Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
4 * Copyright 2010 Orex Computed Radiography
5 */
6
7/*
8 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
9 * to implement a Linux RTC. Times and alarms are truncated to seconds.
10 * Since the RTC framework performs API locking via rtc->ops_lock the
11 * only simultaneous accesses we need to deal with is updating DryIce
12 * registers while servicing an alarm.
13 *
14 * Note that reading the DSR (DryIce Status Register) automatically clears
15 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
16 * LP (Low Power) domain and set the WCF upon completion. Writes to the
17 * DIER (DryIce Interrupt Enable Register) are the only exception. These
18 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
19 * not supported by the hardware.
20 */
21
22#include <linux/io.h>
23#include <linux/clk.h>
24#include <linux/delay.h>
25#include <linux/module.h>
26#include <linux/platform_device.h>
27#include <linux/pm_wakeirq.h>
28#include <linux/rtc.h>
29#include <linux/sched.h>
30#include <linux/spinlock.h>
31#include <linux/workqueue.h>
32#include <linux/of.h>
33
34/* DryIce Register Definitions */
35
36#define DTCMR 0x00 /* Time Counter MSB Reg */
37#define DTCLR 0x04 /* Time Counter LSB Reg */
38
39#define DCAMR 0x08 /* Clock Alarm MSB Reg */
40#define DCALR 0x0c /* Clock Alarm LSB Reg */
41#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
42
43#define DCR 0x10 /* Control Reg */
44#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
45#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
46#define DCR_KSSL (1 << 27) /* Key-select soft lock */
47#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
48#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
49#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
50#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
51#define DCR_FSHL (1 << 16) /* Failure state hard lock */
52#define DCR_TCE (1 << 3) /* Time Counter Enable */
53#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
54
55#define DSR 0x14 /* Status Reg */
56#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
57#define DSR_ETBD (1 << 22) /* External tamper B detected */
58#define DSR_ETAD (1 << 21) /* External tamper A detected */
59#define DSR_EBD (1 << 20) /* External boot detected */
60#define DSR_SAD (1 << 19) /* SCC alarm detected */
61#define DSR_TTD (1 << 18) /* Temperature tamper detected */
62#define DSR_CTD (1 << 17) /* Clock tamper detected */
63#define DSR_VTD (1 << 16) /* Voltage tamper detected */
64#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
65#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
66#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
67#define DSR_WEF (1 << 7) /* Write Error Flag */
68#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
69#define DSR_MCO (1 << 3) /* monotonic counter overflow */
70#define DSR_TCO (1 << 2) /* time counter overflow */
71#define DSR_NVF (1 << 1) /* Non-Valid Flag */
72#define DSR_SVF (1 << 0) /* Security Violation Flag */
73
74#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
75#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
76#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
77#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
78#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
79#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
80
81#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
82
83#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
84#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
85#define DTCR_TOE (1 << 8) /* time overflow enabled */
86#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
87#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
88#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
89#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
90#define DTCR_SAIE (1 << 3) /* SCC enabled */
91#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
92#define DTCR_CTE (1 << 1) /* clock tamper enabled */
93#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
94
95#define DGPR 0x3c /* DryIce General Purpose Reg */
96
97/**
98 * struct imxdi_dev - private imxdi rtc data
99 * @pdev: pointer to platform dev
100 * @rtc: pointer to rtc struct
101 * @ioaddr: IO registers pointer
102 * @clk: input reference clock
103 * @dsr: copy of the DSR register
104 * @irq_lock: interrupt enable register (DIER) lock
105 * @write_wait: registers write complete queue
106 * @write_mutex: serialize registers write
107 * @work: schedule alarm work
108 */
109struct imxdi_dev {
110 struct platform_device *pdev;
111 struct rtc_device *rtc;
112 void __iomem *ioaddr;
113 struct clk *clk;
114 u32 dsr;
115 spinlock_t irq_lock;
116 wait_queue_head_t write_wait;
117 struct mutex write_mutex;
118 struct work_struct work;
119};
120
121/* Some background:
122 *
123 * The DryIce unit is a complex security/tamper monitor device. To be able do
124 * its job in a useful manner it runs a bigger statemachine to bring it into
125 * security/tamper failure state and once again to bring it out of this state.
126 *
127 * This unit can be in one of three states:
128 *
129 * - "NON-VALID STATE"
130 * always after the battery power was removed
131 * - "FAILURE STATE"
132 * if one of the enabled security events has happened
133 * - "VALID STATE"
134 * if the unit works as expected
135 *
136 * Everything stops when the unit enters the failure state including the RTC
137 * counter (to be able to detect the time the security event happened).
138 *
139 * The following events (when enabled) let the DryIce unit enter the failure
140 * state:
141 *
142 * - wire-mesh-tamper detect
143 * - external tamper B detect
144 * - external tamper A detect
145 * - temperature tamper detect
146 * - clock tamper detect
147 * - voltage tamper detect
148 * - RTC counter overflow
149 * - monotonic counter overflow
150 * - external boot
151 *
152 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
153 * can only detect this state. In this case the unit is completely locked and
154 * must force a second "SYSTEM POR" to bring the DryIce into the
155 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
156 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
157 * a battery power cycle is required.
158 *
159 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
160 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
161 * task, we bring back this unit into life.
162 */
163
164/*
165 * Do a write into the unit without interrupt support.
166 * We do not need to check the WEF here, because the only reason this kind of
167 * write error can happen is if we write to the unit twice within the 122 us
168 * interval. This cannot happen, since we are using this function only while
169 * setting up the unit.
