1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/stm32_etzpc.h> 12 #include <drivers/stm32_gpio.h> 13 #include <drivers/stm32_iwdg.h> 14 #include <drivers/stm32_tamp.h> 15 #include <drivers/stm32_uart.h> 16 #include <drivers/stm32mp1_etzpc.h> 17 #include <drivers/stm32mp_dt_bindings.h> 18 #include <io.h> 19 #include <kernel/boot.h> 20 #include <kernel/dt.h> 21 #include <kernel/misc.h> 22 #include <kernel/panic.h> 23 #include <kernel/spinlock.h> 24 #include <mm/core_memprot.h> 25 #include <platform_config.h> 26 #include <sm/psci.h> 27 #include <stm32_util.h> 28 #include <string.h> 29 #include <trace.h> 30 31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 37 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 38 39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 43 #ifdef CFG_STM32MP13 44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 45 #endif 46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 49 50 #ifdef CFG_STM32MP1_SCMI_SHM_BASE 51 register_phys_mem(MEM_AREA_IO_NSEC, CFG_STM32MP1_SCMI_SHM_BASE, 52 CFG_STM32MP1_SCMI_SHM_SIZE); 53 #endif 54 55 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 56 57 #define _ID2STR(id) (#id) 58 #define ID2STR(id) _ID2STR(id) 59 60 static TEE_Result platform_banner(void) 61 { 62 IMSG("Platform stm32mp1: flavor %s - DT %s", 63 ID2STR(PLATFORM_FLAVOR), 64 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 65 66 return TEE_SUCCESS; 67 } 68 service_init(platform_banner); 69 70 /* 71 * Console 72 * 73 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 74 * trace console. Value 0 disables the early console. 75 * 76 * We cannot use the generic serial_console support since probing 77 * the console requires the platform clock driver to be already 78 * up and ready which is done only once service_init are completed. 79 */ 80 static struct stm32_uart_pdata console_data; 81 82 void console_init(void) 83 { 84 /* Early console initialization before MMU setup */ 85 struct uart { 86 paddr_t pa; 87 bool secure; 88 } uarts[] = { 89 [0] = { .pa = 0 }, 90 [1] = { .pa = USART1_BASE, .secure = true, }, 91 [2] = { .pa = USART2_BASE, .secure = false, }, 92 [3] = { .pa = USART3_BASE, .secure = false, }, 93 [4] = { .pa = UART4_BASE, .secure = false, }, 94 [5] = { .pa = UART5_BASE, .secure = false, }, 95 [6] = { .pa = USART6_BASE, .secure = false, }, 96 [7] = { .pa = UART7_BASE, .secure = false, }, 97 [8] = { .pa = UART8_BASE, .secure = false, }, 98 }; 99 100 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 101 102 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 103 return; 104 105 /* No clock yet bound to the UART console */ 106 console_data.clock = NULL; 107 108 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 109 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 110 111 register_serial_console(&console_data.chip); 112 113 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 114 } 115 116 static TEE_Result init_console_from_dt(void) 117 { 118 struct stm32_uart_pdata *pd = NULL; 119 void *fdt = NULL; 120 int node = 0; 121 TEE_Result res = TEE_ERROR_GENERIC; 122 123 fdt = get_embedded_dt(); 124 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 125 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 126 fdt = get_external_dt(); 127 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 128 if (res == TEE_ERROR_ITEM_NOT_FOUND) 129 return TEE_SUCCESS; 130 if (res != TEE_SUCCESS) 131 return res; 132 } 133 134 pd = stm32_uart_init_from_dt_node(fdt, node); 135 if (!pd) { 136 IMSG("DTB disables console"); 137 register_serial_console(NULL); 138 return TEE_SUCCESS; 139 } 140 141 /* Replace early console with the new one */ 142 console_flush(); 143 console_data = *pd; 144 register_serial_console(&console_data.chip); 145 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 146 free(pd); 147 148 return TEE_SUCCESS; 149 } 150 151 /* Probe console from DT once clock inits (service init level) are completed */ 152 service_init_late(init_console_from_dt); 153 154 /* 155 * GIC init, used also for primary/secondary boot core wake completion 156 */ 157 void main_init_gic(void) 158 { 159 gic_init(GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 160 161 stm32mp_register_online_cpu(); 162 } 163 164 void main_secondary_init_gic(void) 165 { 166 gic_cpu_init(); 167 168 stm32mp_register_online_cpu(); 169 } 