Loading...
1/*
2 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
3 * Copyright 2010 Orex Computed Radiography
4 */
5
6/*
7 * The code contained herein is licensed under the GNU General Public
8 * License. You may obtain a copy of the GNU General Public License
9 * Version 2 or later at the following locations:
10 *
11 * http://www.opensource.org/licenses/gpl-license.html
12 * http://www.gnu.org/copyleft/gpl.html
13 */
14
15/* based on rtc-mc13892.c */
16
17/*
18 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
19 * to implement a Linux RTC. Times and alarms are truncated to seconds.
20 * Since the RTC framework performs API locking via rtc->ops_lock the
21 * only simultaneous accesses we need to deal with is updating DryIce
22 * registers while servicing an alarm.
23 *
24 * Note that reading the DSR (DryIce Status Register) automatically clears
25 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
26 * LP (Low Power) domain and set the WCF upon completion. Writes to the
27 * DIER (DryIce Interrupt Enable Register) are the only exception. These
28 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
29 * not supported by the hardware.
30 */
31
32#include <linux/io.h>
33#include <linux/clk.h>
34#include <linux/delay.h>
35#include <linux/module.h>
36#include <linux/platform_device.h>
37#include <linux/rtc.h>
38#include <linux/sched.h>
39#include <linux/spinlock.h>
40#include <linux/workqueue.h>
41#include <linux/of.h>
42
43/* DryIce Register Definitions */
44
45#define DTCMR 0x00 /* Time Counter MSB Reg */
46#define DTCLR 0x04 /* Time Counter LSB Reg */
47
48#define DCAMR 0x08 /* Clock Alarm MSB Reg */
49#define DCALR 0x0c /* Clock Alarm LSB Reg */
50#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
51
52#define DCR 0x10 /* Control Reg */
53#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
54#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
55#define DCR_KSSL (1 << 27) /* Key-select soft lock */
56#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
57#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
58#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
59#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
60#define DCR_FSHL (1 << 16) /* Failure state hard lock */
61#define DCR_TCE (1 << 3) /* Time Counter Enable */
62#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
63
64#define DSR 0x14 /* Status Reg */
65#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
66#define DSR_ETBD (1 << 22) /* External tamper B detected */
67#define DSR_ETAD (1 << 21) /* External tamper A detected */
68#define DSR_EBD (1 << 20) /* External boot detected */
69#define DSR_SAD (1 << 19) /* SCC alarm detected */
70#define DSR_TTD (1 << 18) /* Temperatur tamper detected */
71#define DSR_CTD (1 << 17) /* Clock tamper detected */
72#define DSR_VTD (1 << 16) /* Voltage tamper detected */
73#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
74#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
75#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
76#define DSR_WEF (1 << 7) /* Write Error Flag */
77#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
78#define DSR_MCO (1 << 3) /* monotonic counter overflow */
79#define DSR_TCO (1 << 2) /* time counter overflow */
80#define DSR_NVF (1 << 1) /* Non-Valid Flag */
81#define DSR_SVF (1 << 0) /* Security Violation Flag */
82
83#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
84#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
85#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
86#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
87#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
88#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
89
90#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
91
92#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
93#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
94#define DTCR_TOE (1 << 8) /* time overflow enabled */
95#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
96#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
97#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
98#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
99#define DTCR_SAIE (1 << 3) /* SCC enabled */
100#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
101#define DTCR_CTE (1 << 1) /* clock tamper enabled */
102#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
103
104#define DGPR 0x3c /* DryIce General Purpose Reg */
105
106/**
107 * struct imxdi_dev - private imxdi rtc data
108 * @pdev: pionter to platform dev
109 * @rtc: pointer to rtc struct
110 * @ioaddr: IO registers pointer
111 * @irq: dryice normal interrupt
112 * @clk: input reference clock
113 * @dsr: copy of the DSR register
114 * @irq_lock: interrupt enable register (DIER) lock
115 * @write_wait: registers write complete queue
116 * @write_mutex: serialize registers write
117 * @work: schedule alarm work
118 */
119struct imxdi_dev {
120 struct platform_device *pdev;
121 struct rtc_device *rtc;
122 void __iomem *ioaddr;
123 int irq;
124 struct clk *clk;
125 u32 dsr;
126 spinlock_t irq_lock;
127 wait_queue_head_t write_wait;
128 struct mutex write_mutex;
129 struct work_struct work;
130};
131
132/* Some background:
133 *
134 * The DryIce unit is a complex security/tamper monitor device. To be able do
135 * its job in a useful manner it runs a bigger statemachine to bring it into
136 * security/tamper failure state and once again to bring it out of this state.
137 *
138 * This unit can be in one of three states:
139 *
140 * - "NON-VALID STATE"
141 * always after the battery power was removed
142 * - "FAILURE STATE"
143 * if one of the enabled security events has happened
144 * - "VALID STATE"
145 * if the unit works as expected
146 *
147 * Everything stops when the unit enters the failure state including the RTC
148 * counter (to be able to detect the time the security event happened).
149 *
150 * The following events (when enabled) let the DryIce unit enter the failure
151 * state:
152 *
153 * - wire-mesh-tamper detect
154 * - external tamper B detect
155 * - external tamper A detect
156 * - temperature tamper detect
157 * - clock tamper detect
158 * - voltage tamper detect
159 * - RTC counter overflow
160 * - monotonic counter overflow
161 * - external boot
162 *
163 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
164 * can only detect this state. In this case the unit is completely locked and
165 * must force a second "SYSTEM POR" to bring the DryIce into the
166 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
167 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
168 * a battery power cycle is required.
169 *
170 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
171 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
172 * task, we bring back this unit into life.
173 */
174
175/*
176 * Do a write into the unit without interrupt support.
177 * We do not need to check the WEF here, because the only reason this kind of
178 * write error can happen is if we write to the unit twice within the 122 us
179 * interval. This cannot happen, since we are using this function only while
180 * setting up the unit.
