1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/stm32_etzpc.h> 12 #include <drivers/stm32_gpio.h> 13 #include <drivers/stm32_iwdg.h> 14 #include <drivers/stm32_tamp.h> 15 #include <drivers/stm32_uart.h> 16 #include <drivers/stm32mp1_etzpc.h> 17 #include <drivers/stm32mp_dt_bindings.h> 18 #include <io.h> 19 #include <kernel/boot.h> 20 #include <kernel/dt.h> 21 #include <kernel/misc.h> 22 #include <kernel/panic.h> 23 #include <kernel/spinlock.h> 24 #include <mm/core_memprot.h> 25 #include <platform_config.h> 26 #include <sm/psci.h> 27 #include <stm32_util.h> 28 #include <string.h> 29 #include <trace.h> 30 31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 37 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 38 39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 43 #ifdef CFG_STM32MP13 44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 45 #endif 46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 49 50 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 51 52 #define _ID2STR(id) (#id) 53 #define ID2STR(id) _ID2STR(id) 54 55 static TEE_Result platform_banner(void) 56 { 57 IMSG("Platform stm32mp1: flavor %s - DT %s", 58 ID2STR(PLATFORM_FLAVOR), 59 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 60 61 return TEE_SUCCESS; 62 } 63 service_init(platform_banner); 64 65 /* 66 * Console 67 * 68 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 69 * trace console. Value 0 disables the early console. 70 * 71 * We cannot use the generic serial_console support since probing 72 * the console requires the platform clock driver to be already 73 * up and ready which is done only once service_init are completed. 74 */ 75 static struct stm32_uart_pdata console_data; 76 77 void console_init(void) 78 { 79 /* Early console initialization before MMU setup */ 80 struct uart { 81 paddr_t pa; 82 bool secure; 83 } uarts[] = { 84 [0] = { .pa = 0 }, 85 [1] = { .pa = USART1_BASE, .secure = true, }, 86 [2] = { .pa = USART2_BASE, .secure = false, }, 87 [3] = { .pa = USART3_BASE, .secure = false, }, 88 [4] = { .pa = UART4_BASE, .secure = false, }, 89 [5] = { .pa = UART5_BASE, .secure = false, }, 90 [6] = { .pa = USART6_BASE, .secure = false, }, 91 [7] = { .pa = UART7_BASE, .secure = false, }, 92 [8] = { .pa = UART8_BASE, .secure = false, }, 93 }; 94 95 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 96 97 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 98 return; 99 100 /* No clock yet bound to the UART console */ 101 console_data.clock = NULL; 102 103 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 104 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 105 106 register_serial_console(&console_data.chip); 107 108 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 109 } 110 111 static TEE_Result init_console_from_dt(void) 112 { 113 struct stm32_uart_pdata *pd = NULL; 114 void *fdt = NULL; 115 int node = 0; 116 TEE_Result res = TEE_ERROR_GENERIC; 117 118 fdt = get_embedded_dt(); 119 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 120 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 121 fdt = get_external_dt(); 122 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 123 if (res == TEE_ERROR_ITEM_NOT_FOUND) 124 return TEE_SUCCESS; 125 if (res != TEE_SUCCESS) 126 return res; 127 } 128 129 pd = stm32_uart_init_from_dt_node(fdt, node); 130 if (!pd) { 131 IMSG("DTB disables console"); 132 register_serial_console(NULL); 133 return TEE_SUCCESS; 134 } 135 136 /* Replace early console with the new one */ 137 console_flush(); 138 console_data = *pd; 139 register_serial_console(&console_data.chip); 140 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 141 free(pd); 142 143 return TEE_SUCCESS; 144 } 145 146 /* Probe console from DT once clock inits (service init level) are completed */ 147 service_init_late(init_console_from_dt); 148 149 /* 150 * GIC init, used also for primary/secondary boot core wake completion 151 */ 152 void main_init_gic(void) 153 { 154 gic_init(GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 155 156 stm32mp_register_online_cpu(); 157 } 158 159 void main_secondary_init_gic(void) 160 { 161 gic_cpu_init(); 162 163 stm32mp_register_online_cpu(); 164 } 165 166 #ifdef CFG_STM32MP13 167 #ifdef CFG_STM32_ETZPC 168 /* Configure ETZPC cell and lock it when