From: Paul Barker <paul.barker@sancloud.com>
To: shiva.linuxworks@gmail.com, tudor.ambarus@microchip.com,
michael@walle.cc, p.yadav@ti.com, miquel.raynal@bootlin.com,
richard@nod.at, vigneshr@ti.com
Cc: linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
Shivamurthy Shastri <sshivamurthy@micron.com>
Subject: Re: [PATCH 1/4] mtd: spi-nor: micron-st: add advanced protection and security features
Date: Mon, 6 Dec 2021 10:49:05 +0000 [thread overview]
Message-ID: <461a63f9-49ae-7b6c-0a46-b46fd0a4e023@sancloud.com> (raw)
In-Reply-To: <20211027103352.8879-2-sshivamurthy@micron.com>
[-- Attachment #1.1.1.1: Type: text/plain, Size: 11380 bytes --]
On 27/10/2021 11:33, shiva.linuxworks@gmail.com wrote:
> From: Shivamurthy Shastri <sshivamurthy@micron.com>
>
> Micron SPI NOR flashes are enabled with advanced sector protection
> features, using volatile lock bits, non-volatile lock bits, global
> freeze bits and password.
>
> Advanced sector protection and security features offers additional
> levels of protection against accidentally corrupting code and data
> stored, and it also prevents malicious attacks that could intentionally
> modify or corrupt the code or data stored.
>
> Signed-off-by: Shivamurthy Shastri <sshivamurthy@micron.com>
> ---
> drivers/mtd/spi-nor/core.h | 20 +++
> drivers/mtd/spi-nor/micron-st.c | 238 ++++++++++++++++++++++++++++++++
> 2 files changed, 258 insertions(+)
>
> diff --git a/drivers/mtd/spi-nor/core.h b/drivers/mtd/spi-nor/core.h
> index 3348e1dd1445..f6890973cb4a 100644
> --- a/drivers/mtd/spi-nor/core.h
> +++ b/drivers/mtd/spi-nor/core.h
> @@ -187,6 +187,24 @@ struct spi_nor_locking_ops {
> int (*is_locked)(struct spi_nor *nor, loff_t ofs, uint64_t len);
> };
>
> +struct spi_nor_sec_ops {
> + int (*secure_read)(struct spi_nor *nor, size_t len, u8 *buf);
> + int (*secure_write)(struct spi_nor *nor, size_t len, u8 *buf);
> + int (*read_nvlock_bits)(struct spi_nor *nor, u32 addr, size_t len,
> + u8 *buf);
> + int (*read_vlock_bits)(struct spi_nor *nor, u32 addr, size_t len,
> + u8 *buf);
> + int (*read_global_freeze_bits)(struct spi_nor *nor, size_t len,
> + u8 *buf);
> + int (*read_password)(struct spi_nor *nor, size_t len, u8 *buf);
> + int (*write_global_freeze_bits)(struct spi_nor *nor, size_t len,
> + u8 *buf);
> + int (*write_vlock_bits)(struct spi_nor *nor, u32 addr, size_t len,
> + u8 *buf);
> + int (*write_nvlock_bits)(struct spi_nor *nor, u32 addr);
> + int (*erase_nvlock_bits)(struct spi_nor *nor);
> +};
> +
> /**
> * struct spi_nor_otp_organization - Structure to describe the SPI NOR OTP regions
> * @len: size of one OTP region in bytes.
> @@ -285,6 +303,8 @@ struct spi_nor_flash_parameter {
> int (*setup)(struct spi_nor *nor, const struct spi_nor_hwcaps *hwcaps);
>
> const struct spi_nor_locking_ops *locking_ops;
> +
> + const struct spi_nor_sec_ops *sec_ops;
> };
The changes to the common spi-nor structs used by multiple drivers
should be broken out into a separate patch from the changes to the
micron-st driver.
