1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Mellanox boot control driver
4 *
5 * This driver provides a sysfs interface for systems management
6 * software to manage reset-time actions.
7 *
8 * Copyright (C) 2019 Mellanox Technologies
9 */
10
11#include <linux/acpi.h>
12#include <linux/arm-smccc.h>
13#include <linux/module.h>
14#include <linux/platform_device.h>
15
16#include "mlxbf-bootctl.h"
17
18#define MLXBF_BOOTCTL_SB_SECURE_MASK		0x03
19#define MLXBF_BOOTCTL_SB_TEST_MASK		0x0c
20#define MLXBF_BOOTCTL_SB_DEV_MASK		BIT(4)
21
22#define MLXBF_SB_KEY_NUM			4
23
24/* UUID used to probe ATF service. */
25static const char *mlxbf_bootctl_svc_uuid_str =
26	"89c036b4-e7d7-11e6-8797-001aca00bfc4";
27
28struct mlxbf_bootctl_name {
29	u32 value;
30	const char *name;
31};
32
33static struct mlxbf_bootctl_name boot_names[] = {
34	{ MLXBF_BOOTCTL_EXTERNAL, "external" },
35	{ MLXBF_BOOTCTL_EMMC, "emmc" },
36	{ MLNX_BOOTCTL_SWAP_EMMC, "swap_emmc" },
37	{ MLXBF_BOOTCTL_EMMC_LEGACY, "emmc_legacy" },
38	{ MLXBF_BOOTCTL_NONE, "none" },
39};
40
41enum {
42	MLXBF_BOOTCTL_SB_LIFECYCLE_PRODUCTION = 0,
43	MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE = 1,
44	MLXBF_BOOTCTL_SB_LIFECYCLE_GA_NON_SECURE = 2,
45	MLXBF_BOOTCTL_SB_LIFECYCLE_RMA = 3
46};
47
48static const char * const mlxbf_bootctl_lifecycle_states[] = {
49	[MLXBF_BOOTCTL_SB_LIFECYCLE_PRODUCTION] = "Production",
50	[MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE] = "GA Secured",
51	[MLXBF_BOOTCTL_SB_LIFECYCLE_GA_NON_SECURE] = "GA Non-Secured",
52	[MLXBF_BOOTCTL_SB_LIFECYCLE_RMA] = "RMA",
53};
54
55/* ARM SMC call which is atomic and no need for lock. */
56static int mlxbf_bootctl_smc(unsigned int smc_op, int smc_arg)
57{
58	struct arm_smccc_res res;
59
60	arm_smccc_smc(smc_op, smc_arg, 0, 0, 0, 0, 0, 0, &res);
61
62	return res.a0;
63}
64
65/* Return the action in integer or an error code. */
66static int mlxbf_bootctl_reset_action_to_val(const char *action)
67{
68	int i;
69
70	for (i = 0; i < ARRAY_SIZE(boot_names); i++)
71		if (sysfs_streq(boot_names[i].name, action))
72			return boot_names[i].value;
73
74	return -EINVAL;
75}
76
77/* Return the action in string. */
78static const char *mlxbf_bootctl_action_to_string(int action)
79{
80	int i;
81
82	for (i = 0; i < ARRAY_SIZE(boot_names); i++)
83		if (boot_names[i].value == action)
84			return boot_names[i].name;
85
86	return "invalid action";
87}
88
89static ssize_t post_reset_wdog_show(struct device *dev,
90				    struct device_attribute *attr, char *buf)
91{
92	int ret;
93
94	ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_POST_RESET_WDOG, 0);
95	if (ret < 0)
96		return ret;
97
98	return sprintf(buf, "%d\n", ret);
99}
100
101static ssize_t post_reset_wdog_store(struct device *dev,
102				     struct device_attribute *attr,
103				     const char *buf, size_t count)
104{
105	unsigned long value;
106	int ret;
107
108	ret = kstrtoul(buf, 10, &value);
109	if (ret)
110		return ret;
111
112	ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_POST_RESET_WDOG, value);
113	if (ret < 0)
114		return ret;
115
116	return count;
117}
118
119static ssize_t mlxbf_bootctl_show(int smc_op, char *buf)
120{
121	int action;
122
123	action = mlxbf_bootctl_smc(smc_op, 0);
124	if (action < 0)
125		return action;
126
127	return sprintf(buf, "%s\n", mlxbf_bootctl_action_to_string(action));
128}
129
130static int mlxbf_bootctl_store(int smc_op, const char *buf, size_t count)
131{
132	int ret, action;
133
134	action = mlxbf_bootctl_reset_action_to_val(buf);
135	if (action < 0)
