1 /* 2 * Freescale i.MX RNGC emulation 3 * 4 * Copyright (C) 2020 Martin Kaiser <martin@kaiser.cx> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 * 9 * This driver provides the minimum functionality to initialize and seed 10 * an rngc and to read random numbers. The rngb that is found in imx25 11 * chipsets is also supported. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/main-loop.h" 16 #include "qemu/module.h" 17 #include "qemu/guest-random.h" 18 #include "hw/irq.h" 19 #include "hw/misc/imx_rngc.h" 20 #include "migration/vmstate.h" 21 22 #define RNGC_NAME "i.MX RNGC" 23 24 #define RNGC_VER_ID 0x00 25 #define RNGC_COMMAND 0x04 26 #define RNGC_CONTROL 0x08 27 #define RNGC_STATUS 0x0C 28 #define RNGC_FIFO 0x14 29 30 /* These version info are reported by the rngb in an imx258 chip. */ 31 #define RNG_TYPE_RNGB 0x1 32 #define V_MAJ 0x2 33 #define V_MIN 0x40 34 35 #define RNGC_CMD_BIT_SW_RST 0x40 36 #define RNGC_CMD_BIT_CLR_ERR 0x20 37 #define RNGC_CMD_BIT_CLR_INT 0x10 38 #define RNGC_CMD_BIT_SEED 0x02 39 #define RNGC_CMD_BIT_SELF_TEST 0x01 40 41 #define RNGC_CTRL_BIT_MASK_ERR 0x40 42 #define RNGC_CTRL_BIT_MASK_DONE 0x20 43 #define RNGC_CTRL_BIT_AUTO_SEED 0x10 44 45 /* the current status for self-test and seed operations */ 46 #define OP_IDLE 0 47 #define OP_RUN 1 48 #define OP_DONE 2 49 50 static uint64_t imx_rngc_read(void *opaque, hwaddr offset, unsigned size) 51 { 52 IMXRNGCState *s = IMX_RNGC(opaque); 53 uint64_t val = 0; 54 55 switch (offset) { 56 case RNGC_VER_ID: 57 val |= RNG_TYPE_RNGB << 28 | V_MAJ << 8 | V_MIN; 58 break; 59 60 case RNGC_COMMAND: 61 if (s->op_seed == OP_RUN) { 62 val |= RNGC_CMD_BIT_SEED; 63 } 64 if (s->op_self_test == OP_RUN) { 65 val |= RNGC_CMD_BIT_SELF_TEST; 66 } 67 break; 68 69 case RNGC_CONTROL: 70 /* 71 * The CTL_ACC and VERIF_MODE bits are not supported yet. 72 * They read as 0. 73 */ 74 val |= s->mask; 75 if (s->auto_seed) { 76 val |= RNGC_CTRL_BIT_AUTO_SEED; 77 } 78 /* 79 * We don't have an internal fifo like the real hardware. 80 * There's no need for strategy to handle fifo underflows. 81 * We return the FIFO_UFLOW_RESPONSE bits as 0. 82 */ 83 break; 84 85 case RNGC_STATUS: 86 /* 87 * We never report any statistics test or self-test errors or any 88 * other errors. STAT_TEST_PF, ST_PF and ERROR are always 0. 89 */ 90 91 /* 92 * We don't have an internal fifo, see above. Therefore, we 93 * report back the default fifo size (5 32-bit words) and 94 * indicate that our fifo is always full. 95 */ 96 val |= 5 << 12 | 5 << 8; 97 98 /* We always have a new seed available. */ 99 val |= 1 << 6; 100 101 if (s->op_seed == OP_DONE) { 102 val |= 1 << 5; 103 } 104 if (s->op_self_test == OP_DONE) { 105 val |= 1 << 4; 106 } 107 if (s->op_seed == OP_RUN || s->op_self_test == OP_RUN) { 108 /* 109 * We're busy if self-test is running or if we're 110 * seeding the prng. 111 */ 112 val |= 1 << 1; 113 } else { 114 /* 115 * We're ready to provide secure random numbers whenever 116 * we're not busy. 117 */ 118 val |= 1; 119 } 120 break; 121 122 case RNGC_FIFO: 123 qemu_guest_getrandom_nofail(&val, sizeof(val)); 124 break; 125 } 126 127 return val; 128 } 129 130 static void imx_rngc_do_reset(IMXRNGCState *s) 131 { 132 s->op_self_test = OP_IDLE; 133 s->op_seed = OP_IDLE; 134 s->mask = 0; 135 s->auto_seed = false; 136 } 137 138 static void imx_rngc_write(void *opaque, hwaddr offset, uint64_t value, 139 unsigned size) 140 { 141 IMXRNGCState *s = IMX_RNGC(opaque); 142 143 