From d0b7286e48f0a34e7e9a8db3948caf1809193430 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?=
 <vesa.jaaskelainen@vaisala.com>
Date: Fri, 29 Apr 2022 08:47:24 +0300
Subject: [PATCH] feat(zynqmp): protect eFuses from non-secure access
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

When configuration option ZYNQMP_SECURE_EFUSES is defined then Xilinx
ZynqMP's PS eFuses can only be accesses from secure state.

This enables eFuses to be reserved and protected only for security use
cases for example in OP-TEE.

Change-Id: I866905e35ce488f50f5f6e1b4667b08a9fa2386d
Signed-off-by: Vesa JÃ¤Ã¤skelÃ¤inen <vesa.jaaskelainen@vaisala.com>
---
 plat/xilinx/zynqmp/platform.mk              | 4 ++++
 plat/xilinx/zynqmp/pm_service/pm_defs.h     | 2 ++
 plat/xilinx/zynqmp/pm_service/pm_svc_main.c | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index ea8a5d1db..1f04a9517 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -60,6 +60,10 @@ ifdef IPI_CRC_CHECK
     $(eval $(call add_define,IPI_CRC_CHECK))
 endif
 
+ifdef ZYNQMP_SECURE_EFUSES
+    $(eval $(call add_define,ZYNQMP_SECURE_EFUSES))
+endif
+
 PLAT_INCLUDES		:=	-Iinclude/plat/arm/common/			\
 				-Iinclude/plat/arm/common/aarch64/		\
 				-Iplat/xilinx/common/include/			\
diff --git a/plat/xilinx/zynqmp/pm_service/pm_defs.h b/plat/xilinx/zynqmp/pm_service/pm_defs.h
index d48df5517..bf5ecfe05 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@@ -245,6 +245,7 @@ enum pm_opchar_type {
  * @PM_RET_SUCCESS:		success
  * @PM_RET_ERROR_ARGS:		illegal arguments provided (deprecated)
  * @PM_RET_ERROR_NOTSUPPORTED:	feature not supported  (deprecated)
+ * @PM_RET_ERROR_NOT_ENABLED:	feature is not enabled
  * @PM_RET_ERROR_INTERNAL:	internal error
  * @PM_RET_ERROR_CONFLICT:	conflict
  * @PM_RET_ERROR_ACCESS:	access rights violation
@@ -258,6 +259,7 @@ enum pm_ret_status {
 	PM_RET_SUCCESS,
 	PM_RET_ERROR_ARGS = 1,
 	PM_RET_ERROR_NOTSUPPORTED = 4,
+	PM_RET_ERROR_NOT_ENABLED = 29,
 	PM_RET_ERROR_INTERNAL = 2000,
 	PM_RET_ERROR_CONFLICT = 2001,
 	PM_RET_ERROR_ACCESS = 2002,
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index a136ebce5..f24387a43 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -520,6 +520,13 @@ uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
 	{
 		uint32_t value;
 
+#if defined(ZYNQMP_SECURE_EFUSES)
+		if (is_caller_non_secure(flags)) {
+			SMC_RET1(handle,
+				 (((uint64_t)PM_RET_ERROR_NOT_ENABLED) << 32) |
+				 (uint64_t)PM_RET_ERROR_ACCESS);
+		}
+#endif
 		ret = pm_efuse_access(pm_arg[0], pm_arg[1], &value);
 		SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
 	}
-- 
2.39.5