1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2021-2025, STMicroelectronics
4 */
5
6 #include <crypto/crypto.h>
7 #include <drivers/clk.h>
8 #include <drivers/clk_dt.h>
9 #include <drivers/gpio.h>
10 #include <drivers/stm32_gpio.h>
11 #include <drivers/stm32_rif.h>
12 #include <drivers/stm32_rtc.h>
13 #include <drivers/stm32mp_dt_bindings.h>
14 #include <io.h>
15 #include <kernel/dt.h>
16 #include <kernel/dt_driver.h>
17 #include <kernel/interrupt.h>
18 #include <libfdt.h>
19 #include <mm/core_memprot.h>
20 #include <stdbool.h>
21 #include <stm32_util.h>
22
23 /* STM32 Registers */
24 #define _TAMP_CR1 0x00U
25 #define _TAMP_CR2 0x04U
26 #define _TAMP_CR3 0x08U
27 #define _TAMP_FLTCR 0x0CU
28 #define _TAMP_ATCR1 0x10U
29 #define _TAMP_ATSEEDR 0x14U
30 #define _TAMP_ATOR 0x18U
31 #define _TAMP_ATCR2 0x1CU
32 #define _TAMP_SECCFGR 0x20U
33 #define _TAMP_SMCR 0x20U
34 #define _TAMP_PRIVCFGR 0x24U
35 #define _TAMP_IER 0x2CU
36 #define _TAMP_SR 0x30U
37 #define _TAMP_MISR 0x34U
38 #define _TAMP_SMISR 0x38U
39 #define _TAMP_SCR 0x3CU
40 #define _TAMP_COUNTR 0x40U
41 #define _TAMP_COUNT2R 0x44U
42 #define _TAMP_OR 0x50U
43 #define _TAMP_ERCFGR 0X54U
44 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U))
45 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x))
46 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U))
47 #define _TAMP_HWCFGR2 0x3ECU
48 #define _TAMP_HWCFGR1 0x3F0U
49 #define _TAMP_VERR 0x3F4U
50 #define _TAMP_IPIDR 0x3F8U
51 #define _TAMP_SIDR 0x3FCU
52
53 /* _TAMP_SECCFGR bit fields */
54 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0)
55 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U
56 #define _TAMP_SECCFGR_CNT2SEC BIT(14)
57 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U
58 #define _TAMP_SECCFGR_CNT1SEC BIT(15)
59 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U
60 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16)
61 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U
62 #define _TAMP_SECCFGR_BHKLOCK BIT(30)
63 #define _TAMP_SECCFGR_TAMPSEC BIT(31)
64 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U
65 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \
66 GENMASK_32(15, 14))
67 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0)
68 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1)
69 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2)
70
71 /* _TAMP_SMCR bit fields */
72 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0)
73 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U
74 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16)
75 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U
76 #define _TAMP_SMCR_DPROT BIT(31)
77 /*
78 * _TAMP_PRIVCFGR bit fields
79 */
80 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14)
81 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15)
82 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29)
83 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30)
84 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31)
85 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \
86 GENMASK_32(15, 14))
87 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0)
88 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1)
89 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2)
90
91 /* _TAMP_PRIVCFGR bit fields */
92 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14)
93 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15)
94 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29)
95 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30)
96 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31)
97 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \
98 GENMASK_32(15, 14))
99
100 /*_TAMP_CR1 bit fields */
101 #define _TAMP_CR1_ITAMP(id) BIT((id) - INT_TAMP1 + U(16))
102 #define _TAMP_CR1_ETAMP(id) BIT((id) - EXT_TAMP1)
103
104 /* _TAMP_CR2 bit fields */
105 #define _TAMP_CR2_ETAMPTRG(id) BIT((id) - EXT_TAMP1 + U(24))
106 #define _TAMP_CR2_BKERASE BIT(23)
107 #define _TAMP_CR2_BKBLOCK BIT(22)
108 #define _TAMP_CR2_ETAMPMSK_MAX_ID 3U
109 #define _TAMP_CR2_ETAMPMSK(id) BIT((id) - EXT_TAMP1 + U(16))
110 #define _TAMP_CR2_ETAMPNOER(id) BIT((id) - EXT_TAMP1)
111
112 /* _TAMP_CR3 bit fields */
113 #define _TAMP_CR3_ITAMPNOER_ALL GENMASK_32(12, 0)
114 #define _TAMP_CR3_ITAMPNOER(id) BIT((id) - INT_TAMP1)
115
116 /* _TAMP_FLTCR bit fields */
117 #define _TAMP_FLTCR_TAMPFREQ_MASK GENMASK_32(2, 0)
118 #define _TAMP_FLTCR_TAMPFREQ_SHIFT 0U
119 #define _TAMP_FLTCR_TAMPFLT_MASK GENMASK_32(4, 3)
120 #define _TAMP_FLTCR_TAMPFLT_SHIFT U(3)
121 #define _TAMP_FLTCR_TAMPPRCH_MASK GENMASK_32(6, 5)
122 #define _TAMP_FLTCR_TAMPPRCH_SHIFT 5U
123 #define _TAMP_FLTCR_TAMPPUDIS BIT(7)
124
125 /* _TAMP_ATCR bit fields */
126 #define _TAMP_ATCR1_ATCKSEL_MASK GENMASK_32(19, 16)
127 #define _TAMP_ATCR1_ATCKSEL_SHIFT 16U
128 #define _TAMP_ATCR1_ATPER_MASK GENMASK_32(26, 24)
129 #define _TAMP_ATCR1_ATPER_SHIFT 24U
130 #define _TAMP_ATCR1_ATOSHARE BIT(30)
131 #define _TAMP_ATCR1_FLTEN BIT(31)
132 #define _TAMP_ATCR1_COMMON_MASK GENMASK_32(31, 16)
133 #define _TAMP_ATCR1_ETAMPAM(id) BIT((id) - EXT_TAMP1)
134 #define _TAMP_ATCR1_ATOSEL_MASK(id) \
135 ({ \
136 typeof(id) _id = (id); \
137 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 2 + 7, \
138 ((_id) - EXT_TAMP1) * 2 + 8); \
139 })
140
141 #define _TAMP_ATCR1_ATOSEL(id, od) \
142 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 2 + 8)
143
144 /* _TAMP_ATCR2 bit fields */
145 #define _TAMP_ATCR2_ATOSEL_MASK(id) \
146 ({ \
147 typeof(id) _id = (id); \
148 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 3 + 7, \
149 ((_id) - EXT_TAMP1) * 3 + 8); \
150 })
151
152 #define _TAMP_ATCR2_ATOSEL(id, od) \
153 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 3 + 8)
154
155 /* _TAMP_ATOR bit fields */
156 #define _TAMP_PRNG GENMASK_32(7, 0)
157 #define _TAMP_SEEDF BIT(14)
158 #define _TAMP_INITS BIT(15)
159
160 /* _TAMP_IER bit fields */
161 #define _TAMP_IER_ITAMP(id) BIT((id) - INT_TAMP1 + U(16))
162 #define _TAMP_IER_ETAMP(id) BIT((id) - EXT_TAMP1)
163
164 /* _TAMP_SR bit fields */
165 #define _TAMP_SR_ETAMPXF_MASK GENMASK_32(7, 0)
166 #define _TAMP_SR_ITAMPXF_MASK GENMASK_32(31, 16)
167 #define _TAMP_SR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16))
168 #define _TAMP_SR_ETAMP(id) BIT((id) - EXT_TAMP1)
169
170 /* _TAMP_SCR bit fields */
171 #define _TAMP_SCR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16))
172 #define _TAMP_SCR_ETAMP(id) BIT((id) - EXT_TAMP1)
173
174 /* _TAMP_OR bit fields */
175 #define _TAMP_OR_STM32MP13_IN1RMP_PF10 0U
176 #define _TAMP_OR_STM32MP13_IN1RMP_PC13 BIT(0)
177 #define _TAMP_OR_STM32MP13_IN2RMP_PA6 0U
178 #define _TAMP_OR_STM32MP13_IN2RMP_PI1 BIT(1)
179 #define _TAMP_OR_STM32MP13_IN3RMP_PC0 0U
180 #define _TAMP_OR_STM32MP13_IN3RMP_PI2 BIT(2)
181 #define _TAMP_OR_STM32MP13_IN4RMP_PG8 0U
182 #define _TAMP_OR_STM32MP13_IN4RMP_PI3 BIT(3)
183
184 /* For STM32MP15x, _TAMP_CFGR is _TAMP_OR */
185 #define _TAMP_OR_STM32MP15_OUT3RMP_PI8 0U
186 #define _TAMP_OR_STM32MP15_OUT3RMP_PC13 BIT(0)
187
188 #define _TAMP_STM32MP21_OR_IN1RMP_PC4 0U
189 #define _TAMP_STM32MP21_OR_IN1RMP_PI8 BIT(0)
190
191 #define _TAMP_OR_STM32MP25_IN1RMP_PC4 0U
192 #define _TAMP_OR_STM32MP25_IN1RMP_PI8 BIT(0)
193 #define _TAMP_OR_STM32MP25_IN3RMP_PC3 0U
194 #define _TAMP_OR_STM32MP25_IN3RMP_PZ2 BIT(1)
195 #define _TAMP_OR_STM32MP25_IN5RMP_PF6 0U
196 #define _TAMP_OR_STM32MP25_IN5RMP_PZ4 BIT(2)
197
198 /* _TAMP_HWCFGR2 bit fields */
199 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8)
200 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0)
201
202 /* _TAMP_HWCFGR1 bit fields */
203 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0)
204 #define _TAMP_HWCFGR1_TAMPER_SHIFT 8U
205 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8)
206 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12)
207 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16)
208 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U
209 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U)
210
211 /* _TAMP_VERR bit fields */
212 #define _TAMP_VERR_MINREV GENMASK_32(3, 0)
213 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4)
214
215 /*
216 * CIDCFGR register bitfields
217 */
218 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4)
219 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \
220 _CIDCFGR_SEMEN | \
221 _TAMP_CIDCFGR_SCID_MASK)
222
223 /* _TAMP_BKPRIFR */
224 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0)
225 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0)
226 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0))
227 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U
228
229 /*
230 * RIF miscellaneous
231 */
232 #define TAMP_NB_BKPR_ZONES 3U
233 #define TAMP_RIF_RESOURCES 3U
234 #define TAMP_RIF_OFFSET_CNT 4U
235
236 /*
237 * Compatibility capabilities
238 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR
239 * register
240 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register
241 * TAMP_HAS_RIF_SUPPORT - Supports RIF
242 */
243 #define TAMP_HAS_REGISTER_SECCFGR BIT(0)
244 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1)
245 #define TAMP_HAS_REGISTER_ERCFGR BIT(2)
246 #define TAMP_HAS_REGISTER_ATCR2 BIT(3)
247 #define TAMP_HAS_REGISTER_CR3 BIT(4)
248 #define TAMP_HAS_CR2_SECRET_STATUS BIT(5)
249 #define TAMP_SIZE_ATCR1_ATCKSEL_IS_4 BIT(7)
250 #define TAMP_HAS_RIF_SUPPORT BIT(31)
251
252 /* Tamper event modes */
253 #define TAMP_ERASE 0x0U
254 #define TAMP_NOERASE BIT(1)
255 #define TAMP_NO_EVT_MASK 0x0U
256 #define TAMP_EVT_MASK BIT(2)
257 #define TAMP_MODE_MASK GENMASK_32(15, 0)
258
259 /* Callback return bitmask values */
260 #define TAMP_CB_ACK BIT(0)
261 #define TAMP_CB_RESET BIT(1)
262 #define TAMP_CB_ACK_AND_RESET (TAMP_CB_RESET | TAMP_CB_ACK)
263
264 #define SEED_TIMEOUT_US 1000U
265
266 /* Define TAMPER modes from DT */
267 #define TAMP_TRIG_ON BIT(16)
268 #define TAMP_ACTIVE BIT(17)
269 #define TAMP_IN_DT BIT(18)
270
271 enum stm32_tamp_id {
272 INT_TAMP1 = 0,
273 INT_TAMP2,
274 INT_TAMP3,
275 INT_TAMP4,
276 INT_TAMP5,
277 INT_TAMP6,
278 INT_TAMP7,
279 INT_TAMP8,
280 INT_TAMP9,
281 INT_TAMP10,
282 INT_TAMP11,
283 INT_TAMP12,
284 INT_TAMP13,
285 INT_TAMP14,
286 INT_TAMP15,
287 INT_TAMP16,
288
289 EXT_TAMP1,
290 EXT_TAMP2,
291 EXT_TAMP3,
292 EXT_TAMP4,
293 EXT_TAMP5,
294 EXT_TAMP6,
295 EXT_TAMP7,
296 EXT_TAMP8,
297
298 LAST_TAMP,
299 INVALID_TAMP = 0xFFFF,
300 };
301
302 enum stm32_tamp_out_id {
303 OUT_TAMP1 = LAST_TAMP,
304 OUT_TAMP2,
305 OUT_TAMP3,
306 OUT_TAMP4,
307 OUT_TAMP5,
308 OUT_TAMP6,
309 OUT_TAMP7,
