1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2024, STMicroelectronics 4 * Copyright (c) 2016-2018, Linaro Limited 5 */ 6 7 #include <boot_api.h> 8 #include <config.h> 9 #include <console.h> 10 #include <drivers/firewall_device.h> 11 #include <drivers/gic.h> 12 #include <drivers/pinctrl.h> 13 #include <drivers/stm32_bsec.h> 14 #include <drivers/stm32_etzpc.h> 15 #include <drivers/stm32_gpio.h> 16 #include <drivers/stm32_iwdg.h> 17 #include <drivers/stm32_tamp.h> 18 #include <drivers/stm32_uart.h> 19 #include <drivers/stm32mp_dt_bindings.h> 20 #ifdef CFG_STM32MP15 21 #include <drivers/stm32mp1_rcc.h> 22 #endif 23 #include <io.h> 24 #include <kernel/boot.h> 25 #include <kernel/dt.h> 26 #include <kernel/dt_driver.h> 27 #include <kernel/misc.h> 28 #include <kernel/panic.h> 29 #include <kernel/spinlock.h> 30 #include <kernel/tee_misc.h> 31 #include <libfdt.h> 32 #include <mm/core_memprot.h> 33 #include <platform_config.h> 34 #include <sm/psci.h> 35 #include <stm32_util.h> 36 #include <string.h> 37 #include <trace.h> 38 39 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE); 40 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE); 41 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE); 42 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE); 43 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE); 44 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE); 45 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE); 46 47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE); 48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE); 49 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE); 50 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE); 51 #ifdef CFG_STM32MP13 52 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE); 53 #endif 54 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE); 55 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE); 56 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE); 57 58 register_ddr(DDR_BASE, CFG_DRAM_SIZE); 59 60 #define _ID2STR(id) (#id) 61 #define ID2STR(id) _ID2STR(id) 62 63 static TEE_Result platform_banner(void) 64 { 65 IMSG("Platform stm32mp1: flavor %s - DT %s", 66 ID2STR(PLATFORM_FLAVOR), 67 ID2STR(CFG_EMBED_DTB_SOURCE_FILE)); 68 69 return TEE_SUCCESS; 70 } 71 service_init(platform_banner); 72 73 /* 74 * Console 75 * 76 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for 77 * trace console. Value 0 disables the early console. 78 * 79 * We cannot use the generic serial_console support since probing 80 * the console requires the platform clock driver to be already 81 * up and ready which is done only once service_init are completed. 82 */ 83 static struct stm32_uart_pdata console_data; 84 85 void plat_console_init(void) 86 { 87 /* Early console initialization before MMU setup */ 88 struct uart { 89 paddr_t pa; 90 bool secure; 91 } uarts[] = { 92 [0] = { .pa = 0 }, 93 [1] = { .pa = USART1_BASE, .secure = true, }, 94 [2] = { .pa = USART2_BASE, .secure = false, }, 95 [3] = { .pa = USART3_BASE, .secure = false, }, 96 [4] = { .pa = UART4_BASE, .secure = false, }, 97 [5] = { .pa = UART5_BASE, .secure = false, }, 98 [6] = { .pa = USART6_BASE, .secure = false, }, 99 [7] = { .pa = UART7_BASE, .secure = false, }, 100 [8] = { .pa = UART8_BASE, .secure = false, }, 101 }; 102 103 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART); 104 105 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa) 106 return; 107 108 /* No clock yet bound to the UART console */ 109 console_data.clock = NULL; 110 111 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure; 112 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa); 113 114 register_serial_console(&console_data.chip); 115 116 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART); 117 } 118 119 static TEE_Result init_console_from_dt(void) 120 { 121 struct stm32_uart_pdata *pd = NULL; 122 void *fdt = NULL; 123 int node = 0; 124 TEE_Result res = TEE_ERROR_GENERIC; 125 126 fdt = get_embedded_dt(); 127 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 128 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 129 fdt = get_external_dt(); 130 res = get_console_node_from_dt(fdt, &node, NULL, NULL); 131 if (res == TEE_ERROR_ITEM_NOT_FOUND) 132 return TEE_SUCCESS; 133 if (res != TEE_SUCCESS) 134 return res; 135 } 136 137 pd = stm32_uart_init_from_dt_node(fdt, node); 138 if (!pd) { 139 IMSG("DTB disables console"); 140 register_serial_console(NULL); 141 return TEE_SUCCESS; 142 } 143 144 /* Replace early console with the new one */ 145 console_flush(); 146 console_data = *pd; 147 register_serial_console(&console_data.chip); 148 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-"); 149 free(pd); 150 151 return TEE_SUCCESS; 152 } 153 154 /* Probe console from DT once clock inits (service init level) are completed */ 155 service_init_late(init_console_from_dt); 156 157 /* 158 * GIC init, used also for primary/secondary boot core wake completion 159 */ 160 void boot_primary_init_intc(void) 161 { 162 gic_init(GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET); 163 164 stm32mp_register_online_cpu(); 165 } 166 167 void boot_secondary_init_intc(void) 168 { 169 gic_init_per_cpu(); 170 171 stm32mp_register_online_cpu(); 172 } 173 174 #ifdef CFG_STM32MP15 175 /* 176 * This concerns OP-TEE pager for STM32MP1 to use secure internal 177 * RAMs to execute. TZSRAM refers the TZSRAM_BASE/TZSRAM_SIZE 178 * used in boot.c to locate secure unpaged memory. 179 * 180 * STM32MP15 variants embed 640kB of contiguous securable SRAMs 181 * 182 * +--------------+ <-- SYSRAM_BASE 183 * | | lower part can be assigned to secure world 184 * | SYSRAM 256kB | 4kB granule boundary 185 * | | upper part can be assigned to secure world 186 * +--------------+ <-- SRAM1_BASE (= SYSRAM_BASE + SYSRAM_SIZE) 187 | | full range assigned to non-secure world or 188 * | SRAM1 128kB | to secure world, or to- Cortex-M4 exclusive access 189 * +--------------+ <-- SRAM2_BASE (= SRAM1_BASE + SRAM1_SIZE) 190 | | full range assigned to non-secure world or 191 * | SRAM2 128kB | to secure world, or to- Cortex-M4 exclusive access 192 * +--------------+ <-- SRAM3_BASE (= SRAM2_BASE + SRAM2_SIZE) 193 | | full range assigned to non-secure world or 194 * | SRAM3 64kB | to secure world, or to- Cortex-M4 exclusive access 195 * +--------------+ <-- SRAM4_BASE (= SRAM3_BASE + SRAM3_SIZE) 196 | | full range assigned to non-secure world or 197 * | SRAM4 64kB | to secure world, or to- Cortex-M4 exclusive access 198 * +--------------+ <-- SRAM4_BASE + SRAM4_SIZE 199 * 200 * If SRAMx memories are not used for the companion Cortex-M4 201 * processor, OP-TEE can use this memory. 