Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
4 * Copyright 2010 Orex Computed Radiography
5 */
6
7/*
8 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
9 * to implement a Linux RTC. Times and alarms are truncated to seconds.
10 * Since the RTC framework performs API locking via rtc->ops_lock the
11 * only simultaneous accesses we need to deal with is updating DryIce
12 * registers while servicing an alarm.
13 *
14 * Note that reading the DSR (DryIce Status Register) automatically clears
15 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
16 * LP (Low Power) domain and set the WCF upon completion. Writes to the
17 * DIER (DryIce Interrupt Enable Register) are the only exception. These
18 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
19 * not supported by the hardware.
20 */
21
22#include <linux/io.h>
23#include <linux/clk.h>
24#include <linux/delay.h>
25#include <linux/module.h>
26#include <linux/platform_device.h>
27#include <linux/rtc.h>
28#include <linux/sched.h>
29#include <linux/spinlock.h>
30#include <linux/workqueue.h>
31#include <linux/of.h>
32
33/* DryIce Register Definitions */
34
35#define DTCMR 0x00 /* Time Counter MSB Reg */
36#define DTCLR 0x04 /* Time Counter LSB Reg */
37
38#define DCAMR 0x08 /* Clock Alarm MSB Reg */
39#define DCALR 0x0c /* Clock Alarm LSB Reg */
40#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
41
42#define DCR 0x10 /* Control Reg */
43#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
44#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
45#define DCR_KSSL (1 << 27) /* Key-select soft lock */
46#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
47#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
48#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
49#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
50#define DCR_FSHL (1 << 16) /* Failure state hard lock */
51#define DCR_TCE (1 << 3) /* Time Counter Enable */
52#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
53
54#define DSR 0x14 /* Status Reg */
55#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
56#define DSR_ETBD (1 << 22) /* External tamper B detected */
57#define DSR_ETAD (1 << 21) /* External tamper A detected */
58#define DSR_EBD (1 << 20) /* External boot detected */
59#define DSR_SAD (1 << 19) /* SCC alarm detected */
60#define DSR_TTD (1 << 18) /* Temperature tamper detected */
61#define DSR_CTD (1 << 17) /* Clock tamper detected */
62#define DSR_VTD (1 << 16) /* Voltage tamper detected */
63#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
64#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
65#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
66#define DSR_WEF (1 << 7) /* Write Error Flag */
67#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
68#define DSR_MCO (1 << 3) /* monotonic counter overflow */
69#define DSR_TCO (1 << 2) /* time counter overflow */
70#define DSR_NVF (1 << 1) /* Non-Valid Flag */
71#define DSR_SVF (1 << 0) /* Security Violation Flag */
72
73#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
74#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
75#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
76#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
77#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
78#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
79
80#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
81
82#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
83#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
84#define DTCR_TOE (1 << 8) /* time overflow enabled */
85#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
86#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
87#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
88#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
89#define DTCR_SAIE (1 << 3) /* SCC enabled */
90#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
91#define DTCR_CTE (1 << 1) /* clock tamper enabled */
92#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
93
94#define DGPR 0x3c /* DryIce General Purpose Reg */
95
96/**
97 * struct imxdi_dev - private imxdi rtc data
98 * @pdev: pointer to platform dev
99 * @rtc: pointer to rtc struct
100 * @ioaddr: IO registers pointer
101 * @clk: input reference clock
102 * @dsr: copy of the DSR register
103 * @irq_lock: interrupt enable register (DIER) lock
104 * @write_wait: registers write complete queue
105 * @write_mutex: serialize registers write
106 * @work: schedule alarm work
107 */
108struct imxdi_dev {
109 struct platform_device *pdev;
110 struct rtc_device *rtc;
111 void __iomem *ioaddr;
112 struct clk *clk;
113 u32 dsr;
114 spinlock_t irq_lock;
115 wait_queue_head_t write_wait;
116 struct mutex write_mutex;
117 struct work_struct work;
118};
119
120/* Some background:
121 *
122 * The DryIce unit is a complex security/tamper monitor device. To be able do
123 * its job in a useful manner it runs a bigger statemachine to bring it into
124 * security/tamper failure state and once again to bring it out of this state.
125 *
126 * This unit can be in one of three states:
127 *
128 * - "NON-VALID STATE"
129 * always after the battery power was removed
130 * - "FAILURE STATE"
131 * if one of the enabled security events has happened
132 * - "VALID STATE"
133 * if the unit works as expected
134 *
135 * Everything stops when the unit enters the failure state including the RTC
136 * counter (to be able to detect the time the security event happened).
137 *
138 * The following events (when enabled) let the DryIce unit enter the failure
139 * state:
140 *
141 * - wire-mesh-tamper detect
142 * - external tamper B detect
143 * - external tamper A detect
144 * - temperature tamper detect
145 * - clock tamper detect
146 * - voltage tamper detect
147 * - RTC counter overflow
148 * - monotonic counter overflow
149 * - external boot
150 *
151 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
152 * can only detect this state. In this case the unit is completely locked and
153 * must force a second "SYSTEM POR" to bring the DryIce into the
154 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
155 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
156 * a battery power cycle is required.
157 *
158 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
159 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
160 * task, we bring back this unit into life.
161 */
162
163/*
164 * Do a write into the unit without interrupt support.
165 * We do not need to check the WEF here, because the only reason this kind of
166 * write error can happen is if we write to the unit twice within the 122 us
167 * interval. This cannot happen, since we are using this function only while
168 * setting up the unit.
