xlnx-versal-efuse-ctrl.c (25103B)
1/* 2 * QEMU model of the Versal eFuse controller 3 * 4 * Copyright (c) 2020 Xilinx Inc. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25#include "qemu/osdep.h" 26#include "hw/nvram/xlnx-versal-efuse.h" 27 28#include "qemu/log.h" 29#include "qapi/error.h" 30#include "migration/vmstate.h" 31#include "hw/qdev-properties.h" 32 33#ifndef XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG 34#define XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG 0 35#endif 36 37REG32(WR_LOCK, 0x0) 38 FIELD(WR_LOCK, LOCK, 0, 16) 39REG32(CFG, 0x4) 40 FIELD(CFG, SLVERR_ENABLE, 5, 1) 41 FIELD(CFG, MARGIN_RD, 2, 1) 42 FIELD(CFG, PGM_EN, 1, 1) 43REG32(STATUS, 0x8) 44 FIELD(STATUS, AES_USER_KEY_1_CRC_PASS, 11, 1) 45 FIELD(STATUS, AES_USER_KEY_1_CRC_DONE, 10, 1) 46 FIELD(STATUS, AES_USER_KEY_0_CRC_PASS, 9, 1) 47 FIELD(STATUS, AES_USER_KEY_0_CRC_DONE, 8, 1) 48 FIELD(STATUS, AES_CRC_PASS, 7, 1) 49 FIELD(STATUS, AES_CRC_DONE, 6, 1) 50 FIELD(STATUS, CACHE_DONE, 5, 1) 51 FIELD(STATUS, CACHE_LOAD, 4, 1) 52 FIELD(STATUS, EFUSE_2_TBIT, 2, 1) 53 FIELD(STATUS, EFUSE_1_TBIT, 1, 1) 54 FIELD(STATUS, EFUSE_0_TBIT, 0, 1) 55REG32(EFUSE_PGM_ADDR, 0xc) 56 FIELD(EFUSE_PGM_ADDR, PAGE, 13, 4) 57 FIELD(EFUSE_PGM_ADDR, ROW, 5, 8) 58 FIELD(EFUSE_PGM_ADDR, COLUMN, 0, 5) 59REG32(EFUSE_RD_ADDR, 0x10) 60 FIELD(EFUSE_RD_ADDR, PAGE, 13, 4) 61 FIELD(EFUSE_RD_ADDR, ROW, 5, 8) 62REG32(EFUSE_RD_DATA, 0x14) 63REG32(TPGM, 0x18) 64 FIELD(TPGM, VALUE, 0, 16) 65REG32(TRD, 0x1c) 66 FIELD(TRD, VALUE, 0, 8) 67REG32(TSU_H_PS, 0x20) 68 FIELD(TSU_H_PS, VALUE, 0, 8) 69REG32(TSU_H_PS_CS, 0x24) 70 FIELD(TSU_H_PS_CS, VALUE, 0, 8) 71REG32(TRDM, 0x28) 72 FIELD(TRDM, VALUE, 0, 8) 73REG32(TSU_H_CS, 0x2c) 74 FIELD(TSU_H_CS, VALUE, 0, 8) 75REG32(EFUSE_ISR, 0x30) 76 FIELD(EFUSE_ISR, APB_SLVERR, 31, 1) 77 FIELD(EFUSE_ISR, CACHE_PARITY_E2, 14, 1) 78 FIELD(EFUSE_ISR, CACHE_PARITY_E1, 13, 1) 79 FIELD(EFUSE_ISR, CACHE_PARITY_E0S, 12, 1) 80 FIELD(EFUSE_ISR, CACHE_PARITY_E0R, 11, 1) 81 FIELD(EFUSE_ISR, CACHE_APB_SLVERR, 10, 1) 82 FIELD(EFUSE_ISR, CACHE_REQ_ERROR, 9, 1) 83 FIELD(EFUSE_ISR, MAIN_REQ_ERROR, 8, 1) 84 FIELD(EFUSE_ISR, READ_ON_CACHE_LD, 7, 1) 85 FIELD(EFUSE_ISR, CACHE_FSM_ERROR, 6, 1) 86 FIELD(EFUSE_ISR, MAIN_FSM_ERROR, 5, 1) 87 FIELD(EFUSE_ISR, CACHE_ERROR, 4, 1) 88 FIELD(EFUSE_ISR, RD_ERROR, 3, 1) 89 FIELD(EFUSE_ISR, RD_DONE, 2, 1) 90 FIELD(EFUSE_ISR, PGM_ERROR, 1, 1) 91 FIELD(EFUSE_ISR, PGM_DONE, 0, 1) 92REG32(EFUSE_IMR, 0x34) 93 FIELD(EFUSE_IMR, APB_SLVERR, 31, 1) 94 FIELD(EFUSE_IMR, CACHE_PARITY_E2, 14, 1) 95 FIELD(EFUSE_IMR, CACHE_PARITY_E1, 13, 1) 96 FIELD(EFUSE_IMR, CACHE_PARITY_E0S, 12, 1) 97 FIELD(EFUSE_IMR, CACHE_PARITY_E0R, 11, 1) 98 FIELD(EFUSE_IMR, CACHE_APB_SLVERR, 10, 1) 99 FIELD(EFUSE_IMR, CACHE_REQ_ERROR, 9, 1) 100 FIELD(EFUSE_IMR, MAIN_REQ_ERROR, 8, 1) 101 FIELD(EFUSE_IMR, READ_ON_CACHE_LD, 7, 1) 102 FIELD(EFUSE_IMR, CACHE_FSM_ERROR, 6, 1) 103 FIELD(EFUSE_IMR, MAIN_FSM_ERROR, 5, 1) 104 FIELD(EFUSE_IMR, CACHE_ERROR, 4, 1) 105 FIELD(EFUSE_IMR, RD_ERROR, 3, 1) 106 FIELD(EFUSE_IMR, RD_DONE, 2, 1) 107 FIELD(EFUSE_IMR, PGM_ERROR, 1, 1) 108 FIELD(EFUSE_IMR, PGM_DONE, 0, 1) 109REG32(EFUSE_IER, 0x38) 110 FIELD(EFUSE_IER, APB_SLVERR, 31, 1) 111 FIELD(EFUSE_IER, CACHE_PARITY_E2, 14, 1) 112 FIELD(EFUSE_IER, CACHE_PARITY_E1, 13, 1) 113 FIELD(EFUSE_IER, CACHE_PARITY_E0S, 12, 1) 114 FIELD(EFUSE_IER, CACHE_PARITY_E0R, 11, 1) 115 FIELD(EFUSE_IER, CACHE_APB_SLVERR, 10, 1) 116 FIELD(EFUSE_IER, CACHE_REQ_ERROR, 9, 1) 117 FIELD(EFUSE_IER, MAIN_REQ_ERROR, 8, 1) 118 FIELD(EFUSE_IER, READ_ON_CACHE_LD, 7, 1) 119 FIELD(EFUSE_IER, CACHE_FSM_ERROR, 6, 1) 120 FIELD(EFUSE_IER, MAIN_FSM_ERROR, 5, 1) 121 FIELD(EFUSE_IER, CACHE_ERROR, 4, 1) 122 FIELD(EFUSE_IER, RD_ERROR, 3, 1) 123 FIELD(EFUSE_IER, RD_DONE, 2, 1) 124 FIELD(EFUSE_IER, PGM_ERROR, 1, 1) 125 FIELD(EFUSE_IER, PGM_DONE, 0, 1) 126REG32(EFUSE_IDR, 0x3c) 127 FIELD(EFUSE_IDR, APB_SLVERR, 31, 1) 128 FIELD(EFUSE_IDR, CACHE_PARITY_E2, 14, 1) 129 FIELD(EFUSE_IDR, CACHE_PARITY_E1, 13, 1) 130 FIELD(EFUSE_IDR, CACHE_PARITY_E0S, 12, 1) 131 FIELD(EFUSE_IDR, CACHE_PARITY_E0R, 11, 1) 132 FIELD(EFUSE_IDR, CACHE_APB_SLVERR, 10, 1) 133 FIELD(EFUSE_IDR, CACHE_REQ_ERROR, 9, 1) 134 FIELD(EFUSE_IDR, MAIN_REQ_ERROR, 8, 1) 135 FIELD(EFUSE_IDR, READ_ON_CACHE_LD, 7, 1) 136 FIELD(EFUSE_IDR, CACHE_FSM_ERROR, 6, 1) 137 FIELD(EFUSE_IDR, MAIN_FSM_ERROR, 5, 1) 138 FIELD(EFUSE_IDR, CACHE_ERROR, 4, 1) 139 FIELD(EFUSE_IDR, RD_ERROR, 3, 1) 140 FIELD(EFUSE_IDR, RD_DONE, 2, 1) 141 FIELD(EFUSE_IDR, PGM_ERROR, 1, 1) 142 FIELD(EFUSE_IDR, PGM_DONE, 0, 1) 143REG32(EFUSE_CACHE_LOAD, 0x40) 144 FIELD(EFUSE_CACHE_LOAD, LOAD, 0, 1) 145REG32(EFUSE_PGM_LOCK, 0x44) 146 FIELD(EFUSE_PGM_LOCK, SPK_ID_LOCK, 0, 1) 147REG32(EFUSE_AES_CRC, 0x48) 148REG32(EFUSE_AES_USR_KEY0_CRC, 0x4c) 149REG32(EFUSE_AES_USR_KEY1_CRC, 0x50) 150REG32(EFUSE_PD, 0x54) 151REG32(EFUSE_ANLG_OSC_SW_1LP, 0x60) 152REG32(EFUSE_TEST_CTRL, 0x100) 153 154#define R_MAX (R_EFUSE_TEST_CTRL + 1) 155 156#define R_WR_LOCK_UNLOCK_PASSCODE (0xDF0D) 157 158/* 159 * eFuse layout references: 160 * https://github.com/Xilinx/embeddedsw/blob/release-2019.2/lib/sw_services/xilnvm/src/xnvm_efuse_hw.h 161 */ 162#define BIT_POS_OF(A_) \ 163 ((uint32_t)((A_) & (R_EFUSE_PGM_ADDR_ROW_MASK | \ 164 R_EFUSE_PGM_ADDR_COLUMN_MASK))) 165 166#define BIT_POS(R_, C_) \ 167 ((uint32_t)((R_EFUSE_PGM_ADDR_ROW_MASK \ 168 & ((R_) << R_EFUSE_PGM_ADDR_ROW_SHIFT)) \ 169 | \ 170 (R_EFUSE_PGM_ADDR_COLUMN_MASK \ 171 & ((C_) << R_EFUSE_PGM_ADDR_COLUMN_SHIFT)))) 172 173#define EFUSE_TBIT_POS(A_) (BIT_POS_OF(A_) >= BIT_POS(0, 28)) 174 175#define EFUSE_ANCHOR_ROW (0) 176#define EFUSE_ANCHOR_3_COL (27) 177#define EFUSE_ANCHOR_1_COL (1) 178 179#define EFUSE_AES_KEY_START BIT_POS(12, 0) 180#define EFUSE_AES_KEY_END BIT_POS(19, 31) 181#define EFUSE_USER_KEY_0_START BIT_POS(20, 0) 182#define EFUSE_USER_KEY_0_END BIT_POS(27, 31) 