Re: [PATCH v1 5/7] nvmem: regmap: Implement protect operation using regmap_seal

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

From: Sascha Hauer <s.hauer@pengutronix.de>
To: Oleksij Rempel <o.rempel@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH v1 5/7] nvmem: regmap: Implement protect operation using regmap_seal
Date: Mon, 2 Jun 2025 11:57:51 +0200	[thread overview]
Message-ID: <aD11nyDMePysqzgE@pengutronix.de> (raw)
In-Reply-To: <20250530114106.1009454-6-o.rempel@pengutronix.de>

On Fri, May 30, 2025 at 01:41:04PM +0200, Oleksij Rempel wrote:
> Implement the NVMEM 'protect' operation for devices registered via
> regmap. This adds a new static function, nvmem_regmap_protect, which
> acts as an adapter between the NVMEM core's reg_protect callback
> and the recently added regmap_seal() API.
> 
> The nvmem_regmap_protect function:
>   - Translates the NVMEM 'prot' parameter (0 for unprotect, 1 for
>     protect) into the corresponding REGMAP_SEAL_CLEAR |
>     REGMAP_SEAL_WRITE_PROTECT or REGMAP_SEAL_WRITE_PROTECT |
>     REGMAP_SEAL_PERMANENT flags for the regmap_seal() call.
>   - Enforces that the NVMEM operation's offset and size are aligned
>     to the regmap's value byte size (obtained via
>     regmap_get_val_bytes()).
>   - Iterates over the specified byte range, calling regmap_seal() for
>     each underlying hardware word.
> 
> By assigning nvmem_regmap_protect to config.reg_protect within
> nvmem_regmap_register_with_pp, NVMEM devices that are backed by a
> regmap can now expose hardware-level protection capabilities. This
> is essential for drivers like the STM32 BSEC (in a subsequent patch)
> to enable features such as OTP (One-Time Programmable) memory locking
> through the standard NVMEM 'protect' cdev operation, provided their
> underlying regmap_bus implements the necessary reg_seal method.
> 
> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
> ---
>  drivers/nvmem/regmap.c | 65 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 65 insertions(+)
> 
> diff --git a/drivers/nvmem/regmap.c b/drivers/nvmem/regmap.c
> index 24712fbb0f33..681cdf313e71 100644
> --- a/drivers/nvmem/regmap.c
> +++ b/drivers/nvmem/regmap.c
> @@ -63,6 +63,70 @@ static int nvmem_regmap_read(void *ctx, unsigned offset, void *buf, size_t bytes
>  	return 0;
>  }
>  
> +static int nvmem_regmap_protect(void *ctx, unsigned int offset, size_t bytes,
> +				int prot)
> +{
> +	unsigned int seal_flags = 0;
> +	struct regmap *map = ctx;
> +	size_t reg_val_bytes;
> +	unsigned int i;
> +	int ret = 0;
> +
> +	reg_val_bytes = regmap_get_val_bytes(map);
> +	if (reg_val_bytes == 0) {
> +		dev_err(regmap_get_device(map), "Invalid regmap value byte size (0)\n");
> +		return -EINVAL;
> +	}
> +
> +	/* NVMEM protect operations should typically be on aligned boundaries
> +	 * matching the hardware's lockable unit (which is regmap's val_bytes
> +	 * here).
> +	 */
> +	if ((offset % reg_val_bytes) != 0 || (bytes % reg_val_bytes) != 0) {
> +		dev_warn(regmap_get_device(map),
> +			 "NVMEM protect op for regmap: offset (0x%x) or size (0x%zx) not aligned to register size (%zu bytes).\n",
> +			 offset, bytes, reg_val_bytes);
> +		return -EINVAL;
> +	}
> +
> +	switch (prot) {
> +	case NVMEM_PROTECT_ENABLE_WRITE:
> +		/* NVMEM protect mode 0 = Unlock/Make-writable
> +		 * Attempt to clear write protection.
> +		 * The underlying bus->reg_seal must support clearing.
> +		 * For BSEC OTPs, this will (and should) fail with -EOPNOTSUPP
> +		 * or -EPERM.
> +		 */
> +		seal_flags = REGMAP_SEAL_CLEAR | REGMAP_SEAL_WRITE_PROTECT;
> +		break;
> +	case NVMEM_PROTECT_DISABLE_WRITE:
> +		/* NVMEM protect mode 1 = Lock/Write-protect */
> +		/* For OTPs like BSEC, permanent is implied */
> +		seal_flags = REGMAP_SEAL_WRITE_PROTECT | REGMAP_SEAL_PERMANENT;
> +		break;
> +	default:
> +		dev_warn(regmap_get_device(map), "Unsupported NVMEM protect mode: %d\n",
> +			 prot);
> +		return -EOPNOTSUPP;
> +	}
> +
> +	for (i = 0; i < bytes; i += reg_val_bytes) {
> +		unsigned int current_reg_offset = offset + i;
> +
> +		ret = regmap_seal(map, current_reg_offset, seal_flags);
> +		if (ret) {
> +			dev_err(regmap_get_device(map), "regmap_seal failed for offset 0x%x: %pe\n",
> +				current_reg_offset, ERR_PTR(ret));
> +			/* No error handling for partial failures, we messed up
> +			 * the HW state and can't recover.
> +			 */
> +			return ret;
> +		}
> +	}

The i.MX OCOTP offers write protection for fuses as well. AFAIR
there are single fuses for protecting a whole range of fuses, so to
support this we would have to pass the full range down to the driver
instead of separating the range into registers here.

I never looked at the i.MX OCOTP locking capabilities very closely, so
it could be that even passing a range is not good enough to make this
implementable for the OCOTP. We might want to have a look into this
before deciding if we want to implement protect for the drivers based on
single registers.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

next prev parent reply	other threads:[~2025-06-02  9:58 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-30 11:40 [PATCH v1 0/7] NVMEM: Introduce write protection support Oleksij Rempel
2025-05-30 11:41 ` [PATCH v1 1/7] nvmem: Add 'protect' operation to core framework Oleksij Rempel
2025-06-02  9:04   ` Sascha Hauer
2025-05-30 11:41 ` [PATCH v1 2/7] nvmem: rmem: add write and protect support Oleksij Rempel
2025-06-02  9:33   ` Sascha Hauer
2025-05-30 11:41 ` [PATCH v1 3/7] commands: nvmem: Add support for creating dynamic rmem devices Oleksij Rempel
2025-06-02  9:41   ` Sascha Hauer
2025-05-30 11:41 ` [PATCH v1 4/7] regmap: Add reg_seal operation for hardware protection Oleksij Rempel
2025-06-02  9:47   ` Sascha Hauer
2025-05-30 11:41 ` [PATCH v1 5/7] nvmem: regmap: Implement protect operation using regmap_seal Oleksij Rempel
2025-06-02  9:57   ` Sascha Hauer [this message]
2025-06-05  4:40     ` Oleksij Rempel
2025-05-30 11:41 ` [PATCH v1 6/7] nvmem: bsec: Implement NVMEM protect via regmap_seal for OTP locking Oleksij Rempel
2025-05-30 11:41 ` [PATCH v1 7/7] nvmem: rmem: Use unique device name for NVMEM registration Oleksij Rempel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aD11nyDMePysqzgE@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=o.rempel@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox