Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Intel MAX10 Board Management Controller Secure Update Driver
4 *
5 * Copyright (C) 2019-2022 Intel Corporation. All rights reserved.
6 *
7 */
8#include <linux/bitfield.h>
9#include <linux/device.h>
10#include <linux/firmware.h>
11#include <linux/mfd/intel-m10-bmc.h>
12#include <linux/mod_devicetable.h>
13#include <linux/module.h>
14#include <linux/platform_device.h>
15#include <linux/slab.h>
16
17struct m10bmc_sec;
18
19struct m10bmc_sec_ops {
20 int (*rsu_status)(struct m10bmc_sec *sec);
21};
22
23struct m10bmc_sec {
24 struct device *dev;
25 struct intel_m10bmc *m10bmc;
26 struct fw_upload *fwl;
27 char *fw_name;
28 u32 fw_name_id;
29 bool cancel_request;
30 const struct m10bmc_sec_ops *ops;
31};
32
33static DEFINE_XARRAY_ALLOC(fw_upload_xa);
34
35/* Root Entry Hash (REH) support */
36#define REH_SHA256_SIZE 32
37#define REH_SHA384_SIZE 48
38#define REH_MAGIC GENMASK(15, 0)
39#define REH_SHA_NUM_BYTES GENMASK(31, 16)
40
41static int m10bmc_sec_write(struct m10bmc_sec *sec, const u8 *buf, u32 offset, u32 size)
42{
43 struct intel_m10bmc *m10bmc = sec->m10bmc;
44 unsigned int stride = regmap_get_reg_stride(m10bmc->regmap);
45 u32 write_count = size / stride;
46 u32 leftover_offset = write_count * stride;
47 u32 leftover_size = size - leftover_offset;
48 u32 leftover_tmp = 0;
49 int ret;
50
51 if (sec->m10bmc->flash_bulk_ops)
52 return sec->m10bmc->flash_bulk_ops->write(m10bmc, buf, offset, size);
53
54 if (WARN_ON_ONCE(stride > sizeof(leftover_tmp)))
55 return -EINVAL;
56
57 ret = regmap_bulk_write(m10bmc->regmap, M10BMC_STAGING_BASE + offset,
58 buf + offset, write_count);
59 if (ret)
60 return ret;
61
62 /* If size is not aligned to stride, handle the remainder bytes with regmap_write() */
63 if (leftover_size) {
64 memcpy(&leftover_tmp, buf + leftover_offset, leftover_size);
65 ret = regmap_write(m10bmc->regmap, M10BMC_STAGING_BASE + offset + leftover_offset,
66 leftover_tmp);
67 if (ret)
68 return ret;
69 }
70
71 return 0;
72}
73
74static int m10bmc_sec_read(struct m10bmc_sec *sec, u8 *buf, u32 addr, u32 size)
75{
76 struct intel_m10bmc *m10bmc = sec->m10bmc;
77 unsigned int stride = regmap_get_reg_stride(m10bmc->regmap);
78 u32 read_count = size / stride;
79 u32 leftover_offset = read_count * stride;
80 u32 leftover_size = size - leftover_offset;
81 u32 leftover_tmp;
82 int ret;
83
84 if (sec->m10bmc->flash_bulk_ops)
85 return sec->m10bmc->flash_bulk_ops->read(m10bmc, buf, addr, size);
86
87 if (WARN_ON_ONCE(stride > sizeof(leftover_tmp)))
88 return -EINVAL;
89
90 ret = regmap_bulk_read(m10bmc->regmap, addr, buf, read_count);
91 if (ret)
92 return ret;
93
94 /* If size is not aligned to stride, handle the remainder bytes with regmap_read() */
95 if (leftover_size) {
96 ret = regmap_read(m10bmc->regmap, addr + leftover_offset, &leftover_tmp);
97 if (ret)
98 return ret;
99 memcpy(buf + leftover_offset, &leftover_tmp, leftover_size);
100 }
101
102 return 0;
103}
104
105
106static ssize_t
107show_root_entry_hash(struct device *dev, u32 exp_magic,
108 u32 prog_addr, u32 reh_addr, char *buf)
109{
110 struct m10bmc_sec *sec = dev_get_drvdata(dev);
111 int sha_num_bytes, i, ret, cnt = 0;
112 u8 hash[REH_SHA384_SIZE];
113 u32 magic;
114
115 ret = m10bmc_sec_read(sec, (u8 *)&magic, prog_addr, sizeof(magic));
116 if (ret)
117 return ret;
118
119 if (FIELD_GET(REH_MAGIC, magic) != exp_magic)
120 return sysfs_emit(buf, "hash not programmed\n");
121
122 sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8;
123 if (sha_num_bytes != REH_SHA256_SIZE &&
124 sha_num_bytes != REH_SHA384_SIZE) {
125 dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__,
126 sha_num_bytes);
127 return -EINVAL;
128 }
129
130 ret = m10bmc_sec_read(sec, hash, reh_addr, sha_num_bytes);
131 if (ret) {
132 dev_err(dev, "failed to read root entry hash\n");
133 return ret;
134 }
135
136 for (i = 0; i < sha_num_bytes; i++)
137 cnt += sprintf(buf + cnt, "%02x", hash[i]);
138 cnt += sprintf(buf + cnt, "\n");
139
140 return cnt;
141}
142
143#define DEVICE_ATTR_SEC_REH_RO(_name) \
144static ssize_t _name##_root_entry_hash_show(struct device *dev, \
145 struct device_attribute *attr, \
146 char *buf) \
147{ \
148 struct m10bmc_sec *sec = dev_get_drvdata(dev); \
149 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; \
150 \
151 return show_root_entry_hash(dev, csr_map->_name##_magic, \
152 csr_map->_name##_prog_addr, \
153 csr_map->_name##_reh_addr, \
154 buf); \
155} \
156static DEVICE_ATTR_RO(_name##_root_entry_hash)
157
158DEVICE_ATTR_SEC_REH_RO(bmc);
159DEVICE_ATTR_SEC_REH_RO(sr);
160DEVICE_ATTR_SEC_REH_RO(pr);
161
162#define CSK_BIT_LEN 128U
163#define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32)
164
165static ssize_t
166show_canceled_csk(struct device *dev, u32 addr, char *buf)
167{
168 unsigned int i, size = CSK_32ARRAY_SIZE * sizeof(u32);
169 struct m10bmc_sec *sec = dev_get_drvdata(dev);
170 DECLARE_BITMAP(csk_map, CSK_BIT_LEN);
171 __le32 csk_le32[CSK_32ARRAY_SIZE];
172 u32 csk32[CSK_32ARRAY_SIZE];
173 int ret;
174
175 ret = m10bmc_sec_read(sec, (u8 *)&csk_le32, addr, size);
176 if (ret) {
177 dev_err(sec->dev, "failed to read CSK vector\n");
178 return ret;
179 }
180
181 for (i = 0; i < CSK_32ARRAY_SIZE; i++)
182 csk32[i] = le32_to_cpu(((csk_le32[i])));
183
184 bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN);
185 bitmap_complement(csk_map, csk_map, CSK_BIT_LEN);
186 return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN);