181 */
182static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
183 unsigned reg)
184{
185 /* do the register write */
186 writel(val, imxdi->ioaddr + reg);
187
188 /*
189 * now it takes four 32,768 kHz clock cycles to take
190 * the change into effect = 122 us
191 */
192 usleep_range(130, 200);
193}
194
195static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
196{
197 u32 dtcr;
198
199 dtcr = readl(imxdi->ioaddr + DTCR);
200
201 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
202 /* the following flags force a transition into the "FAILURE STATE" */
203 if (dsr & DSR_VTD)
204 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
205 dtcr & DTCR_VTE ? "" : "Spurious ");
206
207 if (dsr & DSR_CTD)
208 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
209 dtcr & DTCR_CTE ? "" : "Spurious ");
210
211 if (dsr & DSR_TTD)
212 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
213 dtcr & DTCR_TTE ? "" : "Spurious ");
214
215 if (dsr & DSR_SAD)
216 dev_emerg(&imxdi->pdev->dev,
217 "%sSecure Controller Alarm Event\n",
218 dtcr & DTCR_SAIE ? "" : "Spurious ");
219
220 if (dsr & DSR_EBD)
221 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
222 dtcr & DTCR_EBE ? "" : "Spurious ");
223
224 if (dsr & DSR_ETAD)
225 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
226 dtcr & DTCR_ETAE ? "" : "Spurious ");
227
228 if (dsr & DSR_ETBD)
229 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
230 dtcr & DTCR_ETBE ? "" : "Spurious ");
231
232 if (dsr & DSR_WTD)
233 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
234 dtcr & DTCR_WTE ? "" : "Spurious ");
235
236 if (dsr & DSR_MCO)
237 dev_emerg(&imxdi->pdev->dev,
238 "%sMonotonic-counter Overflow Event\n",
239 dtcr & DTCR_MOE ? "" : "Spurious ");
240
241 if (dsr & DSR_TCO)
242 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
243 dtcr & DTCR_TOE ? "" : "Spurious ");
244}
245
246static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
247 const char *power_supply)
248{
249 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
250 power_supply);
251}
252
253static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
254{
255 u32 dcr;
256
257 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
258
259 /* report the cause */
260 di_report_tamper_info(imxdi, dsr);
261
262 dcr = readl(imxdi->ioaddr + DCR);
263
264 if (dcr & DCR_FSHL) {
265 /* we are out of luck */
266 di_what_is_to_be_done(imxdi, "battery");
267 return -ENODEV;
268 }
269 /*
270 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
271 * into the "NON-VALID STATE" + "FAILURE STATE"
272 */
273 di_what_is_to_be_done(imxdi, "main");
274
275 return -ENODEV;
276}
277
278static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
279{
280 /* initialize alarm */
281 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
282 di_write_busy_wait(imxdi, 0, DCALR);
283
284 /* clear alarm flag */
285 if (dsr & DSR_CAF)
286 di_write_busy_wait(imxdi, DSR_CAF, DSR);
287
288 return 0;
289}
290
291static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
292{
293 u32 dcr, sec;
294
295 /*
296 * lets disable all sources which can force the DryIce unit into
297 * the "FAILURE STATE" for now
298 */
299 di_write_busy_wait(imxdi, 0x00000000, DTCR);
300 /* and lets protect them at runtime from any change */
301 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
302
303 sec = readl(imxdi->ioaddr + DTCMR);
304 if (sec != 0)
305 dev_warn(&imxdi->pdev->dev,
306 "The security violation has happened at %u seconds\n",
307 sec);
308 /*
309 * the timer cannot be set/modified if
310 * - the TCHL or TCSL bit is set in DCR
311 */
312 dcr = readl(imxdi->ioaddr + DCR);
313 if (!(dcr & DCR_TCE)) {
314 if (dcr & DCR_TCHL) {
315 /* we are out of luck */
316 di_what_is_to_be_done(imxdi, "battery");
317 return -ENODEV;
318 }
319 if (dcr & DCR_TCSL) {
320 di_what_is_to_be_done(imxdi, "main");
321 return -ENODEV;
322 }
323 }
324 /*
325 * - the timer counter stops/is stopped if
326 * - its overflow flag is set (TCO in DSR)
327 * -> clear overflow bit to make it count again
328 * - NVF is set in DSR
329 * -> clear non-valid bit to make it count again
330 * - its TCE (DCR) is cleared
331 * -> set TCE to make it count
332 * - it was never set before
333 * -> write a time into it (required again if the NVF was set)
334 */
335 /* state handled */
336 di_write_busy_wait(imxdi, DSR_NVF, DSR);
337 /* clear overflow flag */
338 di_write_busy_wait(imxdi, DSR_TCO, DSR);
339 /* enable the counter */
340 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
341 /* set and trigger it to make it count */
342 di_write_busy_wait(imxdi, sec, DTCMR);
343
344 /* now prepare for the valid state */
345 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
346}
347
348static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
349{
350 u32 dcr;
351
352 /*
353 * now we must first remove the tamper sources in order to get the
354 * device out of the "FAILURE STATE"
355 * To disable any of the following sources we need to modify the DTCR
356 */
357 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
358 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
359 dcr = __raw_readl(imxdi->ioaddr + DCR);
360 if (dcr & DCR_TDCHL) {
361 /*
362 * the tamper register is locked. We cannot disable the
363 * tamper detection. The TDCHL can only be reset by a
364 * DRYICE POR, but we cannot force a DRYICE POR in
365 * softwere because we are still in "FAILURE STATE".
366 * We need a DRYICE POR via battery power cycling....
367 */
368 /*
369 * out of luck!