310 OUT_TAMP8,
311 INVALID_OUT_TAMP = INVALID_TAMP
312 };
313
314 /**
315 * struct stm32_tamp_pin_map - Tamper pin map
316 *
317 * @id: Identifier of the tamper
318 * @conf: Internal mux configuration of the pin present in the TAMP block
319 * @bank: GPIO pin bank
320 * @pin: GPIO number in the bank
321 * @out: True if pin is used for tamper output
322 */
323 struct stm32_tamp_pin_map {
324 uint32_t id;
325 uint32_t conf;
326 uint8_t bank;
327 uint8_t pin;
328 bool out;
329 };
330
331 /**
332 * struct stm32_tamp_tamper_data - Tamper data
333 *
334 * @id: Identifier of the tamper
335 * @out_id: Identifier of the output tamper, tamper in active mode
336 * @mode: Mode of the tamper
337 * @func: Tamper callback in case of tamper event
338 */
339 struct stm32_tamp_tamper_data {
340 uint32_t id;
341 uint32_t out_id;
342 uint32_t mode;
343 uint32_t (*func)(int id);
344 };
345
346 /**
347 * struct stm32_tamp_compat - TAMP compatible data
348 *
349 * @ext_tamp: List of available external tampers
350 * @int_tamp: List of available internal tampers
351 * @pin_map: List of hardware mapped of pins supporting tamper event detection
352 * @nb_monotonic_counter: Number of monotic counter supported
353 * @ext_tamp_size: Size of @ext_tamp
354 * @int_tamp_size: Size of @int_tamp
355 * @pin_map_size: Size of pin_map
356 * @tags: Bit flags TAMP_HAS_* for compatibility management
357 */
358 struct stm32_tamp_compat {
359 struct stm32_tamp_tamper_data *ext_tamp;
360 struct stm32_tamp_tamper_data *int_tamp;
361 const struct stm32_tamp_pin_map *pin_map;
362 int nb_monotonic_counter;
363 uint32_t ext_tamp_size;
364 uint32_t int_tamp_size;
365 uint32_t pin_map_size;
366 uint32_t tags;
367 };
368
369 /*
370 * struct stm32_bkpregs_conf - Backup registers zone bounds
371 * @zone1_end - Number of backup registers in zone 1
372 * @zone2_end - Number of backup registers in zone 2 + zone 1
373 * @rif_offsets - RIF offsets used for CID compartments
374 *
375 * TAMP backup registers access permissions
376 *
377 * Zone 1: read/write in secure state, no access in non-secure state
378 * Zone 2: read/write in secure state, read-only in non-secure state
379 * Zone 3: read/write in secure state, read/write in non-secure state
380 *
381 * Protection zone 1
382 * If zone1_end == 0 no backup register are in zone 1.
383 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1,
384 * with <x> = (@zone1_end - 1).
385 *
386 * Protection zone 2
387 * If zone2_end == 0 no backup register are in zone 2 and zone 1.
388 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2,
389 * with <y> = @zone1_end and <z> = (@zone2_end - 1).
390 *
391 * Protection zone 3
392 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3,
393 * with <t> = (@zone2_end - 1).
394 *
395 * When RIF is supported, each zone can be subdivided to restrain accesses to
396 * some CIDs.
397 */
398 struct stm32_bkpregs_conf {
399 uint32_t zone1_end;
400 uint32_t zone2_end;
401 uint32_t *rif_offsets;
402 };
403
404 /**
405 * struct stm32_tamp_platdata - TAMP platform data
406 * @base: IOMEM base address
407 * @bkpregs_conf: TAMP backup register configuration reference
408 * @compat: Reference to compat data passed at driver initialization
409 * @conf_data: RIF configuration data
410 * @clock: TAMP clock
411 * @itr: TAMP interrupt handler
412 * @nb_rif_resources: Number of RIF resources
413 * @passive_conf: Passive tampers configuration
414 * @active_conf: Active tampers configuration
415 * @pins_conf: Configuration of mapped pins for tampers
416 * @out_pins: Output pins for passive tampers
417 * @is_wakeup_source: True if a tamper event is a wakeup source
418 * @is_tdcid: True if current processor is TDCID
419 */
420 struct stm32_tamp_platdata {
421 struct io_pa_va base;
422 struct stm32_bkpregs_conf bkpregs_conf;
423 struct stm32_tamp_compat *compat;
424 struct rif_conf_data *conf_data;
425 struct clk *clock;
426 struct itr_handler *itr;
427 unsigned int nb_rif_resources;
428 uint32_t passive_conf;
429 uint32_t active_conf;
430 uint32_t pins_conf;
431 uint32_t out_pins;
432 bool is_wakeup_source;
433 bool is_tdcid;
434 };
435
436 /**
437 * struct stm32_tamp_instance - TAMP instance data
438 * @pdata: TAMP platform data
439 * @hwconf1: Copy of TAMP HWCONF1 register content
440 * @hwconf2: Copy of TAMP HWCONF2 register content
441 */
442 struct stm32_tamp_instance {
443 struct stm32_tamp_platdata pdata;
444 uint32_t hwconf1;
445 uint32_t hwconf2;
446 };
447
448 #define GPIO_BANK(port) ((port) - 'A')
449
450 #if defined(CFG_STM32MP13)
451 static const char * const itamper_name[] = {
452 [INT_TAMP1] = "Backup domain voltage threshold monitoring",
453 [INT_TAMP2] = "Temperature monitoring",
454 [INT_TAMP3] = "LSE monitoring",
455 [INT_TAMP4] = "HSE monitoring",
456 [INT_TAMP5] = "RTC Calendar overflow",
457 [INT_TAMP6] = "JTAG SWD access",
458 [INT_TAMP7] = "ADC2 analog watchdog monitoring 1",
459 [INT_TAMP8] = "Monotonic counter 1",
460 [INT_TAMP9] = "Cryptographic perpipheral fault",
461 [INT_TAMP10] = "Monotonic counter 2",
462 [INT_TAMP11] = "IWDG1 reset",
463 [INT_TAMP12] = "ADC2 analog watchdog monitoring 2",
464 [INT_TAMP13] = "ADC2 analog watchdog monitoring 3",
465 };
466
467 static struct stm32_tamp_tamper_data int_tamp_mp13[] = {
468 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 },
469 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 },
470 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 },
471 { .id = INT_TAMP10 }, { .id = INT_TAMP11 },
472 { .id = INT_TAMP12 }, { .id = INT_TAMP13 },
473 };
474
475 static struct stm32_tamp_tamper_data ext_tamp_mp13[] = {
476 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 },
477 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 },
478 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 },
479 };
480
481 static const struct stm32_tamp_pin_map pin_map_mp13[] = {
482 {
483 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13,
484 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PC13,
485 },
486 {
487 .id = EXT_TAMP1, .bank = GPIO_BANK('F'), .pin = 10,
488 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PF10,
489 },
490 {
491 .id = EXT_TAMP2, .bank = GPIO_BANK('A'), .pin = 6,
492 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PA6,
493 },
494 {
495 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 1,
496 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PI1,
497 },
498 {
499 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 0,
500 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PC0,
501 },
502 {
503 .id = EXT_TAMP3, .bank = GPIO_BANK('I'), .pin = 2,
504 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PI2,
505 },
506 {
507 .id = EXT_TAMP4, .bank = GPIO_BANK('G'), .pin = 8,
508 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PG8,
509 },
510 {
511 .id = EXT_TAMP4, .bank = GPIO_BANK('I'), .pin = 3,
512 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PI3,
513 },
514 };
515 #endif
516
517 #if defined(CFG_STM32MP15)
518 static const char * const itamper_name[] = {
519 [INT_TAMP1] = "RTC power domain",
520 [INT_TAMP2] = "Temperature monitoring",
521 [INT_TAMP3] = "LSE monitoring",
522 [INT_TAMP5] = "RTC Calendar overflow",
523 [INT_TAMP8] = "Monotonic counter",
524 };
525 DECLARE_KEEP_PAGER(itamper_name);
526
527 static struct stm32_tamp_tamper_data int_tamp_mp15[] = {
528 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 },
529 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP8 },
530 };
531
532 static struct stm32_tamp_tamper_data ext_tamp_mp15[] = {
533 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 },
534 };
535
536 static const struct stm32_tamp_pin_map pin_map_mp15[] = {
537 {
538 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13,
539 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8,
540 },
541 {
542 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 8,
543 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8,
544 },
545 {
546 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 1,
547 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8,
548 },
549 {
550 .id = OUT_TAMP2, .bank = GPIO_BANK('C'), .pin = 13,
551 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8,
552 },
553 {
554 .id = OUT_TAMP3, .bank = GPIO_BANK('C'), .pin = 13,
555 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PC13,
556 },
557 {
558 .id = OUT_TAMP3, .bank = GPIO_BANK('I'), .pin = 8,
559 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8,
560 },
561 };
562 #endif
563
564 #if defined(CFG_STM32MP21)
565 static const char * const itamper_name[] = {
566 [INT_TAMP1] = "Backup domain voltage threshold monitoring",
567 [INT_TAMP2] = "Temperature monitoring",
568 [INT_TAMP3] = "LSE monitoring",
569 [INT_TAMP4] = "HSE monitoring",
570 [INT_TAMP5] = "RTC Calendar overflow",
571 [INT_TAMP6] = "JTAG TAP access in secured-closed",
572 [INT_TAMP7] = "ADC2 analog watchdog monitoring1",
573 [INT_TAMP8] = "Monotonic counter 1 overflow",
574 [INT_TAMP9] = "Cryptographic peripherals fault",
575 [INT_TAMP10] = "Monotonic counter 2 overflow",
576 [INT_TAMP11] = "IWDG3 reset",
577 [INT_TAMP12] = "ADC2 analog watchdog monitoring2",
578 [INT_TAMP13] = "ADC2 analog watchdog monitoring3",
579 [INT_TAMP14] = "RIFSC or BSEC or DBGMCU fault",
580 [INT_TAMP15] = "IWDG1_reset",
581 [INT_TAMP16] = "BOOTROM fault",
582 };
583
584 static struct stm32_tamp_tamper_data int_tamp_mp21[] = {
585 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 },
586 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 },
587 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 },
588 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, { .id = INT_TAMP12 },
589 { .id = INT_TAMP13 }, { .id = INT_TAMP14 }, { .id = INT_TAMP15 },
590 { .id = INT_TAMP16 },
591 };
592
593 static struct stm32_tamp_tamper_data ext_tamp_mp21[] = {
594 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 },
595 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 },
596 { .id = EXT_TAMP7 },
597 };
598
599 static const struct stm32_tamp_pin_map pin_map_mp21[] = {
600 {
601 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8,
602 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PI8,
603 },
604 {
605 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4,
606 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PC4,
607 },
608 };
609 #endif
610
611 #if defined(CFG_STM32MP25) || defined(CFG_STM32MP23)
612 static const char * const itamper_name[] = {
613 [INT_TAMP1] = "Backup domain voltage threshold monitoring",
614 [INT_TAMP2] = "Temperature monitoring",
615 [INT_TAMP3] = "LSE monitoring",
