1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Mellanox boot control driver 4 * 5 * This driver provides a sysfs interface for systems management 6 * software to manage reset-time actions. 7 * 8 * Copyright (C) 2019 Mellanox Technologies 9 */ 10 11 #include <linux/acpi.h> 12 #include <linux/arm-smccc.h> 13 #include <linux/delay.h> 14 #include <linux/iopoll.h> 15 #include <linux/module.h> 16 #include <linux/platform_device.h> 17 18 #include "mlxbf-bootctl.h" 19 20 #define MLXBF_BOOTCTL_SB_SECURE_MASK 0x03 21 #define MLXBF_BOOTCTL_SB_TEST_MASK 0x0c 22 23 #define MLXBF_SB_KEY_NUM 4 24 25 /* UUID used to probe ATF service. */ 26 static const char *mlxbf_bootctl_svc_uuid_str = 27 "89c036b4-e7d7-11e6-8797-001aca00bfc4"; 28 29 struct mlxbf_bootctl_name { 30 u32 value; 31 const char *name; 32 }; 33 34 static struct mlxbf_bootctl_name boot_names[] = { 35 { MLXBF_BOOTCTL_EXTERNAL, "external" }, 36 { MLXBF_BOOTCTL_EMMC, "emmc" }, 37 { MLNX_BOOTCTL_SWAP_EMMC, "swap_emmc" }, 38 { MLXBF_BOOTCTL_EMMC_LEGACY, "emmc_legacy" }, 39 { MLXBF_BOOTCTL_NONE, "none" }, 40 }; 41 42 static const char * const mlxbf_bootctl_lifecycle_states[] = { 43 [0] = "Production", 44 [1] = "GA Secured", 45 [2] = "GA Non-Secured", 46 [3] = "RMA", 47 }; 48 49 /* Log header format. */ 50 #define MLXBF_RSH_LOG_TYPE_MASK GENMASK_ULL(59, 56) 51 #define MLXBF_RSH_LOG_LEN_MASK GENMASK_ULL(54, 48) 52 #define MLXBF_RSH_LOG_LEVEL_MASK GENMASK_ULL(7, 0) 53 54 /* Log module ID and type (only MSG type in Linux driver for now). */ 55 #define MLXBF_RSH_LOG_TYPE_MSG 0x04ULL 56 57 /* Log ctl/data register offset. */ 58 #define MLXBF_RSH_SCRATCH_BUF_CTL_OFF 0 59 #define MLXBF_RSH_SCRATCH_BUF_DATA_OFF 0x10 60 61 /* Log message levels. */ 62 enum { 63 MLXBF_RSH_LOG_INFO, 64 MLXBF_RSH_LOG_WARN, 65 MLXBF_RSH_LOG_ERR, 66 MLXBF_RSH_LOG_ASSERT 67 }; 68 69 /* Mapped pointer for RSH_BOOT_FIFO_DATA and RSH_BOOT_FIFO_COUNT register. */ 70 static void __iomem *mlxbf_rsh_boot_data; 71 static void __iomem *mlxbf_rsh_boot_cnt; 72 73 /* Mapped pointer for rsh log semaphore/ctrl/data register. */ 74 static void __iomem *mlxbf_rsh_semaphore; 75 static void __iomem *mlxbf_rsh_scratch_buf_ctl; 76 static void __iomem *mlxbf_rsh_scratch_buf_data; 77 78 /* Rsh log levels. */ 79 static const char * const mlxbf_rsh_log_level[] = { 80 "INFO", "WARN", "ERR", "ASSERT"}; 81 82 /* ARM SMC call which is atomic and no need for lock. */ 83 static int mlxbf_bootctl_smc(unsigned int smc_op, int smc_arg) 84 { 85 struct arm_smccc_res res; 86 87 arm_smccc_smc(smc_op, smc_arg, 0, 0, 0, 0, 0, 0, &res); 88 89 return res.a0; 90 } 91 92 /* Return the action in integer or an error code. */ 93 static int mlxbf_bootctl_reset_action_to_val(const char *action) 94 { 95 int i; 96 97 for (i = 0; i < ARRAY_SIZE(boot_names); i++) 98 if (sysfs_streq(boot_names[i].name, action)) 99 return boot_names[i].value; 100 101 return -EINVAL; 102 } 103 104 /* Return the action in string. */ 105 static const char *mlxbf_bootctl_action_to_string(int action) 106 { 107 int i; 108 109 for (i = 0; i < ARRAY_SIZE(boot_names); i++) 110 if (boot_names[i].value == action) 111 return boot_names[i].name; 112 113 return "invalid action"; 114 } 115 116 static ssize_t post_reset_wdog_show(struct device *dev, 117 struct device_attribute *attr, char *buf) 118 { 119 int ret; 120 121 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_POST_RESET_WDOG, 0); 122 if (ret < 0) 123 return ret; 124 125 return sprintf(buf, "%d\n", ret); 126 } 127 128 static ssize_t post_reset_wdog_store(struct device *dev, 129 struct device_attribute *attr, 130 const char *buf, size_t count) 131 { 132 unsigned long value; 133 int ret; 134 135 ret = kstrtoul(buf, 10, &value); 136 if (ret) 137 return ret; 138 139 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_POST_RESET_WDOG, value); 140 if (ret < 0) 141 return ret; 142 143 return count; 144 } 145 146 static ssize_t mlxbf_bootctl_show(int smc_op, char *buf) 147 { 148 int action; 149 150 action = mlxbf_bootctl_smc(smc_op, 0); 151 if (action < 0) 152 return action; 153 154 return sprintf(buf, "%s\n", mlxbf_bootctl_action_to_string(action)); 155 } 156 157 static int mlxbf_bootctl_store(int smc_op, const char *buf, size_t count) 158 { 159 int ret, action; 160 161 action = mlxbf_bootctl_reset_action_to_val(buf); 162 if (action < 0) 163 return action; 164 165 ret = mlxbf_bootctl_smc(smc_op, action); 166 if (ret < 0) 167 return ret; 168 169 return count; 170 } 171 172 static ssize_t reset_action_show(struct device *dev, 173 struct device_attribute *attr, char *buf) 174 { 175 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_RESET_ACTION, buf); 176 } 177 178 static ssize_t reset_action_store(struct device *dev, 179 struct device_attribute *attr, 180 const char *buf, size_t count) 181 { 182 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_RESET_ACTION, buf, count); 183 } 184 185 static ssize_t second_reset_action_show(struct device *dev, 186 struct device_attribute *attr, 187 char *buf) 188 { 189 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_SECOND_RESET_ACTION, buf); 190 } 191 192 static ssize_t second_reset_action_store(struct device *dev, 193 struct device_attribute *attr, 194 const char *buf, size_t count) 195 { 196 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_SECOND_RESET_ACTION, buf, 197 count); 198 } 199 200 static ssize_t lifecycle_state_show(struct device *dev, 201 struct device_attribute *attr, char *buf) 202 { 203 int lc_state; 204 205 lc_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS, 206 MLXBF_BOOTCTL_FUSE_STATUS_LIFECYCLE); 207 if (lc_state < 0) 208 return lc_state; 209 210 lc_state &= 211 MLXBF_BOOTCTL_SB_TEST_MASK | MLXBF_BOOTCTL_SB_SECURE_MASK; 212 213 /* 214 * If the test bits are set, we specify that the current state may be 215 * due to using the test bits. 216 */ 217 if (lc_state & MLXBF_BOOTCTL_SB_TEST_MASK) { 218 lc_state &= MLXBF_BOOTCTL_SB_SECURE_MASK; 219 220 return sprintf(buf, "%s(test)\n", 221 mlxbf_bootctl_lifecycle_states[lc_state]); 222 } 223 224 return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]); 225 } 226 227 static ssize_t secure_boot_fuse_state_show(struct device *dev, 228 struct device_attribute *attr, 229 char *buf) 230 { 231 int burnt, valid, key, key_state, buf_len = 0, upper_key_used = 0; 232 const char *status; 233 234 key_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS, 235 MLXBF_BOOTCTL_FUSE_STATUS_KEYS); 236 if (key_state < 0) 237 return key_state; 238 239 /* 240 * key_state contains the bits for 4 Key versions, loaded from eFuses 241 * after a hard reset. Lower 4 bits are a thermometer code indicating 242 * key programming has started for key n (0000 = none, 0001 = version 0, 243 * 0011 = version 1, 0111 = version 2, 1111 = version 3). Upper 4 bits 244 * are a thermometer code indicating key programming has completed for 245 * key n (same encodings as the start bits). This allows for detection 246 * of an interruption in the programming process which has left the key 247 * partially programmed (and thus invalid). The process is to burn the 248 * eFuse for the new key start bit, burn the key eFuses, then burn the 249 * eFuse for the new key complete bit. 250 * 251 * For example 0000_0000: no key valid, 0001_0001: key version 0 valid, 252 * 0011_0011: key 1 version valid, 0011_0111: key version 2 started 253 * programming but did not complete, etc. The most recent key for which 254 * both start and complete bit is set is loaded. On soft reset, this 255 * register is not modified. 256 */ 257 for (key = MLXBF_SB_KEY_NUM - 1; key >= 0; key--) { 258 burnt = key_state & BIT(key); 259 valid = key_state & BIT(key + MLXBF_SB_KEY_NUM); 260 261 if (burnt && valid) 262 upper_key_used = 1; 263 264 if (upper_key_used) { 265 if (burnt) 266 status = valid ? "Used" : "Wasted"; 267 else 268 status = valid ? "Invalid" : "Skipped"; 269 } else { 270 if (burnt) 271 status = valid ? "InUse" : "Incomplete"; 272 else 273 status = valid ? "Invalid" : "Free"; 274 } 275 buf_len += sprintf(buf + buf_len, "%d:%s ", key, status); 276 } 277 buf_len += sprintf(buf + buf_len, "\n"); 278 279 return buf_len; 280 } 281 282 static ssize_t fw_reset_store(struct device *dev, 283 struct device_attribute *attr, 284 const char *buf, size_t count) 285 { 286 unsigned long key; 287 int err; 288 289 err = kstrtoul(buf, 16, &key); 290 if (err) 291 return err; 292 293 if (mlxbf_bootctl_smc(MLXBF_BOOTCTL_FW_RESET, key) < 0) 294 return -EINVAL; 295 296 return count; 297 } 298 299 /* Size(8-byte words) of the log buffer. */ 300 #define RSH_SCRATCH_BUF_CTL_IDX_MASK 0x7f 301 302 /* 100ms timeout */ 303 #define RSH_SCRATCH_BUF_POLL_TIMEOUT 100000 304 305 static int mlxbf_rsh_log_sem_lock(void) 306 { 307 unsigned long reg; 308 309 return readq_poll_timeout(mlxbf_rsh_semaphore, reg, !reg, 0, 310 RSH_SCRATCH_BUF_POLL_TIMEOUT); 311 } 312 313 static void mlxbf_rsh_log_sem_unlock(void) 314 { 315 writeq(0, mlxbf_rsh_semaphore); 316 } 317 318 static ssize_t rsh_log_store(struct device *dev, 319 struct device_attribute *attr, 320 const char *buf, size_t count) 321 { 322 int rc, idx, num, len, level = MLXBF_RSH_LOG_INFO; 323 size_t size = count; 324 u64 data; 325 326 if (!size) 327 return -EINVAL; 328 329 if (!mlxbf_rsh_semaphore || !mlxbf_rsh_scratch_buf_ctl) 330 return -EOPNOTSUPP; 331 332 /* Ignore line break at the end. */ 333 if (buf[size - 1] == '\n') 334 size--; 335 336 /* Check the message prefix. */ 337 for (idx = 0; idx < ARRAY_SIZE(mlxbf_rsh_log_level); idx++) { 338 len = strlen(mlxbf_rsh_log_level[idx]); 339 if (len + 1 < size && 340 !strncmp(buf, mlxbf_rsh_log_level[idx], len)) { 341 buf += len; 342 size -= len; 343 level = idx; 344 break; 345 } 346 } 347 348 /* Ignore leading spaces. */ 349 while (size > 0 && buf[0] == ' ') { 350 size--; 351 buf++; 352 } 353 354 /* Take the semaphore. */ 355 rc = mlxbf_rsh_log_sem_lock(); 356 if (rc) 357 return rc; 358 359 /* Calculate how many words are available. */ 360 idx = readq(mlxbf_rsh_scratch_buf_ctl); 361 num = min((int)DIV_ROUND_UP(size, sizeof(u64)), 362 RSH_SCRATCH_BUF_CTL_IDX_MASK - idx - 1); 363 if (num <= 0) 364 goto done; 365 366 /* Write Header. */ 367 data = FIELD_PREP(MLXBF_RSH_LOG_TYPE_MASK, MLXBF_RSH_LOG_TYPE_MSG); 368 data |= FIELD_PREP(MLXBF_RSH_LOG_LEN_MASK, num); 369 data |= FIELD_PREP(MLXBF_RSH_LOG_LEVEL_MASK, level); 370 writeq(data, mlxbf_rsh_scratch_buf_data); 371 372 /* Write message. */ 373 for (idx = 0; idx < num && size > 0; idx++) { 374 if (size < sizeof(u64)) { 375 data = 0; 376 memcpy(&data, buf, size); 377 size = 0; 378 } else { 379 memcpy(&data, buf, sizeof(u64)); 380 size -= sizeof(u64); 381 buf += sizeof(u64); 382 } 383 writeq(data, mlxbf_rsh_scratch_buf_data); 384 } 385 386 done: 387 /* Release the semaphore. */ 388 mlxbf_rsh_log_sem_unlock(); 389 390 /* Ignore the rest if no more space. */ 391 return count; 392 } 393 394 static DEVICE_ATTR_RW(post_reset_wdog); 395 static DEVICE_ATTR_RW(reset_action); 396 static DEVICE_ATTR_RW(second_reset_action); 397 static DEVICE_ATTR_RO(lifecycle_state); 398 static DEVICE_ATTR_RO(secure_boot_fuse_state); 399 static DEVICE_ATTR_WO(fw_reset); 400 static DEVICE_ATTR_WO(rsh_log); 401 402 static struct attribute *mlxbf_bootctl_attrs[] = { 403 &dev_attr_post_reset_wdog.attr, 404 &dev_attr_reset_action.attr, 405 &dev_attr_second_reset_action.attr, 406 &dev_attr_lifecycle_state.attr, 407 &dev_attr_secure_boot_fuse_state.attr, 408 &dev_attr_fw_reset.attr, 409 &dev_attr_rsh_log.attr, 410 NULL 411 }; 412 413 ATTRIBUTE_GROUPS(mlxbf_bootctl); 414 415 static const struct acpi_device_id mlxbf_bootctl_acpi_ids[] = { 416 {"MLNXBF04", 0}, 417 {} 418 }; 419 420 MODULE_DEVICE_TABLE(acpi, mlxbf_bootctl_acpi_ids); 421 422 static ssize_t mlxbf_bootctl_bootfifo_read(struct file *filp, 423 struct kobject *kobj, 424 struct bin_attribute *bin_attr, 425 char *buf, loff_t pos, 426 size_t count) 427 { 428 unsigned long timeout = msecs_to_jiffies(500); 429 unsigned long expire = jiffies + timeout; 430 u64 data, cnt = 0; 431 char *p = buf; 432 433 while (count >= sizeof(data)) { 434 /* Give up reading if no more data within 500ms. */ 435 if (!cnt) { 436 cnt = readq(mlxbf_rsh_boot_cnt); 437 if (!cnt) { 438 if (time_after(jiffies, expire)) 439 break; 440 usleep_range(10, 50); 441 continue; 442 } 443 } 444 445 data = readq(mlxbf_rsh_boot_data); 446 memcpy(p, &data, sizeof(data)); 447 count -= sizeof(data); 448 p += sizeof(data); 449 cnt--; 450 expire = jiffies + timeout; 451 } 452 453 return p - buf; 454 } 455 456 static struct bin_attribute