1 /*
2  * QEMU model of the Versal eFuse controller
3  *
4  * Copyright (c) 2020 Xilinx Inc.
5  * Copyright (c) 2023 Advanced Micro Devices, Inc.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "hw/nvram/xlnx-versal-efuse.h"
28 
29 #include "qemu/log.h"
30 #include "qapi/error.h"
31 #include "migration/vmstate.h"
32 #include "hw/qdev-properties.h"
33 
34 #ifndef XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG
35 #define XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG 0
36 #endif
37 
38 REG32(WR_LOCK, 0x0)
39     FIELD(WR_LOCK, LOCK, 0, 16)
40 REG32(CFG, 0x4)
41     FIELD(CFG, SLVERR_ENABLE, 5, 1)
42     FIELD(CFG, MARGIN_RD, 2, 1)
43     FIELD(CFG, PGM_EN, 1, 1)
44 REG32(STATUS, 0x8)
45     FIELD(STATUS, AES_USER_KEY_1_CRC_PASS, 11, 1)
46     FIELD(STATUS, AES_USER_KEY_1_CRC_DONE, 10, 1)
47     FIELD(STATUS, AES_USER_KEY_0_CRC_PASS, 9, 1)
48     FIELD(STATUS, AES_USER_KEY_0_CRC_DONE, 8, 1)
49     FIELD(STATUS, AES_CRC_PASS, 7, 1)
50     FIELD(STATUS, AES_CRC_DONE, 6, 1)
51     FIELD(STATUS, CACHE_DONE, 5, 1)
52     FIELD(STATUS, CACHE_LOAD, 4, 1)
53     FIELD(STATUS, EFUSE_2_TBIT, 2, 1)
54     FIELD(STATUS, EFUSE_1_TBIT, 1, 1)
55     FIELD(STATUS, EFUSE_0_TBIT, 0, 1)
56 REG32(EFUSE_PGM_ADDR, 0xc)
57     FIELD(EFUSE_PGM_ADDR, PAGE, 13, 4)
58     FIELD(EFUSE_PGM_ADDR, ROW, 5, 8)
59     FIELD(EFUSE_PGM_ADDR, COLUMN, 0, 5)
60 REG32(EFUSE_RD_ADDR, 0x10)
61     FIELD(EFUSE_RD_ADDR, PAGE, 13, 4)
62     FIELD(EFUSE_RD_ADDR, ROW, 5, 8)
63 REG32(EFUSE_RD_DATA, 0x14)
64 REG32(TPGM, 0x18)
65     FIELD(TPGM, VALUE, 0, 16)
66 REG32(TRD, 0x1c)
67     FIELD(TRD, VALUE, 0, 8)
68 REG32(TSU_H_PS, 0x20)
69     FIELD(TSU_H_PS, VALUE, 0, 8)
70 REG32(TSU_H_PS_CS, 0x24)
71     FIELD(TSU_H_PS_CS, VALUE, 0, 8)
72 REG32(TRDM, 0x28)
73     FIELD(TRDM, VALUE, 0, 8)
74 REG32(TSU_H_CS, 0x2c)
75     FIELD(TSU_H_CS, VALUE, 0, 8)
76 REG32(EFUSE_ISR, 0x30)
77     FIELD(EFUSE_ISR, APB_SLVERR, 31, 1)
78     FIELD(EFUSE_ISR, CACHE_PARITY_E2, 14, 1)
79     FIELD(EFUSE_ISR, CACHE_PARITY_E1, 13, 1)
80     FIELD(EFUSE_ISR, CACHE_PARITY_E0S, 12, 1)
81     FIELD(EFUSE_ISR, CACHE_PARITY_E0R, 11, 1)
82     FIELD(EFUSE_ISR, CACHE_APB_SLVERR, 10, 1)
83     FIELD(EFUSE_ISR, CACHE_REQ_ERROR, 9, 1)
84     FIELD(EFUSE_ISR, MAIN_REQ_ERROR, 8, 1)
85     FIELD(EFUSE_ISR, READ_ON_CACHE_LD, 7, 1)
86     FIELD(EFUSE_ISR, CACHE_FSM_ERROR, 6, 1)
87     FIELD(EFUSE_ISR, MAIN_FSM_ERROR, 5, 1)
88     FIELD(EFUSE_ISR, CACHE_ERROR, 4, 1)
89     FIELD(EFUSE_ISR, RD_ERROR, 3, 1)
90     FIELD(EFUSE_ISR, RD_DONE, 2, 1)
91     FIELD(EFUSE_ISR, PGM_ERROR, 1, 1)
92     FIELD(EFUSE_ISR, PGM_DONE, 0, 1)
93 REG32(EFUSE_IMR, 0x34)
94     FIELD(EFUSE_IMR, APB_SLVERR, 31, 1)
95     FIELD(EFUSE_IMR, CACHE_PARITY_E2, 14, 1)
96     FIELD(EFUSE_IMR, CACHE_PARITY_E1, 13, 1)
97     FIELD(EFUSE_IMR, CACHE_PARITY_E0S, 12, 1)
98     FIELD(EFUSE_IMR, CACHE_PARITY_E0R, 11, 1)
99     FIELD(EFUSE_IMR, CACHE_APB_SLVERR, 10, 1)
100     FIELD(EFUSE_IMR, CACHE_REQ_ERROR, 9, 1)
101     FIELD(EFUSE_IMR, MAIN_REQ_ERROR, 8, 1)
102     FIELD(EFUSE_IMR, READ_ON_CACHE_LD, 7, 1)
103     FIELD(EFUSE_IMR, CACHE_FSM_ERROR, 6, 1)
104     FIELD(EFUSE_IMR, MAIN_FSM_ERROR, 5, 1)
105     FIELD(EFUSE_IMR, CACHE_ERROR, 4, 1)
106     FIELD(EFUSE_IMR, RD_ERROR, 3, 1)
107     FIELD(EFUSE_IMR, RD_DONE, 2, 1)
108     FIELD(EFUSE_IMR, PGM_ERROR, 1, 1)
109     FIELD(EFUSE_IMR, PGM_DONE, 0, 1)
110 REG32(EFUSE_IER, 0x38)
111     FIELD(EFUSE_IER, APB_SLVERR, 31, 1)
112     FIELD(EFUSE_IER, CACHE_PARITY_E2, 14, 1)
113     FIELD(EFUSE_IER, CACHE_PARITY_E1, 13, 1)
114     FIELD(EFUSE_IER, CACHE_PARITY_E0S, 12, 1)
115     FIELD(EFUSE_IER, CACHE_PARITY_E0R, 11, 1)
116     FIELD(EFUSE_IER, CACHE_APB_SLVERR, 10, 1)
117     FIELD(EFUSE_IER, CACHE_REQ_ERROR, 9, 1)
118     FIELD(EFUSE_IER, MAIN_REQ_ERROR, 8, 1)
119     FIELD(EFUSE_IER, READ_ON_CACHE_LD, 7, 1)
120     FIELD(EFUSE_IER, CACHE_FSM_ERROR, 6, 1)
121     FIELD(EFUSE_IER, MAIN_FSM_ERROR, 5, 1)
122     FIELD(EFUSE_IER, CACHE_ERROR, 4, 1)
123     FIELD(EFUSE_IER, RD_ERROR, 3, 1)
124     FIELD(EFUSE_IER, RD_DONE, 2, 1)
125     FIELD(EFUSE_IER, PGM_ERROR, 1, 1)
126     FIELD(EFUSE_IER, PGM_DONE, 0, 1)
127 REG32(EFUSE_IDR, 0x3c)
128     FIELD(EFUSE_IDR, APB_SLVERR, 31, 1)
129     FIELD(EFUSE_IDR, CACHE_PARITY_E2, 14, 1)
130     FIELD(EFUSE_IDR, CACHE_PARITY_E1, 13, 1)
131     FIELD(EFUSE_IDR, CACHE_PARITY_E0S, 12, 1)
132     FIELD(EFUSE_IDR, CACHE_PARITY_E0R, 11, 1)
133     FIELD(EFUSE_IDR, CACHE_APB_SLVERR, 10, 1)
134     FIELD(EFUSE_IDR, CACHE_REQ_ERROR, 9, 1)
135     FIELD(EFUSE_IDR, MAIN_REQ_ERROR, 8, 1)
136     FIELD(EFUSE_IDR, READ_ON_CACHE_LD, 7, 1)
137     FIELD(EFUSE_IDR, CACHE_FSM_ERROR, 6, 1)
138     FIELD(EFUSE_IDR, MAIN_FSM_ERROR, 5, 1)
139     FIELD(EFUSE_IDR, CACHE_ERROR, 4, 1)
140     FIELD(EFUSE_IDR, RD_ERROR, 3, 1)
141     FIELD(EFUSE_IDR, RD_DONE, 2, 1)
142     FIELD(EFUSE_IDR, PGM_ERROR, 1, 1)
143     FIELD(EFUSE_IDR, PGM_DONE, 0, 1)
144 REG32(EFUSE_CACHE_LOAD, 0x40)
145     FIELD(EFUSE_CACHE_LOAD, LOAD, 0, 1)
146 REG32(EFUSE_PGM_LOCK, 0x44)
147     FIELD(EFUSE_PGM_LOCK, SPK_ID_LOCK, 0, 1)
148 REG32(EFUSE_AES_CRC, 0x48)
149 REG32(EFUSE_AES_USR_KEY0_CRC, 0x4c)
150 REG32(EFUSE_AES_USR_KEY1_CRC, 0x50)
151 REG32(EFUSE_PD, 0x54)
152 REG32(EFUSE_ANLG_OSC_SW_1LP, 0x60)
153 REG32(EFUSE_TEST_CTRL, 0x100)
154 
155 #define R_MAX (R_EFUSE_TEST_CTRL + 1)
156 
157 #define R_WR_LOCK_UNLOCK_PASSCODE   (0xDF0D)
158 
159 /*
160  * eFuse layout references:
161  *   https://github.com/Xilinx/embeddedsw/blob/release-2019.2/lib/sw_services/xilnvm/src/xnvm_efuse_hw.h
162  */
163 #define BIT_POS_OF(A_) \
164     ((uint32_t)((A_) & (R_EFUSE_PGM_ADDR_ROW_MASK | \
165                         R_EFUSE_PGM_ADDR_COLUMN_MASK)))
166 
167 #define BIT_POS(R_, C_) \
168         ((uint32_t)((R_EFUSE_PGM_ADDR_ROW_MASK                  \
169                     & ((R_) << R_EFUSE_PGM_ADDR_ROW_SHIFT))     \
170                     |                                           \
171                     (R_EFUSE_PGM_ADDR_COLUMN_MASK               \
172                      & ((C_) << R_EFUSE_PGM_ADDR_COLUMN_SHIFT))))
173 
174 #define EFUSE_TBIT_POS(A_)          (BIT_POS_OF(A_) >= BIT_POS(0, 28))
175 
176 #define EFUSE_ANCHOR_ROW            (0)
177 #define EFUSE_ANCHOR_3_COL          (27)
178 #define EFUSE_ANCHOR_1_COL          (1)
179 
180 #define EFUSE_AES_KEY_START         BIT_POS(12, 0)
181 #define EFUSE_AES_KEY_END           BIT_POS(19, 31)
182 #define EFUSE_USER_KEY_0_START      BIT_POS(20, 0)
183 #define EFUSE_USER_KEY_0_END        BIT_POS(27, 31)
184 #define EFUSE_USER_KEY_1_START      BIT_POS(28, 0)
185 #define EFUSE_USER_KEY_1_END        BIT_POS(35, 31)
186 
187 #define EFUSE_RD_BLOCKED_START      EFUSE_AES_KEY_START
188 #define EFUSE_RD_BLOCKED_END        EFUSE_USER_KEY_1_END
189 
190 #define EFUSE_GLITCH_DET_WR_LK      BIT_POS(4, 31)
191 #define EFUSE_PPK0_WR_LK            BIT_POS(43, 6)
192 #define EFUSE_PPK1_WR_LK            BIT_POS(43, 7)
193 #define EFUSE_PPK2_WR_LK            BIT_POS(43, 8)
194 #define EFUSE_AES_WR_LK             BIT_POS(43, 11)
195 #define EFUSE_USER_KEY_0_WR_LK      BIT_POS(43, 13)
196 #define EFUSE_USER_KEY_1_WR_LK      BIT_POS(43, 15)
197 #define EFUSE_PUF_SYN_LK            BIT_POS(43, 16)
198 #define EFUSE_DNA_WR_LK             BIT_POS(43, 27)
199 #define EFUSE_BOOT_ENV_WR_LK        BIT_POS(43, 28)
200 
201 #define EFUSE_PGM_LOCKED_START      BIT_POS(44, 0)
202 #define EFUSE_PGM_LOCKED_END        BIT_POS(51, 31)
203 
204 #define EFUSE_PUF_PAGE              (2)
205 #define EFUSE_PUF_SYN_START         BIT_POS(129, 0)
206 #define EFUSE_PUF_SYN_END           BIT_POS(255, 27)
207 
208 #define EFUSE_KEY_CRC_LK_ROW           (43)
209 #define EFUSE_AES_KEY_CRC_LK_MASK      ((1U << 9) | (1U << 10))
210 #define EFUSE_USER_KEY_0_CRC_LK_MASK   (1U << 12)
211 #define EFUSE_USER_KEY_1_CRC_LK_MASK   (1U << 14)
212 
213 /*
214  * A handy macro to return value of an array element,
215  * or a specific default if given index is out of bound.
216  */
217 #define ARRAY_GET(A_, I_, D_) \
218     ((unsigned int)(I_) < ARRAY_SIZE(A_) ? (A_)[I_] : (D_))
219 
220 QEMU_BUILD_BUG_ON(R_MAX != ARRAY_SIZE(((XlnxVersalEFuseCtrl *)0)->regs));
221 
222 typedef struct XlnxEFuseLkSpec {
223     uint16_t row;
224     uint16_t lk_bit;
225 } XlnxEFuseLkSpec;
226 
227 static void efuse_imr_update_irq(XlnxVersalEFuseCtrl *s)
228 {
229     bool pending = s->regs[R_EFUSE_ISR] & ~s->regs[R_EFUSE_IMR];
230     qemu_set_irq(s->irq_efuse_imr, pending);
231 }
232 
233 static void efuse_isr_postw(RegisterInfo *reg, uint64_t val64)
234 {
235     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
236     efuse_imr_update_irq(s);
237 }
238 
239 static uint64_t efuse_ier_prew(RegisterInfo *reg, uint64_t val64)
240 {
241     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
242     uint32_t val = val64;
243 
244     s->regs[R_EFUSE_IMR] &= ~val;
245     efuse_imr_update_irq(s);
246     return 0;
247 }
248 
249 static uint64_t efuse_idr_prew(RegisterInfo *reg, uint64_t val64)
250 {
251     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
252     uint32_t val = val64;
253 
254     s->regs[R_EFUSE_IMR] |= val;
255     efuse_imr_update_irq(s);
256     return 0;
257 }
258 
259 static void efuse_status_tbits_sync(XlnxVersalEFuseCtrl *s)
260 {
261     uint32_t check = xlnx_efuse_tbits_check(s->efuse);
262     uint32_t val = s->regs[R_STATUS];
263 
264     val = FIELD_DP32(val, STATUS, EFUSE_0_TBIT, !!(check & (1 << 0)));
265     val = FIELD_DP32(val, STATUS, EFUSE_1_TBIT, !!(check & (1 << 1)));
266     val = FIELD_DP32(val, STATUS, EFUSE_2_TBIT, !!(check & (1 << 2)));
267 
268     s->regs[R_STATUS] = val;
269 }
270 
271 static void efuse_anchor_bits_check(XlnxVersalEFuseCtrl *s)
272 {
273     unsigned page;
274 
275     if (!s->efuse || !s->efuse->init_tbits) {
276         return;
277     }
278 
279     for (page = 0; page < s->efuse->efuse_nr; page++) {
280         uint32_t row = 0, bit;
281 
282         row = FIELD_DP32(row, EFUSE_PGM_ADDR, PAGE, page);
283         row = FIELD_DP32(row, EFUSE_PGM_ADDR, ROW, EFUSE_ANCHOR_ROW);
284 
285         bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_3_COL);
286         if (!xlnx_efuse_get_bit(s->efuse, bit)) {
287             xlnx_efuse_set_bit(s->efuse, bit);
288         }
289 
290         bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_1_COL);
291         if (!xlnx_efuse_get_bit(s->efuse, bit)) {
292             xlnx_efuse_set_bit(s->efuse, bit);
293         }
294     }
295 }
296 
297 static void efuse_key_crc_check(RegisterInfo *reg, uint32_t crc,
298                                 uint32_t pass_mask, uint32_t done_mask,
299                                 unsigned first, uint32_t lk_mask)
300 {
301     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
302     uint32_t r, lk_bits;
303 
304     /*
305      * To start, assume both DONE and PASS, and clear PASS by xor
306      * if CRC-check fails or CRC-check disabled by lock fuse.
307      */
308     r = s->regs[R_STATUS] | done_mask | pass_mask;
309 
310     lk_bits = xlnx_efuse_get_row(s->efuse, EFUSE_KEY_CRC_LK_ROW) & lk_mask;
311     if (lk_bits == 0 && xlnx_efuse_k256_check(s->efuse, crc, first)) {
312         pass_mask = 0;
313     }
314 
315     s->regs[R_STATUS] = r ^ pass_mask;
316 }
317 
318 static void efuse_data_sync(XlnxVersalEFuseCtrl *s)
319 {
320     efuse_status_tbits_sync(s);
321 }
322 
323 static int efuse_lk_spec_cmp(const void *a, const void *b)
324 {
325     uint16_t r1 = ((const XlnxEFuseLkSpec *)a)->row;
326     uint16_t r2 = ((const XlnxEFuseLkSpec *)b)->row;
327 
328     return (r1 > r2) - (r1 < r2);
329 }
330 
331 static void efuse_lk_spec_sort(XlnxVersalEFuseCtrl *s)
332 {
333     XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec;
334     const uint32_t n8 = s->extra_pg0_lock_n16 * 2;
335     const uint32_t sz  = sizeof(ary[0]);
336     const uint32_t cnt = n8 / sz;
337 
338     if (ary && cnt) {
339         qsort(ary, cnt, sz, efuse_lk_spec_cmp);
340     }
341 }
342 
343 static uint32_t efuse_lk_spec_find(XlnxVersalEFuseCtrl *s, uint32_t row)
344 {
345     const XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec;
346     const uint32_t n8  = s->extra_pg0_lock_n16 * 2;
347     const uint32_t sz  = sizeof(ary[0]);
348     const uint32_t cnt = n8 / sz;
349     const XlnxEFuseLkSpec *item = NULL;
350 
351     if (ary && cnt) {
352         XlnxEFuseLkSpec k = { .row = row, };
353 
354         item = bsearch(&k, ary, cnt, sz, efuse_lk_spec_cmp);
355     }
356 
357     return item ? item->lk_bit : 0;
358 }
359 
360 static uint32_t efuse_bit_locked(XlnxVersalEFuseCtrl *s, uint32_t bit)
361 {
362     /* Hard-coded locks */
363     static const uint16_t pg0_hard_lock[] = {
364         [4] = EFUSE_GLITCH_DET_WR_LK,
365         [37] = EFUSE_BOOT_ENV_WR_LK,
366 
367         [8 ... 11]  = EFUSE_DNA_WR_LK,
368         [12 ... 19] = EFUSE_AES_WR_LK,
369         [20 ... 27] = EFUSE_USER_KEY_0_WR_LK,
370         [28 ... 35] = EFUSE_USER_KEY_1_WR_LK,
371         [64 ... 71] = EFUSE_PPK0_WR_LK,
372         [72 ... 79] = EFUSE_PPK1_WR_LK,
373         [80 ... 87] = EFUSE_PPK2_WR_LK,
374     };
375 
376     uint32_t row = FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW);
377     uint32_t lk_bit = ARRAY_GET(pg0_hard_lock, row, 0);
378 
379     return lk_bit ? lk_bit : efuse_lk_spec_find(s, row);
380 }
381 
382 static bool efuse_pgm_locked(XlnxVersalEFuseCtrl *s, unsigned int bit)
383 {
384 
385     unsigned int lock = 1;
386 
387     /* Global lock */
388     if (!ARRAY_FIELD_EX32(s->regs, CFG, PGM_EN)) {
389         goto ret_lock;
390     }
391 
392     /* Row lock */
393     switch (FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE)) {
394     case 0:
395         if (ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK) &&
396             bit >= EFUSE_PGM_LOCKED_START && bit <= EFUSE_PGM_LOCKED_END) {
397             goto ret_lock;
398         }
399 
400         lock = efuse_bit_locked(s, bit);
401         break;
402     case EFUSE_PUF_PAGE:
403         if (bit < EFUSE_PUF_SYN_START || bit > EFUSE_PUF_SYN_END) {
404             lock = 0;
405             goto ret_lock;
406         }
407 
408         lock = EFUSE_PUF_SYN_LK;
409         break;
410     default:
411         lock = 0;
412         goto ret_lock;
413     }
414 
415     /* Row lock by an efuse bit */
416     if (lock) {
417         lock = xlnx_efuse_get_bit(s->efuse, lock);
418     }
419 
420  ret_lock:
421     return lock != 0;
422 }
423 
424 static void efuse_pgm_addr_postw(RegisterInfo *reg, uint64_t val64)
425 {
426     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
427     unsigned bit = val64;
428     bool ok = false;
429 
430     /* Always zero out PGM_ADDR because it is write-only */
431     s->regs[R_EFUSE_PGM_ADDR] = 0;
432 
433     /*
434      * Indicate error if bit is write-protected (or read-only
435      * as guarded by efuse_set_bit()).
436      *
437      * Keep it simple by not modeling program timing.
438      *
439      * Note: model must NEVER clear the PGM_ERROR bit; it is
440      *       up to guest to do so (or by reset).
441      */
442     if (efuse_pgm_locked(s, bit)) {
443         g_autofree char *path = object_get_canonical_path(OBJECT(s));
444 
445         qemu_log_mask(LOG_GUEST_ERROR,
446                       "%s: Denied setting of efuse<%u, %u, %u>\n",
447                       path,
448                       FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE),
449                       FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW),
450                       FIELD_EX32(bit, EFUSE_PGM_ADDR, COLUMN));
451     } else if (xlnx_efuse_set_bit(s->efuse, bit)) {
452         ok = true;
453         if (EFUSE_TBIT_POS(bit)) {
454             efuse_status_tbits_sync(s);
455         }
456     }
457 
458     if (!ok) {
459         ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_ERROR, 1);
460     }
461 
462     ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_DONE, 1);
463     efuse_imr_update_irq(s);
464 }
465 
466 static void efuse_rd_addr_postw(RegisterInfo *reg, uint64_t val64)
467 {
468     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
469     unsigned bit = val64;
470     bool denied;
471 
472     /* Always zero out RD_ADDR because it is write-only */
473     s->regs[R_EFUSE_RD_ADDR] = 0;
474 
475     /*
476      * Indicate error if row is read-blocked.