136		return action;
137
138	ret = mlxbf_bootctl_smc(smc_op, action);
139	if (ret < 0)
140		return ret;
141
142	return count;
143}
144
145static ssize_t reset_action_show(struct device *dev,
146				 struct device_attribute *attr, char *buf)
147{
148	return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_RESET_ACTION, buf);
149}
150
151static ssize_t reset_action_store(struct device *dev,
152				  struct device_attribute *attr,
153				  const char *buf, size_t count)
154{
155	return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_RESET_ACTION, buf, count);
156}
157
158static ssize_t second_reset_action_show(struct device *dev,
159					struct device_attribute *attr,
160					char *buf)
161{
162	return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_SECOND_RESET_ACTION, buf);
163}
164
165static ssize_t second_reset_action_store(struct device *dev,
166					 struct device_attribute *attr,
167					 const char *buf, size_t count)
168{
169	return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_SECOND_RESET_ACTION, buf,
170				   count);
171}
172
173static ssize_t lifecycle_state_show(struct device *dev,
174				    struct device_attribute *attr, char *buf)
175{
176	int status_bits;
177	int use_dev_key;
178	int test_state;
179	int lc_state;
180
181	status_bits = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS,
182					MLXBF_BOOTCTL_FUSE_STATUS_LIFECYCLE);
183	if (status_bits < 0)
184		return status_bits;
185
186	use_dev_key = status_bits & MLXBF_BOOTCTL_SB_DEV_MASK;
187	test_state = status_bits & MLXBF_BOOTCTL_SB_TEST_MASK;
188	lc_state = status_bits & MLXBF_BOOTCTL_SB_SECURE_MASK;
189
190	/*
191	 * If the test bits are set, we specify that the current state may be
192	 * due to using the test bits.
193	 */
194	if (test_state) {
195		return sprintf(buf, "%s(test)\n",
196			       mlxbf_bootctl_lifecycle_states[lc_state]);
197	} else if (use_dev_key &&
198		   (lc_state == MLXBF_BOOTCTL_SB_LIFECYCLE_GA_SECURE)) {
199		return sprintf(buf, "Secured (development)\n");
200	}
201
202	return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]);
203}
204
205static ssize_t secure_boot_fuse_state_show(struct device *dev,
206					   struct device_attribute *attr,
207					   char *buf)
208{
209	int burnt, valid, key, key_state, buf_len = 0, upper_key_used = 0;
210	const char *status;
211
212	key_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS,
213				      MLXBF_BOOTCTL_FUSE_STATUS_KEYS);
214	if (key_state < 0)
215		return key_state;
216
217	/*
218	 * key_state contains the bits for 4 Key versions, loaded from eFuses
219	 * after a hard reset. Lower 4 bits are a thermometer code indicating
220	 * key programming has started for key n (0000 = none, 0001 = version 0,
221	 * 0011 = version 1, 0111 = version 2, 1111 = version 3). Upper 4 bits
222	 * are a thermometer code indicating key programming has completed for
223	 * key n (same encodings as the start bits). This allows for detection
224	 * of an interruption in the progamming process which has left the key
225	 * partially programmed (and thus invalid). The process is to burn the
226	 * eFuse for the new key start bit, burn the key eFuses, then burn the
227	 * eFuse for the new key complete bit.
228	 *
229	 * For example 0000_0000: no key valid, 0001_0001: key version 0 valid,
230	 * 0011_0011: key 1 version valid, 0011_0111: key version 2 started
231	 * programming but did not complete, etc. The most recent key for which
232	 * both start and complete bit is set is loaded. On soft reset, this
233	 * register is not modified.
