1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2024, STMicroelectronics 4 */ 5 6 #include <drivers/firewall.h> 7 #include <drivers/stm32_rif.h> 8 #include <drivers/stm32_shared_io.h> 9 #include <drivers/stm32mp_dt_bindings.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/dt.h> 13 #include <kernel/dt_driver.h> 14 #include <kernel/panic.h> 15 #include <kernel/pm.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <stm32_util.h> 19 #include <tee_api_defines.h> 20 #include <trace.h> 21 #include <util.h> 22 23 /* RIFSC offset register */ 24 #define _RIFSC_RISC_SECCFGR0 U(0x10) 25 #define _RIFSC_RISC_PRIVCFGR0 U(0x30) 26 #define _RIFSC_RISC_RCFGLOCKR0 U(0x50) 27 #define _RIFSC_RISC_PER0_CIDCFGR U(0x100) 28 #define _RIFSC_RISC_PER0_SEMCR U(0x104) 29 #define _RIFSC_RIMC_CR U(0xC00) 30 #define _RIFSC_RIMC_ATTR0 U(0xC10) 31 #define _RIFSC_RISAL_CFGR0_A(y) (U(0x900) + (0x10 * ((y) - 1))) 32 #define _RIFSC_RISAL_CFGR0_B(y) (U(0x908) + (0x10 * ((y) - 1))) 33 #define _RIFSC_RISAL_ADDR_A U(0x924) 34 #define _RIFSC_RISAL_ADDR_B U(0x92C) 35 #define _RIFSC_HWCFGR3 U(0xFE8) 36 #define _RIFSC_HWCFGR2 U(0xFEC) 37 #define _RIFSC_HWCFGR1 U(0xFF0) 38 #define _RIFSC_VERR U(0xFF4) 39 40 /* RIFSC_HWCFGR2 register fields */ 41 #define _RIFSC_HWCFGR2_CFG1_MASK GENMASK_32(15, 0) 42 #define _RIFSC_HWCFGR2_CFG1_SHIFT U(0) 43 #define _RIFSC_HWCFGR2_CFG2_MASK GENMASK_32(23, 16) 44 #define _RIFSC_HWCFGR2_CFG2_SHIFT U(16) 45 #define _RIFSC_HWCFGR2_CFG3_MASK GENMASK_32(31, 24) 46 #define _RIFSC_HWCFGR2_CFG3_SHIFT U(24) 47 48 /* RIFSC_HWCFGR1 register fields */ 49 #define _RIFSC_HWCFGR1_CFG1_MASK GENMASK_32(3, 0) 50 #define _RIFSC_HWCFGR1_CFG1_SHIFT U(0) 51 #define _RIFSC_HWCFGR1_CFG2_MASK GENMASK_32(7, 4) 52 #define _RIFSC_HWCFGR1_CFG2_SHIFT U(4) 53 #define _RIFSC_HWCFGR1_CFG3_MASK GENMASK_32(11, 8) 54 #define _RIFSC_HWCFGR1_CFG3_SHIFT U(8) 55 #define _RIFSC_HWCFGR1_CFG4_MASK GENMASK_32(15, 12) 56 #define _RIFSC_HWCFGR1_CFG4_SHIFT U(12) 57 #define _RIFSC_HWCFGR1_CFG5_MASK GENMASK_32(19, 16) 58 #define _RIFSC_HWCFGR1_CFG5_SHIFT U(16) 59 #define _RIFSC_HWCFGR1_CFG6_MASK GENMASK_32(23, 20) 60 #define _RIFSC_HWCFGR1_CFG6_SHIFT U(20) 61 62 /* 63 * RISC_CR register fields 64 */ 65 #define _RIFSC_RISC_CR_GLOCK BIT(0) 66 67 /* 68 * RIMC_CR register fields 69 */ 70 #define _RIFSC_RIMC_CR_GLOCK BIT(0) 71 #define _RIFSC_RIMC_CR_TDCID_MASK GENMASK_32(6, 4) 72 73 /* RIFSC_VERR register fields */ 74 #define _RIFSC_VERR_MINREV_MASK GENMASK_32(3, 0) 75 #define _RIFSC_VERR_MINREV_SHIFT U(0) 76 #define _RIFSC_VERR_MAJREV_MASK GENMASK_32(7, 4) 77 #define _RIFSC_VERR_MAJREV_SHIFT U(4) 78 79 /* Periph id per register */ 80 #define _PERIPH_IDS_PER_REG U(32) 81 #define _OFFSET_PERX_CIDCFGR U(0x8) 82 83 #define RIFSC_RISC_CIDCFGR_CFEN_MASK BIT(0) 84 #define RIFSC_RISC_CIDCFGR_CFEN_SHIFT U(0) 85 #define RIFSC_RISC_CIDCFGR_SEM_EN_MASK BIT(1) 86 #define RIFSC_RISC_CIDCFGR_SEM_EN_SHIFT U(1) 87 #define RIFSC_RISC_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 88 #define RIFSC_RISC_CIDCFGR_SCID_SHIFT U(4) 89 #define RIFSC_RISC_CIDCFGR_LOCK_MASK BIT(10) 90 #define RIFSC_RISC_CIDCFGR_LOCK_SHIFT U(10) 91 #define RIFSC_RISC_CIDCFGR_SEML_MASK GENMASK_32(23, 16) 92 #define RIFSC_RISC_CIDCFGR_SEML_SHIFT U(16) 93 94 #define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CIDCFGR_CFEN_MASK | \ 95 RIFSC_RISC_CIDCFGR_SEM_EN_MASK | \ 96 RIFSC_RISC_CIDCFGR_SCID_MASK | \ 