616 [INT_TAMP4] = "HSE monitoring",
617 [INT_TAMP5] = "RTC Calendar overflow",
618 [INT_TAMP6] = "JTAG/SWD access",
619 [INT_TAMP7] = "VDDCORE monitoring under/over voltage",
620 [INT_TAMP8] = "Monotonic counter 1 overflow",
621 [INT_TAMP9] = "Cryptographic peripherals fault",
622 [INT_TAMP10] = "Monotonic counter 2 overflow",
623 [INT_TAMP11] = "IWDG3 reset",
624 [INT_TAMP12] = "VDDCPU monitoring under/over voltage",
625 [INT_TAMP14] = "IWDG5_reset",
626 [INT_TAMP15] = "IWDG1_reset",
627 };
628
629 static struct stm32_tamp_tamper_data int_tamp_mp25[] = {
630 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 },
631 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 },
632 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 },
633 { .id = INT_TAMP10 }, { .id = INT_TAMP11 },
634 { .id = INT_TAMP12 }, { .id = INT_TAMP14 },
635 { .id = INT_TAMP15 },
636 };
637
638 #ifdef CFG_STM32MP25
639 static struct stm32_tamp_tamper_data ext_tamp_mp25[] = {
640 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 },
641 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 },
642 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 },
643 };
644 #else
645 static struct stm32_tamp_tamper_data ext_tamp_mp23[] = {
646 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 },
647 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 },
648 { .id = EXT_TAMP7 },
649 };
650 #endif
651
652 static const struct stm32_tamp_pin_map pin_map_mp25[] = {
653 {
654 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8,
655 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PI8,
656 },
657 {
658 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4,
659 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PC4,
660 },
661 {
662 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 3,
663 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PC3,
664 },
665 {
666 .id = EXT_TAMP3, .bank = GPIO_BANK('Z'), .pin = 2,
667 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PZ2,
668 },
669 {
670 .id = EXT_TAMP5, .bank = GPIO_BANK('F'), .pin = 6,
671 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PF6,
672 },
673 {
674 .id = EXT_TAMP5, .bank = GPIO_BANK('Z'), .pin = 4,
675 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PZ4,
676 },
677 };
678 #endif
679
680 /* Expects at most a single instance */
681 static struct stm32_tamp_instance *stm32_tamp_dev;
682
get_base(void)683 static vaddr_t get_base(void)
684 {
685 assert(stm32_tamp_dev && stm32_tamp_dev->pdata.base.pa);
686
687 return io_pa_or_va_secure(&stm32_tamp_dev->pdata.base, 1);
688 }
689
apply_rif_config(void)690 static void apply_rif_config(void)
691 {
692 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data;
693 uint32_t access_mask_priv_reg = 0;
694 uint32_t access_mask_sec_reg = 0;
695 vaddr_t base = get_base();
696 uint32_t privcfgr = 0;
697 uint32_t seccfgr = 0;
698 unsigned int i = 0;
699
700 if (!stm32_tamp_dev->pdata.conf_data)
701 return;
702
703 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */
704 for (i = 0; i < TAMP_RIF_RESOURCES; i++) {
705 if (BIT(i) & rif_conf->access_mask[0]) {
706 switch (i) {
707 case 0:
708 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC;
709 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV;
710 break;
711 case 1:
712 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC;
713 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV;
714 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV;
715 break;
716 case 2:
717 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC;
718 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV;
719 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV;
720 break;
721 default:
722 panic();
723 }
724 }
725 }
726
727 /*
728 * When TDCID, OP-TEE should be the one to set the CID filtering
729 * configuration. Clearing previous configuration prevents
730 * undesired events during the only legitimate configuration.
731 */
732 if (stm32_tamp_dev->pdata.is_tdcid) {
733 for (i = 0; i < TAMP_RIF_RESOURCES; i++)
734 if (BIT(i) & rif_conf->access_mask[0])
735 io_clrbits32(base + _TAMP_CIDCFGR(i),
736 _TAMP_CIDCFGR_CONF_MASK);
737 }
738
739 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC)
740 seccfgr |= _TAMP_SECCFGR_TAMPSEC;
741 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1)
742 seccfgr |= _TAMP_SECCFGR_CNT1SEC;
743 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2)
744 seccfgr |= _TAMP_SECCFGR_CNT2SEC;
745
746 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV)
747 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV;
748 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1)
749 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV;
750 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2)
751 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV;
752
753 /* Security and privilege RIF configuration */
754 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr);
755 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr);
756
757 if (!stm32_tamp_dev->pdata.is_tdcid)
758 return;
759
760 for (i = 0; i < TAMP_RIF_RESOURCES; i++) {
761 if (!(BIT(i) & rif_conf->access_mask[0]))
762 continue;
763
764 io_clrsetbits32(base + _TAMP_CIDCFGR(i),
765 _TAMP_CIDCFGR_CONF_MASK,
766 rif_conf->cid_confs[i]);
767 }
768 }
769
stm32_tamp_apply_bkpr_rif_conf(void)770 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void)
771 {
772 struct stm32_bkpregs_conf *bkpregs_conf =
773 &stm32_tamp_dev->pdata.bkpregs_conf;
774 vaddr_t base = get_base();
775 unsigned int i = 0;
776
777 if (!bkpregs_conf->rif_offsets)
778 panic("No backup register configuration");
779
780 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) {
781 if (bkpregs_conf->rif_offsets[i] >
782 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))
783 return TEE_ERROR_NOT_SUPPORTED;
784 }
785
786 /* Fill the 3 TAMP_BKPRIFRx registers */
787 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK,
788 bkpregs_conf->rif_offsets[0]);
789 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK,
790 bkpregs_conf->rif_offsets[1]);
791 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK,
792 bkpregs_conf->rif_offsets[2] |
793 SHIFT_U32(bkpregs_conf->rif_offsets[3],
794 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT));
795
796 DMSG("Backup registers mapping :");
797 DMSG("********START of zone 1********");
798 DMSG("Protection Zone 1-RIF1 begins at register: 0");
799 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32,
800 bkpregs_conf->rif_offsets[0]);
801 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32,
802 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0);
803 DMSG("********END of zone 1********");
804 DMSG("********START of zone 2********");
805 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32,
806 bkpregs_conf->zone1_end);
807 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32,
808 bkpregs_conf->rif_offsets[1]);
809 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32,
810 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ?
811 bkpregs_conf->zone2_end - 1 : 0);
812 DMSG("********END of zone 2********");
813 DMSG("********START of zone 3********");
814 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32,
815 bkpregs_conf->zone2_end);
816 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32,
817 bkpregs_conf->rif_offsets[2]);
818 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32,
819 bkpregs_conf->rif_offsets[3]);
820 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32,
821 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG);
822 DMSG("********END of zone 3********");
823
824 return TEE_SUCCESS;
825 }
826
stm32_tamp_set_secure_bkpregs(void)827 static TEE_Result stm32_tamp_set_secure_bkpregs(void)
828 {
829 struct stm32_bkpregs_conf *bkpregs_conf =
830 &stm32_tamp_dev->pdata.bkpregs_conf;
831 vaddr_t base = get_base();
832 uint32_t first_z2 = 0;
833 uint32_t first_z3 = 0;
834
835 first_z2 = bkpregs_conf->zone1_end;
836 first_z3 = bkpregs_conf->zone2_end;
837
838 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) ||
839 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)))
840 return TEE_ERROR_BAD_PARAMETERS;
841
842 if (stm32_tamp_dev->pdata.compat &&
843 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) {
844 io_clrsetbits32(base + _TAMP_SECCFGR,
845 _TAMP_SECCFGR_BKPRWSEC_MASK,
846 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) &
847 _TAMP_SECCFGR_BKPRWSEC_MASK);
848
849 io_clrsetbits32(base + _TAMP_SECCFGR,
850 _TAMP_SECCFGR_BKPWSEC_MASK,
851 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) &
852 _TAMP_SECCFGR_BKPWSEC_MASK);
853 } else {
854 io_clrsetbits32(base + _TAMP_SMCR,
855 _TAMP_SMCR_BKPRWDPROT_MASK,
856 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) &
857 _TAMP_SMCR_BKPRWDPROT_MASK);
858
859 io_clrsetbits32(base + _TAMP_SMCR,
860 _TAMP_SMCR_BKPWDPROT_MASK,
861 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) &
862 _TAMP_SMCR_BKPWDPROT_MASK);
863 }
864
865 return TEE_SUCCESS;
866 }
867
stm32_tamp_set_secure(uint32_t mode)868 static void stm32_tamp_set_secure(uint32_t mode)
869 {
870 vaddr_t base = get_base();
871
872 if (stm32_tamp_dev->pdata.compat &&
873 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) {
874 io_clrsetbits32(base + _TAMP_SECCFGR,
875 _TAMP_SECCFGR_BUT_BKP_MASK,
876 mode & _TAMP_SECCFGR_BUT_BKP_MASK);
877 } else {
878 /*
879 * Note: MP15 doesn't use SECCFG register and
880 * inverts the secure bit.
881 */
882 if (mode & _TAMP_SECCFGR_TAMPSEC)
883 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT);
884 else
885 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT);
886 }
887 }
888
stm32_tamp_set_privilege(uint32_t mode)889 static void stm32_tamp_set_privilege(uint32_t mode)
890 {
891 vaddr_t base = get_base();
892
893 if (stm32_tamp_dev->pdata.compat &&
894 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR))
895 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK,
896 mode & _TAMP_PRIVCFGR_MASK);
897 }
898
parse_bkpregs_dt_conf(const void * fdt,int node)899 static void parse_bkpregs_dt_conf(const void *fdt, int node)
900 {
901 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata;
902 unsigned int bkpregs_count = 0;
903 const fdt32_t *cuint = NULL;
904 int lenp = 0;
905
906 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp);
907 if (!cuint)
908 panic("Missing backup registers configuration");
909
910 /*
911 * When TAMP does not support RIF, the backup registers can
912 * be splited in 3 zones. These zones have specific read/write
913 * access permissions based on the secure status of the accesser.
