1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/stm32_etzpc.h> 12 #include <drivers/stm32_iwdg.h> 13 #include <drivers/stm32_tamp.h> 14 #include <drivers/stm32_uart.h> 15 #include <drivers/stm32mp1_etzpc.h> 16 #include <drivers/stm32mp_dt_bindings.h> 17 #include <io.h> 18 #include <kernel/boot.h> 19 #include <kernel/dt.h> 20 #include <kernel/misc.h> 21 #include <kernel/panic.h> 22 #include <kernel/spinlock.h> 23 #include <mm/core_memprot.h> 24 #include <platform_config.h> 25 #include <sm/psci.h> 26 #include <stm32_util.h> 27 #include <string.h> 28 #include <trace.h> 29 30 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 37 38 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 42 #ifdef CFG_STM32MP13 43 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 44 #endif 45 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 48 49 #ifdef CFG_STM32MP1_SCMI_SHM_BASE 50 register_phys_mem(MEM_AREA_IO_NSEC, CFG_STM32MP1_SCMI_SHM_BASE, 51 CFG_STM32MP1_SCMI_SHM_SIZE); 52 #endif 53 54 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 55 56 #define _ID2STR(id) (#id) 57 #define ID2STR(id) _ID2STR(id) 58 59 static TEE_Result platform_banner(void) 60 { 61 IMSG("Platform stm32mp1: flavor %s - DT %s", 62 ID2STR(PLATFORM_FLAVOR), 63 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 64 65 return TEE_SUCCESS; 66 } 67 service_init(platform_banner); 68 69 /* 70 * Console 71 * 72 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 73 * trace console. Value 0 disables the early console. 74 * 75 * We cannot use the generic serial_console support since probing 76 * the console requires the platform clock driver to be already 77 * up and ready which is done only once service_init are completed. 78 */ 79 static struct stm32_uart_pdata console_data; 80 81 void console_init(void) 82 { 83 /* Early console initialization before MMU setup */ 84 struct uart { 85 paddr_t pa; 86 bool secure; 87 } uarts[] = { 88 [0] = { .pa = 0 }, 89 [1] = { .pa = USART1_BASE, .secure = true, }, 90 [2] = { .pa = USART2_BASE, .secure = false, }, 91 [3] = { .pa = USART3_BASE, .secure = false, }, 92 [4] = { .pa = UART4_BASE, .secure = false, }, 93 [5] = { .pa = UART5_BASE, .secure = false, }, 94 [6] = { .pa = USART6_BASE, .secure = false, }, 95 [7] = { .pa = UART7_BASE, .secure = false, }, 96 [8] = { .pa = UART8_BASE, .secure = false, }, 97 }; 98 99 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 100 101 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 102 return; 103 104 /* No clock yet bound to the UART console */ 105 console_data.clock = NULL; 106 107 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 108 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 109 110 register_serial_console(&console_data.chip); 111 112 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 113 } 114 115 static TEE_Result init_console_from_dt(void) 116 { 117 struct stm32_uart_pdata *pd = NULL; 118 void *fdt = NULL; 119 int node = 0; 120 TEE_Result res = TEE_ERROR_GENERIC; 121 122 fdt = get_embedded_dt(); 123 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 124 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 125 fdt = get_external_dt(); 126 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 127 if (res == TEE_ERROR_ITEM_NOT_FOUND) 128 return TEE_SUCCESS; 129 if (res != TEE_SUCCESS) 130 return res; 131 } 132 133 pd = stm32_uart_init_from_dt_node(fdt, node); 134 if (!pd) { 135 IMSG("DTB disables console"); 136 register_serial_console(NULL); 137 return TEE_SUCCESS; 138 } 139 140 /* Replace early console with the new one */ 141 console_flush(); 142 console_data = *pd; 143 register_serial_console(&console_data.chip); 144 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 145 free(pd); 146 147 return TEE_SUCCESS; 148 } 149 150 /* Probe console from DT once clock inits (service init level) are completed */ 151 service_init_late(init_console_from_dt); 152 153 /* 154 * GIC init, used also for primary/secondary boot core wake completion 155 */ 156 void main_init_gic(void) 157 { 158 gic_init(GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 159 160 stm32mp_register_online_cpu(); 161 } 162 163 void main_secondary_init_gic(void) 164 { 165 gic_cpu_init(); 166 167 stm32mp_register_online_cpu(); 168 } 169 170 #ifdef CFG_STM32MP13 171 #ifdef CFG_STM32_ETZPC 172 /* Configure ETZPC cell and lock it when resource is secure */ 173 static void config_lock_decprot(uint32_t decprot_id, 174 enum etzpc_decprot_attributes decprot_attr) 175 { 176 etzpc_configure_decprot(decprot_id, decprot_attr); 177 178 if (decprot_attr == ETZPC_DECPROT_S_RW) 179 etzpc_lock_decprot(decprot_id); 180 } 181 182 static TEE_Result set_etzpc_secure_configuration(void) 183 { 184 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW); 185 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID, 186 ETZPC_DECPROT_NS_R_S_W); 187 188 /* Configure ETZPC with peripheral registering */ 189 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW); 190 