1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Mellanox boot control driver
4 *
5 * This driver provides a sysfs interface for systems management
6 * software to manage reset-time actions.
7 *
8 * Copyright (C) 2019 Mellanox Technologies
9 */
10
11 #include <linux/acpi.h>
12 #include <linux/arm-smccc.h>
13 #include <linux/module.h>
14 #include <linux/platform_device.h>
15
16 #include "mlxbf-bootctl.h"
17
18 #define MLXBF_BOOTCTL_SB_SECURE_MASK 0x03
19 #define MLXBF_BOOTCTL_SB_TEST_MASK 0x0c
20 #define MLXBF_BOOTCTL_SB_DEV_MASK BIT(4)
21
22 #define MLXBF_SB_KEY_NUM 4
23
24 /* UUID used to probe ATF service. */
25 static const char *mlxbf_bootctl_svc_uuid_str =
26 "89c036b4-e7d7-11e6-8797-001aca00bfc4";
27
28 struct mlxbf_bootctl_name {
29 u32 value;
30 const char *name;
31 };
32
33 static struct mlxbf_bootctl_name boot_names[] = {
34 { MLXBF_BOOTCTL_EXTERNAL, "external" },
35 { MLXBF_BOOTCTL_EMMC, "emmc" },
36 { MLNX_BOOTCTL_SWAP_EMMC, "swap_emmc" },
37 { MLXBF_BOOTCTL_EMMC_LEGACY, "emmc_legacy" },
38 { MLXBF_BOOTCTL_NONE, "none" },
39 };
40
41 enum {
42 MLXBF_BOOTCTL_SB_LIFECYCLE_PRODUCTION = 0,
43 MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE = 1,
44 MLXBF_BOOTCTL_SB_LIFECYCLE_GA_NON_SECURE = 2,
45 MLXBF_BOOTCTL_SB_LIFECYCLE_RMA = 3
46 };
47
48 static const char * const mlxbf_bootctl_lifecycle_states[] = {
49 [MLXBF_BOOTCTL_SB_LIFECYCLE_PRODUCTION] = "Production",
50 [MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE] = "GA Secured",
51 [MLXBF_BOOTCTL_SB_LIFECYCLE_GA_NON_SECURE] = "GA Non-Secured",
52 [MLXBF_BOOTCTL_SB_LIFECYCLE_RMA] = "RMA",
53 };
54
55 /* ARM SMC call which is atomic and no need for lock. */
mlxbf_bootctl_smc(unsigned int smc_op, int smc_arg)56 static int mlxbf_bootctl_smc(unsigned int smc_op, int smc_arg)
57 {
58 struct arm_smccc_res res;
59
60 arm_smccc_smc(smc_op, smc_arg, 0, 0, 0, 0, 0, 0, &res);
61
62 return res.a0;
63 }
64
65 /* Return the action in integer or an error code. */
mlxbf_bootctl_reset_action_to_val(const char *action)66 static int mlxbf_bootctl_reset_action_to_val(const char *action)
67 {
68 int i;
69
70 for (i = 0; i < ARRAY_SIZE(boot_names); i++)
71 if (sysfs_streq(boot_names[i].name, action))
72 return boot_names[i].value;
73
74 return -EINVAL;
75 }
76
77 /* Return the action in string. */
mlxbf_bootctl_action_to_string(int action)78 static const char *mlxbf_bootctl_action_to_string(int action)
79 {
80 int i;
81
82 for (i = 0; i < ARRAY_SIZE(boot_names); i++)
83 if (boot_names[i].value == action)
84 return boot_names[i].name;
85
86 return "invalid action";
87 }
88
post_reset_wdog_show(struct device *dev, struct device_attribute *attr, char *buf)89 static ssize_t post_reset_wdog_show(struct device *dev,
90 struct device_attribute *attr, char *buf)
91 {
92 int ret;
93
94 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_POST_RESET_WDOG, 0);
95 if (ret < 0)
96 return ret;
97
98 return sprintf(buf, "%d\n", ret);
99 }
100
post_reset_wdog_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)101 static ssize_t post_reset_wdog_store(struct device *dev,
102 struct device_attribute *attr,
103 const char *buf, size_t count)
104 {
105 unsigned long value;
106 int ret;
107
108 ret = kstrtoul(buf, 10, &value);
109 if (ret)
110 return ret;
111
112 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_POST_RESET_WDOG, value);
113 if (ret < 0)
114 return ret;
115
116 return count;
117 }
118
mlxbf_bootctl_show(int smc_op, char *buf)119 static ssize_t mlxbf_bootctl_show(int smc_op, char *buf)
120 {
121 int action;
122
123 action = mlxbf_bootctl_smc(smc_op, 0);
124 if (action < 0)
125 return action;
126
127 return sprintf(buf, "%s\n", mlxbf_bootctl_action_to_string(action));
128 }
129
mlxbf_bootctl_store(int smc_op, const char *buf, size_t count)130 static int mlxbf_bootctl_store(int smc_op, const char *buf, size_t count)