914 * When RIF is supported, these zones can additionally be splited
915 * in subzones that have CID filtering. Zones/Subzones can be empty and
916 * are contiguous.
917 */
918 if (!(pdata->compat->tags & TAMP_HAS_RIF_SUPPORT)) {
919 /* 3 zones, 2 offsets to apply */
920 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES)
921 panic("Incorrect bkpregs configuration");
922
923 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]);
924 bkpregs_count = fdt32_to_cpu(cuint[0]);
925
926 pdata->bkpregs_conf.zone2_end = bkpregs_count +
927 fdt32_to_cpu(cuint[1]);
928 } else {
929 /*
930 * Zone 3
931 * ----------------------|
932 * Protection Zone 3-RIF2|Read non-
933 * ----------------------|secure
934 * Protection Zone 3-RIF0|Write non-
935 * ----------------------|secure
936 * Protection Zone 3-RIF1|
937 * ----------------------|
938 *
939 * Zone 2
940 * ----------------------|
941 * Protection Zone 2-RIF2|Read non-
942 * ----------------------|secure
943 * Protection Zone 2-RIF1|Write secure
944 * ----------------------|
945 *
946 * Zone 1
947 * ----------------------|
948 * Protection Zone 1-RIF2|Read secure
949 * ----------------------|Write secure
950 * Protection Zone 1-RIF1|
951 * ----------------------|
952 *
953 * (BHK => First 8 registers)
954 */
955 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT,
956 sizeof(uint32_t));
957 if (!pdata->bkpregs_conf.rif_offsets)
958 panic();
959
960 /*
961 * 3 zones with 7 subzones in total(6 offsets):
962 * - 2 zone offsets
963 * - 4 subzones offsets
964 */
965 if (lenp != sizeof(uint32_t) *
966 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES))
967 panic("Incorrect bkpregs configuration");
968
969 /* Backup registers zone 1 */
970 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]);
971 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) +
972 fdt32_to_cpu(cuint[1]);
973
974 bkpregs_count = pdata->bkpregs_conf.zone1_end;
975
976 /* Backup registers zone 2 */
977 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count +
978 fdt32_to_cpu(cuint[2]);
979 pdata->bkpregs_conf.zone2_end = bkpregs_count +
980 fdt32_to_cpu(cuint[2]) +
981 fdt32_to_cpu(cuint[3]);
982
983 bkpregs_count = pdata->bkpregs_conf.zone2_end;
984
985 /* Backup registers zone 3 */
986 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count +
987 fdt32_to_cpu(cuint[4]);
988 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count +
989 fdt32_to_cpu(cuint[4]) +
990 fdt32_to_cpu(cuint[5]);
991 }
992 }
993
stm32_tamp_set_pins(vaddr_t base,uint32_t mode)994 static void stm32_tamp_set_pins(vaddr_t base, uint32_t mode)
995 {
996 io_setbits32(base + _TAMP_OR, mode);
997 }
998
stm32_tamp_set_seed(vaddr_t base)999 static TEE_Result stm32_tamp_set_seed(vaddr_t base)
1000 {
1001 uint32_t value = 0;
1002 int idx = 0;
1003
1004 for (idx = 0; idx < 4; idx++) {
1005 uint32_t rnd = 0;
1006
1007 if (crypto_rng_read(&rnd, sizeof(uint32_t)))
1008 return TEE_ERROR_BAD_STATE;
1009
1010 io_write32(base + _TAMP_ATSEEDR, rnd);
1011 }
1012
1013 if (IO_READ32_POLL_TIMEOUT(base + _TAMP_ATOR, value,
1014 !(value & _TAMP_SEEDF), 0, SEED_TIMEOUT_US))
1015 return TEE_ERROR_BAD_STATE;
1016
1017 return TEE_SUCCESS;
1018 }
1019
is_int_tamp_id_valid(enum stm32_tamp_id id)1020 static TEE_Result is_int_tamp_id_valid(enum stm32_tamp_id id)
1021 {
1022 if (id - INT_TAMP1 >= _TAMP_HWCFGR1_ITAMP_MAX_ID)
1023 return TEE_ERROR_BAD_PARAMETERS;
1024
1025 if (!(stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_ITAMP(id)))
1026 return TEE_ERROR_ITEM_NOT_FOUND;
1027
1028 return TEE_SUCCESS;
1029 }
1030
is_ext_tamp_id_valid(enum stm32_tamp_id id)1031 static bool is_ext_tamp_id_valid(enum stm32_tamp_id id)
1032 {
1033 return id - EXT_TAMP1 <=
1034 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_TAMPER) >>
1035 _TAMP_HWCFGR1_TAMPER_SHIFT;
1036 }
1037
stm32_tamp_it_handler(struct itr_handler * h __unused)1038 static enum itr_return stm32_tamp_it_handler(struct itr_handler *h __unused)
1039 {
1040 struct optee_rtc_time __maybe_unused tamp_ts = { };
1041 vaddr_t base = get_base();
1042 uint32_t it = io_read32(base + _TAMP_SR);
1043 uint32_t int_it = it & _TAMP_SR_ITAMPXF_MASK;
1044 uint32_t ext_it = it & _TAMP_SR_ETAMPXF_MASK;
1045 bool ts_enabled = false;
1046 size_t i = 0;
1047
1048 if (stm32_rtc_is_timestamp_enabled(&ts_enabled))
1049 panic();
1050
1051 if (ts_enabled && it) {
1052 TEE_Result res = stm32_rtc_get_timestamp(&tamp_ts);
1053
1054 if (res)
1055 EMSG("Failed to get RTC timestamp: %"PRIx32, res);
1056 FMSG("Tamper event occurred at:");
1057 FMSG("\n \t Date: %"PRIu32"/%"PRIu32"\n \t Time: %"PRIu32":%"PRIu32":%"PRIu32,
1058 tamp_ts.tm_mday, tamp_ts.tm_mon, tamp_ts.tm_hour,
1059 tamp_ts.tm_min, tamp_ts.tm_sec);
1060 }
1061
1062 while (int_it && i < stm32_tamp_dev->pdata.compat->int_tamp_size) {
1063 struct stm32_tamp_tamper_data int_tamp =
1064 stm32_tamp_dev->pdata.compat->int_tamp[i];
1065 int id = int_tamp.id;
1066
1067 if (int_it & _TAMP_SR_ITAMP(id)) {
1068 uint32_t ret = 0;
1069
1070 int_it &= ~_TAMP_SR_ITAMP(id);
1071
1072 if (int_tamp.func)
1073 ret = int_tamp.func(id);
1074
1075 if (ret & TAMP_CB_ACK)
1076 io_setbits32(base + _TAMP_SCR,
1077 _TAMP_SCR_ITAMP(id));
1078
1079 if (ret & TAMP_CB_RESET)
1080 do_reset("Internal tamper event detected");
1081 }
1082 i++;
1083 }
1084
1085 i = 0;
1086 /* External tamper interrupt */
1087 while (ext_it && i < stm32_tamp_dev->pdata.compat->ext_tamp_size) {
1088 struct stm32_tamp_tamper_data ext_tamp =
1089 stm32_tamp_dev->pdata.compat->ext_tamp[i];
1090 int id = ext_tamp.id;
1091
1092 if (ext_it & _TAMP_SR_ETAMP(id)) {
1093 uint32_t ret = 0;
1094
1095 ext_it &= ~_TAMP_SR_ETAMP(id);
1096
1097 if (ext_tamp.func)
1098 ret = ext_tamp.func(id);
1099
1100 if (ret & TAMP_CB_ACK)
1101 io_setbits32(base + _TAMP_SCR,
1102 _TAMP_SCR_ETAMP(id));
1103
1104 if (ret & TAMP_CB_RESET)
1105 do_reset("External tamper event detected");
1106 }
1107 i++;
1108 }
1109
1110 return ITRR_HANDLED;
1111 }
1112 DECLARE_KEEP_PAGER(stm32_tamp_it_handler);
1113
stm32_tamp_set_int_config(struct stm32_tamp_compat * tcompat,uint32_t itamp_index,uint32_t * cr1,uint32_t * cr3,uint32_t * ier)1114 static TEE_Result stm32_tamp_set_int_config(struct stm32_tamp_compat *tcompat,
1115 uint32_t itamp_index, uint32_t *cr1,
1116 uint32_t *cr3, uint32_t *ier)
1117 {
1118 struct stm32_tamp_tamper_data *tamp_int = NULL;
1119 enum stm32_tamp_id id = INVALID_TAMP;
1120 TEE_Result res = TEE_ERROR_GENERIC;
1121
1122 if (!tcompat)
1123 return TEE_ERROR_BAD_PARAMETERS;
1124
1125 tamp_int = &tcompat->int_tamp[itamp_index];
1126 id = tamp_int->id;
1127
1128 res = is_int_tamp_id_valid(id);
1129 if (res == TEE_ERROR_ITEM_NOT_FOUND)
1130 return TEE_SUCCESS;
1131 else if (res)
1132 return res;
1133
1134 /*
1135 * If there is no callback
1136 * this tamper is disabled, we reset its configuration.
1137 */
1138 if (!tamp_int->func) {
1139 *cr1 &= ~_TAMP_CR1_ITAMP(id);
1140 *ier &= ~_TAMP_IER_ITAMP(id);
1141 if (tcompat->tags & TAMP_HAS_REGISTER_CR3)
1142 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id);
1143
1144 FMSG("INT_TAMP%d disabled", id - INT_TAMP1 + 1);
1145 return TEE_SUCCESS;
1146 }
1147
1148 *cr1 |= _TAMP_CR1_ITAMP(id);
1149 *ier |= _TAMP_IER_ITAMP(id);
1150
1151 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) {
1152 if (tamp_int->mode & TAMP_NOERASE)
1153 *cr3 |= _TAMP_CR3_ITAMPNOER(id);
1154 else
1155 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id);
1156 }
1157
1158 DMSG("'%s' internal tamper enabled in %s mode",
1159 itamper_name[id - INT_TAMP1],
1160 (tamp_int->mode & TAMP_NOERASE) ? "potential" : "confirmed");
1161
1162 return TEE_SUCCESS;
1163 }
1164
stm32_tamp_set_ext_config(struct stm32_tamp_compat * tcompat,uint32_t etamp_index,uint32_t * cr1,uint32_t * cr2,uint32_t * atcr1,uint32_t * atcr2,uint32_t * ier)1165 static TEE_Result stm32_tamp_set_ext_config(struct stm32_tamp_compat *tcompat,
1166 uint32_t etamp_index, uint32_t *cr1,
1167 uint32_t *cr2, uint32_t *atcr1,
1168 uint32_t *atcr2, uint32_t *ier)
1169 {
1170 struct stm32_tamp_tamper_data *tamp_ext = NULL;
1171 enum stm32_tamp_id id = INVALID_TAMP;
1172
1173 if (!tcompat)
1174 return TEE_ERROR_BAD_PARAMETERS;
1175
1176 tamp_ext = &tcompat->ext_tamp[etamp_index];
1177 id = tamp_ext->id;
1178
1179 /* Exit if not a valid TAMP_ID */
1180 if (!is_ext_tamp_id_valid(id))
1181 return TEE_ERROR_BAD_PARAMETERS;
1182
1183 /*
1184 * If there is no callback or this TAMPER wasn't defined in DT,
1185 * this tamper is disabled, we reset its configuration.