97 RIFSC_RISC_CIDCFGR_SCID_SHIFT) 98 99 #define RIFSC_RISC_PERx_CID_SHIFT U(0) 100 101 #define RIFSC_RIMC_MODE_MASK BIT(2) 102 #define RIFSC_RIMC_MCID_MASK GENMASK_32(6, 4) 103 #define RIFSC_RIMC_MSEC_MASK BIT(8) 104 #define RIFSC_RIMC_MPRIV_MASK BIT(9) 105 #define RIFSC_RIMC_M_ID_MASK GENMASK_32(23, 16) 106 107 #define RIFSC_RIMC_ATTRx_MASK (RIFSC_RIMC_MODE_MASK | \ 108 RIFSC_RIMC_MCID_MASK | \ 109 RIFSC_RIMC_MSEC_MASK | \ 110 RIFSC_RIMC_MPRIV_MASK) 111 112 /* max entries */ 113 #define MAX_RIMU U(16) 114 #define MAX_RISUP U(128) 115 116 #define _RIF_FLD_GET(field, value) (((uint32_t)(value) & \ 117 (field ## _MASK)) >>\ 118 (field ## _SHIFT)) 119 120 struct risup_cfg { 121 uint32_t cid_attr; 122 uint32_t id; 123 bool sec; 124 bool priv; 125 bool lock; 126 bool pm_sem; 127 }; 128 129 struct rimu_cfg { 130 uint32_t id; 131 uint32_t attr; 132 }; 133 134 struct risal_cfg { 135 uint32_t id; 136 uint32_t blockid; 137 uint32_t attr; 138 }; 139 140 struct rifsc_driver_data { 141 bool rif_en; 142 bool sec_en; 143 bool priv_en; 144 uint8_t nb_rimu; 145 uint8_t nb_risup; 146 uint8_t nb_risal; 147 uint8_t version; 148 }; 149 150 struct rifsc_platdata { 151 uintptr_t base; 152 struct rifsc_driver_data *drv_data; 153 struct risup_cfg *risup; 154 unsigned int nrisup; 155 struct rimu_cfg *rimu; 156 unsigned int nrimu; 157 struct risal_cfg *risal; 158 unsigned int nrisal; 159 bool is_tdcid; 160 }; 161 162 /* There is only 1 instance of the RIFSC subsystem */ 163 static struct rifsc_driver_data rifsc_drvdata; 164 static struct rifsc_platdata rifsc_pdata; 165 166 static void stm32_rifsc_get_driverdata(struct rifsc_platdata *pdata) 167 { 168 uint32_t regval = 0; 169 170 regval = io_read32(pdata->base + _RIFSC_HWCFGR1); 171 rifsc_drvdata.rif_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG1, regval) != 0; 172 rifsc_drvdata.sec_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG2, regval) != 0; 173 rifsc_drvdata.priv_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG3, regval) != 0; 174 175 regval = io_read32(pdata->base + _RIFSC_HWCFGR2); 176 rifsc_drvdata.nb_risup = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG1, regval); 177 rifsc_drvdata.nb_rimu = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG2, regval); 178 rifsc_drvdata.nb_risal = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG3, regval); 179 180 pdata->drv_data = &rifsc_drvdata; 181 182 rifsc_drvdata.version = io_read8(pdata->base + _RIFSC_VERR); 183 184 DMSG("RIFSC version %"PRIu32".%"PRIu32, 185 _RIF_FLD_GET(_RIFSC_VERR_MAJREV, rifsc_drvdata.version), 186 _RIF_FLD_GET(_RIFSC_VERR_MINREV, rifsc_drvdata.version)); 187 188 DMSG("HW cap: enabled[rif:sec:priv]:[%s:%s:%s] nb[risup|rimu|risal]:[%"PRIu8",%"PRIu8",%"PRIu8"]", 189 rifsc_drvdata.rif_en ? "true" : "false", 190 rifsc_drvdata.sec_en ? "true" : "false", 191 rifsc_drvdata.priv_en ? "true" : "false", 192 rifsc_drvdata.nb_risup, 193 rifsc_drvdata.nb_rimu, 194 rifsc_drvdata.nb_risal); 195 } 196 197 static TEE_Result stm32_rifsc_glock_config(const void *fdt, int node, 198 struct rifsc_platdata *pdata) 199 { 200 const fdt32_t *cuint = NULL; 201 uint32_t glock_conf = 0; 202 int len = 0; 203 204 cuint = fdt_getprop(fdt, node, "st,glocked", &len); 205 if (!cuint) { 206 DMSG("No global lock on RIF configuration"); 207 return TEE_SUCCESS; 208 } 209 assert(len == sizeof(uint32_t)); 210 211 glock_conf = fdt32_to_cpu(*cuint); 212 213 if (glock_conf & RIFSC_RIMU_GLOCK) { 214 DMSG("Setting global lock on RIMU configuration"); 215 216 io_setbits32(pdata->base + _RIFSC_RIMC_CR, 217 _RIFSC_RIMC_CR_GLOCK); 218 219 if (!