xref: /openbmc/qemu/hw/misc/imx_rngc.c (revision c7b64948f8ae4142b65f644164d0678892fe223d)
1 /*
2  * Freescale i.MX RNGC emulation
3  *
4  * Copyright (C) 2020 Martin Kaiser <martin@kaiser.cx>
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or later.
7  * See the COPYING file in the top-level directory.
8  *
9  * This driver provides the minimum functionality to initialize and seed
10  * an rngc and to read random numbers. The rngb that is found in imx25
11  * chipsets is also supported.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/main-loop.h"
16 #include "qemu/module.h"
17 #include "qemu/guest-random.h"
18 #include "hw/irq.h"
19 #include "hw/misc/imx_rngc.h"
20 #include "migration/vmstate.h"
21 
22 #define RNGC_NAME "i.MX RNGC"
23 
24 #define RNGC_VER_ID  0x00
25 #define RNGC_COMMAND 0x04
26 #define RNGC_CONTROL 0x08
27 #define RNGC_STATUS  0x0C
28 #define RNGC_FIFO    0x14
29 
30 /* These version info are reported by the rngb in an imx258 chip. */
31 #define RNG_TYPE_RNGB 0x1
32 #define V_MAJ 0x2
33 #define V_MIN 0x40
34 
35 #define RNGC_CMD_BIT_SW_RST    0x40
36 #define RNGC_CMD_BIT_CLR_ERR   0x20
37 #define RNGC_CMD_BIT_CLR_INT   0x10
38 #define RNGC_CMD_BIT_SEED      0x02
39 #define RNGC_CMD_BIT_SELF_TEST 0x01
40 
41 #define RNGC_CTRL_BIT_MASK_ERR  0x40
42 #define RNGC_CTRL_BIT_MASK_DONE 0x20
43 #define RNGC_CTRL_BIT_AUTO_SEED 0x10
44 
45 /* the current status for self-test and seed operations */
46 #define OP_IDLE 0
47 #define OP_RUN  1
48 #define OP_DONE 2
49 
50 static uint64_t imx_rngc_read(void *opaque, hwaddr offset, unsigned size)
51 {
52     IMXRNGCState *s = IMX_RNGC(opaque);
53     uint64_t val = 0;
54 
55     switch (offset) {
56     case RNGC_VER_ID:
57         val |= RNG_TYPE_RNGB << 28 | V_MAJ << 8 | V_MIN;
58         break;
59 
60     case RNGC_COMMAND:
61         if (s->op_seed == OP_RUN) {
62             val |= RNGC_CMD_BIT_SEED;
63         }
64         if (s->op_self_test == OP_RUN) {
65             val |= RNGC_CMD_BIT_SELF_TEST;
66         }
67         break;
68 
69     case RNGC_CONTROL:
70         /*
71          * The CTL_ACC and VERIF_MODE bits are not supported yet.
72          * They read as 0.
73          */
74         val |= s->mask;
75         if (s->auto_seed) {
76             val |= RNGC_CTRL_BIT_AUTO_SEED;
77         }
78         /*
79          * We don't have an internal fifo like the real hardware.
80          * There's no need for strategy to handle fifo underflows.
81          * We return the FIFO_UFLOW_RESPONSE bits as 0.
82          */
83         break;
84 
85     case RNGC_STATUS:
86         /*
87          * We never report any statistics test or self-test errors or any
88          * other errors. STAT_TEST_PF, ST_PF and ERROR are always 0.
89          */
90 
91         /*
92          * We don't have an internal fifo, see above. Therefore, we
93          * report back the default fifo size (5 32-bit words) and
94          * indicate that our fifo is always full.
95          */
96         val |= 5 << 12 | 5 << 8;
97 
98         /* We always have a new seed available. */
99         val |= 1 << 6;
100 
101         if (s->op_seed == OP_DONE) {
102             val |= 1 << 5;
103         }
104         if (s->op_self_test == OP_DONE) {
105             val |= 1 << 4;
106         }
107         if (s->op_seed == OP_RUN || s->op_self_test == OP_RUN) {
108             /*
109              * We're busy if self-test is running or if we're
110              * seeding the prng.
111              */
112             val |= 1 << 1;
113         } else {
114             /*
115              * We're ready to provide secure random numbers whenever
116              * we're not busy.
117              */
118             val |= 1;
119         }
120         break;
121 
122     case RNGC_FIFO:
123         qemu_guest_getrandom_nofail(&val, sizeof(val));
124         break;
125     }
126 
127     return val;
128 }
129 
130 static void imx_rngc_do_reset(IMXRNGCState *s)
131 {
132     s->op_self_test = OP_IDLE;
133     s->op_seed = OP_IDLE;
134     s->mask = 0;
135     s->auto_seed = false;
136 }
137 
138 static void imx_rngc_write(void *opaque, hwaddr offset, uint64_t value,
139                            unsigned size)
140 {
141     IMXRNGCState *s = IMX_RNGC(opaque);
142 
143     switch (offset) {
144     case RNGC_COMMAND:
145         if (value & RNGC_CMD_BIT_SW_RST) {
146             imx_rngc_do_reset(s);
147         }
148 
149         /*
150          * For now, both CLR_ERR and CLR_INT clear the interrupt. We
151          * don't report any errors yet.
