1 /*
2  * QEMU model of the Versal eFuse controller
3  *
4  * Copyright (c) 2020 Xilinx Inc.
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "hw/nvram/xlnx-versal-efuse.h"
27 
28 #include "qemu/log.h"
29 #include "qapi/error.h"
30 #include "migration/vmstate.h"
31 #include "hw/qdev-properties.h"
32 
33 #ifndef XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG
34 #define XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG 0
35 #endif
36 
37 REG32(WR_LOCK, 0x0)
38     FIELD(WR_LOCK, LOCK, 0, 16)
39 REG32(CFG, 0x4)
40     FIELD(CFG, SLVERR_ENABLE, 5, 1)
41     FIELD(CFG, MARGIN_RD, 2, 1)
42     FIELD(CFG, PGM_EN, 1, 1)
43 REG32(STATUS, 0x8)
44     FIELD(STATUS, AES_USER_KEY_1_CRC_PASS, 11, 1)
45     FIELD(STATUS, AES_USER_KEY_1_CRC_DONE, 10, 1)
46     FIELD(STATUS, AES_USER_KEY_0_CRC_PASS, 9, 1)
47     FIELD(STATUS, AES_USER_KEY_0_CRC_DONE, 8, 1)
48     FIELD(STATUS, AES_CRC_PASS, 7, 1)
49     FIELD(STATUS, AES_CRC_DONE, 6, 1)
50     FIELD(STATUS, CACHE_DONE, 5, 1)
51     FIELD(STATUS, CACHE_LOAD, 4, 1)
52     FIELD(STATUS, EFUSE_2_TBIT, 2, 1)
53     FIELD(STATUS, EFUSE_1_TBIT, 1, 1)
54     FIELD(STATUS, EFUSE_0_TBIT, 0, 1)
55 REG32(EFUSE_PGM_ADDR, 0xc)
56     FIELD(EFUSE_PGM_ADDR, PAGE, 13, 4)
57     FIELD(EFUSE_PGM_ADDR, ROW, 5, 8)
58     FIELD(EFUSE_PGM_ADDR, COLUMN, 0, 5)
59 REG32(EFUSE_RD_ADDR, 0x10)
60     FIELD(EFUSE_RD_ADDR, PAGE, 13, 4)
61     FIELD(EFUSE_RD_ADDR, ROW, 5, 8)
62 REG32(EFUSE_RD_DATA, 0x14)
63 REG32(TPGM, 0x18)
64     FIELD(TPGM, VALUE, 0, 16)
65 REG32(TRD, 0x1c)
66     FIELD(TRD, VALUE, 0, 8)
67 REG32(TSU_H_PS, 0x20)
68     FIELD(TSU_H_PS, VALUE, 0, 8)
69 REG32(TSU_H_PS_CS, 0x24)
70     FIELD(TSU_H_PS_CS, VALUE, 0, 8)
71 REG32(TRDM, 0x28)
72     FIELD(TRDM, VALUE, 0, 8)
73 REG32(TSU_H_CS, 0x2c)
74     FIELD(TSU_H_CS, VALUE, 0, 8)
75 REG32(EFUSE_ISR, 0x30)
76     FIELD(EFUSE_ISR, APB_SLVERR, 31, 1)
77     FIELD(EFUSE_ISR, CACHE_PARITY_E2, 14, 1)
78     FIELD(EFUSE_ISR, CACHE_PARITY_E1, 13, 1)
79     FIELD(EFUSE_ISR, CACHE_PARITY_E0S, 12, 1)
80     FIELD(EFUSE_ISR, CACHE_PARITY_E0R, 11, 1)
81     FIELD(EFUSE_ISR, CACHE_APB_SLVERR, 10, 1)
82     FIELD(EFUSE_ISR, CACHE_REQ_ERROR, 9, 1)
83     FIELD(EFUSE_ISR, MAIN_REQ_ERROR, 8, 1)
84     FIELD(EFUSE_ISR, READ_ON_CACHE_LD, 7, 1)
85     FIELD(EFUSE_ISR, CACHE_FSM_ERROR, 6, 1)
86     FIELD(EFUSE_ISR, MAIN_FSM_ERROR, 5, 1)
87     FIELD(EFUSE_ISR, CACHE_ERROR, 4, 1)
88     FIELD(EFUSE_ISR, RD_ERROR, 3, 1)
89     FIELD(EFUSE_ISR, RD_DONE, 2, 1)
90     FIELD(EFUSE_ISR, PGM_ERROR, 1, 1)
91     FIELD(EFUSE_ISR, PGM_DONE, 0, 1)
92 REG32(EFUSE_IMR, 0x34)
93     FIELD(EFUSE_IMR, APB_SLVERR, 31, 1)
94     FIELD(EFUSE_IMR, CACHE_PARITY_E2, 14, 1)
95     FIELD(EFUSE_IMR, CACHE_PARITY_E1, 13, 1)
96     FIELD(EFUSE_IMR, CACHE_PARITY_E0S, 12, 1)
97     FIELD(EFUSE_IMR, CACHE_PARITY_E0R, 11, 1)
98     FIELD(EFUSE_IMR, CACHE_APB_SLVERR, 10, 1)
99     FIELD(EFUSE_IMR, CACHE_REQ_ERROR, 9, 1)
100     FIELD(EFUSE_IMR, MAIN_REQ_ERROR, 8, 1)
101     FIELD(EFUSE_IMR, READ_ON_CACHE_LD, 7, 1)
102     FIELD(EFUSE_IMR, CACHE_FSM_ERROR, 6, 1)
103     FIELD(EFUSE_IMR, MAIN_FSM_ERROR, 5, 1)
104     FIELD(EFUSE_IMR, CACHE_ERROR, 4, 1)
105     FIELD(EFUSE_IMR, RD_ERROR, 3, 1)
106     FIELD(EFUSE_IMR, RD_DONE, 2, 1)
107     FIELD(EFUSE_IMR, PGM_ERROR, 1, 1)
108     FIELD(EFUSE_IMR, PGM_DONE, 0, 1)
109 REG32(EFUSE_IER, 0x38)
110     FIELD(EFUSE_IER, APB_SLVERR, 31, 1)
111     FIELD(EFUSE_IER, CACHE_PARITY_E2, 14, 1)
112     FIELD(EFUSE_IER, CACHE_PARITY_E1, 13, 1)
113     FIELD(EFUSE_IER, CACHE_PARITY_E0S, 12, 1)
114     FIELD(EFUSE_IER, CACHE_PARITY_E0R, 11, 1)
115     FIELD(EFUSE_IER, CACHE_APB_SLVERR, 10, 1)
116     FIELD(EFUSE_IER, CACHE_REQ_ERROR, 9, 1)
117     FIELD(EFUSE_IER, MAIN_REQ_ERROR, 8, 1)
118     FIELD(EFUSE_IER, READ_ON_CACHE_LD, 7, 1)
119     FIELD(EFUSE_IER, CACHE_FSM_ERROR, 6, 1)
120     FIELD(EFUSE_IER, MAIN_FSM_ERROR, 5, 1)
121     FIELD(EFUSE_IER, CACHE_ERROR, 4, 1)
122     FIELD(EFUSE_IER, RD_ERROR, 3, 1)
123     FIELD(EFUSE_IER, RD_DONE, 2, 1)
124     FIELD(EFUSE_IER, PGM_ERROR, 1, 1)
125     FIELD(EFUSE_IER, PGM_DONE, 0, 1)
126 REG32(EFUSE_IDR, 0x3c)
127     FIELD(EFUSE_IDR, APB_SLVERR, 31, 1)
128     FIELD(EFUSE_IDR, CACHE_PARITY_E2, 14, 1)
129     FIELD(EFUSE_IDR, CACHE_PARITY_E1, 13, 1)
130     FIELD(EFUSE_IDR, CACHE_PARITY_E0S, 12, 1)
131     FIELD(EFUSE_IDR, CACHE_PARITY_E0R, 11, 1)
132     FIELD(EFUSE_IDR, CACHE_APB_SLVERR, 10, 1)
133     FIELD(EFUSE_IDR, CACHE_REQ_ERROR, 9, 1)
134     FIELD(EFUSE_IDR, MAIN_REQ_ERROR, 8, 1)
135     FIELD(EFUSE_IDR, READ_ON_CACHE_LD, 7, 1)
136     FIELD(EFUSE_IDR, CACHE_FSM_ERROR, 6, 1)
137     FIELD(EFUSE_IDR, MAIN_FSM_ERROR, 5, 1)
138     FIELD(EFUSE_IDR, CACHE_ERROR, 4, 1)
139     FIELD(EFUSE_IDR, RD_ERROR, 3, 1)
140     FIELD(EFUSE_IDR, RD_DONE, 2, 1)
141     FIELD(EFUSE_IDR, PGM_ERROR, 1, 1)
142     FIELD(EFUSE_IDR, PGM_DONE, 0, 1)
143 REG32(EFUSE_CACHE_LOAD, 0x40)
144     FIELD(EFUSE_CACHE_LOAD, LOAD, 0, 1)
145 REG32(EFUSE_PGM_LOCK, 0x44)
146     FIELD(EFUSE_PGM_LOCK, SPK_ID_LOCK, 0, 1)
147 REG32(EFUSE_AES_CRC, 0x48)
148 REG32(EFUSE_AES_USR_KEY0_CRC, 0x4c)
149 REG32(EFUSE_AES_USR_KEY1_CRC, 0x50)
150 REG32(EFUSE_PD, 0x54)
151 REG32(EFUSE_ANLG_OSC_SW_1LP, 0x60)
152 REG32(EFUSE_TEST_CTRL, 0x100)
153 
154 #define R_MAX (R_EFUSE_TEST_CTRL + 1)