477      *
478      * Note: model must NEVER clear the RD_ERROR bit; it is
479      *       up to guest to do so (or by reset).
480      */
481     s->regs[R_EFUSE_RD_DATA] = xlnx_versal_efuse_read_row(s->efuse,
482                                                           bit, &denied);
483     if (denied) {
484         g_autofree char *path = object_get_canonical_path(OBJECT(s));
485 
486         qemu_log_mask(LOG_GUEST_ERROR,
487                       "%s: Denied reading of efuse<%u, %u>\n",
488                       path,
489                       FIELD_EX32(bit, EFUSE_RD_ADDR, PAGE),
490                       FIELD_EX32(bit, EFUSE_RD_ADDR, ROW));
491 
492         ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_ERROR, 1);
493     }
494 
495     ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_DONE, 1);
496     efuse_imr_update_irq(s);
497     return;
498 }
499 
500 static uint64_t efuse_cache_load_prew(RegisterInfo *reg, uint64_t val64)
501 {
502     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
503 
504     if (val64 & R_EFUSE_CACHE_LOAD_LOAD_MASK) {
505         efuse_data_sync(s);
506 
507         ARRAY_FIELD_DP32(s->regs, STATUS, CACHE_DONE, 1);
508         efuse_imr_update_irq(s);
509     }
510 
511     return 0;
512 }
513 
514 static uint64_t efuse_pgm_lock_prew(RegisterInfo *reg, uint64_t val64)
515 {
516     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
517 
518     /* Ignore all other bits */
519     val64 = FIELD_EX32(val64, EFUSE_PGM_LOCK, SPK_ID_LOCK);
520 
521     /* Once the bit is written 1, only reset will clear it to 0 */
522     val64 |= ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK);
523 
524     return val64;
525 }
526 
527 static void efuse_aes_crc_postw(RegisterInfo *reg, uint64_t val64)
528 {
529     efuse_key_crc_check(reg, val64,
530                         R_STATUS_AES_CRC_PASS_MASK,
531                         R_STATUS_AES_CRC_DONE_MASK,
532                         EFUSE_AES_KEY_START,
533                         EFUSE_AES_KEY_CRC_LK_MASK);
534 }
535 
536 static void efuse_aes_u0_crc_postw(RegisterInfo *reg, uint64_t val64)
537 {
538     efuse_key_crc_check(reg, val64,
539                         R_STATUS_AES_USER_KEY_0_CRC_PASS_MASK,
540                         R_STATUS_AES_USER_KEY_0_CRC_DONE_MASK,
541                         EFUSE_USER_KEY_0_START,
542                         EFUSE_USER_KEY_0_CRC_LK_MASK);
543 }
544 
545 static void efuse_aes_u1_crc_postw(RegisterInfo *reg, uint64_t val64)
546 {
547     efuse_key_crc_check(reg, val64,
548                         R_STATUS_AES_USER_KEY_1_CRC_PASS_MASK,
549                         R_STATUS_AES_USER_KEY_1_CRC_DONE_MASK,
550                         EFUSE_USER_KEY_1_START,
551                         EFUSE_USER_KEY_1_CRC_LK_MASK);
552 }
553 
554 static uint64_t efuse_wr_lock_prew(RegisterInfo *reg, uint64_t val)
555 {
556     return val != R_WR_LOCK_UNLOCK_PASSCODE;
557 }
558 
559 static const RegisterAccessInfo efuse_ctrl_regs_info[] = {
560     {   .name = "WR_LOCK",  .addr = A_WR_LOCK,
561         .reset = 0x1,
562         .pre_write = efuse_wr_lock_prew,
563     },{ .name = "CFG",  .addr = A_CFG,
564         .rsvd = 0x9,
565     },{ .name = "STATUS",  .addr = A_STATUS,
566         .rsvd = 0x8,
567         .ro = 0xfff,
568     },{ .name = "EFUSE_PGM_ADDR",  .addr = A_EFUSE_PGM_ADDR,
569         .post_write = efuse_pgm_addr_postw,
570     },{ .name = "EFUSE_RD_ADDR",  .addr = A_EFUSE_RD_ADDR,
571         .rsvd = 0x1f,
572         .post_write = efuse_rd_addr_postw,
573     },{ .name = "EFUSE_RD_DATA",  .addr = A_EFUSE_RD_DATA,
574         .ro = 0xffffffff,
575     },{ .name = "TPGM",  .addr = A_TPGM,
576     },{ .name = "TRD",  .addr = A_TRD,
577         .reset = 0x19,
578     },{ .name = "TSU_H_PS",  .addr = A_TSU_H_PS,
579         .reset = 0xff,
