1 /*
2 * Freescale i.MX RNGC emulation
3 *
4 * Copyright (C) 2020 Martin Kaiser <martin@kaiser.cx>
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 *
9 * This driver provides the minimum functionality to initialize and seed
10 * an rngc and to read random numbers. The rngb that is found in imx25
11 * chipsets is also supported.
12 */
13
14 #include "qemu/osdep.h"
15 #include "qemu/main-loop.h"
16 #include "qemu/module.h"
17 #include "qemu/guest-random.h"
18 #include "hw/irq.h"
19 #include "hw/misc/imx_rngc.h"
20 #include "migration/vmstate.h"
21
22 #define RNGC_NAME "i.MX RNGC"
23
24 #define RNGC_VER_ID 0x00
25 #define RNGC_COMMAND 0x04
26 #define RNGC_CONTROL 0x08
27 #define RNGC_STATUS 0x0C
28 #define RNGC_FIFO 0x14
29
30 /* These version info are reported by the rngb in an imx258 chip. */
31 #define RNG_TYPE_RNGB 0x1
32 #define V_MAJ 0x2
33 #define V_MIN 0x40
34
35 #define RNGC_CMD_BIT_SW_RST 0x40
36 #define RNGC_CMD_BIT_CLR_ERR 0x20
37 #define RNGC_CMD_BIT_CLR_INT 0x10
38 #define RNGC_CMD_BIT_SEED 0x02
39 #define RNGC_CMD_BIT_SELF_TEST 0x01
40
41 #define RNGC_CTRL_BIT_MASK_ERR 0x40
42 #define RNGC_CTRL_BIT_MASK_DONE 0x20
43 #define RNGC_CTRL_BIT_AUTO_SEED 0x10
44
45 /* the current status for self-test and seed operations */
46 #define OP_IDLE 0
47 #define OP_RUN 1
48 #define OP_DONE 2
49
imx_rngc_read(void * opaque,hwaddr offset,unsigned size)50 static uint64_t imx_rngc_read(void *opaque, hwaddr offset, unsigned size)
51 {
52 IMXRNGCState *s = IMX_RNGC(opaque);
53 uint64_t val = 0;
54
55 switch (offset) {
56 case RNGC_VER_ID:
57 val |= RNG_TYPE_RNGB << 28 | V_MAJ << 8 | V_MIN;
58 break;
59
60 case RNGC_COMMAND:
61 if (s->op_seed == OP_RUN) {
62 val |= RNGC_CMD_BIT_SEED;
63 }
64 if (s->op_self_test == OP_RUN) {
65 val |= RNGC_CMD_BIT_SELF_TEST;
66 }
67 break;
68
69 case RNGC_CONTROL:
70 /*
71 * The CTL_ACC and VERIF_MODE bits are not supported yet.
72 * They read as 0.
73 */
74 val |= s->mask;
75 if (s->auto_seed) {
76 val |= RNGC_CTRL_BIT_AUTO_SEED;
77 }
78 /*
79 * We don't have an internal fifo like the real hardware.
80 * There's no need for strategy to handle fifo underflows.
81 * We return the FIFO_UFLOW_RESPONSE bits as 0.
82 */
83 break;
84
85 case RNGC_STATUS:
86 /*
87 * We never report any statistics test or self-test errors or any
88 * other errors. STAT_TEST_PF, ST_PF and ERROR are always 0.
89 */
90
91 /*
92 * We don't have an internal fifo, see above. Therefore, we
93 * report back the default fifo size (5 32-bit words) and
94 * indicate that our fifo is always full.
95 */
96 val |= 5 << 12 | 5 << 8;
97
98 /* We always have a new seed available. */
99 val |= 1 << 6;
100
101 if (s->op_seed == OP_DONE) {
102 val |= 1 << 5;
103 }
104 if (s->op_self_test == OP_DONE) {
105 val |= 1 << 4;
106 }
107 if (s->op_seed == OP_RUN || s->op_self_test == OP_RUN) {
108 /*
109 * We're busy if self-test is running or if we're
110 * seeding the prng.
111 */
112 val |= 1 << 1;
113 } else {
114 /*
115 * We're ready to provide secure random numbers whenever
116 * we're not busy.
117 */
118 val |= 1;
119 }
120 break;
121
122 case RNGC_FIFO:
123 qemu_guest_getrandom_nofail(&val, sizeof(val));
124 break;
125 }
126
127 return val;
128 }
129
imx_rngc_do_reset(IMXRNGCState * s)130 static void imx_rngc_do_reset(IMXRNGCState *s)
131 {
132 s->op_self_test = OP_IDLE;
133 s->op_seed = OP_IDLE;
134 s->mask = 0;
135 s->auto_seed = false;
136 }
137
imx_rngc_write(void * opaque,hwaddr offset,uint64_t value,unsigned size)138 static void imx_rngc_write(void *opaque, hwaddr offset, uint64_t value,
139 unsigned size)
140 {
141 IMXRNGCState *s = IMX_RNGC(opaque);
142
143 switch (offset) {
144 case RNGC_COMMAND:
145 if (value & RNGC_CMD_BIT_SW_RST) {
146 imx_rngc_do_reset(s);
147 }
148
149 /*
150 * For now, both CLR_ERR and CLR_INT clear the interrupt. We
151 * don't report any errors yet.
