1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2022, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/gic.h> 11 #include <drivers/stm32_etzpc.h> 12 #include <drivers/stm32_iwdg.h> 13 #include <drivers/stm32_tamp.h> 14 #include <drivers/stm32_uart.h> 15 #include <drivers/stm32mp1_etzpc.h> 16 #include <drivers/stm32mp_dt_bindings.h> 17 #include <kernel/boot.h> 18 #include <kernel/dt.h> 19 #include <kernel/interrupt.h> 20 #include <kernel/misc.h> 21 #include <kernel/panic.h> 22 #include <kernel/spinlock.h> 23 #include <mm/core_memprot.h> 24 #include <platform_config.h> 25 #include <sm/psci.h> 26 #include <stm32_util.h> 27 #include <trace.h> 28 29 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 30 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 36 37 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 38 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 41 #ifdef CFG_STM32MP13 42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 43 #endif 44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 45 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 47 48 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 49 50 #define _ID2STR(id) (#id) 51 #define ID2STR(id) _ID2STR(id) 52 53 static TEE_Result platform_banner(void) 54 { 55 #ifdef CFG_EMBED_DTB 56 IMSG("Platform stm32mp1: flavor %s - DT %s", 57 ID2STR(PLATFORM_FLAVOR), 58 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 59 #else 60 IMSG("Platform stm32mp1: flavor %s - no device tree", 61 ID2STR(PLATFORM_FLAVOR)); 62 #endif 63 64 return TEE_SUCCESS; 65 } 66 service_init(platform_banner); 67 68 /* 69 * Console 70 * 71 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 72 * trace console. Value 0 disables the early console. 73 * 74 * We cannot use the generic serial_console support since probing 75 * the console requires the platform clock driver to be already 76 * up and ready which is done only once service_init are completed. 77 */ 78 static struct stm32_uart_pdata console_data; 79 80 void console_init(void) 81 { 82 /* Early console initialization before MMU setup */ 83 struct uart { 84 paddr_t pa; 85 bool secure; 86 } uarts[] = { 87 [0] = { .pa = 0 }, 88 [1] = { .pa = USART1_BASE, .secure = true, }, 89 [2] = { .pa = USART2_BASE, .secure = false, }, 90 [3] = { .pa = USART3_BASE, .secure = false, }, 91 [4] = { .pa = UART4_BASE, .secure = false, }, 92 [5] = { .pa = UART5_BASE, .secure = false, }, 93 [6] = { .pa = USART6_BASE, .secure = false, }, 94 [7] = { .pa = UART7_BASE, .secure = false, }, 95 [8] = { .pa = UART8_BASE, .secure = false, }, 96 }; 97 98 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 99 100 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 101 return; 102 103 /* No clock yet bound to the UART console */ 104 console_data.clock = NULL; 105 106 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 107 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 108 109 register_serial_console(&console_data.chip); 110 111 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 112 } 113 114 #ifdef CFG_EMBED_DTB 115 static TEE_Result init_console_from_dt(void) 116 { 117 struct stm32_uart_pdata *pd = NULL; 118 void *fdt = NULL; 119 int node = 0; 120 TEE_Result res = TEE_ERROR_GENERIC; 121 122 fdt = get_embedded_dt(); 123 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 124 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 125 fdt = get_external_dt(); 126 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 127 if (res == TEE_ERROR_ITEM_NOT_FOUND) 128 return TEE_SUCCESS; 129 if (res != TEE_SUCCESS) 130 return res; 131 } 132 133 pd = stm32_uart_init_from_dt_node(fdt, node); 134 if (!pd) { 135 IMSG("DTB disables console"); 136 register_serial_console(NULL); 137 return TEE_SUCCESS; 138 } 139 140 /* Replace early console with the new one */ 141 console_flush(); 142 console_data = *pd; 143 register_serial_console(&console_data.chip); 144 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 145 free(pd); 146 147 return TEE_SUCCESS; 148 } 149 150 /* Probe console from DT once clock inits (service init level) are completed */ 151 service_init_late(init_console_from_dt); 152 #endif 153 154 /* 155 * GIC init, used also for primary/secondary boot core wake completion 156 */ 157 static struct gic_data gic_data; 158 159 void itr_core_handler(void) 160 { 161 gic_it_handle(&gic_data); 162 } 163 164 void main_init_gic(void) 165 { 166 gic_init(&gic_data, GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 167 itr_init(&gic_data.chip); 168 169 stm32mp_register_online_cpu(); 170 } 171 172 void main_secondary_init_gic(void) 173 { 174 gic_cpu_init(&gic_data); 175 176 stm32mp_register_online_cpu(); 177 } 178 179 #ifdef CFG_STM32MP13 180 #ifdef CFG_STM32_ETZPC 181 /* Configure ETZPC cell and lock it when resource is secure */ 182 static void config_lock_decprot(uint32_t decprot_id, 183 enum