From patchwork Tue Aug 27 14:13:04 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olliver Schinagl X-Patchwork-Id: 2850204 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 6A9549F271 for ; Tue, 27 Aug 2013 14:18:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id E07AB204C9 for ; Tue, 27 Aug 2013 14:18:05 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 14903204C4 for ; Tue, 27 Aug 2013 14:18:04 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VEK5L-00043p-9M; Tue, 27 Aug 2013 14:17:31 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VEK57-0004Xx-FR; Tue, 27 Aug 2013 14:17:17 +0000 Received: from 7of9.schinagl.nl ([88.159.158.68]) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VEK4d-0004UB-MN for linux-arm-kernel@lists.infradead.org; Tue, 27 Aug 2013 14:16:50 +0000 Received: from localhost (7of9.are-b.org [127.0.0.1]) by 7of9.schinagl.nl (Postfix) with ESMTP id E0DAA223D2; Tue, 27 Aug 2013 16:16:27 +0200 (CEST) X-Virus-Scanned: amavisd-new at schinagl.nl Received: from 7of9.schinagl.nl ([127.0.0.1]) by localhost (7of9.schinagl.nl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0_Dlp5aloQWz; Tue, 27 Aug 2013 16:16:22 +0200 (CEST) Received: from riley (unknown [10.2.0.3]) by 7of9.schinagl.nl (Postfix) with SMTP id 42057223CA; Tue, 27 Aug 2013 16:16:21 +0200 (CEST) Received: by riley (sSMTP sendmail emulation); Tue, 27 Aug 2013 16:13:08 +0200 From: oliver+list@schinagl.nl To: arnd@arndb.de, gregkh@linuxfoundation.org Subject: [PATCH 1/2] Initial support for Allwinner's Security ID fuses Date: Tue, 27 Aug 2013 16:13:04 +0200 Message-Id: <1377612785-7868-2-git-send-email-oliver+list@schinagl.nl> X-Mailer: git-send-email 1.8.1.5 In-Reply-To: <1377612785-7868-1-git-send-email-oliver+list@schinagl.nl> References: <1377612785-7868-1-git-send-email-oliver+list@schinagl.nl> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130827_101648_008965_DC523605 X-CRM114-Status: GOOD ( 25.15 ) X-Spam-Score: -4.4 (----) Cc: linux@arm.linux.org.uk, Oliver Schinagl , linus.walleij@linaro.org, linux-kernel@vger.kernel.org, tomasz.figa@gmail.com, andy.shevchenko@gmail.com, maxime.ripard@free-electrons.com, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Oliver Schinagl Allwinner has electric fuses (efuse) on their line of chips. This driver reads those fuses, seeds the kernel entropy and exports them as a sysfs node. These fuses are most likly to be programmed at the factory, encoding things like Chip ID, some sort of serial number etc and appear to be reasonable unique. While in theory, these should be writeable by the user, it will probably be inconvinient to do so. Allwinner recommends that a certain input pin, labeled 'efuse_vddq', be connected to GND. To write these fuses however, a 2.5 V programming voltage needs to be applied to this pin. Even so, they can still be used to generate a board-unique mac from, board unique RSA key and seed the kernel RNG. On sun7i additional storage is available, this is initially used for an UEFI BOOT key, Secure JTAG key, HDMI-HDCP key and vendor specific keys. Currently supported are the following known chips: Allwinner sun4i (A10) Allwinner sun5i (A10s, A13) Allwinner sun7i (A20) Signed-off-by: Oliver Schinagl --- Documentation/ABI/stable/sysfs-driver-sunxi-sid | 22 +++ .../bindings/misc/allwinner,sunxi-sid.txt | 16 ++ drivers/misc/eeprom/Kconfig | 19 +++ drivers/misc/eeprom/Makefile | 1 + drivers/misc/eeprom/sunxi_sid.c | 177 +++++++++++++++++++++ 5 files changed, 235 insertions(+) create mode 100644 Documentation/ABI/stable/sysfs-driver-sunxi-sid create mode 100644 Documentation/devicetree/bindings/misc/allwinner,sunxi-sid.txt create mode 100644 drivers/misc/eeprom/sunxi_sid.c diff --git a/Documentation/ABI/stable/sysfs-driver-sunxi-sid b/Documentation/ABI/stable/sysfs-driver-sunxi-sid new file mode 100644 index 0000000..b04ec05 --- /dev/null +++ b/Documentation/ABI/stable/sysfs-driver-sunxi-sid @@ -0,0 +1,22 @@ +What: /sys/devices/soc.0/1c23800.eeprom/eeprom +Date: August 2013 +Contact: Oliver Schinagl +Description: read-only access to the SID (Security-ID) on current + A-series SoC's from Allwinner. Currently supports A10, A10s, A13 + and A20 CPU's. The earlier A1x series of SoCs exports 16 bytes, + whereas the newer A20 SoC exposes 512 bytes split into sections. + Besides the 16 bytes of SID, there's also an SJTAG area, + HDMI-HDCP key and some custom keys. Below a quick overview, for + details see the user manual: + 0x000 128 bit root-key (sun[457]i) + 0x010 128 bit boot-key (sun7i) + 0x020 64 bit security-jtag-key (sun7i) + 0x028 16 bit key configuration (sun7i) + 0x02b 16 bit custom-vendor-key (sun7i) + 0x02c 320 bit low general key (sun7i) + 0x040 32 bit read-control access (sun7i) + 0x064 224 bit low general key (sun7i) + 0x080 2304 bit HDCP-key (sun7i) + 0x1a0 768 bit high general key (sun7i) +Users: any user space application which wants to read the SID on + Allwinner's A-series of CPU's. diff --git a/Documentation/devicetree/bindings/misc/allwinner,sunxi-sid.txt b/Documentation/devicetree/bindings/misc/allwinner,sunxi-sid.txt new file mode 100644 index 0000000..2103a44 --- /dev/null +++ b/Documentation/devicetree/bindings/misc/allwinner,sunxi-sid.txt @@ -0,0 +1,16 @@ +Allwinner sunxi-sid + +Required properties: +- compatible: "allwinner,sun4i-sid" or "allwinner,sun7i-sid". +- reg: Should contain registers location and length + +Example for sun4i: + sid@01c23800 { + compatible = "allwinner,sun4i-sid"; + reg = <0x01c23800 0x10> + }; +Example for sun7i + sid@01c23800 { + compatible = "allwinner,sun7i-sid"; + reg = <0x01c23800 0x200> + }; diff --git a/drivers/misc/eeprom/Kconfig b/drivers/misc/eeprom/Kconfig index 04f2e1f..bc6a14c 100644 --- a/drivers/misc/eeprom/Kconfig +++ b/drivers/misc/eeprom/Kconfig @@ -96,4 +96,23 @@ config EEPROM_DIGSY_MTC_CFG If unsure, say N. +config EEPROM_SUNXI_SID + tristate "Allwinner sunxi security ID support" + depends on ARCH_SUNXI && SYSFS + help + This is a driver for the 'security ID' available on various Allwinner + devices. + Currently supported are: + sun4i (A10) + sun5i (A10s, A13) + sun7i (A20) + + Due to the potential risks involved with changing e-fuses, + this driver is read-only + + For more information visit http://linux-sunxi.org/SID + + This driver can also be built as a module. If so, the module + will be called sunxi_sid. + endmenu diff --git a/drivers/misc/eeprom/Makefile b/drivers/misc/eeprom/Makefile index fc1e81d..9507aec 100644 --- a/drivers/misc/eeprom/Makefile +++ b/drivers/misc/eeprom/Makefile @@ -4,4 +4,5 @@ obj-$(CONFIG_EEPROM_LEGACY) += eeprom.o obj-$(CONFIG_EEPROM_MAX6875) += max6875.o obj-$(CONFIG_EEPROM_93CX6) += eeprom_93cx6.o obj-$(CONFIG_EEPROM_93XX46) += eeprom_93xx46.o +obj-$(CONFIG_EEPROM_SUNXI_SID) += sunxi_sid.o obj-$(CONFIG_EEPROM_DIGSY_MTC_CFG) += digsy_mtc_eeprom.o diff --git a/drivers/misc/eeprom/sunxi_sid.c b/drivers/misc/eeprom/sunxi_sid.c new file mode 100644 index 0000000..6fac205 --- /dev/null +++ b/drivers/misc/eeprom/sunxi_sid.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2013 Oliver Schinagl + * http://www.linux-sunxi.org + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * This driver exposes the Allwinner security ID, efuses exported in byte- + * sized chunks. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define DRV_NAME "sunxi-sid" + +struct sunxi_sid_data { + void __iomem *reg_base; + unsigned int keysize; +}; + +/* We read the entire key, due to a 32 bit read alignment requirement. Since we + * want to return the requested byte, this resuls in somewhat slower code and + * uses 4 times more reads as needed but keeps code simpler. Since the SID is + * only very rarly probed, this is not really an issue. + */ +static u8 sunxi_sid_read_byte(const struct sunxi_sid_data *sid_data, + const unsigned int offset) +{ + u32 sid_key; + + if (offset >= sid_data->keysize) + return 0; + + sid_key = ioread32be(sid_data->reg_base + round_down(offset, 4)); + sid_key >>= (offset % 4) * 8; + + return sid_key; /* Only return the last byte */ +} + +static ssize_t sid_read(struct file *fd, struct kobject *kobj, + struct bin_attribute *attr, char *buf, + loff_t pos, size_t size) +{ + struct platform_device *pdev; + struct sunxi_sid_data *sid_data; + int i; + + pdev = to_platform_device(kobj_to_dev(kobj)); + sid_data = platform_get_drvdata(pdev); + + if (pos < 0 || pos >= sid_data->keysize) + return 0; + if (size > sid_data->keysize - pos) + size = sid_data->keysize - pos; + + for (i = 0; i < size; i++) + buf[i] = sunxi_sid_read_byte(sid_data, pos + i); + + return i; +} + +static struct bin_attribute sid_bin_attr = { + .attr = { .name = "eeprom", .mode = S_IRUGO, }, + .read = sid_read, +}; + +static struct bin_attribute *sunxi_sid_bin_attrs[] = { + &sid_bin_attr, + NULL, +}; + +static const struct attribute_group sunxi_sid_group = { + .bin_attrs = sunxi_sid_bin_attrs, +}; + +static const struct attribute_group *sunxi_sid_groups[] = { + &sunxi_sid_group, + NULL, +}; + +static int sunxi_sid_remove(struct platform_device *pdev) +{ + struct sunxi_sid_data *sid_data; + + device_remove_bin_file(&pdev->dev, &sid_bin_attr); /* fixme */ + sid_data = platform_get_drvdata(pdev); + devm_kfree(&pdev->dev, sid_data); + dev_dbg(&pdev->dev, "driver unloaded\n"); + + return 0; +} + +static const struct of_device_id sunxi_sid_of_match[] = { + { .compatible = "allwinner,sun4i-sid", .data = (void *)16}, + { .compatible = "allwinner,sun7i-sid", .data = (void *)512}, + {/* sentinel */}, +}; +MODULE_DEVICE_TABLE(of, sunxi_sid_of_match); + +static int __init sunxi_sid_probe(struct platform_device *pdev) +{ + struct sunxi_sid_data *sid_data; + struct resource *res; + const struct of_device_id *of_dev_id; + u8 *entropy; + unsigned int i; + + sid_data = devm_kzalloc(&pdev->dev, sizeof(struct sunxi_sid_data), + GFP_KERNEL); + if (!sid_data) + return -ENOMEM; + + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); + sid_data->reg_base = devm_ioremap_resource(&pdev->dev, res); + if (IS_ERR(sid_data->reg_base)) + return PTR_ERR(sid_data->reg_base); + + of_dev_id = of_match_device(sunxi_sid_of_match, &pdev->dev); + if (!of_dev_id) + return -ENODEV; + sid_data->keysize = (int)of_dev_id->data; + + platform_set_drvdata(pdev, sid_data); + + sid_bin_attr.size = sid_data->keysize; /* ugly */ + if (device_create_bin_file(&pdev->dev, &sid_bin_attr)) /* fixme */ + return -ENODEV; + + entropy = kzalloc(sizeof(u8) * sid_data->keysize, GFP_KERNEL); + for (i = 0; i < sid_data->keysize; i++) + entropy[i] = sunxi_sid_read_byte(sid_data, i); + add_device_randomness(entropy, sid_data->keysize); + kfree(entropy); + + dev_dbg(&pdev->dev, "loaded\n"); + + return 0; +} + +static struct platform_driver sunxi_sid_driver = { + .probe = sunxi_sid_probe, + .remove = sunxi_sid_remove, + .driver = { + .name = DRV_NAME, + .owner = THIS_MODULE, + .of_match_table = sunxi_sid_of_match, + /* .groups = sunxi_sid_groups, proper way */ + }, +}; +module_platform_driver(sunxi_sid_driver); + +MODULE_AUTHOR("Oliver Schinagl "); +MODULE_DESCRIPTION("Allwinner sunxi security id driver"); +MODULE_LICENSE("GPL");