131 {
132 int ret, action;
133
134 action = mlxbf_bootctl_reset_action_to_val(buf);
135 if (action < 0)
136 return action;
137
138 ret = mlxbf_bootctl_smc(smc_op, action);
139 if (ret < 0)
140 return ret;
141
142 return count;
143 }
144
reset_action_show(struct device *dev, struct device_attribute *attr, char *buf)145 static ssize_t reset_action_show(struct device *dev,
146 struct device_attribute *attr, char *buf)
147 {
148 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_RESET_ACTION, buf);
149 }
150
reset_action_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)151 static ssize_t reset_action_store(struct device *dev,
152 struct device_attribute *attr,
153 const char *buf, size_t count)
154 {
155 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_RESET_ACTION, buf, count);
156 }
157
second_reset_action_show(struct device *dev, struct device_attribute *attr, char *buf)158 static ssize_t second_reset_action_show(struct device *dev,
159 struct device_attribute *attr,
160 char *buf)
161 {
162 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_SECOND_RESET_ACTION, buf);
163 }
164
second_reset_action_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)165 static ssize_t second_reset_action_store(struct device *dev,
166 struct device_attribute *attr,
167 const char *buf, size_t count)
168 {
169 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_SECOND_RESET_ACTION, buf,
170 count);
171 }
172
lifecycle_state_show(struct device *dev, struct device_attribute *attr, char *buf)173 static ssize_t lifecycle_state_show(struct device *dev,
174 struct device_attribute *attr, char *buf)
175 {
176 int status_bits;
177 int use_dev_key;
178 int test_state;
179 int lc_state;
180
181 status_bits = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS,
182 MLXBF_BOOTCTL_FUSE_STATUS_LIFECYCLE);
183 if (status_bits < 0)
184 return status_bits;
185
186 use_dev_key = status_bits & MLXBF_BOOTCTL_SB_DEV_MASK;
187 test_state = status_bits & MLXBF_BOOTCTL_SB_TEST_MASK;
188 lc_state = status_bits & MLXBF_BOOTCTL_SB_SECURE_MASK;
189
190 /*
191 * If the test bits are set, we specify that the current state may be
192 * due to using the test bits.
193 */
194 if (test_state) {
195 return sprintf(buf, "%s(test)\n",
196 mlxbf_bootctl_lifecycle_states[lc_state]);
197 } else if (use_dev_key &&
198 (lc_state == MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE)) {
199 return sprintf(buf, "Secured (development)\n");
200 }
201
202 return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]);
203 }
204
secure_boot_fuse_state_show(struct device *dev, struct device_attribute *attr, char *buf)205 static ssize_t secure_boot_fuse_state_show(struct device *dev,
206 struct device_attribute *attr,
207 char *buf)
208 {
209 int burnt, valid, key, key_state, buf_len = 0, upper_key_used = 0;
210 const char *status;
211
212 key_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS,
213 MLXBF_BOOTCTL_FUSE_STATUS_KEYS);
214 if (key_state < 0)
215 return key_state;
216
217 /*
218 * key_state contains the bits for 4 Key versions, loaded from eFuses
219 * after a hard reset. Lower 4 bits are a thermometer code indicating
220 * key programming has started for key n (0000 = none, 0001 = version 0,
221 * 0011 = version 1, 0111 = version 2, 1111 = version 3). Upper 4 bits
222 * are a thermometer code indicating key programming has completed for
223 * key n (same encodings as the start bits). This allows for detection
224 * of an interruption in the progamming process which has left the key
225 * partially programmed (and thus invalid). The process is to burn the
226 * eFuse for the new key start bit, burn the key eFuses, then burn the
227 * eFuse for the new key complete bit.