202 * 203 * SYSRAM configuration for secure/non-secure boundaries requires the 204 * secure SYSRAM memory to start at the SYSRAM physical base address and grow 205 * from there while the non-secure SYSRAM range lies at SYSRAM end addresses 206 * with a 4KB page granule. 207 * 208 * SRAM1, SRAM2, SRAM3 and SRAM4 are independently assigned to secure world, 209 * to non-secure world or possibly to Cortex-M4 exclusive access. Each 210 * assignment covers the full related SRAMx memory range. 211 * 212 * Using non-secure SYSRAM or one of the SRAMx for SCMI message communication 213 * can be done using CFG_STM32MP1_SCMI_SHM_BASE/CFG_STM32MP1_SCMI_SHM_SIZE. 214 * This imposes related memory area is assigned to non-secure world. 215 216 * Using secure internal memories (SYSRAM and/or some SRAMx) with STM32MP15 217 * shall meet this constraints known the TZSRAM physical memory range shall 218 * be contiguous. 219 */ 220 221 #define SYSRAM_END (SYSRAM_BASE + SYSRAM_SIZE) 222 #define SYSRAM_SEC_END (SYSRAM_BASE + SYSRAM_SEC_SIZE) 223 #define SRAMS_END (SRAM4_BASE + SRAM4_SIZE) 224 #define SRAMS_START SRAM1_BASE 225 #define TZSRAM_END (CFG_TZSRAM_START + CFG_TZSRAM_SIZE) 226 227 #define TZSRAM_FITS_IN_SYSRAM_SEC ((CFG_TZSRAM_START >= SYSRAM_BASE) && \ 228 (TZSRAM_END <= SYSRAM_SEC_END)) 229 230 #define TZSRAM_FITS_IN_SYSRAM_AND_SRAMS ((CFG_TZSRAM_START >= SYSRAM_BASE) && \ 231 (CFG_TZSRAM_START < SYSRAM_END) && \ 232 (TZSRAM_END > SYSRAM_END) && \ 233 (TZSRAM_END <= SRAMS_END) && \ 234 (SYSRAM_SIZE == SYSRAM_SEC_SIZE)) 235 236 #define TZSRAM_FITS_IN_SRAMS ((CFG_TZSRAM_START >= SRAMS_START) && \ 237 (CFG_TZSRAM_START < SRAMS_END) && \ 238 (TZSRAM_END <= SRAMS_END)) 239 240 #define TZSRAM_IS_IN_DRAM (CFG_TZSRAM_START >= CFG_DRAM_BASE) 241 242 #ifdef CFG_WITH_PAGER 243 /* 244 * At build time, we enforce that, when pager is used, 245 * either TZSRAM fully fits inside SYSRAM secure address range, 246 * or TZSRAM fully fits inside the full SYSRAM and spread inside SRAMx orderly, 247 * or TZSRAM fully fits some inside SRAMs address range, 248 * or TZSRAM is in DDR for debug and test purpose. 249 */ 250 static_assert(TZSRAM_FITS_IN_SYSRAM_SEC || TZSRAM_FITS_IN_SYSRAM_AND_SRAMS || 251 TZSRAM_FITS_IN_SRAMS || TZSRAM_IS_IN_DRAM); 252 #endif /* CFG_WITH_PAGER */ 253 #endif /* CFG_STM32MP15 */ 254 255 static TEE_Result secure_pager_ram(struct dt_driver_provider *fw_provider, 256 unsigned int decprot_id, 257 paddr_t base, size_t secure_size) 258 { 259 /* Lock firewall configuration for secure internal RAMs used by pager */ 260 uint32_t query_arg = DECPROT(decprot_id, DECPROT_S_RW, DECPROT_LOCK); 261 struct firewall_query fw_query = { 262 .ctrl = dt_driver_provider_priv_data(fw_provider), 263 .args = &query_arg, 264 .arg_count = 1, 265 }; 266 TEE_Result res = TEE_ERROR_GENERIC; 267 bool is_pager_ram = false; 268 269 #if defined(CFG_WITH_PAGER) 270 is_pager_ram = core_is_buffer_intersect(CFG_TZSRAM_START, 271 CFG_TZSRAM_SIZE, 272 base, secure_size); 273 #endif 274 if (!is_pager_ram) 275 return TEE_SUCCESS; 276 277 res = firewall_set_memory_configuration(&fw_query, base, secure_size); 278 if (res) 279 EMSG("Failed to configure secure SRAM %#"PRIxPA"..%#"PRIxPA, 280 base, base + secure_size); 281 282 return res; 283 } 284 285 static TEE_Result non_secure_scmi_ram(struct dt_driver_provider *fw_provider, 286 unsigned int decprot_id, 287 paddr_t base, size_t size) 288 { 289 /* Do not lock firewall configuration for non-secure internal RAMs */ 290 uint32_t query_arg = DECPROT(decprot_id, DECPROT_NS_RW, DECPROT_UNLOCK); 291 struct firewall_query fw_query = { 292 .ctrl = dt_driver_provider_priv_data(fw_provider), 293 .args = &query_arg, 294 .arg_count = 1, 295 }; 296 TEE_Result res = TEE_ERROR_GENERIC; 297 298 if (!core_is_buffer_intersect(CFG_STM32MP1_SCMI_SHM_BASE, 299 CFG_STM32MP1_SCMI_SHM_SIZE, 300 base, size)) 301 return TEE_SUCCESS; 302 303 res = firewall_set_memory_configuration(&fw_query, base, size); 304 if (res) 305 EMSG("Failed to configure non-secure SRAM %#"PRIxPA"..%#"PRIxPA, 306 base, base + size); 307 308 return res; 309 } 310 311 /* At run time we enforce that SRAM1 to SRAM4 are properly assigned if used */ 312 static void configure_srams(struct dt_driver_provider *fw_provider) 313 { 314 bool error = false; 315 316 if (IS_ENABLED(CFG_WITH_PAGER)) { 317 if (secure_pager_ram(fw_provider, STM32MP1_ETZPC_SRAM1_ID, 318 SRAM1_BASE, SRAM1_SIZE)) 319 error = true; 320 321 if (secure_pager_ram(fw_provider, STM32MP1_ETZPC_SRAM2_ID, 322 SRAM2_BASE, SRAM2_SIZE)) 323 error = true; 324 325 if (secure_pager_ram(fw_provider, STM32MP1_ETZPC_SRAM3_ID, 326 SRAM3_BASE, SRAM3_SIZE)) 327 error = true; 328 329 #if defined(CFG_STM32MP15) 330 if (secure_pager_ram(fw_provider, STM32MP1_ETZPC_SRAM4_ID, 331 SRAM4_BASE, SRAM4_SIZE)) 332 error = true; 333 #endif 334 } 335 if (CFG_STM32MP1_SCMI_SHM_BASE) { 336 if (non_secure_scmi_ram(fw_provider, STM32MP1_ETZPC_SRAM1_ID, 337 SRAM1_BASE, SRAM1_SIZE)) 338 error = true; 339 340 if (non_secure_scmi_ram(fw_provider, STM32MP1_ETZPC_SRAM2_ID, 341 SRAM2_BASE, SRAM2_SIZE)) 342 error = true; 343 344 if (non_secure_scmi_ram(fw_provider, STM32MP1_ETZPC_SRAM3_ID, 345 SRAM3_BASE, SRAM3_SIZE)) 346 error = true; 347 348 #if defined(CFG_STM32MP15) 349 if (non_secure_scmi_ram(fw_provider, STM32MP1_ETZPC_SRAM4_ID, 350 SRAM4_BASE, SRAM4_SIZE)) 351 error = true; 352 #endif 353 } 354 355 if (error) 356 panic(); 357 } 358 359 static void configure_sysram(struct dt_driver_provider *fw_provider) 360 { 361 uint32_t query_arg = DECPROT(ETZPC_TZMA1_ID, DECPROT_S_RW, 362 DECPROT_UNLOCK); 363 struct firewall_query firewall = { 364 .ctrl = dt_driver_provider_priv_data(fw_provider), 365 .args = &query_arg, 366 .arg_count = 1, 367 }; 368 TEE_Result res = TEE_ERROR_GENERIC; 369 370 res = firewall_set_memory_configuration(&firewall, SYSRAM_BASE, 371 SYSRAM_SEC_SIZE); 372 if (res) 373 panic("Unable to secure SYSRAM"); 374 375 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) { 376 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE; 377 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE; 378 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC, 379 nsec_size); 380 381 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1); 382 383 /* Clear content from the non-secure part */ 384 memset(va, 0, nsec_size); 385 } 386 } 387 388 static TEE_Result init_late_stm32mp1_drivers(void) 389 { 390 TEE_Result res = TEE_ERROR_GENERIC; 391 uint32_t __maybe_unused state = 0; 392 393 /* Set