOST_STATUS_WRITE_DONE));
456 	if (ret)
457 		return FW_UPLOAD_ERR_RW_ERROR;
458 
459 	ret = regmap_read_poll_timeout(sec->m10bmc->regmap,
460 				       csr_map->base + csr_map->doorbell,
461 				       doorbell_reg,
462 				       rsu_prog(doorbell_reg) != RSU_PROG_READY,
463 				       NIOS_HANDSHAKE_INTERVAL_US,
464 				       NIOS_HANDSHAKE_TIMEOUT_US);
465 
466 	if (ret == -ETIMEDOUT) {
467 		log_error_regs(sec, doorbell_reg);
468 		return FW_UPLOAD_ERR_TIMEOUT;
469 	} else if (ret) {
470 		return FW_UPLOAD_ERR_RW_ERROR;
471 	}
472 
473 	ret = sec->ops->rsu_status(sec);
474 	if (ret < 0)
475 		return FW_UPLOAD_ERR_HW_ERROR;
476 	status = ret;
477 
478 	if (!rsu_status_ok(status)) {
479 		log_error_regs(sec, doorbell_reg);
480 		return FW_UPLOAD_ERR_HW_ERROR;
481 	}
482 
483 	return FW_UPLOAD_ERR_NONE;
484 }
485 
rsu_check_complete(struct m10bmc_sec * sec,u32 * doorbell_reg)486 static int rsu_check_complete(struct m10bmc_sec *sec, u32 *doorbell_reg)
487 {
488 	u32 progress, status;
489 
490 	if (m10bmc_sec_progress_status(sec, doorbell_reg, &progress, &status))
491 		return -EIO;
492 
493 	if (!rsu_status_ok(status))
494 		return -EINVAL;
495 
496 	if (rsu_progress_done(progress))
497 		return 0;
498 
499 	if (rsu_progress_busy(progress))
500 		return -EAGAIN;
501 
502 	return -EINVAL;
503 }
504 
rsu_cancel(struct m10bmc_sec * sec)505 static enum fw_upload_err rsu_cancel(struct m10bmc_sec *sec)
506 {
507 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
508 	u32 doorbell;
509 	int ret;
510 
511 	ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
512 	if (ret)
513 		return FW_UPLOAD_ERR_RW_ERROR;
514 
515 	if (rsu_prog(doorbell) != RSU_PROG_READY)
516 		return FW_UPLOAD_ERR_BUSY;
517 
518 	ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
519 				     DRBL_HOST_STATUS,
520 				     FIELD_PREP(DRBL_HOST_STATUS,
521 						HOST_STATUS_ABORT_RSU));
522 	if (ret)
523 		return FW_UPLOAD_ERR_RW_ERROR;
524 
525 	return FW_UPLOAD_ERR_CANCELED;
526 }
527 
m10bmc_sec_prepare(struct fw_upload * fwl,const u8 * data,u32 size)528 static enum fw_upload_err m10bmc_sec_prepare(struct fw_upload *fwl,
529 					     const u8 *data, u32 size)
530 {
531 	struct m10bmc_sec *sec = fwl->dd_handle;
532 	u32 ret;
533 
534 	sec->cancel_request = false;
535 
536 	if (!size || size > M10BMC_STAGING_SIZE)
537 		return FW_UPLOAD_ERR_INVALID_SIZE;
538 
539 	if (sec->m10bmc->flash_bulk_ops)
540 		if (sec->m10bmc->flash_bulk_ops->lock_write(sec->m10bmc))
541 			return FW_UPLOAD_ERR_BUSY;
542 
543 	ret = rsu_check_idle(sec);
544 	if (ret != FW_UPLOAD_ERR_NONE)
545 		goto unlock_flash;
546 
547 	m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_PREPARE);
548 
549 	ret = rsu_update_init(sec);
550 	if (ret != FW_UPLOAD_ERR_NONE)
551 		goto fw_state_exit;
552 
553 	ret = rsu_prog_ready(sec);
554 	if (ret != FW_UPLOAD_ERR_NONE)
555 		goto fw_state_exit;
556 
557 	if (sec->cancel_request) {
558 		ret = rsu_cancel(sec);
559 		goto fw_state_exit;