170 171 #ifdef CFG_STM32MP13 172 #ifdef CFG_STM32_ETZPC 173 /* Configure ETZPC cell and lock it when resource is secure */ 174 static void config_lock_decprot(uint32_t decprot_id, 175 enum etzpc_decprot_attributes decprot_attr) 176 { 177 etzpc_configure_decprot(decprot_id, decprot_attr); 178 179 if (decprot_attr == ETZPC_DECPROT_S_RW) 180 etzpc_lock_decprot(decprot_id); 181 } 182 183 static TEE_Result set_etzpc_secure_configuration(void) 184 { 185 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW); 186 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID, 187 ETZPC_DECPROT_NS_R_S_W); 188 189 /* Configure ETZPC with peripheral registering */ 190 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW); 191 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW); 192 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW); 193 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW); 194 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW); 195 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW); 196 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW); 197 /* HASH is secure */ 198 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW); 199 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW); 200 /* I2C4 is secure */ 201 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW); 202 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW); 203 /* IWDG1 is secure */ 204 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW); 205 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW); 206 /* LPTIM3 is secure */ 207 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW); 208 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW); 209 /* MCE is secure */ 210 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW); 211 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW); 212 /* PKA is secure */ 213 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW); 214 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW); 215 /* RNG is secure */ 216 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW); 217 /* SAES is secure */ 218 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW); 219 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW); 220 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW); 221 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW); 222 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW); 223 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW); 224 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW); 225 /* SRAM3 is secure */ 226 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW); 227 /* STGENC is secure */ 228 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW); 229 /* TIM12 is secure */ 230 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW); 231 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW); 232 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW); 233 /* TIM15 is secure */ 234 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW); 235 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW); 236 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW); 237 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW); 238 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW); 239 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW); 240 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW); 241 242 return TEE_SUCCESS; 243 } 244 245 driver_init_late(set_etzpc_secure_configuration); 246 #endif /* CFG_STM32_ETZPC */ 247 #endif /* CFG_STM32MP13 */ 248 249 static TEE_Result init_stm32mp1_drivers(void) 250 { 251 /* Secure internal memories for the platform, once ETZPC is ready */ 252 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE); 253 etzpc_lock_tzma(0); 254 255 #ifdef CFG_TZSRAM_START 256 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) || 257 ((SYSRAM_BASE <= CFG_TZSRAM_START) && 258 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE))); 259 #endif /* CFG_TZSRAM_START */ 260 261 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 262 etzpc_lock_tzma(1); 263 264 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) { 265 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE; 266 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE; 267 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC, 268 nsec_size); 269 270 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1); 271 272 /* Clear content from the non-secure part */ 273 memset(va, 0, nsec_size); 274 } 275 276 return TEE_SUCCESS; 277 } 278 279 service_init_late(init_stm32mp1_drivers); 280 281 static TEE_Result init_late_stm32mp1_drivers(void) 282 { 283 TEE_Result res = TEE_ERROR_GENERIC; 284 285 /* Set access permission to TAM backup registers */ 286 if (IS_ENABLED(CFG_STM32_TAMP)) { 287 struct stm32_bkpregs_conf conf = { 288 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 289 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 290 }; 291 292 res = stm32_tamp_set_secure_bkpregs(&conf); 293 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 294 /* TAMP driver was not probed if disabled in the DT */ 295 res = TEE_SUCCESS; 296 } 297 if (res) 298 panic(); 299 } 300 301 return TEE_SUCCESS; 302 } 303 304 driver_init_late(init_late_stm32mp1_drivers); 305 306 vaddr_t stm32_rcc_base(void) 307 { 308 static struct io_pa_va base = { .pa = RCC_BASE }; 309 310 return io_pa_or_va_secure(&base, 1); 311 } 312 313 vaddr_t get_gicd_base(void) 314 { 315 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 316 317 return io_pa_or_va_secure(&base, 1); 318 } 319 320 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 321 { 322 cfg->base = BSEC_BASE; 323 cfg->upper_start = STM32MP1_UPPER_OTP_START; 324 cfg->max_id = STM32MP1_OTP_MAX_ID; 325 } 326 327 bool __weak stm32mp_with_pmic(void) 328 { 329 return false; 330 } 331 332 uint32_t may_spin_lock(unsigned int *lock) 333 { 334 if (!lock || !cpu_mmu_enabled()) 335 return 0; 336 337 return cpu_spin_lock_xsave(lock); 338 } 339 340 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 341 { 342 if (!lock || !cpu_mmu_enabled()) 343 return; 344 345 cpu_spin_unlock_xrestore(lock, exceptions); 346 } 347 348 static vaddr_t stm32_tamp_base(void) 349 { 350 static struct io_pa_va base = { .pa = TAMP_BASE }; 351 352 return io_pa_or_va_secure(&base, 1); 353 } 354 355 static vaddr_t bkpreg_base(void) 356 { 357 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 358 } 359 360 vaddr_t stm32mp_bkpreg(unsigned int idx) 361 { 362 return bkpreg_base() + (idx * sizeof(uint32_t)); 363 } 364 365 static bool __maybe_unused bank_is_valid(unsigned int bank) 366 { 367 if (IS_ENABLED(CFG_STM32MP15)) 368 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 369 370 if (IS_ENABLED(CFG_STM32MP13)) 371 return bank <= GPIO_BANK_I; 372 373 panic(); 374 } 375 376 unsigned int stm32_get_gpio_bank_offset(unsigned int bank) 377 { 378 assert(bank_is_valid(bank)); 379 380 if (bank == GPIO_BANK_Z) 381 return 0; 382 383 return bank * GPIO_BANK_OFFSET; 384 } 385 386 #ifdef CFG_STM32_IWDG 387 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 388 struct stm32_iwdg_otp_data *otp_data) 389 { 390 unsigned int idx = 0; 391 uint32_t otp_id = 0; 392 size_t bit_len = 0; 393 uint32_t otp_value = 0; 394 395 switch (pbase) { 396 case IWDG1_BASE: 397 idx = 0; 398 break; 399 case IWDG2_BASE: 400 idx = 1; 401 break; 402 default: 403 panic(); 404 } 405 406 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) || 407 bit_len != 32) 408 panic(); 409 410 if (stm32_bsec_read_otp(&otp_value, otp_id)) 411 panic(); 412 413 otp_data->hw_enabled = otp_value & 414 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 415 otp_data->disable_on_stop = otp_value & 416 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 417 otp_data->disable_on_standby = otp_value & 418 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 419 420 return TEE_SUCCESS; 421 } 422 #endif /*CFG_STM32_IWDG*/ 423 424 #ifdef CFG_STM32_DEBUG_ACCESS 425 static TEE_Result init_debug(void) 426 { 427 TEE_Result res = TEE_SUCCESS; 428 uint32_t conf = stm32_bsec_read_debug_conf(); 429 struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG); 430 uint32_t state = 0; 431 432 res = stm32_bsec_get_state(&state); 433 if (res) 434 return res; 435 436 if (state != BSEC_STATE_SEC_CLOSED && conf) { 437 if (IS_ENABLED(CFG_WARN_INSECURE)) 438 IMSG("WARNING: All debug accesses are allowed"); 439 440 res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL); 441 if (res) 442 return res; 443 444 /* 445 * Enable DBG clock as used to access coprocessor 446 * debug registers 447 */ 448 clk_enable(dbg_clk); 449 } 450 451 return TEE_SUCCESS; 452 } 453 early_init_late(init_debug); 454 #endif /* CFG_STM32_DEBUG_ACCESS */ 455