170 */
171static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
172 unsigned reg)
173{
174 /* do the register write */
175 writel(val, imxdi->ioaddr + reg);
176
177 /*
178 * now it takes four 32,768 kHz clock cycles to take
179 * the change into effect = 122 us
180 */
181 usleep_range(130, 200);
182}
183
184static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
185{
186 u32 dtcr;
187
188 dtcr = readl(imxdi->ioaddr + DTCR);
189
190 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
191 /* the following flags force a transition into the "FAILURE STATE" */
192 if (dsr & DSR_VTD)
193 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
194 dtcr & DTCR_VTE ? "" : "Spurious ");
195
196 if (dsr & DSR_CTD)
197 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
198 dtcr & DTCR_CTE ? "" : "Spurious ");
199
200 if (dsr & DSR_TTD)
201 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
202 dtcr & DTCR_TTE ? "" : "Spurious ");
203
204 if (dsr & DSR_SAD)
205 dev_emerg(&imxdi->pdev->dev,
206 "%sSecure Controller Alarm Event\n",
207 dtcr & DTCR_SAIE ? "" : "Spurious ");
208
209 if (dsr & DSR_EBD)
210 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
211 dtcr & DTCR_EBE ? "" : "Spurious ");
212
213 if (dsr & DSR_ETAD)
214 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
215 dtcr & DTCR_ETAE ? "" : "Spurious ");
216
217 if (dsr & DSR_ETBD)
218 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
219 dtcr & DTCR_ETBE ? "" : "Spurious ");
220
221 if (dsr & DSR_WTD)
222 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
223 dtcr & DTCR_WTE ? "" : "Spurious ");
224
225 if (dsr & DSR_MCO)
226 dev_emerg(&imxdi->pdev->dev,
227 "%sMonotonic-counter Overflow Event\n",
228 dtcr & DTCR_MOE ? "" : "Spurious ");
229
230 if (dsr & DSR_TCO)
231 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
232 dtcr & DTCR_TOE ? "" : "Spurious ");
233}
234
235static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
236 const char *power_supply)
237{
238 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
239 power_supply);
240}
241
242static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
243{
244 u32 dcr;
245
246 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
247
248 /* report the cause */
249 di_report_tamper_info(imxdi, dsr);
250
251 dcr = readl(imxdi->ioaddr + DCR);
252
253 if (dcr & DCR_FSHL) {
254 /* we are out of luck */
255 di_what_is_to_be_done(imxdi, "battery");
256 return -ENODEV;
257 }
258 /*
259 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
260 * into the "NON-VALID STATE" + "FAILURE STATE"
261 */
262 di_what_is_to_be_done(imxdi, "main");
263
264 return -ENODEV;
265}
266
267static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
268{
269 /* initialize alarm */
270 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
271 di_write_busy_wait(imxdi, 0, DCALR);
272
273 /* clear alarm flag */
274 if (dsr & DSR_CAF)
275 di_write_busy_wait(imxdi, DSR_CAF, DSR);
276
277 return 0;
278}
279
280static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
281{
282 u32 dcr, sec;
283
284 /*
285 * lets disable all sources which can force the DryIce unit into
286 * the "FAILURE STATE" for now
287 */
288 di_write_busy_wait(imxdi, 0x00000000, DTCR);
289 /* and lets protect them at runtime from any change */
290 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
291
292 sec = readl(imxdi->ioaddr + DTCMR);
293 if (sec != 0)
294 dev_warn(&imxdi->pdev->dev,
295 "The security violation has happened at %u seconds\n",
296 sec);
297 /*
298 * the timer cannot be set/modified if
299 * - the TCHL or TCSL bit is set in DCR
300 */
301 dcr = readl(imxdi->ioaddr + DCR);
302 if (!(dcr & DCR_TCE)) {
303 if (dcr & DCR_TCHL) {
304 /* we are out of luck */
305 di_what_is_to_be_done(imxdi, "battery");
306 return -ENODEV;
307 }
308 if (dcr & DCR_TCSL) {
309 di_what_is_to_be_done(imxdi, "main");
310 return -ENODEV;
311 }
312 }
313 /*
314 * - the timer counter stops/is stopped if
315 * - its overflow flag is set (TCO in DSR)
316 * -> clear overflow bit to make it count again
317 * - NVF is set in DSR
318 * -> clear non-valid bit to make it count again
319 * - its TCE (DCR) is cleared
320 * -> set TCE to make it count
321 * - it was never set before
322 * -> write a time into it (required again if the NVF was set)
323 */
324 /* state handled */
325 di_write_busy_wait(imxdi, DSR_NVF, DSR);
326 /* clear overflow flag */
327 di_write_busy_wait(imxdi, DSR_TCO, DSR);
328 /* enable the counter */
329 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
330 /* set and trigger it to make it count */
331 di_write_busy_wait(imxdi, sec, DTCMR);
332
333 /* now prepare for the valid state */
334 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
335}
336
337static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
338{
339 u32 dcr;
340
341 /*
342 * now we must first remove the tamper sources in order to get the
343 * device out of the "FAILURE STATE"
344 * To disable any of the following sources we need to modify the DTCR
345 */
346 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
347 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
348 dcr = __raw_readl(imxdi->ioaddr + DCR);
349 if (dcr & DCR_TDCHL) {
350 /*
351 * the tamper register is locked. We cannot disable the
352 * tamper detection. The TDCHL can only be reset by a
353 * DRYICE POR, but we cannot force a DRYICE POR in
354 * software because we are still in "FAILURE STATE".
355 * We need a DRYICE POR via battery power cycling....
356 */
357 /*
358 * out of luck!
359 * we cannot disable them without a DRYICE POR
360 */
361 di_what_is_to_be_done(imxdi, "battery");
362 return -ENODEV;
363 }
364 if (dcr & DCR_TDCSL) {
365 /* a soft lock can be removed by a SYSTEM POR */
366 di_what_is_to_be_done(imxdi, "main");
367 return -ENODEV;
368 }
369 }
370
371 /* disable all sources */
372 di_write_busy_wait(imxdi, 0x00000000, DTCR);
373
374 /* clear the status bits now */
375 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
376 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
377 DSR_MCO | DSR_TCO), DSR);
378
379 dsr = readl(imxdi->ioaddr + DSR);
380 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
381 DSR_WCF | DSR_WEF)) != 0)
382 dev_warn(&imxdi->pdev->dev,
383 "There are still some sources of pain in DSR: %08x!\n",
384 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
385 DSR_WCF | DSR_WEF));
386
387 /*
388 * now we are trying to clear the "Security-violation flag" to
389 * get the DryIce out of this state
390 */
391 di_write_busy_wait(imxdi, DSR_SVF, DSR);
392
393 /* success? */
394 dsr = readl(imxdi->ioaddr + DSR);
395 if (dsr & DSR_SVF) {
396 dev_crit(&imxdi->pdev->dev,
397 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
398 /* last resort */
399 di_what_is_to_be_done(imxdi, "battery");
400 return -ENODEV;
401 }
402
403 /*
404 * now we have left the "FAILURE STATE" and ending up in the
405 * "NON-VALID STATE" time to recover everything
406 */
407 return di_handle_invalid_state(imxdi, dsr);
408}
409
410static int di_handle_state(struct imxdi_dev *imxdi)
411{
412 int rc;
413 u32 dsr;
414
415 dsr = readl(imxdi->ioaddr + DSR);
416
417 switch (dsr & (DSR_NVF | DSR_SVF)) {
418 case DSR_NVF:
419 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
420 rc = di_handle_invalid_state(imxdi, dsr);
421 break;
422 case DSR_SVF:
423 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
424 rc = di_handle_failure_state(imxdi, dsr);
425 break;
426 case DSR_NVF | DSR_SVF:
427 dev_warn(&imxdi->pdev->dev,
428 "Failure+Invalid stated unit detected\n");
429 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
430 break;
431 default:
432 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
433 rc = di_handle_valid_state(imxdi, dsr);
434 }
435
436 return rc;
437}
438
439/*
440 * enable a dryice interrupt
441 */
442static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
443{
444 unsigned long flags;
445
446 spin_lock_irqsave(&imxdi->irq_lock, flags);
447 writel(readl(imxdi->ioaddr + DIER) | intr,
448 imxdi->ioaddr + DIER);
449 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
450}
451
452/*
453 * disable a dryice interrupt
454 */
455static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
456{
457 unsigned long flags;
458
459 spin_lock_irqsave(&imxdi->irq_lock, flags);
460 writel(readl(imxdi->ioaddr + DIER) & ~intr,
461 imxdi->ioaddr + DIER);
462 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
463}
464
465/*
466 * This function attempts to clear the dryice write-error flag.
467 *
468 * A dryice write error is similar to a bus fault and should not occur in
469 * normal operation. Clearing the flag requires another write, so the root
470 * cause of the problem may need to be fixed before the flag can be cleared.
471 */
472static void clear_write_error(struct imxdi_dev *imxdi)
473{
474 int cnt;
475
476 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
477
478 /* clear the write error flag */
479 writel(DSR_WEF, imxdi->ioaddr + DSR);
480
481 /* wait for it to take effect */
482 for (cnt = 0; cnt < 1000; cnt++) {
483 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
484 return;
485 udelay(10);
486 }
487 dev_err(&imxdi->pdev->dev,
488 "ERROR: Cannot clear write-error flag!\n");
489}
490
491/*
492 * Write a dryice register and wait until it completes.
493 *
494 * This function uses interrupts to determine when the
495 * write has completed.
496 */
497static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
498{
499 int ret;
500 int rc = 0;
501
502 /* serialize register writes */
503 mutex_lock(&imxdi->write_mutex);
504
505 /* enable the write-complete interrupt */
506 di_int_enable(imxdi, DIER_WCIE);
507
508 imxdi->dsr = 0;
509
510 /* do the register write */
511 writel(val, imxdi->ioaddr + reg);
512
513 /* wait for the write to finish */
514 ret = wait_event_interruptible_timeout(imxdi->write_wait,
515 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
516 if (ret < 0) {
517 rc = ret;
518 goto out;
519 } else if (ret == 0) {
520 dev_warn(&imxdi->pdev->dev,
521 "Write-wait timeout "
522 "val = 0x%08x reg = 0x%08x\n", val, reg);
523 }
524
525 /* check for write error */
526 if (imxdi->dsr & DSR_WEF) {
527 clear_write_error(imxdi);
528 rc = -EIO;
529 }
530
531out:
532 mutex_unlock(&imxdi->write_mutex);
533
534 return rc;
535}
536
537/*
538 * read the seconds portion of the current time from the dryice time counter
539 */
540static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
541{
542 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
543 unsigned long now;
544
545 now = readl(imxdi->ioaddr + DTCMR);
546 rtc_time64_to_tm(now, tm);
547
548 return 0;
549}
550
551/*
552 * set the seconds portion of dryice time counter and clear the
553 * fractional part.
554 */
555static int dryice_rtc_set_time(struct device *dev, struct rtc_time *tm)
556{
557 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
558 u32 dcr, dsr;
559 int rc;
560
561 dcr = readl(imxdi->ioaddr + DCR);
562 dsr = readl(imxdi->ioaddr + DSR);
563
564 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
565 if (dcr & DCR_TCHL) {
566 /* we are even more out of luck */
567 di_what_is_to_be_done(imxdi, "battery");
568 return -EPERM;
569 }
570 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
571 /* we are out of luck for now */
572 di_what_is_to_be_done(imxdi, "main");
573 return -EPERM;
574 }
575 }
576
577 /* zero the fractional part first */
578 rc = di_write_wait(imxdi, 0, DTCLR);
579 if (rc != 0)
580 return rc;
581
582 rc = di_write_wait(imxdi, rtc_tm_to_time64(tm), DTCMR);
583 if (rc != 0)
584 return rc;
585
586 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
587}
588
589static int dryice_rtc_alarm_irq_enable(struct device *dev,
590 unsigned int enabled)
591{
592 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
593
594 if (enabled)
595 di_int_enable(imxdi, DIER_CAIE);
596 else
597 di_int_disable(imxdi, DIER_CAIE);
598
599 return 0;
600}
601
602/*
603 * read the seconds portion of the alarm register.
604 * the fractional part of the alarm register is always zero.
605 */
606static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
607{
608 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
609 u32 dcamr;
610
611 dcamr = readl(imxdi->ioaddr + DCAMR);
612 rtc_time64_to_tm(dcamr, &alarm->time);
613
614 /* alarm is enabled if the interrupt is enabled */
615 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
616
617 /* don't allow the DSR read to mess up DSR_WCF */
618 mutex_lock(&imxdi->write_mutex);
619
620 /* alarm is pending if the alarm flag is set */
621 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
622
623 mutex_unlock(&imxdi->write_mutex);
624
625 return 0;
626}
627
628/*
629 * set the seconds portion of dryice alarm register
630 */
631static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
632{
633 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
634 int rc;
635
636 /* write the new alarm time */
637 rc = di_write_wait(imxdi, rtc_tm_to_time64(&alarm->time), DCAMR);
638 if (rc)
639 return rc;
640
641 if (alarm->enabled)
642 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
643 else
644 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
645
646 return 0;
647}
648
649static const struct rtc_class_ops dryice_rtc_ops = {
650 .read_time = dryice_rtc_read_time,
651 .set_time = dryice_rtc_set_time,
652 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
653 .read_alarm = dryice_rtc_read_alarm,
654 .set_alarm = dryice_rtc_set_alarm,
655};
656
657/*
658 * interrupt handler for dryice "normal" and security violation interrupt
659 */
660static irqreturn_t dryice_irq(int irq, void *dev_id)
661{
662 struct imxdi_dev *imxdi = dev_id;
663 u32 dsr, dier;
664 irqreturn_t rc = IRQ_NONE;
665
666 dier = readl(imxdi->ioaddr + DIER);
667 dsr = readl(imxdi->ioaddr + DSR);
668
669 /* handle the security violation event */
670 if (dier & DIER_SVIE) {
671 if (dsr & DSR_SVF) {
672 /*
673 * Disable the interrupt when this kind of event has
674 * happened.
675 * There cannot be more than one event of this type,
676 * because it needs a complex state change
677 * including a main power cycle to get again out of
678 * this state.
679 */
680 di_int_disable(imxdi, DIER_SVIE);
681 /* report the violation */
682 di_report_tamper_info(imxdi, dsr);
683 rc = IRQ_HANDLED;
684 }
685 }
686
687 /* handle write complete and write error cases */
688 if (dier & DIER_WCIE) {
689 /*If the write wait queue is empty then there is no pending
690 operations. It means the interrupt is for DryIce -Security.
691 IRQ must be returned as none.*/
692 if (list_empty_careful(&imxdi->write_wait.head))
693 return rc;
694
695 /* DSR_WCF clears itself on DSR read */
696 if (dsr & (DSR_WCF | DSR_WEF)) {
697 /* mask the interrupt */
698 di_int_disable(imxdi, DIER_WCIE);
699
700 /* save the dsr value for the wait queue */
701 imxdi->dsr |= dsr;
702
703 wake_up_interruptible(&imxdi->write_wait);
704 rc = IRQ_HANDLED;
705 }
706 }
707
708 /* handle the alarm case */
709 if (dier & DIER_CAIE) {
710 /* DSR_WCF clears itself on DSR read */
711 if (dsr & DSR_CAF) {
712 /* mask the interrupt */
713 di_int_disable(imxdi, DIER_CAIE);
714
715 /* finish alarm in user context */
716 schedule_work(&imxdi->work);
717 rc = IRQ_HANDLED;
718 }
719 }
720 return rc;
721}
722
723/*
724 * post the alarm event from user context so it can sleep
725 * on the write completion.
726 */
727static void dryice_work(struct work_struct *work)
728{
729 struct imxdi_dev *imxdi = container_of(work,
730 struct imxdi_dev, work);
731
732 /* dismiss the interrupt (ignore error) */
733 di_write_wait(imxdi, DSR_CAF, DSR);
734
735 /* pass the alarm event to the rtc framework. */
736 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
737}
738
739/*
740 * probe for dryice rtc device
741 */
742static int __init dryice_rtc_probe(struct platform_device *pdev)
743{
744 struct imxdi_dev *imxdi;
745 int norm_irq, sec_irq;
746 int rc;
747
748 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
749 if (!imxdi)
750 return -ENOMEM;
751
752 imxdi->pdev = pdev;
753
754 imxdi->ioaddr = devm_platform_ioremap_resource(pdev, 0);
755 if (IS_ERR(imxdi->ioaddr))
756 return PTR_ERR(imxdi->ioaddr);
757
758 spin_lock_init(&imxdi->irq_lock);
759
760 norm_irq = platform_get_irq(pdev, 0);
761 if (norm_irq < 0)
762 return norm_irq;
763
764 /* the 2nd irq is the security violation irq
765 * make this optional, don't break the device tree ABI
766 */
767 sec_irq = platform_get_irq(pdev, 1);
768 if (sec_irq <= 0)
769 sec_irq = IRQ_NOTCONNECTED;
770
771 init_waitqueue_head(&imxdi->write_wait);
772
773 INIT_WORK(&imxdi->work, dryice_work);
774
775 mutex_init(&imxdi->write_mutex);
776
777 imxdi->rtc = devm_rtc_allocate_device(&pdev->dev);
778 if (IS_ERR(imxdi->rtc))
779 return PTR_ERR(imxdi->rtc);
780
781 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
782 if (IS_ERR(imxdi->clk))
783 return PTR_ERR(imxdi->clk);
784 rc = clk_prepare_enable(imxdi->clk);
785 if (rc)
786 return rc;
787
788 /*
789 * Initialize dryice hardware
790 */
791
792 /* mask all interrupts */
793 writel(0, imxdi->ioaddr + DIER);
794
795 rc = di_handle_state(imxdi);
796 if (rc != 0)
797 goto err;
798
799 rc = devm_request_irq(&pdev->dev, norm_irq, dryice_irq,
800 IRQF_SHARED, pdev->name, imxdi);
801 if (rc) {
802 dev_warn(&pdev->dev, "interrupt not available.\n");
803 goto err;
804 }
805
806 rc = devm_request_irq(&pdev->dev, sec_irq, dryice_irq,
807 IRQF_SHARED, pdev->name, imxdi);
808 if (rc) {
809 dev_warn(&pdev->dev, "security violation interrupt not available.\n");
810 /* this is not an error, see above */
811 }
812
813 platform_set_drvdata(pdev, imxdi);
814
815 device_init_wakeup(&pdev->dev, true);
816 dev_pm_set_wake_irq(&pdev->dev, norm_irq);
817
818 imxdi->rtc->ops = &dryice_rtc_ops;
819 imxdi->rtc->range_max = U32_MAX;
820
821 rc = devm_rtc_register_device(imxdi->rtc);
822 if (rc)
823 goto err;
824
825 return 0;
826
827err:
828 clk_disable_unprepare(imxdi->clk);
829
830 return rc;
831}
832
833static void __exit dryice_rtc_remove(struct platform_device *pdev)
834{
835 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
836
837 flush_work(&imxdi->work);
838
839 /* mask all interrupts */
840 writel(0, imxdi->ioaddr + DIER);
841
842 clk_disable_unprepare(imxdi->clk);
843}
844
845static const struct of_device_id dryice_dt_ids[] = {
846 { .compatible = "fsl,imx25-rtc" },
847 { /* sentinel */ }
848};
849
850MODULE_DEVICE_TABLE(of, dryice_dt_ids);
851
852/*
853 * dryice_rtc_remove() lives in .exit.text. For drivers registered via
854 * module_platform_driver_probe() this is ok because they cannot get unbound at
855 * runtime. So mark the driver struct with __refdata to prevent modpost
856 * triggering a section mismatch warning.
857 */
858static struct platform_driver dryice_rtc_driver __refdata = {
859 .driver = {
860 .name = "imxdi_rtc",
861 .of_match_table = dryice_dt_ids,
862 },
863 .remove = __exit_p(dryice_rtc_remove),
864};
865
866module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
867
868MODULE_AUTHOR("Freescale Semiconductor, Inc.");
869MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
870MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
871MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright 2008-2009 Freescale Semiconductor, Inc. All Rights Reserved.
4 * Copyright 2010 Orex Computed Radiography
5 */
6
7/*
8 * This driver uses the 47-bit 32 kHz counter in the Freescale DryIce block
9 * to implement a Linux RTC. Times and alarms are truncated to seconds.
10 * Since the RTC framework performs API locking via rtc->ops_lock the
11 * only simultaneous accesses we need to deal with is updating DryIce
12 * registers while servicing an alarm.
13 *
14 * Note that reading the DSR (DryIce Status Register) automatically clears
15 * the WCF (Write Complete Flag). All DryIce writes are synchronized to the
16 * LP (Low Power) domain and set the WCF upon completion. Writes to the
17 * DIER (DryIce Interrupt Enable Register) are the only exception. These
18 * occur at normal bus speeds and do not set WCF. Periodic interrupts are
19 * not supported by the hardware.
20 */
21
22#include <linux/io.h>
23#include <linux/clk.h>
24#include <linux/delay.h>
25#include <linux/module.h>
26#include <linux/platform_device.h>
27#include <linux/rtc.h>
28#include <linux/sched.h>
29#include <linux/spinlock.h>
30#include <linux/workqueue.h>
31#include <linux/of.h>
32
33/* DryIce Register Definitions */
34
35#define DTCMR 0x00 /* Time Counter MSB Reg */
36#define DTCLR 0x04 /* Time Counter LSB Reg */
37
38#define DCAMR 0x08 /* Clock Alarm MSB Reg */
39#define DCALR 0x0c /* Clock Alarm LSB Reg */
40#define DCAMR_UNSET 0xFFFFFFFF /* doomsday - 1 sec */
41
42#define DCR 0x10 /* Control Reg */
43#define DCR_TDCHL (1 << 30) /* Tamper-detect configuration hard lock */
44#define DCR_TDCSL (1 << 29) /* Tamper-detect configuration soft lock */
45#define DCR_KSSL (1 << 27) /* Key-select soft lock */
46#define DCR_MCHL (1 << 20) /* Monotonic-counter hard lock */
47#define DCR_MCSL (1 << 19) /* Monotonic-counter soft lock */
48#define DCR_TCHL (1 << 18) /* Timer-counter hard lock */
49#define DCR_TCSL (1 << 17) /* Timer-counter soft lock */
50#define DCR_FSHL (1 << 16) /* Failure state hard lock */
51#define DCR_TCE (1 << 3) /* Time Counter Enable */
52#define DCR_MCE (1 << 2) /* Monotonic Counter Enable */
53
54#define DSR 0x14 /* Status Reg */
55#define DSR_WTD (1 << 23) /* Wire-mesh tamper detected */
56#define DSR_ETBD (1 << 22) /* External tamper B detected */
57#define DSR_ETAD (1 << 21) /* External tamper A detected */
58#define DSR_EBD (1 << 20) /* External boot detected */
59#define DSR_SAD (1 << 19) /* SCC alarm detected */
60#define DSR_TTD (1 << 18) /* Temperature tamper detected */
61#define DSR_CTD (1 << 17) /* Clock tamper detected */
62#define DSR_VTD (1 << 16) /* Voltage tamper detected */
63#define DSR_WBF (1 << 10) /* Write Busy Flag (synchronous) */
64#define DSR_WNF (1 << 9) /* Write Next Flag (synchronous) */