187}
188
189#define DEVICE_ATTR_SEC_CSK_RO(_name) \
190static ssize_t _name##_canceled_csks_show(struct device *dev, \
191 struct device_attribute *attr, \
192 char *buf) \
193{ \
194 struct m10bmc_sec *sec = dev_get_drvdata(dev); \
195 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map; \
196 \
197 return show_canceled_csk(dev, \
198 csr_map->_name##_prog_addr + CSK_VEC_OFFSET, \
199 buf); \
200} \
201static DEVICE_ATTR_RO(_name##_canceled_csks)
202
203#define CSK_VEC_OFFSET 0x34
204
205DEVICE_ATTR_SEC_CSK_RO(bmc);
206DEVICE_ATTR_SEC_CSK_RO(sr);
207DEVICE_ATTR_SEC_CSK_RO(pr);
208
209#define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */
210
211static ssize_t flash_count_show(struct device *dev,
212 struct device_attribute *attr, char *buf)
213{
214 struct m10bmc_sec *sec = dev_get_drvdata(dev);
215 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
216 unsigned int num_bits;
217 u8 *flash_buf;
218 int cnt, ret;
219
220 num_bits = FLASH_COUNT_SIZE * 8;
221
222 flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL);
223 if (!flash_buf)
224 return -ENOMEM;
225
226 ret = m10bmc_sec_read(sec, flash_buf, csr_map->rsu_update_counter,
227 FLASH_COUNT_SIZE);
228 if (ret) {
229 dev_err(sec->dev, "failed to read flash count\n");
230 goto exit_free;
231 }
232 cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits);
233
234exit_free:
235 kfree(flash_buf);
236
237 return ret ? : sysfs_emit(buf, "%u\n", cnt);
238}
239static DEVICE_ATTR_RO(flash_count);
240
241static struct attribute *m10bmc_security_attrs[] = {
242 &dev_attr_flash_count.attr,
243 &dev_attr_bmc_root_entry_hash.attr,
244 &dev_attr_sr_root_entry_hash.attr,
245 &dev_attr_pr_root_entry_hash.attr,
246 &dev_attr_sr_canceled_csks.attr,
247 &dev_attr_pr_canceled_csks.attr,
248 &dev_attr_bmc_canceled_csks.attr,
249 NULL,
250};
251
252static struct attribute_group m10bmc_security_attr_group = {
253 .name = "security",
254 .attrs = m10bmc_security_attrs,
255};
256
257static const struct attribute_group *m10bmc_sec_attr_groups[] = {
258 &m10bmc_security_attr_group,
259 NULL,
260};
261
262static void log_error_regs(struct m10bmc_sec *sec, u32 doorbell)
263{
264 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
265 u32 auth_result;
266
267 dev_err(sec->dev, "Doorbell: 0x%08x\n", doorbell);
268
269 if (!m10bmc_sys_read(sec->m10bmc, csr_map->auth_result, &auth_result))
270 dev_err(sec->dev, "RSU auth result: 0x%08x\n", auth_result);
271}
272
273static int m10bmc_sec_n3000_rsu_status(struct m10bmc_sec *sec)
274{
275 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
276 u32 doorbell;
277 int ret;
278
279 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
280 if (ret)
281 return ret;
282
283 return FIELD_GET(DRBL_RSU_STATUS, doorbell);
284}
285
286static int m10bmc_sec_n6000_rsu_status(struct m10bmc_sec *sec)
287{
288 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
289 u32 auth_result;
290 int ret;
291
292 ret = m10bmc_sys_read(sec->m10bmc, csr_map->auth_result, &auth_result);
293 if (ret)
294 return ret;
295
296 return FIELD_GET(AUTH_RESULT_RSU_STATUS, auth_result);
297}
298
299static bool rsu_status_ok(u32 status)
300{
301 return (status == RSU_STAT_NORMAL ||
302 status == RSU_STAT_NIOS_OK ||
303 status == RSU_STAT_USER_OK ||
304 status == RSU_STAT_FACTORY_OK);
305}
306
307static bool rsu_progress_done(u32 progress)
308{
309 return (progress == RSU_PROG_IDLE ||
310 progress == RSU_PROG_RSU_DONE);
311}
312
313static bool rsu_progress_busy(u32 progress)
314{
315 return (progress == RSU_PROG_AUTHENTICATING ||
316 progress == RSU_PROG_COPYING ||
317 progress == RSU_PROG_UPDATE_CANCEL ||
318 progress == RSU_PROG_PROGRAM_KEY_HASH);
319}
320
321static int m10bmc_sec_progress_status(struct m10bmc_sec *sec, u32 *doorbell_reg,
322 u32 *progress, u32 *status)
323{
324 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
325 int ret;
326
327 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, doorbell_reg);
328 if (ret)
329 return ret;
330
331 ret = sec->ops->rsu_status(sec);
332 if (ret < 0)
333 return ret;
334
335 *status = ret;
336 *progress = rsu_prog(*doorbell_reg);
337
338 return 0;
339}
340
341static enum fw_upload_err rsu_check_idle(struct m10bmc_sec *sec)
342{
343 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
344 u32 doorbell;
345 int ret;
346
347 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
348 if (ret)
349 return FW_UPLOAD_ERR_RW_ERROR;
350
351 if (!rsu_progress_done(rsu_prog(doorbell))) {
352 log_error_regs(sec, doorbell);
353 return FW_UPLOAD_ERR_BUSY;
354 }
355
356 return FW_UPLOAD_ERR_NONE;
357}
358
359static inline bool rsu_start_done(u32 doorbell_reg, u32 progress, u32 status)
360{
361 if (doorbell_reg & DRBL_RSU_REQUEST)
362 return false;
363
364 if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT)
365 return true;
366
367 if (!rsu_progress_done(progress))
368 return true;
369
370 return false;
371}
372
373static enum fw_upload_err rsu_update_init(struct m10bmc_sec *sec)
374{
375 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
376 u32 doorbell_reg, progress, status;
377 int ret, err;
378
379 ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
380 DRBL_RSU_REQUEST | DRBL_HOST_STATUS,
381 DRBL_RSU_REQUEST |
382 FIELD_PREP(DRBL_HOST_STATUS,
383 HOST_STATUS_IDLE));
384 if (ret)
385 return FW_UPLOAD_ERR_RW_ERROR;
386
387 ret = read_poll_timeout(m10bmc_sec_progress_status, err,
388 err < 0 || rsu_start_done(doorbell_reg, progress, status),