(io_read32(pdata->base + _RIFSC_RIMC_CR) & 220 _RIFSC_RIMC_CR_GLOCK)) 221 return TEE_ERROR_ACCESS_DENIED; 222 } 223 224 if (glock_conf & RIFSC_RISUP_GLOCK) { 225 DMSG("Setting global lock on RISUP configuration"); 226 227 io_setbits32(pdata->base, _RIFSC_RISC_CR_GLOCK); 228 229 if (!(io_read32(pdata->base) & _RIFSC_RISC_CR_GLOCK)) 230 return TEE_ERROR_ACCESS_DENIED; 231 } 232 233 return TEE_SUCCESS; 234 } 235 236 static TEE_Result stm32_rifsc_dt_conf_risup(const void *fdt, int node, 237 struct rifsc_platdata *pdata) 238 { 239 const fdt32_t *conf_list = NULL; 240 unsigned int i = 0; 241 int len = 0; 242 243 conf_list = fdt_getprop(fdt, node, "st,protreg", &len); 244 if (!conf_list) { 245 DMSG("No RISUP configuration in DT"); 246 return TEE_ERROR_ITEM_NOT_FOUND; 247 } 248 assert(!(len % sizeof(uint32_t))); 249 250 pdata->nrisup = len / sizeof(uint32_t); 251 pdata->risup = calloc(pdata->nrisup, sizeof(*pdata->risup)); 252 if (!pdata->risup) 253 return TEE_ERROR_OUT_OF_MEMORY; 254 255 for (i = 0; i < pdata->nrisup; i++) { 256 uint32_t value = fdt32_to_cpu(conf_list[i]); 257 struct risup_cfg *risup = pdata->risup + i; 258 259 risup->id = _RIF_FLD_GET(RIF_PER_ID, value); 260 risup->sec = _RIF_FLD_GET(RIF_SEC, value) != 0; 261 risup->priv = _RIF_FLD_GET(RIF_PRIV, value) != 0; 262 risup->lock = _RIF_FLD_GET(RIF_LOCK, value) != 0; 263 risup->cid_attr = _RIF_FLD_GET(RIF_PERx_CID, value); 264 } 265 266 return TEE_SUCCESS; 267 } 268 269 static TEE_Result stm32_rifsc_dt_conf_rimu(const void *fdt, int node, 270 struct rifsc_platdata *pdata) 271 { 272 const fdt32_t *conf_list = NULL; 273 unsigned int i = 0; 274 int len = 0; 275 276 conf_list = fdt_getprop(fdt, node, "st,rimu", &len); 277 if (!conf_list) { 278 DMSG("No RIMU configuration in DT"); 279 return TEE_ERROR_ITEM_NOT_FOUND; 280 } 281 assert(!(len % sizeof(uint32_t))); 282 283 pdata->nrimu = len / sizeof(uint32_t); 284 pdata->rimu = calloc(pdata->nrimu, sizeof(*pdata->rimu)); 285 if (!pdata->rimu) 286 return TEE_ERROR_OUT_OF_MEMORY; 287 288 for (i = 0; i < pdata->nrimu; i++) { 289 uint32_t value = fdt32_to_cpu(*conf_list); 290 struct rimu_cfg *rimu = pdata->rimu + i; 291 292 rimu->id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, value) - 293 RIMU_ID_OFFSET; 294 rimu->attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, value); 295 } 296 297 return TEE_SUCCESS; 298 } 299 300 static TEE_Result stm32_rifsc_dt_conf_risal(const void *fdt, int node, 301 struct rifsc_platdata *pdata) 302 { 303 const fdt32_t *cuint = NULL; 304 int i = 0; 305 int len = 0; 306 307 cuint = fdt_getprop(fdt, node, "st,risal", &len); 308 if (!cuint) { 309 DMSG("No RISAL configuration in DT"); 310 pdata->nrisal = 0; 311 return TEE_ERROR_ITEM_NOT_FOUND; 312 } 313 314 len = len / sizeof(uint32_t); 315 316 pdata->nrisal = len; 317 pdata->risal = calloc(len, sizeof(*pdata->risal)); 318 if (!pdata->risal) 319 return TEE_ERROR_OUT_OF_MEMORY; 320 321 for (i = 0; i < len; i++) { 322 uint32_t value = fdt32_to_cpu(cuint[i]); 323 struct risal_cfg *risal = pdata->risal + i; 324 325 risal->id = _RIF_FLD_GET(RIFSC_RISAL_REG_ID, value); 326 risal->blockid = _RIF_FLD_GET(RIFSC_RISAL_BLOCK_ID, value); 