1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/stm32_etzpc.h> 12 #include <drivers/stm32_iwdg.h> 13 #include <drivers/stm32_tamp.h> 14 #include <drivers/stm32_uart.h> 15 #include <drivers/stm32mp1_etzpc.h> 16 #include <drivers/stm32mp_dt_bindings.h> 17 #include <kernel/boot.h> 18 #include <kernel/dt.h> 19 #include <kernel/interrupt.h> 20 #include <kernel/misc.h> 21 #include <kernel/panic.h> 22 #include <kernel/spinlock.h> 23 #include <mm/core_memprot.h> 24 #include <platform_config.h> 25 #include <sm/psci.h> 26 #include <stm32_util.h> 27 #include <trace.h> 28 29 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 30 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 36 37 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 38 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 40 #ifdef CFG_STM32MP13 41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 42 #endif 43 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 45 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 46 47 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 48 49 #define _ID2STR(id) (#id) 50 #define ID2STR(id) _ID2STR(id) 51 52 static TEE_Result platform_banner(void) 53 { 54 #ifdef CFG_EMBED_DTB 55 IMSG("Platform stm32mp1: flavor %s - DT %s", 56 ID2STR(PLATFORM_FLAVOR), 57 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 58 #else 59 IMSG("Platform stm32mp1: flavor %s - no device tree", 60 ID2STR(PLATFORM_FLAVOR)); 61 #endif 62 63 return TEE_SUCCESS; 64 } 65 service_init(platform_banner); 66 67 /* 68 * Console 69 * 70 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 71 * trace console. Value 0 disables the early console. 72 * 73 * We cannot use the generic serial_console support since probing 74 * the console requires the platform clock driver to be already 75 * up and ready which is done only once service_init are completed. 76 */ 77 static struct stm32_uart_pdata console_data; 78 79 void console_init(void) 80 { 81 /* Early console initialization before MMU setup */ 82 struct uart { 83 paddr_t pa; 84 bool secure; 85 } uarts[] = { 86 [0] = { .pa = 0 }, 87 [1] = { .pa = USART1_BASE, .secure = true, }, 88 [2] = { .pa = USART2_BASE, .secure = false, }, 89 [3] = { .pa = USART3_BASE, .secure = false, }, 90 [4] = { .pa = UART4_BASE, .secure = false, }, 91 [5] = { .pa = UART5_BASE, .secure = false, }, 92 [6] = { .pa = USART6_BASE, .secure = false, }, 93 [7] = { .pa = UART7_BASE, .secure = false, }, 94 [8] = { .pa = UART8_BASE, .secure = false, }, 95 }; 96 97 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 98 99 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 100 return; 101 102 /* No clock yet bound to the UART console */ 103 console_data.clock = NULL; 104 105 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 106 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 107 108 register_serial_console(&console_data.chip); 109 110 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 111 } 112 113 #ifdef CFG_EMBED_DTB 114 static TEE_Result init_console_from_dt(void) 115 { 116 struct stm32_uart_pdata *pd = NULL; 117 void *fdt = NULL; 118 int node = 0; 119 TEE_Result res = TEE_ERROR_GENERIC; 120 121 fdt = get_embedded_dt(); 122 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 123 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 124 fdt = get_external_dt(); 125 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 126 if (res == TEE_ERROR_ITEM_NOT_FOUND) 127 return TEE_SUCCESS; 128 if (res != TEE_SUCCESS) 129 return res; 130 } 131 132 pd = stm32_uart_init_from_dt_node(fdt, node); 133 if (!pd) { 134 IMSG("DTB disables console"); 135 register_serial_console(NULL); 136 return TEE_SUCCESS; 137 } 138 139 /* Replace early console with the new one */ 140 console_flush(); 141 console_data = *pd; 142 register_serial_console(&console_data.chip); 143 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 144 free(pd); 145 146 return TEE_SUCCESS; 147 } 148 149 /* Probe console from DT once clock inits (service init level) are completed */ 150 service_init_late(init_console_from_dt); 151 #endif 152 153 /* 154 * GIC init, used also for primary/secondary boot core wake completion 155 */ 156 static struct gic_data gic_data; 157 158 void itr_core_handler(void) 159 { 160 gic_it_handle(&gic_data); 161 } 162 163 void main_init_gic(void) 164 { 165 gic_init(&gic_data, GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 166 itr_init(&gic_data.chip); 167 168 stm32mp_register_online_cpu(); 169 } 170 171 void main_secondary_init_gic(void) 172 { 173 gic_cpu_init(&gic_data); 174 175 stm32mp_register_online_cpu(); 176 } 177 178 #ifdef CFG_STM32MP13 179 #ifdef CFG_STM32_ETZPC 180 /* Configure ETZPC cell and lock it when resource is secure */ 181 static void config_lock_decprot(uint32_t decprot_id, 182 enum etzpc_decprot_attributes