389 NIOS_HANDSHAKE_INTERVAL_US,
390 NIOS_HANDSHAKE_TIMEOUT_US,
391 false,
392 sec, &doorbell_reg, &progress, &status);
393
394 if (ret == -ETIMEDOUT) {
395 log_error_regs(sec, doorbell_reg);
396 return FW_UPLOAD_ERR_TIMEOUT;
397 } else if (err) {
398 return FW_UPLOAD_ERR_RW_ERROR;
399 }
400
401 if (status == RSU_STAT_WEAROUT) {
402 dev_warn(sec->dev, "Excessive flash update count detected\n");
403 return FW_UPLOAD_ERR_WEAROUT;
404 } else if (status == RSU_STAT_ERASE_FAIL) {
405 log_error_regs(sec, doorbell_reg);
406 return FW_UPLOAD_ERR_HW_ERROR;
407 }
408
409 return FW_UPLOAD_ERR_NONE;
410}
411
412static enum fw_upload_err rsu_prog_ready(struct m10bmc_sec *sec)
413{
414 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
415 unsigned long poll_timeout;
416 u32 doorbell, progress;
417 int ret;
418
419 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
420 if (ret)
421 return FW_UPLOAD_ERR_RW_ERROR;
422
423 poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS);
424 while (rsu_prog(doorbell) == RSU_PROG_PREPARE) {
425 msleep(RSU_PREP_INTERVAL_MS);
426 if (time_after(jiffies, poll_timeout))
427 break;
428
429 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
430 if (ret)
431 return FW_UPLOAD_ERR_RW_ERROR;
432 }
433
434 progress = rsu_prog(doorbell);
435 if (progress == RSU_PROG_PREPARE) {
436 log_error_regs(sec, doorbell);
437 return FW_UPLOAD_ERR_TIMEOUT;
438 } else if (progress != RSU_PROG_READY) {
439 log_error_regs(sec, doorbell);
440 return FW_UPLOAD_ERR_HW_ERROR;
441 }
442
443 return FW_UPLOAD_ERR_NONE;
444}
445
446static enum fw_upload_err rsu_send_data(struct m10bmc_sec *sec)
447{
448 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
449 u32 doorbell_reg, status;
450 int ret;
451
452 ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
453 DRBL_HOST_STATUS,
454 FIELD_PREP(DRBL_HOST_STATUS,
455 HOST_STATUS_WRITE_DONE));
456 if (ret)
457 return FW_UPLOAD_ERR_RW_ERROR;
458
459 ret = regmap_read_poll_timeout(sec->m10bmc->regmap,
460 csr_map->base + csr_map->doorbell,
461 doorbell_reg,
462 rsu_prog(doorbell_reg) != RSU_PROG_READY,
463 NIOS_HANDSHAKE_INTERVAL_US,
464 NIOS_HANDSHAKE_TIMEOUT_US);
465
466 if (ret == -ETIMEDOUT) {
467 log_error_regs(sec, doorbell_reg);
468 return FW_UPLOAD_ERR_TIMEOUT;
469 } else if (ret) {
470 return FW_UPLOAD_ERR_RW_ERROR;
471 }
472
473 ret = sec->ops->rsu_status(sec);
474 if (ret < 0)
475 return FW_UPLOAD_ERR_HW_ERROR;
476 status = ret;
477
478 if (!rsu_status_ok(status)) {
479 log_error_regs(sec, doorbell_reg);
480 return FW_UPLOAD_ERR_HW_ERROR;
481 }
482
483 return FW_UPLOAD_ERR_NONE;
484}
485
486static int rsu_check_complete(struct m10bmc_sec *sec, u32 *doorbell_reg)
487{
488 u32 progress, status;
489
490 if (m10bmc_sec_progress_status(sec, doorbell_reg, &progress, &status))
491 return -EIO;
492
493 if (!rsu_status_ok(status))
494 return -EINVAL;
495
496 if (rsu_progress_done(progress))
497 return 0;
498
499 if (rsu_progress_busy(progress))
500 return -EAGAIN;
501
502 return -EINVAL;
503}
504
505static enum fw_upload_err rsu_cancel(struct m10bmc_sec *sec)
506{
507 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
508 u32 doorbell;
509 int ret;
510
511 ret = m10bmc_sys_read(sec->m10bmc, csr_map->doorbell, &doorbell);
512 if (ret)
513 return FW_UPLOAD_ERR_RW_ERROR;
514
515 if (rsu_prog(doorbell) != RSU_PROG_READY)
516 return FW_UPLOAD_ERR_BUSY;
517
518 ret = m10bmc_sys_update_bits(sec->m10bmc, csr_map->doorbell,
519 DRBL_HOST_STATUS,
520 FIELD_PREP(DRBL_HOST_STATUS,
521 HOST_STATUS_ABORT_RSU));
522 if (ret)
523 return FW_UPLOAD_ERR_RW_ERROR;
524
525 return FW_UPLOAD_ERR_CANCELED;
526}
527
528static enum fw_upload_err m10bmc_sec_prepare(struct fw_upload *fwl,
529 const u8 *data, u32 size)
530{
531 struct m10bmc_sec *sec = fwl->dd_handle;
532 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
533 u32 ret;
534
535 sec->cancel_request = false;
536
537 if (!size || size > csr_map->staging_size)
538 return FW_UPLOAD_ERR_INVALID_SIZE;
539
540 if (sec->m10bmc->flash_bulk_ops)
541 if (sec->m10bmc->flash_bulk_ops->lock_write(sec->m10bmc))
542 return FW_UPLOAD_ERR_BUSY;
543
544 ret = rsu_check_idle(sec);
545 if (ret != FW_UPLOAD_ERR_NONE)
546 goto unlock_flash;
547
548 m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_PREPARE);
549
550 ret = rsu_update_init(sec);
551 if (ret != FW_UPLOAD_ERR_NONE)
552 goto fw_state_exit;
553
554 ret = rsu_prog_ready(sec);
555 if (ret != FW_UPLOAD_ERR_NONE)
556 goto fw_state_exit;
557
558 if (sec->cancel_request) {
559 ret = rsu_cancel(sec);
560 goto fw_state_exit;
561 }
562
563 m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_WRITE);
564
565 return FW_UPLOAD_ERR_NONE;
566
567fw_state_exit:
568 m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_NORMAL);
569
570unlock_flash:
571 if (sec->m10bmc->flash_bulk_ops)
572 sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc);
573 return ret;
574}
575
576#define WRITE_BLOCK_SIZE 0x4000 /* Default write-block size is 0x4000 bytes */
577
578static enum fw_upload_err m10bmc_sec_fw_write(struct fw_upload *fwl, const u8 *data,
579 u32 offset, u32 size, u32 *written)
580{
581 struct m10bmc_sec *sec = fwl->dd_handle;
582 const struct m10bmc_csr_map *csr_map = sec->m10bmc->info->csr_map;
583 struct intel_m10bmc *m10bmc = sec->m10bmc;
584 u32 blk_size, doorbell;
585 int ret;
586
587 if (sec->cancel_request)
588 return rsu_cancel(sec);
589
590 ret = m10bmc_sys_read(m10bmc, csr_map->doorbell, &doorbell);
