Difference between revisions of "NVMEM overview"

[checked revision] [quality revision]
m (LDE review)
(Clarify and simplify upper OTP management description, with a redirection to specific page.)

SUMMARY

This article introduces how NVMEM Linux® framework manages BSEC OTP data and how to read/write from/to it.

1 Framework purpose[edit]

The NVMEM Linux® framework provides a generic interface for the device non-volatile memory data such as:

  • OTP (one-time programmable) fuses
  • EEPROM

It offers kernel space and user space interfaces to read and/or write data such as analog calibration data or MAC address.

2 System overview[edit]

NVMEM sysfs interface NVMEM consumers interface BSEC internal peripheral
NVMEM system overview
Template:WarningImageMapOverlay

2.1 Component description[edit]

  • NVMEM user (user space)

The user can use the NVMEM sysfs interface, from a user terminal or a custom application, to read/write data from/to NVMEM device(s) from user space.

  • NVMEM user (kernel space)

User drivers can use the NVMEM API to read/write data from/to NVMEM device(s) from kernel space (such as the analog calibration data used by an ADC driver).

  • NVMEM framework (kernel space)

The NVMEM core provides sysfs interface and NVMEM API. They can be used to implement NVMEM user and NVMEM controller drivers.

  • NVMEM drivers (kernel space)

Provider drivers such as BSEC Linux® driver that exposes OTP data to the core.

  • NVMEM hardware

NVMEM controller(s) such as the BSEC internal peripheral[1]

2.2 API description[edit]

The NVMEM kernel documentation[2] describes:

  • Kernel space API for NVMEM providers and NVMEM consumers.
  • Userspace binary interface (sysfs).

See also sysfs-bus-nvmem[3] ABI documentation.

3 Configuration[edit]

3.1 Kernel configuration[edit]

Activate NVMEM framework in the kernel configuration through the Linux® menuconfig tool, Menuconfig or how to configure kernel (CONFIG_NVMEM=y):

Device Drivers  --->
   [*] NVMEM Support  --->
      <*>   STMicroelectronics STM32 factory-programmed memory support

3.2 Device tree configuration[edit]

The NVMEM data device tree bindings[4] describe:

  • The location of non-volatile memory data
  • The NVMEM data providers
  • The NVMEM data consumers

The BSEC internal peripheral[1] device tree bindings are explained in BSEC device tree configuration article.

4 How to use the framework[edit]

4.1 How to use NVMEM with sysfs interface[edit]

4.1.1 How to list NVMEM devices[edit]

The available NVMEM devices can be listed in sysfs:

# Example to list nvmem devices
 ls /sys/bus/nvmem/devices/
stm32-romem0

The data content of an NVMEM device can be dumped to a binary file, and then displayed.

4.1.2 How to read BSEC lower OTPs using NVMEM[edit]

The 32 lower OTPs can be read from non-secure when using either:

  • the trusted boot chain (using TF-A)
  • the basic boot chain (using U-Boot SPL)
# Example to read lower nvmem data content
 dd if=/sys/bus/nvmem/devices/stm32-romem0/nvmem of=/tmp/file bs=4 count=32
# Example to display nvmem data content
 hexdump -C -v /tmp/file

4.1.3 How to read BSEC upper OTPs using NVMEM[edit]

Info white.png Information
Only the 32 lower OTPs can be accessed when using the basic boot chain, as it doesn't implement secure services (CONFIG_HAVE_ARM_SMCCC).

4.1.3 How to read BSEC upper OTPs using NVMEM[edit]

The upper OTPs can only be accessed by using secure services:

when using
So this section concerns only the trusted boot chain (using TF-A) as SMC feature is available.
when the target OTP(s) has been marked as "st,non-secure-otp" in the TF-A device tree (as

Default behavior for upper OTPS is normally restricted to security. If user needs more than the 32 lower OTPs, there is an exception management explained in BSEC device tree configuration

) from STM32MP15-Ecosystem-v1

.

1.0.


  • when the target OTP(s) has been marked with status="okay" in the TF-A device tree (as explained in BSEC device tree configuration) up to STM32MP15-Ecosystem-v1.0.0

It is then possible to access to some upper NVMEM information.