resource is secure */ 169 static void config_lock_decprot(uint32_t decprot_id, 170 enum etzpc_decprot_attributes decprot_attr) 171 { 172 etzpc_configure_decprot(decprot_id, decprot_attr); 173 174 if (decprot_attr == ETZPC_DECPROT_S_RW) 175 etzpc_lock_decprot(decprot_id); 176 } 177 178 static TEE_Result set_etzpc_secure_configuration(void) 179 { 180 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW); 181 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID, 182 ETZPC_DECPROT_NS_R_S_W); 183 184 /* Configure ETZPC with peripheral registering */ 185 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW); 186 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW); 187 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW); 188 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW); 189 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW); 190 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW); 191 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW); 192 /* HASH is secure */ 193 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW); 194 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW); 195 /* I2C4 is secure */ 196 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW); 197 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW); 198 /* IWDG1 is secure */ 199 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW); 200 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW); 201 /* LPTIM3 is secure */ 202 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW); 203 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW); 204 /* MCE is secure */ 205 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW); 206 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW); 207 /* PKA is secure */ 208 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW); 209 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW); 210 /* RNG is secure */ 211 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW); 212 /* SAES is secure */ 213 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW); 214 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW); 215 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW); 216 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW); 217 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW); 218 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW); 219 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW); 220 /* SRAM3 is secure */ 221 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW); 222 /* STGENC is secure */ 223 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW); 224 /* TIM12 is secure */ 225 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW); 226 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW); 227 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW); 228 /* TIM15 is secure */ 229 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW); 230 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW); 231 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW); 232 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW); 233 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW); 234 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW); 235 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW); 236 237 return TEE_SUCCESS; 238 } 239 240 driver_init_late(set_etzpc_secure_configuration); 241 #endif /* CFG_STM32_ETZPC */ 242 #endif /* CFG_STM32MP13 */ 243 244 static TEE_Result init_stm32mp1_drivers(void) 245 { 246 /* Secure internal memories for the platform, once ETZPC is ready */ 247 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE); 248 etzpc_lock_tzma(0); 249 250 #ifdef CFG_TZSRAM_START 251 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) || 252 ((SYSRAM_BASE <= CFG_TZSRAM_START) && 253 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE))); 254 #endif /* CFG_TZSRAM_START */ 255 256 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 257 etzpc_lock_tzma(1); 258 259 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) { 260 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE; 261 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE; 262 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC, 263 nsec_size); 264 265 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1); 266 267 /* Clear content from