>
> /**
> diff --git a/drivers/mtd/spi-nor/micron-st.c b/drivers/mtd/spi-nor/micron-st.c
> index c224e59820a1..b5d82e85fb92 100644
> --- a/drivers/mtd/spi-nor/micron-st.c
> +++ b/drivers/mtd/spi-nor/micron-st.c
> @@ -16,6 +16,23 @@
> #define SPINOR_MT_OCT_DTR 0xe7 /* Enable Octal DTR. */
> #define SPINOR_MT_EXSPI 0xff /* Enable Extended SPI (default) */
>
> +#define AUTHENTA_ID 0x8c
> +#define AUTHENTA_ID_BYTE 0x05
> +
> +#define SPINOR_OP_SECURE_READ 0x96
> +#define SPINOR_OP_SECURE_WRITE 0x9b
> +
> +#define SPINOR_OP_RD_VOL_LOCK_BITS 0xe8
> +#define SPINOR_OP_WR_VOL_LOCK_BITS 0xe5
> +#define SPINOR_OP_RD_NV_LOCK_BITS 0xe2
> +#define SPINOR_OP_WR_NV_LOCK_BITS 0xe3
> +#define SPINOR_OP_ER_NV_LOCK_BITS 0xe4
> +
> +#define SPINOR_OP_RD_GLOBAL_FREEZE_BITS 0xa7
> +#define SPINOR_OP_WR_GLOBAL_FREEZE_BITS 0xa6
> +
> +#define SPINOR_OP_RD_PASSWORD 0x27
> +
> static int spi_nor_micron_octal_dtr_enable(struct spi_nor *nor, bool enable)
> {
> struct spi_mem_op op;
> @@ -247,12 +264,233 @@ static int st_micron_set_4byte_addr_mode(struct spi_nor *nor, bool enable)
> return spi_nor_write_disable(nor);
> }
>
> +/**
> + * authenta_secure_read() - read the secure packet from authenta SPI NOR
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @len: number of bytes to read
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_secure_read(struct spi_nor *nor, size_t len, u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_SECURE_READ, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_DUMMY(1, 1),
> + SPI_MEM_OP_DATA_IN(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_secure_write() - write the secure packet to authenta SPI NOR
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @len: number of bytes to be written
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_secure_write(struct spi_nor *nor, size_t len, u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_SECURE_WRITE, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_OUT(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_read_vlock_bits() - read the volatile lock bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @addr: address for volatile lock bits
> + * @len: number of bytes to read
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_read_vlock_bits(struct spi_nor *nor, u32 addr,
> + size_t len, u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_RD_VOL_LOCK_BITS, 1),
> + SPI_MEM_OP_ADDR(nor->addr_width, addr, 1),
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_IN(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_write_vlock_bits() - write data to the volatile lock bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @addr: address for volatile lock bits
> + * @len: number of bytes to be written
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_write_vlock_bits(struct spi_nor *nor, u32 addr, size_t len,
> + u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_WR_VOL_LOCK_BITS, 1),
> + SPI_MEM_OP_ADDR(nor->addr_width, addr, 1),
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_OUT(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_read_nvlock_bits() - read the non-volatile lock bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @addr: address for non-volatile lock bits
> + * @len: number of bytes to be written
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_read_nvlock_bits(struct spi_nor *nor, u32 addr,
> + size_t len, u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_RD_NV_LOCK_BITS, 1),
> + SPI_MEM_OP_ADDR(nor->addr_width, addr, 1),
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_IN(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_write_nvlock_bits() - write to the non-volatile lock bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @addr: address for non-volatile lock bits
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_write_nvlock_bits(struct spi_nor *nor, u32 addr)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_WR_NV_LOCK_BITS, 1),
> + SPI_MEM_OP_ADDR(nor->addr_width, addr, 1),
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_NO_DATA);
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_erase_nvlock_bits() - erase the non-volatile lock bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_erase_nvlock_bits(struct spi_nor *nor)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_ER_NV_LOCK_BITS, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_NO_DATA);
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_read_global_freeze_bits() - read the global freeze bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @len: number of bytes to read
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_read_global_freeze_bits(struct spi_nor *nor, size_t len,
> + u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_RD_GLOBAL_FREEZE_BITS, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_IN(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_write_global_freeze_bits() - write data to the global freeze bits
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @len: number of bytes to be written
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_write_global_freeze_bits(struct spi_nor *nor, size_t len,
> + u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_WR_GLOBAL_FREEZE_BITS, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_OUT(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +/**
> + * authenta_read_password() - read the password
> + *
> + * @nor: pointer to 'struct spi_nor'
> + * @len: number of bytes to read
> + * @buf: pointer to dst buffer
> + *
> + * Return: 0 in case of success, a negative error code otherwise.