169 */
170static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
171 unsigned reg)
172{
173 /* do the register write */
174 writel(val, imxdi->ioaddr + reg);
175
176 /*
177 * now it takes four 32,768 kHz clock cycles to take
178 * the change into effect = 122 us
179 */
180 usleep_range(130, 200);
181}
182
183static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
184{
185 u32 dtcr;
186
187 dtcr = readl(imxdi->ioaddr + DTCR);
188
189 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
190 /* the following flags force a transition into the "FAILURE STATE" */
191 if (dsr & DSR_VTD)
192 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
193 dtcr & DTCR_VTE ? "" : "Spurious ");
194
195 if (dsr & DSR_CTD)
196 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
197 dtcr & DTCR_CTE ? "" : "Spurious ");
198
199 if (dsr & DSR_TTD)
200 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
201 dtcr & DTCR_TTE ? "" : "Spurious ");
202
203 if (dsr & DSR_SAD)
204 dev_emerg(&imxdi->pdev->dev,
205 "%sSecure Controller Alarm Event\n",
206 dtcr & DTCR_SAIE ? "" : "Spurious ");
207
208 if (dsr & DSR_EBD)
209 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
210 dtcr & DTCR_EBE ? "" : "Spurious ");
211
212 if (dsr & DSR_ETAD)
213 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
214 dtcr & DTCR_ETAE ? "" : "Spurious ");
215
216 if (dsr & DSR_ETBD)
217 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
218 dtcr & DTCR_ETBE ? "" : "Spurious ");
219
220 if (dsr & DSR_WTD)
221 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
222 dtcr & DTCR_WTE ? "" : "Spurious ");
223
224 if (dsr & DSR_MCO)
225 dev_emerg(&imxdi->pdev->dev,
226 "%sMonotonic-counter Overflow Event\n",
227 dtcr & DTCR_MOE ? "" : "Spurious ");
228
229 if (dsr & DSR_TCO)
230 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
231 dtcr & DTCR_TOE ? "" : "Spurious ");
232}
233
234static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
235 const char *power_supply)
236{
237 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
238 power_supply);
239}
240
241static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
242{
243 u32 dcr;
244
245 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
246
247 /* report the cause */
248 di_report_tamper_info(imxdi, dsr);
249
250 dcr = readl(imxdi->ioaddr + DCR);
251
252 if (dcr & DCR_FSHL) {
253 /* we are out of luck */
254 di_what_is_to_be_done(imxdi, "battery");
255 return -ENODEV;
256 }
257 /*
258 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
259 * into the "NON-VALID STATE" + "FAILURE STATE"
260 */
261 di_what_is_to_be_done(imxdi, "main");
262
263 return -ENODEV;
264}
265
266static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
267{
268 /* initialize alarm */
269 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
270 di_write_busy_wait(imxdi, 0, DCALR);
271
272 /* clear alarm flag */
273 if (dsr & DSR_CAF)
274 di_write_busy_wait(imxdi, DSR_CAF, DSR);
275
276 return 0;
277}
278
279static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
280{
281 u32 dcr, sec;
282
283 /*
284 * lets disable all sources which can force the DryIce unit into
285 * the "FAILURE STATE" for now
286 */
287 di_write_busy_wait(imxdi, 0x00000000, DTCR);
288 /* and lets protect them at runtime from any change */
289 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
290
291 sec = readl(imxdi->ioaddr + DTCMR);
292 if (sec != 0)
293 dev_warn(&imxdi->pdev->dev,
294 "The security violation has happened at %u seconds\n",
295 sec);
296 /*
297 * the timer cannot be set/modified if
298 * - the TCHL or TCSL bit is set in DCR
299 */
300 dcr = readl(imxdi->ioaddr + DCR);
301 if (!(dcr & DCR_TCE)) {
302 if (dcr & DCR_TCHL) {
303 /* we are out of luck */
304 di_what_is_to_be_done(imxdi, "battery");
305 return -ENODEV;
306 }
307 if (dcr & DCR_TCSL) {
308 di_what_is_to_be_done(imxdi, "main");
309 return -ENODEV;
310 }
311 }
312 /*
313 * - the timer counter stops/is stopped if
314 * - its overflow flag is set (TCO in DSR)
315 * -> clear overflow bit to make it count again
316 * - NVF is set in DSR
317 * -> clear non-valid bit to make it count again
318 * - its TCE (DCR) is cleared
319 * -> set TCE to make it count
320 * - it was never set before
321 * -> write a time into it (required again if the NVF was set)
322 */
323 /* state handled */
324 di_write_busy_wait(imxdi, DSR_NVF, DSR);
325 /* clear overflow flag */
326 di_write_busy_wait(imxdi, DSR_TCO, DSR);
327 /* enable the counter */
328 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
329 /* set and trigger it to make it count */
330 di_write_busy_wait(imxdi, sec, DTCMR);
331
332 /* now prepare for the valid state */
333 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
334}
335
336static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
337{
338 u32 dcr;
339
340 /*
341 * now we must first remove the tamper sources in order to get the
342 * device out of the "FAILURE STATE"
343 * To disable any of the following sources we need to modify the DTCR
344 */
345 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
346 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
347 dcr = __raw_readl(imxdi->ioaddr + DCR);
348 if (dcr & DCR_TDCHL) {
349 /*
350 * the tamper register is locked. We cannot disable the
351 * tamper detection. The TDCHL can only be reset by a
352 * DRYICE POR, but we cannot force a DRYICE POR in
353 * software because we are still in "FAILURE STATE".
354 * We need a DRYICE POR via battery power cycling....
355 */
356 /*
357 * out of luck!
358 * we cannot disable them without a DRYICE POR
359 */
360 di_what_is_to_be_done(imxdi, "battery");
361 return -ENODEV;
362 }
363 if (dcr & DCR_TDCSL) {
364 /* a soft lock can be removed by a SYSTEM POR */
365 di_what_is_to_be_done(imxdi, "main");
366 return -ENODEV;
367 }
368 }
369
370 /* disable all sources */
371 di_write_busy_wait(imxdi, 0x00000000, DTCR);
372
373 /* clear the status bits now */
374 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
375 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
376 DSR_MCO | DSR_TCO), DSR);
377
378 dsr = readl(imxdi->ioaddr + DSR);
379 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
380 DSR_WCF | DSR_WEF)) != 0)
381 dev_warn(&imxdi->pdev->dev,
382 "There are still some sources of pain in DSR: %08x!\n",
383 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
384 DSR_WCF | DSR_WEF));
385
386 /*
387 * now we are trying to clear the "Security-violation flag" to
388 * get the DryIce out of this state
389 */
390 di_write_busy_wait(imxdi, DSR_SVF, DSR);
391
392 /* success? */
393 dsr = readl(imxdi->ioaddr + DSR);
394 if (dsr & DSR_SVF) {
395 dev_crit(&imxdi->pdev->dev,
396 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
397 /* last resort */
398 di_what_is_to_be_done(imxdi, "battery");
399 return -ENODEV;
400 }
401
402 /*
403 * now we have left the "FAILURE STATE" and ending up in the
404 * "NON-VALID STATE" time to recover everything
405 */
406 return di_handle_invalid_state(imxdi, dsr);
407}
408
409static int di_handle_state(struct imxdi_dev *imxdi)
410{
411 int rc;
412 u32 dsr;
413
414 dsr = readl(imxdi->ioaddr + DSR);
415
416 switch (dsr & (DSR_NVF | DSR_SVF)) {
417 case DSR_NVF:
418 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
419 rc = di_handle_invalid_state(imxdi, dsr);
420 break;
421 case DSR_SVF:
422 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
423 rc = di_handle_failure_state(imxdi, dsr);
424 break;
425 case DSR_NVF | DSR_SVF:
426 dev_warn(&imxdi->pdev->dev,
427 "Failure+Invalid stated unit detected\n");
428 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
429 break;
430 default:
431 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
432 rc = di_handle_valid_state(imxdi, dsr);
433 }
434
435 return rc;
436}
437
438/*
439 * enable a dryice interrupt
440 */
441static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
442{
443 unsigned long flags;
444
445 spin_lock_irqsave(&imxdi->irq_lock, flags);
446 writel(readl(imxdi->ioaddr + DIER) | intr,
447 imxdi->ioaddr + DIER);
448 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
449}
450
451/*
452 * disable a dryice interrupt
453 */
454static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
455{
456 unsigned long flags;
457
458 spin_lock_irqsave(&imxdi->irq_lock, flags);
459 writel(readl(imxdi->ioaddr + DIER) & ~intr,
460 imxdi->ioaddr + DIER);
461 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
462}
463
464/*
465 * This function attempts to clear the dryice write-error flag.