183#define EFUSE_USER_KEY_1_START BIT_POS(28, 0) 184#define EFUSE_USER_KEY_1_END BIT_POS(35, 31) 185 186#define EFUSE_RD_BLOCKED_START EFUSE_AES_KEY_START 187#define EFUSE_RD_BLOCKED_END EFUSE_USER_KEY_1_END 188 189#define EFUSE_GLITCH_DET_WR_LK BIT_POS(4, 31) 190#define EFUSE_PPK0_WR_LK BIT_POS(43, 6) 191#define EFUSE_PPK1_WR_LK BIT_POS(43, 7) 192#define EFUSE_PPK2_WR_LK BIT_POS(43, 8) 193#define EFUSE_AES_WR_LK BIT_POS(43, 11) 194#define EFUSE_USER_KEY_0_WR_LK BIT_POS(43, 13) 195#define EFUSE_USER_KEY_1_WR_LK BIT_POS(43, 15) 196#define EFUSE_PUF_SYN_LK BIT_POS(43, 16) 197#define EFUSE_DNA_WR_LK BIT_POS(43, 27) 198#define EFUSE_BOOT_ENV_WR_LK BIT_POS(43, 28) 199 200#define EFUSE_PGM_LOCKED_START BIT_POS(44, 0) 201#define EFUSE_PGM_LOCKED_END BIT_POS(51, 31) 202 203#define EFUSE_PUF_PAGE (2) 204#define EFUSE_PUF_SYN_START BIT_POS(129, 0) 205#define EFUSE_PUF_SYN_END BIT_POS(255, 27) 206 207#define EFUSE_KEY_CRC_LK_ROW (43) 208#define EFUSE_AES_KEY_CRC_LK_MASK ((1U << 9) | (1U << 10)) 209#define EFUSE_USER_KEY_0_CRC_LK_MASK (1U << 12) 210#define EFUSE_USER_KEY_1_CRC_LK_MASK (1U << 14) 211 212/* 213 * A handy macro to return value of an array element, 214 * or a specific default if given index is out of bound. 215 */ 216#define ARRAY_GET(A_, I_, D_) \ 217 ((unsigned int)(I_) < ARRAY_SIZE(A_) ? (A_)[I_] : (D_)) 218 219QEMU_BUILD_BUG_ON(R_MAX != ARRAY_SIZE(((XlnxVersalEFuseCtrl *)0)->regs)); 220 221typedef struct XlnxEFuseLkSpec { 222 uint16_t row; 223 uint16_t lk_bit; 224} XlnxEFuseLkSpec; 225 226static void efuse_imr_update_irq(XlnxVersalEFuseCtrl *s) 227{ 228 bool pending = s->regs[R_EFUSE_ISR] & ~s->regs[R_EFUSE_IMR]; 229 qemu_set_irq(s->irq_efuse_imr, pending); 230} 231 232static void efuse_isr_postw(RegisterInfo *reg, uint64_t val64) 233{ 234 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 235 efuse_imr_update_irq(s); 236} 237 238static uint64_t efuse_ier_prew(RegisterInfo *reg, uint64_t val64) 239{ 240 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 241 uint32_t val = val64; 242 243 s->regs[R_EFUSE_IMR] &= ~val; 244 efuse_imr_update_irq(s); 245 return 0; 246} 247 248static uint64_t efuse_idr_prew(RegisterInfo *reg, uint64_t val64) 249{ 250 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 251 uint32_t val = val64; 252 253 s->regs[R_EFUSE_IMR] |= val; 254 efuse_imr_update_irq(s); 255 return 0; 256} 257 258static void efuse_status_tbits_sync(XlnxVersalEFuseCtrl *s) 259{ 260 uint32_t check = xlnx_efuse_tbits_check(s->efuse); 261 uint32_t val = s->regs[R_STATUS]; 262 263 val = FIELD_DP32(val, STATUS, EFUSE_0_TBIT, !!(check & (1 << 0))); 264 val = FIELD_DP32(val, STATUS, EFUSE_1_TBIT, !!(check & (1 << 1))); 265 val = FIELD_DP32(val, STATUS, EFUSE_2_TBIT, !!(check & (1 << 2))); 266 267 s->regs[R_STATUS] = val; 268} 269 270static void efuse_anchor_bits_check(XlnxVersalEFuseCtrl *s) 271{ 272 unsigned page; 273 274 if (!s->efuse || !s->efuse->init_tbits) { 275 return; 276 } 277 278 for (page = 0; page < s->efuse->efuse_nr; page++) { 279 uint32_t row = 0, bit; 280 281 row = FIELD_DP32(row, EFUSE_PGM_ADDR, PAGE, page); 282 row = FIELD_DP32(row, EFUSE_PGM_ADDR, ROW, EFUSE_ANCHOR_ROW); 283 284 bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_3_COL); 285 if (!xlnx_efuse_get_bit(s->efuse, bit)) { 286 xlnx_efuse_set_bit(s->efuse, bit); 287 } 288 289 bit = FIELD_DP32(row, EFUSE_PGM_ADDR, COLUMN, EFUSE_ANCHOR_1_COL); 290 if (!xlnx_efuse_get_bit(s->efuse, bit)) { 291 xlnx_efuse_set_bit(s->efuse, bit); 292 } 293 } 294} 295 296static void efuse_key_crc_check(RegisterInfo *reg, uint32_t crc, 297 uint32_t pass_mask, uint32_t done_mask, 298 unsigned first, uint32_t lk_mask) 299{ 300 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 301 uint32_t r, lk_bits; 302 303 /* 304 * To start, assume both DONE and PASS, and clear PASS by xor 305 * if CRC-check fails or CRC-check disabled by lock fuse. 306 */ 307 r = s->regs[R_STATUS] | done_mask | pass_mask; 308 309 lk_bits = xlnx_efuse_get_row(s->efuse, EFUSE_KEY_CRC_LK_ROW) & lk_mask; 310 if (lk_bits == 0 && xlnx_efuse_k256_check(s->efuse, crc, first)) { 311 pass_mask = 0; 312 } 313 314 s->regs[R_STATUS] = r ^ pass_mask; 315} 316 317static void efuse_data_sync(XlnxVersalEFuseCtrl *s) 318{ 319 efuse_status_tbits_sync(s); 320} 321 322static int efuse_lk_spec_cmp(const void *a, const void *b) 323{ 324 uint16_t r1 = ((const XlnxEFuseLkSpec *)a)->row; 325 uint16_t r2 = ((const XlnxEFuseLkSpec *)b)->row; 326 327 return (r1 > r2) - (r1 < r2); 328} 329 330static void efuse_lk_spec_sort(XlnxVersalEFuseCtrl *s) 331{ 332 XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec; 333 const uint32_t n8 = s->extra_pg0_lock_n16 * 2; 334 const uint32_t sz = sizeof(ary[0]); 335 const uint32_t cnt = n8 / sz; 336 337 if (ary && cnt) { 338 qsort(ary, cnt, sz, efuse_lk_spec_cmp); 339 } 340} 341 342static uint32_t efuse_lk_spec_find(XlnxVersalEFuseCtrl *s, uint32_t row) 343{ 344 const XlnxEFuseLkSpec *ary = s->extra_pg0_lock_spec; 345 const uint32_t n8 = s->extra_pg0_lock_n16 * 2; 346 const uint32_t sz = sizeof(ary[0]); 347 const uint32_t cnt = n8 / sz; 348 const XlnxEFuseLkSpec *item = NULL; 349 350 if (ary && cnt) { 351 XlnxEFuseLkSpec k = { .row = row, }; 352 353 item = bsearch(&k, ary, cnt, sz, efuse_lk_spec_cmp); 354 } 355 356 return item ? item->lk_bit : 0; 357} 358 359static uint32_t efuse_bit_locked(XlnxVersalEFuseCtrl *s, uint32_t bit) 360{ 361 /* Hard-coded locks */ 362 static const uint16_t pg0_hard_lock[] = { 363 [4] = EFUSE_GLITCH_DET_WR_LK, 364 [37] = EFUSE_BOOT_ENV_WR_LK, 365 366 [8 ... 11] = EFUSE_DNA_WR_LK, 367 [12 ... 19] = EFUSE_AES_WR_LK, 368 [20 ... 27] = EFUSE_USER_KEY_0_WR_LK, 369 [28 ... 35] = EFUSE_USER_KEY_1_WR_LK, 370 [64 ... 71] = EFUSE_PPK0_WR_LK, 371 [72 ... 79] = EFUSE_PPK1_WR_LK, 372 [80 ... 