the non-secure part */ 268 memset(va, 0, nsec_size); 269 } 270 271 return TEE_SUCCESS; 272 } 273 274 service_init_late(init_stm32mp1_drivers); 275 276 static TEE_Result init_late_stm32mp1_drivers(void) 277 { 278 TEE_Result res = TEE_ERROR_GENERIC; 279 280 /* Set access permission to TAM backup registers */ 281 if (IS_ENABLED(CFG_STM32_TAMP)) { 282 struct stm32_bkpregs_conf conf = { 283 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 284 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 285 }; 286 287 res = stm32_tamp_set_secure_bkpregs(&conf); 288 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 289 /* TAMP driver was not probed if disabled in the DT */ 290 res = TEE_SUCCESS; 291 } 292 if (res) 293 panic(); 294 } 295 296 return TEE_SUCCESS; 297 } 298 299 driver_init_late(init_late_stm32mp1_drivers); 300 301 vaddr_t stm32_rcc_base(void) 302 { 303 static struct io_pa_va base = { .pa = RCC_BASE }; 304 305 return io_pa_or_va_secure(&base, 1); 306 } 307 308 vaddr_t get_gicd_base(void) 309 { 310 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 311 312 return io_pa_or_va_secure(&base, 1); 313 } 314 315 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 316 { 317 cfg->base = BSEC_BASE; 318 cfg->upper_start = STM32MP1_UPPER_OTP_START; 319 cfg->max_id = STM32MP1_OTP_MAX_ID; 320 } 321 322 bool __weak stm32mp_with_pmic(void) 323 { 324 return false; 325 } 326 327 uint32_t may_spin_lock(unsigned int *lock) 328 { 329 if (!lock || !cpu_mmu_enabled()) 330 return 0; 331 332 return cpu_spin_lock_xsave(lock); 333 } 334 335 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 336 { 337 if (!lock || !cpu_mmu_enabled()) 338 return; 339 340 cpu_spin_unlock_xrestore(lock, exceptions); 341 } 342 343 static vaddr_t stm32_tamp_base(void) 344 { 345 static struct io_pa_va base = { .pa = TAMP_BASE }; 346 347 return io_pa_or_va_secure(&base, 1); 348 } 349 350 static vaddr_t bkpreg_base(void) 351 { 352 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 353 } 354 355 vaddr_t stm32mp_bkpreg(unsigned int idx) 356 { 357 return bkpreg_base() + (idx * sizeof(uint32_t)); 358 } 359 360 static bool __maybe_unused bank_is_valid(unsigned int bank) 361 { 362 if (IS_ENABLED(CFG_STM32MP15)) 363 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 364 365 if (IS_ENABLED(CFG_STM32MP13)) 366 return bank <= GPIO_BANK_I; 367 368 panic(); 369 } 370 371 unsigned int stm32_get_gpio_bank_offset(unsigned int bank) 372 { 373 assert(bank_is_valid(bank)); 374 375 if (bank == GPIO_BANK_Z) 376 return 0; 377 378 return bank * GPIO_BANK_OFFSET; 379 } 380 381 #ifdef CFG_STM32_IWDG 382 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 383 struct stm32_iwdg_otp_data *otp_data) 384 { 385 unsigned int idx = 0; 386 uint32_t otp_id = 0; 387 size_t bit_len = 0; 388 uint32_t otp_value = 0; 389 390 switch (pbase) { 391 case IWDG1_BASE: 392 idx = 0; 393 break; 394 case IWDG2_BASE: 395 idx = 1; 396 break; 397 default: 398 panic(); 399 } 400 401 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) || 402 bit_len != 32) 403 panic(); 404 405 if (stm32_bsec_read_otp(&otp_value, otp_id)) 406 panic(); 407 408 otp_data->hw_enabled = otp_value & 409 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 410 otp_data->disable_on_stop = otp_value & 411 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 412 otp_data->disable_on_standby = otp_value & 413 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 414 415 return TEE_SUCCESS; 416 } 417 #endif /*CFG_STM32_IWDG*/ 418 419 #ifdef CFG_STM32_DEBUG_ACCESS 420 static TEE_Result init_debug(void) 421 { 422 TEE_Result res = TEE_SUCCESS; 423 uint32_t conf = stm32_bsec_read_debug_conf(); 424 struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG); 425 uint32_t state = 0; 426 427 res = stm32_bsec_get_state(&state); 428 if (res) 429 return res; 430 431 if (state != BSEC_STATE_SEC_CLOSED && conf) { 432 if (IS_ENABLED(CFG_WARN_INSECURE)) 433 IMSG("WARNING: All debug accesses are allowed"); 434 435 res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL); 436 if (res) 437 return res; 438 439 /* 440 * Enable DBG clock as used to access coprocessor 441 * debug registers 442 */ 443 clk_enable(dbg_clk); 444 } 445 446 return TEE_SUCCESS; 447 } 448 early_init_late(init_debug); 449 #endif /* CFG_STM32_DEBUG_ACCESS */ 450