access permission to TAM backup registers */ 394 if (IS_ENABLED(CFG_STM32_TAMP)) { 395 struct stm32_bkpregs_conf conf = { 396 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT, 397 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT, 398 }; 399 400 res = stm32_tamp_set_secure_bkpregs(&conf); 401 if (res == TEE_ERROR_DEFER_DRIVER_INIT) { 402 /* TAMP driver was not probed if disabled in the DT */ 403 res = TEE_SUCCESS; 404 } 405 if (res) 406 panic(); 407 } 408 409 /* Configure SYSRAM and SRAMx secure hardening */ 410 if (IS_ENABLED(CFG_STM32_ETZPC)) { 411 struct dt_driver_provider *prov = NULL; 412 int node = 0; 413 414 node = fdt_node_offset_by_compatible(get_embedded_dt(), -1, 415 "st,stm32-etzpc"); 416 if (node < 0) 417 panic("Could not get ETZPC node"); 418 419 prov = dt_driver_get_provider_by_node(node, DT_DRIVER_FIREWALL); 420 assert(prov); 421 422 configure_sysram(prov); 423 configure_srams(prov); 424 } 425 426 #ifdef CFG_STM32MP15 427 /* Device in Secure Closed state require RCC secure hardening */ 428 if (stm32_bsec_get_state(&state)) 429 panic(); 430 if (state == BSEC_STATE_SEC_CLOSED && !stm32_rcc_is_secure()) 431 panic("Closed device mandates secure RCC"); 432 #endif 433 434 return TEE_SUCCESS; 435 } 436 437 driver_init_late(init_late_stm32mp1_drivers); 438 439 vaddr_t stm32_rcc_base(void) 440 { 441 static struct io_pa_va base = { .pa = RCC_BASE }; 442 443 return io_pa_or_va_secure(&base, 1); 444 } 445 446 vaddr_t get_gicd_base(void) 447 { 448 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET }; 449 450 return io_pa_or_va_secure(&base, 1); 451 } 452 453 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg) 454 { 455 cfg->base = BSEC_BASE; 456 cfg->upper_start = STM32MP1_UPPER_OTP_START; 457 cfg->max_id = STM32MP1_OTP_MAX_ID; 458 } 459 460 bool __weak stm32mp_with_pmic(void) 461 { 462 return false; 463 } 464 465 uint32_t may_spin_lock(unsigned int *lock) 466 { 467 if (!lock || !cpu_mmu_enabled()) 468 return 0; 469 470 return cpu_spin_lock_xsave(lock); 471 } 472 473 void may_spin_unlock(unsigned int *lock, uint32_t exceptions) 474 { 475 if (!lock || !cpu_mmu_enabled()) 476 return; 477 478 cpu_spin_unlock_xrestore(lock, exceptions); 479 } 480 481 static vaddr_t stm32_tamp_base(void) 482 { 483 static struct io_pa_va base = { .pa = TAMP_BASE }; 484 485 return io_pa_or_va_secure(&base, 1); 486 } 487 488 static vaddr_t bkpreg_base(void) 489 { 490 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF; 491 } 492 493 vaddr_t stm32mp_bkpreg(unsigned int idx) 494 { 495 return bkpreg_base() + (idx * sizeof(uint32_t)); 496 } 497 498 static bool __maybe_unused bank_is_valid(unsigned int bank) 499 { 500 if (IS_ENABLED(CFG_STM32MP15)) 501 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K; 502 503 if (IS_ENABLED(CFG_STM32MP13)) 504 return bank <= GPIO_BANK_I; 505 506 panic(); 507 } 508 509 #ifdef CFG_STM32_IWDG 510 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase, 511 struct stm32_iwdg_otp_data *otp_data) 512 { 513 unsigned int idx = 0; 514 uint32_t otp_id = 0; 515 size_t bit_len = 0; 516 uint8_t bit_offset = 0; 517 uint32_t otp_value = 0; 518 519 switch (pbase) { 520 case IWDG1_BASE: 521 idx = 0; 522 break; 523 case IWDG2_BASE: 524 idx = 1; 525 break; 526 default: 527 panic(); 528 } 529 530 