87] = EFUSE_PPK2_WR_LK, 373 }; 374 375 uint32_t row = FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW); 376 uint32_t lk_bit = ARRAY_GET(pg0_hard_lock, row, 0); 377 378 return lk_bit ? lk_bit : efuse_lk_spec_find(s, row); 379} 380 381static bool efuse_pgm_locked(XlnxVersalEFuseCtrl *s, unsigned int bit) 382{ 383 384 unsigned int lock = 1; 385 386 /* Global lock */ 387 if (!ARRAY_FIELD_EX32(s->regs, CFG, PGM_EN)) { 388 goto ret_lock; 389 } 390 391 /* Row lock */ 392 switch (FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE)) { 393 case 0: 394 if (ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK) && 395 bit >= EFUSE_PGM_LOCKED_START && bit <= EFUSE_PGM_LOCKED_END) { 396 goto ret_lock; 397 } 398 399 lock = efuse_bit_locked(s, bit); 400 break; 401 case EFUSE_PUF_PAGE: 402 if (bit < EFUSE_PUF_SYN_START || bit > EFUSE_PUF_SYN_END) { 403 lock = 0; 404 goto ret_lock; 405 } 406 407 lock = EFUSE_PUF_SYN_LK; 408 break; 409 default: 410 lock = 0; 411 goto ret_lock; 412 } 413 414 /* Row lock by an efuse bit */ 415 if (lock) { 416 lock = xlnx_efuse_get_bit(s->efuse, lock); 417 } 418 419 ret_lock: 420 return lock != 0; 421} 422 423static void efuse_pgm_addr_postw(RegisterInfo *reg, uint64_t val64) 424{ 425 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 426 unsigned bit = val64; 427 bool ok = false; 428 429 /* Always zero out PGM_ADDR because it is write-only */ 430 s->regs[R_EFUSE_PGM_ADDR] = 0; 431 432 /* 433 * Indicate error if bit is write-protected (or read-only 434 * as guarded by efuse_set_bit()). 435 * 436 * Keep it simple by not modeling program timing. 437 * 438 * Note: model must NEVER clear the PGM_ERROR bit; it is 439 * up to guest to do so (or by reset). 440 */ 441 if (efuse_pgm_locked(s, bit)) { 442 qemu_log_mask(LOG_GUEST_ERROR, 443 "%s: Denied setting of efuse<%u, %u, %u>\n", 444 object_get_canonical_path(OBJECT(s)), 445 FIELD_EX32(bit, EFUSE_PGM_ADDR, PAGE), 446 FIELD_EX32(bit, EFUSE_PGM_ADDR, ROW), 447 FIELD_EX32(bit, EFUSE_PGM_ADDR, COLUMN)); 448 } else if (xlnx_efuse_set_bit(s->efuse, bit)) { 449 ok = true; 450 if (EFUSE_TBIT_POS(bit)) { 451 efuse_status_tbits_sync(s); 452 } 453 } 454 455 if (!ok) { 456 ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_ERROR, 1); 457 } 458 459 ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, PGM_DONE, 1); 460 efuse_imr_update_irq(s); 461} 462 463static void efuse_rd_addr_postw(RegisterInfo *reg, uint64_t val64) 464{ 465 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 466 unsigned bit = val64; 467 bool denied; 468 469 /* Always zero out RD_ADDR because it is write-only */ 470 s->regs[R_EFUSE_RD_ADDR] = 0; 471 472 /* 473 * Indicate error if row is read-blocked. 474 * 475 * Note: model must NEVER clear the RD_ERROR bit; it is 476 * up to guest to do so (or by reset). 477 */ 478 s->regs[R_EFUSE_RD_DATA] = xlnx_versal_efuse_read_row(s->efuse, 479 bit, &denied); 480 if (denied) { 481 qemu_log_mask(LOG_GUEST_ERROR, 482 "%s: Denied reading of efuse<%u, %u>\n", 483 object_get_canonical_path(OBJECT(s)), 484 FIELD_EX32(bit, EFUSE_RD_ADDR, PAGE), 485 FIELD_EX32(bit, EFUSE_RD_ADDR, ROW)); 486 487 ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_ERROR, 1); 488 } 489 490 ARRAY_FIELD_DP32(s->regs, EFUSE_ISR, RD_DONE, 1); 491 efuse_imr_update_irq(s); 492 return; 493} 494 495static uint64_t efuse_cache_load_prew(RegisterInfo *reg, uint64_t val64) 496{ 497 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 498 499 if (val64 & R_EFUSE_CACHE_LOAD_LOAD_MASK) { 500 efuse_data_sync(s); 501 502 ARRAY_FIELD_DP32(s->regs, STATUS, CACHE_DONE, 1); 503 efuse_imr_update_irq(s); 504 } 505 506 return 0; 507} 508 509static uint64_t efuse_pgm_lock_prew(RegisterInfo *reg, uint64_t val64) 510{ 511 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(reg->opaque); 512 513 /* Ignore all other bits */ 514 val64 = FIELD_EX32(val64, EFUSE_PGM_LOCK, SPK_ID_LOCK); 515 516 /* Once the bit is written 1, only reset will clear it to 0 */ 517 val64 |= ARRAY_FIELD_EX32(s->regs, EFUSE_PGM_LOCK, SPK_ID_LOCK); 518 519 return val64; 520} 521 522static void efuse_aes_crc_postw(RegisterInfo *reg, uint64_t val64) 523{ 524 efuse_key_crc_check(reg, val64, 525 R_STATUS_AES_CRC_PASS_MASK, 526 R_STATUS_AES_CRC_DONE_MASK, 527 EFUSE_AES_KEY_START, 528 EFUSE_AES_KEY_CRC_LK_MASK); 529} 530 531static void efuse_aes_u0_crc_postw(RegisterInfo *reg, uint64_t val64) 532{ 533 efuse_key_crc_check(reg, val64, 534 R_STATUS_AES_USER_KEY_0_CRC_PASS_MASK, 535 R_STATUS_AES_USER_KEY_0_CRC_DONE_MASK, 536 EFUSE_USER_KEY_0_START, 537 EFUSE_USER_KEY_0_CRC_LK_MASK); 538} 539 540static void efuse_aes_u1_crc_postw(RegisterInfo *reg, uint64_t val64) 541{ 542 efuse_key_crc_check(reg, val64, 543 R_STATUS_AES_USER_KEY_1_CRC_PASS_MASK, 544 R_STATUS_AES_USER_KEY_1_CRC_DONE_MASK, 545 EFUSE_USER_KEY_1_START, 546 EFUSE_USER_KEY_1_CRC_LK_MASK); 547} 548 549static uint64_t efuse_wr_lock_prew(RegisterInfo *reg, uint64_t val) 550{ 551 return val != R_WR_LOCK_UNLOCK_PASSCODE; 552} 553 554static const RegisterAccessInfo efuse_ctrl_regs_info[] = { 555 { .name = "WR_LOCK", .addr = A_WR_LOCK, 556 .reset = 0x1, 557 .pre_write = efuse_wr_lock_prew, 558 },{ .name = "CFG", .addr = A_CFG, 559 .rsvd = 0x9, 560 },{ .name = "STATUS", .addr = A_STATUS, 561 .rsvd = 0x8, 562 .ro = 0xfff, 563 },{ .name = "EFUSE_PGM_ADDR", .addr = A_EFUSE_PGM_ADDR, 564 .post_write = efuse_pgm_addr_postw, 565 },{ .name = "EFUSE_RD_ADDR", .addr = A_EFUSE_RD_ADDR, 566 .rsvd = 0x1f, 567 .post_write = efuse_rd_addr_postw, 568 },{ .name = "EFUSE_RD_DATA", .addr = A_EFUSE_RD_DATA, 569 .ro = 0xffffffff, 570 },{ .name = "TPGM", .addr = A_TPGM, 571 },{ .name = "TRD", .addr = A_TRD, 572 .reset = 0x19, 573 },{ .name = "TSU_H_PS", .addr = A_TSU_H_PS, 574 .reset = 0xff, 575 },{ .name = "TSU_H_PS_CS", .addr = A_TSU_H_PS_CS, 576 .reset = 0x11, 577 },{ .name = "TRDM", .addr = A_TRDM, 578 .reset = 0x3a, 579 },{ .name = "TSU_H_CS", .addr = A_TSU_H_CS, 580 .reset = 0x16, 581 },{ .name = "EFUSE_ISR", .addr = A_EFUSE_ISR, 582 .rsvd = 0x7fff8000, 583 .w1c = 0x80007fff, 584 .post_write = efuse_isr_postw, 585 },{ .name = "EFUSE_IMR", .addr = A_EFUSE_IMR, 586 .reset = 0x80007fff, 587 .rsvd = 0x7fff8000, 588 .ro = 0xffffffff, 589 },{ .name = "EFUSE_IER", .addr = A_EFUSE_IER, 590 .rsvd = 0x7fff8000, 591 .pre_write = efuse_ier_prew, 592 },{ .name = "EFUSE_IDR", .addr = A_EFUSE_IDR, 593 .rsvd = 0x7fff8000, 594 .pre_write = efuse_idr_prew, 595 },{ .name = "EFUSE_CACHE_LOAD", .addr = A_EFUSE_CACHE_LOAD, 596 .pre_write = efuse_cache_load_prew, 597 },{ .name = "EFUSE_PGM_LOCK", .addr = A_EFUSE_PGM_LOCK, 598 .pre_write = efuse_pgm_lock_prew, 599 },{ .name = "EFUSE_AES_CRC", .addr = A_EFUSE_AES_CRC, 600 .post_write = efuse_aes_crc_postw, 601 },{ .name = "EFUSE_AES_USR_KEY0_CRC", .addr = A_EFUSE_AES_USR_KEY0_CRC, 602 .post_write = efuse_aes_u0_crc_postw, 603 },{ .name = "EFUSE_AES_USR_KEY1_CRC", .addr = A_EFUSE_AES_USR_KEY1_CRC, 604 .post_write = efuse_aes_u1_crc_postw, 605 },{ .name = "EFUSE_PD", .addr = A_EFUSE_PD, 606 .ro = 0xfffffffe, 607 },{ .name = "EFUSE_ANLG_OSC_SW_1LP", .addr = A_EFUSE_ANLG_OSC_SW_1LP, 608 },{ .name = "EFUSE_TEST_CTRL", .addr = A_EFUSE_TEST_CTRL, 609 .reset = 0x8, 610 } 611}; 612 613static void efuse_ctrl_reg_write(void *opaque, hwaddr addr, 614 uint64_t data, unsigned size) 615{ 616 RegisterInfoArray *reg_array = opaque; 617 XlnxVersalEFuseCtrl *s; 618 Object *dev; 619 620 assert(reg_array != NULL); 621 622 dev = reg_array->mem.owner; 623 assert(dev); 624 625 s = XLNX_VERSAL_EFUSE_CTRL(dev); 626 627 if (addr != A_WR_LOCK && s->regs[R_WR_LOCK]) { 628 qemu_log_mask(LOG_GUEST_ERROR, 629 "%s[reg_0x%02lx]: Attempt to write locked register.\n", 630 object_get_canonical_path(OBJECT(s)), (long)addr); 631 } else { 632 register_write_memory(opaque, addr, data, size); 633 } 634} 635 636static void efuse_ctrl_register_reset(RegisterInfo *reg) 637{ 638 if (!reg->data || !reg->access) { 639 return; 640 } 641 642 /* Reset must not trigger some registers' writers */ 643 switch (reg->access->addr) { 644 case A_EFUSE_AES_CRC: 645 case A_EFUSE_AES_USR_KEY0_CRC: 646 case A_EFUSE_AES_USR_KEY1_CRC: 647 *(uint32_t *)reg->data = reg->access->reset; 648 return; 649 } 650 651 register_reset(reg); 652} 653 654static void efuse_ctrl_reset(DeviceState *dev) 655{ 656 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev); 657 unsigned int i; 658 659 for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) { 660 efuse_ctrl_register_reset(&s->regs_info[i]); 661 } 662 663 efuse_anchor_bits_check(s); 664 efuse_data_sync(s); 665 efuse_imr_update_irq(s); 666} 667 668static const MemoryRegionOps efuse_ctrl_ops = { 669 .read = register_read_memory, 670 .write = efuse_ctrl_reg_write, 671 .endianness = DEVICE_LITTLE_ENDIAN, 672 .valid = { 673 .min_access_size = 4, 674 .max_access_size = 4, 675 }, 676}; 677 