370 * we cannot disable them without a DRYICE POR
371 */
372 di_what_is_to_be_done(imxdi, "battery");
373 return -ENODEV;
374 }
375 if (dcr & DCR_TDCSL) {
376 /* a soft lock can be removed by a SYSTEM POR */
377 di_what_is_to_be_done(imxdi, "main");
378 return -ENODEV;
379 }
380 }
381
382 /* disable all sources */
383 di_write_busy_wait(imxdi, 0x00000000, DTCR);
384
385 /* clear the status bits now */
386 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
387 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
388 DSR_MCO | DSR_TCO), DSR);
389
390 dsr = readl(imxdi->ioaddr + DSR);
391 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
392 DSR_WCF | DSR_WEF)) != 0)
393 dev_warn(&imxdi->pdev->dev,
394 "There are still some sources of pain in DSR: %08x!\n",
395 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
396 DSR_WCF | DSR_WEF));
397
398 /*
399 * now we are trying to clear the "Security-violation flag" to
400 * get the DryIce out of this state
401 */
402 di_write_busy_wait(imxdi, DSR_SVF, DSR);
403
404 /* success? */
405 dsr = readl(imxdi->ioaddr + DSR);
406 if (dsr & DSR_SVF) {
407 dev_crit(&imxdi->pdev->dev,
408 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
409 /* last resort */
410 di_what_is_to_be_done(imxdi, "battery");
411 return -ENODEV;
412 }
413
414 /*
415 * now we have left the "FAILURE STATE" and ending up in the
416 * "NON-VALID STATE" time to recover everything
417 */
418 return di_handle_invalid_state(imxdi, dsr);
419}
420
421static int di_handle_state(struct imxdi_dev *imxdi)
422{
423 int rc;
424 u32 dsr;
425
426 dsr = readl(imxdi->ioaddr + DSR);
427
428 switch (dsr & (DSR_NVF | DSR_SVF)) {
429 case DSR_NVF:
430 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
431 rc = di_handle_invalid_state(imxdi, dsr);
432 break;
433 case DSR_SVF:
434 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
435 rc = di_handle_failure_state(imxdi, dsr);
436 break;
437 case DSR_NVF | DSR_SVF:
438 dev_warn(&imxdi->pdev->dev,
439 "Failure+Invalid stated unit detected\n");
440 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
441 break;
442 default:
443 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
444 rc = di_handle_valid_state(imxdi, dsr);
445 }
446
447 return rc;
448}
449
450/*
451 * enable a dryice interrupt
452 */
453static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
454{
455 unsigned long flags;
456
457 spin_lock_irqsave(&imxdi->irq_lock, flags);
458 writel(readl(imxdi->ioaddr + DIER) | intr,
459 imxdi->ioaddr + DIER);
460 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
461}
462
463/*
464 * disable a dryice interrupt
465 */
466static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
467{
468 unsigned long flags;
469
470 spin_lock_irqsave(&imxdi->irq_lock, flags);
471 writel(readl(imxdi->ioaddr + DIER) & ~intr,
472 imxdi->ioaddr + DIER);
473 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
474}
475
476/*
477 * This function attempts to clear the dryice write-error flag.
478 *
479 * A dryice write error is similar to a bus fault and should not occur in
480 * normal operation. Clearing the flag requires another write, so the root
481 * cause of the problem may need to be fixed before the flag can be cleared.
482 */
483static void clear_write_error(struct imxdi_dev *imxdi)
484{
485 int cnt;
486
487 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
488
489 /* clear the write error flag */
490 writel(DSR_WEF, imxdi->ioaddr + DSR);
491
492 /* wait for it to take effect */
493 for (cnt = 0; cnt < 1000; cnt++) {
494 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
495 return;
496 udelay(10);
497 }
498 dev_err(&imxdi->pdev->dev,
499 "ERROR: Cannot clear write-error flag!\n");
500}
501
502/*
503 * Write a dryice register and wait until it completes.
504 *
505 * This function uses interrupts to determine when the
506 * write has completed.
507 */
508static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
509{
510 int ret;
511 int rc = 0;
512
513 /* serialize register writes */
514 mutex_lock(&imxdi->write_mutex);
515
516 /* enable the write-complete interrupt */
517 di_int_enable(imxdi, DIER_WCIE);
518
519 imxdi->dsr = 0;
520
521 /* do the register write */
522 writel(val, imxdi->ioaddr + reg);
523
524 /* wait for the write to finish */
525 ret = wait_event_interruptible_timeout(imxdi->write_wait,
526 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
527 if (ret < 0) {
528 rc = ret;
529 goto out;
530 } else if (ret == 0) {
531 dev_warn(&imxdi->pdev->dev,
532 "Write-wait timeout "
533 "val = 0x%08x reg = 0x%08x\n", val, reg);
534 }
535
536 /* check for write error */
537 if (imxdi->dsr & DSR_WEF) {
538 clear_write_error(imxdi);
539 rc = -EIO;
540 }
541
542out:
543 mutex_unlock(&imxdi->write_mutex);
544
545 return rc;
546}
547
548/*
549 * read the seconds portion of the current time from the dryice time counter
550 */
551static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
552{
553 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
554 unsigned long now;
555
556 now = readl(imxdi->ioaddr + DTCMR);
557 rtc_time_to_tm(now, tm);
558
559 return 0;
560}
561
562/*
563 * set the seconds portion of dryice time counter and clear the
564 * fractional part.
565 */
566static int dryice_rtc_set_mmss(struct device *dev, unsigned long secs)
567{
568 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
569 u32 dcr, dsr;
570 int rc;
571
572 dcr = readl(imxdi->ioaddr + DCR);
573 dsr = readl(imxdi->ioaddr + DSR);
574
575 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
576 if (dcr & DCR_TCHL) {
577 /* we are even more out of luck */
578 di_what_is_to_be_done(imxdi, "battery");
579 return -EPERM;
580 }
581 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
582 /* we are out of luck for now */
583 di_what_is_to_be_done(imxdi, "main");
584 return -EPERM;
585 }
586 }
587
588 /* zero the fractional part first */
589 rc = di_write_wait(imxdi, 0, DTCLR);
590 if (rc != 0)
591 return rc;
592
593 rc = di_write_wait(imxdi, secs, DTCMR);
594 if (rc != 0)
595 return rc;
596
597 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
598}
599
600static int dryice_rtc_alarm_irq_enable(struct device *dev,
601 unsigned int enabled)
602{
603 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
604
605 if (enabled)
606 di_int_enable(imxdi, DIER_CAIE);
607 else
608 di_int_disable(imxdi, DIER_CAIE);
609
610 return 0;
611}
612
613/*
614 * read the seconds portion of the alarm register.
615 * the fractional part of the alarm register is always zero.
616 */
617static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
618{
619 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
620 u32 dcamr;
621
622 dcamr = readl(imxdi->ioaddr + DCAMR);
623 rtc_time_to_tm(dcamr, &alarm->time);
624
625 /* alarm is enabled if the interrupt is enabled */
626 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
627
628 /* don't allow the DSR read to mess up DSR_WCF */
629 mutex_lock(&imxdi->write_mutex);
630
631 /* alarm is pending if the alarm flag is set */
632 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
633
634 mutex_unlock(&imxdi->write_mutex);
635
636 return 0;
637}
638
639/*
640 * set the seconds portion of dryice alarm register
641 */
642static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
643{
644 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
645 unsigned long now;
646 unsigned long alarm_time;
647 int rc;
648
649 rc = rtc_tm_to_time(&alarm->time, &alarm_time);
650 if (rc)
651 return rc;
652
653 /* don't allow setting alarm in the past */
654 now = readl(imxdi->ioaddr + DTCMR);
655 if (alarm_time < now)
656 return -EINVAL;
657
658 /* write the new alarm time */
659 rc = di_write_wait(imxdi, (u32)alarm_time, DCAMR);
660 if (rc)
661 return rc;
662
663 if (alarm->enabled)
664 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
665 else
666 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
667
668 return 0;
669}
670
671static struct rtc_class_ops dryice_rtc_ops = {
672 .read_time = dryice_rtc_read_time,
673 .set_mmss = dryice_rtc_set_mmss,
674 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
675 .read_alarm = dryice_rtc_read_alarm,
676 .set_alarm = dryice_rtc_set_alarm,
677};
678
679/*
680 * dryice "normal" interrupt handler
681 */
682static irqreturn_t dryice_norm_irq(int irq, void *dev_id)
683{
684 struct imxdi_dev *imxdi = dev_id;
685 u32 dsr, dier;
686 irqreturn_t rc = IRQ_NONE;
687
688 dier = readl(imxdi->ioaddr + DIER);
689 dsr = readl(imxdi->ioaddr + DSR);
690
691 /* handle the security violation event */
692 if (dier & DIER_SVIE) {
693 if (dsr & DSR_SVF) {
694 /*
695 * Disable the interrupt when this kind of event has
696 * happened.
697 * There cannot be more than one event of this type,
698 * because it needs a complex state change
699 * including a main power cycle to get again out of
700 * this state.
701 */
702 di_int_disable(imxdi, DIER_SVIE);
703 /* report the violation */
704 di_report_tamper_info(imxdi, dsr);
705 rc = IRQ_HANDLED;
706 }
707 }
708
709 /* handle write complete and write error cases */
710 if (dier & DIER_WCIE) {
711 /*If the write wait queue is empty then there is no pending
712 operations. It means the interrupt is for DryIce -Security.
713 IRQ must be returned as none.*/
714 if (list_empty_careful(&imxdi->write_wait.task_list))
715 return rc;
716
717 /* DSR_WCF clears itself on DSR read */
718 if (dsr & (DSR_WCF | DSR_WEF)) {
719 /* mask the interrupt */
720 di_int_disable(imxdi, DIER_WCIE);
721
722 /* save the dsr value for the wait queue */
723 imxdi->dsr |= dsr;
724
725 wake_up_interruptible(&imxdi->write_wait);
726 rc = IRQ_HANDLED;
727 }
728 }
729
730 /* handle the alarm case */
731 if (dier & DIER_CAIE) {
732 /* DSR_WCF clears itself on DSR read */
733 if (dsr & DSR_CAF) {
734 /* mask the interrupt */
735 di_int_disable(imxdi, DIER_CAIE);
736
737 /* finish alarm in user context */
738 schedule_work(&imxdi->work);
739 rc = IRQ_HANDLED;
740 }
741 }
742 return rc;
743}
744
745/*
746 * post the alarm event from user context so it can sleep
747 * on the write completion.
748 */
749static void dryice_work(struct work_struct *work)
750{
751 struct imxdi_dev *imxdi = container_of(work,
752 struct imxdi_dev, work);
753
754 /* dismiss the interrupt (ignore error) */
755 di_write_wait(imxdi, DSR_CAF, DSR);
756
757 /* pass the alarm event to the rtc framework. */
758 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
759}
760
761/*
762 * probe for dryice rtc device
763 */
764static int __init dryice_rtc_probe(struct platform_device *pdev)
765{
766 struct resource *res;
767 struct imxdi_dev *imxdi;
768 int rc;
769
770 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
771 if (!imxdi)
772 return -ENOMEM;
773
774 imxdi->pdev = pdev;
775
776 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
777 imxdi->ioaddr = devm_ioremap_resource(&pdev->dev, res);
778 if (IS_ERR(imxdi->ioaddr))
779 return PTR_ERR(imxdi->ioaddr);
780
781 spin_lock_init(&imxdi->irq_lock);
782
783 imxdi->irq = platform_get_irq(pdev, 0);
784 if (imxdi->irq < 0)
785 return imxdi->irq;
786
787 init_waitqueue_head(&imxdi->write_wait);
788
789 INIT_WORK(&imxdi->work, dryice_work);
790
791 mutex_init(&imxdi->write_mutex);
792
793 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
794 if (IS_ERR(imxdi->clk))
795 return PTR_ERR(imxdi->clk);
796 rc = clk_prepare_enable(imxdi->clk);
797 if (rc)
798 return rc;
799
800 /*
801 * Initialize dryice hardware
802 */
803
804 /* mask all interrupts */
805 writel(0, imxdi->ioaddr + DIER);
806
807 rc = di_handle_state(imxdi);
808 if (rc != 0)
809 goto err;
810
811 rc = devm_request_irq(&pdev->dev, imxdi->irq, dryice_norm_irq,
812 IRQF_SHARED, pdev->name, imxdi);
813 if (rc) {
814 dev_warn(&pdev->dev, "interrupt not available.\n");
815 goto err;
816 }
817
818 platform_set_drvdata(pdev, imxdi);
819 imxdi->rtc = devm_rtc_device_register(&pdev->dev, pdev->name,
820 &dryice_rtc_ops, THIS_MODULE);
821 if (IS_ERR(imxdi->rtc)) {
822 rc = PTR_ERR(imxdi->rtc);
823 goto err;
824 }
825
826 return 0;
827
828err:
829 clk_disable_unprepare(imxdi->clk);
830
831 return rc;
832}
833
834static int __exit dryice_rtc_remove(struct platform_device *pdev)
835{
836 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
837
838 flush_work(&imxdi->work);
839
840 /* mask all interrupts */
841 writel(0, imxdi->ioaddr + DIER);
842
843 clk_disable_unprepare(imxdi->clk);
844
845 return 0;
846}
847
848#ifdef CONFIG_OF
849static const struct of_device_id dryice_dt_ids[] = {
850 { .compatible = "fsl,imx25-rtc" },
851 { /* sentinel */ }
852};
853
854MODULE_DEVICE_TABLE(of, dryice_dt_ids);
855#endif
856
857static struct platform_driver dryice_rtc_driver = {
858 .driver = {
859 .name = "imxdi_rtc",
860 .of_match_table = of_match_ptr(dryice_dt_ids),
861 },
862 .remove = __exit_p(dryice_rtc_remove),
863};
864
865module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
866
867MODULE_AUTHOR("Freescale Semiconductor, Inc.");
868MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
869MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
870MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
4 * Copyright 2010 Orex Computed Radiography
5 */
6
7/*
8 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
9 * to implement a Linux RTC. Times and alarms are truncated to seconds.
10 * Since the RTC framework performs API locking via rtc->ops_lock the
11 * only simultaneous accesses we need to deal with is updating DryIce
12 * registers while servicing an alarm.
13 *
14 * Note that reading the DSR (DryIce Status Register) automatically clears
15 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
16 * LP (Low Power) domain and set the WCF upon completion. Writes to the
17 * DIER (DryIce Interrupt Enable Register) are the only exception. These
18 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
19 * not supported by the hardware.
20 */
21
22#include <linux/io.h>
23#include <linux/clk.h>
24#include <linux/delay.h>
25#include <linux/module.h>
26#include <linux/platform_device.h>
27#include <linux/rtc.h>
28#include <linux/sched.h>
29#include <linux/spinlock.h>
30#include <linux/workqueue.h>
31#include <linux/of.h>
32
33/* DryIce Register Definitions */
34
35#define DTCMR 0x00 /* Time Counter MSB Reg */
36#define DTCLR 0x04 /* Time Counter LSB Reg */
37
38#define DCAMR 0x08 /* Clock Alarm MSB Reg */
39#define DCALR 0x0c /* Clock Alarm LSB Reg */
40#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
41
42#define DCR 0x10 /* Control Reg */
43#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
44#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
45#define DCR_KSSL (1 << 27) /* Key-select soft lock */
46#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
47#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
48#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
49#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
50#define DCR_FSHL (1 << 16) /* Failure state hard lock */
51#define DCR_TCE (1 << 3) /* Time Counter Enable */
52#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
53
54#define DSR 0x14 /* Status Reg */
55#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
56#define DSR_ETBD (1 << 22) /* External tamper B detected */
57#define DSR_ETAD (1 << 21) /* External tamper A detected */
58#define DSR_EBD (1 << 20) /* External boot detected */
59#define DSR_SAD (1 << 19) /* SCC alarm detected */
60#define DSR_TTD (1 << 18) /* Temperature tamper detected */
61#define DSR_CTD (1 << 17) /* Clock tamper detected */
62#define DSR_VTD (1 << 16) /* Voltage tamper detected */
63#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
64#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
65#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
66#define DSR_WEF (1 << 7) /* Write Error Flag */
67#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
68#define DSR_MCO (1 << 3) /* monotonic counter overflow */
69#define DSR_TCO (1 << 2) /* time counter overflow */
70#define DSR_NVF (1 << 1) /* Non-Valid Flag */
71#define DSR_SVF (1 << 0) /* Security Violation Flag */
72
73#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
74#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
75#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
76#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
77#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
78#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
79
80#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
81
82#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
83#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
84#define DTCR_TOE (1 << 8) /* time overflow enabled */
85#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
86#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
87#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
88#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
89#define DTCR_SAIE (1 << 3) /* SCC enabled */
90#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
91#define DTCR_CTE (1 << 1) /* clock tamper enabled */
92#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
93
94#define DGPR 0x3c /* DryIce General Purpose Reg */
95
96/**
97 * struct imxdi_dev - private imxdi rtc data
98 * @pdev: pointer to platform dev
99 * @rtc: pointer to rtc struct
100 * @ioaddr: IO registers pointer
101 * @clk: input reference clock
102 * @dsr: copy of the DSR register
103 * @irq_lock: interrupt enable register (DIER) lock
104 * @write_wait: registers write complete queue
105 * @write_mutex: serialize registers write
106 * @work: schedule alarm work
107 */
108struct imxdi_dev {
109 struct platform_device *pdev;
110 struct rtc_device *rtc;
111 void __iomem *ioaddr;
112 struct clk *clk;
113 u32 dsr;
114 spinlock_t irq_lock;
115 wait_queue_head_t write_wait;
116 struct mutex write_mutex;
117 struct work_struct work;
118};
119
120/* Some background:
121 *
122 * The DryIce unit is a complex security/tamper monitor device. To be able do
123 * its job in a useful manner it runs a bigger statemachine to bring it into
124 * security/tamper failure state and once again to bring it out of this state.
125 *
126 * This unit can be in one of three states:
127 *
128 * - "NON-VALID STATE"
129 * always after the battery power was removed
130 * - "FAILURE STATE"
131 * if one of the enabled security events has happened
132 * - "VALID STATE"
133 * if the unit works as expected
134 *
135 * Everything stops when the unit enters the failure state including the RTC
136 * counter (to be able to detect the time the security event happened).
137 *
138 * The following events (when enabled) let the DryIce unit enter the failure
139 * state:
140 *
141 * - wire-mesh-tamper detect
142 * - external tamper B detect
143 * - external tamper A detect
144 * - temperature tamper detect
145 * - clock tamper detect
146 * - voltage tamper detect
147 * - RTC counter overflow
148 * - monotonic counter overflow
149 * - external boot
150 *
151 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
152 * can only detect this state. In this case the unit is completely locked and
153 * must force a second "SYSTEM POR" to bring the DryIce into the
154 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
155 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
156 * a battery power cycle is required.
157 *
158 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
159 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
160 * task, we bring back this unit into life.
161 */
162
163/*
164 * Do a write into the unit without interrupt support.
165 * We do not need to check the WEF here, because the only reason this kind of
166 * write error can happen is if we write to the unit twice within the 122 us
167 * interval. This cannot happen, since we are using this function only while
168 * setting up the unit.
169 */
170static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
171 unsigned reg)
172{
173 /* do the register write */
174 writel(val, imxdi->ioaddr + reg);
175
176 /*
177 * now it takes four 32,768 kHz clock cycles to take
178 * the change into effect = 122 us
179 */
180 usleep_range(130, 200);
181}
182
183static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
184{
185 u32 dtcr;
186
187 dtcr = readl(imxdi->ioaddr + DTCR);
188
189 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
190 /* the following flags force a transition into the "FAILURE STATE" */
191 if (dsr & DSR_VTD)
192 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
193 dtcr & DTCR_VTE ? "" : "Spurious ");
194
195 if (dsr & DSR_CTD)
196 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
197 dtcr & DTCR_CTE ? "" : "Spurious ");
198
199 if (dsr & DSR_TTD)
200 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
201 dtcr & DTCR_TTE ? "" : "Spurious ");
202
203 if (dsr & DSR_SAD)
204 dev_emerg(&imxdi->pdev->dev,
205 "%sSecure Controller Alarm Event\n",
206 dtcr & DTCR_SAIE ? "" : "Spurious ");
207
208 if (dsr & DSR_EBD)
209 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
210 dtcr & DTCR_EBE ? "" : "Spurious ");
211
212 if (dsr & DSR_ETAD)
213 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
214 dtcr & DTCR_ETAE ? "" : "Spurious ");
215
216 if (dsr & DSR_ETBD)
217 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
218 dtcr & DTCR_ETBE ? "" : "Spurious ");
219
220 if (dsr & DSR_WTD)
221 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
222 dtcr & DTCR_WTE ? "" : "Spurious ");
223
224 if (dsr & DSR_MCO)
225 dev_emerg(&imxdi->pdev->dev,
226 "%sMonotonic-counter Overflow Event\n",
227 dtcr & DTCR_MOE ? "" : "Spurious ");
228
229 if (dsr & DSR_TCO)
230 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
231 dtcr & DTCR_TOE ? "" : "Spurious ");
232}
233
234static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
235 const char *power_supply)
236{
237 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
238 power_supply);
239}
240
241static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
242{
243 u32 dcr;
244
245 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
246
247 /* report the cause */
248 di_report_tamper_info(imxdi, dsr);
249
250 dcr = readl(imxdi->ioaddr + DCR);
251
252 if (dcr & DCR_FSHL) {
253 /* we are out of luck */
254 di_what_is_to_be_done(imxdi, "battery");
255 return -ENODEV;
256 }
257 /*
258 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
259 * into the "NON-VALID STATE" + "FAILURE STATE"
260 */
261 di_what_is_to_be_done(imxdi, "main");
262
263 return -ENODEV;
264}
265
266static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
267{
268 /* initialize alarm */
269 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
270 di_write_busy_wait(imxdi, 0, DCALR);
271
272 /* clear alarm flag */
273 if (dsr & DSR_CAF)
274 di_write_busy_wait(imxdi, DSR_CAF, DSR);
275
276 return 0;
277}
278
279static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
280{
281 u32 dcr, sec;
282
283 /*
284 * lets disable all sources which can force the DryIce unit into
285 * the "FAILURE STATE" for now
286 */
287 di_write_busy_wait(imxdi, 0x00000000, DTCR);
288 /* and lets protect them at runtime from any change */
289 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
290
291 sec = readl(imxdi->ioaddr + DTCMR);
292 if (sec != 0)
293 dev_warn(&imxdi->pdev->dev,
294 "The security violation has happened at %u seconds\n",
295 sec);
296 /*
297 * the timer cannot be set/modified if
298 * - the TCHL or TCSL bit is set in DCR
299 */
300 dcr = readl(imxdi->ioaddr + DCR);
301 if (!(dcr & DCR_TCE)) {
302 if (dcr & DCR_TCHL) {
303 /* we are out of luck */
304 di_what_is_to_be_done(imxdi, "battery");
305 return -ENODEV;
306 }
307 if (dcr & DCR_TCSL) {
308 di_what_is_to_be_done(imxdi, "main");
309 return -ENODEV;
310 }
311 }
312 /*
313 * - the timer counter stops/is stopped if
314 * - its overflow flag is set (TCO in DSR)
315 * -> clear overflow bit to make it count again
316 * - NVF is set in DSR
317 * -> clear non-valid bit to make it count again
318 * - its TCE (DCR) is cleared
319 * -> set TCE to make it count
320 * - it was never set before
321 * -> write a time into it (required again if the NVF was set)
322 */
323 /* state handled */
324 di_write_busy_wait(imxdi, DSR_NVF, DSR);
325 /* clear overflow flag */
326 di_write_busy_wait(imxdi, DSR_TCO, DSR);
327 /* enable the counter */
328 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
329 /* set and trigger it to make it count */
330 di_write_busy_wait(imxdi, sec, DTCMR);
331
332 /* now prepare for the valid state */
333 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
334}
335
336static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
337{
338 u32 dcr;
339
340 /*
341 * now we must first remove the tamper sources in order to get the
342 * device out of the "FAILURE STATE"
343 * To disable any of the following sources we need to modify the DTCR
344 */
345 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
346 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
347 dcr = __raw_readl(imxdi->ioaddr + DCR);
348 if (dcr & DCR_TDCHL) {
349 /*
350 * the tamper register is locked. We cannot disable the
351 * tamper detection. The TDCHL can only be reset by a
352 * DRYICE POR, but we cannot force a DRYICE POR in
353 * software because we are still in "FAILURE STATE".
354 * We need a DRYICE POR via battery power cycling....
355 */
356 /*
357 * out of luck!
358 * we cannot disable them without a DRYICE POR
359 */
360 di_what_is_to_be_done(imxdi, "battery");
361 return -ENODEV;
362 }
363 if (dcr & DCR_TDCSL) {
364 /* a soft lock can be removed by a SYSTEM POR */
365 di_what_is_to_be_done(imxdi, "main");
366 return -ENODEV;
367 }
368 }
369
370 /* disable all sources */
371 di_write_busy_wait(imxdi, 0x00000000, DTCR);
372
373 /* clear the status bits now */
374 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
375 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
376 DSR_MCO | DSR_TCO), DSR);
377
378 dsr = readl(imxdi->ioaddr + DSR);
379 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
380 DSR_WCF | DSR_WEF)) != 0)
381 dev_warn(&imxdi->pdev->dev,
382 "There are still some sources of pain in DSR: %08x!\n",
383 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
384 DSR_WCF | DSR_WEF));
385
386 /*
387 * now we are trying to clear the "Security-violation flag" to
388 * get the DryIce out of this state
389 */
390 di_write_busy_wait(imxdi, DSR_SVF, DSR);
391
392 /* success? */
393 dsr = readl(imxdi->ioaddr + DSR);
394 if (dsr & DSR_SVF) {
395 dev_crit(&imxdi->pdev->dev,
396 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
397 /* last resort */
398 di_what_is_to_be_done(imxdi, "battery");
399 return -ENODEV;
400 }
401
402 /*
403 * now we have left the "FAILURE STATE" and ending up in the
404 * "NON-VALID STATE" time to recover everything
405 */
406 return di_handle_invalid_state(imxdi, dsr);
407}
408
409static int di_handle_state(struct imxdi_dev *imxdi)
410{
411 int rc;
412 u32 dsr;
413
414 dsr = readl(imxdi->ioaddr + DSR);
415
416 switch (dsr & (DSR_NVF | DSR_SVF)) {
417 case DSR_NVF:
418 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
419 rc = di_handle_invalid_state(imxdi, dsr);
420 break;
421 case DSR_SVF:
422 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
423 rc = di_handle_failure_state(imxdi, dsr);
424 break;
425 case DSR_NVF | DSR_SVF:
426 dev_warn(&imxdi->pdev->dev,
427 "Failure+Invalid stated unit detected\n");
428 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
429 break;
430 default:
431 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
432 rc = di_handle_valid_state(imxdi, dsr);
433 }
434
435 return rc;
436}
437
438/*
439 * enable a dryice interrupt
440 */
441static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
442{
443 unsigned long flags;
444
445 spin_lock_irqsave(&imxdi->irq_lock, flags);
446 writel(readl(imxdi->ioaddr + DIER) | intr,
447 imxdi->ioaddr + DIER);
448 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
449}
450
451/*
452 * disable a dryice interrupt
453 */
454static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
455{
456 unsigned long flags;
457
458 spin_lock_irqsave(&imxdi->irq_lock, flags);
459 writel(readl(imxdi->ioaddr + DIER) & ~intr,
460 imxdi->ioaddr + DIER);
461 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
462}
463
464/*
465 * This function attempts to clear the dryice write-error flag.