# Example to read the MAC address from upper OTP area, using secure services:
 dd if=/sys/bus/nvmem/devices/stm32-romem0/nvmem of=/tmp/file skip=57 bs=4 count=2 status=none
 hexdump -C -v /tmp/file
Info white.png Information
A dedicated chapter of the reference manual describes the OTP mapping.

4.1.4 How to write BSEC OTPs using NVMEM[edit]

Warning white.png Warning
The below examples show how to write data to an NVMEM device. This may cause unrecoverable damage to the STM32 device (for example when writing to an OTP area)
Info white.png Information
Note that lower OTPs are using 2:1 redundancy, so they can be written bit per bit, whereas upper OTPs only support one time 32-bit programming.

Whatever the boot chain, the full lower NVMEM data content can be written as follows (if we suppose it has been previously read as described above, and updated directly in /tmp/file):

# Example to write lower nvmem data content
 dd if=/tmp/file of=/sys/bus/nvmem/devices/stm32-romem0/nvmem bs=4 count=32

Only on Trusted boot chain, and under the condition the device tree authorizes it, an upper NVMEM data can be written.
Example of 32-bit data word writing (filling it with ones) in OTP n°95:

# Create a 4 bytes length file filled with ones, e.g. 0xffffffff)
# Then, write it (32-bits, e.g. 4bytes) to OTP data 95
 dd if=/dev/zero count=1 bs=4 | tr '\000' '\377' > file
 dd if=file bs=4 seek=95 of=/sys/bus/nvmem/devices/stm32-romem0/nvmem
Info white.png Information
When a new OTP value has been written using this SYSFS interface, it may be necessary to reboot the board before reading it back. The OTP value can't be read directly after a write because the OTP value is read in a shadow area not directly in the OTP area.

5 How to trace and debug the framework[edit]

5.1 How to trace[edit]

Ftrace can be used to trace the NVMEM framework:

 cd /sys/kernel/debug/tracing
 cat available_filter_functions | grep nvmem             # Show available filter functions
rtc_nvmem_register
rtc_nvmem_unregister
nvmem_reg_read
bin_attr_nvmem_read
...

Enable the kernel function tracer, then start using nvmem and display the result:

 echo function > current_tracer
 echo "*nvmem*" > set_ftrace_filter                      # Trace all nvmem filter functions
 echo 1 > tracing_on                                     # start ftrace
 hexdump -C -v /sys/bus/nvmem/devices/stm32-romem0/nvmem # dump nvmem
00000000  17 00 00 00 01 80 00 00  00 00 00 00 00 00 00 00  |................|
...
 echo 0 > tracing_on                                     # stop ftrace
 cat trace
# tracer: function
#
#                              _-----=> irqs-off
#                             / _----=> need-resched
#                            | / _---=> hardirq/softirq
#                            || / _--=> preempt-depth
#                            ||| /     delay
#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
#              | |       |   ||||       |         |
         hexdump-478   [000] ....   423.502278: bin_attr_nvmem_read <-sysfs_kf_bin_read
         hexdump-478   [000] ....   423.502290: nvmem_reg_read <-bin_attr_nvmem_read
         hexdump-478   [000] ....   423.515804: bin_attr_nvmem_read <-sysfs_kf_bin_read

6 References[edit]

  1. 1.01.1 BSEC internal peripheral
  2. Documentation/nvmem/nvmem.txt , NVMEM subsytem kernel documentation
  3. Documentation/ABI/stable/sysfs-bus-nvmem , NVMEM ABI documentation
  4. Documentation/devicetree/bindings/nvmem/nvmem.txt , NVMEM data device tree bindings


Template:ArticleMainWriter Template:ReviewersList Template:ArticleApprovedVersion

'''SUMMARY '''<br>

This article introduces how NVMEM Linux<sup>&reg;</sup> framework manages BSEC OTP data and how to read/write from/to it.<p>


==Framework purpose==
The NVMEM Linux<sup>&reg;</sup> framework provides a generic interface for the device '''non-volatile memory data''' such as:
* OTP (one-time programmable) fuses
* EEPROM
It offers kernel space and user space interfaces to read and/or write data such as analog calibration data or MAC address.