466 *
467 * A dryice write error is similar to a bus fault and should not occur in
468 * normal operation. Clearing the flag requires another write, so the root
469 * cause of the problem may need to be fixed before the flag can be cleared.
470 */
471static void clear_write_error(struct imxdi_dev *imxdi)
472{
473 int cnt;
474
475 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
476
477 /* clear the write error flag */
478 writel(DSR_WEF, imxdi->ioaddr + DSR);
479
480 /* wait for it to take effect */
481 for (cnt = 0; cnt < 1000; cnt++) {
482 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
483 return;
484 udelay(10);
485 }
486 dev_err(&imxdi->pdev->dev,
487 "ERROR: Cannot clear write-error flag!\n");
488}
489
490/*
491 * Write a dryice register and wait until it completes.
492 *
493 * This function uses interrupts to determine when the
494 * write has completed.
495 */
496static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
497{
498 int ret;
499 int rc = 0;
500
501 /* serialize register writes */
502 mutex_lock(&imxdi->write_mutex);
503
504 /* enable the write-complete interrupt */
505 di_int_enable(imxdi, DIER_WCIE);
506
507 imxdi->dsr = 0;
508
509 /* do the register write */
510 writel(val, imxdi->ioaddr + reg);
511
512 /* wait for the write to finish */
513 ret = wait_event_interruptible_timeout(imxdi->write_wait,
514 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
515 if (ret < 0) {
516 rc = ret;
517 goto out;
518 } else if (ret == 0) {
519 dev_warn(&imxdi->pdev->dev,
520 "Write-wait timeout "
521 "val = 0x%08x reg = 0x%08x\n", val, reg);
522 }
523
524 /* check for write error */
525 if (imxdi->dsr & DSR_WEF) {
526 clear_write_error(imxdi);
527 rc = -EIO;
528 }
529
530out:
531 mutex_unlock(&imxdi->write_mutex);
532
533 return rc;
534}
535
536/*
537 * read the seconds portion of the current time from the dryice time counter
538 */
539static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
540{
541 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
542 unsigned long now;
543
544 now = readl(imxdi->ioaddr + DTCMR);
545 rtc_time64_to_tm(now, tm);
546
547 return 0;
548}
549
550/*
551 * set the seconds portion of dryice time counter and clear the
552 * fractional part.
553 */
554static int dryice_rtc_set_time(struct device *dev, struct rtc_time *tm)
555{
556 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
557 u32 dcr, dsr;
558 int rc;
559
560 dcr = readl(imxdi->ioaddr + DCR);
561 dsr = readl(imxdi->ioaddr + DSR);
562
563 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
564 if (dcr & DCR_TCHL) {
565 /* we are even more out of luck */
566 di_what_is_to_be_done(imxdi, "battery");
567 return -EPERM;
568 }
569 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
570 /* we are out of luck for now */
571 di_what_is_to_be_done(imxdi, "main");
572 return -EPERM;
573 }
574 }
575
576 /* zero the fractional part first */
577 rc = di_write_wait(imxdi, 0, DTCLR);
578 if (rc != 0)
579 return rc;
580
581 rc = di_write_wait(imxdi, rtc_tm_to_time64(tm), DTCMR);
582 if (rc != 0)
583 return rc;
584
585 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
586}
587
588static int dryice_rtc_alarm_irq_enable(struct device *dev,
589 unsigned int enabled)
590{
591 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
592
593 if (enabled)
594 di_int_enable(imxdi, DIER_CAIE);
595 else
596 di_int_disable(imxdi, DIER_CAIE);
597
598 return 0;
599}
600
601/*
602 * read the seconds portion of the alarm register.
603 * the fractional part of the alarm register is always zero.
604 */
605static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
606{
607 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
608 u32 dcamr;
609
610 dcamr = readl(imxdi->ioaddr + DCAMR);
611 rtc_time64_to_tm(dcamr, &alarm->time);
612
613 /* alarm is enabled if the interrupt is enabled */
614 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
615
616 /* don't allow the DSR read to mess up DSR_WCF */
617 mutex_lock(&imxdi->write_mutex);
618
619 /* alarm is pending if the alarm flag is set */
620 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
621
622 mutex_unlock(&imxdi->write_mutex);
623
624 return 0;
625}
626
627/*
628 * set the seconds portion of dryice alarm register
629 */
630static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
631{
632 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
633 int rc;
634
635 /* write the new alarm time */
636 rc = di_write_wait(imxdi, rtc_tm_to_time64(&alarm->time), DCAMR);
637 if (rc)
638 return rc;
639
640 if (alarm->enabled)
641 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
642 else
643 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
644
645 return 0;
646}
647
648static const struct rtc_class_ops dryice_rtc_ops = {
649 .read_time = dryice_rtc_read_time,
650 .set_time = dryice_rtc_set_time,
651 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
652 .read_alarm = dryice_rtc_read_alarm,
653 .set_alarm = dryice_rtc_set_alarm,
654};
655
656/*
657 * interrupt handler for dryice "normal" and security violation interrupt
658 */
659static irqreturn_t dryice_irq(int irq, void *dev_id)
660{
661 struct imxdi_dev *imxdi = dev_id;
662 u32 dsr, dier;
663 irqreturn_t rc = IRQ_NONE;
664
665 dier = readl(imxdi->ioaddr + DIER);
666 dsr = readl(imxdi->ioaddr + DSR);
667
668 /* handle the security violation event */
669 if (dier & DIER_SVIE) {
670 if (dsr & DSR_SVF) {
671 /*
672 * Disable the interrupt when this kind of event has
673 * happened.
674 * There cannot be more than one event of this type,
675 * because it needs a complex state change
676 * including a main power cycle to get again out of
677 * this state.
678 */
679 di_int_disable(imxdi, DIER_SVIE);
680 /* report the violation */
681 di_report_tamper_info(imxdi, dsr);
682 rc = IRQ_HANDLED;
683 }
684 }
685
686 /* handle write complete and write error cases */
687 if (dier & DIER_WCIE) {
688 /*If the write wait queue is empty then there is no pending
689 operations. It means the interrupt is for DryIce -Security.
690 IRQ must be returned as none.*/
691 if (list_empty_careful(&imxdi->write_wait.head))
692 return rc;
693
694 /* DSR_WCF clears itself on DSR read */
695 if (dsr & (DSR_WCF | DSR_WEF)) {
696 /* mask the interrupt */
697 di_int_disable(imxdi, DIER_WCIE);
698
699 /* save the dsr value for the wait queue */
700 imxdi->dsr |= dsr;
701
702 wake_up_interruptible(&imxdi->write_wait);
703 rc = IRQ_HANDLED;
704 }
705 }
706
707 /* handle the alarm case */
708 if (dier & DIER_CAIE) {
709 /* DSR_WCF clears itself on DSR read */
710 if (dsr & DSR_CAF) {
711 /* mask the interrupt */
712 di_int_disable(imxdi, DIER_CAIE);
713
714 /* finish alarm in user context */
715 schedule_work(&imxdi->work);
716 rc = IRQ_HANDLED;
717 }
718 }
719 return rc;
720}
721
722/*
723 * post the alarm event from user context so it can sleep
724 * on the write completion.
725 */
726static void dryice_work(struct work_struct *work)
727{
728 struct imxdi_dev *imxdi = container_of(work,
729 struct imxdi_dev, work);
730
731 /* dismiss the interrupt (ignore error) */
732 di_write_wait(imxdi, DSR_CAF, DSR);
733
734 /* pass the alarm event to the rtc framework. */
735 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
736}
737
738/*
739 * probe for dryice rtc device
740 */
741static int __init dryice_rtc_probe(struct platform_device *pdev)
742{
743 struct imxdi_dev *imxdi;
744 int norm_irq, sec_irq;
745 int rc;
746
747 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
748 if (!imxdi)
749 return -ENOMEM;
750
751 imxdi->pdev = pdev;
752
753 imxdi->ioaddr = devm_platform_ioremap_resource(pdev, 0);
754 if (IS_ERR(imxdi->ioaddr))
755 return PTR_ERR(imxdi->ioaddr);
756
757 spin_lock_init(&imxdi->irq_lock);
758
759 norm_irq = platform_get_irq(pdev, 0);
760 if (norm_irq < 0)
761 return norm_irq;
762
763 /* the 2nd irq is the security violation irq
764 * make this optional, don't break the device tree ABI
765 */
766 sec_irq = platform_get_irq(pdev, 1);
767 if (sec_irq <= 0)
768 sec_irq = IRQ_NOTCONNECTED;
769
770 init_waitqueue_head(&imxdi->write_wait);
771
772 INIT_WORK(&imxdi->work, dryice_work);
773
774 mutex_init(&imxdi->write_mutex);
775
776 imxdi->rtc = devm_rtc_allocate_device(&pdev->dev);
777 if (IS_ERR(imxdi->rtc))
778 return PTR_ERR(imxdi->rtc);
779
780 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
781 if (IS_ERR(imxdi->clk))
782 return PTR_ERR(imxdi->clk);
783 rc = clk_prepare_enable(imxdi->clk);
784 if (rc)
785 return rc;
786
787 /*
788 * Initialize dryice hardware
789 */
790
791 /* mask all interrupts */
792 writel(0, imxdi->ioaddr + DIER);
793
794 rc = di_handle_state(imxdi);
795 if (rc != 0)
796 goto err;
797
798 rc = devm_request_irq(&pdev->dev, norm_irq, dryice_irq,
799 IRQF_SHARED, pdev->name, imxdi);
800 if (rc) {
801 dev_warn(&pdev->dev, "interrupt not available.\n");
802 goto err;
803 }
804
805 rc = devm_request_irq(&pdev->dev, sec_irq, dryice_irq,
806 IRQF_SHARED, pdev->name, imxdi);
807 if (rc) {
808 dev_warn(&pdev->dev, "security violation interrupt not available.\n");
809 /* this is not an error, see above */
810 }
811
812 platform_set_drvdata(pdev, imxdi);
813
814 imxdi->rtc->ops = &dryice_rtc_ops;
815 imxdi->rtc->range_max = U32_MAX;
816
817 rc = rtc_register_device(imxdi->rtc);
818 if (rc)
819 goto err;
820
821 return 0;
822
823err:
824 clk_disable_unprepare(imxdi->clk);
825
826 return rc;
827}
828
829static int __exit dryice_rtc_remove(struct platform_device *pdev)
830{
831 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
832
833 flush_work(&imxdi->work);
834
835 /* mask all interrupts */
836 writel(0, imxdi->ioaddr + DIER);
837
838 clk_disable_unprepare(imxdi->clk);
839
840 return 0;
841}
842
843#ifdef CONFIG_OF
844static const struct of_device_id dryice_dt_ids[] = {
845 { .compatible = "fsl,imx25-rtc" },
846 { /* sentinel */ }
847};
848
849MODULE_DEVICE_TABLE(of, dryice_dt_ids);
850#endif
851
852static struct platform_driver dryice_rtc_driver = {
853 .driver = {
854 .name = "imxdi_rtc",
855 .of_match_table = of_match_ptr(dryice_dt_ids),
856 },
857 .remove = __exit_p(dryice_rtc_remove),
858};
859
860module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
861
862MODULE_AUTHOR("Freescale Semiconductor, Inc.");
863MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
864MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
865MODULE_LICENSE("GPL");
1/*
2 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
3 * Copyright 2010 Orex Computed Radiography
4 */
5
6/*
7 * The code contained herein is licensed under the GNU General Public
8 * License. You may obtain a copy of the GNU General Public License
9 * Version 2 or later at the following locations:
10 *
11 * http://www.opensource.org/licenses/gpl-license.html
12 * http://www.gnu.org/copyleft/gpl.html
13 */
14
15/* based on rtc-mc13892.c */
16
17/*
18 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
19 * to implement a Linux RTC. Times and alarms are truncated to seconds.