1186 */
1187 if (!tamp_ext->func || !(tamp_ext->mode & TAMP_IN_DT)) {
1188 *cr1 &= ~_TAMP_CR1_ETAMP(id);
1189 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id);
1190 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id);
1191 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id);
1192 *ier &= ~_TAMP_IER_ETAMP(id);
1193
1194 FMSG("EXT_TAMP%d disabled", id - EXT_TAMP1 + 1);
1195 return TEE_SUCCESS;
1196 }
1197
1198 *cr1 |= _TAMP_CR1_ETAMP(id);
1199
1200 if (tamp_ext->mode & TAMP_TRIG_ON)
1201 *cr2 |= _TAMP_CR2_ETAMPTRG(id);
1202 else
1203 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id);
1204
1205 if (tamp_ext->mode & TAMP_ACTIVE) {
1206 *atcr1 |= _TAMP_ATCR1_ETAMPAM(id);
1207
1208 /* Configure output pin if ATOSHARE is selected */
1209 if (*atcr1 & _TAMP_ATCR1_ATOSHARE) {
1210 if (tcompat->tags & TAMP_HAS_REGISTER_ATCR2)
1211 *atcr2 = (*atcr2 &
1212 ~_TAMP_ATCR2_ATOSEL_MASK(id)) |
1213 _TAMP_ATCR2_ATOSEL(id,
1214 tamp_ext->out_id);
1215 else
1216 *atcr1 = (*atcr1 &
1217 ~_TAMP_ATCR1_ATOSEL_MASK(id)) |
1218 _TAMP_ATCR1_ATOSEL(id,
1219 tamp_ext->out_id);
1220 }
1221 } else {
1222 *atcr1 &= ~_TAMP_ATCR1_ETAMPAM(id);
1223 }
1224
1225 if (tamp_ext->mode & TAMP_NOERASE)
1226 *cr2 |= _TAMP_CR2_ETAMPNOER(id);
1227 else
1228 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id);
1229
1230 if (id < _TAMP_CR2_ETAMPMSK_MAX_ID) {
1231 /*
1232 * Only external TAMP 1, 2 and 3 can be masked
1233 * and we may want them masked at startup.
1234 */
1235 if (tamp_ext->mode & TAMP_EVT_MASK) {
1236 /*
1237 * ETAMP(id) event generates a trigger event. This
1238 * ETAMP(id) is masked and internally cleared by
1239 * hardware.
1240 * The secrets are not erased.
1241 */
1242 *ier &= ~_TAMP_IER_ETAMP(id);
1243 *cr2 |= _TAMP_CR2_ETAMPMSK(id);
1244 } else {
1245 /*
1246 * normal ETAMP interrupt:
1247 * ETAMP(id) event generates a trigger event and
1248 * TAMP(id) must be cleared by software to allow
1249 * next tamper event detection.
1250 */
1251 *ier |= _TAMP_IER_ETAMP(id);
1252 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id);
1253 }
1254 } else {
1255 /* Other than 1,2,3 external TAMP, we want its interrupt */
1256 *ier |= _TAMP_IER_ETAMP(id);
1257 }
1258
1259 DMSG("EXT_TAMP%d enabled as a %s tamper in %s mode, trig_%s %s",
1260 id - EXT_TAMP1 + 1,
1261 (tamp_ext->mode & TAMP_ACTIVE) ? "active" : "passive",
1262 (tamp_ext->mode & TAMP_NOERASE) ? "potential" : "confirmed",
1263 (tamp_ext->mode & TAMP_TRIG_ON) ? "on" : "off",
1264 (tamp_ext->mode & TAMP_EVT_MASK) ? " (masked)" : "");
1265
1266 if (tamp_ext->mode & TAMP_ACTIVE)
1267 DMSG(" linked with OUT_TAMP%"PRIu32,
1268 tamp_ext->out_id - OUT_TAMP1 + 1);
1269
1270 return TEE_SUCCESS;
1271 }
1272
1273 /*
1274 * Count number of 1 in bitmask
1275 * Cannot use __builtin_popcount(): libgcc.a for ARMV7 use hardfloat ABI,
1276 * but OP-TEE core is compiled with softfloat ABI.
1277 */
popcount(uint32_t bitmask)1278 static int popcount(uint32_t bitmask)
1279 {
1280 int nb = 0;
1281
1282 while (bitmask) {
1283 if (bitmask & 1)
1284 nb++;
1285 bitmask >>= 1;
1286 }
1287
1288 return nb;
1289 }
1290
stm32_tamp_set_atper(uint32_t pins_out_bits,uint32_t * atcr1)1291 static void stm32_tamp_set_atper(uint32_t pins_out_bits, uint32_t *atcr1)
1292 {
1293 uint32_t conf = 0;
1294
1295 switch (popcount(pins_out_bits)) {
1296 case 0:
1297 case 1:
1298 conf = 0;
1299 break;
1300 case 2:
1301 conf = 1;
1302 break;
1303 case 3:
1304 case 4:
1305 conf = 2;
1306 break;
1307 default:
1308 conf = 3;
1309 break;
1310 }
1311
1312 *atcr1 |= SHIFT_U32(conf, _TAMP_ATCR1_ATPER_SHIFT) &
1313 _TAMP_ATCR1_ATPER_MASK;
1314 }
1315
stm32_tamp_set_config(void)1316 static TEE_Result stm32_tamp_set_config(void)
1317 {
1318 TEE_Result ret = TEE_SUCCESS;
1319 vaddr_t base = get_base();
1320 uint32_t atcr1 = 0;
1321 uint32_t atcr2 = 0;
1322 uint32_t fltcr = 0;
1323 uint32_t cr1 = 0;
1324 uint32_t cr2 = 0;
1325 uint32_t cr3 = 0;
1326 uint32_t ier = 0;
1327 size_t i = 0;
1328
1329 if (!stm32_tamp_dev->pdata.compat ||
1330 !stm32_tamp_dev->pdata.compat->int_tamp ||
1331 !stm32_tamp_dev->pdata.compat->ext_tamp)
1332 return TEE_ERROR_BAD_STATE;
1333
1334 /* Set passive filter configuration */
1335 fltcr = stm32_tamp_dev->pdata.passive_conf;
1336
1337 /* Set active mode configuration */
1338 atcr1 = stm32_tamp_dev->pdata.active_conf & _TAMP_ATCR1_COMMON_MASK;
1339 stm32_tamp_set_atper(stm32_tamp_dev->pdata.out_pins, &atcr1);
1340
1341 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) {
1342 ret = stm32_tamp_set_int_config(stm32_tamp_dev->pdata.compat, i,
1343 &cr1, &cr3, &ier);
1344 if (ret)
1345 return ret;
1346 }
1347
1348 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) {
1349 ret = stm32_tamp_set_ext_config(stm32_tamp_dev->pdata.compat, i,
1350 &cr1, &cr2, &atcr1, &atcr2,
1351 &ier);
1352 if (ret)
1353 return ret;
1354 }
1355
1356 /*
1357 * We apply configuration all in a row:
1358 * As for active ext tamper "all the needed tampers must be enabled in
1359 * the same write access".
1360 */
1361 io_write32(base + _TAMP_FLTCR, fltcr);
1362 FMSG("Set passive conf %08"PRIx32, fltcr);
1363
1364 /* Active configuration applied only if not already done. */
1365 if (((io_read32(base + _TAMP_ATOR) & _TAMP_INITS) != _TAMP_INITS)) {
1366 io_write32(base + _TAMP_ATCR1, atcr1);
1367 FMSG("Set active conf1 %08"PRIx32, atcr1);
1368
1369 if (stm32_tamp_dev->pdata.compat->tags &
1370 TAMP_HAS_REGISTER_ATCR2) {
1371 io_write32(base + _TAMP_ATCR2, atcr2);
1372 FMSG("Set active conf2 %08"PRIx32, atcr2);
1373 }
1374 }
1375
1376 io_write32(base + _TAMP_CR1, cr1);
1377 io_write32(base + _TAMP_CR2, cr2);
1378 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_CR3)
1379 io_write32(base + _TAMP_CR3, cr3);
1380
1381 /* If active tamper we reinit the seed. */
1382 if (stm32_tamp_dev->pdata.active_conf) {
1383 if (stm32_tamp_set_seed(base) != TEE_SUCCESS) {
1384 EMSG("Active tamper: SEED not initialized");
1385 return TEE_ERROR_BAD_STATE;
1386 }
1387 }
1388
1389 /* Enable interrupts. */
1390 io_write32(base + _TAMP_IER, ier);
1391
1392 return TEE_SUCCESS;
1393 }
1394
1395 /*
1396 * Mask a tamper event detection for a given @id
1397 * If ETAMP(id) event generates a trigger event, this ETAMP(id) is masked and
1398 * internally cleared by hardware. The secrets are not erased.
1399 */
stm32_tamp_set_mask(enum stm32_tamp_id id)1400 static TEE_Result __maybe_unused stm32_tamp_set_mask(enum stm32_tamp_id id)
1401 {
1402 vaddr_t base = get_base();
1403
1404 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */
1405 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID))
1406 return TEE_ERROR_BAD_PARAMETERS;
1407
1408 /* We cannot mask the event if pending. */
1409 if (io_read32(base + _TAMP_SR) & _TAMP_SR_ETAMP(id))
1410 return TEE_ERROR_BAD_STATE;
1411
1412 /* We disable the IT */
1413 io_clrbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id));
1414 /* We mask the event */
1415 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id));
1416
1417 return TEE_SUCCESS;
1418 }
1419
1420 /*
1421 * Unmask a tamper event detection for a given @id
1422 * ETAMP(id) event now generates a trigger event and ETAMP(id) must be cleared
1423 * by software to allow next tamper event detection.
1424 */
stm32_tamp_unset_mask(enum stm32_tamp_id id)1425 static TEE_Result __maybe_unused stm32_tamp_unset_mask(enum stm32_tamp_id id)
1426 {
1427 vaddr_t base = get_base();
1428
1429 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */
1430 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID))
1431 return TEE_ERROR_BAD_PARAMETERS;
1432
1433 /* We unmask the event */
1434 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id));
1435 /* We enable the IT */
1436 io_setbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id));
1437
1438 return TEE_SUCCESS;
1439 }
1440
1441 /* This will increment the monotonic counter by 1. It cannot roll-over */
stm32_tamp_write_mcounter(int cnt_idx)1442 static TEE_Result __maybe_unused stm32_tamp_write_mcounter(int cnt_idx)
1443 {
1444 vaddr_t base = get_base();
1445
1446 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat ||
1447 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter)
1448 return TEE_ERROR_BAD_PARAMETERS;
1449
1450 io_write32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t), 1);
1451
1452 return TEE_SUCCESS;
1453 }
1454
stm32_tamp_read_mcounter(int cnt_idx)1455 static uint32_t __maybe_unused stm32_tamp_read_mcounter(int cnt_idx)
1456 {
1457 vaddr_t base = get_base();
1458
1459 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat ||
1460 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter)
1461 return 0U;
1462
1463 return io_read32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t));
1464 }
1465
stm32_tamp_configure_int(struct stm32_tamp_tamper_data * tamp,uint32_t mode,uint32_t (* cb)(int id))1466 static TEE_Result stm32_tamp_configure_int(struct stm32_tamp_tamper_data *tamp,
1467 uint32_t mode,
1468 uint32_t (*cb)(int id))
1469 {
1470 if (mode & TAMP_EVT_MASK)
1471 return TEE_ERROR_BAD_PARAMETERS;
1472
1473 tamp->mode |= (mode & TAMP_MODE_MASK);
1474 tamp->func = cb;
1475
1476 return TEE_SUCCESS;
1477 }
1478
stm32_tamp_configure_ext(struct stm32_tamp_tamper_data * tamp,uint32_t mode,uint32_t (* cb)(int id))1479 static TEE_Result stm32_tamp_configure_ext(struct stm32_tamp_tamper_data *tamp,
1480 uint32_t mode,
1481 uint32_t (*cb)(int id))
1482 {
1483 enum stm32_tamp_id id = tamp->id;
1484
1485 if (mode & TAMP_EVT_MASK && !is_ext_tamp_id_valid(id))
1486 return TEE_ERROR_BAD_PARAMETERS;
1487
1488 if (!(tamp->mode & TAMP_IN_DT))
1489 return TEE_ERROR_ITEM_NOT_FOUND;
1490
1491 tamp->mode |= (mode & TAMP_MODE_MASK);
1492 tamp->func = cb;
1493
1494 return TEE_SUCCESS;
1495 }
1496
1497 /*
1498 * stm32_tamp_activate_tamp: Configure and activate one tamper (internal or
1499 * external).