65#define DSR_WCF (1 << 8) /* Write Complete Flag (synchronous)*/
66#define DSR_WEF (1 << 7) /* Write Error Flag */
67#define DSR_CAF (1 << 4) /* Clock Alarm Flag */
68#define DSR_MCO (1 << 3) /* monotonic counter overflow */
69#define DSR_TCO (1 << 2) /* time counter overflow */
70#define DSR_NVF (1 << 1) /* Non-Valid Flag */
71#define DSR_SVF (1 << 0) /* Security Violation Flag */
72
73#define DIER 0x18 /* Interrupt Enable Reg (synchronous) */
74#define DIER_WNIE (1 << 9) /* Write Next Interrupt Enable */
75#define DIER_WCIE (1 << 8) /* Write Complete Interrupt Enable */
76#define DIER_WEIE (1 << 7) /* Write Error Interrupt Enable */
77#define DIER_CAIE (1 << 4) /* Clock Alarm Interrupt Enable */
78#define DIER_SVIE (1 << 0) /* Security-violation Interrupt Enable */
79
80#define DMCR 0x1c /* DryIce Monotonic Counter Reg */
81
82#define DTCR 0x28 /* DryIce Tamper Configuration Reg */
83#define DTCR_MOE (1 << 9) /* monotonic overflow enabled */
84#define DTCR_TOE (1 << 8) /* time overflow enabled */
85#define DTCR_WTE (1 << 7) /* wire-mesh tamper enabled */
86#define DTCR_ETBE (1 << 6) /* external B tamper enabled */
87#define DTCR_ETAE (1 << 5) /* external A tamper enabled */
88#define DTCR_EBE (1 << 4) /* external boot tamper enabled */
89#define DTCR_SAIE (1 << 3) /* SCC enabled */
90#define DTCR_TTE (1 << 2) /* temperature tamper enabled */
91#define DTCR_CTE (1 << 1) /* clock tamper enabled */
92#define DTCR_VTE (1 << 0) /* voltage tamper enabled */
93
94#define DGPR 0x3c /* DryIce General Purpose Reg */
95
96/**
97 * struct imxdi_dev - private imxdi rtc data
98 * @pdev: pointer to platform dev
99 * @rtc: pointer to rtc struct
100 * @ioaddr: IO registers pointer
101 * @clk: input reference clock
102 * @dsr: copy of the DSR register
103 * @irq_lock: interrupt enable register (DIER) lock
104 * @write_wait: registers write complete queue
105 * @write_mutex: serialize registers write
106 * @work: schedule alarm work
107 */
108struct imxdi_dev {
109 struct platform_device *pdev;
110 struct rtc_device *rtc;
111 void __iomem *ioaddr;
112 struct clk *clk;
113 u32 dsr;
114 spinlock_t irq_lock;
115 wait_queue_head_t write_wait;
116 struct mutex write_mutex;
117 struct work_struct work;
118};
119
120/* Some background:
121 *
122 * The DryIce unit is a complex security/tamper monitor device. To be able do
123 * its job in a useful manner it runs a bigger statemachine to bring it into
124 * security/tamper failure state and once again to bring it out of this state.
125 *
126 * This unit can be in one of three states:
127 *
128 * - "NON-VALID STATE"
129 * always after the battery power was removed
130 * - "FAILURE STATE"
131 * if one of the enabled security events has happened
132 * - "VALID STATE"
133 * if the unit works as expected
134 *
135 * Everything stops when the unit enters the failure state including the RTC
136 * counter (to be able to detect the time the security event happened).
137 *
138 * The following events (when enabled) let the DryIce unit enter the failure
139 * state:
140 *
141 * - wire-mesh-tamper detect
142 * - external tamper B detect
143 * - external tamper A detect
144 * - temperature tamper detect
145 * - clock tamper detect
146 * - voltage tamper detect
147 * - RTC counter overflow
148 * - monotonic counter overflow
149 * - external boot
150 *
151 * If we find the DryIce unit in "FAILURE STATE" and the TDCHL cleared, we
152 * can only detect this state. In this case the unit is completely locked and
153 * must force a second "SYSTEM POR" to bring the DryIce into the
154 * "NON-VALID STATE" + "FAILURE STATE" where a recovery is possible.
155 * If the TDCHL is set in the "FAILURE STATE" we are out of luck. In this case
156 * a battery power cycle is required.
157 *
158 * In the "NON-VALID STATE" + "FAILURE STATE" we can clear the "FAILURE STATE"
159 * and recover the DryIce unit. By clearing the "NON-VALID STATE" as the last
160 * task, we bring back this unit into life.
161 */
162
163/*
164 * Do a write into the unit without interrupt support.
165 * We do not need to check the WEF here, because the only reason this kind of
166 * write error can happen is if we write to the unit twice within the 122 us
167 * interval. This cannot happen, since we are using this function only while
168 * setting up the unit.
169 */
170static void di_write_busy_wait(const struct imxdi_dev *imxdi, u32 val,
171 unsigned reg)
172{
173 /* do the register write */
174 writel(val, imxdi->ioaddr + reg);
175
176 /*
177 * now it takes four 32,768 kHz clock cycles to take
178 * the change into effect = 122 us
179 */
180 usleep_range(130, 200);
181}
182
183static void di_report_tamper_info(struct imxdi_dev *imxdi, u32 dsr)
184{
185 u32 dtcr;
186
187 dtcr = readl(imxdi->ioaddr + DTCR);
188
189 dev_emerg(&imxdi->pdev->dev, "DryIce tamper event detected\n");
190 /* the following flags force a transition into the "FAILURE STATE" */
191 if (dsr & DSR_VTD)
192 dev_emerg(&imxdi->pdev->dev, "%sVoltage Tamper Event\n",
193 dtcr & DTCR_VTE ? "" : "Spurious ");
194
195 if (dsr & DSR_CTD)
196 dev_emerg(&imxdi->pdev->dev, "%s32768 Hz Clock Tamper Event\n",
197 dtcr & DTCR_CTE ? "" : "Spurious ");
198
199 if (dsr & DSR_TTD)
200 dev_emerg(&imxdi->pdev->dev, "%sTemperature Tamper Event\n",
201 dtcr & DTCR_TTE ? "" : "Spurious ");
202
203 if (dsr & DSR_SAD)
204 dev_emerg(&imxdi->pdev->dev,
205 "%sSecure Controller Alarm Event\n",
206 dtcr & DTCR_SAIE ? "" : "Spurious ");
207
208 if (dsr & DSR_EBD)
209 dev_emerg(&imxdi->pdev->dev, "%sExternal Boot Tamper Event\n",
210 dtcr & DTCR_EBE ? "" : "Spurious ");
211
212 if (dsr & DSR_ETAD)
213 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper A Event\n",
214 dtcr & DTCR_ETAE ? "" : "Spurious ");
215
216 if (dsr & DSR_ETBD)
217 dev_emerg(&imxdi->pdev->dev, "%sExternal Tamper B Event\n",
218 dtcr & DTCR_ETBE ? "" : "Spurious ");
219
220 if (dsr & DSR_WTD)
221 dev_emerg(&imxdi->pdev->dev, "%sWire-mesh Tamper Event\n",
222 dtcr & DTCR_WTE ? "" : "Spurious ");
223
224 if (dsr & DSR_MCO)
225 dev_emerg(&imxdi->pdev->dev,
226 "%sMonotonic-counter Overflow Event\n",
227 dtcr & DTCR_MOE ? "" : "Spurious ");
228
229 if (dsr & DSR_TCO)
230 dev_emerg(&imxdi->pdev->dev, "%sTimer-counter Overflow Event\n",
231 dtcr & DTCR_TOE ? "" : "Spurious ");
232}
233
234static void di_what_is_to_be_done(struct imxdi_dev *imxdi,
235 const char *power_supply)
236{
237 dev_emerg(&imxdi->pdev->dev, "Please cycle the %s power supply in order to get the DryIce/RTC unit working again\n",
238 power_supply);
239}
240