> + */
> +static int authenta_read_password(struct spi_nor *nor, size_t len, u8 *buf)
> +{
> + struct spi_mem_op op =
> + SPI_MEM_OP(SPI_MEM_OP_CMD(SPINOR_OP_RD_PASSWORD, 1),
> + SPI_MEM_OP_NO_ADDR,
> + SPI_MEM_OP_NO_DUMMY,
> + SPI_MEM_OP_DATA_IN(len, buf, 1));
> +
> + return spi_mem_exec_op(nor->spimem, &op);
> +}
> +
> +static const struct spi_nor_sec_ops authenta_ops = {
> + .secure_read = authenta_secure_read,
> + .secure_write = authenta_secure_write,
> + .read_vlock_bits = authenta_read_vlock_bits,
> + .write_vlock_bits = authenta_write_vlock_bits,
> + .read_nvlock_bits = authenta_read_nvlock_bits,
> + .write_nvlock_bits = authenta_write_nvlock_bits,
> + .erase_nvlock_bits = authenta_erase_nvlock_bits,
> + .read_global_freeze_bits = authenta_read_global_freeze_bits,
> + .write_global_freeze_bits = authenta_write_global_freeze_bits,
> + .read_password = authenta_read_password,
> +};
> +
> static void micron_st_default_init(struct spi_nor *nor)
> {
> nor->flags |= SNOR_F_HAS_LOCK;
> nor->flags &= ~SNOR_F_HAS_16BIT_SR;
> nor->params->quad_enable = NULL;
> nor->params->set_4byte_addr_mode = st_micron_set_4byte_addr_mode;
> +
> + if (nor->info->id[AUTHENTA_ID_BYTE] == AUTHENTA_ID)
> + nor->params->sec_ops = &authenta_ops;
> }
>
> static const struct spi_nor_fixups micron_st_fixups = {
>
Thanks,
--
Paul Barker
Principal Software Engineer
SanCloud Ltd
e: paul.barker@sancloud.com
w: https://sancloud.co.uk/
[-- Attachment #1.1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7643 bytes --]
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]
[-- Attachment #2: Type: text/plain, Size: 144 bytes --]
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2021-12-06 10:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 10:33 [PATCH 0/4] enabling Advanced protection and security features shiva.linuxworks
2021-10-27 10:33 ` [PATCH 1/4] mtd: spi-nor: micron-st: add advanced " shiva.linuxworks
2021-11-08 15:43 ` Michael Walle
2021-12-06 10:49 ` Paul Barker [this message]
2021-10-27 10:33 ` [PATCH 2/4] mtd: spi-nor: add advanced protection and security features support shiva.linuxworks
2021-10-27 21:00 ` kernel test robot
2021-10-27 23:01 ` kernel test robot
2021-10-28 4:43 ` kernel test robot
2021-12-06 11:03 ` Paul Barker
2021-10-27 10:33 ` [PATCH 3/4] mtd: add advanced protection and security ioctls shiva.linuxworks
2021-12-06 10:42 ` Paul Barker
2021-12-06 11:13 ` Paul Barker
2021-10-27 10:33 ` [PATCH 4/4] mtd: spi-nor: micron-st: add mt25qu128abb and mt25ql128abb shiva.linuxworks
2021-12-06 11:05 ` Paul Barker
2021-10-27 10:54 ` [PATCH 0/4] enabling Advanced protection and security features Richard Weinberger
2021-11-08 15:06 ` [EXT] " Shivamurthy Shastri (sshivamurthy)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=461a63f9-49ae-7b6c-0a46-b46fd0a4e023@sancloud.com \
--to=paul.barker@sancloud.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=michael@walle.cc \
--cc=miquel.raynal@bootlin.com \
--cc=p.yadav@ti.com \
--cc=richard@nod.at \
--cc=shiva.linuxworks@gmail.com \
--cc=sshivamurthy@micron.com \
--cc=tudor.ambarus@microchip.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox