From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E1C4C433F5
	for <u-boot@archiver.kernel.org>; Thu, 17 Feb 2022 18:39:32 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 51E8D83B52;
	Thu, 17 Feb 2022 19:39:30 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=permerror header.from=nic.cz
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key; secure) header.d=nic.cz header.i=@nic.cz header.b="M2NLGf1+";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id D993583B73; Thu, 17 Feb 2022 19:39:28 +0100 (CET)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 57D0183B52
 for <u-boot@lists.denx.de>; Thu, 17 Feb 2022 19:39:25 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=permerror header.from=nic.cz
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=marek.behun@nic.cz
Received: from dellmb (unknown [IPv6:2001:1488:fffe:6:8747:7254:5571:3010])
 by mail.nic.cz (Postfix) with ESMTPSA id CD2A813FEB2;
 Thu, 17 Feb 2022 19:39:24 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default;
 t=1645123164; bh=nbBXeUFiEs0Yu+r+502ZoK+vCf+n2HrsIi/dE+N8dS0=;
 h=Date:From:To;
 b=M2NLGf1+V4h7iIUxnI3KW3aXAxmcUthrBq5cvuqxRMBRn2oj+jIV9d2z5RP4DtYFj
 c1J2A0V8H4R5lIzixKC7pzX3FtgTsEf4vzapLaIspsXEJP/Jq/+J/h65hr9VKw0eD4
 CLdUYZqGE88TxUi5k2zVUW1WV+BKS4/8+tvY1wpI=
Date: Thu, 17 Feb 2022 19:39:24 +0100
From: Marek =?UTF-8?B?QmVow7pu?= <marek.behun@nic.cz>
To: Pali =?UTF-8?B?Um9ow6Fy?= <pali@kernel.org>
Cc: Stefan Roese <sr@denx.de>, Konstantin Porotchkin <kostap@marvell.com>,
 Vladimir Vid <vladimir.vid@sartura.hr>, u-boot@lists.denx.de
Subject: Re: [PATCH u-boot-mvebu 5/5] arm: mvebu: a37xx: Add support for
 reading Security OTP values
Message-ID: <20220217193924.1824abea@dellmb>
In-Reply-To: <20220217165031.bimvdvqzs23slgxk@pali>
References: <20220217092619.1445-1-pali@kernel.org>
 <20220217092619.1445-6-pali@kernel.org>
 <20220217153110.21ed55f6@dellmb>
 <20220217165031.bimvdvqzs23slgxk@pali>
X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

On Thu, 17 Feb 2022 17:50:31 +0100
Pali Roh=C3=A1r <pali@kernel.org> wrote:

> On Thursday 17 February 2022 15:31:10 Marek Beh=C3=BAn wrote:
> > On Thu, 17 Feb 2022 10:26:19 +0100
> > Pali Roh=C3=A1r <pali@kernel.org> wrote:
> >  =20
> > > Only secure CM3 core can access Security OTP. It is not possible via =
A53 =20
> >=20
> > It is not possible for the A53 core (on which U-Boot is running) to read
> > it directly.
> >  =20
> > > core on which is running U-Boot. Marvell for this purpose defined mbo=
x API =20
> >=20
> > For this purpose Marvell defined...
> >  =20
> > > for sending OTP commands between CM and A53 cores. =20
> >                                    ^CM3
> >  =20
> > > Implement this Marvell mbox API via U-Boot fuse API. =20
> >=20
> > Implement these Marvell fuse reading mbox commands via ....
> >  =20
> > > Banks 0-43 are used for accessing Security OTP (44 rows with 67 bits =
via 44
> > > banks and words 0-2). =20
> >=20
> > Note that of the 67 bits, the 3 upper bits are: 1 lock bit and 2
> > auxiliary bits (meant for testing during the manufacture of the SOC, as
> > I understand it).
> >=20
> > Also note that the lock bit and the auxiliary bits are not readable
> > via Marvell commands.
> >=20
> > With CZ.NIC's commands the lock bit is readable.
> >  =20
> > > Write support is not implemented yet.
> > >=20
> > > Signed-off-by: Pali Roh=C3=A1r <pali@kernel.org>
> > > ---
> > >  arch/arm/mach-mvebu/armada3700/efuse.c | 40 ++++++++++++++++++++++++=
--
> > >  1 file changed, 38 insertions(+), 2 deletions(-)
> > >=20
> > > diff --git a/arch/arm/mach-mvebu/armada3700/efuse.c b/arch/arm/mach-m=
vebu/armada3700/efuse.c
> > > index 03778f17ea49..274d9c72c073 100644
> > > --- a/arch/arm/mach-mvebu/armada3700/efuse.c
> > > +++ b/arch/arm/mach-mvebu/armada3700/efuse.c
> > > @@ -8,6 +8,7 @@
> > >  #include <common.h>
> > >  #include <asm/io.h>
> > >  #include <linux/delay.h>
> > > +#include <mach/mbox.h>
> > >  #include <mach/soc.h>
> > > =20
> > >  #define OTP_NB_REG_BASE		((void __iomem *)MVEBU_REGISTER(0x12600))
> > > @@ -77,6 +78,42 @@ static void otp_read_parallel(void __iomem *base, =
u32 *data, u32 count)
> > >  	}
> > >  }
> > > =20
> > > +static int rwtm_otp_read(u8 row, u32 word, u32 *data)
> > > +{
> > > +	u32 out[3];
> > > +	u32 in[2];
> > > +	int res;
> > > +
> > > +	/*
> > > +	 * MBOX_CMD_OTP_READ_32B command is supported by Marvell fuse.bin
> > > +	 * firmware and also by new (yet unreleased) CZ.NIC wtmi firmware. =
=20
> >=20
> > Marvell's, CZ.NIC's, and drop the "(yet unreleased)", because you'll
> > need to send another patch that drops it afterwards.
> >  =20
> > > +	 * But this command does not provide access to lock bit.
> > > +	 */
> > > +	if (word < 2) {
> > > +		in[0] =3D row;
> > > +		in[1] =3D word * 32;
> > > +		res =3D mbox_do_cmd(MBOX_CMD_OTP_READ_32B, in, 2, out, 2);
> > > +		if (res !=3D -ENOSYS) {
> > > +			if (!res)
> > > +				*data =3D out[0];
> > > +			return res;
> > > +		}
> > > +		/* Fallback for old version of CZ.NIC wtmi firmware. */
> > > +	} =20
> >=20
> > I am afraid this is not correct, because Marvell's firmware reads the
> > efuse without Error Correction. So it is possible for Marvell's command
> > to return different value than CZ.NIC's command.
> >=20
> > You need to determine whether CZ.NIC's command is supported, and use it
> > if it is, otherwise use Marvell's command. Or you need to define
> > whether and when the Error Correction is supposed to be used, or
> > something. =20
>=20
> Seems that this U-Boot fuse API is low level API, so it probably would
> be better to always read without ECC correction (which is provided by
> Marvell OTP API). As ECC is stored in other bits, it is possible to read
> everything needed for ECC correction via this API.
>=20
> This could simplify patch: Lock bit read via CZ.NIC API (as there is no
> other API) and other bits read via Marvell API (which is going to be
> supported also by CZ.NIC firmware).

Ok, as long as turris_mox.c reads OTP with Error Correction, fuse can
be kept low level.

Marek

> > But doing what you are doing here can make Turris MOX boards read
> > different values. I know of at least one board where serial number or
> > MAC address needs Error Correction.
> >=20
> > Marek =20