152          */
153         if (value & (RNGC_CMD_BIT_CLR_ERR | RNGC_CMD_BIT_CLR_INT)) {
154             qemu_irq_lower(s->irq);
155         }
156 
157         if (value & RNGC_CMD_BIT_SEED) {
158             s->op_seed = OP_RUN;
159             qemu_bh_schedule(s->seed_bh);
160         }
161 
162         if (value & RNGC_CMD_BIT_SELF_TEST) {
163             s->op_self_test = OP_RUN;
164             qemu_bh_schedule(s->self_test_bh);
165         }
166         break;
167 
168     case RNGC_CONTROL:
169         /*
170          * The CTL_ACC and VERIF_MODE bits are not supported yet.
171          * We ignore them if they're set by the caller.
172          */
173 
174         if (value & RNGC_CTRL_BIT_MASK_ERR) {
175             s->mask |= RNGC_CTRL_BIT_MASK_ERR;
176         } else {
177             s->mask &= ~RNGC_CTRL_BIT_MASK_ERR;
178         }
179 
180         if (value & RNGC_CTRL_BIT_MASK_DONE) {
181             s->mask |= RNGC_CTRL_BIT_MASK_DONE;
182         } else {
183             s->mask &= ~RNGC_CTRL_BIT_MASK_DONE;
184         }
185 
186         if (value & RNGC_CTRL_BIT_AUTO_SEED) {
187             s->auto_seed = true;
188         } else {
189             s->auto_seed = false;
190         }
191         break;
192     }
193 }
194 
195 static const MemoryRegionOps imx_rngc_ops = {
196     .read  = imx_rngc_read,
197     .write = imx_rngc_write,
198     .endianness = DEVICE_NATIVE_ENDIAN,
199 };
200 
201 static void imx_rngc_self_test(void *opaque)
202 {
203     IMXRNGCState *s = IMX_RNGC(opaque);
204 
205     s->op_self_test = OP_DONE;
206     if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) {
207         qemu_irq_raise(s->irq);
208     }
209 }
210 
211 static void imx_rngc_seed(void *opaque)
212 {
213     IMXRNGCState *s = IMX_RNGC(opaque);
214 
215     s->op_seed = OP_DONE;
216     if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) {
217         qemu_irq_raise(s->irq);
218     }
219 }
220 
221 static void imx_rngc_realize(DeviceState *dev, Error **errp)
222 {
223     IMXRNGCState *s = IMX_RNGC(dev);
224     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
225 
226     memory_region_init_io(&s->iomem, OBJECT(s), &imx_rngc_ops, s,
227                           TYPE_IMX_RNGC, 0x1000);
228     sysbus_init_mmio(sbd, &s->iomem);
229 
230     sysbus_init_irq(sbd, &s->irq);
231     s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s,
232                                           &dev->mem_reentrancy_guard);
233     s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s,
234                                      &dev->mem_reentrancy_guard);
235 }
236 
237 static void imx_rngc_reset(DeviceState *dev)
238 {
239     IMXRNGCState *s = IMX_RNGC(dev);
240 
241     imx_rngc_do_reset(s);
242 }
243 
244 static const VMStateDescription vmstate_imx_rngc = {
245     .name = RNGC_NAME,
246     .version_id = 1,
247     .minimum_version_id = 1,
248     .fields = (VMStateField[]) {
249         VMSTATE_UINT8(op_self_test, IMXRNGCState),
250         VMSTATE_UINT8(op_seed, IMXRNGCState),
251         VMSTATE_UINT8(mask, IMXRNGCState),
252         VMSTATE_BOOL(auto_seed, IMXRNGCState),
253         VMSTATE_END_OF_LIST()
254     }
255 };
256 
257 static void imx_rngc_class_init(ObjectClass *klass, void *data)
258 {
259     DeviceClass *dc = DEVICE_CLASS(klass);
260 
261     dc->realize = imx_rngc_realize;
262     dc->reset = imx_rngc_reset;
263     dc->desc = RNGC_NAME,
264     dc->vmsd = &vmstate_imx_rngc;
265 }
266 
267 static const TypeInfo imx_rngc_info = {
268     .name          = TYPE_IMX_RNGC,
269     .parent        = TYPE_SYS_BUS_DEVICE,
270     .instance_size = sizeof(IMXRNGCState),
271     .class_init    = imx_rngc_class_init,
272 };
273 
274 static void imx_rngc_register_types(void)
275 {
276     type_register_static(&imx_rngc_info);
277 }
278 
279 type_init(imx_rngc_register_types)
280