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW); 191 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW); 192 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW); 193 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW); 194 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW); 195 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW); 196 /* HASH is secure */ 197 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW); 198 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW); 199 /* I2C4 is secure */ 200 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW); 201 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW); 202 /* IWDG1 is secure */ 203 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW); 204 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW); 205 /* LPTIM3 is secure */ 206 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW); 207 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW); 208 /* MCE is secure */ 209 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW); 210 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW); 211 /* PKA is secure */ 212 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW); 213 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW); 214 /* RNG is secure */ 215 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW); 216 /* SAES is secure */ 217 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW); 218 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW); 219 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW); 220 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW); 221 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW); 222 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW); 223 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW); 224 /* SRAM3 is secure */ 225 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW); 226 /* STGENC is secure */ 227 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW); 228 /* TIM12 is secure */ 229 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW); 230 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW); 231 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW); 232 /* TIM15 is secure */ 233 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW); 234 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW); 235 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW); 236 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW); 237 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW); 238 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW); 239 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW); 240 241 return TEE_SUCCESS; 242 } 243 244 driver_init_late(set_etzpc_secure_configuration); 245 #endif /* CFG_STM32_ETZPC */ 246 247 #ifdef CFG_STM32_GPIO 248 249 #define NB_PINS_PER_BANK U(16) 250 #define NB_PINS_BANK_H U(14) 251 #define NB_PINS_BANK_I U(8) 252 253 static TEE_Result set_all_gpios_non_secure(void) 254 { 255 unsigned int bank = 0; 256 unsigned int pin = 0; 257 unsigned int nb_pin_bank = 0; 258 259 for (bank = 0; bank <= GPIO_BANK_I; bank++) { 260 switch (bank) { 261 case GPIO_BANK_H: 262 nb_pin_bank = NB_PINS_BANK_H; 263 break; 264 case GPIO_BANK_I: 265 nb_pin_bank = NB_PINS_BANK_I; 266 break; 267 default: 268 nb_pin_bank = NB_PINS_PER_BANK; 269 break; 270 } 271 272 for (pin = 0; pin <= nb_pin_bank; pin++) 273 stm32_gpio_set_secure_cfg(bank, pin, false); 274 } 275 276 return TEE_SUCCESS; 277 } 278 279 early_init_late(set_all_gpios_non_secure); 280 #endif /* CFG_STM32_GPIO */ 281 #endif /* CFG_STM32MP13 */ 282 283 static TEE_Result init_stm32mp1_drivers(void) 284 { 285 /* Secure internal memories for the platform, once ETZPC is ready */ 286 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE); 287 etzpc_lock_tzma(0); 288 289 #ifdef CFG_TZSRAM_START 290 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) || 291 ((SYSRAM_BASE <= CFG_TZSRAM_START) && 292 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE))); 293 #endif /* CFG_TZSRAM_START */ 294 295 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 296 etzpc_lock_tzma(1); 297 298 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) { 299 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE; 300 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE; 301 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC, 302 nsec_size); 303 304 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1); 305 306 /* Clear content from the non-secure part */ 307 memset(va, 0, nsec_size); 308 } 309 310 return TEE_SUCCESS; 311 } 312 313 service_init_late(init_stm32mp1_drivers); 314 315 static TEE_Result init_late_stm32mp1_drivers(void) 316 { 317 TEE_Result res = TEE_ERROR_GENERIC; 318 319 /* Set access permission to TAM backup registers */ 320 if (IS_ENABLED(CFG_STM32_TAMP)) { 321 struct stm32_bkpregs_conf conf = { 322 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 323 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 324 }; 325 326 res = stm32_tamp_set_secure_bkpregs(&conf); 327 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 328 /* TAMP driver was not probed if disabled in the DT */ 329 res = TEE_SUCCESS; 330 } 331 if (res) 332 panic(); 333 } 334 335 return TEE_SUCCESS; 336 } 337 338 driver_init_late(init_late_stm32mp1_drivers); 339 340 vaddr_t stm32_rcc_base(void) 341 { 342 static struct io_pa_va base = { .pa = RCC_BASE }; 343 344 return io_pa_or_va_secure(&base, 1); 345 } 346 347 vaddr_t get_gicd_base(void) 348 { 349 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 350 351 return io_pa_or_va_secure(&base, 1); 352 } 353 354 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 355 { 356 cfg->base = BSEC_BASE; 357 cfg->upper_start = STM32MP1_UPPER_OTP_START; 358 cfg->max_id = STM32MP1_OTP_MAX_ID; 359 } 360 361 bool __weak stm32mp_with_pmic(void) 362 { 363 return false; 364 } 365 366 uint32_t may_spin_lock(unsigned int *lock) 367 { 368 if (!lock || !cpu_mmu_enabled()) 369 return 0; 370 371 return cpu_spin_lock_xsave(lock); 372 } 373 374 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 375 { 376 if (!lock || !cpu_mmu_enabled()) 377 return; 378 379 cpu_spin_unlock_xrestore(lock, exceptions); 380 } 381 382 static vaddr_t stm32_tamp_base(void) 383 { 384 static struct io_pa_va base = { .pa = TAMP_BASE }; 385 386 return io_pa_or_va_secure(&base, 1); 387 } 388 389 static vaddr_t bkpreg_base(void) 390 { 391 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 392 } 393 394 vaddr_t stm32mp_bkpreg(unsigned int idx) 395 { 396 return bkpreg_base() + (idx * sizeof(uint32_t)); 397 } 398 399 static bool __maybe_unused bank_is_valid(unsigned int bank) 400 { 401 if (IS_ENABLED(CFG_STM32MP15)) 402 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 403 404 if (IS_ENABLED(CFG_STM32MP13)) 405 return bank <= GPIO_BANK_I; 406 407 panic(); 408 } 409 410 vaddr_t stm32_get_gpio_bank_base(unsigned int bank) 411 { 412 static struct io_pa_va base = { .pa = GPIOA_BASE }; 413 414 static_assert(GPIO_BANK_A == 0); 415 assert(bank_is_valid(bank)); 416 417 if (IS_ENABLED(CFG_STM32MP15)) { 418 static struct io_pa_va zbase = { .pa = GPIOZ_BASE }; 419 420 /* Get secure mapping address for GPIOZ */ 421 if (bank == GPIO_BANK_Z) 422 return io_pa_or_va_secure(&zbase, GPIO_BANK_OFFSET); 423 424 /* Other are mapped non-secure */ 425 return io_pa_or_va_nsec(&base, (bank + 1) * GPIO_BANK_OFFSET) + 426 (bank * GPIO_BANK_OFFSET); 427 } 428 429 if (IS_ENABLED(CFG_STM32MP13)) 430 return io_pa_or_va_secure(&base, 431 (bank + 1) * GPIO_BANK_OFFSET) + 432 (bank * GPIO_BANK_OFFSET); 433 434 panic(); 435 } 436 437 unsigned int stm32_get_gpio_bank_offset(unsigned int bank) 438 { 439 assert(bank_is_valid(bank)); 440 441 if (bank == GPIO_BANK_Z) 442 return 0; 443 444 return bank * GPIO_BANK_OFFSET; 445 } 446 447 unsigned int stm32_get_gpio_bank_clock(unsigned int bank) 448 { 449 assert(bank_is_valid(bank)); 450 451 #ifdef CFG_STM32MP15 452 if (bank == GPIO_BANK_Z) 453 return GPIOZ; 454 #endif 455 456 return GPIOA + bank; 457 } 458 459 struct clk *stm32_get_gpio_bank_clk(unsigned int bank) 460 { 461 assert(bank_is_valid(bank)); 462 463 if (!IS_ENABLED(CFG_DRIVERS_CLK)) 464 return NULL; 465 466 return stm32mp_rcc_clock_id_to_clk(stm32_get_gpio_bank_clock(bank)); 467 } 468 469 #ifdef CFG_STM32_IWDG 470 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 471 struct stm32_iwdg_otp_data *otp_data) 472 { 473 unsigned int idx = 0; 474 uint32_t otp_id = 0; 475 size_t bit_len = 0; 476 uint32_t otp_value = 0; 477 478 switch (pbase) { 479 case IWDG1_BASE: 480 idx = 0; 481 break; 482 case IWDG2_BASE: 483 idx = 1; 484 break; 485 default: 486 panic(); 487 } 488 489 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) || 490 bit_len != 32) 491 panic(); 492 493 if (stm32_bsec_read_otp(&otp_value, otp_id)) 494 panic(); 495 496 otp_data->hw_enabled = otp_value & 497 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 498 otp_data->disable_on_stop = otp_value & 499 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 500 otp_data->disable_on_standby = otp_value & 501 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 502 503 return TEE_SUCCESS; 504 } 505 #endif /*CFG_STM32_IWDG*/ 506 507 #ifdef CFG_STM32_DEBUG_ACCESS 508 static TEE_Result init_debug(void) 509 { 510 TEE_Result res = TEE_SUCCESS; 511 uint32_t conf = stm32_bsec_read_debug_conf(); 512 struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG); 513 uint32_t state = 0; 514 515 res = stm32_bsec_get_state(&state); 516 if (res) 517 return res; 518 519 if (state != BSEC_STATE_SEC_CLOSED && conf) { 520 if (IS_ENABLED(CFG_WARN_INSECURE)) 521 IMSG("WARNING: All debug accesses are allowed"); 522 523 res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL); 524 if (res) 525 return res; 526 527 /* 528 * Enable DBG clock as used to access coprocessor 529 * debug registers 530 */ 531 clk_enable(dbg_clk); 532 } 533 534 return TEE_SUCCESS; 535 } 536 early_init_late(init_debug); 537 #endif /* CFG_STM32_DEBUG_ACCESS */ 538