xref: /optee_os/core/arch/arm/plat-stm32mp1/main.c (revision cb5f271c1eaed4c18fd26873f152afc0590b0413) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2017-2022, STMicroelectronics
4  * Copyright (c) 2016-2018, Linaro Limited
5  */
6 
7 #include <boot_api.h>
8 #include <config.h>
9 #include <console.h>
10 #include <drivers/gic.h>
11 #include <drivers/stm32_etzpc.h>
12 #include <drivers/stm32_iwdg.h>
13 #include <drivers/stm32_tamp.h>
14 #include <drivers/stm32_uart.h>
15 #include <drivers/stm32mp1_etzpc.h>
16 #include <drivers/stm32mp_dt_bindings.h>
17 #include <io.h>
18 #include <kernel/boot.h>
19 #include <kernel/dt.h>
20 #include <kernel/interrupt.h>
21 #include <kernel/misc.h>
22 #include <kernel/panic.h>
23 #include <kernel/spinlock.h>
24 #include <mm/core_memprot.h>
25 #include <platform_config.h>
26 #include <sm/psci.h>
27 #include <stm32_util.h>
28 #include <string.h>
29 #include <trace.h>
30 
31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE);
32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE);
33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE);
34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE);
35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE);
36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE);
37 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE);
38 
39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE);
40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE);
41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE);
42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE);
43 #ifdef CFG_STM32MP13
44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE);
45 #endif
46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE);
47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE);
48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE);
49 
50 #ifdef CFG_STM32MP1_SCMI_SHM_BASE
51 register_phys_mem(MEM_AREA_IO_NSEC, CFG_STM32MP1_SCMI_SHM_BASE,
52 		  CFG_STM32MP1_SCMI_SHM_SIZE);
53 #endif
54 
55 register_ddr(DDR_BASE, CFG_DRAM_SIZE);
56 
57 #define _ID2STR(id)		(#id)
58 #define ID2STR(id)		_ID2STR(id)
59 
60 static TEE_Result platform_banner(void)
61 {
62 #ifdef CFG_EMBED_DTB
63 	IMSG("Platform stm32mp1: flavor %s - DT %s",
64 		ID2STR(PLATFORM_FLAVOR),
65 		ID2STR(CFG_EMBED_DTB_SOURCE_FILE));
66 #else
67 	IMSG("Platform stm32mp1: flavor %s - no device tree",
68 		ID2STR(PLATFORM_FLAVOR));
69 #endif
70 
71 	return TEE_SUCCESS;
72 }
73 service_init(platform_banner);
74 
75 /*
76  * Console
77  *
78  * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for
79  * trace console. Value 0 disables the early console.
80  *
81  * We cannot use the generic serial_console support since probing
82  * the console requires the platform clock driver to be already
83  * up and ready which is done only once service_init are completed.
84  */
85 static struct stm32_uart_pdata console_data;
86 
87 void console_init(void)
88 {
89 	/* Early console initialization before MMU setup */
90 	struct uart {
91 		paddr_t pa;
92 		bool secure;
93 	} uarts[] = {
94 		[0] = { .pa = 0 },
95 		[1] = { .pa = USART1_BASE, .secure = true, },
96 		[2] = { .pa = USART2_BASE, .secure = false, },
97 		[3] = { .pa = USART3_BASE, .secure = false, },
98 		[4] = { .pa = UART4_BASE, .secure = false, },
99 		[5] = { .pa = UART5_BASE, .secure = false, },
100 		[6] = { .pa = USART6_BASE, .secure = false, },
101 		[7] = { .pa = UART7_BASE, .secure = false, },
102 		[8] = { .pa = UART8_BASE, .secure = false, },
103 	};
104 
105 	COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART);
106 
107 	if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa)
108 		return;
109 
110 	/* No clock yet bound to the UART console */
111 	console_data.clock = NULL;
112 
113 	console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure;
114 	stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa);
115 
116 	register_serial_console(&console_data.chip);
117 
118 	IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART);
119 }
120 
121 #ifdef CFG_EMBED_DTB
122 static TEE_Result init_console_from_dt(void)
123 {
124 	struct stm32_uart_pdata *pd = NULL;
125 	void *fdt = NULL;
126 	int node = 0;
127 	TEE_Result res = TEE_ERROR_GENERIC;
128 
129 	fdt = get_embedded_dt();
130 	res = get_console_node_from_dt(fdt, &node, NULL, NULL);