327 risal->attr = _RIF_FLD_GET(RIFSC_RISAL_REGx_CFGR, value); 328 } 329 330 return TEE_SUCCESS; 331 } 332 333 static TEE_Result stm32_rifsc_parse_fdt(const void *fdt, int node, 334 struct rifsc_platdata *pdata) 335 { 336 TEE_Result res = TEE_ERROR_GENERIC; 337 struct io_pa_va base = { }; 338 size_t reg_size = 0; 339 340 if (fdt_reg_info(fdt, node, &base.pa, ®_size)) 341 return TEE_ERROR_BAD_PARAMETERS; 342 343 pdata->base = io_pa_or_va_secure(&base, reg_size); 344 345 res = stm32_rifsc_check_tdcid(&rifsc_pdata.is_tdcid); 346 if (res) 347 panic(); 348 349 res = stm32_rifsc_dt_conf_risup(fdt, node, pdata); 350 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 351 return res; 352 353 if (rifsc_pdata.is_tdcid) { 354 res = stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 355 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 356 return res; 357 358 if (IS_ENABLED(CFG_STM32MP25)) { 359 res = stm32_rifsc_dt_conf_risal(fdt, node, pdata); 360 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 361 return res; 362 } 363 } 364 365 return stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 366 } 367 368 static TEE_Result stm32_risup_cfg(struct rifsc_platdata *pdata, 369 struct risup_cfg *risup) 370 { 371 uintptr_t offset = sizeof(uint32_t) * (risup->id / _PERIPH_IDS_PER_REG); 372 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 373 struct rifsc_driver_data *drv_data = pdata->drv_data; 374 uint32_t shift = risup->id % _PERIPH_IDS_PER_REG; 375 TEE_Result res = TEE_ERROR_GENERIC; 376 377 if (!risup || risup->id >= drv_data->nb_risup) 378 return TEE_ERROR_BAD_PARAMETERS; 379 380 if (drv_data->sec_en) 381 io_clrsetbits32_stm32shregs(pdata->base + _RIFSC_RISC_SECCFGR0 + 382 offset, BIT(shift), 383 SHIFT_U32(risup->sec, shift)); 384 385 if (drv_data->priv_en) 386 io_clrsetbits32_stm32shregs(pdata->base + 387 _RIFSC_RISC_PRIVCFGR0 + offset, 388 BIT(shift), 389 SHIFT_U32(risup->priv, shift)); 390 391 if (rifsc_pdata.is_tdcid) { 392 if (drv_data->rif_en) 393 io_write32(pdata->base + _RIFSC_RISC_PER0_CIDCFGR + 394 cidcfgr_offset, risup->cid_attr); 395 396 /* Lock configuration for this RISUP */ 397 if (risup->lock) { 398 DMSG("Locking RIF conf for peripheral ID: %"PRIu32, 399 risup->id); 400 io_setbits32_stm32shregs(pdata->base + 401 _RIFSC_RISC_RCFGLOCKR0 + 402 offset, BIT(shift)); 403 } 404 } 405 406 /* Take semaphore if the resource is in semaphore mode and secured */ 407 if (stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, RIF_CID1)) { 408 if (!(io_read32(pdata->base + _RIFSC_RISC_SECCFGR0 + offset) & 409 BIT(shift))) { 410 res = 411 stm32_rif_release_semaphore(pdata->base + 412 _RIFSC_RISC_PER0_SEMCR + 413 cidcfgr_offset, 414 MAX_CID_SUPPORTED); 415 if (res) { 416 EMSG("Couldn't release semaphore for resource %"PRIu32, 417 risup->id); 418 return TEE_ERROR_ACCESS_DENIED; 419 } 420 } else { 421 res = 422 stm32_rif_acquire_semaphore(pdata->base + 423 _RIFSC_RISC_PER0_SEMCR + 424 cidcfgr_offset, 425 MAX_CID_SUPPORTED); 426 if (res) { 427 EMSG("Couldn't acquire semaphore for resource %"PRIu32, 428 risup->id); 429 return TEE_ERROR_ACCESS_DENIED; 430 } 431 } 432 } 433 434 return TEE_SUCCESS; 435 } 436 437 static TEE_Result stm32_risup_setup(struct rifsc_platdata *pdata) 438 { 439 struct rifsc_driver_data *drv_data = pdata->drv_data; 440 TEE_Result res = TEE_ERROR_GENERIC; 441 unsigned int i = 0; 442 443 for (i = 0; i < pdata->nrisup && i < drv_data->nb_risup; i++) { 444 struct risup_cfg *risup = pdata->risup + i; 445 446 res = stm32_risup_cfg(pdata, risup); 447 if (res) { 448 EMSG("risup cfg(%d/%d) error", i + 1, pdata->nrisup); 449 return res; 450 } 451 } 452 453 return TEE_SUCCESS; 454 } 455 456 static TEE_Result stm32_rimu_cfg(struct rifsc_platdata *pdata, 457 struct rimu_cfg *rimu) 458 { 459 uintptr_t offset = _RIFSC_RIMC_ATTR0 + (sizeof(uint32_t) * rimu->id); 460 struct rifsc_driver_data *drv_data = pdata->drv_data; 461 462 if (!rimu || rimu->id >= drv_data->nb_rimu) 463 return TEE_ERROR_BAD_PARAMETERS; 464 465 if (drv_data->rif_en) 466 io_write32(pdata->base + offset, rimu->attr); 467 468 return TEE_SUCCESS; 469 } 470 471 static TEE_Result stm32_rimu_setup(struct rifsc_platdata *pdata) 472 { 473 struct rifsc_driver_data *drv_data = pdata->drv_data; 474 TEE_Result res = TEE_ERROR_GENERIC; 475 unsigned int i = 0; 476 477 for (i = 0; i < pdata->nrimu && i < drv_data->nb_rimu; i++) { 478 struct rimu_cfg *rimu = pdata->rimu + i; 479 480 res = stm32_rimu_cfg(pdata, rimu); 481 if (res) { 482 EMSG("rimu cfg(%d/%d) error", i + 1, pdata->nrimu); 483 return res; 484 } 485 } 486 487 return TEE_SUCCESS; 488 } 489 490 static TEE_Result stm32_risal_cfg(struct rifsc_platdata *pdata, 491 struct risal_cfg *risal) 492 { 493 struct rifsc_driver_data *drv_data = pdata->drv_data; 494 495 if (!risal || risal->id > drv_data->nb_risal) 496 return TEE_ERROR_BAD_PARAMETERS; 497 498 if (drv_data->rif_en) { 499 uintptr_t offset_a = _RIFSC_RISAL_CFGR0_A(risal->id); 500 uintptr_t offset_b = _RIFSC_RISAL_CFGR0_B(risal->id); 501 502 if (risal->blockid == RIFSC_RISAL_BLOCK_A) 503 io_write32(pdata->base + offset_a, risal->attr); 504 if (risal->blockid == RIFSC_RISAL_BLOCK_B) 505 io_write32(pdata->base + offset_b, risal->attr); 506 } 507 508 return TEE_SUCCESS; 509 } 510 511 static TEE_Result stm32_risal_setup(struct rifsc_platdata *pdata) 512 { 513 unsigned int i = 0; 514 TEE_Result res = TEE_ERROR_GENERIC; 515 516 for (i = 0; i < pdata->nrisal; i++) { 517 struct risal_cfg *risal = pdata->risal + i; 518 519 res = stm32_risal_cfg(pdata, risal); 520 if (res) { 521 EMSG("risal cfg(%u/%u) error", i + 1, pdata->nrisal); 522 return res; 523 } 524 } 525 526 return TEE_SUCCESS; 527 } 528 529 static TEE_Result stm32_rifsc_check_access(struct firewall_query *firewall) 530 { 531 uintptr_t rifsc_base = rifsc_pdata.base; 532 unsigned int cid_reg_offset = 0; 533 unsigned int periph_offset = 0; 534 unsigned int resource_id = 0; 535 uint32_t cid_to_check = 0; 536 unsigned int reg_id = 0; 537 bool priv_check = true; 538 bool sec_check = true; 539 uint32_t privcfgr = 0; 540 uint32_t seccfgr = 0; 541 uint32_t cidcfgr = 0; 542 543 assert(rifsc_base); 544 545 if (!firewall || firewall->arg_count != 1) 546 return TEE_ERROR_BAD_PARAMETERS; 547 548 /* 549 * Peripheral configuration, we assume the configuration is as 550 * follows: 551 * firewall->args[0]: RIF configuration to check 552 */ 553 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 554 if (resource_id >= RIMU_ID_OFFSET) 555 return TEE_SUCCESS; 556 557 reg_id = resource_id / _PERIPH_IDS_PER_REG; 558 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 559 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 560 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 561 cid_reg_offset); 562 