qemu-e2k/hw/nvram/npcm7xx_otp.c
Havard Skinnemoen c752bb079b hw/nvram: NPCM7xx OTP device model
This supports reading and writing OTP fuses and keys. Only fuse reading
has been tested. Protection is not implemented.

Reviewed-by: Avi Fishman <avi.fishman@nuvoton.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-id: 20200911052101.2602693-9-hskinnemoen@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-09-14 14:24:59 +01:00

441 lines
13 KiB
C

/*
* Nuvoton NPCM7xx OTP (Fuse Array) Interface
*
* Copyright 2020 Google LLC
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "qemu/osdep.h"
#include "hw/nvram/npcm7xx_otp.h"
#include "migration/vmstate.h"
#include "qapi/error.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qemu/units.h"
/* Each module has 4 KiB of register space. Only a fraction of it is used. */
#define NPCM7XX_OTP_REGS_SIZE (4 * KiB)
/* 32-bit register indices. */
typedef enum NPCM7xxOTPRegister {
NPCM7XX_OTP_FST,
NPCM7XX_OTP_FADDR,
NPCM7XX_OTP_FDATA,
NPCM7XX_OTP_FCFG,
/* Offset 0x10 is FKEYIND in OTP1, FUSTRAP in OTP2 */
NPCM7XX_OTP_FKEYIND = 0x0010 / sizeof(uint32_t),
NPCM7XX_OTP_FUSTRAP = 0x0010 / sizeof(uint32_t),
NPCM7XX_OTP_FCTL,
NPCM7XX_OTP_REGS_END,
} NPCM7xxOTPRegister;
/* Register field definitions. */
#define FST_RIEN BIT(2)
#define FST_RDST BIT(1)
#define FST_RDY BIT(0)
#define FST_RO_MASK (FST_RDST | FST_RDY)
#define FADDR_BYTEADDR(rv) extract32((rv), 0, 10)
#define FADDR_BITPOS(rv) extract32((rv), 10, 3)
#define FDATA_CLEAR 0x00000001
#define FCFG_FDIS BIT(31)
#define FCFG_FCFGLK_MASK 0x00ff0000
#define FCTL_PROG_CMD1 0x00000001
#define FCTL_PROG_CMD2 0xbf79e5d0
#define FCTL_READ_CMD 0x00000002
/**
* struct NPCM7xxOTPClass - OTP module class.
* @parent: System bus device class.
* @mmio_ops: MMIO register operations for this type of module.
*
* The two OTP modules (key-storage and fuse-array) have slightly different
* behavior, so we give them different MMIO register operations.
*/
struct NPCM7xxOTPClass {
SysBusDeviceClass parent;
const MemoryRegionOps *mmio_ops;
};
#define NPCM7XX_OTP_CLASS(klass) \
OBJECT_CLASS_CHECK(NPCM7xxOTPClass, (klass), TYPE_NPCM7XX_OTP)
#define NPCM7XX_OTP_GET_CLASS(obj) \
OBJECT_GET_CLASS(NPCM7xxOTPClass, (obj), TYPE_NPCM7XX_OTP)
static uint8_t ecc_encode_nibble(uint8_t n)
{
uint8_t result = n;
result |= (((n >> 0) & 1) ^ ((n >> 1) & 1)) << 4;
result |= (((n >> 2) & 1) ^ ((n >> 3) & 1)) << 5;
result |= (((n >> 0) & 1) ^ ((n >> 2) & 1)) << 6;
result |= (((n >> 1) & 1) ^ ((n >> 3) & 1)) << 7;
return result;
}
void npcm7xx_otp_array_write(NPCM7xxOTPState *s, const void *data,
unsigned int offset, unsigned int len)
{
const uint8_t *src = data;
uint8_t *dst = &s->array[offset];
while (len-- > 0) {
uint8_t c = *src++;
*dst++ = ecc_encode_nibble(extract8(c, 0, 4));
*dst++ = ecc_encode_nibble(extract8(c, 4, 4));
}
}
/* Common register read handler for both OTP classes. */