234	 */
235	for (key = MLXBF_SB_KEY_NUM - 1; key >= 0; key--) {
236		burnt = key_state & BIT(key);
237		valid = key_state & BIT(key + MLXBF_SB_KEY_NUM);
238
239		if (burnt && valid)
240			upper_key_used = 1;
241
242		if (upper_key_used) {
243			if (burnt)
244				status = valid ? "Used" : "Wasted";
245			else
246				status = valid ? "Invalid" : "Skipped";
247		} else {
248			if (burnt)
249				status = valid ? "InUse" : "Incomplete";
250			else
251				status = valid ? "Invalid" : "Free";
252		}
253		buf_len += sprintf(buf + buf_len, "%d:%s ", key, status);
254	}
255	buf_len += sprintf(buf + buf_len, "\n");
256
257	return buf_len;
258}
259
260static DEVICE_ATTR_RW(post_reset_wdog);
261static DEVICE_ATTR_RW(reset_action);
262static DEVICE_ATTR_RW(second_reset_action);
263static DEVICE_ATTR_RO(lifecycle_state);
264static DEVICE_ATTR_RO(secure_boot_fuse_state);
265
266static struct attribute *mlxbf_bootctl_attrs[] = {
267	&dev_attr_post_reset_wdog.attr,
268	&dev_attr_reset_action.attr,
269	&dev_attr_second_reset_action.attr,
270	&dev_attr_lifecycle_state.attr,
271	&dev_attr_secure_boot_fuse_state.attr,
272	NULL
273};
274
275ATTRIBUTE_GROUPS(mlxbf_bootctl);
276
277static const struct acpi_device_id mlxbf_bootctl_acpi_ids[] = {
278	{"MLNXBF04", 0},
279	{}
280};
281
282MODULE_DEVICE_TABLE(acpi, mlxbf_bootctl_acpi_ids);
283
284static bool mlxbf_bootctl_guid_match(const guid_t *guid,
285				     const struct arm_smccc_res *res)
286{
287	guid_t id = GUID_INIT(res->a0, res->a1, res->a1 >> 16,
288			      res->a2, res->a2 >> 8, res->a2 >> 16,
289			      res->a2 >> 24, res->a3, res->a3 >> 8,
290			      res->a3 >> 16, res->a3 >> 24);
291
292	return guid_equal(guid, &id);
293}
294
295static int mlxbf_bootctl_probe(struct platform_device *pdev)
296{
297	struct arm_smccc_res res = { 0 };
298	guid_t guid;
299	int ret;
300
301	/* Ensure we have the UUID we expect for this service. */
302	arm_smccc_smc(MLXBF_BOOTCTL_SIP_SVC_UID, 0, 0, 0, 0, 0, 0, 0, &res);
303	guid_parse(mlxbf_bootctl_svc_uuid_str, &guid);
304	if (!mlxbf_bootctl_guid_match(&guid, &res))
305		return -ENODEV;
306
307	/*
308	 * When watchdog is used, it sets boot mode to MLXBF_BOOTCTL_SWAP_EMMC
309	 * in case of boot failures. However it doesn't clear the state if there
310	 * is no failure. Restore the default boot mode here to avoid any
311	 * unnecessary boot partition swapping.
312	 */
313	ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_RESET_ACTION,
314				MLXBF_BOOTCTL_EMMC);
315	if (ret < 0)
316		dev_warn(&pdev->dev, "Unable to reset the EMMC boot mode\n");
317
318	return 0;
319}
320
321static struct platform_driver mlxbf_bootctl_driver = {
322	.probe = mlxbf_bootctl_probe,
323	.driver = {
324		.name = "mlxbf-bootctl",
325		.dev_groups = mlxbf_bootctl_groups,
326		.acpi_match_table = mlxbf_bootctl_acpi_ids,
327	}
328};
329
330module_platform_driver(mlxbf_bootctl_driver);
331
332MODULE_DESCRIPTION("Mellanox boot control driver");
333MODULE_LICENSE("GPL v2");
334MODULE_AUTHOR("Mellanox Technologies");
335