591 if (ret) {
592 return FW_UPLOAD_ERR_RW_ERROR;
593 } else if (rsu_prog(doorbell) != RSU_PROG_READY) {
594 log_error_regs(sec, doorbell);
595 return FW_UPLOAD_ERR_HW_ERROR;
596 }
597
598 WARN_ON_ONCE(WRITE_BLOCK_SIZE % regmap_get_reg_stride(m10bmc->regmap));
599 blk_size = min_t(u32, WRITE_BLOCK_SIZE, size);
600 ret = m10bmc_sec_write(sec, data, offset, blk_size);
601 if (ret)
602 return FW_UPLOAD_ERR_RW_ERROR;
603
604 *written = blk_size;
605 return FW_UPLOAD_ERR_NONE;
606}
607
608static enum fw_upload_err m10bmc_sec_poll_complete(struct fw_upload *fwl)
609{
610 struct m10bmc_sec *sec = fwl->dd_handle;
611 unsigned long poll_timeout;
612 u32 doorbell, result;
613 int ret;
614
615 if (sec->cancel_request)
616 return rsu_cancel(sec);
617
618 m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_SEC_UPDATE_PROGRAM);
619
620 result = rsu_send_data(sec);
621 if (result != FW_UPLOAD_ERR_NONE)
622 return result;
623
624 poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS);
625 do {
626 msleep(RSU_COMPLETE_INTERVAL_MS);
627 ret = rsu_check_complete(sec, &doorbell);
628 } while (ret == -EAGAIN && !time_after(jiffies, poll_timeout));
629
630 if (ret == -EAGAIN) {
631 log_error_regs(sec, doorbell);
632 return FW_UPLOAD_ERR_TIMEOUT;
633 } else if (ret == -EIO) {
634 return FW_UPLOAD_ERR_RW_ERROR;
635 } else if (ret) {
636 log_error_regs(sec, doorbell);
637 return FW_UPLOAD_ERR_HW_ERROR;
638 }
639
640 return FW_UPLOAD_ERR_NONE;
641}
642
643/*
644 * m10bmc_sec_cancel() may be called asynchronously with an on-going update.
645 * All other functions are called sequentially in a single thread. To avoid
646 * contention on register accesses, m10bmc_sec_cancel() must only update
647 * the cancel_request flag. Other functions will check this flag and handle
648 * the cancel request synchronously.
649 */
650static void m10bmc_sec_cancel(struct fw_upload *fwl)
651{
652 struct m10bmc_sec *sec = fwl->dd_handle;
653
654 sec->cancel_request = true;
655}
656
657static void m10bmc_sec_cleanup(struct fw_upload *fwl)
658{
659 struct m10bmc_sec *sec = fwl->dd_handle;
660
661 (void)rsu_cancel(sec);
662
663 m10bmc_fw_state_set(sec->m10bmc, M10BMC_FW_STATE_NORMAL);
664
665 if (sec->m10bmc->flash_bulk_ops)
666 sec->m10bmc->flash_bulk_ops->unlock_write(sec->m10bmc);
667}
668
669static const struct fw_upload_ops m10bmc_ops = {
670 .prepare = m10bmc_sec_prepare,
671 .write = m10bmc_sec_fw_write,
672 .poll_complete = m10bmc_sec_poll_complete,
673 .cancel = m10bmc_sec_cancel,
674 .cleanup = m10bmc_sec_cleanup,
675};
676
677static const struct m10bmc_sec_ops m10sec_n3000_ops = {
678 .rsu_status = m10bmc_sec_n3000_rsu_status,
679};
680
681static const struct m10bmc_sec_ops m10sec_n6000_ops = {
682 .rsu_status = m10bmc_sec_n6000_rsu_status,
683};
684
685#define SEC_UPDATE_LEN_MAX 32
686static int m10bmc_sec_probe(struct platform_device *pdev)
687{
688 char buf[SEC_UPDATE_LEN_MAX];
689 struct m10bmc_sec *sec;
690 struct fw_upload *fwl;
691 unsigned int len;
692 int ret;
693
694 sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL);
695 if (!sec)
696 return -ENOMEM;
697
698 sec->dev = &pdev->dev;
699 sec->m10bmc = dev_get_drvdata(pdev->dev.parent);
700 sec->ops = (struct m10bmc_sec_ops *)platform_get_device_id(pdev)->driver_data;
701 dev_set_drvdata(&pdev->dev, sec);
702
703 ret = xa_alloc(&fw_upload_xa, &sec->fw_name_id, sec,
704 xa_limit_32b, GFP_KERNEL);
705 if (ret)
706 return ret;
707
708 len = scnprintf(buf, SEC_UPDATE_LEN_MAX, "secure-update%d",
709 sec->fw_name_id);
710 sec->fw_name = kmemdup_nul(buf, len, GFP_KERNEL);
711 if (!sec->fw_name) {
712 ret = -ENOMEM;
713 goto fw_name_fail;
714 }
715
716 fwl = firmware_upload_register(THIS_MODULE, sec->dev, sec->fw_name,
717 &m10bmc_ops, sec);
718 if (IS_ERR(fwl)) {
719 dev_err(sec->dev, "Firmware Upload driver failed to start\n");
720 ret = PTR_ERR(fwl);
721 goto fw_uploader_fail;
722 }
723
724 sec->fwl = fwl;
725 return 0;
726
727fw_uploader_fail:
728 kfree(sec->fw_name);
729fw_name_fail:
730 xa_erase(&fw_upload_xa, sec->fw_name_id);
731 return ret;
732}
733
734static void m10bmc_sec_remove(struct platform_device *pdev)
735{
736 struct m10bmc_sec *sec = dev_get_drvdata(&pdev->dev);
737
738 firmware_upload_unregister(sec->fwl);
739 kfree(sec->fw_name);
740 xa_erase(&fw_upload_xa, sec->fw_name_id);
741}
742
743static const struct platform_device_id intel_m10bmc_sec_ids[] = {
744 {
745 .name = "n3000bmc-sec-update",
746 .driver_data = (kernel_ulong_t)&m10sec_n3000_ops,
747 },
748 {
749 .name = "d5005bmc-sec-update",
750 .driver_data = (kernel_ulong_t)&m10sec_n3000_ops,
751 },
752 {
753 .name = "n6000bmc-sec-update",
754 .driver_data = (kernel_ulong_t)&m10sec_n6000_ops,
755 },
756 { }
757};
758MODULE_DEVICE_TABLE(platform, intel_m10bmc_sec_ids);
759
760static struct platform_driver intel_m10bmc_sec_driver = {
761 .probe = m10bmc_sec_probe,
762 .remove = m10bmc_sec_remove,
763 .driver = {
764 .name = "intel-m10bmc-sec-update",
765 .dev_groups = m10bmc_sec_attr_groups,
766 },
767 .id_table = intel_m10bmc_sec_ids,
768};
769module_platform_driver(intel_m10bmc_sec_driver);
770
771MODULE_AUTHOR("Intel Corporation");
772MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update");
773MODULE_LICENSE("GPL");
774MODULE_IMPORT_NS("INTEL_M10_BMC_CORE");
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Intel MAX10 Board Management Controller Secure Update Driver
4 *
5 * Copyright (C) 2019-2022 Intel Corporation. All rights reserved.