560 	}
561 
562 	m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_WRITE);
563 
564 	return FW_UPLOAD_ERR_NONE;
565 
566 fw_state_exit:
567 	m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_NORMAL);
568 
569 unlock_flash:
570 	if (sec->m10bmc->flash_bulk_ops)
571 		sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc);
572 	return ret;
573 }
574 
575 #define WRITE_BLOCK_SIZE 0x4000	/* Default write-block size is 0x4000 bytes */
576 
m10bmc_sec_fw_write(struct fw_upload * fwl,const u8 * data,u32 offset,u32 size,u32 * written)577 static enum fw_upload_err m10bmc_sec_fw_write(struct fw_upload *fwl, const u8 *data,
578 					      u32 offset, u32 size, u32 *written)
579 {
580 	struct m10bmc_sec *sec = fwl->dd_handle;
581 	const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
582 	struct intel_m10bmc *m10bmc = sec->m10bmc;
583 	u32 blk_size, doorbell;
584 	int ret;
585 
586 	if (sec->cancel_request)
587 		return rsu_cancel(sec);
588 
589 	ret = m10bmc_sys_read(m10bmc, csr_map->doorbell, &doorbell);
590 	if (ret) {
591 		return FW_UPLOAD_ERR_RW_ERROR;
592 	} else if (rsu_prog(doorbell) != RSU_PROG_READY) {
593 		log_error_regs(sec, doorbell);
594 		return FW_UPLOAD_ERR_HW_ERROR;
595 	}
596 
597 	WARN_ON_ONCE(WRITE_BLOCK_SIZE % regmap_get_reg_stride(m10bmc->regmap));
598 	blk_size = min_t(u32, WRITE_BLOCK_SIZE, size);
599 	ret = m10bmc_sec_write(sec, data, offset, blk_size);
600 	if (ret)
601 		return FW_UPLOAD_ERR_RW_ERROR;
602 
603 	*written = blk_size;
604 	return FW_UPLOAD_ERR_NONE;
605 }
606 
m10bmc_sec_poll_complete(struct fw_upload * fwl)607 static enum fw_upload_err m10bmc_sec_poll_complete(struct fw_upload *fwl)
608 {
609 	struct m10bmc_sec *sec = fwl->dd_handle;
610 	unsigned long poll_timeout;
611 	u32 doorbell, result;
612 	int ret;
613 
614 	if (sec->cancel_request)
615 		return rsu_cancel(sec);
616 
617 	m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_PROGRAM);
618 
619 	result = rsu_send_data(sec);
620 	if (result != FW_UPLOAD_ERR_NONE)
621 		return result;
622 
623 	poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS);
624 	do {
625 		msleep(RSU_COMPLETE_INTERVAL_MS);
626 		ret = rsu_check_complete(sec, &doorbell);
627 	} while (ret == -EAGAIN && !time_after(jiffies, poll_timeout));
628 
629 	if (ret == -EAGAIN) {
630 		log_error_regs(sec, doorbell);
631 		return FW_UPLOAD_ERR_TIMEOUT;
632 	} else if (ret == -EIO) {
633 		return FW_UPLOAD_ERR_RW_ERROR;
634 	} else if (ret) {
635 		log_error_regs(sec, doorbell);
636 		return FW_UPLOAD_ERR_HW_ERROR;
637 	}
638 
639 	return FW_UPLOAD_ERR_NONE;
640 }
641 
642 /*
643  * m10bmc_sec_cancel() may be called asynchronously with an on-going update.
644  * All other functions are called sequentially in a single thread. To avoid
645  * contention on register accesses, m10bmc_sec_cancel() must only update
646  * the cancel_request flag. Other functions will check this flag and handle
647  * the cancel request synchronously.