155 
156 #define R_WR_LOCK_UNLOCK_PASSCODE   (0xDF0D)
157 
158 /*
159  * eFuse layout references:
160  *   https://github.com/Xilinx/embeddedsw/blob/release-2019.2/lib/sw_services/xilnvm/src/xnvm_efuse_hw.h
161  */
162 #define BIT_POS_OF(A_) \
163     ((uint32_t)((A_) & (R_EFUSE_PGM_ADDR_ROW_MASK | \
164                         R_EFUSE_PGM_ADDR_COLUMN_MASK)))
165 
166 #define BIT_POS(R_, C_) \
167         ((uint32_t)((R_EFUSE_PGM_ADDR_ROW_MASK                  \
168                     & ((R_) << R_EFUSE_PGM_ADDR_ROW_SHIFT))     \
169                     |                                           \
170                     (R_EFUSE_PGM_ADDR_COLUMN_MASK               \
171                      & ((C_) << R_EFUSE_PGM_ADDR_COLUMN_SHIFT))))
172 
173 #define EFUSE_TBIT_POS(A_)          (BIT_POS_OF(A_) >= BIT_POS(0, 28))
174 
175 #define EFUSE_ANCHOR_ROW            (0)
176 #define EFUSE_ANCHOR_3_COL          (27)
177 #define EFUSE_ANCHOR_1_COL          (1)
178 
179 #define EFUSE_AES_KEY_START         BIT_POS(12, 0)
180 #define EFUSE_AES_KEY_END           BIT_POS(19, 31)
181 #define EFUSE_USER_KEY_0_START      BIT_POS(20, 0)
182 #define EFUSE_USER_KEY_0_END        BIT_POS(27, 31)
183 #define EFUSE_USER_KEY_1_START      BIT_POS(28, 0)
184 #define EFUSE_USER_KEY_1_END        BIT_POS(35, 31)
185 
186 #define EFUSE_RD_BLOCKED_START      EFUSE_AES_KEY_START
187 #define EFUSE_RD_BLOCKED_END        EFUSE_USER_KEY_1_END
188 
189 #define EFUSE_GLITCH_DET_WR_LK      BIT_POS(4, 31)
190 #define EFUSE_PPK0_WR_LK            BIT_POS(43, 6)
191 #define EFUSE_PPK1_WR_LK            BIT_POS(43, 7)
192 #define EFUSE_PPK2_WR_LK            BIT_POS(43, 8)
193 #define EFUSE_AES_WR_LK             BIT_POS(43, 11)
194 #define EFUSE_USER_KEY_0_WR_LK      BIT_POS(43, 13)
195 #define EFUSE_USER_KEY_1_WR_LK      BIT_POS(43, 15)
196 #define EFUSE_PUF_SYN_LK            BIT_POS(43, 16)
197 #define EFUSE_DNA_WR_LK             BIT_POS(43, 27)
198 #define EFUSE_BOOT_ENV_WR_LK        BIT_POS(43, 28)
199 
200 #define EFUSE_PGM_LOCKED_START      BIT_POS(44, 0)
201 #define EFUSE_PGM_LOCKED_END        BIT_POS(51, 31)
202 
203 #define EFUSE_PUF_PAGE              (2)
204 #define EFUSE_PUF_SYN_START         BIT_POS(129, 0)
205 #define EFUSE_PUF_SYN_END           BIT_POS(255, 27)
206 
207 #define EFUSE_KEY_CRC_LK_ROW           (43)
208 #define EFUSE_AES_KEY_CRC_LK_MASK      ((1U << 9) | (1U << 10))
209 #define EFUSE_USER_KEY_0_CRC_LK_MASK   (1U << 12)
210 #define EFUSE_USER_KEY_1_CRC_LK_MASK   (1U << 14)
211 
212 /*
213  * A handy macro to return value of an array element,
214  * or a specific default if given index is out of bound.
215  */
216 #define ARRAY_GET(A_, I_, D_) \
217     ((unsigned int)(I_) < ARRAY_SIZE(A_) ? (A_)[I_] : (D_))
218 
219 QEMU_BUILD_BUG_ON(R_MAX != ARRAY_SIZE(((XlnxVersalEFuseCtrl *)0)->regs));
220 
221 typedef struct XlnxEFuseLkSpec {
222     uint16_t row;
223     uint16_t lk_bit;
224 } XlnxEFuseLkSpec;
225 
226 static void efuse_imr_update_irq(XlnxVersalEFuseCtrl *s)
227 {
228     bool pending = s->regs[R_EFUSE_ISR] & ~s->regs[R_EFUSE_IMR];
229     qemu_set_irq(s->irq_efuse_imr, pending);
230 }
231 
232 static void efuse_isr_postw(RegisterInfo *reg, uint64_t val64)
233 {
234     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
235     efuse_imr_update_irq(s);
236 }
237 
238 static uint64_t efuse_ier_prew(RegisterInfo *reg, uint64_t val64)
239 {
240     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
241     uint32_t val = val64;
242 
243     s->regs[R_EFUSE_IMR] &= ~val;
244     efuse_imr_update_irq(s);
245     return 0;
246 }
247 
248 static uint64_t efuse_idr_prew(RegisterInfo *reg, uint64_t val64)
249 {
250     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
251     uint32_t val = val64;
252 
253     s->regs[R_EFUSE_IMR] |= val;
254     efuse_imr_update_irq(s);
255     return 0;
256 }
257 
258 static void efuse_status_tbits_sync(XlnxVersalEFuseCtrl *s)
259 {
260     uint32_t check = xlnx_efuse_tbits_check(s->efuse);
261     uint32_t val = s->regs[R_STATUS];
262 
263     val = FIELD_DP32(val, STATUS, EFUSE_0_TBIT, !!(check & (1 << 0)));
264     val = FIELD_DP32(val, STATUS, EFUSE_1_TBIT, !!(check & (1 << 1)));
265     val = FIELD_DP32(val, STATUS, EFUSE_2_TBIT, !!(check & (1 << 2)));
266 
267     s->regs[R_STATUS] = val;
268 }
269 
270 static void efuse_anchor_bits_check(XlnxVersalEFuseCtrl *s)
271 {
272     unsigned page;
273 
274     if (!s->efuse || !s->efuse->init_tbits) {
275         return;
276     }
277 
278     for (page = 0; page < s->efuse->efuse_nr; page++) {
279         uint32_t row = 0, bit;
280 
281         row = FIELD_DP32(row, EFUSE_PGM_ADDR, PAGE, page);
282         row = FIELD_DP32(row, EFUSE_PGM_ADDR, ROW, EFUSE_ANCHOR_ROW);
283 
284         bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_3_COL);
285         if (!xlnx_efuse_get_bit(s->efuse, bit)) {
286             xlnx_efuse_set_bit(s->efuse, bit);
287         }
288 
289         bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_1_COL);
290         if (!xlnx_efuse_get_bit(s->efuse, bit)) {
291             xlnx_efuse_set_bit(s->efuse, bit);
292         }
293     }
294 }
295 
296 static void efuse_key_crc_check(RegisterInfo *reg, uint32_t crc,
297                                 uint32_t pass_mask, uint32_t done_mask,
298                                 unsigned first, uint32_t lk_mask)
299 {
300     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
301     uint32_t r, lk_bits;
302 
303     /*
304      * To start, assume both DONE and PASS, and clear PASS by xor
305      * if CRC-check fails or CRC-check disabled by lock fuse.
306      */
307     r = s->regs[R_STATUS] | done_mask | pass_mask;
308 
309     lk_bits = xlnx_efuse_get_row(s->efuse, EFUSE_KEY_CRC_LK_ROW) & lk_mask;
310     if (lk_bits == 0 && xlnx_efuse_k256_check(s->efuse, crc, first)) {
311         pass_mask = 0;
312     }
313 
314     s->regs[R_STATUS] = r ^ pass_mask;
315 }
316 
317 static void efuse_data_sync(XlnxVersalEFuseCtrl *s)
318 {
319     efuse_status_tbits_sync(s);
320 }
321 
322 static int efuse_lk_spec_cmp(const void *a, const void *b)
323 {
324     uint16_t r1 = ((const XlnxEFuseLkSpec *)a)->row;
325     uint16_t r2 = ((const XlnxEFuseLkSpec *)b)->row;
326 
327     return (r1 > r2) - (r1 < r2);
328 }
329 
330 static void efuse_lk_spec_sort(XlnxVersalEFuseCtrl *s)
331 {
332     XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec;
333     const uint32_t n8 = s->extra_pg0_lock_n16 * 2;
334     const uint32_t sz  = sizeof(ary[0]);
335     const uint32_t cnt = n8 / sz;
336 
337     if (ary && cnt) {
338         qsort(ary, cnt, sz, efuse_lk_spec_cmp);
339     }
340 }
341 
342 static uint32_t efuse_lk_spec_find(XlnxVersalEFuseCtrl *s, uint32_t row)
343 {
344     const XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec;
345     const uint32_t n8  = s->extra_pg0_lock_n16 * 2;
346     const uint32_t sz  = sizeof(ary[0]);
347     const uint32_t cnt = n8 / sz;
348     const XlnxEFuseLkSpec *item = NULL;
349 
350     if (ary && cnt) {
351         XlnxEFuseLkSpec k = { .row = row, };
352 
353         item = bsearch(&k, ary, cnt, sz, efuse_lk_spec_cmp);
354     }
355 
356     return item ? item->lk_bit : 0;
357 }
358 
359 static uint32_t efuse_bit_locked(XlnxVersalEFuseCtrl *s, uint32_t bit)
360 {
361     /* Hard-coded locks */
362     static const uint16_t pg0_hard_lock[] = {
363         [4] = EFUSE_GLITCH_DET_WR_LK,
364         [37] = EFUSE_BOOT_ENV_WR_LK,
365 
366         [8 ... 11]  = EFUSE_DNA_WR_LK,
367         [12 ... 19] = EFUSE_AES_WR_LK,
368         [20 ... 27] = EFUSE_USER_KEY_0_WR_LK,
369         [28 ... 35] = EFUSE_USER_KEY_1_WR_LK,
370         [64 ... 71] = EFUSE_PPK0_WR_LK,
371         [72 ... 79] = EFUSE_PPK1_WR_LK,
372         [80 ... 87] = EFUSE_PPK2_WR_LK,
373     };
374 
375     uint32_t row = FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW);
376     uint32_t lk_bit = ARRAY_GET(pg0_hard_lock, row, 0);
377 
378     return lk_bit ? lk_bit : efuse_lk_spec_find(s, row);
379 }
380 
381 static bool efuse_pgm_locked(XlnxVersalEFuseCtrl *s, unsigned int bit)
382 {
383 
384     unsigned int lock = 1;
385 
386     /* Global lock */
387     if (!ARRAY_FIELD_EX32(s->regs, CFG, PGM_EN)) {
388         goto ret_lock;
389     }
390 
391     /* Row lock */
392     switch (FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE)) {
393     case 0:
394         if (ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK) &&
395             bit >= EFUSE_PGM_LOCKED_START && bit <= EFUSE_PGM_LOCKED_END) {
396             goto ret_lock;
397         }
398 
399         lock = efuse_bit_locked(s, bit);
400         break;
401     case EFUSE_PUF_PAGE:
402         if (bit < EFUSE_PUF_SYN_START || bit > EFUSE_PUF_SYN_END) {
403             lock = 0;
404             goto ret_lock;
405         }
406 
407         lock = EFUSE_PUF_SYN_LK;
408         break;
409     default:
410         lock = 0;
411         goto ret_lock;
412     }
413 
414     /* Row lock by an efuse bit */
415     if (lock) {
416         lock = xlnx_efuse_get_bit(s->efuse, lock);
417     }
418 
419  ret_lock:
420     return lock != 0;
421 }
422 
423 static void efuse_pgm_addr_postw(RegisterInfo *reg, uint64_t val64)
424 {
425     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
426     unsigned bit = val64;
427     bool ok = false;
428 
429     /* Always zero out PGM_ADDR because it is write-only */
430     s->regs[R_EFUSE_PGM_ADDR] = 0;
431 
432     /*
433      * Indicate error if bit is write-protected (or read-only
434      * as guarded by efuse_set_bit()).
435      *
436      * Keep it simple by not modeling program timing.
437      *
438      * Note: model must NEVER clear the PGM_ERROR bit; it is
439      *       up to guest to do so (or by reset).
440      */
441     if (efuse_pgm_locked(s, bit)) {
442         g_autofree char *path = object_get_canonical_path(OBJECT(s));
443 
444         qemu_log_mask(LOG_GUEST_ERROR,
445                       "%s: Denied setting of efuse<%u, %u, %u>\n",
446                       path,
447                       FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE),
448                       FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW),
449                       FIELD_EX32(bit, EFUSE_PGM_ADDR, COLUMN));
450     } else if (xlnx_efuse_set_bit(s->efuse, bit)) {
451         ok = true;
452         if (EFUSE_TBIT_POS(bit)) {
453             efuse_status_tbits_sync(s);
454         }
455     }
456 
457     if (!ok) {
458         ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_ERROR, 1);
459     }
460 
461     ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_DONE, 1);
462     efuse_imr_update_irq(s);
463 }
464 
465 static void efuse_rd_addr_postw(RegisterInfo *reg, uint64_t val64)
466 {
467     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
468     unsigned bit = val64;
469     bool denied;
470 
471     /* Always zero out RD_ADDR because it is write-only */
472     s->regs[R_EFUSE_RD_ADDR] = 0;
473 
474     /*
475      * Indicate error if row is read-blocked.