228 *
229 * For example 0000_0000: no key valid, 0001_0001: key version 0 valid,
230 * 0011_0011: key 1 version valid, 0011_0111: key version 2 started
231 * programming but did not complete, etc. The most recent key for which
232 * both start and complete bit is set is loaded. On soft reset, this
233 * register is not modified.
234 */
235 for (key = MLXBF_SB_KEY_NUM - 1; key >= 0; key--) {
236 burnt = key_state & BIT(key);
237 valid = key_state & BIT(key + MLXBF_SB_KEY_NUM);
238
239 if (burnt && valid)
240 upper_key_used = 1;
241
242 if (upper_key_used) {
243 if (burnt)
244 status = valid ? "Used" : "Wasted";
245 else
246 status = valid ? "Invalid" : "Skipped";
247 } else {
248 if (burnt)
249 status = valid ? "InUse" : "Incomplete";
250 else
251 status = valid ? "Invalid" : "Free";
252 }
253 buf_len += sprintf(buf + buf_len, "%d:%s ", key, status);
254 }
255 buf_len += sprintf(buf + buf_len, "\n");
256
257 return buf_len;
258 }
259
260 static DEVICE_ATTR_RW(post_reset_wdog);
261 static DEVICE_ATTR_RW(reset_action);
262 static DEVICE_ATTR_RW(second_reset_action);
263 static DEVICE_ATTR_RO(lifecycle_state);
264 static DEVICE_ATTR_RO(secure_boot_fuse_state);
265
266 static struct attribute *mlxbf_bootctl_attrs[] = {
267 &dev_attr_post_reset_wdog.attr,
268 &dev_attr_reset_action.attr,
269 &dev_attr_second_reset_action.attr,
270 &dev_attr_lifecycle_state.attr,
271 &dev_attr_secure_boot_fuse_state.attr,
272 NULL
273 };
274
275 ATTRIBUTE_GROUPS(mlxbf_bootctl);
276
277 static const struct acpi_device_id mlxbf_bootctl_acpi_ids[] = {
278 {"MLNXBF04", 0},
279 {}
280 };
281
282 MODULE_DEVICE_TABLE(acpi, mlxbf_bootctl_acpi_ids);
283
mlxbf_bootctl_guid_match(const guid_t *guid, const struct arm_smccc_res *res)284 static bool mlxbf_bootctl_guid_match(const guid_t *guid,
285 const struct arm_smccc_res *res)
286 {
287 guid_t id = GUID_INIT(res->a0, res->a1, res->a1 >> 16,
288 res->a2, res->a2 >> 8, res->a2 >> 16,
289 res->a2 >> 24, res->a3, res->a3 >> 8,
290 res->a3 >> 16, res->a3 >> 24);
291
292 return guid_equal(guid, &id);
293 }
294
mlxbf_bootctl_probe(struct platform_device *pdev)295 static int mlxbf_bootctl_probe(struct platform_device *pdev)
296 {
297 struct arm_smccc_res res = { 0 };
298 guid_t guid;
299 int ret;
300
301 /* Ensure we have the UUID we expect for this service. */
302 arm_smccc_smc(MLXBF_BOOTCTL_SIP_SVC_UID, 0, 0, 0, 0, 0, 0, 0, &res);
303 guid_parse(mlxbf_bootctl_svc_uuid_str, &guid);
304 if (!mlxbf_bootctl_guid_match(&guid, &res))
305 return -ENODEV;
306
307 /*
308 * When watchdog is used, it sets boot mode to MLXBF_BOOTCTL_SWAP_EMMC
309 * in case of boot failures. However it doesn't clear the state if there
310 * is no failure. Restore the default boot mode here to avoid any
311 * unnecessary boot partition swapping.
312 */
313 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_RESET_ACTION,
314 MLXBF_BOOTCTL_EMMC);
315 if (ret < 0)
316 dev_warn(&pdev->dev, "Unable to reset the EMMC boot mode\n");
317
318 return 0;
319 }
320
321 static struct platform_driver mlxbf_bootctl_driver = {
322 .probe = mlxbf_bootctl_probe,
323 .driver = {
324 .name = "mlxbf-bootctl",
325 .dev_groups = mlxbf_bootctl_groups,
326 .acpi_match_table = mlxbf_bootctl_acpi_ids,
327 }
328 };
329
330 module_platform_driver(mlxbf_bootctl_driver);
331
332 MODULE_DESCRIPTION("Mellanox boot control driver");
333 MODULE_LICENSE("GPL v2");
334 MODULE_AUTHOR("Mellanox Technologies");
335