switch (offset) { 144 case RNGC_COMMAND: 145 if (value & RNGC_CMD_BIT_SW_RST) { 146 imx_rngc_do_reset(s); 147 } 148 149 /* 150 * For now, both CLR_ERR and CLR_INT clear the interrupt. We 151 * don't report any errors yet. 152 */ 153 if (value & (RNGC_CMD_BIT_CLR_ERR | RNGC_CMD_BIT_CLR_INT)) { 154 qemu_irq_lower(s->irq); 155 } 156 157 if (value & RNGC_CMD_BIT_SEED) { 158 s->op_seed = OP_RUN; 159 qemu_bh_schedule(s->seed_bh); 160 } 161 162 if (value & RNGC_CMD_BIT_SELF_TEST) { 163 s->op_self_test = OP_RUN; 164 qemu_bh_schedule(s->self_test_bh); 165 } 166 break; 167 168 case RNGC_CONTROL: 169 /* 170 * The CTL_ACC and VERIF_MODE bits are not supported yet. 171 * We ignore them if they're set by the caller. 172 */ 173 174 if (value & RNGC_CTRL_BIT_MASK_ERR) { 175 s->mask |= RNGC_CTRL_BIT_MASK_ERR; 176 } else { 177 s->mask &= ~RNGC_CTRL_BIT_MASK_ERR; 178 } 179 180 if (value & RNGC_CTRL_BIT_MASK_DONE) { 181 s->mask |= RNGC_CTRL_BIT_MASK_DONE; 182 } else { 183 s->mask &= ~RNGC_CTRL_BIT_MASK_DONE; 184 } 185 186 if (value & RNGC_CTRL_BIT_AUTO_SEED) { 187 s->auto_seed = true; 188 } else { 189 s->auto_seed = false; 190 } 191 break; 192 } 193 } 194 195 static const MemoryRegionOps imx_rngc_ops = { 196 .read = imx_rngc_read, 197 .write = imx_rngc_write, 198 .endianness = DEVICE_NATIVE_ENDIAN, 199 }; 200 201 static void imx_rngc_self_test(void *opaque) 202 { 203 IMXRNGCState *s = IMX_RNGC(opaque); 204 205 s->op_self_test = OP_DONE; 206 if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) { 207 qemu_irq_raise(s->irq); 208 } 209 } 210 211 static void imx_rngc_seed(void *opaque) 212 { 213 IMXRNGCState *s = IMX_RNGC(opaque); 214 215 s->op_seed = OP_DONE; 216 if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) { 217 qemu_irq_raise(s->irq); 218 } 219 } 220 221 static void imx_rngc_realize(DeviceState *dev, Error **errp) 222 { 223 IMXRNGCState *s = IMX_RNGC(dev); 224 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 225 226 memory_region_init_io(&s->iomem, OBJECT(s), &imx_rngc_ops, s, 227 TYPE_IMX_RNGC, 0x1000); 228 sysbus_init_mmio(sbd, &s->iomem); 229 230 sysbus_init_irq(sbd, &s->irq); 231 s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s, 232 &dev->mem_reentrancy_guard); 233 s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s, 234 &dev->mem_reentrancy_guard); 235 } 236 237 static void imx_rngc_reset(DeviceState *dev) 238 { 239 IMXRNGCState *s = IMX_RNGC(dev); 240 241 imx_rngc_do_reset(s); 242 } 243 244 static const VMStateDescription vmstate_imx_rngc = { 245 .name = RNGC_NAME, 246 .version_id = 1, 247 .minimum_version_id = 1, 248 .fields = (const VMStateField[]) { 249 VMSTATE_UINT8(op_self_test, IMXRNGCState), 250 VMSTATE_UINT8(op_seed, IMXRNGCState), 251 VMSTATE_UINT8(mask, IMXRNGCState), 252 VMSTATE_BOOL(auto_seed, IMXRNGCState), 253 VMSTATE_END_OF_LIST() 254 } 255 }; 256 257 static void imx_rngc_class_init(ObjectClass *klass, void *data) 258 { 259 DeviceClass *dc = DEVICE_CLASS(klass); 260 261 dc->realize = imx_rngc_realize; 262 device_class_set_legacy_reset(dc, imx_rngc_reset); 263 dc->desc = RNGC_NAME, 264 dc->vmsd = &vmstate_imx_rngc; 265 } 266 267 static const TypeInfo imx_rngc_info = { 268 .name = TYPE_IMX_RNGC, 269 .parent = TYPE_SYS_BUS_DEVICE, 270 .instance_size = sizeof(IMXRNGCState), 271 .class_init = imx_rngc_class_init, 272 }; 273 274 static void imx_rngc_register_types(void) 275 { 276 type_register_static(&imx_rngc_info); 277 } 278 279 type_init(imx_rngc_register_types) 280