476      *
477      * Note: model must NEVER clear the RD_ERROR bit; it is
478      *       up to guest to do so (or by reset).
479      */
480     s->regs[R_EFUSE_RD_DATA] = xlnx_versal_efuse_read_row(s->efuse,
481                                                           bit, &denied);
482     if (denied) {
483         g_autofree char *path = object_get_canonical_path(OBJECT(s));
484 
485         qemu_log_mask(LOG_GUEST_ERROR,
486                       "%s: Denied reading of efuse<%u, %u>\n",
487                       path,
488                       FIELD_EX32(bit, EFUSE_RD_ADDR, PAGE),
489                       FIELD_EX32(bit, EFUSE_RD_ADDR, ROW));
490 
491         ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_ERROR, 1);
492     }
493 
494     ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_DONE, 1);
495     efuse_imr_update_irq(s);
496     return;
497 }
498 
499 static uint64_t efuse_cache_load_prew(RegisterInfo *reg, uint64_t val64)
500 {
501     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
502 
503     if (val64 & R_EFUSE_CACHE_LOAD_LOAD_MASK) {
504         efuse_data_sync(s);
505 
506         ARRAY_FIELD_DP32(s->regs, STATUS, CACHE_DONE, 1);
507         efuse_imr_update_irq(s);
508     }
509 
510     return 0;
511 }
512 
513 static uint64_t efuse_pgm_lock_prew(RegisterInfo *reg, uint64_t val64)
514 {
515     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque);
516 
517     /* Ignore all other bits */
518     val64 = FIELD_EX32(val64, EFUSE_PGM_LOCK, SPK_ID_LOCK);
519 
520     /* Once the bit is written 1, only reset will clear it to 0 */
521     val64 |= ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK);
522 
523     return val64;
524 }
525 
526 static void efuse_aes_crc_postw(RegisterInfo *reg, uint64_t val64)
527 {
528     efuse_key_crc_check(reg, val64,
529                         R_STATUS_AES_CRC_PASS_MASK,
530                         R_STATUS_AES_CRC_DONE_MASK,
531                         EFUSE_AES_KEY_START,
532                         EFUSE_AES_KEY_CRC_LK_MASK);
533 }
534 
535 static void efuse_aes_u0_crc_postw(RegisterInfo *reg, uint64_t val64)
536 {
537     efuse_key_crc_check(reg, val64,
538                         R_STATUS_AES_USER_KEY_0_CRC_PASS_MASK,
539                         R_STATUS_AES_USER_KEY_0_CRC_DONE_MASK,
540                         EFUSE_USER_KEY_0_START,
541                         EFUSE_USER_KEY_0_CRC_LK_MASK);
542 }
543 
544 static void efuse_aes_u1_crc_postw(RegisterInfo *reg, uint64_t val64)
545 {
546     efuse_key_crc_check(reg, val64,
547                         R_STATUS_AES_USER_KEY_1_CRC_PASS_MASK,
548                         R_STATUS_AES_USER_KEY_1_CRC_DONE_MASK,
549                         EFUSE_USER_KEY_1_START,
550                         EFUSE_USER_KEY_1_CRC_LK_MASK);
551 }
552 
553 static uint64_t efuse_wr_lock_prew(RegisterInfo *reg, uint64_t val)
554 {
555     return val != R_WR_LOCK_UNLOCK_PASSCODE;
556 }
557 
558 static const RegisterAccessInfo efuse_ctrl_regs_info[] = {
559     {   .name = "WR_LOCK",  .addr = A_WR_LOCK,
560         .reset = 0x1,
561         .pre_write = efuse_wr_lock_prew,
562     },{ .name = "CFG",  .addr = A_CFG,
563         .rsvd = 0x9,
564     },{ .name = "STATUS",  .addr = A_STATUS,
565         .rsvd = 0x8,
566         .ro = 0xfff,
567     },{ .name = "EFUSE_PGM_ADDR",  .addr = A_EFUSE_PGM_ADDR,
568         .post_write = efuse_pgm_addr_postw,
569     },{ .name = "EFUSE_RD_ADDR",  .addr = A_EFUSE_RD_ADDR,
570         .rsvd = 0x1f,
571         .post_write = efuse_rd_addr_postw,
572     },{ .name = "EFUSE_RD_DATA",  .addr = A_EFUSE_RD_DATA,
573         .ro = 0xffffffff,
574     },{ .name = "TPGM",  .addr = A_TPGM,
575     },{ .name = "TRD",  .addr = A_TRD,