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_offset, 531 &bit_len) || 532 bit_len != 32 || bit_offset != 0) 533 panic(); 534 535 if (stm32_bsec_read_otp(&otp_value, otp_id)) 536 panic(); 537 538 otp_data->hw_enabled = otp_value & 539 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT); 540 otp_data->disable_on_stop = otp_value & 541 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT); 542 otp_data->disable_on_standby = otp_value & 543 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT); 544 545 return TEE_SUCCESS; 546 } 547 #endif /*CFG_STM32_IWDG*/ 548 549 #ifdef CFG_STM32_DEBUG_ACCESS 550 static TEE_Result init_debug(void) 551 { 552 TEE_Result res = TEE_SUCCESS; 553 uint32_t conf = stm32_bsec_read_debug_conf(); 554 struct clk *dbg_clk = stm32mp_rcc_clock_id_to_clk(CK_DBG); 555 uint32_t state = 0; 556 557 res = stm32_bsec_get_state(&state); 558 if (res) 559 return res; 560 561 if (state != BSEC_STATE_SEC_CLOSED && conf) { 562 if (IS_ENABLED(CFG_INSECURE)) 563 IMSG("WARNING: All debug accesses are allowed"); 564 565 res = stm32_bsec_write_debug_conf(conf | BSEC_DEBUG_ALL); 566 if (res) 567 return res; 568 569 /* 570 * Enable DBG clock as used to access coprocessor 571 * debug registers 572 */ 573 clk_enable(dbg_clk); 574 } 575 576 return TEE_SUCCESS; 577 } 578 early_init_late(init_debug); 579 #endif /* CFG_STM32_DEBUG_ACCESS */ 580 581 /* Some generic resources need to be unpaged */ 582 DECLARE_KEEP_PAGER(pinctrl_apply_state); 583 584 bool stm32mp_allow_probe_shared_device(const void *fdt, int node) 585 { 586 static int uart_console_node = -1; 587 const char *compat = NULL; 588 static bool once; 589 590 if (IS_ENABLED(CFG_STM32_ALLOW_UNSAFE_PROBE)) 591 return true; 592 593 if (!once) { 594 get_console_node_from_dt((void *)fdt, &uart_console_node, 595 NULL, NULL); 596 once = true; 597 } 598 599 compat = fdt_stringlist_get(fdt, node, "compatible", 0, NULL); 600 601 /* 602 * Allow OP-TEE console and MP15 I2C and RNG to be shared 603 * with non-secure world. 604 */ 605 if (node == uart_console_node || 606 !strcmp(compat, "st,stm32mp15-i2c-non-secure") || 607 (!strcmp(compat, "st,stm32-rng") && 608 IS_ENABLED(CFG_WITH_SOFTWARE_PRNG))) 609 return true; 610 611 return false; 612 } 613 614 #if defined(CFG_STM32MP15) && defined(CFG_WITH_PAGER) 615 paddr_t stm32mp1_pa_or_sram_alias_pa(paddr_t pa) 616 { 617 /* 618 * OP-TEE uses the alias physical addresses of SRAM1/2/3/4, 619 * not the standard physical addresses. This choice was initially 620 * driven by pager that needs physically contiguous memories 621 * for internal secure memories. 622 */ 623 if (core_is_buffer_inside(pa, 1, SRAM1_ALT_BASE, SRAM1_SIZE)) 624 pa += SRAM1_BASE - SRAM1_ALT_BASE; 625 else if (core_is_buffer_inside(pa, 1, SRAM2_ALT_BASE, SRAM2_SIZE)) 626 pa += SRAM2_BASE - SRAM2_ALT_BASE; 627 else if (core_is_buffer_inside(pa, 1, SRAM3_ALT_BASE, SRAM3_SIZE)) 628 pa += SRAM3_BASE - SRAM3_ALT_BASE; 629 else if (core_is_buffer_inside(pa, 1, SRAM4_ALT_BASE, SRAM4_SIZE)) 630 pa += SRAM4_BASE - SRAM4_ALT_BASE; 631 632 return pa; 633 } 634 635 bool stm32mp1_ram_intersect_pager_ram(paddr_t base, size_t size) 636 { 637 base = stm32mp1_pa_or_sram_alias_pa(base); 638 639 return core_is_buffer_intersect(base, size, CFG_TZSRAM_START, 640 CFG_TZSRAM_SIZE); 641 } 642 #endif 643