580     },{ .name = "TSU_H_PS_CS",  .addr = A_TSU_H_PS_CS,
581         .reset = 0x11,
582     },{ .name = "TRDM",  .addr = A_TRDM,
583         .reset = 0x3a,
584     },{ .name = "TSU_H_CS",  .addr = A_TSU_H_CS,
585         .reset = 0x16,
586     },{ .name = "EFUSE_ISR",  .addr = A_EFUSE_ISR,
587         .rsvd = 0x7fff8000,
588         .w1c = 0x80007fff,
589         .post_write = efuse_isr_postw,
590     },{ .name = "EFUSE_IMR",  .addr = A_EFUSE_IMR,
591         .reset = 0x80007fff,
592         .rsvd = 0x7fff8000,
593         .ro = 0xffffffff,
594     },{ .name = "EFUSE_IER",  .addr = A_EFUSE_IER,
595         .rsvd = 0x7fff8000,
596         .pre_write = efuse_ier_prew,
597     },{ .name = "EFUSE_IDR",  .addr = A_EFUSE_IDR,
598         .rsvd = 0x7fff8000,
599         .pre_write = efuse_idr_prew,
600     },{ .name = "EFUSE_CACHE_LOAD",  .addr = A_EFUSE_CACHE_LOAD,
601         .pre_write = efuse_cache_load_prew,
602     },{ .name = "EFUSE_PGM_LOCK",  .addr = A_EFUSE_PGM_LOCK,
603         .pre_write = efuse_pgm_lock_prew,
604     },{ .name = "EFUSE_AES_CRC",  .addr = A_EFUSE_AES_CRC,
605         .post_write = efuse_aes_crc_postw,
606     },{ .name = "EFUSE_AES_USR_KEY0_CRC",  .addr = A_EFUSE_AES_USR_KEY0_CRC,
607         .post_write = efuse_aes_u0_crc_postw,
608     },{ .name = "EFUSE_AES_USR_KEY1_CRC",  .addr = A_EFUSE_AES_USR_KEY1_CRC,
609         .post_write = efuse_aes_u1_crc_postw,
610     },{ .name = "EFUSE_PD",  .addr = A_EFUSE_PD,
611         .ro = 0xfffffffe,
612     },{ .name = "EFUSE_ANLG_OSC_SW_1LP",  .addr = A_EFUSE_ANLG_OSC_SW_1LP,
613     },{ .name = "EFUSE_TEST_CTRL",  .addr = A_EFUSE_TEST_CTRL,
614         .reset = 0x8,
615     }
616 };
617 
618 static void efuse_ctrl_reg_write(void *opaque, hwaddr addr,
619                                  uint64_t data, unsigned size)
620 {
621     RegisterInfoArray *reg_array = opaque;
622     XlnxVersalEFuseCtrl *s;
623     Object *dev;
624 
625     assert(reg_array != NULL);
626 
627     dev = reg_array->mem.owner;
628     assert(dev);
629 
630     s = XLNX_VERSAL_EFUSE_CTRL(dev);
631 
632     if (addr != A_WR_LOCK && s->regs[R_WR_LOCK]) {
633         g_autofree char *path = object_get_canonical_path(OBJECT(s));
634 
635         qemu_log_mask(LOG_GUEST_ERROR,
636                       "%s[reg_0x%02lx]: Attempt to write locked register.\n",
637                       path, (long)addr);
638     } else {
639         register_write_memory(opaque, addr, data, size);
640     }
641 }
642 
643 static void efuse_ctrl_register_reset(RegisterInfo *reg)
644 {
645     if (!reg->data || !reg->access) {
646         return;
647     }
648 
649     /* Reset must not trigger some registers' writers */
650     switch (reg->access->addr) {
651     case A_EFUSE_AES_CRC:
652     case A_EFUSE_AES_USR_KEY0_CRC:
653     case A_EFUSE_AES_USR_KEY1_CRC:
654         *(uint32_t *)reg->data = reg->access->reset;
655         return;
656     }
657 
658     register_reset(reg);
659 }
660 
661 static void efuse_ctrl_reset_hold(Object *obj, ResetType type)
662 {
663     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
664     unsigned int i;
665 
666     for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) {
667         efuse_ctrl_register_reset(&s->regs_info[i]);
668     }
669 
670     efuse_anchor_bits_check(s);
671     efuse_data_sync(s);
672     efuse_imr_update_irq(s);
673 }
674 
675 static const MemoryRegionOps efuse_ctrl_ops = {
676     .read = register_read_memory,
677     .write = efuse_ctrl_reg_write,
678     .endianness = DEVICE_LITTLE_ENDIAN,
679     .valid = {
680         .min_access_size = 4,
681         .max_access_size = 4,
682     },
683 };
684 
685 static void efuse_ctrl_realize(DeviceState *dev, Error **errp)
686 {
687     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev);