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 563 privcfgr = io_read32(rifsc_base + _RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 564 sec_check = (BIT(RIF_SEC_SHIFT) & firewall->args[0]) != 0; 565 priv_check = (BIT(RIF_PRIV_SHIFT) & firewall->args[0]) != 0; 566 cid_to_check = (firewall->args[0] & RIF_SCID_MASK) >> RIF_SCID_SHIFT; 567 568 if (!sec_check && seccfgr & BIT(periph_offset)) 569 return TEE_ERROR_ACCESS_DENIED; 570 571 if (!priv_check && (privcfgr & BIT(periph_offset))) 572 return TEE_ERROR_ACCESS_DENIED; 573 574 if (!(cidcfgr & _CIDCFGR_CFEN)) 575 return TEE_SUCCESS; 576 577 if ((cidcfgr & _CIDCFGR_SEMEN && 578 !stm32_rif_semaphore_enabled_and_ok(cidcfgr, cid_to_check)) || 579 (!(cidcfgr & _CIDCFGR_SEMEN) && 580 !stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, 581 cid_to_check))) 582 return TEE_ERROR_BAD_PARAMETERS; 583 584 return TEE_SUCCESS; 585 } 586 587 static TEE_Result stm32_rifsc_acquire_access(struct firewall_query *firewall) 588 { 589 uintptr_t rifsc_base = rifsc_pdata.base; 590 unsigned int cid_reg_offset = 0; 591 unsigned int periph_offset = 0; 592 unsigned int resource_id = 0; 593 unsigned int reg_id = 0; 594 uint32_t cidcfgr = 0; 595 uint32_t seccfgr = 0; 596 597 assert(rifsc_base); 598 599 if (!firewall || !firewall->arg_count) 600 return TEE_ERROR_BAD_PARAMETERS; 601 602 /* 603 * Peripheral configuration, we assume the configuration is as 604 * follows: 605 * firewall->args[0]: Firewall ID of the resource to acquire 606 */ 607 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 608 if (resource_id >= RIMU_ID_OFFSET) 609 return TEE_SUCCESS; 610 611 reg_id = resource_id / _PERIPH_IDS_PER_REG; 612 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 613 614 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 615 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 616 cid_reg_offset); 617 618 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 619 if (!(seccfgr & BIT(periph_offset))) 620 return TEE_ERROR_ACCESS_DENIED; 621 622 /* Only check CID attributes */ 623 if (!(cidcfgr & _CIDCFGR_CFEN)) 624 return TEE_SUCCESS; 625 626 if (cidcfgr & _CIDCFGR_SEMEN) { 627 if (!stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 628 return TEE_ERROR_BAD_PARAMETERS; 629 630 /* Take the semaphore, static CID is irrelevant here */ 631 return stm32_rif_acquire_semaphore(rifsc_base + 632 _RIFSC_RISC_PER0_SEMCR + 633 cid_reg_offset, 634 MAX_CID_SUPPORTED); 635 } 636 637 if (!stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, RIF_CID1)) 638 return TEE_ERROR_ACCESS_DENIED; 639 640 return TEE_SUCCESS; 641 } 642 643 static TEE_Result stm32_rifsc_set_config(struct firewall_query *firewall) 644 { 645 struct rimu_cfg rimu = { }; 646 unsigned int id = 0; 647 uint32_t conf = 0; 648 649 if (!firewall || firewall->arg_count != 1) 650 return TEE_ERROR_BAD_PARAMETERS; 651 652 /* 653 * Peripheral configuration, we assume the configuration is as 654 * follows: 655 * firewall->args[0]: RIF configuration to set 656 */ 657 id = firewall->args[0] & RIF_PER_ID_MASK; 658 conf = firewall->args[0]; 659 660 if (id < RIMU_ID_OFFSET) { 661 struct risup_cfg risup = { }; 662 uint32_t cidcfgr = 0; 663 664 risup.id = id; 665 risup.sec = (BIT(RIF_SEC_SHIFT) & conf) != 0; 666 risup.priv = (BIT(RIF_PRIV_SHIFT) & conf) != 0; 667 risup.lock = (BIT(RIF_LOCK_SHIFT) & conf) != 0; 668 risup.cid_attr = _RIF_FLD_GET(RIF_PERx_CID, conf); 