20 * Since the RTC framework performs API locking via rtc->ops_lock the
21 * only simultaneous accesses we need to deal with is updating DryIce
22 * registers while servicing an alarm.
23 *
24 * Note that reading the DSR (DryIce Status Register) automatically clears
25 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
26 * LP (Low Power) domain and set the WCF upon completion. Writes to the
27 * DIER (DryIce Interrupt Enable Register) are the only exception. These
28 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
29 * not supported by the hardware.
30 */
31
32#include <linux/io.h>
33#include <linux/clk.h>
34#include <linux/delay.h>
35#include <linux/module.h>
36#include <linux/platform_device.h>
37#include <linux/rtc.h>
38#include <linux/sched.h>
39#include <linux/spinlock.h>
40#include <linux/workqueue.h>
41#include <linux/of.h>
42
43/* DryIce Register Definitions */
44
45#define DTCMR 0x00 /* Time Counter MSB Reg */
46#define DTCLR 0x04 /* Time Counter LSB Reg */
47
48#define DCAMR 0x08 /* Clock Alarm MSB Reg */
49#define DCALR 0x0c /* Clock Alarm LSB Reg */
50#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
51
52#define DCR 0x10 /* Control Reg */
53#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
54#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
55#define DCR_KSSL (1 << 27) /* Key-select soft lock */
56#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
57#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
58#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
59#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
60#define DCR_FSHL (1 << 16) /* Failure state hard lock */
61#define DCR_TCE (1 << 3) /* Time Counter Enable */
62#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
63
64#define DSR 0x14 /* Status Reg */
65#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
66#define DSR_ETBD (1 << 22) /* External tamper B detected */
67#define DSR_ETAD (1 << 21) /* External tamper A detected */
68#define DSR_EBD (1 << 20) /* External boot detected */
69#define DSR_SAD (1 << 19) /* SCC alarm detected */
70#define DSR_TTD (1 << 18) /* Temperature tamper detected */
71#define DSR_CTD (1 << 17) /* Clock tamper detected */
72#define DSR_VTD (1 << 16) /* Voltage tamper detected */
73#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
74#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
75#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
76#define DSR_WEF (1 << 7) /* Write Error Flag */
77#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
78#define DSR_MCO (1 << 3) /* monotonic counter overflow */
79#define DSR_TCO (1 << 2) /* time counter overflow */
80#define DSR_NVF (1 << 1) /* Non-Valid Flag */
81#define DSR_SVF (1 << 0) /* Security Violation Flag */
82
83#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
84#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
85#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
86#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
87#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
88#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
89
90#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
91
92#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
93#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
94#define DTCR_TOE (1 << 8) /* time overflow enabled */
95#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
96#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
97#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
98#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
99#define DTCR_SAIE (1 << 3) /* SCC enabled */
100#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
101#define DTCR_CTE (1 << 1) /* clock tamper enabled */
102#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
103
104#define DGPR 0x3c /* DryIce General Purpose Reg */
105
106/**
107 * struct imxdi_dev - private imxdi rtc data
108 * @pdev: pionter to platform dev
109 * @rtc: pointer to rtc struct
110 * @ioaddr: IO registers pointer
111 * @clk: input reference clock
112 * @dsr: copy of the DSR register
113 * @irq_lock: interrupt enable register (DIER) lock
114 * @write_wait: registers write complete queue
115 * @write_mutex: serialize registers write
116 * @work: schedule alarm work
117 */
118struct imxdi_dev {
119 struct platform_device *pdev;
120 struct rtc_device *rtc;
121 void __iomem *ioaddr;
122 struct clk *clk;
123 u32 dsr;
124 spinlock_t irq_lock;
125 wait_queue_head_t write_wait;
126 struct mutex write_mutex;
127 struct work_struct work;
128};
129
130/* Some background:
131 *
132 * The DryIce unit is a complex security/tamper monitor device. To be able do
133 * its job in a useful manner it runs a bigger statemachine to bring it into
134 * security/tamper failure state and once again to bring it out of this state.
135 *
136 * This unit can be in one of three states:
137 *
138 * - "NON-VALID STATE"
139 * always after the battery power was removed
140 * - "FAILURE STATE"
141 * if one of the enabled security events has happened
142 * - "VALID STATE"
143 * if the unit works as expected
144 *
145 * Everything stops when the unit enters the failure state including the RTC
146 * counter (to be able to detect the time the security event happened).
147 *
148 * The following events (when enabled) let the DryIce unit enter the failure
149 * state:
150 *
151 * - wire-mesh-tamper detect
152 * - external tamper B detect
153 * - external tamper A detect
154 * - temperature tamper detect
155 * - clock tamper detect
156 * - voltage tamper detect
157 * - RTC counter overflow
158 * - monotonic counter overflow
159 * - external boot
160 *
161 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
162 * can only detect this state. In this case the unit is completely locked and
163 * must force a second "SYSTEM POR" to bring the DryIce into the
164 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
165 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
166 * a battery power cycle is required.
167 *
168 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
169 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
170 * task, we bring back this unit into life.
171 */
172
173/*
174 * Do a write into the unit without interrupt support.
175 * We do not need to check the WEF here, because the only reason this kind of
176 * write error can happen is if we write to the unit twice within the 122 us
177 * interval. This cannot happen, since we are using this function only while
178 * setting up the unit.