decprot_attr) 183 { 184 etzpc_configure_decprot(decprot_id, decprot_attr); 185 186 if (decprot_attr == ETZPC_DECPROT_S_RW) 187 etzpc_lock_decprot(decprot_id); 188 } 189 190 static TEE_Result set_etzpc_secure_configuration(void) 191 { 192 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW); 193 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID, 194 ETZPC_DECPROT_NS_R_S_W); 195 196 /* Configure ETZPC with peripheral registering */ 197 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW); 198 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW); 199 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW); 200 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW); 201 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW); 202 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW); 203 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW); 204 /* HASH is secure */ 205 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW); 206 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW); 207 /* I2C4 is secure */ 208 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW); 209 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW); 210 /* IWDG1 is secure */ 211 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW); 212 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW); 213 /* LPTIM3 is secure */ 214 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW); 215 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW); 216 /* MCE is secure */ 217 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW); 218 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW); 219 /* PKA is secure */ 220 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW); 221 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW); 222 /* RNG is secure */ 223 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW); 224 /* SAES is secure */ 225 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW); 226 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW); 227 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW); 228 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW); 229 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW); 230 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW); 231 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW); 232 /* SRAM3 is secure */ 233 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW); 234 /* STGENC is secure */ 235 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW); 236 /* TIM12 is secure */ 237 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW); 238 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW); 239 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW); 240 /* TIM15 is secure */ 241 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW); 242 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW); 243 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW); 244 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW); 245 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW); 246 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW); 247 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW); 248 249 return TEE_SUCCESS; 250 } 251 252 driver_init_late(set_etzpc_secure_configuration); 253 #endif /* CFG_STM32_ETZPC */ 254 255 #ifdef CFG_STM32_GPIO 256 257 #define NB_PINS_PER_BANK U(16) 258 #define NB_PINS_BANK_H U(14) 259 #define NB_PINS_BANK_I U(8) 260 261 static TEE_Result set_all_gpios_non_secure(void) 262 { 263 unsigned int bank = 0; 264 unsigned int pin = 0; 265 unsigned int nb_pin_bank = 0; 266 267 for (bank = 0; bank <= GPIO_BANK_I; bank++) { 268 switch (bank) { 269 case GPIO_BANK_H: 270 nb_pin_bank = NB_PINS_BANK_H; 271 break; 272 case GPIO_BANK_I: 273 nb_pin_bank = NB_PINS_BANK_I; 274 break; 275 default: 276 nb_pin_bank = NB_PINS_PER_BANK; 277 break; 278 } 279 280 for (pin = 0; pin <= nb_pin_bank; pin++) 281 stm32_gpio_set_secure_cfg(bank, pin, false); 282 } 283 284 return TEE_SUCCESS; 285 } 286 287 early_init_late(set_all_gpios_non_secure); 288 #endif /* CFG_STM32_GPIO */ 289 #endif /* CFG_STM32MP13 */ 290 291 static TEE_Result init_stm32mp1_drivers(void) 292 { 293 /* Without secure DTB support, some drivers must be inited */ 294 if (!IS_ENABLED(CFG_EMBED_DTB)) 295 stm32_etzpc_init(ETZPC_BASE); 296 297 /* Secure internal memories for the platform, once ETZPC is ready */ 298 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE); 299 etzpc_lock_tzma(0); 300 301 #ifdef CFG_TZSRAM_START 302 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) || 303 ((SYSRAM_BASE <= CFG_TZSRAM_START) && 304 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE))); 305 #endif /* CFG_TZSRAM_START */ 306 307 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 308 etzpc_lock_tzma(1); 309 310 return TEE_SUCCESS; 311 } 312 313 service_init_late(init_stm32mp1_drivers); 314 315 static TEE_Result init_late_stm32mp1_drivers(void) 316 { 317 TEE_Result res = TEE_ERROR_GENERIC; 318 319 /* Set access permission to TAM backup registers */ 320 if (IS_ENABLED(CFG_STM32_TAMP)) { 321 struct stm32_bkpregs_conf conf = { 322 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 323 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 324 }; 325 326 res = stm32_tamp_set_secure_bkpregs(&conf); 327 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 328 /* TAMP driver was not probed if disabled in the DT */ 329 res = TEE_SUCCESS; 330 } 331 if (res) 332 panic(); 333 } 334 335 return TEE_SUCCESS; 336 } 337 338 driver_init_late(init_late_stm32mp1_drivers); 339 340 vaddr_t stm32_rcc_base(void) 341 { 342 static struct io_pa_va base = { .pa = RCC_BASE }; 343 344 return io_pa_or_va_secure(&base, 1); 345 } 346 347 vaddr_t get_gicd_base(void) 348 { 349 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 350 351 return io_pa_or_va_secure(&base, 1); 352 } 353 354 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 355 { 356 cfg->base = BSEC_BASE; 357 cfg->upper_start = STM32MP1_UPPER_OTP_START; 358 cfg->max_id = STM32MP1_OTP_MAX_ID; 359 } 360 361 bool stm32mp_is_closed_device(void) 362 { 363 uint32_t otp = 0; 364 TEE_Result result = TEE_ERROR_GENERIC; 365 366 /* Non closed_device platform expects fuse well programmed to 0 */ 367 result = stm32_bsec_shadow_read_otp(&otp, DATA0_OTP); 368 if (!result && !(otp & BIT(DATA0_OTP_SECURED_POS))) 369 return false; 370 371 return true; 372 } 373 374 bool __weak stm32mp_with_pmic(void) 375 { 376 return false; 377 } 378 379 uint32_t may_spin_lock(unsigned int *lock) 380 { 381 if (!lock || !cpu_mmu_enabled()) 382 return 0; 383 384 return cpu_spin_lock_xsave(lock); 385 } 386 387 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 388 { 389 if (!lock || !cpu_mmu_enabled()) 390 return; 391 392 cpu_spin_unlock_xrestore(lock, exceptions); 393 } 394 395 static vaddr_t stm32_tamp_base(void) 396 { 397 static struct io_pa_va base = { .pa = TAMP_BASE }; 398 399 return io_pa_or_va_secure(&base, 1); 400 } 401 402 static vaddr_t bkpreg_base(void) 403 { 404 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 405 } 406 407 vaddr_t stm32mp_bkpreg(unsigned int idx) 408 { 409 return bkpreg_base() + (idx * sizeof(uint32_t)); 410 } 411 412 static bool __maybe_unused bank_is_valid(unsigned int bank) 413 { 414 if (IS_ENABLED(CFG_STM32MP15)) 415 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 416 417 if (IS_ENABLED(CFG_STM32MP13)) 418 return bank <= GPIO_BANK_I; 419 420 panic(); 421 } 422 423 vaddr_t stm32_get_gpio_bank_base(unsigned int bank) 424 { 425 static struct io_pa_va base = { .pa = GPIOA_BASE }; 426 427 static_assert(GPIO_BANK_A == 0); 428 assert(bank_is_valid(bank)); 429 430 if (IS_ENABLED(CFG_STM32MP15)) { 431 static struct io_pa_va zbase = { .pa = GPIOZ_BASE }; 432 433 /* Get secure mapping address for GPIOZ */ 434 if (bank == GPIO_BANK_Z) 435 return io_pa_or_va_secure(&zbase, GPIO_BANK_OFFSET); 436 437 /* Other are mapped non-secure */ 438 return io_pa_or_va_nsec(&base, (bank + 1) * GPIO_BANK_OFFSET) + 439 (bank * GPIO_BANK_OFFSET); 440 } 441 442 if (IS_ENABLED(CFG_STM32MP13)) 443 return io_pa_or_va_secure(&base, 444 (bank + 1) * GPIO_BANK_OFFSET) + 445 (bank * GPIO_BANK_OFFSET); 446 447 panic(); 448 } 449 450 unsigned int stm32_get_gpio_bank_offset(unsigned int bank) 451 { 452 assert(bank_is_valid(bank)); 453 454 if (bank == GPIO_BANK_Z) 455 return 0; 456 457 return bank * GPIO_BANK_OFFSET; 458 } 459 460 unsigned int stm32_get_gpio_bank_clock(unsigned int bank) 461 { 462 assert(bank_is_valid(bank)); 463 464 #ifdef CFG_STM32MP15 465 if (bank == GPIO_BANK_Z) 466 return GPIOZ; 467 #endif 468 469 return GPIOA + bank; 470 } 471 472 struct clk *stm32_get_gpio_bank_clk(unsigned int bank) 473 { 474 assert(bank_is_valid(bank)); 475 476 if (!IS_ENABLED(CFG_DRIVERS_CLK)) 477 return NULL; 478 479 return stm32mp_rcc_clock_id_to_clk(stm32_get_gpio_bank_clock(bank)); 480 } 481 482 #ifdef CFG_STM32_IWDG 483 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 484 struct stm32_iwdg_otp_data *otp_data) 485 { 486 unsigned int idx = 0; 487 uint32_t otp_value = 0; 488 489 switch (pbase) { 490 case IWDG1_BASE: 491 idx = 0; 492 break; 493 case IWDG2_BASE: 494 idx = 1; 495 break; 496 default: 497 panic(); 498 } 499 500 if (stm32_bsec_read_otp(&otp_value, HW2_OTP)) 501 panic(); 502 503 otp_data->hw_enabled = otp_value & 504 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 505 otp_data->disable_on_stop = otp_value & 506 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 507 otp_data->disable_on_standby = otp_value & 508 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 509 510 return TEE_SUCCESS; 511 } 512 #endif /*CFG_STM32_IWDG*/ 513