576         .reset = 0x19,
577     },{ .name = "TSU_H_PS",  .addr = A_TSU_H_PS,
578         .reset = 0xff,
579     },{ .name = "TSU_H_PS_CS",  .addr = A_TSU_H_PS_CS,
580         .reset = 0x11,
581     },{ .name = "TRDM",  .addr = A_TRDM,
582         .reset = 0x3a,
583     },{ .name = "TSU_H_CS",  .addr = A_TSU_H_CS,
584         .reset = 0x16,
585     },{ .name = "EFUSE_ISR",  .addr = A_EFUSE_ISR,
586         .rsvd = 0x7fff8000,
587         .w1c = 0x80007fff,
588         .post_write = efuse_isr_postw,
589     },{ .name = "EFUSE_IMR",  .addr = A_EFUSE_IMR,
590         .reset = 0x80007fff,
591         .rsvd = 0x7fff8000,
592         .ro = 0xffffffff,
593     },{ .name = "EFUSE_IER",  .addr = A_EFUSE_IER,
594         .rsvd = 0x7fff8000,
595         .pre_write = efuse_ier_prew,
596     },{ .name = "EFUSE_IDR",  .addr = A_EFUSE_IDR,
597         .rsvd = 0x7fff8000,
598         .pre_write = efuse_idr_prew,
599     },{ .name = "EFUSE_CACHE_LOAD",  .addr = A_EFUSE_CACHE_LOAD,
600         .pre_write = efuse_cache_load_prew,
601     },{ .name = "EFUSE_PGM_LOCK",  .addr = A_EFUSE_PGM_LOCK,
602         .pre_write = efuse_pgm_lock_prew,
603     },{ .name = "EFUSE_AES_CRC",  .addr = A_EFUSE_AES_CRC,
604         .post_write = efuse_aes_crc_postw,
605     },{ .name = "EFUSE_AES_USR_KEY0_CRC",  .addr = A_EFUSE_AES_USR_KEY0_CRC,
606         .post_write = efuse_aes_u0_crc_postw,
607     },{ .name = "EFUSE_AES_USR_KEY1_CRC",  .addr = A_EFUSE_AES_USR_KEY1_CRC,
608         .post_write = efuse_aes_u1_crc_postw,
609     },{ .name = "EFUSE_PD",  .addr = A_EFUSE_PD,
610         .ro = 0xfffffffe,
611     },{ .name = "EFUSE_ANLG_OSC_SW_1LP",  .addr = A_EFUSE_ANLG_OSC_SW_1LP,
612     },{ .name = "EFUSE_TEST_CTRL",  .addr = A_EFUSE_TEST_CTRL,
613         .reset = 0x8,
614     }
615 };
616 
617 static void efuse_ctrl_reg_write(void *opaque, hwaddr addr,
618                                  uint64_t data, unsigned size)
619 {
620     RegisterInfoArray *reg_array = opaque;
621     XlnxVersalEFuseCtrl *s;
622     Object *dev;
623 
624     assert(reg_array != NULL);
625 
626     dev = reg_array->mem.owner;
627     assert(dev);
628 
629     s = XLNX_VERSAL_EFUSE_CTRL(dev);
630 
631     if (addr != A_WR_LOCK && s->regs[R_WR_LOCK]) {
632         g_autofree char *path = object_get_canonical_path(OBJECT(s));
633 
634         qemu_log_mask(LOG_GUEST_ERROR,
635                       "%s[reg_0x%02lx]: Attempt to write locked register.\n",
636                       path, (long)addr);
637     } else {
638         register_write_memory(opaque, addr, data, size);
639     }
640 }
641 
642 static void efuse_ctrl_register_reset(RegisterInfo *reg)
643 {
644     if (!reg->data || !reg->access) {
645         return;
646     }
647 
648     /* Reset must not trigger some registers' writers */
649     switch (reg->access->addr) {
650     case A_EFUSE_AES_CRC:
651     case A_EFUSE_AES_USR_KEY0_CRC:
652     case A_EFUSE_AES_USR_KEY1_CRC:
653         *(uint32_t *)reg->data = reg->access->reset;
654         return;
655     }
656 
657     register_reset(reg);
658 }
659 
660 static void efuse_ctrl_reset(DeviceState *dev)
661 {
662     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev);
663     unsigned int i;
664 
665     for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) {
666         efuse_ctrl_register_reset(&s->regs_info[i]);
667     }
668 
669     efuse_anchor_bits_check(s);
670     efuse_data_sync(s);
671     efuse_imr_update_irq(s);
672 }
673 
674 static const MemoryRegionOps efuse_ctrl_ops = {
675     .read = register_read_memory,
676     .write = efuse_ctrl_reg_write,
677     .endianness = DEVICE_LITTLE_ENDIAN,
678     .valid = {
679         .min_access_size = 4,