6 *
7 */
8#include <linux/bitfield.h>
9#include <linux/device.h>
10#include <linux/firmware.h>
11#include <linux/mfd/intel-m10-bmc.h>
12#include <linux/mod_devicetable.h>
13#include <linux/module.h>
14#include <linux/platform_device.h>
15#include <linux/slab.h>
16
17struct m10bmc_sec {
18 struct device *dev;
19 struct intel_m10bmc *m10bmc;
20 struct fw_upload *fwl;
21 char *fw_name;
22 u32 fw_name_id;
23 bool cancel_request;
24};
25
26static DEFINE_XARRAY_ALLOC(fw_upload_xa);
27
28/* Root Entry Hash (REH) support */
29#define REH_SHA256_SIZE 32
30#define REH_SHA384_SIZE 48
31#define REH_MAGIC GENMASK(15, 0)
32#define REH_SHA_NUM_BYTES GENMASK(31, 16)
33
34static ssize_t
35show_root_entry_hash(struct device *dev, u32 exp_magic,
36 u32 prog_addr, u32 reh_addr, char *buf)
37{
38 struct m10bmc_sec *sec = dev_get_drvdata(dev);
39 int sha_num_bytes, i, ret, cnt = 0;
40 u8 hash[REH_SHA384_SIZE];
41 unsigned int stride;
42 u32 magic;
43
44 stride = regmap_get_reg_stride(sec->m10bmc->regmap);
45 ret = m10bmc_raw_read(sec->m10bmc, prog_addr, &magic);
46 if (ret)
47 return ret;
48
49 if (FIELD_GET(REH_MAGIC, magic) != exp_magic)
50 return sysfs_emit(buf, "hash not programmed\n");
51
52 sha_num_bytes = FIELD_GET(REH_SHA_NUM_BYTES, magic) / 8;
53 if ((sha_num_bytes % stride) ||
54 (sha_num_bytes != REH_SHA256_SIZE &&
55 sha_num_bytes != REH_SHA384_SIZE)) {
56 dev_err(sec->dev, "%s bad sha num bytes %d\n", __func__,
57 sha_num_bytes);
58 return -EINVAL;
59 }
60
61 ret = regmap_bulk_read(sec->m10bmc->regmap, reh_addr,
62 hash, sha_num_bytes / stride);
63 if (ret) {
64 dev_err(dev, "failed to read root entry hash: %x cnt %x: %d\n",
65 reh_addr, sha_num_bytes / stride, ret);
66 return ret;
67 }
68
69 for (i = 0; i < sha_num_bytes; i++)
70 cnt += sprintf(buf + cnt, "%02x", hash[i]);
71 cnt += sprintf(buf + cnt, "\n");
72
73 return cnt;
74}
75
76#define DEVICE_ATTR_SEC_REH_RO(_name, _magic, _prog_addr, _reh_addr) \
77static ssize_t _name##_root_entry_hash_show(struct device *dev, \
78 struct device_attribute *attr, \
79 char *buf) \
80{ return show_root_entry_hash(dev, _magic, _prog_addr, _reh_addr, buf); } \
81static DEVICE_ATTR_RO(_name##_root_entry_hash)
82
83DEVICE_ATTR_SEC_REH_RO(bmc, BMC_PROG_MAGIC, BMC_PROG_ADDR, BMC_REH_ADDR);
84DEVICE_ATTR_SEC_REH_RO(sr, SR_PROG_MAGIC, SR_PROG_ADDR, SR_REH_ADDR);
85DEVICE_ATTR_SEC_REH_RO(pr, PR_PROG_MAGIC, PR_PROG_ADDR, PR_REH_ADDR);
86
87#define CSK_BIT_LEN 128U
88#define CSK_32ARRAY_SIZE DIV_ROUND_UP(CSK_BIT_LEN, 32)
89
90static ssize_t
91show_canceled_csk(struct device *dev, u32 addr, char *buf)
92{
93 unsigned int i, stride, size = CSK_32ARRAY_SIZE * sizeof(u32);
94 struct m10bmc_sec *sec = dev_get_drvdata(dev);
95 DECLARE_BITMAP(csk_map, CSK_BIT_LEN);
96 __le32 csk_le32[CSK_32ARRAY_SIZE];
97 u32 csk32[CSK_32ARRAY_SIZE];
98 int ret;
99
100 stride = regmap_get_reg_stride(sec->m10bmc->regmap);
101 if (size % stride) {
102 dev_err(sec->dev,
103 "CSK vector size (0x%x) not aligned to stride (0x%x)\n",
104 size, stride);
105 WARN_ON_ONCE(1);
106 return -EINVAL;
107 }
108
109 ret = regmap_bulk_read(sec->m10bmc->regmap, addr, csk_le32,
110 size / stride);
111 if (ret) {
112 dev_err(sec->dev, "failed to read CSK vector: %x cnt %x: %d\n",
113 addr, size / stride, ret);
114 return ret;
115 }
116
117 for (i = 0; i < CSK_32ARRAY_SIZE; i++)
118 csk32[i] = le32_to_cpu(((csk_le32[i])));
119
120 bitmap_from_arr32(csk_map, csk32, CSK_BIT_LEN);
121 bitmap_complement(csk_map, csk_map, CSK_BIT_LEN);
122 return bitmap_print_to_pagebuf(1, buf, csk_map, CSK_BIT_LEN);
123}
124
125#define DEVICE_ATTR_SEC_CSK_RO(_name, _addr) \
126static ssize_t _name##_canceled_csks_show(struct device *dev, \
127 struct device_attribute *attr, \
128 char *buf) \
129{ return show_canceled_csk(dev, _addr, buf); } \
130static DEVICE_ATTR_RO(_name##_canceled_csks)
131
132#define CSK_VEC_OFFSET 0x34
133
134DEVICE_ATTR_SEC_CSK_RO(bmc, BMC_PROG_ADDR + CSK_VEC_OFFSET);
135DEVICE_ATTR_SEC_CSK_RO(sr, SR_PROG_ADDR + CSK_VEC_OFFSET);
136DEVICE_ATTR_SEC_CSK_RO(pr, PR_PROG_ADDR + CSK_VEC_OFFSET);
137
138#define FLASH_COUNT_SIZE 4096 /* count stored as inverted bit vector */
139
140static ssize_t flash_count_show(struct device *dev,
141 struct device_attribute *attr, char *buf)
142{
143 struct m10bmc_sec *sec = dev_get_drvdata(dev);
144 unsigned int stride, num_bits;
145 u8 *flash_buf;