131 	if (res == TEE_ERROR_ITEM_NOT_FOUND) {
132 		fdt = get_external_dt();
133 		res = get_console_node_from_dt(fdt, &node, NULL, NULL);
134 		if (res == TEE_ERROR_ITEM_NOT_FOUND)
135 			return TEE_SUCCESS;
136 		if (res != TEE_SUCCESS)
137 			return res;
138 	}
139 
140 	pd = stm32_uart_init_from_dt_node(fdt, node);
141 	if (!pd) {
142 		IMSG("DTB disables console");
143 		register_serial_console(NULL);
144 		return TEE_SUCCESS;
145 	}
146 
147 	/* Replace early console with the new one */
148 	console_flush();
149 	console_data = *pd;
150 	register_serial_console(&console_data.chip);
151 	IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-");
152 	free(pd);
153 
154 	return TEE_SUCCESS;
155 }
156 
157 /* Probe console from DT once clock inits (service init level) are completed */
158 service_init_late(init_console_from_dt);
159 #endif
160 
161 /*
162  * GIC init, used also for primary/secondary boot core wake completion
163  */
164 static struct gic_data gic_data;
165 
166 void itr_core_handler(void)
167 {
168 	gic_it_handle(&gic_data);
169 }
170 
171 void main_init_gic(void)
172 {
173 	gic_init(&gic_data, GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET);
174 	itr_init(&gic_data.chip);
175 
176 	stm32mp_register_online_cpu();
177 }
178 
179 void main_secondary_init_gic(void)
180 {
181 	gic_cpu_init(&gic_data);
182 
183 	stm32mp_register_online_cpu();
184 }
185 
186 #ifdef CFG_STM32MP13
187 #ifdef CFG_STM32_ETZPC
188 /* Configure ETZPC cell and lock it when resource is secure */
189 static void config_lock_decprot(uint32_t decprot_id,
190 				enum etzpc_decprot_attributes decprot_attr)
191 {
192 	etzpc_configure_decprot(decprot_id, decprot_attr);
193 
194 	if (decprot_attr == ETZPC_DECPROT_S_RW)
195 		etzpc_lock_decprot(decprot_id);
196 }
197 
198 static TEE_Result set_etzpc_secure_configuration(void)
199 {
200 	config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW);
201 	config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID,
202 			    ETZPC_DECPROT_NS_R_S_W);
203 
204 	/* Configure ETZPC with peripheral registering */
205 	config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW);
206 	config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW);
207 	config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW);
208 	config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW);
209 	config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW);
210 	config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW);
211 	config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW);
212 	/* HASH is secure */
213 	config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW);
214 	config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW);
215 	/* I2C4 is secure */
216 	config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW);
217 	config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW);
218 	/* IWDG1 is secure */
219 	config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW);
220 	config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW);
221 	/* LPTIM3 is secure */
222 	config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW);
223 	config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW);
224 	/* MCE is secure */
225 	config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW);
226 	config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW);
227 	/* PKA is secure */
228 	config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW);
229 	config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW);
230 	/* RNG is secure */
231 	config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW);
232 	/* SAES is secure */
233 	config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW);
234 	config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW);
235 	config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW);
236 	config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW);
237 	config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW);
238 	config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW);
239 	config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW);
240 	/* SRAM3 is secure */
241 	config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW);
242 	/* STGENC is secure */
243 	config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW);