1500 *
1501 * @id: tamper ID
1502 * @mode: bitmask from TAMPER modes define:
1503 * TAMP_ERASE/TAMP_NOERASE:
1504 * TAMP_ERASE: when this tamper event is triggered; secrets are
1505 * erased.
1506 * TAMP_NOERASE: when this event is triggered; cryptographic
1507 * and some secure peripherals are locked until the event is
1508 * acknowledged. If the callback confirms the TAMPER, it
1509 * can manually erase secrets with stm32_tamp_erase_secrets().
1510 * TAMP_NO_EVT_MASK/TAMP_EVT_MASK:
1511 * TAMP_NO_EVT_MASK: normal behavior.
1512 * TAMP_EVT_MASK: if the event is triggered, the event is masked and
1513 * internally cleared by hardware. Secrets are not erased. Only
1514 * applicable for some external tampers. This defines only the status
1515 * at boot. To change mask while runtime: stm32_tamp_set_mask() and
1516 * stm32_tamp_unset_mask() can be used.
1517 * @cb: function to call when a tamper event is raised (cannot be NULL).
1518 * It is called in interrupt context and returns a bitmask defining
1519 * the action to take by the driver:
1520 * TAMP_CB_RESET: will reset the board.
1521 * TAMP_CB_ACK: this specific tamper is acknowledged (in case
1522 * of no-erase tamper, blocked secret are unblocked).
1523 *
1524 * return: TEE_ERROR_BAD_PARAMETERS:
1525 * if @id is not a valid tamper ID,
1526 * if @cb is NULL,
1527 * if TAMP_EVT_MASK @mode is set for an unsupported @id.
1528 * TEE_ERROR_BAD_STATE
1529 * if driver was not previously initialized.
1530 * TEE_ERROR_ITEM_NOT_FOUND
1531 * if the activated external tamper was not previously
1532 * defined in the device tree.
1533 * else TEE_SUCCESS.
1534 */
stm32_tamp_activate_tamp(enum stm32_tamp_id id,uint32_t mode,uint32_t (* cb)(int id))1535 static TEE_Result stm32_tamp_activate_tamp(enum stm32_tamp_id id, uint32_t mode,
1536 uint32_t (*cb)(int id))
1537 {
1538 struct stm32_tamp_tamper_data *tamp_conf = NULL;
1539 size_t i = 0;
1540
1541 if (!stm32_tamp_dev->pdata.compat)
1542 return TEE_ERROR_BAD_STATE;
1543
1544 assert(is_unpaged(cb));
1545
1546 if (!cb)
1547 return TEE_ERROR_BAD_PARAMETERS;
1548
1549 /* Find internal Tamp struct */
1550 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) {
1551 if (stm32_tamp_dev->pdata.compat->int_tamp[i].id == id) {
1552 tamp_conf = &stm32_tamp_dev->pdata.compat->int_tamp[i];
1553 return stm32_tamp_configure_int(tamp_conf, mode, cb);
1554 }
1555 }
1556
1557 /* Find external Tamp struct */
1558 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) {
1559 if (stm32_tamp_dev->pdata.compat->ext_tamp[i].id == id) {
1560 tamp_conf = &stm32_tamp_dev->pdata.compat->ext_tamp[i];
1561 return stm32_tamp_configure_ext(tamp_conf, mode, cb);
1562 }
1563 }
1564
1565 EMSG("Did not find existing tamper for ID:%d", id);
1566
1567 return TEE_ERROR_BAD_PARAMETERS;
1568 }
1569
stm32_tamp_are_secrets_blocked(void)1570 static bool __maybe_unused stm32_tamp_are_secrets_blocked(void)
1571 {
1572 if (stm32_tamp_dev->pdata.compat &&
1573 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) {
1574 vaddr_t base = get_base();
1575
1576 return ((io_read32(base + _TAMP_CR2) & _TAMP_CR2_BKBLOCK) ||
1577 io_read32(base + _TAMP_SR));
1578 } else {
1579 return false;
1580 }
1581 }
1582
stm32_tamp_block_secrets(void)1583 static void __maybe_unused stm32_tamp_block_secrets(void)
1584 {
1585 vaddr_t base = get_base();
1586
1587 if (stm32_tamp_dev->pdata.compat &&
1588 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS))
1589 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK);
1590 }
1591
stm32_tamp_unblock_secrets(void)1592 static void __maybe_unused stm32_tamp_unblock_secrets(void)
1593 {
1594 vaddr_t base = get_base();
1595
1596 if (stm32_tamp_dev->pdata.compat &&
1597 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS))
1598 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK);
1599 }
1600
stm32_tamp_erase_secrets(void)1601 static void __maybe_unused stm32_tamp_erase_secrets(void)
1602 {
1603 vaddr_t base = get_base();
1604
1605 if (stm32_tamp_dev->pdata.compat &&
1606 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS))
1607 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKERASE);
1608 }
1609
stm32_tamp_lock_boot_hardware_key(void)1610 static void __maybe_unused stm32_tamp_lock_boot_hardware_key(void)
1611 {
1612 vaddr_t base = get_base();
1613
1614 if (stm32_tamp_dev->pdata.compat &&
1615 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR))
1616 io_setbits32(base + _TAMP_SECCFGR, _TAMP_SECCFGR_BHKLOCK);
1617 }
1618
stm32_tamp_configure_pin(uint32_t id,struct gpio * gpio,bool out,struct stm32_tamp_platdata * pdata)1619 static void stm32_tamp_configure_pin(uint32_t id, struct gpio *gpio, bool out,
1620 struct stm32_tamp_platdata *pdata)
1621 {
1622 struct stm32_tamp_compat *compat = pdata->compat;
1623 unsigned int bank = stm32_gpio_chip_bank_id(gpio->chip);
1624 unsigned int pin = gpio->pin;
1625 size_t i = 0;
1626
1627 if (!compat)
1628 return;
1629
1630 /* Configure option registers */
1631 for (i = 0; i < compat->pin_map_size; i++) {
1632 if (id == compat->pin_map[i].id &&
1633 bank == compat->pin_map[i].bank &&
1634 pin == compat->pin_map[i].pin &&
1635 out == compat->pin_map[i].out) {
1636 pdata->pins_conf |= compat->pin_map[i].conf;
1637 break;
1638 }
1639 }
1640 }
1641
1642 static TEE_Result
stm32_tamp_configure_pin_from_dt(const void * fdt,int node,struct stm32_tamp_platdata * pdata,uint32_t ext_tamp_id,uint32_t out_tamp_id)1643 stm32_tamp_configure_pin_from_dt(const void *fdt, int node,
1644 struct stm32_tamp_platdata *pdata,
1645 uint32_t ext_tamp_id, uint32_t out_tamp_id)
1646 {
1647 enum stm32_tamp_out_id out_id = INVALID_OUT_TAMP;
1648 struct stm32_tamp_tamper_data *tamp_ext = NULL;
1649 enum stm32_tamp_id id = INVALID_TAMP;
1650 TEE_Result res = TEE_SUCCESS;
1651 struct gpio *gpio_out = NULL;
1652 struct gpio *gpio_ext = NULL;
1653 bool active = false;
1654 unsigned int i = 0;
1655
1656 /*
1657 * First GPIO in the tamper-gpios property is required and refers to the
1658 * EXT_TAMP control. Second GPIO in the tamper-gpios property is
1659 * optional and, if defined, refers to the OUT_TAMP control.
1660 * If only one GPIO is defined, the tamper control is a passive tamper.
1661 * Else, it is an active tamper.
1662 */
1663 res = gpio_dt_cfg_by_index(fdt, node, 1, "tamper", GPIO_IN, &gpio_out);
1664 if (res && res != TEE_ERROR_ITEM_NOT_FOUND)
1665 return res;
1666
1667 if (res != TEE_ERROR_ITEM_NOT_FOUND) {
1668 active = true;
1669 out_id = OUT_TAMP1 + out_tamp_id - 1;
1670 if (out_tamp_id > pdata->compat->ext_tamp_size) {
1671 gpio_put(gpio_out);
1672 return TEE_ERROR_BAD_PARAMETERS;
1673 }
1674
1675 stm32_tamp_configure_pin(out_id, gpio_out, true, pdata);
1676 }
1677
1678 res = gpio_dt_cfg_by_index(fdt, node, 0, "tamper", GPIO_IN, &gpio_ext);
1679 if (res) {
1680 gpio_put(gpio_out);
1681 return res;
1682 }
1683
1684 /* We now configure first pin */
1685 id = ext_tamp_id + EXT_TAMP1 - 1;
1686
1687 /* Find external TAMP struct */
1688 for (i = 0; i < pdata->compat->ext_tamp_size; i++) {
1689 if (pdata->compat->ext_tamp[i].id == id) {
1690 tamp_ext = &pdata->compat->ext_tamp[i];
1691 break;
1692 }
1693 }
1694
1695 if (!tamp_ext) {
1696 gpio_put(gpio_out);
1697 gpio_put(gpio_ext);
1698 return TEE_ERROR_BAD_PARAMETERS;
1699 }
1700
1701 if (active) {
1702 tamp_ext->mode |= TAMP_ACTIVE;
1703 tamp_ext->out_id = out_id;
1704 pdata->out_pins |= BIT(tamp_ext->out_id - OUT_TAMP1);
1705
1706 if (out_id - OUT_TAMP1 != id - EXT_TAMP1)
1707 pdata->active_conf |= _TAMP_ATCR1_ATOSHARE;
1708 } else {
1709 if (fdt_getprop(fdt, node, "st,trig-on", NULL))
1710 tamp_ext->mode |= TAMP_TRIG_ON;
1711 }
1712
1713 tamp_ext->mode |= TAMP_IN_DT;
1714
1715 stm32_tamp_configure_pin(id, gpio_ext, false, pdata);
1716
1717 return TEE_SUCCESS;
1718 }
1719
1720 static TEE_Result
stm32_tamp_parse_passive_conf(const void * fdt,int node,struct stm32_tamp_platdata * pdata)1721 stm32_tamp_parse_passive_conf(const void *fdt, int node,
1722 struct stm32_tamp_platdata *pdata)
1723 {
1724 const fdt32_t *cuint = NULL;
1725 uint32_t precharge = 0;
1726 uint32_t nb_sample = 0;
1727 uint32_t clk_div = 32768;
1728 uint32_t conf = 0;
1729
1730 cuint = fdt_getprop(fdt, node, "st,tamp-passive-precharge", NULL);
1731 if (cuint)
1732 precharge = fdt32_to_cpu(*cuint);
1733
1734 cuint = fdt_getprop(fdt, node, "st,tamp-passive-nb-sample", NULL);
1735 if (cuint)
1736 nb_sample = fdt32_to_cpu(*cuint);
1737
1738 cuint = fdt_getprop(fdt, node, "st,tamp-passive-sample-clk-div", NULL);
1739 if (cuint)
1740 clk_div = fdt32_to_cpu(*cuint);
1741
1742 DMSG("Passive conf from dt: precharge=%"PRIu32", nb_sample=%"PRIu32
1743 ", clk_div=%"PRIu32, precharge, nb_sample, clk_div);
1744
1745 switch (precharge) {
1746 case 0:
1747 /* No precharge, => we disable the pull-up */
1748 conf |= _TAMP_FLTCR_TAMPPUDIS;
1749 break;
1750 case 1:
1751 /* Precharge for one cycle value stay 0 */
1752 break;
1753 case 2:
1754 /* Precharge passive pin 2 cycles */
1755 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPPRCH_SHIFT);
1756 break;
1757 case 4:
1758 /* Precharge passive pin 4 cycles */
1759 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPPRCH_SHIFT);
1760 break;
1761 case 8:
1762 /* Precharge passive pin 8 cycles */
1763 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPPRCH_SHIFT);
1764 break;
1765 default:
1766 return TEE_ERROR_BAD_PARAMETERS;
1767 }
1768
1769 switch (nb_sample) {
1770 case 0:
1771 /* Activation on edge, no pull-up: value stay 0 */
1772 break;
1773 case 2:
1774 /*
1775 * Tamper event is activated after 2 consecutive samples at
1776 * active level.