static uint64_t npcm7xx_otp_read(NPCM7xxOTPState *s, NPCM7xxOTPRegister reg)
{
uint32_t value = 0;
switch (reg) {
case NPCM7XX_OTP_FST:
case NPCM7XX_OTP_FADDR:
case NPCM7XX_OTP_FDATA:
case NPCM7XX_OTP_FCFG:
value = s->regs[reg];
break;
case NPCM7XX_OTP_FCTL:
qemu_log_mask(LOG_GUEST_ERROR,
"%s: read from write-only FCTL register\n",
DEVICE(s)->canonical_path);
break;
default:
qemu_log_mask(LOG_GUEST_ERROR, "%s: read from invalid offset 0x%zx\n",
DEVICE(s)->canonical_path, reg * sizeof(uint32_t));
break;
}
return value;
}
/* Read a byte from the OTP array into the data register. */
static void npcm7xx_otp_read_array(NPCM7xxOTPState *s)
{
uint32_t faddr = s->regs[NPCM7XX_OTP_FADDR];
s->regs[NPCM7XX_OTP_FDATA] = s->array[FADDR_BYTEADDR(faddr)];
s->regs[NPCM7XX_OTP_FST] |= FST_RDST | FST_RDY;
}
/* Program a byte from the data register into the OTP array. */
static void npcm7xx_otp_program_array(NPCM7xxOTPState *s)
{
uint32_t faddr = s->regs[NPCM7XX_OTP_FADDR];
/* Bits can only go 0->1, never 1->0. */
s->array[FADDR_BYTEADDR(faddr)] |= (1U << FADDR_BITPOS(faddr));
s->regs[NPCM7XX_OTP_FST] |= FST_RDST | FST_RDY;
}
/* Compute the next value of the FCFG register. */
static uint32_t npcm7xx_otp_compute_fcfg(uint32_t cur_value, uint32_t new_value)
{
uint32_t lock_mask;
uint32_t value;
/*
* FCFGLK holds sticky bits 16..23, indicating which bits in FPRGLK (8..15)
* and FRDLK (0..7) that are read-only.
*/
lock_mask = (cur_value & FCFG_FCFGLK_MASK) >> 8;
lock_mask |= lock_mask >> 8;
/* FDIS and FCFGLK bits are sticky (write 1 to set; can't clear). */
value = cur_value & (FCFG_FDIS | FCFG_FCFGLK_MASK);
/* Preserve read-only bits in FPRGLK and FRDLK */
value |= cur_value & lock_mask;
/* Set all bits that aren't read-only. */
value |= new_value & ~lock_mask;
return value;
}
/* Common register write handler for both OTP classes. */
static void npcm7xx_otp_write(NPCM7xxOTPState *s, NPCM7xxOTPRegister reg,
uint32_t value)
{
switch (reg) {
case NPCM7XX_OTP_FST:
/* RDST is cleared by writing 1 to it. */
if (value & FST_RDST) {
s->regs[NPCM7XX_OTP_FST] &= ~FST_RDST;
}
/* Preserve read-only and write-one-to-clear bits */
value &= ~FST_RO_MASK;
value |= s->regs[NPCM7XX_OTP_FST] & FST_RO_MASK;
break;
case NPCM7XX_OTP_FADDR:
break;
case NPCM7XX_OTP_FDATA:
/*
* This register is cleared by writing a magic value to it; no other
* values can be written.
*/
if (value == FDATA_CLEAR) {
value = 0;
} else {
value = s->regs[NPCM7XX_OTP_FDATA];
}
break;
case NPCM7XX_OTP_FCFG:
value = npcm7xx_otp_compute_fcfg(s->regs[NPCM7XX_OTP_FCFG], value);
break;
case NPCM7XX_OTP_FCTL:
switch (value) {
case FCTL_READ_CMD:
npcm7xx_otp_read_array(s);
break;
case FCTL_PROG_CMD1:
/*
* Programming requires writing two separate magic values to this
* register; this is the first one. Just store it so it can be
* verified later when the second magic value is received.
