cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

atmel-i2c.c (10536B)

      1// SPDX-License-Identifier: GPL-2.0
      2/*
      3 * Microchip / Atmel ECC (I2C) driver.
      4 *
      5 * Copyright (c) 2017, Microchip Technology Inc.
      6 * Author: Tudor Ambarus <tudor.ambarus@microchip.com>
      7 */
      8
      9#include <linux/bitrev.h>
     10#include <linux/crc16.h>
     11#include <linux/delay.h>
     12#include <linux/device.h>
     13#include <linux/err.h>
     14#include <linux/errno.h>
     15#include <linux/i2c.h>
     16#include <linux/init.h>
     17#include <linux/kernel.h>
     18#include <linux/module.h>
     19#include <linux/scatterlist.h>
     20#include <linux/slab.h>
     21#include <linux/workqueue.h>
     22#include "atmel-i2c.h"
     23
     24static const struct {
     25	u8 value;
     26	const char *error_text;
     27} error_list[] = {
     28	{ 0x01, "CheckMac or Verify miscompare" },
     29	{ 0x03, "Parse Error" },
     30	{ 0x05, "ECC Fault" },
     31	{ 0x0F, "Execution Error" },
     32	{ 0xEE, "Watchdog about to expire" },
     33	{ 0xFF, "CRC or other communication error" },
     34};
     35
     36/**
     37 * atmel_i2c_checksum() - Generate 16-bit CRC as required by ATMEL ECC.
     38 * CRC16 verification of the count, opcode, param1, param2 and data bytes.
     39 * The checksum is saved in little-endian format in the least significant
     40 * two bytes of the command. CRC polynomial is 0x8005 and the initial register
     41 * value should be zero.
     42 *
     43 * @cmd : structure used for communicating with the device.
     44 */
     45static void atmel_i2c_checksum(struct atmel_i2c_cmd *cmd)
     46{
     47	u8 *data = &cmd->count;
     48	size_t len = cmd->count - CRC_SIZE;
     49	__le16 *__crc16 = (__le16 *)(data + len);
     50
     51	*__crc16 = cpu_to_le16(bitrev16(crc16(0, data, len)));
     52}
     53
     54void atmel_i2c_init_read_cmd(struct atmel_i2c_cmd *cmd)
     55{
     56	cmd->word_addr = COMMAND;
     57	cmd->opcode = OPCODE_READ;
     58	/*
     59	 * Read the word from Configuration zone that contains the lock bytes
     60	 * (UserExtra, Selector, LockValue, LockConfig).
     61	 */
     62	cmd->param1 = CONFIG_ZONE;
     63	cmd->param2 = cpu_to_le16(DEVICE_LOCK_ADDR);
     64	cmd->count = READ_COUNT;
     65
     66	atmel_i2c_checksum(cmd);
     67
     68	cmd->msecs = MAX_EXEC_TIME_READ;
     69	cmd->rxsize = READ_RSP_SIZE;
     70}
     71EXPORT_SYMBOL(atmel_i2c_init_read_cmd);
     72
     73void atmel_i2c_init_random_cmd(struct atmel_i2c_cmd *cmd)
     74{
     75	cmd->word_addr = COMMAND;
     76	cmd->opcode = OPCODE_RANDOM;
     77	cmd->param1 = 0;
     78	cmd->param2 = 0;
     79	cmd->count = RANDOM_COUNT;
     80
     81	atmel_i2c_checksum(cmd);
     82
     83	cmd->msecs = MAX_EXEC_TIME_RANDOM;
     84	cmd->rxsize = RANDOM_RSP_SIZE;
     85}
     86EXPORT_SYMBOL(atmel_i2c_init_random_cmd);
     87
     88void atmel_i2c_init_genkey_cmd(struct atmel_i2c_cmd *cmd, u16 keyid)
     89{
     90	cmd->word_addr = COMMAND;
     91	cmd->count = GENKEY_COUNT;
     92	cmd->opcode = OPCODE_GENKEY;
     93	cmd->param1 = GENKEY_MODE_PRIVATE;
     94	/* a random private key will be generated and stored in slot keyID */
     95	cmd->param2 = cpu_to_le16(keyid);
     96
     97	atmel_i2c_checksum(cmd);
     98
     99	cmd->msecs = MAX_EXEC_TIME_GENKEY;
    100	cmd->rxsize = GENKEY_RSP_SIZE;
    101}
    102EXPORT_SYMBOL(atmel_i2c_init_genkey_cmd);
    103
    104int atmel_i2c_init_ecdh_cmd(struct atmel_i2c_cmd *cmd,
    105			    struct scatterlist *pubkey)
    106{
    107	size_t copied;
    108
    109	cmd->word_addr = COMMAND;
    110	cmd->count = ECDH_COUNT;
    111	cmd->opcode = OPCODE_ECDH;
    112	cmd->param1 = ECDH_PREFIX_MODE;
    113	/* private key slot */
    114	cmd->param2 = cpu_to_le16(DATA_SLOT_2);
    115
    116	/*
    117	 * The device only supports NIST P256 ECC keys. The public key size will
    118	 * always be the same. Use a macro for the key size to avoid unnecessary
    119	 * computations.