152 */
153 if (value & (RNGC_CMD_BIT_CLR_ERR | RNGC_CMD_BIT_CLR_INT)) {
154 qemu_irq_lower(s->irq);
155 }
156
157 if (value & RNGC_CMD_BIT_SEED) {
158 s->op_seed = OP_RUN;
159 qemu_bh_schedule(s->seed_bh);
160 }
161
162 if (value & RNGC_CMD_BIT_SELF_TEST) {
163 s->op_self_test = OP_RUN;
164 qemu_bh_schedule(s->self_test_bh);
165 }
166 break;
167
168 case RNGC_CONTROL:
169 /*
170 * The CTL_ACC and VERIF_MODE bits are not supported yet.
171 * We ignore them if they're set by the caller.
172 */
173
174 if (value & RNGC_CTRL_BIT_MASK_ERR) {
175 s->mask |= RNGC_CTRL_BIT_MASK_ERR;
176 } else {
177 s->mask &= ~RNGC_CTRL_BIT_MASK_ERR;
178 }
179
180 if (value & RNGC_CTRL_BIT_MASK_DONE) {
181 s->mask |= RNGC_CTRL_BIT_MASK_DONE;
182 } else {
183 s->mask &= ~RNGC_CTRL_BIT_MASK_DONE;
184 }
185
186 if (value & RNGC_CTRL_BIT_AUTO_SEED) {
187 s->auto_seed = true;
188 } else {
189 s->auto_seed = false;
190 }
191 break;
192 }
193 }
194
195 static const MemoryRegionOps imx_rngc_ops = {
196 .read = imx_rngc_read,
197 .write = imx_rngc_write,
198 .endianness = DEVICE_NATIVE_ENDIAN,
199 };
200
imx_rngc_self_test(void * opaque)201 static void imx_rngc_self_test(void *opaque)
202 {
203 IMXRNGCState *s = IMX_RNGC(opaque);
204
205 s->op_self_test = OP_DONE;
206 if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) {
207 qemu_irq_raise(s->irq);
208 }
209 }
210
imx_rngc_seed(void * opaque)211 static void imx_rngc_seed(void *opaque)
212 {
213 IMXRNGCState *s = IMX_RNGC(opaque);
214
215 s->op_seed = OP_DONE;
216 if (!(s->mask & RNGC_CTRL_BIT_MASK_DONE)) {
217 qemu_irq_raise(s->irq);
218 }
219 }
220
imx_rngc_realize(DeviceState * dev,Error ** errp)221 static void imx_rngc_realize(DeviceState *dev, Error **errp)
222 {
223 IMXRNGCState *s = IMX_RNGC(dev);
224 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
225
226 memory_region_init_io(&s->iomem, OBJECT(s), &imx_rngc_ops, s,
227 TYPE_IMX_RNGC, 0x1000);
228 sysbus_init_mmio(sbd, &s->iomem);
229
230 sysbus_init_irq(sbd, &s->irq);
231 s->self_test_bh = qemu_bh_new_guarded(imx_rngc_self_test, s,
232 &dev->mem_reentrancy_guard);
233 s->seed_bh = qemu_bh_new_guarded(imx_rngc_seed, s,
234 &dev->mem_reentrancy_guard);
235 }
236
imx_rngc_reset(DeviceState * dev)237 static void imx_rngc_reset(DeviceState *dev)
238 {
239 IMXRNGCState *s = IMX_RNGC(dev);
240
241 imx_rngc_do_reset(s);
242 }
243
244 static const VMStateDescription vmstate_imx_rngc = {
245 .name = RNGC_NAME,
246 .version_id = 1,
247 .minimum_version_id = 1,
248 .fields = (const VMStateField[]) {
249 VMSTATE_UINT8(op_self_test, IMXRNGCState),
250 VMSTATE_UINT8(op_seed, IMXRNGCState),
251 VMSTATE_UINT8(mask, IMXRNGCState),
252 VMSTATE_BOOL(auto_seed, IMXRNGCState),
253 VMSTATE_END_OF_LIST()
254 }
255 };
256
imx_rngc_class_init(ObjectClass * klass,void * data)257 static void imx_rngc_class_init(ObjectClass *klass, void *data)
258 {
259 DeviceClass *dc = DEVICE_CLASS(klass);
260
261 dc->realize = imx_rngc_realize;
262 device_class_set_legacy_reset(dc, imx_rngc_reset);
263 dc->desc = RNGC_NAME,
264 dc->vmsd = &vmstate_imx_rngc;
265 }
266
267 static const TypeInfo imx_rngc_info = {
268 .name = TYPE_IMX_RNGC,
269 .parent = TYPE_SYS_BUS_DEVICE,
270 .instance_size = sizeof(IMXRNGCState),
271 .class_init = imx_rngc_class_init,
272 };
273
imx_rngc_register_types(void)274 static void imx_rngc_register_types(void)
275 {
276 type_register_static(&imx_rngc_info);
277 }
278
279 type_init(imx_rngc_register_types)
280