241static int di_handle_failure_state(struct imxdi_dev *imxdi, u32 dsr)
242{
243 u32 dcr;
244
245 dev_dbg(&imxdi->pdev->dev, "DSR register reports: %08X\n", dsr);
246
247 /* report the cause */
248 di_report_tamper_info(imxdi, dsr);
249
250 dcr = readl(imxdi->ioaddr + DCR);
251
252 if (dcr & DCR_FSHL) {
253 /* we are out of luck */
254 di_what_is_to_be_done(imxdi, "battery");
255 return -ENODEV;
256 }
257 /*
258 * with the next SYSTEM POR we will transit from the "FAILURE STATE"
259 * into the "NON-VALID STATE" + "FAILURE STATE"
260 */
261 di_what_is_to_be_done(imxdi, "main");
262
263 return -ENODEV;
264}
265
266static int di_handle_valid_state(struct imxdi_dev *imxdi, u32 dsr)
267{
268 /* initialize alarm */
269 di_write_busy_wait(imxdi, DCAMR_UNSET, DCAMR);
270 di_write_busy_wait(imxdi, 0, DCALR);
271
272 /* clear alarm flag */
273 if (dsr & DSR_CAF)
274 di_write_busy_wait(imxdi, DSR_CAF, DSR);
275
276 return 0;
277}
278
279static int di_handle_invalid_state(struct imxdi_dev *imxdi, u32 dsr)
280{
281 u32 dcr, sec;
282
283 /*
284 * lets disable all sources which can force the DryIce unit into
285 * the "FAILURE STATE" for now
286 */
287 di_write_busy_wait(imxdi, 0x00000000, DTCR);
288 /* and lets protect them at runtime from any change */
289 di_write_busy_wait(imxdi, DCR_TDCSL, DCR);
290
291 sec = readl(imxdi->ioaddr + DTCMR);
292 if (sec != 0)
293 dev_warn(&imxdi->pdev->dev,
294 "The security violation has happened at %u seconds\n",
295 sec);
296 /*
297 * the timer cannot be set/modified if
298 * - the TCHL or TCSL bit is set in DCR
299 */
300 dcr = readl(imxdi->ioaddr + DCR);
301 if (!(dcr & DCR_TCE)) {
302 if (dcr & DCR_TCHL) {
303 /* we are out of luck */
304 di_what_is_to_be_done(imxdi, "battery");
305 return -ENODEV;
306 }
307 if (dcr & DCR_TCSL) {
308 di_what_is_to_be_done(imxdi, "main");
309 return -ENODEV;
310 }
311 }
312 /*
313 * - the timer counter stops/is stopped if
314 * - its overflow flag is set (TCO in DSR)
315 * -> clear overflow bit to make it count again
316 * - NVF is set in DSR
317 * -> clear non-valid bit to make it count again
318 * - its TCE (DCR) is cleared
319 * -> set TCE to make it count
320 * - it was never set before
321 * -> write a time into it (required again if the NVF was set)
322 */
323 /* state handled */
324 di_write_busy_wait(imxdi, DSR_NVF, DSR);
325 /* clear overflow flag */
326 di_write_busy_wait(imxdi, DSR_TCO, DSR);
327 /* enable the counter */
328 di_write_busy_wait(imxdi, dcr | DCR_TCE, DCR);
329 /* set and trigger it to make it count */
330 di_write_busy_wait(imxdi, sec, DTCMR);
331
332 /* now prepare for the valid state */
333 return di_handle_valid_state(imxdi, __raw_readl(imxdi->ioaddr + DSR));
334}
335
336static int di_handle_invalid_and_failure_state(struct imxdi_dev *imxdi, u32 dsr)
337{
338 u32 dcr;
339
340 /*
341 * now we must first remove the tamper sources in order to get the
342 * device out of the "FAILURE STATE"
343 * To disable any of the following sources we need to modify the DTCR
344 */
345 if (dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD | DSR_EBD | DSR_SAD |
346 DSR_TTD | DSR_CTD | DSR_VTD | DSR_MCO | DSR_TCO)) {
347 dcr = __raw_readl(imxdi->ioaddr + DCR);
348 if (dcr & DCR_TDCHL) {
349 /*
350 * the tamper register is locked. We cannot disable the
351 * tamper detection. The TDCHL can only be reset by a
352 * DRYICE POR, but we cannot force a DRYICE POR in
353 * software because we are still in "FAILURE STATE".
354 * We need a DRYICE POR via battery power cycling....
355 */
356 /*
357 * out of luck!
358 * we cannot disable them without a DRYICE POR
359 */
360 di_what_is_to_be_done(imxdi, "battery");
361 return -ENODEV;
362 }
363 if (dcr & DCR_TDCSL) {
364 /* a soft lock can be removed by a SYSTEM POR */
365 di_what_is_to_be_done(imxdi, "main");
366 return -ENODEV;
367 }
368 }
369
370 /* disable all sources */
371 di_write_busy_wait(imxdi, 0x00000000, DTCR);
372
373 /* clear the status bits now */
374 di_write_busy_wait(imxdi, dsr & (DSR_WTD | DSR_ETBD | DSR_ETAD |
375 DSR_EBD | DSR_SAD | DSR_TTD | DSR_CTD | DSR_VTD |
376 DSR_MCO | DSR_TCO), DSR);
377
378 dsr = readl(imxdi->ioaddr + DSR);
379 if ((dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
380 DSR_WCF | DSR_WEF)) != 0)
381 dev_warn(&imxdi->pdev->dev,
382 "There are still some sources of pain in DSR: %08x!\n",
383 dsr & ~(DSR_NVF | DSR_SVF | DSR_WBF | DSR_WNF |
384 DSR_WCF | DSR_WEF));
385
386 /*
387 * now we are trying to clear the "Security-violation flag" to
388 * get the DryIce out of this state
389 */
390 di_write_busy_wait(imxdi, DSR_SVF, DSR);
391
392 /* success? */
393 dsr = readl(imxdi->ioaddr + DSR);
394 if (dsr & DSR_SVF) {
395 dev_crit(&imxdi->pdev->dev,
396 "Cannot clear the security violation flag. We are ending up in an endless loop!\n");
397 /* last resort */
398 di_what_is_to_be_done(imxdi, "battery");
399 return -ENODEV;
400 }
401
402 /*
403 * now we have left the "FAILURE STATE" and ending up in the
404 * "NON-VALID STATE" time to recover everything
405 */
406 return di_handle_invalid_state(imxdi, dsr);
407}
408
409static int di_handle_state(struct imxdi_dev *imxdi)
410{
411 int rc;
412 u32 dsr;
413
414 dsr = readl(imxdi->ioaddr + DSR);
415
416 switch (dsr & (DSR_NVF | DSR_SVF)) {
417 case DSR_NVF:
418 dev_warn(&imxdi->pdev->dev, "Invalid stated unit detected\n");
419 rc = di_handle_invalid_state(imxdi, dsr);
420 break;
421 case DSR_SVF:
422 dev_warn(&imxdi->pdev->dev, "Failure stated unit detected\n");
423 rc = di_handle_failure_state(imxdi, dsr);
424 break;
425 case DSR_NVF | DSR_SVF:
426 dev_warn(&imxdi->pdev->dev,
427 "Failure+Invalid stated unit detected\n");
428 rc = di_handle_invalid_and_failure_state(imxdi, dsr);
429 break;
430 default:
431 dev_notice(&imxdi->pdev->dev, "Unlocked unit detected\n");
432 rc = di_handle_valid_state(imxdi, dsr);
433 }
434
435 return rc;
436}
437
438/*
439 * enable a dryice interrupt
440 */
441static void di_int_enable(struct imxdi_dev *imxdi, u32 intr)
442{
443 unsigned long flags;
444
445 spin_lock_irqsave(&imxdi->irq_lock, flags);
446 writel(readl(imxdi->ioaddr + DIER) | intr,
447 imxdi->ioaddr + DIER);
448 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
449}
450
451/*
452 * disable a dryice interrupt
453 */
454static void di_int_disable(struct imxdi_dev *imxdi, u32 intr)
455{
456 unsigned long flags;
457
458 spin_lock_irqsave(&imxdi->irq_lock, flags);
459 writel(readl(imxdi->ioaddr + DIER) & ~intr,
460 imxdi->ioaddr + DIER);
461 spin_unlock_irqrestore(&imxdi->irq_lock, flags);
462}
463
464/*
465 * This function attempts to clear the dryice write-error flag.