146 int cnt, ret;
147
148 stride = regmap_get_reg_stride(sec->m10bmc->regmap);
149 num_bits = FLASH_COUNT_SIZE * 8;
150
151 if (FLASH_COUNT_SIZE % stride) {
152 dev_err(sec->dev,
153 "FLASH_COUNT_SIZE (0x%x) not aligned to stride (0x%x)\n",
154 FLASH_COUNT_SIZE, stride);
155 WARN_ON_ONCE(1);
156 return -EINVAL;
157 }
158
159 flash_buf = kmalloc(FLASH_COUNT_SIZE, GFP_KERNEL);
160 if (!flash_buf)
161 return -ENOMEM;
162
163 ret = regmap_bulk_read(sec->m10bmc->regmap, STAGING_FLASH_COUNT,
164 flash_buf, FLASH_COUNT_SIZE / stride);
165 if (ret) {
166 dev_err(sec->dev,
167 "failed to read flash count: %x cnt %x: %d\n",
168 STAGING_FLASH_COUNT, FLASH_COUNT_SIZE / stride, ret);
169 goto exit_free;
170 }
171 cnt = num_bits - bitmap_weight((unsigned long *)flash_buf, num_bits);
172
173exit_free:
174 kfree(flash_buf);
175
176 return ret ? : sysfs_emit(buf, "%u\n", cnt);
177}
178static DEVICE_ATTR_RO(flash_count);
179
180static struct attribute *m10bmc_security_attrs[] = {
181 &dev_attr_flash_count.attr,
182 &dev_attr_bmc_root_entry_hash.attr,
183 &dev_attr_sr_root_entry_hash.attr,
184 &dev_attr_pr_root_entry_hash.attr,
185 &dev_attr_sr_canceled_csks.attr,
186 &dev_attr_pr_canceled_csks.attr,
187 &dev_attr_bmc_canceled_csks.attr,
188 NULL,
189};
190
191static struct attribute_group m10bmc_security_attr_group = {
192 .name = "security",
193 .attrs = m10bmc_security_attrs,
194};
195
196static const struct attribute_group *m10bmc_sec_attr_groups[] = {
197 &m10bmc_security_attr_group,
198 NULL,
199};
200
201static void log_error_regs(struct m10bmc_sec *sec, u32 doorbell)
202{
203 u32 auth_result;
204
205 dev_err(sec->dev, "RSU error status: 0x%08x\n", doorbell);
206
207 if (!m10bmc_sys_read(sec->m10bmc, M10BMC_AUTH_RESULT, &auth_result))
208 dev_err(sec->dev, "RSU auth result: 0x%08x\n", auth_result);
209}
210
211static enum fw_upload_err rsu_check_idle(struct m10bmc_sec *sec)
212{
213 u32 doorbell;
214 int ret;
215
216 ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell);
217 if (ret)
218 return FW_UPLOAD_ERR_RW_ERROR;
219
220 if (rsu_prog(doorbell) != RSU_PROG_IDLE &&
221 rsu_prog(doorbell) != RSU_PROG_RSU_DONE) {
222 log_error_regs(sec, doorbell);
223 return FW_UPLOAD_ERR_BUSY;
224 }
225
226 return FW_UPLOAD_ERR_NONE;
227}
228
229static inline bool rsu_start_done(u32 doorbell)
230{
231 u32 status, progress;
232
233 if (doorbell & DRBL_RSU_REQUEST)
234 return false;
235
236 status = rsu_stat(doorbell);
237 if (status == RSU_STAT_ERASE_FAIL || status == RSU_STAT_WEAROUT)
238 return true;
239
240 progress = rsu_prog(doorbell);
241 if (progress != RSU_PROG_IDLE && progress != RSU_PROG_RSU_DONE)
242 return true;
243
244 return false;
245}
246
247static enum fw_upload_err rsu_update_init(struct m10bmc_sec *sec)
248{
249 u32 doorbell, status;
250 int ret;
251
252 ret = regmap_update_bits(sec->m10bmc->regmap,
253 M10BMC_SYS_BASE + M10BMC_DOORBELL,
254 DRBL_RSU_REQUEST | DRBL_HOST_STATUS,
255 DRBL_RSU_REQUEST |
256 FIELD_PREP(DRBL_HOST_STATUS,
257 HOST_STATUS_IDLE));
258 if (ret)
259 return FW_UPLOAD_ERR_RW_ERROR;
260
261 ret = regmap_read_poll_timeout(sec->m10bmc->regmap,
262 M10BMC_SYS_BASE + M10BMC_DOORBELL,
263 doorbell,
264 rsu_start_done(doorbell),
265 NIOS_HANDSHAKE_INTERVAL_US,
266 NIOS_HANDSHAKE_TIMEOUT_US);
267
268 if (ret == -ETIMEDOUT) {
269 log_error_regs(sec, doorbell);
270 return FW_UPLOAD_ERR_TIMEOUT;
271 } else if (ret) {
272 return FW_UPLOAD_ERR_RW_ERROR;
273 }
274
275 status = rsu_stat(doorbell);
276 if (status == RSU_STAT_WEAROUT) {
277 dev_warn(sec->dev, "Excessive flash update count detected\n");
278 return FW_UPLOAD_ERR_WEAROUT;
279 } else if (status == RSU_STAT_ERASE_FAIL) {
280 log_error_regs(sec, doorbell);
281 return FW_UPLOAD_ERR_HW_ERROR;
282 }
283
284 return FW_UPLOAD_ERR_NONE;
285}
286
287static enum fw_upload_err rsu_prog_ready(struct m10bmc_sec *sec)
288{
289 unsigned long poll_timeout;
290 u32 doorbell, progress;
291 int ret;
292
293 ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell);
294 if (ret)
295 return FW_UPLOAD_ERR_RW_ERROR;
296
297 poll_timeout = jiffies + msecs_to_jiffies(RSU_PREP_TIMEOUT_MS);
298 while (rsu_prog(doorbell) == RSU_PROG_PREPARE) {
299 msleep(RSU_PREP_INTERVAL_MS);
300 if (time_after(jiffies, poll_timeout))
301 break;
302
303 ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell);
304 if (ret)
305 return FW_UPLOAD_ERR_RW_ERROR;
