1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2024, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/pinctrl.h> 12 #include <drivers/stm32_etzpc.h> 13 #include <drivers/stm32_gpio.h> 14 #include <drivers/stm32_iwdg.h> 15 #include <drivers/stm32_tamp.h> 16 #include <drivers/stm32_uart.h> 17 #include <drivers/stm32mp_dt_bindings.h> 18 #include <io.h> 19 #include <kernel/boot.h> 20 #include <kernel/dt.h> 21 #include <kernel/misc.h> 22 #include <kernel/panic.h> 23 #include <kernel/spinlock.h> 24 #include <kernel/tee_misc.h> 25 #include <mm/core_memprot.h> 26 #include <platform_config.h> 27 #include <sm/psci.h> 28 #include <stm32_util.h> 29 #include <string.h> 30 #include <trace.h> 31 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 37 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 38 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 39 40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 43 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 44 #ifdef CFG_STM32MP13 45 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 46 #endif 47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 49 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 50 51 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 52 53 #define _ID2STR(id) (#id) 54 #define ID2STR(id) _ID2STR(id) 55 56 static TEE_Result platform_banner(void) 57 { 58 IMSG("Platform stm32mp1: flavor %s - DT %s", 59 ID2STR(PLATFORM_FLAVOR), 60 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 61 62 return TEE_SUCCESS; 63 } 64 service_init(platform_banner); 65 66 /* 67 * Console 68 * 69 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 70 * trace console. Value 0 disables the early console. 71 * 72 * We cannot use the generic serial_console support since probing 73 * the console requires the platform clock driver to be already 74 * up and ready which is done only once service_init are completed. 75 */ 76 static struct stm32_uart_pdata console_data; 77 78 void plat_console_init(void) 79 { 80 /* Early console initialization before MMU setup */ 81 struct uart { 82 paddr_t pa; 83 bool secure; 84 } uarts[] = { 85 [0] = { .pa = 0 }, 86 [1] = { .pa = USART1_BASE, .secure = true, }, 87 [2] = { .pa = USART2_BASE, .secure = false, }, 88 [3] = { .pa = USART3_BASE, .secure = false, }, 89 [4] = { .pa = UART4_BASE, .secure = false, }, 90 [5] = { .pa = UART5_BASE, .secure = false, }, 91 [6] = { .pa = USART6_BASE, .secure = false, }, 92 [7] = { .pa = UART7_BASE, .secure = false, }, 93 [8] = { .pa = UART8_BASE, .secure = false, }, 94 }; 95 96 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 97 98 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 99 return; 100 101 /* No clock yet bound to the UART console */ 102 console_data.clock = NULL; 103 104 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 105 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 106 107 register_serial_console(&console_data.chip); 108 109 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 110 } 111 112 static TEE_Result init_console_from_dt(void) 113 { 114 struct stm32_uart_pdata *pd = NULL; 115 void *fdt = NULL; 116 int node = 0; 117 TEE_Result res = TEE_ERROR_GENERIC; 118 119 fdt = get_embedded_dt(); 120 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 121 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 122 fdt = get_external_dt(); 123 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 124 if (res == TEE_ERROR_ITEM_NOT_FOUND) 125 return TEE_SUCCESS; 126 if (res != TEE_SUCCESS) 127 return res; 128 } 129 130 pd = stm32_uart_init_from_dt_node(fdt, node); 131 if (!pd) { 132 IMSG("DTB disables console"); 133 register_serial_console(NULL); 134 return TEE_SUCCESS; 135 } 136 137 /* Replace early console with the