179 */
180static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
181 unsigned reg)
182{
183 /* do the register write */
184 writel(val, imxdi->ioaddr + reg);
185
186 /*
187 * now it takes four 32,768 kHz clock cycles to take
188 * the change into effect = 122 us
189 */
190 usleep_range(130, 200);
191}
192
193static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
194{
195 u32 dtcr;
196
197 dtcr = readl(imxdi->ioaddr + DTCR);
198
199 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
200 /* the following flags force a transition into the "FAILURE STATE" */
201 if (dsr & DSR_VTD)
202 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
203 dtcr & DTCR_VTE ? "" : "Spurious ");
204
205 if (dsr & DSR_CTD)
206 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
207 dtcr & DTCR_CTE ? "" : "Spurious ");
208
209 if (dsr & DSR_TTD)
210 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
211 dtcr & DTCR_TTE ? "" : "Spurious ");
212
213 if (dsr & DSR_SAD)
214 dev_emerg(&imxdi->pdev->dev,
215 "%sSecure Controller Alarm Event\n",
216 dtcr & DTCR_SAIE ? "" : "Spurious ");
217
218 if (dsr & DSR_EBD)
219 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
220 dtcr & DTCR_EBE ? "" : "Spurious ");
221
222 if (dsr & DSR_ETAD)
223 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
224 dtcr & DTCR_ETAE ? "" : "Spurious ");
225
226 if (dsr & DSR_ETBD)
227 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
228 dtcr & DTCR_ETBE ? "" : "Spurious ");
229
230 if (dsr & DSR_WTD)
231 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
232 dtcr & DTCR_WTE ? "" : "Spurious ");
233
234 if (dsr & DSR_MCO)
235 dev_emerg(&imxdi->pdev->dev,
236 "%sMonotonic-counter Overflow Event\n",
237 dtcr & DTCR_MOE ? "" : "Spurious ");
238
239 if (dsr & DSR_TCO)
240 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
241 dtcr & DTCR_TOE ? "" : "Spurious ");
242}
243
244static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
245 const char *power_supply)
246{
247 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
248 power_supply);
249}
250
251static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
252{
253 u32 dcr;
254
255 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
256
257 /* report the cause */
258 di_report_tamper_info(imxdi, dsr);
259
260 dcr = readl(imxdi->ioaddr + DCR);
261
262 if (dcr & DCR_FSHL) {
263 /* we are out of luck */
264 di_what_is_to_be_done(imxdi, "battery");
265 return -ENODEV;
266 }
267 /*
268 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
269 * into the "NON-VALID STATE" + "FAILURE STATE"
270 */
271 di_what_is_to_be_done(imxdi, "main");
272
273 return -ENODEV;
274}
275
276static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
277{
278 /* initialize alarm */
279 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
280 di_write_busy_wait(imxdi, 0, DCALR);
281
282 /* clear alarm flag */
283 if (dsr & DSR_CAF)
284 di_write_busy_wait(imxdi, DSR_CAF, DSR);
285
286 return 0;
287}
288
289static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
290{
291 u32 dcr, sec;
292
293 /*
294 * lets disable all sources which can force the DryIce unit into
295 * the "FAILURE STATE" for now
296 */
297 di_write_busy_wait(imxdi, 0x00000000, DTCR);
298 /* and lets protect them at runtime from any change */
299 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
300
301 sec = readl(imxdi->ioaddr + DTCMR);
302 if (sec != 0)
303 dev_warn(&imxdi->pdev->dev,
304 "The security violation has happened at %u seconds\n",
305 sec);
306 /*
307 * the timer cannot be set/modified if
308 * - the TCHL or TCSL bit is set in DCR
309 */
310 dcr = readl(imxdi->ioaddr + DCR);
311 if (!(dcr & DCR_TCE)) {
312 if (dcr & DCR_TCHL) {
313 /* we are out of luck */
314 di_what_is_to_be_done(imxdi, "battery");
315 return -ENODEV;
316 }
317 if (dcr & DCR_TCSL) {
318 di_what_is_to_be_done(imxdi, "main");
319 return -ENODEV;
320 }
321 }
322 /*
323 * - the timer counter stops/is stopped if
324 * - its overflow flag is set (TCO in DSR)
325 * -> clear overflow bit to make it count again
326 * - NVF is set in DSR
327 * -> clear non-valid bit to make it count again
328 * - its TCE (DCR) is cleared
329 * -> set TCE to make it count
330 * - it was never set before
331 * -> write a time into it (required again if the NVF was set)
332 */
333 /* state handled */
334 di_write_busy_wait(imxdi, DSR_NVF, DSR);
335 /* clear overflow flag */
336 di_write_busy_wait(imxdi, DSR_TCO, DSR);
337 /* enable the counter */
338 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
339 /* set and trigger it to make it count */
340 di_write_busy_wait(imxdi, sec, DTCMR);
341
342 /* now prepare for the valid state */
343 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
344}
345
346static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
347{
348 u32 dcr;
349
350 /*
351 * now we must first remove the tamper sources in order to get the
352 * device out of the "FAILURE STATE"
353 * To disable any of the following sources we need to modify the DTCR
354 */
355 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
356 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
357 dcr = __raw_readl(imxdi->ioaddr + DCR);
358 if (dcr & DCR_TDCHL) {
359 /*
360 * the tamper register is locked. We cannot disable the
361 * tamper detection. The TDCHL can only be reset by a
362 * DRYICE POR, but we cannot force a DRYICE POR in
363 * softwere because we are still in "FAILURE STATE".
364 * We need a DRYICE POR via battery power cycling....
365 */
366 /*
367 * out of luck!
368 * we cannot disable them without a DRYICE POR
369 */
370 di_what_is_to_be_done(imxdi, "battery");
371 return -ENODEV;
372 }
373 if (dcr & DCR_TDCSL) {
374 /* a soft lock can be removed by a SYSTEM POR */
375 di_what_is_to_be_done(imxdi, "main");
376 return -ENODEV;
377 }
378 }
379
380 /* disable all sources */
381 di_write_busy_wait(imxdi, 0x00000000, DTCR);
382
383 /* clear the status bits now */
384 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
385 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
386 DSR_MCO | DSR_TCO), DSR);
387
388 dsr = readl(imxdi->ioaddr + DSR);
389 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
390 DSR_WCF | DSR_WEF)) != 0)
391 dev_warn(&imxdi->pdev->dev,
392 "There are still some sources of pain in DSR: %08x!\n",
393 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
394 DSR_WCF | DSR_WEF));
395
396 /*
397 * now we are trying to clear the "Security-violation flag" to
398 * get the DryIce out of this state
399 */
400 di_write_busy_wait(imxdi, DSR_SVF, DSR);
401
402 /* success? */
403 dsr = readl(imxdi->ioaddr + DSR);
404 if (dsr & DSR_SVF) {
405 dev_crit(&imxdi->pdev->dev,
406 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
407 /* last resort */
408 di_what_is_to_be_done(imxdi, "battery");
409 return -ENODEV;
410 }
411
412 /*
413 * now we have left the "FAILURE STATE" and ending up in the
414 * "NON-VALID STATE" time to recover everything
415 */
416 return di_handle_invalid_state(imxdi, dsr);
417}
418
419static int di_handle_state(struct imxdi_dev *imxdi)
420{
421 int rc;
422 u32 dsr;
423
424 dsr = readl(imxdi->ioaddr + DSR);
425
426 switch (dsr & (DSR_NVF | DSR_SVF)) {
427 case DSR_NVF:
428 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
429 rc = di_handle_invalid_state(imxdi, dsr);
430 break;
431 case DSR_SVF:
432 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
433 rc = di_handle_failure_state(imxdi, dsr);
434 break;
435 case DSR_NVF | DSR_SVF:
436 dev_warn(&imxdi->pdev->dev,
437 "Failure+Invalid stated unit detected\n");
438 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
439 break;
440 default:
441 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
442 rc = di_handle_valid_state(imxdi, dsr);
443 }
444
445 return rc;
446}
447
448/*
449 * enable a dryice interrupt
450 */
451static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
452{
453 unsigned long flags;
454
455 spin_lock_irqsave(&imxdi->irq_lock, flags);
456 writel(readl(imxdi->ioaddr + DIER) | intr,
457 imxdi->ioaddr + DIER);
458 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
459}
460
461/*
462 * disable a dryice interrupt
463 */
464static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
465{
466 unsigned long flags;
467
468 spin_lock_irqsave(&imxdi->irq_lock, flags);
469 writel(readl(imxdi->ioaddr + DIER) & ~intr,
470 imxdi->ioaddr + DIER);
471 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
472}
473
474/*
475 * This function attempts to clear the dryice write-error flag.