688     const uint32_t lks_sz = sizeof(XlnxEFuseLkSpec) / 2;
689 
690     if (!s->efuse) {
691         g_autofree char *path = object_get_canonical_path(OBJECT(s));
692 
693         error_setg(errp, "%s.efuse: link property not connected to XLNX-EFUSE",
694                    path);
695         return;
696     }
697 
698     /* Sort property-defined pgm-locks for bsearch lookup */
699     if ((s->extra_pg0_lock_n16 % lks_sz) != 0) {
700         g_autofree char *path = object_get_canonical_path(OBJECT(s));
701 
702         error_setg(errp,
703                    "%s.pg0-lock: array property item-count not multiple of %u",
704                    path, lks_sz);
705         return;
706     }
707 
708     efuse_lk_spec_sort(s);
709 }
710 
711 static void efuse_ctrl_init(Object *obj)
712 {
713     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
714     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
715 
716     s->reg_array =
717         register_init_block32(DEVICE(obj), efuse_ctrl_regs_info,
718                               ARRAY_SIZE(efuse_ctrl_regs_info),
719                               s->regs_info, s->regs,
720                               &efuse_ctrl_ops,
721                               XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG,
722                               R_MAX * 4);
723 
724     sysbus_init_mmio(sbd, &s->reg_array->mem);
725     sysbus_init_irq(sbd, &s->irq_efuse_imr);
726 }
727 
728 static void efuse_ctrl_finalize(Object *obj)
729 {
730     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
731 
732     register_finalize_block(s->reg_array);
733     g_free(s->extra_pg0_lock_spec);
734 }
735 
736 static const VMStateDescription vmstate_efuse_ctrl = {
737     .name = TYPE_XLNX_VERSAL_EFUSE_CTRL,
738     .version_id = 1,
739     .minimum_version_id = 1,
740     .fields = (const VMStateField[]) {
741         VMSTATE_UINT32_ARRAY(regs, XlnxVersalEFuseCtrl, R_MAX),
742         VMSTATE_END_OF_LIST(),
743     }
744 };
745 
746 static Property efuse_ctrl_props[] = {
747     DEFINE_PROP_LINK("efuse",
748                      XlnxVersalEFuseCtrl, efuse,
749                      TYPE_XLNX_EFUSE, XlnxEFuse *),
750     DEFINE_PROP_ARRAY("pg0-lock",
751                       XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
752                       extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
753 
754     DEFINE_PROP_END_OF_LIST(),
755 };
756 
757 static void efuse_ctrl_class_init(ObjectClass *klass, void *data)
758 {
759     DeviceClass *dc = DEVICE_CLASS(klass);
760     ResettableClass *rc = RESETTABLE_CLASS(klass);
761 
762     rc->phases.hold = efuse_ctrl_reset_hold;
763     dc->realize = efuse_ctrl_realize;
764     dc->vmsd = &vmstate_efuse_ctrl;
765     device_class_set_props(dc, efuse_ctrl_props);
766 }
767 
768 static const TypeInfo efuse_ctrl_info = {
769     .name          = TYPE_XLNX_VERSAL_EFUSE_CTRL,
770     .parent        = TYPE_SYS_BUS_DEVICE,
771     .instance_size = sizeof(XlnxVersalEFuseCtrl),
772     .class_init    = efuse_ctrl_class_init,
773     .instance_init = efuse_ctrl_init,
774     .instance_finalize = efuse_ctrl_finalize,
775 };
776 
777 static void efuse_ctrl_register_types(void)
778 {
779     type_register_static(&efuse_ctrl_info);
780 }
781 
782 type_init(efuse_ctrl_register_types)
783 
784 /*
785  * Retrieve a row, with unreadable bits returned as 0.
786  */
787 uint32_t xlnx_versal_efuse_read_row(XlnxEFuse *efuse,
788                                     uint32_t bit, bool *denied)
789 {
790     bool dummy;
791 
792     if (!denied) {
793         denied = &dummy;
794     }
795 
796     if (bit >= EFUSE_RD_BLOCKED_START && bit <= EFUSE_RD_BLOCKED_END) {
797         *denied = true;
798         return 0;
799     }
800 
801     *denied = false;
802     return xlnx_efuse_get_row(efuse, bit);
803 }
804