new one */ 138 console_flush(); 139 console_data = *pd; 140 register_serial_console(&console_data.chip); 141 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 142 free(pd); 143 144 return TEE_SUCCESS; 145 } 146 147 /* Probe console from DT once clock inits (service init level) are completed */ 148 service_init_late(init_console_from_dt); 149 150 /* 151 * GIC init, used also for primary/secondary boot core wake completion 152 */ 153 void boot_primary_init_intc(void) 154 { 155 gic_init(GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 156 157 stm32mp_register_online_cpu(); 158 } 159 160 void boot_secondary_init_intc(void) 161 { 162 gic_init_per_cpu(); 163 164 stm32mp_register_online_cpu(); 165 } 166 167 #ifdef CFG_STM32MP15 168 /* 169 * This concerns OP-TEE pager for STM32MP1 to use secure internal 170 * RAMs to execute. TZSRAM refers the TZSRAM_BASE/TZSRAM_SIZE 171 * used in boot.c to locate secure unpaged memory. 172 * 173 * STM32MP15 variants embed 640kB of contiguous securable SRAMs 174 * 175 * +--------------+ <-- SYSRAM_BASE 176 * | | lower part can be assigned to secure world 177 * | SYSRAM 256kB | 4kB granule boundary 178 * | | upper part can be assigned to secure world 179 * +--------------+ <-- SRAM1_BASE (= SYSRAM_BASE + SYSRAM_SIZE) 180 | | full range assigned to non-secure world or 181 * | SRAM1 128kB | to secure world, or to- Cortex-M4 exclusive access 182 * +--------------+ <-- SRAM2_BASE (= SRAM1_BASE + SRAM1_SIZE) 183 | | full range assigned to non-secure world or 184 * | SRAM2 128kB | to secure world, or to- Cortex-M4 exclusive access 185 * +--------------+ <-- SRAM3_BASE (= SRAM2_BASE + SRAM2_SIZE) 186 | | full range assigned to non-secure world or 187 * | SRAM3 64kB | to secure world, or to- Cortex-M4 exclusive access 188 * +--------------+ <-- SRAM4_BASE (= SRAM3_BASE + SRAM3_SIZE) 189 | | full range assigned to non-secure world or 190 * | SRAM4 64kB | to secure world, or to- Cortex-M4 exclusive access 191 * +--------------+ <-- SRAM4_BASE + SRAM4_SIZE 192 * 193 * If SRAMx memories are not used for the companion Cortex-M4 194 * processor, OP-TEE can use this memory. 195 * 196 * SYSRAM configuration for secure/non-secure boundaries requires the 197 * secure SYSRAM memory to start at the SYSRAM physical base address and grow 198 * from there while the non-secure SYSRAM range lies at SYSRAM end addresses 199 * with a 4KB page granule. 200 * 201 * SRAM1, SRAM2, SRAM3 and SRAM4 are independently assigned to secure world, 202 * to non-secure world or possibly to Cortex-M4 exclusive access. Each 203 * assignment covers the full related SRAMx memory range. 204 * 205 * Using non-secure SYSRAM or one of the SRAMx for SCMI message communication 206 * can be done using CFG_STM32MP1_SCMI_SHM_BASE/CFG_STM32MP1_SCMI_SHM_SIZE. 207 * This imposes related memory area is assigned to non-secure world. 208 209 * Using secure internal memories (SYSRAM and/or some SRAMx) with STM32MP15 210 * shall meet this constraints known the TZSRAM physical memory range shall 211 * be contiguous. 212 */ 213 214 #define SYSRAM_END (SYSRAM_BASE + SYSRAM_SIZE) 215 #define SYSRAM_SEC_END (SYSRAM_BASE + SYSRAM_SEC_SIZE) 216 #define SRAMS_END (SRAM4_BASE + SRAM4_SIZE) 217 #define SRAMS_START SRAM1_BASE 218 #define TZSRAM_END (CFG_TZSRAM_START + CFG_TZSRAM_SIZE) 219 220 #define SCMI_SHM_IS_IN_SRAMX ((CFG_STM32MP1_SCMI_SHM_BASE >= SRAM1_BASE) && \ 221 (CFG_STM32MP1_SCMI_SHM_BASE + \ 222 CFG_STM32MP1_SCMI_SHM_SIZE) <= SRAMS_END) 223 224 #define TZSRAM_FITS_IN_SYSRAM_SEC ((CFG_TZSRAM_START >= SYSRAM_BASE) && \ 225 (TZSRAM_END <= SYSRAM_SEC_END)) 226 227 #define TZSRAM_FITS_IN_SYSRAM_AND_SRAMS ((CFG_TZSRAM_START >= SYSRAM_BASE) && \ 228 (CFG_TZSRAM_START < SYSRAM_END) && \ 229 (TZSRAM_END > SYSRAM_END) && \ 230 (TZSRAM_END <= SRAMS_END) && \ 231 (SYSRAM_SIZE == SYSRAM_SEC_SIZE)) 232 233 #define TZSRAM_FITS_IN_SRAMS ((CFG_TZSRAM_START >= SRAMS_START) && \ 234 (CFG_TZSRAM_START < SRAMS_END) && \ 235 (TZSRAM_END <= SRAMS_END)) 236 237 #define TZSRAM_IS_IN_DRAM (CFG_TZSRAM_START >= CFG_DRAM_BASE) 238 239 #ifdef CFG_WITH_PAGER 240 /* 241 * At build time, we enforce that, when pager is used, 242 * either TZSRAM fully fits inside SYSRAM secure address range, 243 * or TZSRAM fully fits inside the full SYSRAM and spread inside SRAMx orderly, 244 * or TZSRAM fully fits some inside SRAMs address range, 245 * or TZSRAM is in DDR for debug and test purpose. 246 */ 247 static_assert(TZSRAM_FITS_IN_SYSRAM_SEC || TZSRAM_FITS_IN_SYSRAM_AND_SRAMS || 248 TZSRAM_FITS_IN_SRAMS || TZSRAM_IS_IN_DRAM); 249 #endif 250 251 #if TZSRAM_FITS_IN_SYSRAM_AND_SRAMS || TZSRAM_FITS_IN_SRAMS || \ 252 SCMI_SHM_IS_IN_SRAMX 253 /* At run time we enforce that SRAM1 to SRAM4 are properly assigned if used */ 254 static TEE_Result init_stm32mp15_secure_srams(void) 255 { 256 if (IS_ENABLED(CFG_WITH_PAGER)) { 257 if (core_is_buffer_intersect(CFG_TZSRAM_START, CFG_TZSRAM_SIZE, 258 SRAM1_BASE, SRAM1_SIZE)) 259 stm32mp_register_secure_periph_iomem(SRAM1_BASE); 260 261 if (core_is_buffer_intersect(CFG_TZSRAM_START, CFG_TZSRAM_SIZE, 262 SRAM2_BASE, SRAM2_SIZE)) 263 stm32mp_register_secure_periph_iomem(SRAM2_BASE); 264 265 if (core_is_buffer_intersect(CFG_TZSRAM_START, CFG_TZSRAM_SIZE, 266 SRAM3_BASE, SRAM3_SIZE)) 267 stm32mp_register_secure_periph_iomem(SRAM3_BASE); 268 269 if (core_is_buffer_intersect(CFG_TZSRAM_START, CFG_TZSRAM_SIZE, 270 SRAM4_BASE, SRAM4_SIZE)) 271 stm32mp_register_secure_periph_iomem(SRAM4_BASE); 272 } 273 274 if (SCMI_SHM_IS_IN_SRAMX) { 275 if (core_is_buffer_intersect(CFG_STM32MP1_SCMI_SHM_BASE, 276 CFG_STM32MP1_SCMI_SHM_SIZE, 277 SRAM1_BASE, SRAM1_SIZE)) 278 stm32mp_register_non_secure_periph_iomem(SRAM1_BASE); 279 280 if (core_is_buffer_intersect(CFG_STM32MP1_SCMI_SHM_BASE, 281 CFG_STM32MP1_SCMI_SHM_SIZE, 282 SRAM2_BASE, SRAM2_SIZE)) 283 stm32mp_register_non_secure_periph_iomem(SRAM2_BASE); 284 285 if (core_is_buffer_intersect(CFG_STM32MP1_SCMI_SHM_BASE, 286 CFG_STM32MP1_SCMI_SHM_SIZE, 287 SRAM3_BASE, SRAM3_SIZE)) 288 stm32mp_register_non_secure_periph_iomem(SRAM3_BASE); 289 290 if (core_is_buffer_intersect(CFG_STM32MP1_SCMI_SHM_BASE, 291 CFG_STM32MP1_SCMI_SHM_SIZE, 292 SRAM4_BASE, SRAM4_SIZE)) 293 stm32mp_register_non_secure_periph_iomem(SRAM4_BASE); 294 } 295 296 return TEE_SUCCESS; 297 } 298 299 service_init_late(init_stm32mp15_secure_srams); 300 #endif /* TZSRAM_FITS_IN_SYSRAM_AND_SRAMS || TZSRAM_FITS_IN_SRAMS */ 301 #endif /* CFG_STM32MP15 && CFG_TZSRAM_START */ 302 303 static TEE_Result init_stm32mp1_drivers(void) 304 { 305 #if defined(CFG_STM32_ETZPC) 306 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 307 308 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) { 309 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE; 310 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE; 311 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC, 312 nsec_size); 313 314 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1); 315 316 /* Clear content from the non-secure part */ 317 memset(va, 0, nsec_size); 318 } 319 #endif /* CFG_STM32_ETZPC */ 320 321 return TEE_SUCCESS; 322 } 323 324 service_init_late(init_stm32mp1_drivers); 325 326 static TEE_Result init_late_stm32mp1_drivers(void) 327 { 328 TEE_Result res = TEE_ERROR_GENERIC; 329 330 /* Set access permission to TAM backup registers */ 331 if (IS_ENABLED(CFG_STM32_TAMP)) { 332 struct stm32_bkpregs_conf conf = { 333 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 334 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 335 }; 