648  */
m10bmc_sec_cancel(struct fw_upload * fwl)649 static void m10bmc_sec_cancel(struct fw_upload *fwl)
650 {
651 	struct m10bmc_sec *sec = fwl->dd_handle;
652 
653 	sec->cancel_request = true;
654 }
655 
m10bmc_sec_cleanup(struct fw_upload * fwl)656 static void m10bmc_sec_cleanup(struct fw_upload *fwl)
657 {
658 	struct m10bmc_sec *sec = fwl->dd_handle;
659 
660 	(void)rsu_cancel(sec);
661 
662 	m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_NORMAL);
663 
664 	if (sec->m10bmc->flash_bulk_ops)
665 		sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc);
666 }
667 
668 static const struct fw_upload_ops m10bmc_ops = {
669 	.prepare = m10bmc_sec_prepare,
670 	.write = m10bmc_sec_fw_write,
671 	.poll_complete = m10bmc_sec_poll_complete,
672 	.cancel = m10bmc_sec_cancel,
673 	.cleanup = m10bmc_sec_cleanup,
674 };
675 
676 static const struct m10bmc_sec_ops m10sec_n3000_ops = {
677 	.rsu_status = m10bmc_sec_n3000_rsu_status,
678 };
679 
680 static const struct m10bmc_sec_ops m10sec_n6000_ops = {
681 	.rsu_status = m10bmc_sec_n6000_rsu_status,
682 };
683 
684 #define SEC_UPDATE_LEN_MAX 32
m10bmc_sec_probe(struct platform_device * pdev)685 static int m10bmc_sec_probe(struct platform_device *pdev)
686 {
687 	char buf[SEC_UPDATE_LEN_MAX];
688 	struct m10bmc_sec *sec;
689 	struct fw_upload *fwl;
690 	unsigned int len;
691 	int  ret;
692 
693 	sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL);
694 	if (!sec)
695 		return -ENOMEM;
696 
697 	sec->dev = &pdev->dev;
698 	sec->m10bmc = dev_get_drvdata(pdev->dev.parent);
699 	sec->ops = (struct m10bmc_sec_ops *)platform_get_device_id(pdev)->driver_data;
700 	dev_set_drvdata(&pdev->dev, sec);
701 
702 	ret = xa_alloc(&fw_upload_xa, &sec->fw_name_id, sec,
703 		       xa_limit_32b, GFP_KERNEL);
704 	if (ret)
705 		return ret;
706 
707 	len = scnprintf(buf, SEC_UPDATE_LEN_MAX, "secure-update%d",
708 			sec->fw_name_id);
709 	sec->fw_name = kmemdup_nul(buf, len, GFP_KERNEL);
710 	if (!sec->fw_name) {
711 		ret = -ENOMEM;
712 		goto fw_name_fail;
713 	}
714 
715 	fwl = firmware_upload_register(THIS_MODULE, sec->dev, sec->fw_name,
716 				       &m10bmc_ops, sec);
717 	if (IS_ERR(fwl)) {
718 		dev_err(sec->dev, "Firmware Upload driver failed to start\n");
719 		ret = PTR_ERR(fwl);
720 		goto fw_uploader_fail;
721 	}
722 
723 	sec->fwl = fwl;
724 	return 0;
725 
726 fw_uploader_fail:
727 	kfree(sec->fw_name);
728 fw_name_fail:
729 	xa_erase(&fw_upload_xa, sec->fw_name_id);
730 	return ret;
731 }
732 
m10bmc_sec_remove(struct platform_device * pdev)733 static int m10bmc_sec_remove(struct platform_device *pdev)
734 {
735 	struct m10bmc_sec *sec = dev_get_drvdata(&pdev->dev);
736 
737 	firmware_upload_unregister(sec->fwl);
738 	kfree(sec->fw_name);
739 	xa_erase(&fw_upload_xa, sec->fw_name_id);
740 
741 	return 0;
742 }
743 
744 static const struct platform_device_id intel_m10bmc_sec_ids[] = {
745 	{
746 		.name = "n3000bmc-sec-update",
747 		.driver_data = (kernel_ulong_t)&m10sec_n3000_ops,
748 	},
749 	{
750 		.name = "d5005bmc-sec-update",
751 		.driver_data = (kernel_ulong_t)&m10sec_n3000_ops,
752 	},
753 	{
754 		.name = "n6000bmc-sec-update",
755 		.driver_data = (kernel_ulong_t)&m10sec_n6000_ops,
756 	},
757 	{ }
758 };
759 MODULE_DEVICE_TABLE(platform, intel_m10bmc_sec_ids);
760 
761 static struct platform_driver intel_m10bmc_sec_driver = {
762 	.probe = m10bmc_sec_probe,
763 	.remove = m10bmc_sec_remove,
764 	.driver = {
765 		.name = "intel-m10bmc-sec-update",
766 		.dev_groups = m10bmc_sec_attr_groups,
767 	},
768 	.id_table = intel_m10bmc_sec_ids,
769 };
770 module_platform_driver(intel_m10bmc_sec_driver);
771 
772 MODULE_AUTHOR("Intel Corporation");
773 MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update");
774 MODULE_LICENSE("GPL");
775 MODULE_IMPORT_NS(INTEL_M10_BMC_CORE);
776