1777 */
1778 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFLT_SHIFT);
1779 break;
1780 case 4:
1781 /*
1782 * Tamper event is activated after 4 consecutive samples at
1783 * active level.
1784 */
1785 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFLT_SHIFT);
1786 break;
1787 case 8:
1788 /*
1789 * Tamper event is activated after 8 consecutive samples at
1790 * active level.
1791 */
1792 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFLT_SHIFT);
1793 break;
1794 default:
1795 return TEE_ERROR_BAD_PARAMETERS;
1796 }
1797
1798 switch (clk_div) {
1799 case 32768:
1800 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */
1801 break;
1802 case 16384:
1803 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */
1804 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1805 break;
1806 case 8192:
1807 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */
1808 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1809 break;
1810 case 4096:
1811 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */
1812 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1813 break;
1814 case 2048:
1815 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */
1816 conf |= SHIFT_U32(4, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1817 break;
1818 case 1024:
1819 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */
1820 conf |= SHIFT_U32(5, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1821 break;
1822 case 512:
1823 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */
1824 conf |= SHIFT_U32(6, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1825 break;
1826 case 256:
1827 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */
1828 conf |= SHIFT_U32(7, _TAMP_FLTCR_TAMPFREQ_SHIFT);
1829 break;
1830 default:
1831 return TEE_ERROR_BAD_PARAMETERS;
1832 }
1833
1834 pdata->passive_conf = conf;
1835
1836 return TEE_SUCCESS;
1837 }
1838
stm32_tamp_itamper_action(int id)1839 static uint32_t stm32_tamp_itamper_action(int id)
1840 {
1841 const char __maybe_unused *tamp_name = NULL;
1842
1843 if (id >= 0 && ((size_t)id < ARRAY_SIZE(itamper_name)))
1844 tamp_name = itamper_name[id];
1845
1846 MSG("Internal tamper event %u (%s) occurred", id - INT_TAMP1 + 1,
1847 tamp_name);
1848
1849 return TAMP_CB_ACK_AND_RESET;
1850 }
1851 DECLARE_KEEP_PAGER(stm32_tamp_itamper_action);
1852
stm32_tamp_etamper_action(int id __maybe_unused)1853 static uint32_t stm32_tamp_etamper_action(int id __maybe_unused)
1854 {
1855 MSG("External tamper %u occurs", id - EXT_TAMP1 + 1);
1856
1857 return TAMP_CB_ACK_AND_RESET;
1858 }
1859 DECLARE_KEEP_PAGER(stm32_tamp_etamper_action);
1860
stm32_configure_tamp(const void * fdt,int node)1861 static TEE_Result stm32_configure_tamp(const void *fdt, int node)
1862 {
1863 const fdt32_t *internal_tampers = 0;
1864 uint32_t i_tampers[EXT_TAMP1 * 2] = { };
1865 int subnode = -FDT_ERR_NOTFOUND;
1866 TEE_Result res = TEE_SUCCESS;
1867 int retval = 0;
1868 int len = 0;
1869 int i = 0;
1870
1871 /* Internal tampers configuration */
1872 internal_tampers = fdt_getprop(fdt, node, "st,tamp-internal-tampers",
1873 &len);
1874 if (len == -FDT_ERR_NOTFOUND)
1875 goto skip_int_tamp;
1876
1877 if ((internal_tampers && len % (2 * sizeof(uint32_t))) ||
1878 !internal_tampers || len / sizeof(uint32_t) > EXT_TAMP1 * 2)
1879 return TEE_ERROR_BAD_PARAMETERS;
1880
1881 retval = fdt_read_uint32_array(fdt, node, "st,tamp-internal-tampers",
1882 i_tampers, len / sizeof(uint32_t));
1883 if (retval && retval != -FDT_ERR_NOTFOUND)
1884 return TEE_ERROR_BAD_PARAMETERS;
1885
1886 len = len / sizeof(uint32_t);
1887 for (i = 0; i < len; i += 2) {
1888 uint32_t i_tamper_id = i_tampers[i] - 1;
1889 uint32_t i_tamper_mode = i_tampers[i + 1];
1890
1891 res = stm32_tamp_activate_tamp(i_tamper_id, i_tamper_mode,
1892 stm32_tamp_itamper_action);
1893 if (res)
1894 return res;
1895 }
1896
1897 skip_int_tamp:
1898 fdt_for_each_subnode(subnode, fdt, node) {
1899 unsigned int ext_tamp_id = 0;
1900 unsigned int out_tamp_id = 0;
1901 const fdt32_t *cuint = 0;
1902 unsigned int mode = 0;
1903 int lenp = 0;
1904
1905 if (!fdt_getprop(fdt, subnode, "tamper-gpios", NULL) ||
1906 fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED)
1907 continue;
1908
1909 cuint = fdt_getprop(fdt, subnode, "st,tamp-mode", NULL);
1910 if (!cuint)
1911 return TEE_ERROR_BAD_PARAMETERS;
1912
1913 mode = fdt32_to_cpu(*cuint);
1914
1915 cuint = fdt_getprop(fdt, subnode, "st,tamp-id", &lenp);
1916 if (!cuint)
1917 return TEE_ERROR_BAD_PARAMETERS;
1918
1919 ext_tamp_id = fdt32_to_cpu(*cuint);
1920 if (lenp > (int)sizeof(uint32_t))
1921 out_tamp_id = fdt32_to_cpu(*(cuint + 1));
1922
1923 res = stm32_tamp_configure_pin_from_dt(fdt, subnode,
1924 &stm32_tamp_dev->pdata,
1925 ext_tamp_id,
1926 out_tamp_id);
1927 if (res)
1928 return res;
1929
1930 res = stm32_tamp_activate_tamp(EXT_TAMP1 + ext_tamp_id - 1,
1931 mode, stm32_tamp_etamper_action);
1932 if (res)
1933 return res;
1934 }
1935
1936 if (stm32_tamp_set_config())
1937 panic();
1938
1939 /* Enable timestamp for tamper */
1940 if (stm32_rtc_set_tamper_timestamp())
1941 panic();
1942
1943 return TEE_SUCCESS;
1944 }
1945
1946 static TEE_Result
stm32_tamp_parse_active_conf(const void * fdt,int node,struct stm32_tamp_platdata * pdata)1947 stm32_tamp_parse_active_conf(const void *fdt, int node,
1948 struct stm32_tamp_platdata *pdata)
1949 {
1950 const fdt32_t *cuint = NULL;
1951 uint32_t clk_div = 1;
1952 uint32_t conf = 0;
1953
1954 cuint = fdt_getprop(fdt, node, "st,tamp-active-filter", NULL);
1955 if (cuint)
1956 conf |= _TAMP_ATCR1_FLTEN;
1957
1958 /*
1959 * Here we will select a divisor for the RTCCLK.
1960 * Note that RTCCLK is also divided by (RTC_PRER_PREDIV_A - 1).
1961 */
1962 cuint = fdt_getprop(fdt, node, "st,tamp-active-clk-div", NULL);
1963 if (cuint)
1964 clk_div = fdt32_to_cpu(*cuint);
1965
1966 DMSG("Active conf from dt: %s clk_div=%"PRIu32,
1967 (conf & _TAMP_ATCR1_FLTEN) ? "filter" : "no filter", clk_div);
1968
1969 switch (clk_div) {
1970 case 1:
1971 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */
1972 break;
1973 case 2:
1974 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */
1975 conf |= SHIFT_U32(1, _TAMP_ATCR1_ATCKSEL_SHIFT);
1976 break;
1977 case 4:
1978 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */
1979 conf |= SHIFT_U32(2, _TAMP_ATCR1_ATCKSEL_SHIFT);
1980 break;
1981 case 8:
1982 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */
1983 conf |= SHIFT_U32(3, _TAMP_ATCR1_ATCKSEL_SHIFT);
1984 break;
1985 case 16:
1986 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */
1987 conf |= SHIFT_U32(4, _TAMP_ATCR1_ATCKSEL_SHIFT);
1988 break;
1989 case 32:
1990 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */
1991 conf |= SHIFT_U32(5, _TAMP_ATCR1_ATCKSEL_SHIFT);
1992 break;
1993 case 64:
1994 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */
1995 conf |= SHIFT_U32(6, _TAMP_ATCR1_ATCKSEL_SHIFT);
1996 break;
1997 case 128:
1998 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */
1999 conf |= SHIFT_U32(7, _TAMP_ATCR1_ATCKSEL_SHIFT);
2000 break;
2001 case 2048:
2002 if (pdata->compat &&
2003 (pdata->compat->tags & TAMP_SIZE_ATCR1_ATCKSEL_IS_4)) {
2004 /*
2005 * RTCCLK/2048 when (PREDIV_A+1) = 128 and (PREDIV_S+1)
2006 * is a multiple of 16.
2007 */
2008 conf |= SHIFT_U32(11, _TAMP_ATCR1_ATCKSEL_SHIFT);
2009 break;
2010 }
2011
2012 return TEE_ERROR_BAD_PARAMETERS;
2013 default:
2014 return TEE_ERROR_BAD_PARAMETERS;
2015 }
2016
2017 pdata->active_conf = conf;
2018
2019 return TEE_SUCCESS;
2020 }
2021
stm32_tamp_parse_fdt(const void * fdt,int node,const void * compat)2022 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node,
2023 const void *compat)
2024 {
2025 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata;
2026 TEE_Result res = TEE_ERROR_GENERIC;
2027 size_t reg_size = 0;
2028
2029 pdata->compat = (struct stm32_tamp_compat *)compat;
2030
2031 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) {
2032 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid);
2033 if (res)
2034 return res;
2035 }
2036
2037 if (fdt_reg_info(fdt, node, &pdata->base.pa, ®_size))
2038 panic();
2039
2040 io_pa_or_va_secure(&pdata->base, reg_size);
2041 assert(pdata->base.va);
2042
2043 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock);
2044 if (res)
2045 return res;
2046
2047 res = stm32_tamp_parse_passive_conf(fdt, node, pdata);
2048 if (res)
2049 return res;
2050
2051 res = stm32_tamp_parse_active_conf(fdt, node, pdata);
2052 if (res)
2053 return res;
2054
2055 if (fdt_getprop(fdt, node, "wakeup-source", NULL))
2056 pdata->is_wakeup_source = true;
2057
2058 parse_bkpregs_dt_conf(fdt, node);
2059
2060 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) {
2061 const fdt32_t *cuint = NULL;
2062 unsigned int i = 0;
2063 int lenp = 0;
2064
2065 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp);
2066 if (!cuint) {
2067 DMSG("No RIF configuration available");
2068 return TEE_SUCCESS;
2069 }
2070
2071 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data));
2072 if (!pdata->conf_data)
2073 panic();
2074
2075 pdata->nb_rif_resources = (unsigned int)(lenp /
2076 sizeof(uint32_t));
2077 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES);
2078
2079 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES,
2080 sizeof(uint32_t));
2081 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t));
2082 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t));
2083 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t));
2084 if (!pdata->conf_data->cid_confs ||
2085 !pdata->conf_data->sec_conf ||
2086 !pdata->conf_data->priv_conf ||
2087 !pdata->conf_data->access_mask)
2088 panic("Not enough memory capacity for TAMP RIF config");
2089
2090 for (i = 0; i < pdata->nb_rif_resources; i++)
2091 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]),
2092 pdata->conf_data,
2093 TAMP_RIF_RESOURCES);
2094 }
2095
2096 return TEE_SUCCESS;
2097 }
2098
stm32_tamp_probe(const void * fdt,int node,const void * compat_data)2099 static TEE_Result stm32_tamp_probe(const void *fdt, int node,
2100 const void *compat_data)
2101 {
2102 size_t it_num = DT_INFO_INVALID_INTERRUPT;
2103 uint32_t __maybe_unused revision = 0;
2104 struct itr_chip *chip = NULL;
2105 TEE_Result res = TEE_SUCCESS;
2106 vaddr_t base = 0;
2107
2108 /* Manage dependency on RNG driver */
2109 res = dt_driver_get_crypto();
2110 if (res)
2111 return res;
2112
2113 /* Manage dependency on RTC driver */
2114 res = stm32_rtc_driver_is_initialized();
2115 if (res)
2116 return res;
2117
2118 res = interrupt_dt_get_by_index(fdt, node, 0, &chip, &it_num);
2119 if (res)
2120 return res;
2121
2122 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev));
2123 if (!stm32_tamp_dev)
2124 return TEE_ERROR_OUT_OF_MEMORY;
2125
2126 res = stm32_tamp_parse_fdt(fdt, node, compat_data);
2127 if (res)
2128 goto err;
2129
2130 if (clk_enable(stm32_tamp_dev->pdata.clock))
2131 panic();
2132
2133 base = get_base();
2134
2135 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1);
2136 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2);
2137
2138 revision = io_read32(base + _TAMP_VERR);
2139 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32,
2140 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV);
2141
2142 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) {
2143 EMSG("TAMP doesn't support TrustZone");
2144 res = TEE_ERROR_NOT_SUPPORTED;
2145 goto err_clk;
2146 }
2147
2148 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) {
2149 apply_rif_config();
2150
2151 if (stm32_tamp_dev->pdata.is_tdcid) {
2152 res = stm32_tamp_apply_bkpr_rif_conf();
2153 if (res)
2154 goto err_clk;
2155 }
2156 } else {
2157 /*
2158 * Enforce secure only access to protected TAMP registers.
2159 * Allow non-secure access to monotonic counter.
2160 */
2161 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC);
2162
2163 /*
2164 * Enforce privilege only access to TAMP registers, backup
2165 * registers and monotonic counter.
2166 */
2167 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV |
2168 _TAMP_PRIVCFG_BKPRWPRIV |
2169 _TAMP_PRIVCFG_BKPWPRIV);
2170 }
2171
2172 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) ||
2173 stm32_tamp_dev->pdata.is_tdcid) {
2174 res = stm32_tamp_set_secure_bkpregs();
2175 if (res)
2176 goto err_clk;
2177 }
2178
2179 res = interrupt_create_handler(chip, it_num, stm32_tamp_it_handler,
2180 NULL, ITRF_TRIGGER_LEVEL,
2181 &stm32_tamp_dev->pdata.itr);
2182 if (res)
2183 goto err_clk;
2184
2185 if (stm32_tamp_dev->pdata.is_wakeup_source &&
2186 interrupt_can_set_wake(chip)) {
2187 interrupt_set_wake(chip, it_num, true);
2188 DMSG("Tamper event wakeup capability enabled");
2189 }
2190
2191 res = stm32_configure_tamp(fdt, node);
2192 if (res)
2193 goto err_clk;
2194
2195 stm32_tamp_set_pins(base, stm32_tamp_dev->pdata.pins_conf);
2196
2197 interrupt_enable(chip, it_num);
2198
2199 return TEE_SUCCESS;
2200
2201 err_clk:
2202 clk_disable(stm32_tamp_dev->pdata.clock);
2203 err:
2204 if (stm32_tamp_dev->pdata.conf_data) {
2205 free(stm32_tamp_dev->pdata.conf_data->cid_confs);
2206 free(stm32_tamp_dev->pdata.conf_data->sec_conf);
2207 free(stm32_tamp_dev->pdata.conf_data->priv_conf);
2208 free(stm32_tamp_dev->pdata.conf_data->access_mask);
2209 free(stm32_tamp_dev->pdata.conf_data);
2210 }
2211
2212 if (stm32_tamp_dev->pdata.itr) {
2213 interrupt_disable(chip, it_num);
2214 interrupt_remove_free_handler(stm32_tamp_dev->pdata.itr);
2215 }
2216
2217 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets);
2218 free(stm32_tamp_dev);
2219
2220 return res;
2221 }
2222
2223 static const struct stm32_tamp_compat mp13_compat = {
2224 .nb_monotonic_counter = 2,
2225 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR |
2226 TAMP_HAS_REGISTER_ERCFGR | TAMP_HAS_REGISTER_CR3 |
2227 TAMP_HAS_REGISTER_ATCR2 | TAMP_HAS_CR2_SECRET_STATUS |
2228 TAMP_SIZE_ATCR1_ATCKSEL_IS_4,
2229 #if defined(CFG_STM32MP13)
2230 .int_tamp = int_tamp_mp13,
2231 .int_tamp_size = ARRAY_SIZE(int_tamp_mp13),
2232 .ext_tamp = ext_tamp_mp13,
2233 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp13),
2234 .pin_map = pin_map_mp13,
2235 .pin_map_size = ARRAY_SIZE(pin_map_mp13),
2236 #endif
2237 };
2238
2239 static const struct stm32_tamp_compat mp15_compat = {
2240 .nb_monotonic_counter = 1,
2241 .tags = 0,
2242 #if defined(CFG_STM32MP15)
2243 .int_tamp = int_tamp_mp15,
2244 .int_tamp_size = ARRAY_SIZE(int_tamp_mp15),
2245 .ext_tamp = ext_tamp_mp15,
2246 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp15),
2247 .pin_map = pin_map_mp15,
2248 .pin_map_size = ARRAY_SIZE(pin_map_mp15),
2249 #endif
2250 };
2251
2252 static const struct stm32_tamp_compat mp21_compat = {
2253 .nb_monotonic_counter = 2,
2254 .tags = TAMP_HAS_REGISTER_SECCFGR |
2255 TAMP_HAS_REGISTER_PRIVCFGR |
2256 TAMP_HAS_RIF_SUPPORT |
2257 TAMP_HAS_REGISTER_ERCFGR |
2258 TAMP_HAS_REGISTER_CR3 |
2259 TAMP_HAS_REGISTER_ATCR2 |
2260 TAMP_HAS_CR2_SECRET_STATUS |
2261 TAMP_SIZE_ATCR1_ATCKSEL_IS_4,
2262 #if defined(CFG_STM32MP21)
2263 .int_tamp = int_tamp_mp21,
2264 .int_tamp_size = ARRAY_SIZE(int_tamp_mp21),
2265 .ext_tamp = ext_tamp_mp21,
2266 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp21),
2267 .pin_map = pin_map_mp21,
2268 .pin_map_size = ARRAY_SIZE(pin_map_mp21),
2269 #endif
2270 };
2271
2272 static const struct stm32_tamp_compat mp25_compat = {
2273 .nb_monotonic_counter = 2,
2274 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR |
2275 TAMP_HAS_RIF_SUPPORT | TAMP_HAS_REGISTER_ERCFGR |
2276 TAMP_HAS_REGISTER_CR3 | TAMP_HAS_REGISTER_ATCR2 |
2277 TAMP_HAS_CR2_SECRET_STATUS | TAMP_SIZE_ATCR1_ATCKSEL_IS_4,
2278 #if defined(CFG_STM32MP25)
2279 .int_tamp = int_tamp_mp25,
2280 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25),
2281 .ext_tamp = ext_tamp_mp25,
2282 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp25),
2283 .pin_map = pin_map_mp25,
2284 .pin_map_size = ARRAY_SIZE(pin_map_mp25),
2285 #endif
2286 };
2287
2288 static const struct stm32_tamp_compat mp23_compat = {
2289 .nb_monotonic_counter = 2,
2290 .tags = TAMP_HAS_REGISTER_SECCFGR |
2291 TAMP_HAS_REGISTER_PRIVCFGR |
2292 TAMP_HAS_RIF_SUPPORT |
2293 TAMP_HAS_REGISTER_ERCFGR |
2294 TAMP_HAS_REGISTER_CR3 |
2295 TAMP_HAS_REGISTER_ATCR2 |
2296 TAMP_HAS_CR2_SECRET_STATUS,
2297 #if defined(CFG_STM32MP23)
2298 .int_tamp = int_tamp_mp25,
2299 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25),
2300 .ext_tamp = ext_tamp_mp23,
2301 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp23),
2302 .pin_map = pin_map_mp25,
2303 .pin_map_size = ARRAY_SIZE(pin_map_mp25),
2304 #endif
2305 };
2306
2307 static const struct dt_device_match stm32_tamp_match_table[] = {
2308 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat },
2309 { .compatible = "st,stm32mp23-tamp", .compat_data = &mp23_compat },
2310 { .compatible = "st,stm32mp21-tamp", .compat_data = &mp21_compat },
2311 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat },
2312 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat },
2313 { }
2314 };
2315
2316 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = {
2317 .name = "stm32-tamp",
2318 .match_table = stm32_tamp_match_table,
2319 .probe = stm32_tamp_probe,
2320 };
2321