336 337 res = stm32_tamp_set_secure_bkpregs(&conf); 338 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 339 /* TAMP driver was not probed if disabled in the DT */ 340 res = TEE_SUCCESS; 341 } 342 if (res) 343 panic(); 344 } 345 346 return TEE_SUCCESS; 347 } 348 349 driver_init_late(init_late_stm32mp1_drivers); 350 351 vaddr_t stm32_rcc_base(void) 352 { 353 static struct io_pa_va base = { .pa = RCC_BASE }; 354 355 return io_pa_or_va_secure(&base, 1); 356 } 357 358 vaddr_t get_gicd_base(void) 359 { 360 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 361 362 return io_pa_or_va_secure(&base, 1); 363 } 364 365 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 366 { 367 cfg->base = BSEC_BASE; 368 cfg->upper_start = STM32MP1_UPPER_OTP_START; 369 cfg->max_id = STM32MP1_OTP_MAX_ID; 370 } 371 372 bool __weak stm32mp_with_pmic(void) 373 { 374 return false; 375 } 376 377 uint32_t may_spin_lock(unsigned int *lock) 378 { 379 if (!lock || !cpu_mmu_enabled()) 380 return 0; 381 382 return cpu_spin_lock_xsave(lock); 383 } 384 385 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 386 { 387 if (!lock || !cpu_mmu_enabled()) 388 return; 389 390 cpu_spin_unlock_xrestore(lock, exceptions); 391 } 392 393 static vaddr_t stm32_tamp_base(void) 394 { 395 static struct io_pa_va base = { .pa = TAMP_BASE }; 396 397 return io_pa_or_va_secure(&base, 1); 398 } 399 400 static vaddr_t bkpreg_base(void) 401 { 402 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 403 } 404 405 vaddr_t stm32mp_bkpreg(unsigned int idx) 406 { 407 return bkpreg_base() + (idx * sizeof(uint32_t)); 408 } 409 410 static bool __maybe_unused bank_is_valid(unsigned int bank) 411 { 412 if (IS_ENABLED(CFG_STM32MP15)) 413 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 414 415 if (IS_ENABLED(CFG_STM32MP13)) 416 return bank <= GPIO_BANK_I; 417 418 panic(); 419 } 420 421 #ifdef CFG_STM32_IWDG 422 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 423 struct stm32_iwdg_otp_data *otp_data) 424 { 425 unsigned int idx = 0; 426 uint32_t otp_id = 0; 427 size_t bit_len = 0; 428 uint8_t bit_offset = 0; 429 uint32_t otp_value = 0; 430 431 switch (pbase) { 432 case IWDG1_BASE: 433 idx = 0; 434 break; 435 case IWDG2_BASE: 436 idx = 1; 437 break; 438 default: 439 panic(); 440 } 441 442 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_offset, 443 &bit_len) || 444 bit_len != 32 || bit_offset != 0) 445 panic(); 446 447 if (stm32_bsec_read_otp(&otp_value, otp_id)) 448 panic(); 449 450 otp_data->hw_enabled = otp_value & 451 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 452 otp_data->disable_on_stop = otp_value & 453 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 454 otp_data->disable_on_standby = otp_value & 455 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 456 457 return TEE_SUCCESS; 458 } 459 #endif /*CFG_STM32_IWDG*/ 460 461 #ifdef CFG_STM32_DEBUG_ACCESS 462 static TEE_Result init_debug(void) 463 { 464 TEE_Result res = TEE_SUCCESS; 465 uint32_t conf = stm32_bsec_read_debug_conf(); 466 struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG); 467 uint32_t state = 0; 468 469 res = stm32_bsec_get_state(&state); 470 if (res) 471 return res; 472 473 if (state != BSEC_STATE_SEC_CLOSED && conf) { 474 if (IS_ENABLED(CFG_INSECURE)) 475 IMSG("WARNING: All debug accesses are allowed"); 476 477 res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL); 478 if (res) 479 return res; 480 481 /* 482 * Enable DBG clock as used to access coprocessor 483 * debug registers 484 */ 485 clk_enable(dbg_clk); 486 } 487 488 return TEE_SUCCESS; 489 } 490 early_init_late(init_debug); 491 #endif /* CFG_STM32_DEBUG_ACCESS */ 492 493 /* Some generic resources need to be unpaged */ 494 DECLARE_KEEP_PAGER(pinctrl_apply_state); 495