476 *
477 * A dryice write error is similar to a bus fault and should not occur in
478 * normal operation. Clearing the flag requires another write, so the root
479 * cause of the problem may need to be fixed before the flag can be cleared.
480 */
481static void clear_write_error(struct imxdi_dev *imxdi)
482{
483 int cnt;
484
485 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
486
487 /* clear the write error flag */
488 writel(DSR_WEF, imxdi->ioaddr + DSR);
489
490 /* wait for it to take effect */
491 for (cnt = 0; cnt < 1000; cnt++) {
492 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
493 return;
494 udelay(10);
495 }
496 dev_err(&imxdi->pdev->dev,
497 "ERROR: Cannot clear write-error flag!\n");
498}
499
500/*
501 * Write a dryice register and wait until it completes.
502 *
503 * This function uses interrupts to determine when the
504 * write has completed.
505 */
506static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
507{
508 int ret;
509 int rc = 0;
510
511 /* serialize register writes */
512 mutex_lock(&imxdi->write_mutex);
513
514 /* enable the write-complete interrupt */
515 di_int_enable(imxdi, DIER_WCIE);
516
517 imxdi->dsr = 0;
518
519 /* do the register write */
520 writel(val, imxdi->ioaddr + reg);
521
522 /* wait for the write to finish */
523 ret = wait_event_interruptible_timeout(imxdi->write_wait,
524 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
525 if (ret < 0) {
526 rc = ret;
527 goto out;
528 } else if (ret == 0) {
529 dev_warn(&imxdi->pdev->dev,
530 "Write-wait timeout "
531 "val = 0x%08x reg = 0x%08x\n", val, reg);
532 }
533
534 /* check for write error */
535 if (imxdi->dsr & DSR_WEF) {
536 clear_write_error(imxdi);
537 rc = -EIO;
538 }
539
540out:
541 mutex_unlock(&imxdi->write_mutex);
542
543 return rc;
544}
545
546/*
547 * read the seconds portion of the current time from the dryice time counter
548 */
549static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
550{
551 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
552 unsigned long now;
553
554 now = readl(imxdi->ioaddr + DTCMR);
555 rtc_time_to_tm(now, tm);
556
557 return 0;
558}
559
560/*
561 * set the seconds portion of dryice time counter and clear the
562 * fractional part.
563 */
564static int dryice_rtc_set_mmss(struct device *dev, unsigned long secs)
565{
566 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
567 u32 dcr, dsr;
568 int rc;
569
570 dcr = readl(imxdi->ioaddr + DCR);
571 dsr = readl(imxdi->ioaddr + DSR);
572
573 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
574 if (dcr & DCR_TCHL) {
575 /* we are even more out of luck */
576 di_what_is_to_be_done(imxdi, "battery");
577 return -EPERM;
578 }
579 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
580 /* we are out of luck for now */
581 di_what_is_to_be_done(imxdi, "main");
582 return -EPERM;
583 }
584 }
585
586 /* zero the fractional part first */
587 rc = di_write_wait(imxdi, 0, DTCLR);
588 if (rc != 0)
589 return rc;
590
591 rc = di_write_wait(imxdi, secs, DTCMR);
592 if (rc != 0)
593 return rc;
594
595 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
596}
597
598static int dryice_rtc_alarm_irq_enable(struct device *dev,
599 unsigned int enabled)
600{
601 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
602
603 if (enabled)
604 di_int_enable(imxdi, DIER_CAIE);
605 else
606 di_int_disable(imxdi, DIER_CAIE);
607
608 return 0;
609}
610
611/*
612 * read the seconds portion of the alarm register.
613 * the fractional part of the alarm register is always zero.
614 */
615static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
616{
617 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
618 u32 dcamr;
619
620 dcamr = readl(imxdi->ioaddr + DCAMR);
621 rtc_time_to_tm(dcamr, &alarm->time);
622
623 /* alarm is enabled if the interrupt is enabled */
624 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
625
626 /* don't allow the DSR read to mess up DSR_WCF */
627 mutex_lock(&imxdi->write_mutex);
628
629 /* alarm is pending if the alarm flag is set */
630 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
631
632 mutex_unlock(&imxdi->write_mutex);
633
634 return 0;
635}
636
637/*
638 * set the seconds portion of dryice alarm register
639 */
640static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
641{
642 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
643 unsigned long now;
644 unsigned long alarm_time;
645 int rc;
646
647 rc = rtc_tm_to_time(&alarm->time, &alarm_time);
648 if (rc)
649 return rc;
650
651 /* don't allow setting alarm in the past */
652 now = readl(imxdi->ioaddr + DTCMR);
653 if (alarm_time < now)
654 return -EINVAL;
655
656 /* write the new alarm time */
657 rc = di_write_wait(imxdi, (u32)alarm_time, DCAMR);
658 if (rc)
659 return rc;
660
661 if (alarm->enabled)
662 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
663 else
664 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
665
666 return 0;
667}
668
669static const struct rtc_class_ops dryice_rtc_ops = {
670 .read_time = dryice_rtc_read_time,
671 .set_mmss = dryice_rtc_set_mmss,
672 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
673 .read_alarm = dryice_rtc_read_alarm,
674 .set_alarm = dryice_rtc_set_alarm,
675};
676
677/*
678 * interrupt handler for dryice "normal" and security violation interrupt
679 */
680static irqreturn_t dryice_irq(int irq, void *dev_id)
681{
682 struct imxdi_dev *imxdi = dev_id;
683 u32 dsr, dier;
684 irqreturn_t rc = IRQ_NONE;
685
686 dier = readl(imxdi->ioaddr + DIER);
687 dsr = readl(imxdi->ioaddr + DSR);
688
689 /* handle the security violation event */
690 if (dier & DIER_SVIE) {
691 if (dsr & DSR_SVF) {
692 /*
693 * Disable the interrupt when this kind of event has
694 * happened.