    120	 */
    121	copied = sg_copy_to_buffer(pubkey,
    122				   sg_nents_for_len(pubkey,
    123						    ATMEL_ECC_PUBKEY_SIZE),
    124				   cmd->data, ATMEL_ECC_PUBKEY_SIZE);
    125	if (copied != ATMEL_ECC_PUBKEY_SIZE)
    126		return -EINVAL;
    127
    128	atmel_i2c_checksum(cmd);
    129
    130	cmd->msecs = MAX_EXEC_TIME_ECDH;
    131	cmd->rxsize = ECDH_RSP_SIZE;
    132
    133	return 0;
    134}
    135EXPORT_SYMBOL(atmel_i2c_init_ecdh_cmd);
    136
    137/*
    138 * After wake and after execution of a command, there will be error, status, or
    139 * result bytes in the device's output register that can be retrieved by the
    140 * system. When the length of that group is four bytes, the codes returned are
    141 * detailed in error_list.
    142 */
    143static int atmel_i2c_status(struct device *dev, u8 *status)
    144{
    145	size_t err_list_len = ARRAY_SIZE(error_list);
    146	int i;
    147	u8 err_id = status[1];
    148
    149	if (*status != STATUS_SIZE)
    150		return 0;
    151
    152	if (err_id == STATUS_WAKE_SUCCESSFUL || err_id == STATUS_NOERR)
    153		return 0;
    154
    155	for (i = 0; i < err_list_len; i++)
    156		if (error_list[i].value == err_id)
    157			break;
    158
    159	/* if err_id is not in the error_list then ignore it */
    160	if (i != err_list_len) {
    161		dev_err(dev, "%02x: %s:\n", err_id, error_list[i].error_text);
    162		return err_id;
    163	}
    164
    165	return 0;
    166}
    167
    168static int atmel_i2c_wakeup(struct i2c_client *client)
    169{
    170	struct atmel_i2c_client_priv *i2c_priv = i2c_get_clientdata(client);
    171	u8 status[STATUS_RSP_SIZE];
    172	int ret;
    173
    174	/*
    175	 * The device ignores any levels or transitions on the SCL pin when the
    176	 * device is idle, asleep or during waking up. Don't check for error
    177	 * when waking up the device.
    178	 */
    179	i2c_transfer_buffer_flags(client, i2c_priv->wake_token,
    180				i2c_priv->wake_token_sz, I2C_M_IGNORE_NAK);
    181
    182	/*
    183	 * Wait to wake the device. Typical execution times for ecdh and genkey
    184	 * are around tens of milliseconds. Delta is chosen to 50 microseconds.