mlxbf_bootctl_bootfifo_sysfs_attr = { 457 .attr = { .name = "bootfifo", .mode = 0400 }, 458 .read = mlxbf_bootctl_bootfifo_read, 459 }; 460 461 static bool mlxbf_bootctl_guid_match(const guid_t *guid, 462 const struct arm_smccc_res *res) 463 { 464 guid_t id = GUID_INIT(res->a0, res->a1, res->a1 >> 16, 465 res->a2, res->a2 >> 8, res->a2 >> 16, 466 res->a2 >> 24, res->a3, res->a3 >> 8, 467 res->a3 >> 16, res->a3 >> 24); 468 469 return guid_equal(guid, &id); 470 } 471 472 static int mlxbf_bootctl_probe(struct platform_device *pdev) 473 { 474 struct arm_smccc_res res = { 0 }; 475 void __iomem *reg; 476 guid_t guid; 477 int ret; 478 479 /* Map the resource of the bootfifo data register. */ 480 mlxbf_rsh_boot_data = devm_platform_ioremap_resource(pdev, 0); 481 if (IS_ERR(mlxbf_rsh_boot_data)) 482 return PTR_ERR(mlxbf_rsh_boot_data); 483 484 /* Map the resource of the bootfifo counter register. */ 485 mlxbf_rsh_boot_cnt = devm_platform_ioremap_resource(pdev, 1); 486 if (IS_ERR(mlxbf_rsh_boot_cnt)) 487 return PTR_ERR(mlxbf_rsh_boot_cnt); 488 489 /* Map the resource of the rshim semaphore register. */ 490 mlxbf_rsh_semaphore = devm_platform_ioremap_resource(pdev, 2); 491 if (IS_ERR(mlxbf_rsh_semaphore)) 492 return PTR_ERR(mlxbf_rsh_semaphore); 493 494 /* Map the resource of the scratch buffer (log) registers. */ 495 reg = devm_platform_ioremap_resource(pdev, 3); 496 if (IS_ERR(reg)) 497 return PTR_ERR(reg); 498 mlxbf_rsh_scratch_buf_ctl = reg + MLXBF_RSH_SCRATCH_BUF_CTL_OFF; 499 mlxbf_rsh_scratch_buf_data = reg + MLXBF_RSH_SCRATCH_BUF_DATA_OFF; 500 501 /* Ensure we have the UUID we expect for this service. */ 502 arm_smccc_smc(MLXBF_BOOTCTL_SIP_SVC_UID, 0, 0, 0, 0, 0, 0, 0, &res); 503 guid_parse(mlxbf_bootctl_svc_uuid_str, &guid); 504 if (!mlxbf_bootctl_guid_match(&guid, &res)) 505 return -ENODEV; 506 507 /* 508 * When watchdog is used, it sets boot mode to MLXBF_BOOTCTL_SWAP_EMMC 509 * in case of boot failures. However it doesn't clear the state if there 510 * is no failure. Restore the default boot mode here to avoid any 511 * unnecessary boot partition swapping. 512 */ 513 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_RESET_ACTION, 514 MLXBF_BOOTCTL_EMMC); 515 if (ret < 0) 516 dev_warn(&pdev->dev, "Unable to reset the EMMC boot mode\n"); 517 518 ret = sysfs_create_bin_file(&pdev->dev.kobj, 519 &mlxbf_bootctl_bootfifo_sysfs_attr); 520 if (ret) 521 pr_err("Unable to create bootfifo sysfs file, error %d\n", ret); 522 523 return ret; 524 } 525 526 static int mlxbf_bootctl_remove(struct platform_device *pdev) 527 { 528 sysfs_remove_bin_file(&pdev->dev.kobj, 529 &mlxbf_bootctl_bootfifo_sysfs_attr); 530 531 return 0; 532 } 533 534 static struct platform_driver mlxbf_bootctl_driver = { 535 .probe = mlxbf_bootctl_probe, 536 .remove = mlxbf_bootctl_remove, 537 .driver = { 538 .name = "mlxbf-bootctl", 539 .dev_groups = mlxbf_bootctl_groups, 540 .acpi_match_table = mlxbf_bootctl_acpi_ids, 541 } 542 }; 543 544 module_platform_driver(mlxbf_bootctl_driver); 545 546 MODULE_DESCRIPTION("Mellanox boot control driver"); 547 MODULE_LICENSE("GPL v2"); 548 MODULE_AUTHOR("Mellanox Technologies"); 549