466 *
467 * A dryice write error is similar to a bus fault and should not occur in
468 * normal operation. Clearing the flag requires another write, so the root
469 * cause of the problem may need to be fixed before the flag can be cleared.
470 */
471static void clear_write_error(struct imxdi_dev *imxdi)
472{
473 int cnt;
474
475 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
476
477 /* clear the write error flag */
478 writel(DSR_WEF, imxdi->ioaddr + DSR);
479
480 /* wait for it to take effect */
481 for (cnt = 0; cnt < 1000; cnt++) {
482 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
483 return;
484 udelay(10);
485 }
486 dev_err(&imxdi->pdev->dev,
487 "ERROR: Cannot clear write-error flag!\n");
488}
489
490/*
491 * Write a dryice register and wait until it completes.
492 *
493 * This function uses interrupts to determine when the
494 * write has completed.
495 */
496static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
497{
498 int ret;
499 int rc = 0;
500
501 /* serialize register writes */
502 mutex_lock(&imxdi->write_mutex);
503
504 /* enable the write-complete interrupt */
505 di_int_enable(imxdi, DIER_WCIE);
506
507 imxdi->dsr = 0;
508
509 /* do the register write */
510 writel(val, imxdi->ioaddr + reg);
511
512 /* wait for the write to finish */
513 ret = wait_event_interruptible_timeout(imxdi->write_wait,
514 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
515 if (ret < 0) {
516 rc = ret;
517 goto out;
518 } else if (ret == 0) {
519 dev_warn(&imxdi->pdev->dev,
520 "Write-wait timeout "
521 "val = 0x%08x reg = 0x%08x\n", val, reg);
522 }
523
524 /* check for write error */
525 if (imxdi->dsr & DSR_WEF) {
526 clear_write_error(imxdi);
527 rc = -EIO;
528 }
529
530out:
531 mutex_unlock(&imxdi->write_mutex);
532
533 return rc;
534}
535
536/*
537 * read the seconds portion of the current time from the dryice time counter
538 */
539static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
540{
541 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
542 unsigned long now;
543
544 now = readl(imxdi->ioaddr + DTCMR);
545 rtc_time64_to_tm(now, tm);
546
547 return 0;
548}
549
550/*
551 * set the seconds portion of dryice time counter and clear the
552 * fractional part.
553 */
554static int dryice_rtc_set_time(struct device *dev, struct rtc_time *tm)
555{
556 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
557 u32 dcr, dsr;
558 int rc;
559
560 dcr = readl(imxdi->ioaddr + DCR);
561 dsr = readl(imxdi->ioaddr + DSR);
562
563 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
564 if (dcr & DCR_TCHL) {
565 /* we are even more out of luck */
566 di_what_is_to_be_done(imxdi, "battery");
567 return -EPERM;
568 }
569 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
570 /* we are out of luck for now */
571 di_what_is_to_be_done(imxdi, "main");
572 return -EPERM;
573 }
574 }
575
576 /* zero the fractional part first */
577 rc = di_write_wait(imxdi, 0, DTCLR);
578 if (rc != 0)
579 return rc;
580
581 rc = di_write_wait(imxdi, rtc_tm_to_time64(tm), DTCMR);
582 if (rc != 0)
583 return rc;
584
585 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
586}
587
588static int dryice_rtc_alarm_irq_enable(struct device *dev,
589 unsigned int enabled)
590{
591 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
592
593 if (enabled)
594 di_int_enable(imxdi, DIER_CAIE);
595 else
596 di_int_disable(imxdi, DIER_CAIE);
597
598 return 0;
599}
600
601/*
602 * read the seconds portion of the alarm register.
603 * the fractional part of the alarm register is always zero.
604 */
605static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
606{
607 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
608 u32 dcamr;
609
610 dcamr = readl(imxdi->ioaddr + DCAMR);
611 rtc_time64_to_tm(dcamr, &alarm->time);
612
613 /* alarm is enabled if the interrupt is enabled */
614 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
615
616 /* don't allow the DSR read to mess up DSR_WCF */
617 mutex_lock(&imxdi->write_mutex);
618
619 /* alarm is pending if the alarm flag is set */
620 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
621
622 mutex_unlock(&imxdi->write_mutex);
623
624 return 0;
625}
626
627/*
628 * set the seconds portion of dryice alarm register
629 */
630static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
631{
632 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
633 int rc;
634
635 /* write the new alarm time */
636 rc = di_write_wait(imxdi, rtc_tm_to_time64(&alarm->time), DCAMR);
637 if (rc)
638 return rc;
639
640 if (alarm->enabled)
641 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
642 else
643 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
644
645 return 0;
646}
647
648static const struct rtc_class_ops dryice_rtc_ops = {
649 .read_time = dryice_rtc_read_time,
650 .set_time = dryice_rtc_set_time,
651 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
652 .read_alarm = dryice_rtc_read_alarm,
653 .set_alarm = dryice_rtc_set_alarm,
654};
655
656/*
657 * interrupt handler for dryice "normal" and security violation interrupt
658 */
659static irqreturn_t dryice_irq(int irq, void *dev_id)
660{
661 struct imxdi_dev *imxdi = dev_id;
662 u32 dsr, dier;
663 irqreturn_t rc = IRQ_NONE;
664
665 dier = readl(imxdi->ioaddr + DIER);
666 dsr = readl(imxdi->ioaddr + DSR);
667
668 /* handle the security violation event */
669 if (dier & DIER_SVIE) {
670 if (dsr & DSR_SVF) {
671 /*
672 * Disable the interrupt when this kind of event has
673 * happened.
674 * There cannot be more than one event of this type,
675 * because it needs a complex state change
676 * including a main power cycle to get again out of
677 * this state.
678 */
679 di_int_disable(imxdi, DIER_SVIE);
680 /* report the violation */
681 di_report_tamper_info(imxdi, dsr);
682 rc = IRQ_HANDLED;
683 }
684 }
685
686 /* handle write complete and write error cases */
687 if (dier & DIER_WCIE) {
688 /*If the write wait queue is empty then there is no pending
689 operations. It means the interrupt is for DryIce -Security.
690 IRQ must be returned as none.*/
691 if (list_empty_careful(&imxdi->write_wait.head))
692 return rc;
693
694 /* DSR_WCF clears itself on DSR read */
695 if (dsr & (DSR_WCF | DSR_WEF)) {
696 /* mask the interrupt */
697 di_int_disable(imxdi, DIER_WCIE);
698
699 /* save the dsr value for the wait queue */
700 imxdi->dsr |= dsr;
701
702 wake_up_interruptible(&imxdi->write_wait);
703 rc = IRQ_HANDLED;
704 }
705 }
706
707 /* handle the alarm case */
708 if (dier & DIER_CAIE) {
709 /* DSR_WCF clears itself on DSR read */
710 if (dsr & DSR_CAF) {
711 /* mask the interrupt */
712 di_int_disable(imxdi, DIER_CAIE);
713
714 /* finish alarm in user context */
715 schedule_work(&imxdi->work);
716 rc = IRQ_HANDLED;
717 }
718 }
719 return rc;
720}
721
722/*
723 * post the alarm event from user context so it can sleep
724 * on the write completion.
725 */
726static void dryice_work(struct work_struct *work)
727{
728 struct imxdi_dev *imxdi = container_of(work,
729 struct imxdi_dev, work);
730
731 /* dismiss the interrupt (ignore error) */
732 di_write_wait(imxdi, DSR_CAF, DSR);
733
734 /* pass the alarm event to the rtc framework. */
735 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
736}
737
738/*
739 * probe for dryice rtc device
740 */
741static int __init dryice_rtc_probe(struct platform_device *pdev)
742{
743 struct imxdi_dev *imxdi;
744 int norm_irq, sec_irq;
745 int rc;
746
747 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
748 if (!imxdi)
749 return -ENOMEM;
750
751 imxdi->pdev = pdev;
752
753 imxdi->ioaddr = devm_platform_ioremap_resource(pdev, 0);
754 if (IS_ERR(imxdi->ioaddr))
755 return PTR_ERR(imxdi->ioaddr);
756
757 spin_lock_init(&imxdi->irq_lock);
758
759 norm_irq = platform_get_irq(pdev, 0);
760 if (norm_irq < 0)
761 return norm_irq;
762
763 /* the 2nd irq is the security violation irq
764 * make this optional, don't break the device tree ABI
765 */
766 sec_irq = platform_get_irq(pdev, 1);
767 if (sec_irq <= 0)
768 sec_irq = IRQ_NOTCONNECTED;
769
770 init_waitqueue_head(&imxdi->write_wait);
771
772 INIT_WORK(&imxdi->work, dryice_work);
773
774 mutex_init(&imxdi->write_mutex);
775
776 imxdi->rtc = devm_rtc_allocate_device(&pdev->dev);
777 if (IS_ERR(imxdi->rtc))
778 return PTR_ERR(imxdi->rtc);
779
780 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
781 if (IS_ERR(imxdi->clk))
782 return PTR_ERR(imxdi->clk);
783 rc = clk_prepare_enable(imxdi->clk);
784 if (rc)
785 return rc;
786
787 /*
788 * Initialize dryice hardware
789 */
790
791 /* mask all interrupts */
792 writel(0, imxdi->ioaddr + DIER);
793
794 rc = di_handle_state(imxdi);
795 if (rc != 0)
796 goto err;
797
798 rc = devm_request_irq(&pdev->dev, norm_irq, dryice_irq,
799 IRQF_SHARED, pdev->name, imxdi);
800 if (rc) {
801 dev_warn(&pdev->dev, "interrupt not available.\n");
802 goto err;
803 }
804
805 rc = devm_request_irq(&pdev->dev, sec_irq, dryice_irq,
806 IRQF_SHARED, pdev->name, imxdi);
807 if (rc) {
808 dev_warn(&pdev->dev, "security violation interrupt not available.\n");
809 /* this is not an error, see above */
810 }
811
812 platform_set_drvdata(pdev, imxdi);
813
814 imxdi->rtc->ops = &dryice_rtc_ops;
815 imxdi->rtc->range_max = U32_MAX;
816
817 rc = rtc_register_device(imxdi->rtc);
818 if (rc)
819 goto err;
820
821 return 0;
822
823err:
824 clk_disable_unprepare(imxdi->clk);
825
826 return rc;
827}
828
829static int __exit dryice_rtc_remove(struct platform_device *pdev)
830{
831 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
832
833 flush_work(&imxdi->work);
834
835 /* mask all interrupts */
836 writel(0, imxdi->ioaddr + DIER);
837
838 clk_disable_unprepare(imxdi->clk);
839
840 return 0;
841}
842
843#ifdef CONFIG_OF
844static const struct of_device_id dryice_dt_ids[] = {
845 { .compatible = "fsl,imx25-rtc" },
846 { /* sentinel */ }
847};
848
849MODULE_DEVICE_TABLE(of, dryice_dt_ids);
850#endif
851
852static struct platform_driver dryice_rtc_driver = {
853 .driver = {
854 .name = "imxdi_rtc",
855 .of_match_table = of_match_ptr(dryice_dt_ids),
856 },
857 .remove = __exit_p(dryice_rtc_remove),
858};
859
860module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
861
862MODULE_AUTHOR("Freescale Semiconductor, Inc.");
863MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
864MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
865MODULE_LICENSE("GPL");