*/
break;
case FCTL_PROG_CMD2:
/*
* Only initiate programming if we received the first half of the
* command immediately before this one.
*/
if (s->regs[NPCM7XX_OTP_FCTL] == FCTL_PROG_CMD1) {
npcm7xx_otp_program_array(s);
}
break;
default:
qemu_log_mask(LOG_GUEST_ERROR,
"%s: unrecognized FCNTL value 0x%" PRIx32 "\n",
DEVICE(s)->canonical_path, value);
break;
}
if (value != FCTL_PROG_CMD1) {
value = 0;
}
break;
default:
qemu_log_mask(LOG_GUEST_ERROR, "%s: write to invalid offset 0x%zx\n",
DEVICE(s)->canonical_path, reg * sizeof(uint32_t));
return;
}
s->regs[reg] = value;
}
/* Register read handler specific to the fuse array OTP module. */
static uint64_t npcm7xx_fuse_array_read(void *opaque, hwaddr addr,
unsigned int size)
{
NPCM7xxOTPRegister reg = addr / sizeof(uint32_t);
NPCM7xxOTPState *s = opaque;
uint32_t value;
/*
* Only the Fuse Strap register needs special handling; all other registers
* work the same way for both kinds of OTP modules.
*/
if (reg != NPCM7XX_OTP_FUSTRAP) {
value = npcm7xx_otp_read(s, reg);
} else {
/* FUSTRAP is stored as three copies in the OTP array. */
uint32_t fustrap[3];
memcpy(fustrap, &s->array[0], sizeof(fustrap));
/* Determine value by a majority vote on each bit. */
value = (fustrap[0] & fustrap[1]) | (fustrap[0] & fustrap[2]) |
(fustrap[1] & fustrap[2]);
}
return value;
}
/* Register write handler specific to the fuse array OTP module. */
static void npcm7xx_fuse_array_write(void *opaque, hwaddr addr, uint64_t v,
unsigned int size)
{
NPCM7xxOTPRegister reg = addr / sizeof(uint32_t);
NPCM7xxOTPState *s = opaque;
/*
* The Fuse Strap register is read-only. Other registers are handled by
* common code.
*/
if (reg != NPCM7XX_OTP_FUSTRAP) {
npcm7xx_otp_write(s, reg, v);
}
}
static const MemoryRegionOps npcm7xx_fuse_array_ops = {
.read = npcm7xx_fuse_array_read,
.write = npcm7xx_fuse_array_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
.min_access_size = 4,
.max_access_size = 4,
.unaligned = false,
},
};
/* Register read handler specific to the key storage OTP module. */
static uint64_t npcm7xx_key_storage_read(void *opaque, hwaddr addr,
unsigned int size)
{
NPCM7xxOTPRegister reg = addr / sizeof(uint32_t);
NPCM7xxOTPState *s = opaque;
/*
* Only the Fuse Key Index register needs special handling; all other
* registers work the same way for both kinds of OTP modules.
*/
if (reg != NPCM7XX_OTP_FKEYIND) {
return npcm7xx_otp_read(s, reg);
}
qemu_log_mask(LOG_UNIMP, "%s: FKEYIND is not implemented\n", __func__);
return s->regs[NPCM7XX_OTP_FKEYIND];
}
/* Register write handler specific to the key storage OTP module. */
static void npcm7xx_key_storage_write(void *opaque, hwaddr addr, uint64_t v,
unsigned int size)
{
NPCM7xxOTPRegister reg = addr / sizeof(uint32_t);
NPCM7xxOTPState *s = opaque;
/*
* Only the Fuse Key Index register needs special handling; all other
* registers work the same way for both kinds of OTP modules.