306 }
307
308 progress = rsu_prog(doorbell);
309 if (progress == RSU_PROG_PREPARE) {
310 log_error_regs(sec, doorbell);
311 return FW_UPLOAD_ERR_TIMEOUT;
312 } else if (progress != RSU_PROG_READY) {
313 log_error_regs(sec, doorbell);
314 return FW_UPLOAD_ERR_HW_ERROR;
315 }
316
317 return FW_UPLOAD_ERR_NONE;
318}
319
320static enum fw_upload_err rsu_send_data(struct m10bmc_sec *sec)
321{
322 u32 doorbell;
323 int ret;
324
325 ret = regmap_update_bits(sec->m10bmc->regmap,
326 M10BMC_SYS_BASE + M10BMC_DOORBELL,
327 DRBL_HOST_STATUS,
328 FIELD_PREP(DRBL_HOST_STATUS,
329 HOST_STATUS_WRITE_DONE));
330 if (ret)
331 return FW_UPLOAD_ERR_RW_ERROR;
332
333 ret = regmap_read_poll_timeout(sec->m10bmc->regmap,
334 M10BMC_SYS_BASE + M10BMC_DOORBELL,
335 doorbell,
336 rsu_prog(doorbell) != RSU_PROG_READY,
337 NIOS_HANDSHAKE_INTERVAL_US,
338 NIOS_HANDSHAKE_TIMEOUT_US);
339
340 if (ret == -ETIMEDOUT) {
341 log_error_regs(sec, doorbell);
342 return FW_UPLOAD_ERR_TIMEOUT;
343 } else if (ret) {
344 return FW_UPLOAD_ERR_RW_ERROR;
345 }
346
347 switch (rsu_stat(doorbell)) {
348 case RSU_STAT_NORMAL:
349 case RSU_STAT_NIOS_OK:
350 case RSU_STAT_USER_OK:
351 case RSU_STAT_FACTORY_OK:
352 break;
353 default:
354 log_error_regs(sec, doorbell);
355 return FW_UPLOAD_ERR_HW_ERROR;
356 }
357
358 return FW_UPLOAD_ERR_NONE;
359}
360
361static int rsu_check_complete(struct m10bmc_sec *sec, u32 *doorbell)
362{
363 if (m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, doorbell))
364 return -EIO;
365
366 switch (rsu_stat(*doorbell)) {
367 case RSU_STAT_NORMAL:
368 case RSU_STAT_NIOS_OK:
369 case RSU_STAT_USER_OK:
370 case RSU_STAT_FACTORY_OK:
371 break;
372 default:
373 return -EINVAL;
374 }
375
376 switch (rsu_prog(*doorbell)) {
377 case RSU_PROG_IDLE:
378 case RSU_PROG_RSU_DONE:
379 return 0;
380 case RSU_PROG_AUTHENTICATING:
381 case RSU_PROG_COPYING:
382 case RSU_PROG_UPDATE_CANCEL:
383 case RSU_PROG_PROGRAM_KEY_HASH:
384 return -EAGAIN;
385 default:
386 return -EINVAL;
387 }
388}
389
390static enum fw_upload_err rsu_cancel(struct m10bmc_sec *sec)
391{
392 u32 doorbell;
393 int ret;
394
395 ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell);
396 if (ret)
397 return FW_UPLOAD_ERR_RW_ERROR;
398
399 if (rsu_prog(doorbell) != RSU_PROG_READY)
400 return FW_UPLOAD_ERR_BUSY;
401
402 ret = regmap_update_bits(sec->m10bmc->regmap,
403 M10BMC_SYS_BASE + M10BMC_DOORBELL,
404 DRBL_HOST_STATUS,
405 FIELD_PREP(DRBL_HOST_STATUS,
406 HOST_STATUS_ABORT_RSU));
407 if (ret)
408 return FW_UPLOAD_ERR_RW_ERROR;
409
410 return FW_UPLOAD_ERR_CANCELED;
411}
412
413static enum fw_upload_err m10bmc_sec_prepare(struct fw_upload *fwl,
414 const u8 *data, u32 size)
415{
416 struct m10bmc_sec *sec = fwl->dd_handle;
417 u32 ret;
418
419 sec->cancel_request = false;
420
421 if (!size || size > M10BMC_STAGING_SIZE)
422 return FW_UPLOAD_ERR_INVALID_SIZE;
423
424 ret = rsu_check_idle(sec);
425 if (ret != FW_UPLOAD_ERR_NONE)
426 return ret;
427
428 ret = rsu_update_init(sec);
429 if (ret != FW_UPLOAD_ERR_NONE)
430 return ret;
431
432 ret = rsu_prog_ready(sec);
433 if (ret != FW_UPLOAD_ERR_NONE)
434 return ret;
435
436 if (sec->cancel_request)
437 return rsu_cancel(sec);
438
439 return FW_UPLOAD_ERR_NONE;
440}
441
442#define WRITE_BLOCK_SIZE 0x4000 /* Default write-block size is 0x4000 bytes */
443
444static enum fw_upload_err m10bmc_sec_write(struct fw_upload *fwl, const u8 *data,
445 u32 offset, u32 size, u32 *written)
446{
447 struct m10bmc_sec *sec = fwl->dd_handle;
448 u32 blk_size, doorbell, extra_offset;
449 unsigned int stride, extra = 0;
450 int ret;
451
452 stride = regmap_get_reg_stride(sec->m10bmc->regmap);
453 if (sec->cancel_request)
454 return rsu_cancel(sec);
455
456 ret = m10bmc_sys_read(sec->m10bmc, M10BMC_DOORBELL, &doorbell);
457 if (ret) {
458 return FW_UPLOAD_ERR_RW_ERROR;
459 } else if (rsu_prog(doorbell) != RSU_PROG_READY) {
460 log_error_regs(sec, doorbell);
461 return FW_UPLOAD_ERR_HW_ERROR;
462 }
463
464 WARN_ON_ONCE(WRITE_BLOCK_SIZE % stride);
465 blk_size = min_t(u32, WRITE_BLOCK_SIZE, size);
466 ret = regmap_bulk_write(sec->m10bmc->regmap,
467 M10BMC_STAGING_BASE + offset,
468 (void *)data + offset,
469 blk_size / stride);
470 if (ret)
471 return FW_UPLOAD_ERR_RW_ERROR;
472
473 /*
474 * If blk_size is not aligned to stride, then handle the extra
475 * bytes with regmap_write.