695 * There cannot be more than one event of this type,
696 * because it needs a complex state change
697 * including a main power cycle to get again out of
698 * this state.
699 */
700 di_int_disable(imxdi, DIER_SVIE);
701 /* report the violation */
702 di_report_tamper_info(imxdi, dsr);
703 rc = IRQ_HANDLED;
704 }
705 }
706
707 /* handle write complete and write error cases */
708 if (dier & DIER_WCIE) {
709 /*If the write wait queue is empty then there is no pending
710 operations. It means the interrupt is for DryIce -Security.
711 IRQ must be returned as none.*/
712 if (list_empty_careful(&imxdi->write_wait.head))
713 return rc;
714
715 /* DSR_WCF clears itself on DSR read */
716 if (dsr & (DSR_WCF | DSR_WEF)) {
717 /* mask the interrupt */
718 di_int_disable(imxdi, DIER_WCIE);
719
720 /* save the dsr value for the wait queue */
721 imxdi->dsr |= dsr;
722
723 wake_up_interruptible(&imxdi->write_wait);
724 rc = IRQ_HANDLED;
725 }
726 }
727
728 /* handle the alarm case */
729 if (dier & DIER_CAIE) {
730 /* DSR_WCF clears itself on DSR read */
731 if (dsr & DSR_CAF) {
732 /* mask the interrupt */
733 di_int_disable(imxdi, DIER_CAIE);
734
735 /* finish alarm in user context */
736 schedule_work(&imxdi->work);
737 rc = IRQ_HANDLED;
738 }
739 }
740 return rc;
741}
742
743/*
744 * post the alarm event from user context so it can sleep
745 * on the write completion.
746 */
747static void dryice_work(struct work_struct *work)
748{
749 struct imxdi_dev *imxdi = container_of(work,
750 struct imxdi_dev, work);
751
752 /* dismiss the interrupt (ignore error) */
753 di_write_wait(imxdi, DSR_CAF, DSR);
754
755 /* pass the alarm event to the rtc framework. */
756 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
757}
758
759/*
760 * probe for dryice rtc device
761 */
762static int __init dryice_rtc_probe(struct platform_device *pdev)
763{
764 struct resource *res;
765 struct imxdi_dev *imxdi;
766 int norm_irq, sec_irq;
767 int rc;
768
769 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
770 if (!imxdi)
771 return -ENOMEM;
772
773 imxdi->pdev = pdev;
774
775 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
776 imxdi->ioaddr = devm_ioremap_resource(&pdev->dev, res);
777 if (IS_ERR(imxdi->ioaddr))
778 return PTR_ERR(imxdi->ioaddr);
779
780 spin_lock_init(&imxdi->irq_lock);
781
782 norm_irq = platform_get_irq(pdev, 0);
783 if (norm_irq < 0)
784 return norm_irq;
785
786 /* the 2nd irq is the security violation irq
787 * make this optional, don't break the device tree ABI
788 */
789 sec_irq = platform_get_irq(pdev, 1);
790 if (sec_irq <= 0)
791 sec_irq = IRQ_NOTCONNECTED;
792
793 init_waitqueue_head(&imxdi->write_wait);
794
795 INIT_WORK(&imxdi->work, dryice_work);
796
797 mutex_init(&imxdi->write_mutex);
798
799 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
800 if (IS_ERR(imxdi->clk))
801 return PTR_ERR(imxdi->clk);
802 rc = clk_prepare_enable(imxdi->clk);
803 if (rc)
804 return rc;
805
806 /*
807 * Initialize dryice hardware
808 */
809
810 /* mask all interrupts */
811 writel(0, imxdi->ioaddr + DIER);
812
813 rc = di_handle_state(imxdi);
814 if (rc != 0)
815 goto err;
816
817 rc = devm_request_irq(&pdev->dev, norm_irq, dryice_irq,
818 IRQF_SHARED, pdev->name, imxdi);
819 if (rc) {
820 dev_warn(&pdev->dev, "interrupt not available.\n");
821 goto err;
822 }
823
824 rc = devm_request_irq(&pdev->dev, sec_irq, dryice_irq,
825 IRQF_SHARED, pdev->name, imxdi);
826 if (rc) {
827 dev_warn(&pdev->dev, "security violation interrupt not available.\n");
828 /* this is not an error, see above */
829 }
830
831 platform_set_drvdata(pdev, imxdi);
832 imxdi->rtc = devm_rtc_device_register(&pdev->dev, pdev->name,
833 &dryice_rtc_ops, THIS_MODULE);
834 if (IS_ERR(imxdi->rtc)) {
835 rc = PTR_ERR(imxdi->rtc);
836 goto err;
837 }
838
839 return 0;
840
841err:
842 clk_disable_unprepare(imxdi->clk);
843
844 return rc;
845}
846
847static int __exit dryice_rtc_remove(struct platform_device *pdev)
848{
849 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
850
851 flush_work(&imxdi->work);
852
853 /* mask all interrupts */
854 writel(0, imxdi->ioaddr + DIER);
855
856 clk_disable_unprepare(imxdi->clk);
857
858 return 0;
859}
860
861#ifdef CONFIG_OF
862static const struct of_device_id dryice_dt_ids[] = {
863 { .compatible = "fsl,imx25-rtc" },
864 { /* sentinel */ }
865};
866
867MODULE_DEVICE_TABLE(of, dryice_dt_ids);
868#endif
869
870static struct platform_driver dryice_rtc_driver = {
871 .driver = {
872 .name = "imxdi_rtc",
873 .of_match_table = of_match_ptr(dryice_dt_ids),
874 },
875 .remove = __exit_p(dryice_rtc_remove),
876};
877
878module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
879
880MODULE_AUTHOR("Freescale Semiconductor, Inc.");
881MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
882MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
883MODULE_LICENSE("GPL");