*/
if (reg != NPCM7XX_OTP_FKEYIND) {
npcm7xx_otp_write(s, reg, v);
return;
}
qemu_log_mask(LOG_UNIMP, "%s: FKEYIND is not implemented\n", __func__);
s->regs[NPCM7XX_OTP_FKEYIND] = v;
}
static const MemoryRegionOps npcm7xx_key_storage_ops = {
.read = npcm7xx_key_storage_read,
.write = npcm7xx_key_storage_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
.min_access_size = 4,
.max_access_size = 4,
.unaligned = false,
},
};
static void npcm7xx_otp_enter_reset(Object *obj, ResetType type)
{
NPCM7xxOTPState *s = NPCM7XX_OTP(obj);
memset(s->regs, 0, sizeof(s->regs));
s->regs[NPCM7XX_OTP_FST] = 0x00000001;
s->regs[NPCM7XX_OTP_FCFG] = 0x20000000;
}
static void npcm7xx_otp_realize(DeviceState *dev, Error **errp)
{
NPCM7xxOTPClass *oc = NPCM7XX_OTP_GET_CLASS(dev);
NPCM7xxOTPState *s = NPCM7XX_OTP(dev);
SysBusDevice *sbd = &s->parent;
memset(s->array, 0, sizeof(s->array));
memory_region_init_io(&s->mmio, OBJECT(s), oc->mmio_ops, s, "regs",
NPCM7XX_OTP_REGS_SIZE);
sysbus_init_mmio(sbd, &s->mmio);
}
static const VMStateDescription vmstate_npcm7xx_otp = {
.name = "npcm7xx-otp",
.version_id = 0,
.minimum_version_id = 0,
.fields = (VMStateField[]) {
VMSTATE_UINT32_ARRAY(regs, NPCM7xxOTPState, NPCM7XX_OTP_NR_REGS),
VMSTATE_UINT8_ARRAY(array, NPCM7xxOTPState, NPCM7XX_OTP_ARRAY_BYTES),
VMSTATE_END_OF_LIST(),
},
};
static void npcm7xx_otp_class_init(ObjectClass *klass, void *data)
{
ResettableClass *rc = RESETTABLE_CLASS(klass);
DeviceClass *dc = DEVICE_CLASS(klass);
QEMU_BUILD_BUG_ON(NPCM7XX_OTP_REGS_END > NPCM7XX_OTP_NR_REGS);
dc->realize = npcm7xx_otp_realize;
dc->vmsd = &vmstate_npcm7xx_otp;
rc->phases.enter = npcm7xx_otp_enter_reset;
}
static void npcm7xx_key_storage_class_init(ObjectClass *klass, void *data)
{
NPCM7xxOTPClass *oc = NPCM7XX_OTP_CLASS(klass);
oc->mmio_ops = &npcm7xx_key_storage_ops;
}
static void npcm7xx_fuse_array_class_init(ObjectClass *klass, void *data)
{
NPCM7xxOTPClass *oc = NPCM7XX_OTP_CLASS(klass);
oc->mmio_ops = &npcm7xx_fuse_array_ops;
}
static const TypeInfo npcm7xx_otp_types[] = {
{
.name = TYPE_NPCM7XX_OTP,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(NPCM7xxOTPState),
.class_size = sizeof(NPCM7xxOTPClass),
.class_init = npcm7xx_otp_class_init,
.abstract = true,
},
{
.name = TYPE_NPCM7XX_KEY_STORAGE,
.parent = TYPE_NPCM7XX_OTP,
.class_init = npcm7xx_key_storage_class_init,
},
{
.name = TYPE_NPCM7XX_FUSE_ARRAY,
.parent = TYPE_NPCM7XX_OTP,
.class_init = npcm7xx_fuse_array_class_init,
},
};
DEFINE_TYPES(npcm7xx_otp_types);