476 */
477 if (blk_size % stride) {
478 extra_offset = offset + ALIGN_DOWN(blk_size, stride);
479 memcpy(&extra, (u8 *)(data + extra_offset), blk_size % stride);
480 ret = regmap_write(sec->m10bmc->regmap,
481 M10BMC_STAGING_BASE + extra_offset, extra);
482 if (ret)
483 return FW_UPLOAD_ERR_RW_ERROR;
484 }
485
486 *written = blk_size;
487 return FW_UPLOAD_ERR_NONE;
488}
489
490static enum fw_upload_err m10bmc_sec_poll_complete(struct fw_upload *fwl)
491{
492 struct m10bmc_sec *sec = fwl->dd_handle;
493 unsigned long poll_timeout;
494 u32 doorbell, result;
495 int ret;
496
497 if (sec->cancel_request)
498 return rsu_cancel(sec);
499
500 result = rsu_send_data(sec);
501 if (result != FW_UPLOAD_ERR_NONE)
502 return result;
503
504 poll_timeout = jiffies + msecs_to_jiffies(RSU_COMPLETE_TIMEOUT_MS);
505 do {
506 msleep(RSU_COMPLETE_INTERVAL_MS);
507 ret = rsu_check_complete(sec, &doorbell);
508 } while (ret == -EAGAIN && !time_after(jiffies, poll_timeout));
509
510 if (ret == -EAGAIN) {
511 log_error_regs(sec, doorbell);
512 return FW_UPLOAD_ERR_TIMEOUT;
513 } else if (ret == -EIO) {
514 return FW_UPLOAD_ERR_RW_ERROR;
515 } else if (ret) {
516 log_error_regs(sec, doorbell);
517 return FW_UPLOAD_ERR_HW_ERROR;
518 }
519
520 return FW_UPLOAD_ERR_NONE;
521}
522
523/*
524 * m10bmc_sec_cancel() may be called asynchronously with an on-going update.
525 * All other functions are called sequentially in a single thread. To avoid
526 * contention on register accesses, m10bmc_sec_cancel() must only update
527 * the cancel_request flag. Other functions will check this flag and handle
528 * the cancel request synchronously.
529 */
530static void m10bmc_sec_cancel(struct fw_upload *fwl)
531{
532 struct m10bmc_sec *sec = fwl->dd_handle;
533
534 sec->cancel_request = true;
535}
536
537static void m10bmc_sec_cleanup(struct fw_upload *fwl)
538{
539 struct m10bmc_sec *sec = fwl->dd_handle;
540
541 (void)rsu_cancel(sec);
542}
543
544static const struct fw_upload_ops m10bmc_ops = {
545 .prepare = m10bmc_sec_prepare,
546 .write = m10bmc_sec_write,
547 .poll_complete = m10bmc_sec_poll_complete,
548 .cancel = m10bmc_sec_cancel,
549 .cleanup = m10bmc_sec_cleanup,
550};
551
552#define SEC_UPDATE_LEN_MAX 32
553static int m10bmc_sec_probe(struct platform_device *pdev)
554{
555 char buf[SEC_UPDATE_LEN_MAX];
556 struct m10bmc_sec *sec;
557 struct fw_upload *fwl;
558 unsigned int len;
559 int ret;
560
561 sec = devm_kzalloc(&pdev->dev, sizeof(*sec), GFP_KERNEL);
562 if (!sec)
563 return -ENOMEM;
564
565 sec->dev = &pdev->dev;
566 sec->m10bmc = dev_get_drvdata(pdev->dev.parent);
567 dev_set_drvdata(&pdev->dev, sec);
568
569 ret = xa_alloc(&fw_upload_xa, &sec->fw_name_id, sec,
570 xa_limit_32b, GFP_KERNEL);
571 if (ret)
572 return ret;
573
574 len = scnprintf(buf, SEC_UPDATE_LEN_MAX, "secure-update%d",
575 sec->fw_name_id);
576 sec->fw_name = kmemdup_nul(buf, len, GFP_KERNEL);
577 if (!sec->fw_name) {
578 ret = -ENOMEM;
579 goto fw_name_fail;
580 }
581
582 fwl = firmware_upload_register(THIS_MODULE, sec->dev, sec->fw_name,
583 &m10bmc_ops, sec);
584 if (IS_ERR(fwl)) {
585 dev_err(sec->dev, "Firmware Upload driver failed to start\n");
586 ret = PTR_ERR(fwl);
587 goto fw_uploader_fail;
588 }
589
590 sec->fwl = fwl;
591 return 0;
592
593fw_uploader_fail:
594 kfree(sec->fw_name);
595fw_name_fail:
596 xa_erase(&fw_upload_xa, sec->fw_name_id);
597 return ret;
598}
599
600static int m10bmc_sec_remove(struct platform_device *pdev)
601{
602 struct m10bmc_sec *sec = dev_get_drvdata(&pdev->dev);
603
604 firmware_upload_unregister(sec->fwl);
605 kfree(sec->fw_name);
606 xa_erase(&fw_upload_xa, sec->fw_name_id);
607
608 return 0;
609}
610
611static const struct platform_device_id intel_m10bmc_sec_ids[] = {
612 {
613 .name = "n3000bmc-sec-update",
614 },
615 {
616 .name = "d5005bmc-sec-update",
617 },
618 { }
619};
620MODULE_DEVICE_TABLE(platform, intel_m10bmc_sec_ids);
621
622static struct platform_driver intel_m10bmc_sec_driver = {
623 .probe = m10bmc_sec_probe,
624 .remove = m10bmc_sec_remove,
625 .driver = {
626 .name = "intel-m10bmc-sec-update",
627 .dev_groups = m10bmc_sec_attr_groups,
628 },
629 .id_table = intel_m10bmc_sec_ids,
630};
631module_platform_driver(intel_m10bmc_sec_driver);
632
633MODULE_AUTHOR("Intel Corporation");
634MODULE_DESCRIPTION("Intel MAX10 BMC Secure Update");
635MODULE_LICENSE("GPL");