    185	 */
    186	usleep_range(TWHI_MIN, TWHI_MAX);
    187
    188	ret = i2c_master_recv(client, status, STATUS_SIZE);
    189	if (ret < 0)
    190		return ret;
    191
    192	return atmel_i2c_status(&client->dev, status);
    193}
    194
    195static int atmel_i2c_sleep(struct i2c_client *client)
    196{
    197	u8 sleep = SLEEP_TOKEN;
    198
    199	return i2c_master_send(client, &sleep, 1);
    200}
    201
    202/*
    203 * atmel_i2c_send_receive() - send a command to the device and receive its
    204 *                            response.
    205 * @client: i2c client device
    206 * @cmd   : structure used to communicate with the device
    207 *
    208 * After the device receives a Wake token, a watchdog counter starts within the
    209 * device. After the watchdog timer expires, the device enters sleep mode
    210 * regardless of whether some I/O transmission or command execution is in
    211 * progress. If a command is attempted when insufficient time remains prior to
    212 * watchdog timer execution, the device will return the watchdog timeout error
    213 * code without attempting to execute the command. There is no way to reset the
    214 * counter other than to put the device into sleep or idle mode and then
    215 * wake it up again.
    216 */
    217int atmel_i2c_send_receive(struct i2c_client *client, struct atmel_i2c_cmd *cmd)
    218{
    219	struct atmel_i2c_client_priv *i2c_priv = i2c_get_clientdata(client);
    220	int ret;
    221
    222	mutex_lock(&i2c_priv->lock);
    223
    224	ret = atmel_i2c_wakeup(client);
    225	if (ret)
    226		goto err;
    227
    228	/* send the command */
    229	ret = i2c_master_send(client, (u8 *)cmd, cmd->count + WORD_ADDR_SIZE);
    230	if (ret < 0)
    231		goto err;
    232
    233	/* delay the appropriate amount of time for command to execute */
    234	msleep(cmd->msecs);
    235
    236	/* receive the response */
    237	ret = i2c_master_recv(client, cmd->data, cmd->rxsize);
    238	if (ret < 0)
    239		goto err;
    240
    241	/* put the device into low-power mode */
    242	ret = atmel_i2c_sleep(client);
    243	if (ret < 0)
    244		goto err;
    245
    246	mutex_unlock(&i2c_priv->lock);
    247	return atmel_i2c_status(&client->dev, cmd->data);
    248err:
    249	mutex_unlock(&i2c_priv->lock);
    250	return ret;
    251}
    252EXPORT_SYMBOL(atmel_i2c_send_receive);
    253
    254static void atmel_i2c_work_handler(struct work_struct *work)
    255{
    256	struct atmel_i2c_work_data *work_data =
    257			container_of(work, struct atmel_i2c_work_data, work);
    258	struct atmel_i2c_cmd *cmd = &work_data->cmd;
    259	struct i2c_client *client = work_data->client;
    260	int status;
    261
    262	status = atmel_i2c_send_receive(client, cmd);
    263	work_data->cbk(work_data, work_data->areq, status);
    264}
    265
    266static struct workqueue_struct *atmel_wq;
    267
    268void atmel_i2c_enqueue(struct atmel_i2c_work_data *work_data,
    269		       void (*cbk)(struct atmel_i2c_work_data *work_data,
    270				   void *areq, int status),
    271		       void *areq)
    272{
    273	work_data->cbk = (void *)cbk;
    274	work_data->areq = areq;
    275
    276	INIT_WORK(&work_data->work, atmel_i2c_work_handler);
    277	queue_work(atmel_wq, &work_data->work);
    278}
    279EXPORT_SYMBOL(atmel_i2c_enqueue);
    280
    281void atmel_i2c_flush_queue(void)
    282{
    283	flush_workqueue(atmel_wq);
    284}
    285EXPORT_SYMBOL(atmel_i2c_flush_queue);
    286
    287static inline size_t atmel_i2c_wake_token_sz(u32 bus_clk_rate)
    288{
    289	u32 no_of_bits = DIV_ROUND_UP(TWLO_USEC * bus_clk_rate, USEC_PER_SEC);
    290
    291	/* return the size of the wake_token in bytes */
    292	return DIV_ROUND_UP(no_of_bits, 8);
    293}
    294
    295static int device_sanity_check(struct i2c_client *client)
    296{
    297	struct atmel_i2c_cmd *cmd;
    298	int ret;
    299
    300	cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
    301	if (!cmd)
    302		return -ENOMEM;
    303
    304	atmel_i2c_init_read_cmd(cmd);
    305
    306	ret = atmel_i2c_send_receive(client, cmd);
    307	if (ret)
    308		goto free_cmd;
    309
    310	/*
    311	 * It is vital that the Configuration, Data and OTP zones be locked
    312	 * prior to release into the field of the system containing the device.
    313	 * Failure to lock these zones may permit modification of any secret
    314	 * keys and may lead to other security problems.
    315	 */
    316	if (cmd->data[LOCK_CONFIG_IDX] || cmd->data[LOCK_VALUE_IDX]) {
    317		dev_err(&client->dev, "Configuration or Data and OTP zones are unlocked!\n");
    318		ret = -ENOTSUPP;
    319	}
    320
    321	/* fall through */
    322free_cmd:
    323	kfree(cmd);
    324	return ret;
    325}
    326
    327int atmel_i2c_probe(struct i2c_client *client, const struct i2c_device_id *id)
    328{
    329	struct atmel_i2c_client_priv *i2c_priv;
    330	struct device *dev = &client->dev;
    331	int ret;
    332	u32 bus_clk_rate;
    333
    334	if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
    335		dev_err(dev, "I2C_FUNC_I2C not supported\n");
    336		return -ENODEV;
    337	}
    338
    339	bus_clk_rate = i2c_acpi_find_bus_speed(&client->adapter->dev);
    340	if (!bus_clk_rate) {
    341		ret = device_property_read_u32(&client->adapter->dev,
    342					       "clock-frequency", &bus_clk_rate);
    343		if (ret) {
    344			dev_err(dev, "failed to read clock-frequency property\n");
    345			return ret;
    346		}
    347	}
    348
    349	if (bus_clk_rate > 1000000L) {
    350		dev_err(dev, "%u exceeds maximum supported clock frequency (1MHz)\n",
    351			bus_clk_rate);
    352		return -EINVAL;
    353	}
    354
    355	i2c_priv = devm_kmalloc(dev, sizeof(*i2c_priv), GFP_KERNEL);
    356	if (!i2c_priv)
    357		return -ENOMEM;
    358
    359	i2c_priv->client = client;
    360	mutex_init(&i2c_priv->lock);
    361
    362	/*
    363	 * WAKE_TOKEN_MAX_SIZE was calculated for the maximum bus_clk_rate -
    364	 * 1MHz. The previous bus_clk_rate check ensures us that wake_token_sz
    365	 * will always be smaller than or equal to WAKE_TOKEN_MAX_SIZE.
    366	 */
    367	i2c_priv->wake_token_sz = atmel_i2c_wake_token_sz(bus_clk_rate);
    368
    369	memset(i2c_priv->wake_token, 0, sizeof(i2c_priv->wake_token));
    370
    371	atomic_set(&i2c_priv->tfm_count, 0);
    372
    373	i2c_set_clientdata(client, i2c_priv);
    374
    375	return device_sanity_check(client);
    376}
    377EXPORT_SYMBOL(atmel_i2c_probe);
    378
    379static int __init atmel_i2c_init(void)
    380{
    381	atmel_wq = alloc_workqueue("atmel_wq", 0, 0);
    382	return atmel_wq ? 0 : -ENOMEM;
    383}
    384
    385static void __exit atmel_i2c_exit(void)
    386{
    387	destroy_workqueue(atmel_wq);
    388}
    389
    390module_init(atmel_i2c_init);
    391module_exit(atmel_i2c_exit);
    392
    393MODULE_AUTHOR("Tudor Ambarus <tudor.ambarus@microchip.com>");
    394MODULE_DESCRIPTION("Microchip / Atmel ECC (I2C) driver");
    395MODULE_LICENSE("GPL v2");