466 *
467 * A dryice write error is similar to a bus fault and should not occur in
468 * normal operation. Clearing the flag requires another write, so the root
469 * cause of the problem may need to be fixed before the flag can be cleared.
470 */
471static void clear_write_error(struct imxdi_dev *imxdi)
472{
473 int cnt;
474
475 dev_warn(&imxdi->pdev->dev, "WARNING: Register write error!\n");
476
477 /* clear the write error flag */
478 writel(DSR_WEF, imxdi->ioaddr + DSR);
479
480 /* wait for it to take effect */
481 for (cnt = 0; cnt < 1000; cnt++) {
482 if ((readl(imxdi->ioaddr + DSR) & DSR_WEF) == 0)
483 return;
484 udelay(10);
485 }
486 dev_err(&imxdi->pdev->dev,
487 "ERROR: Cannot clear write-error flag!\n");
488}
489
490/*
491 * Write a dryice register and wait until it completes.
492 *
493 * This function uses interrupts to determine when the
494 * write has completed.
495 */
496static int di_write_wait(struct imxdi_dev *imxdi, u32 val, int reg)
497{
498 int ret;
499 int rc = 0;
500
501 /* serialize register writes */
502 mutex_lock(&imxdi->write_mutex);
503
504 /* enable the write-complete interrupt */
505 di_int_enable(imxdi, DIER_WCIE);
506
507 imxdi->dsr = 0;
508
509 /* do the register write */
510 writel(val, imxdi->ioaddr + reg);
511
512 /* wait for the write to finish */
513 ret = wait_event_interruptible_timeout(imxdi->write_wait,
514 imxdi->dsr & (DSR_WCF | DSR_WEF), msecs_to_jiffies(1));
515 if (ret < 0) {
516 rc = ret;
517 goto out;
518 } else if (ret == 0) {
519 dev_warn(&imxdi->pdev->dev,
520 "Write-wait timeout "
521 "val = 0x%08x reg = 0x%08x\n", val, reg);
522 }
523
524 /* check for write error */
525 if (imxdi->dsr & DSR_WEF) {
526 clear_write_error(imxdi);
527 rc = -EIO;
528 }
529
530out:
531 mutex_unlock(&imxdi->write_mutex);
532
533 return rc;
534}
535
536/*
537 * read the seconds portion of the current time from the dryice time counter
538 */
539static int dryice_rtc_read_time(struct device *dev, struct rtc_time *tm)
540{
541 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
542 unsigned long now;
543
544 now = readl(imxdi->ioaddr + DTCMR);
545 rtc_time64_to_tm(now, tm);
546
547 return 0;
548}
549
550/*
551 * set the seconds portion of dryice time counter and clear the
552 * fractional part.
553 */
554static int dryice_rtc_set_time(struct device *dev, struct rtc_time *tm)
555{
556 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
557 u32 dcr, dsr;
558 int rc;
559
560 dcr = readl(imxdi->ioaddr + DCR);
561 dsr = readl(imxdi->ioaddr + DSR);
562
563 if (!(dcr & DCR_TCE) || (dsr & DSR_SVF)) {
564 if (dcr & DCR_TCHL) {
565 /* we are even more out of luck */
566 di_what_is_to_be_done(imxdi, "battery");
567 return -EPERM;
568 }
569 if ((dcr & DCR_TCSL) || (dsr & DSR_SVF)) {
570 /* we are out of luck for now */
571 di_what_is_to_be_done(imxdi, "main");
572 return -EPERM;
573 }
574 }
575
576 /* zero the fractional part first */
577 rc = di_write_wait(imxdi, 0, DTCLR);
578 if (rc != 0)
579 return rc;
580
581 rc = di_write_wait(imxdi, rtc_tm_to_time64(tm), DTCMR);
582 if (rc != 0)
583 return rc;
584
585 return di_write_wait(imxdi, readl(imxdi->ioaddr + DCR) | DCR_TCE, DCR);
586}
587
588static int dryice_rtc_alarm_irq_enable(struct device *dev,
589 unsigned int enabled)
590{
591 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
592
593 if (enabled)
594 di_int_enable(imxdi, DIER_CAIE);
595 else
596 di_int_disable(imxdi, DIER_CAIE);
597
598 return 0;
599}
600
601/*
602 * read the seconds portion of the alarm register.
603 * the fractional part of the alarm register is always zero.
604 */
605static int dryice_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alarm)
606{
607 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
608 u32 dcamr;
609
610 dcamr = readl(imxdi->ioaddr + DCAMR);
611 rtc_time64_to_tm(dcamr, &alarm->time);
612
613 /* alarm is enabled if the interrupt is enabled */
614 alarm->enabled = (readl(imxdi->ioaddr + DIER) & DIER_CAIE) != 0;
615
616 /* don't allow the DSR read to mess up DSR_WCF */
617 mutex_lock(&imxdi->write_mutex);
618
619 /* alarm is pending if the alarm flag is set */
620 alarm->pending = (readl(imxdi->ioaddr + DSR) & DSR_CAF) != 0;
621
622 mutex_unlock(&imxdi->write_mutex);
623
624 return 0;
625}
626
627/*
628 * set the seconds portion of dryice alarm register
629 */
630static int dryice_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alarm)
631{
632 struct imxdi_dev *imxdi = dev_get_drvdata(dev);
633 int rc;
634
635 /* write the new alarm time */
636 rc = di_write_wait(imxdi, rtc_tm_to_time64(&alarm->time), DCAMR);
637 if (rc)
638 return rc;
639
640 if (alarm->enabled)
641 di_int_enable(imxdi, DIER_CAIE); /* enable alarm intr */
642 else
643 di_int_disable(imxdi, DIER_CAIE); /* disable alarm intr */
644
645 return 0;
646}
647
648static const struct rtc_class_ops dryice_rtc_ops = {
649 .read_time = dryice_rtc_read_time,
650 .set_time = dryice_rtc_set_time,
651 .alarm_irq_enable = dryice_rtc_alarm_irq_enable,
652 .read_alarm = dryice_rtc_read_alarm,
653 .set_alarm = dryice_rtc_set_alarm,
654};
655
656/*
657 * interrupt handler for dryice "normal" and security violation interrupt
658 */
659static irqreturn_t dryice_irq(int irq, void *dev_id)
660{
661 struct imxdi_dev *imxdi = dev_id;
662 u32 dsr, dier;
663 irqreturn_t rc = IRQ_NONE;
664
665 dier = readl(imxdi->ioaddr + DIER);
666 dsr = readl(imxdi->ioaddr + DSR);
667
668 /* handle the security violation event */
669 if (dier & DIER_SVIE) {
670 if (dsr & DSR_SVF) {
671 /*
672 * Disable the interrupt when this kind of event has
673 * happened.