680         .max_access_size = 4,
681     },
682 };
683 
684 static void efuse_ctrl_realize(DeviceState *dev, Error **errp)
685 {
686     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev);
687     const uint32_t lks_sz = sizeof(XlnxEFuseLkSpec) / 2;
688 
689     if (!s->efuse) {
690         g_autofree char *path = object_get_canonical_path(OBJECT(s));
691 
692         error_setg(errp, "%s.efuse: link property not connected to XLNX-EFUSE",
693                    path);
694         return;
695     }
696 
697     /* Sort property-defined pgm-locks for bsearch lookup */
698     if ((s->extra_pg0_lock_n16 % lks_sz) != 0) {
699         g_autofree char *path = object_get_canonical_path(OBJECT(s));
700 
701         error_setg(errp,
702                    "%s.pg0-lock: array property item-count not multiple of %u",
703                    path, lks_sz);
704         return;
705     }
706 
707     efuse_lk_spec_sort(s);
708 }
709 
710 static void efuse_ctrl_init(Object *obj)
711 {
712     XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
713     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
714     RegisterInfoArray *reg_array;
715 
716     reg_array =
717         register_init_block32(DEVICE(obj), efuse_ctrl_regs_info,
718                               ARRAY_SIZE(efuse_ctrl_regs_info),
719                               s->regs_info, s->regs,
720                               &efuse_ctrl_ops,
721                               XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG,
722                               R_MAX * 4);
723 
724     sysbus_init_mmio(sbd, &reg_array->mem);
725     sysbus_init_irq(sbd, &s->irq_efuse_imr);
726 }
727 
728 static const VMStateDescription vmstate_efuse_ctrl = {
729     .name = TYPE_XLNX_VERSAL_EFUSE_CTRL,
730     .version_id = 1,
731     .minimum_version_id = 1,
732     .fields = (VMStateField[]) {
733         VMSTATE_UINT32_ARRAY(regs, XlnxVersalEFuseCtrl, R_MAX),
734         VMSTATE_END_OF_LIST(),
735     }
736 };
737 
738 static Property efuse_ctrl_props[] = {
739     DEFINE_PROP_LINK("efuse",
740                      XlnxVersalEFuseCtrl, efuse,
741                      TYPE_XLNX_EFUSE, XlnxEFuse *),
742     DEFINE_PROP_ARRAY("pg0-lock",
743                       XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
744                       extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
745 
746     DEFINE_PROP_END_OF_LIST(),
747 };
748 
749 static void efuse_ctrl_class_init(ObjectClass *klass, void *data)
750 {
751     DeviceClass *dc = DEVICE_CLASS(klass);
752 
753     dc->reset = efuse_ctrl_reset;
754     dc->realize = efuse_ctrl_realize;
755     dc->vmsd = &vmstate_efuse_ctrl;
756     device_class_set_props(dc, efuse_ctrl_props);
757 }
758 
759 static const TypeInfo efuse_ctrl_info = {
760     .name          = TYPE_XLNX_VERSAL_EFUSE_CTRL,
761     .parent        = TYPE_SYS_BUS_DEVICE,
762     .instance_size = sizeof(XlnxVersalEFuseCtrl),
763     .class_init    = efuse_ctrl_class_init,
764     .instance_init = efuse_ctrl_init,
765 };
766 
767 static void efuse_ctrl_register_types(void)
768 {
769     type_register_static(&efuse_ctrl_info);
770 }
771 
772 type_init(efuse_ctrl_register_types)
773 
774 /*
775  * Retrieve a row, with unreadable bits returned as 0.
776  */
777 uint32_t xlnx_versal_efuse_read_row(XlnxEFuse *efuse,
778                                     uint32_t bit, bool *denied)
779 {
780     bool dummy;
781 
782     if (!denied) {
783         denied = &dummy;
784     }
785 
786     if (bit >= EFUSE_RD_BLOCKED_START && bit <= EFUSE_RD_BLOCKED_END) {
787         *denied = true;
788         return 0;
789     }
790 
791     *denied = false;
792     return xlnx_efuse_get_row(efuse, bit);
793 }
794