==System overview==
{{
ImageMap|Image:NVMEM_overview.png {{!}} thumb {{!}} 800px {{!}} center{{!}} NVMEM system overview <br/> {{WarningImageMapOverlay}}
rect 400 232 500 272 [[NVMEM_overview#API description|NVMEM sysfs interface]]
rect 612 335 752 368 [[NVMEM_overview#API description|NVMEM consumers interface]]
rect 478 563 599 605 [[BSEC internal peripheral]]
}}
===Component description===
* '''NVMEM user''' (user space)
The user can use the NVMEM sysfs interface, from a user terminal or a custom application, to read/write data from/to NVMEM device(s) from user space.
* '''NVMEM user''' (kernel space)
User drivers can use the NVMEM API to read/write data from/to NVMEM device(s) from kernel space (such as the analog calibration data used by an ADC driver).
* '''NVMEM framework''' (kernel space)
The NVMEM core provides sysfs interface and NVMEM API. They can be used to implement NVMEM user and NVMEM controller drivers.
* '''NVMEM drivers''' (kernel space)
Provider drivers such as BSEC Linux<sup>&reg;</sup> driver that exposes OTP data to the core.
* '''NVMEM hardware'''
NVMEM controller(s) such as the ''BSEC internal peripheral''<ref name="BSEC internal peripheral">[[BSEC internal peripheral]]</ref>


===API description===
The NVMEM kernel documentation<ref name="documentation_nvmem">{{CodeSource | Linux kernel |  Documentation/nvmem/nvmem.txt}}, NVMEM subsytem kernel documentation</ref> describes:
* Kernel space API for NVMEM '''providers''' and NVMEM '''consumers'''.
* Userspace binary interface (sysfs).
See also ''sysfs-bus-nvmem''<ref name="nvmem_abi">{{CodeSource | Linux kernel | Documentation/ABI/stable/sysfs-bus-nvmem}}, NVMEM ABI documentation</ref> ABI documentation.

==Configuration==
===Kernel configuration===
Activate NVMEM framework in the kernel configuration through the Linux<sup>&reg;</sup> menuconfig tool, [[Menuconfig or how to configure kernel | Menuconfig or how to configure kernel ]] (CONFIG_NVMEM=y):
 Device Drivers  --->
    [*] NVMEM Support  ---><*>   STMicroelectronics STM32 factory-programmed memory support

===Device tree configuration===
The NVMEM data device tree bindings<ref name="nvmem dt bindings">{{CodeSource | Linux kernel | Documentation/devicetree/bindings/nvmem/nvmem.txt}}, NVMEM data device tree bindings</ref> describe:
* The location of non-volatile memory data
* The NVMEM data providers
* The NVMEM data consumers
The ''BSEC internal peripheral''<ref name="BSEC internal peripheral"/> device tree bindings are explained in [[BSEC device tree configuration]] article.

==How to use the framework==
===How to use NVMEM with sysfs interface===
====How to list NVMEM devices====
The available NVMEM devices can be listed in sysfs:
 # {{highlight|Example to '''list''' nvmem devices}}
 {{Board$}} ls /sys/bus/nvmem/devices/
 stm32-romem0
The data content of an NVMEM device can be dumped to a binary file, and then displayed.
====How to read BSEC lower OTPs using NVMEM====
The '''32 lower OTPs''' can be read from non-secure when using either:<br/>

* the trusted boot chain (using [[TF-A overview|TF-A]])
* the basic boot chain (using [[U-Boot_overview#SPL:_FSBL_for_basic_boot|U-Boot SPL]])
 # {{highlight|Example to '''read''' lower nvmem data content}}
 {{Board$}} dd if=/sys/bus/nvmem/devices/stm32-romem0/nvmem of=/tmp/file bs=4 count=32
 # {{highlight|Example to '''display''' nvmem data content}}
 {{Board$}} hexdump -C -v /tmp/file

====How to read BSEC upper OTPs using NVMEM===={{Info|Only the 32 lower OTPs can be accessed when using the basic boot chain, as it doesn't implement secure services (CONFIG_HAVE_ARM_SMCCC).}}
{{ReviewsComments| LDE: W1939: I think there is no need for this note, Only OTP 32 lower are accessible by non secure in a standard use case.}}
====How to read BSEC upper OTPs using NVMEM====
{{ReviewsComments| LDE: W1939: Maybe add a note here that it is just an extension if needed more than the 32 lower, the default behavior for Upper is normally restricted to security.}}
The '''upper OTPs''' can only be accessed by using secure services:<br/>

* when using  So this section concerns only the trusted boot chain (using [[TF-A overview|TF-A]]) as SMC feature is available.
<div class="mw-collapsible mw-collapsed">

* when the target OTP(s) has been marked as '''"st,non-secure-otp"''' in the TF-A device tree (as explained in [[BSEC device tree configuration]]) from STM32MP15-Ecosystem-v1.1.0.<div class="mw-collapsible-content">

* when the target OTP(s) has been marked with '''status="okay"''' in the TF-A device tree (as }}

Default behavior for upper OTPS is normally restricted to security. If user needs more than the 32 lower OTPs, there is an exception management explained in [[BSEC device tree configuration]]) up to STM32MP15-Ecosystem-v1.0.0</div></div>
.<br/> 

It is then possible to access to some upper NVMEM information.
 # {{highlight|Example to read the MAC address from upper OTP area, using secure services:}}
 {{Board$}} dd if=/sys/bus/nvmem/devices/stm32-romem0/nvmem of=/tmp/file skip=57 bs=4 count=2 status=none
 {{Board$}} hexdump -C -v /tmp/file

{{Info|A dedicated chapter of the [[STM32MP15 resources|reference manual]] describes the OTP mapping.}}
====How to write BSEC OTPs using NVMEM====
{{Warning|The below examples show how to write data to an NVMEM device. This may cause unrecoverable damage to the STM32 device (for example when writing to an OTP area)}}

{{ReviewsComments| LDE: W1939: Could be useful to remind that OTP lowerInfo| Note that lower OTPs are using 2:1 redundancy, so they can be written bit/ per bit where, whereas upper areOTPs only support one time 32bit32-bit programming. }}

Whatever the boot chain, the full lower NVMEM data content can be written as follows (if we suppose it has been previously read as  described above, and updated directly in /tmp/file):
 # {{highlight|Example to '''write''' lower nvmem data content}}
 {{Board$}} dd if=/tmp/file of=/sys/bus/nvmem/devices/stm32-romem0/nvmem bs=4 count=32

Only on Trusted boot chain, and under the condition the device tree authorizes it, an upper NVMEM data can be written.<br/> 

Example of 32-bit data word writing (filling it with ones) in OTP n°95:
 # Create a 4 bytes length file filled with ones, e.g. 0xffffffff)
 # Then, write it (32-bits, e.g. 4bytes) to OTP data 95
 {{Board$}} dd if=/dev/zero count=1 bs=4 | tr '\000' '\377' > file
 {{Board$}} dd if=file bs=4 seek=95 of=/sys/bus/nvmem/devices/stm32-romem0/nvmem

{{Info|When a new OTP value has been written using this SYSFS interface, it may be necessary to reboot the board before reading it back.  The OTP value can't be read directly after a write because the OTP value is read in a shadow area not directly in the OTP area.}}

==How to trace and debug the framework==
===How to trace===
[[Ftrace]] can be used to trace the NVMEM framework:
 {{Board$}} cd /sys/kernel/debug/tracing
 {{Board$}} cat available_filter_functions | grep nvmem             # Show available filter functions
 rtc_nvmem_register
 rtc_nvmem_unregister
 nvmem_reg_read
 bin_attr_nvmem_read
 ...
Enable the kernel function tracer, then start using nvmem and display the result:
 {{Board$}} echo function > current_tracer
 {{Board$}} echo "*nvmem*" > set_ftrace_filter                      # Trace all nvmem filter functions
 {{Board$}} echo 1 > tracing_on                                     # start ftrace
 {{Board$}} hexdump -C -v /sys/bus/nvmem/devices/stm32-romem0/nvmem # dump nvmem
 00000000  17 00 00 00 01 80 00 00  00 00 00 00 00 00 00 00  |................|
 ...
 {{Board$}} echo 0 > tracing_on                                     # stop ftrace
 {{Board$}} cat trace
 # tracer: function
 #
 #                              _-----=> irqs-off
 #                             / _----=> need-resched
 #                            | / _---=> hardirq/softirq
 #                            || / _--=> preempt-depth
 #                            ||| /     delay
 #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
 #              | |       |   ||||       |         |
          hexdump-478   [000] ....   423.502278: bin_attr_nvmem_read <-sysfs_kf_bin_read
          hexdump-478   [000] ....   423.502290: nvmem_reg_read <-bin_attr_nvmem_read
          hexdump-478   [000] ....   423.515804: bin_attr_nvmem_read <-sysfs_kf_bin_read

==References==
<references />
<noinclude>

{{ArticleBasedOnModel | [[Contributors:Framework_overview_article_model]]}}
{{ArticleMainWriter | FabriceG}}
{{ReviewersList | FabriceG, LionelD}}
{{ArticleApprovedVersion | FabriceG | LionelD | No previous approved version | AnneJ - 21Jan'19 - 10397 | 21Jan'19}}
[[Category:Persistent storage]]</noinclude>
Line 55: Line 55:
 
  stm32-romem0
 
  stm32-romem0
 
The data content of an NVMEM device can be dumped to a binary file, and then displayed.
 
The data content of an NVMEM device can be dumped to a binary file, and then displayed.
  +
 
====How to read BSEC lower OTPs using NVMEM====
 
====How to read BSEC lower OTPs using NVMEM====
 
The '''32 lower OTPs''' can be read from non-secure when using either:<br/>
 
The '''32 lower OTPs''' can be read from non-secure when using either:<br/>
Line 63: Line 64:
 
  # {{highlight|Example to '''display''' nvmem data content}}
 
  # {{highlight|Example to '''display''' nvmem data content}}
 
  {{Board$}} hexdump -C -v /tmp/file
 
  {{Board$}} hexdump -C -v /tmp/file
{{Info|Only the 32 lower OTPs can be accessed when using the basic boot chain, as it doesn't implement secure services (CONFIG_HAVE_ARM_SMCCC).}}
+
 
{{ReviewsComments| LDE: W1939: I think there is no need for this note, Only OTP 32 lower are accessible by non secure in a standard use case.}}
 
 
====How to read BSEC upper OTPs using NVMEM====
 
====How to read BSEC upper OTPs using NVMEM====
{{ReviewsComments| LDE: W1939: Maybe add a note here that it is just an extension if needed more than the 32 lower, the default behavior for Upper is normally restricted to security.}}
+
{{Info|Only the 32 lower OTPs can be accessed when using the basic boot chain, as it doesn't implement secure services (CONFIG_HAVE_ARM_SMCCC). So this section concerns only the trusted boot chain (using [[TF-A overview|TF-A]]) as SMC feature is available.}}
The '''upper OTPs''' can only be accessed by using secure services:<br/>
+
 
* when using the trusted boot chain (using [[TF-A overview|TF-A]]) as SMC feature is available.
+
Default behavior for upper OTPS is normally restricted to security. If user needs more than the 32 lower OTPs, there is an exception management explained in [[BSEC device tree configuration]].<br/>  
<div class="mw-collapsible mw-collapsed">
+
 
* when the target OTP(s) has been marked as '''"st,non-secure-otp"''' in the TF-A device tree (as explained in [[BSEC device tree configuration]]) from STM32MP15-Ecosystem-v1.1.0.
 
<div class="mw-collapsible-content">
 
* when the target OTP(s) has been marked with '''status="okay"''' in the TF-A device tree (as explained in [[BSEC device tree configuration]]) up to STM32MP15-Ecosystem-v1.0.0
 
</div></div>
 
 
It is then possible to access to some upper NVMEM information.
 
It is then possible to access to some upper NVMEM information.
 
  # {{highlight|Example to read the MAC address from upper OTP area, using secure services:}}
 
  # {{highlight|Example to read the MAC address from upper OTP area, using secure services:}}
Line 83: Line 79:
 
{{Warning|The below examples show how to write data to an NVMEM device. This may cause unrecoverable damage to the STM32 device (for example when writing to an OTP area)}}
 
{{Warning|The below examples show how to write data to an NVMEM device. This may cause unrecoverable damage to the STM32 device (for example when writing to an OTP area)}}
   
{{ReviewsComments| LDE: W1939: Could be useful to remind that OTP lower can be written bit/bit where upper are only one time 32bit programming.}}
+
{{Info| Note that lower OTPs are using 2:1 redundancy, so they can be written bit per bit, whereas upper OTPs only support one time 32-bit programming. }}
   
 
Whatever the boot chain, the full lower NVMEM data content can be written as follows (if we suppose it has been previously read as  described above, and updated directly in /tmp/file):
 
Whatever the boot chain, the full lower NVMEM data content can be written as follows (if we suppose it has been previously read as  described above, and updated directly in /tmp/file):