674 * There cannot be more than one event of this type,
675 * because it needs a complex state change
676 * including a main power cycle to get again out of
677 * this state.
678 */
679 di_int_disable(imxdi, DIER_SVIE);
680 /* report the violation */
681 di_report_tamper_info(imxdi, dsr);
682 rc = IRQ_HANDLED;
683 }
684 }
685
686 /* handle write complete and write error cases */
687 if (dier & DIER_WCIE) {
688 /*If the write wait queue is empty then there is no pending
689 operations. It means the interrupt is for DryIce -Security.
690 IRQ must be returned as none.*/
691 if (list_empty_careful(&imxdi->write_wait.head))
692 return rc;
693
694 /* DSR_WCF clears itself on DSR read */
695 if (dsr & (DSR_WCF | DSR_WEF)) {
696 /* mask the interrupt */
697 di_int_disable(imxdi, DIER_WCIE);
698
699 /* save the dsr value for the wait queue */
700 imxdi->dsr |= dsr;
701
702 wake_up_interruptible(&imxdi->write_wait);
703 rc = IRQ_HANDLED;
704 }
705 }
706
707 /* handle the alarm case */
708 if (dier & DIER_CAIE) {
709 /* DSR_WCF clears itself on DSR read */
710 if (dsr & DSR_CAF) {
711 /* mask the interrupt */
712 di_int_disable(imxdi, DIER_CAIE);
713
714 /* finish alarm in user context */
715 schedule_work(&imxdi->work);
716 rc = IRQ_HANDLED;
717 }
718 }
719 return rc;
720}
721
722/*
723 * post the alarm event from user context so it can sleep
724 * on the write completion.
725 */
726static void dryice_work(struct work_struct *work)
727{
728 struct imxdi_dev *imxdi = container_of(work,
729 struct imxdi_dev, work);
730
731 /* dismiss the interrupt (ignore error) */
732 di_write_wait(imxdi, DSR_CAF, DSR);
733
734 /* pass the alarm event to the rtc framework. */
735 rtc_update_irq(imxdi->rtc, 1, RTC_AF | RTC_IRQF);
736}
737
738/*
739 * probe for dryice rtc device
740 */
741static int __init dryice_rtc_probe(struct platform_device *pdev)
742{
743 struct imxdi_dev *imxdi;
744 int norm_irq, sec_irq;
745 int rc;
746
747 imxdi = devm_kzalloc(&pdev->dev, sizeof(*imxdi), GFP_KERNEL);
748 if (!imxdi)
749 return -ENOMEM;
750
751 imxdi->pdev = pdev;
752
753 imxdi->ioaddr = devm_platform_ioremap_resource(pdev, 0);
754 if (IS_ERR(imxdi->ioaddr))
755 return PTR_ERR(imxdi->ioaddr);
756
757 spin_lock_init(&imxdi->irq_lock);
758
759 norm_irq = platform_get_irq(pdev, 0);
760 if (norm_irq < 0)
761 return norm_irq;
762
763 /* the 2nd irq is the security violation irq
764 * make this optional, don't break the device tree ABI
765 */
766 sec_irq = platform_get_irq(pdev, 1);
767 if (sec_irq <= 0)
768 sec_irq = IRQ_NOTCONNECTED;
769
770 init_waitqueue_head(&imxdi->write_wait);
771
772 INIT_WORK(&imxdi->work, dryice_work);
773
774 mutex_init(&imxdi->write_mutex);
775
776 imxdi->rtc = devm_rtc_allocate_device(&pdev->dev);
777 if (IS_ERR(imxdi->rtc))
778 return PTR_ERR(imxdi->rtc);
779
780 imxdi->clk = devm_clk_get(&pdev->dev, NULL);
781 if (IS_ERR(imxdi->clk))
782 return PTR_ERR(imxdi->clk);
783 rc = clk_prepare_enable(imxdi->clk);
784 if (rc)
785 return rc;
786
787 /*
788 * Initialize dryice hardware
789 */
790
791 /* mask all interrupts */
792 writel(0, imxdi->ioaddr + DIER);
793
794 rc = di_handle_state(imxdi);
795 if (rc != 0)
796 goto err;
797
798 rc = devm_request_irq(&pdev->dev, norm_irq, dryice_irq,
799 IRQF_SHARED, pdev->name, imxdi);
800 if (rc) {
801 dev_warn(&pdev->dev, "interrupt not available.\n");
802 goto err;
803 }
804
805 rc = devm_request_irq(&pdev->dev, sec_irq, dryice_irq,
806 IRQF_SHARED, pdev->name, imxdi);
807 if (rc) {
808 dev_warn(&pdev->dev, "security violation interrupt not available.\n");
809 /* this is not an error, see above */
810 }
811
812 platform_set_drvdata(pdev, imxdi);
813
814 imxdi->rtc->ops = &dryice_rtc_ops;
815 imxdi->rtc->range_max = U32_MAX;
816
817 rc = rtc_register_device(imxdi->rtc);
818 if (rc)
819 goto err;
820
821 return 0;
822
823err:
824 clk_disable_unprepare(imxdi->clk);
825
826 return rc;
827}
828
829static int __exit dryice_rtc_remove(struct platform_device *pdev)
830{
831 struct imxdi_dev *imxdi = platform_get_drvdata(pdev);
832
833 flush_work(&imxdi->work);
834
835 /* mask all interrupts */
836 writel(0, imxdi->ioaddr + DIER);
837
838 clk_disable_unprepare(imxdi->clk);
839
840 return 0;
841}
842
843#ifdef CONFIG_OF
844static const struct of_device_id dryice_dt_ids[] = {
845 { .compatible = "fsl,imx25-rtc" },
846 { /* sentinel */ }
847};
848
849MODULE_DEVICE_TABLE(of, dryice_dt_ids);
850#endif
851
852static struct platform_driver dryice_rtc_driver = {
853 .driver = {
854 .name = "imxdi_rtc",
855 .of_match_table = of_match_ptr(dryice_dt_ids),
856 },
857 .remove = __exit_p(dryice_rtc_remove),
858};
859
860module_platform_driver_probe(dryice_rtc_driver, dryice_rtc_probe);
861
862MODULE_AUTHOR("Freescale Semiconductor, Inc.");
863MODULE_AUTHOR("Baruch Siach <baruch@tkos.co.il>");
864MODULE_DESCRIPTION("IMX DryIce Realtime Clock Driver (RTC)");
865MODULE_LICENSE("GPL");