etzpc_decprot_attributes decprot_attr) 184 { 185 etzpc_configure_decprot(decprot_id, decprot_attr); 186 187 if (decprot_attr == ETZPC_DECPROT_S_RW) 188 etzpc_lock_decprot(decprot_id); 189 } 190 191 static TEE_Result set_etzpc_secure_configuration(void) 192 { 193 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW); 194 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID, 195 ETZPC_DECPROT_NS_R_S_W); 196 197 /* Configure ETZPC with peripheral registering */ 198 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW); 199 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW); 200 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW); 201 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW); 202 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW); 203 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW); 204 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW); 205 /* HASH is secure */ 206 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW); 207 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW); 208 /* I2C4 is secure */ 209 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW); 210 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW); 211 /* IWDG1 is secure */ 212 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW); 213 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW); 214 /* LPTIM3 is secure */ 215 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW); 216 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW); 217 /* MCE is secure */ 218 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW); 219 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW); 220 /* PKA is secure */ 221 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW); 222 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW); 223 /* RNG is secure */ 224 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW); 225 /* SAES is secure */ 226 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW); 227 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW); 228 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW); 229 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW); 230 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW); 231 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW); 232 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW); 233 /* SRAM3 is secure */ 234 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW); 235 /* STGENC is secure */ 236 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW); 237 /* TIM12 is secure */ 238 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW); 239 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW); 240 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW); 241 /* TIM15 is secure */ 242 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW); 243 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW); 244 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW); 245 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW); 246 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW); 247 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW); 248 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW); 249 250 return TEE_SUCCESS; 251 } 252 253 driver_init_late(set_etzpc_secure_configuration); 254 #endif /* CFG_STM32_ETZPC */ 255 256 #ifdef CFG_STM32_GPIO 257 258 #define NB_PINS_PER_BANK U(16) 259 #define NB_PINS_BANK_H U(14) 260 #define NB_PINS_BANK_I U(8) 261 262 static TEE_Result set_all_gpios_non_secure(void) 263 { 264 unsigned int bank = 0; 265 unsigned int pin = 0; 266 unsigned int nb_pin_bank = 0; 267 268 for (bank = 0; bank <= GPIO_BANK_I; bank++) { 269 switch (bank) { 270 case GPIO_BANK_H: 271 nb_pin_bank = NB_PINS_BANK_H; 272 break; 273 case GPIO_BANK_I: 274 nb_pin_bank = NB_PINS_BANK_I; 275 break; 276 default: 277 nb_pin_bank = NB_PINS_PER_BANK; 278 break; 279 } 280 281 for (pin = 0; pin <= nb_pin_bank; pin++) 282 stm32_gpio_set_secure_cfg(bank, pin, false); 283 } 284 285 return TEE_SUCCESS; 286 } 287 288 early_init_late(set_all_gpios_non_secure); 289 #endif /* CFG_STM32_GPIO */ 290 #endif /* CFG_STM32MP13 */ 291 292 static TEE_Result init_stm32mp1_drivers(void) 293 { 294 /* Without secure DTB support, some drivers must be inited */ 295 if (!IS_ENABLED(CFG_EMBED_DTB)) 296 stm32_etzpc_init(ETZPC_BASE); 297 298 /* Secure internal memories for the platform, once ETZPC is ready */ 299 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE); 300 etzpc_lock_tzma(0); 301 302 #ifdef CFG_TZSRAM_START 303 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) || 304 ((SYSRAM_BASE <= CFG_TZSRAM_START) && 305 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE))); 306 #endif /* CFG_TZSRAM_START */ 307 308 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT); 309 etzpc_lock_tzma(1); 310 311 return TEE_SUCCESS; 312 } 313 314 service_init_late(init_stm32mp1_drivers); 315 316 static TEE_Result init_late_stm32mp1_drivers(void) 317 { 318 TEE_Result res = TEE_ERROR_GENERIC; 319 320 /* Set access permission to TAM backup registers */ 321 if (IS_ENABLED(CFG_STM32_TAMP)) { 322 struct stm32_bkpregs_conf conf = { 323 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 324 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 325 }; 326 327 res = stm32_tamp_set_secure_bkpregs(&conf); 328 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 329 /* TAMP driver was not probed if disabled in the DT */ 330 res = TEE_SUCCESS; 331 } 332 if (res) 333 panic(); 334 } 335 336 return TEE_SUCCESS; 337 } 338 339 driver_init_late(init_late_stm32mp1_drivers); 340 341 vaddr_t stm32_rcc_base(void) 342 { 343 static struct io_pa_va base = { .pa = RCC_BASE }; 344 345 return io_pa_or_va_secure(&base, 1); 346 } 347 348 vaddr_t get_gicd_base(void) 349 { 350 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 351 352 return io_pa_or_va_secure(&base, 1); 353 } 354 355 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 356 { 357 cfg->base = BSEC_BASE; 358 cfg->upper_start = STM32MP1_UPPER_OTP_START; 359 cfg->max_id = STM32MP1_OTP_MAX_ID; 360 } 361 362 bool stm32mp_is_closed_device(void) 363 { 364 uint32_t otp = 0; 365 TEE_Result result = TEE_ERROR_GENERIC; 366 367 /* Non closed_device platform expects fuse well programmed to 0 */ 368 result = stm32_bsec_shadow_read_otp(&otp, DATA0_OTP); 369 if (!result && !(otp & BIT(DATA0_OTP_SECURED_POS))) 370 return false; 371 372 return true; 373 } 374 375 bool __weak stm32mp_with_pmic(void) 376 { 377 return false; 378 } 379 380 uint32_t may_spin_lock(unsigned int *lock) 381 { 382 if (!lock || !cpu_mmu_enabled()) 383 return 0; 384 385 return cpu_spin_lock_xsave(lock); 386 } 387 388 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 389 { 390 if (!lock || !cpu_mmu_enabled()) 391 return; 392 393 cpu_spin_unlock_xrestore(lock, exceptions); 394 } 395 396 static vaddr_t stm32_tamp_base(void) 397 { 398 static struct io_pa_va base = { .pa = TAMP_BASE }; 399 400 return io_pa_or_va_secure(&base, 1); 401 } 402 403 static vaddr_t bkpreg_base(void) 404 { 405 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 406 } 407 408 vaddr_t stm32mp_bkpreg(unsigned int idx) 409 { 410 return bkpreg_base() + (idx * sizeof(uint32_t)); 411 } 412 413 static bool __maybe_unused bank_is_valid(unsigned int bank) 414 { 415 if (IS_ENABLED(CFG_STM32MP15)) 416 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 417 418 if (IS_ENABLED(CFG_STM32MP13)) 419 return bank <= GPIO_BANK_I; 420 421 panic(); 422 } 423 424 vaddr_t stm32_get_gpio_bank_base(unsigned int bank) 425 { 426 static struct io_pa_va base = { .pa = GPIOA_BASE }; 427 428 static_assert(GPIO_BANK_A == 0); 429 assert(bank_is_valid(bank)); 430 431 if (IS_ENABLED(CFG_STM32MP15)) { 432 static struct io_pa_va zbase = { .pa = GPIOZ_BASE }; 433 434 /* Get secure mapping address for GPIOZ */ 435 if (bank == GPIO_BANK_Z) 436 return io_pa_or_va_secure(&zbase, GPIO_BANK_OFFSET); 437 438 /* Other are mapped non-secure */ 439 return io_pa_or_va_nsec(&base, (bank + 1) * GPIO_BANK_OFFSET) + 440 (bank * GPIO_BANK_OFFSET); 441 } 442 443 if (IS_ENABLED(CFG_STM32MP13)) 444 return io_pa_or_va_secure(&base, 445 (bank + 1) * GPIO_BANK_OFFSET) + 446 (bank * GPIO_BANK_OFFSET); 447 448 panic(); 449 } 450 451 unsigned int stm32_get_gpio_bank_offset(unsigned int bank) 452 { 453 assert(bank_is_valid(bank)); 454 455 if (bank == GPIO_BANK_Z) 456 return 0; 457 458 return bank * GPIO_BANK_OFFSET; 459 } 460 461 unsigned int stm32_get_gpio_bank_clock(unsigned int bank) 462 { 463 assert(bank_is_valid(bank)); 464 465 #ifdef CFG_STM32MP15 466 if (bank == GPIO_BANK_Z) 467 return GPIOZ; 468 #endif 469 470 return GPIOA + bank; 471 } 472 473 struct clk *stm32_get_gpio_bank_clk(unsigned int bank) 474 { 475 assert(bank_is_valid(bank)); 476 477 if (!IS_ENABLED(CFG_DRIVERS_CLK)) 478 return NULL; 479 480 return stm32mp_rcc_clock_id_to_clk(stm32_get_gpio_bank_clock(bank)); 481 } 482 483 #ifdef CFG_STM32_IWDG 484 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 485 struct stm32_iwdg_otp_data *otp_data) 486 { 487 unsigned int idx = 0; 488 uint32_t otp_id = 0; 489 size_t bit_len = 0; 490 uint32_t otp_value = 0; 491 492 switch (pbase) { 493 case IWDG1_BASE: 494 idx = 0; 495 break; 496 case IWDG2_BASE: 497 idx = 1; 498 break; 499 default: 500 panic(); 501 } 502 503 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) || 504 bit_len != 32) 505 panic(); 506 507 if (stm32_bsec_read_otp(&otp_value, otp_id)) 508 panic(); 509 510 otp_data->hw_enabled = otp_value & 511 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 512 otp_data->disable_on_stop = otp_value & 513 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 514 otp_data->disable_on_standby = otp_value & 515 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 516 517 return TEE_SUCCESS; 518 } 519 #endif /*CFG_STM32_IWDG*/ 520