244 	/* TIM12 is secure */
245 	config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW);
246 	config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW);
247 	config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW);
248 	/* TIM15 is secure */
249 	config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW);
250 	config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW);
251 	config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW);
252 	config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW);
253 	config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW);
254 	config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW);
255 	config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW);
256 
257 	return TEE_SUCCESS;
258 }
259 
260 driver_init_late(set_etzpc_secure_configuration);
261 #endif /* CFG_STM32_ETZPC */
262 
263 #ifdef CFG_STM32_GPIO
264 
265 #define NB_PINS_PER_BANK		U(16)
266 #define NB_PINS_BANK_H			U(14)
267 #define NB_PINS_BANK_I			U(8)
268 
269 static TEE_Result set_all_gpios_non_secure(void)
270 {
271 	unsigned int bank = 0;
272 	unsigned int pin = 0;
273 	unsigned int nb_pin_bank = 0;
274 
275 	for (bank = 0; bank <= GPIO_BANK_I; bank++) {
276 		switch (bank) {
277 		case GPIO_BANK_H:
278 			nb_pin_bank = NB_PINS_BANK_H;
279 			break;
280 		case GPIO_BANK_I:
281 			nb_pin_bank = NB_PINS_BANK_I;
282 			break;
283 		default:
284 			nb_pin_bank = NB_PINS_PER_BANK;
285 			break;
286 		}
287 
288 		for (pin = 0; pin <= nb_pin_bank; pin++)
289 			stm32_gpio_set_secure_cfg(bank, pin, false);
290 	}
291 
292 	return TEE_SUCCESS;
293 }
294 
295 early_init_late(set_all_gpios_non_secure);
296 #endif /* CFG_STM32_GPIO */
297 #endif /* CFG_STM32MP13 */
298 
299 static TEE_Result init_stm32mp1_drivers(void)
300 {
301 	/* Without secure DTB support, some drivers must be inited */
302 	if (!IS_ENABLED(CFG_EMBED_DTB))
303 		stm32_etzpc_init(ETZPC_BASE);
304 
305 	/* Secure internal memories for the platform, once ETZPC is ready */
306 	etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE);
307 	etzpc_lock_tzma(0);
308 
309 #ifdef CFG_TZSRAM_START
310 	COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) ||
311 			    ((SYSRAM_BASE <= CFG_TZSRAM_START) &&
312 			     (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE)));
313 #endif /* CFG_TZSRAM_START */
314 
315 	etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT);
316 	etzpc_lock_tzma(1);
317 
318 	if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) {
319 		size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE;
320 		paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE;
321 		uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC,
322 					   nsec_size);
323 
324 		IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1);
325 
326 		/* Clear content from the non-secure part */
327 		memset(va, 0, nsec_size);
328 	}
329 
330 	return TEE_SUCCESS;
331 }
332 
333 service_init_late(init_stm32mp1_drivers);
334 
335 static TEE_Result init_late_stm32mp1_drivers(void)
336 {
337 	TEE_Result res = TEE_ERROR_GENERIC;
338 
339 	/* Set access permission to TAM backup registers */
340 	if (IS_ENABLED(CFG_STM32_TAMP)) {
341 		struct stm32_bkpregs_conf conf = {
342 			.nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT,
343 			.nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT,
344 		};
345 
346 		res = stm32_tamp_set_secure_bkpregs(&conf);
347 		if (res == TEE_ERROR_DEFER_DRIVER_INIT) {
348 			/* TAMP driver was not probed if disabled in the DT */
349 			res = TEE_SUCCESS;
350 		}
351 		if (res)
352 			panic();
353 	}
354 
355 	return TEE_SUCCESS;
356 }
357 
358 driver_init_late(init_late_stm32mp1_drivers);
359 
360 vaddr_t stm32_rcc_base(void)
361 {
362 	static struct io_pa_va base = { .pa = RCC_BASE };
363 
364 	return io_pa_or_va_secure(&base, 1);
365 }
366 
367 vaddr_t get_gicd_base(void)
368 {
369 	struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET };
370 
371 	return io_pa_or_va_secure(&base, 1);
372 }
373 
374 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg)
375 {
376 	cfg->base = BSEC_BASE;
377 	cfg->upper_start = STM32MP1_UPPER_OTP_START;
378 	cfg->max_id = STM32MP1_OTP_MAX_ID;
379 }
380 
381 bool __weak stm32mp_with_pmic(void)
382 {
383 	return false;
384 }
385 
386 uint32_t may_spin_lock(unsigned int *lock)
387 {
388 	if (!lock || !cpu_mmu_enabled())
389 		return 0;
390 
391 	return cpu_spin_lock_xsave(lock);
392 }
393 
394 void may_spin_unlock(unsigned int *lock, uint32_t exceptions)
395 {
396 	if (!lock || !cpu_mmu_enabled())
397 		return;
398 
399 	cpu_spin_unlock_xrestore(lock, exceptions);
400 }
401 
402 static vaddr_t stm32_tamp_base(void)
403 {
404 	static struct io_pa_va base = { .pa = TAMP_BASE };
405 
406 	return io_pa_or_va_secure(&base, 1);
407 }
408 
409 static vaddr_t bkpreg_base(void)
410 {
411 	return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF;
412 }
413 
414 vaddr_t stm32mp_bkpreg(unsigned int idx)
415 {
416 	return bkpreg_base() + (idx * sizeof(uint32_t));
417 }
418 
419 static bool __maybe_unused bank_is_valid(unsigned int bank)
420 {
421 	if (IS_ENABLED(CFG_STM32MP15))
422 		return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K;
423 
424 	if (IS_ENABLED(CFG_STM32MP13))
425 		return bank <= GPIO_BANK_I;
426 
427 	panic();
428 }
429 
430 vaddr_t stm32_get_gpio_bank_base(unsigned int bank)
431 {
432 	static struct io_pa_va base = { .pa = GPIOA_BASE };
433 
434 	static_assert(GPIO_BANK_A == 0);
435 	assert(bank_is_valid(bank));
436 
437 	if (IS_ENABLED(CFG_STM32MP15)) {
438 		static struct io_pa_va zbase = { .pa = GPIOZ_BASE };
439 
440 		/* Get secure mapping address for GPIOZ */
441 		if (bank == GPIO_BANK_Z)
442 			return io_pa_or_va_secure(&zbase, GPIO_BANK_OFFSET);
443 
444 		/* Other are mapped non-secure */
445 		return io_pa_or_va_nsec(&base, (bank + 1) * GPIO_BANK_OFFSET) +
446 		       (bank * GPIO_BANK_OFFSET);
447 	}
448 
449 	if (IS_ENABLED(CFG_STM32MP13))
450 		return io_pa_or_va_secure(&base,
451 					  (bank + 1) * GPIO_BANK_OFFSET) +
452 		       (bank * GPIO_BANK_OFFSET);
453 
454 	panic();
455 }
456 
457 unsigned int stm32_get_gpio_bank_offset(unsigned int bank)
458 {
459 	assert(bank_is_valid(bank));
460 
461 	if (bank == GPIO_BANK_Z)
462 		return 0;
463 
464 	return bank * GPIO_BANK_OFFSET;
465 }
466 
467 unsigned int stm32_get_gpio_bank_clock(unsigned int bank)
468 {
469 	assert(bank_is_valid(bank));
470 
471 #ifdef CFG_STM32MP15
472 	if (bank == GPIO_BANK_Z)
473 		return GPIOZ;
474 #endif
475 
476 	return GPIOA + bank;
477 }
478 
479 struct clk *stm32_get_gpio_bank_clk(unsigned int bank)
480 {
481 	assert(bank_is_valid(bank));
482 
483 	if (!IS_ENABLED(CFG_DRIVERS_CLK))
484 		return NULL;
485 
486 	return stm32mp_rcc_clock_id_to_clk(stm32_get_gpio_bank_clock(bank));
487 }
488 
489 #ifdef CFG_STM32_IWDG
490 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase,
491 				     struct stm32_iwdg_otp_data *otp_data)
492 {
493 	unsigned int idx = 0;
494 	uint32_t otp_id = 0;
495 	size_t bit_len = 0;
496 	uint32_t otp_value = 0;
497 
498 	switch (pbase) {
499 	case IWDG1_BASE:
500 		idx = 0;
501 		break;
502 	case IWDG2_BASE:
503 		idx = 1;
504 		break;
505 	default:
506 		panic();
507 	}
508 
509 	if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) ||
510 	    bit_len != 32)
511 		panic();
512 
513 	if (stm32_bsec_read_otp(&otp_value, otp_id))
514 		panic();
515 
516 	otp_data->hw_enabled = otp_value &
517 			       BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT);
518 	otp_data->disable_on_stop = otp_value &
519 				    BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT);
520 	otp_data->disable_on_standby = otp_value &
521 				       BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT);
522 
523 	return TEE_SUCCESS;
524 }
525 #endif /*CFG_STM32_IWDG*/
526 
527 #ifdef CFG_STM32_DEBUG_ACCESS
528 static TEE_Result init_debug(void)
529 {
530 	TEE_Result res = TEE_SUCCESS;
531 	uint32_t conf = stm32_bsec_read_debug_conf();
532 	struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG);
533 	uint32_t state = 0;
534 
535 	res = stm32_bsec_get_state(&state);
536 	if (res)
537 		return res;
538 
539 	if (state != BSEC_STATE_SEC_CLOSED && conf) {
540 		if (IS_ENABLED(CFG_WARN_INSECURE))
541 			IMSG("WARNING: All debug accesses are allowed");
542 
543 		res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL);
544 		if (res)
545 			return res;
546 
547 		/*
548 		 * Enable DBG clock as used to access coprocessor
549 		 * debug registers
550 		 */
551 		clk_enable(dbg_clk);
552 	}
553 
554 	return TEE_SUCCESS;
555 }
556 early_init_late(init_debug);
557 #endif /* CFG_STM32_DEBUG_ACCESS */
558