678static void efuse_ctrl_realize(DeviceState *dev, Error **errp) 679{ 680 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(dev); 681 const uint32_t lks_sz = sizeof(XlnxEFuseLkSpec) / 2; 682 683 if (!s->efuse) { 684 error_setg(errp, "%s.efuse: link property not connected to XLNX-EFUSE", 685 object_get_canonical_path(OBJECT(dev))); 686 return; 687 } 688 689 /* Sort property-defined pgm-locks for bsearch lookup */ 690 if ((s->extra_pg0_lock_n16 % lks_sz) != 0) { 691 error_setg(errp, 692 "%s.pg0-lock: array property item-count not multiple of %u", 693 object_get_canonical_path(OBJECT(dev)), lks_sz); 694 return; 695 } 696 697 efuse_lk_spec_sort(s); 698} 699 700static void efuse_ctrl_init(Object *obj) 701{ 702 XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj); 703 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 704 RegisterInfoArray *reg_array; 705 706 reg_array = 707 register_init_block32(DEVICE(obj), efuse_ctrl_regs_info, 708 ARRAY_SIZE(efuse_ctrl_regs_info), 709 s->regs_info, s->regs, 710 &efuse_ctrl_ops, 711 XLNX_VERSAL_EFUSE_CTRL_ERR_DEBUG, 712 R_MAX * 4); 713 714 sysbus_init_mmio(sbd, ®_array->mem); 715 sysbus_init_irq(sbd, &s->irq_efuse_imr); 716} 717 718static const VMStateDescription vmstate_efuse_ctrl = { 719 .name = TYPE_XLNX_VERSAL_EFUSE_CTRL, 720 .version_id = 1, 721 .minimum_version_id = 1, 722 .fields = (VMStateField[]) { 723 VMSTATE_UINT32_ARRAY(regs, XlnxVersalEFuseCtrl, R_MAX), 724 VMSTATE_END_OF_LIST(), 725 } 726}; 727 728static Property efuse_ctrl_props[] = { 729 DEFINE_PROP_LINK("efuse", 730 XlnxVersalEFuseCtrl, efuse, 731 TYPE_XLNX_EFUSE, XlnxEFuse *), 732 DEFINE_PROP_ARRAY("pg0-lock", 733 XlnxVersalEFuseCtrl, extra_pg0_lock_n16, 734 extra_pg0_lock_spec, qdev_prop_uint16, uint16_t), 735 736 DEFINE_PROP_END_OF_LIST(), 737}; 738 739static void efuse_ctrl_class_init(ObjectClass *klass, void *data) 740{ 741 DeviceClass *dc = DEVICE_CLASS(klass); 742 743 dc->reset = efuse_ctrl_reset; 744 dc->realize = efuse_ctrl_realize; 745 dc->vmsd = &vmstate_efuse_ctrl; 746 device_class_set_props(dc, efuse_ctrl_props); 747} 748 749static const TypeInfo efuse_ctrl_info = { 750 .name = TYPE_XLNX_VERSAL_EFUSE_CTRL, 751 .parent = TYPE_SYS_BUS_DEVICE, 752 .instance_size = sizeof(XlnxVersalEFuseCtrl), 753 .class_init = efuse_ctrl_class_init, 754 .instance_init = efuse_ctrl_init, 755}; 756 757static void efuse_ctrl_register_types(void) 758{ 759 type_register_static(&efuse_ctrl_info); 760} 761 762type_init(efuse_ctrl_register_types) 763 764/* 765 * Retrieve a row, with unreadable bits returned as 0. 766 */ 767uint32_t xlnx_versal_efuse_read_row(XlnxEFuse *efuse, 768 uint32_t bit, bool *denied) 769{ 770 bool dummy; 771 772 if (!denied) { 773 denied = &dummy; 774 } 775 776 if (bit >= EFUSE_RD_BLOCKED_START && bit <= EFUSE_RD_BLOCKED_END) { 777 *denied = true; 778 return 0; 779 } 780 781 *denied = false; 782 return xlnx_efuse_get_row(efuse, bit); 783}