669 670 if (!rifsc_pdata.is_tdcid) { 671 cidcfgr = io_read32(rifsc_pdata.base + 672 _OFFSET_PERX_CIDCFGR * risup.id + 673 _RIFSC_RISC_PER0_CIDCFGR); 674 675 if (cidcfgr != risup.cid_attr) 676 return TEE_ERROR_BAD_PARAMETERS; 677 } 678 679 DMSG("Setting config for peripheral: %u, %s, %s, cid attr: %#"PRIx32", %s", 680 id, risup.sec ? "Secure" : "Non secure", 681 risup.priv ? "Privileged" : "Non privileged", 682 risup.cid_attr, risup.lock ? "Locked" : "Unlocked"); 683 684 return stm32_risup_cfg(&rifsc_pdata, &risup); 685 } 686 687 if (!rifsc_pdata.is_tdcid) 688 return TEE_ERROR_ACCESS_DENIED; 689 690 rimu.id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, conf) - RIMU_ID_OFFSET; 691 rimu.attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, conf); 692 693 return stm32_rimu_cfg(&rifsc_pdata, &rimu); 694 } 695 696 static void stm32_rifsc_release_access(struct firewall_query *firewall) 697 { 698 uintptr_t rifsc_base = rifsc_pdata.base; 699 uint32_t cidcfgr = 0; 700 uint32_t id = 0; 701 702 assert(rifsc_base && firewall && firewall->arg_count); 703 704 id = firewall->args[0]; 705 706 if (id >= RIMU_ID_OFFSET) 707 return; 708 709 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 710 _OFFSET_PERX_CIDCFGR * id); 711 712 /* Only thing possible is to release a semaphore taken by OP-TEE CID */ 713 if (stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 714 if (stm32_rif_release_semaphore(rifsc_base + 715 _RIFSC_RISC_PER0_SEMCR + 716 id * _OFFSET_PERX_CIDCFGR, 717 MAX_CID_SUPPORTED)) 718 panic("Could not release the RIF semaphore"); 719 } 720 721 static TEE_Result stm32_rifsc_sem_pm_suspend(void) 722 { 723 unsigned int i = 0; 724 725 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 726 uint32_t semcfgr = io_read32(rifsc_pdata.base + 727 _RIFSC_RISC_PER0_SEMCR + 728 _OFFSET_PERX_CIDCFGR * i); 729 struct risup_cfg *risup = rifsc_pdata.risup + i; 730 731 /* Save semaphores that were taken by the CID1 */ 732 risup->pm_sem = semcfgr & _SEMCR_MUTEX && 733 ((semcfgr & _SEMCR_SEMCID_MASK) >> 734 _SEMCR_SEMCID_SHIFT) == RIF_CID1; 735 736 FMSG("RIF semaphore %s for ID: %"PRIu32, 737 risup->pm_sem ? "SAVED" : "NOT SAVED", risup->id); 738 } 739 740 return TEE_SUCCESS; 741 } 742 743 static TEE_Result stm32_rifsc_sem_pm_resume(void) 744 { 745 TEE_Result res = TEE_ERROR_GENERIC; 746 unsigned int i = 0; 747 748 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 749 struct risup_cfg *risup = rifsc_pdata.risup + i; 750 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 751 uintptr_t offset = sizeof(uint32_t) * 752 (risup->id / _PERIPH_IDS_PER_REG); 753 uintptr_t perih_offset = risup->id % _PERIPH_IDS_PER_REG; 754 uint32_t seccgfr = io_read32(rifsc_pdata.base + 755 _RIFSC_RISC_SECCFGR0 + offset); 756 uint32_t privcgfr = io_read32(rifsc_pdata.base + 757 _RIFSC_RISC_PRIVCFGR0 + offset); 758 uint32_t lockcfgr = io_read32(rifsc_pdata.base + 759 _RIFSC_RISC_RCFGLOCKR0 + offset); 760 761 /* Update RISUPs fields */ 762 risup->cid_attr = io_read32(rifsc_pdata.base + 763 _RIFSC_RISC_PER0_CIDCFGR + 764 cidcfgr_offset); 765 risup->sec = (seccgfr & BIT(perih_offset)) != 0; 766 risup->priv = (privcgfr & BIT(perih_offset)) != 0; 767 risup->lock = (lockcfgr & BIT(perih_offset)) != 0; 768 769 /* Acquire available appropriate semaphores */ 770 if (!stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, 771 RIF_CID1) || 772 !risup->pm_sem) 773 continue; 774 775 res = stm32_rif_acquire_semaphore(rifsc_pdata.base + 776 _RIFSC_RISC_PER0_SEMCR + 777 cidcfgr_offset, 778 MAX_CID_SUPPORTED); 779 if (res) { 780 EMSG("Could not acquire semaphore for resource %"PRIu32, 781 risup->id); 782 return TEE_ERROR_ACCESS_DENIED; 783 } 784 } 785 786 return TEE_SUCCESS; 787 } 788 789 static TEE_Result 790 stm32_rifsc_sem_pm(enum pm_op op, unsigned int pm_hint, 791 const struct pm_callback_handle *pm_handle __unused) 792 { 793 TEE_Result res = TEE_ERROR_GENERIC; 794 795 if (pm_hint != PM_HINT_CONTEXT_STATE) 796 return TEE_SUCCESS; 797 798 if (op == PM_OP_RESUME) 799 res = stm32_rifsc_sem_pm_resume(); 800 else 801 res = stm32_rifsc_sem_pm_suspend(); 802 803 return res; 804 } 805 806 TEE_Result stm32_rifsc_check_tdcid(bool *tdcid_state) 807 { 808 if (!rifsc_pdata.base) 809 return TEE_ERROR_DEFER_DRIVER_INIT; 810 811 if (((io_read32(rifsc_pdata.base + _RIFSC_RIMC_CR) & 812 _RIFSC_RIMC_CR_TDCID_MASK)) == (RIF_CID1 << _CIDCFGR_SCID_SHIFT)) 813 *tdcid_state = true; 814 else 815 *tdcid_state = false; 816 817 return TEE_SUCCESS; 818 } 819 820 static const struct firewall_controller_ops firewall_ops = { 821 .set_conf = stm32_rifsc_set_config, 822 .check_access = stm32_rifsc_check_access, 823 .acquire_access = stm32_rifsc_acquire_access, 824 .release_access = stm32_rifsc_release_access, 825 }; 826 827 /** 828 * stm32_rifsc_dt_probe_bus() - Add bus device tree subnodes that are accessible 829 * by OP-TEE and secure to the driver probe list. This is used at boot time 830 * only, as a sanity check between device tree and firewalls hardware 831 * configurations to prevent undesired accesses when access to a device is not 832 * authorized. This function tries to acquire access to every resource entries 833 * listed in the access-controllers property of each of the subnodes. It panics 834 * if it fails to do so. When CFG_INSECURE is enabled, platform can bypass this 835 * access control test for specific devices assigned to non-secure world and 836 * used by OP-TEE, such as an UART console device. 837 * 838 * @fdt: FDT to work on 839 * @node: RIFSC node 840 * @ctrl: RIFSC firewall controller reference 841 */ 842 static TEE_Result 843 stm32_rifsc_dt_probe_bus(const void *fdt, int node, 844 struct firewall_controller *ctrl __maybe_unused) 845 { 846 TEE_Result res = TEE_ERROR_GENERIC; 847 struct firewall_query *fw = NULL; 848 int subnode = 0; 849 850 DMSG("Populating %s firewall bus", ctrl->name); 851 852 fdt_for_each_subnode(subnode, fdt, node) { 853 unsigned int i = 0; 854 855 if (fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 856 continue; 857 858 if (IS_ENABLED(CFG_INSECURE) && 859 stm32mp_allow_probe_shared_device(fdt, subnode)) { 860 DMSG("Skipping firewall attributes check for %s", 861 fdt_get_name(fdt, subnode, NULL)); 862 goto skip_check; 863 } 864 865 DMSG("Acquiring firewall access for %s when probing bus", 866 fdt_get_name(fdt, subnode, NULL)); 867 868 do { 869 /* 870 * The access-controllers property is mandatory for 871 * firewall bus devices 872 */ 873 res = firewall_dt_get_by_index(fdt, subnode, i, &fw); 874 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 875 /* Stop when nothing more to parse */ 876 break; 877 } else if (res) { 878 EMSG("%s: Error on node %s: %#"PRIx32, 879 ctrl->name, 880 fdt_get_name(fdt, subnode, NULL), res); 881 panic(); 882 } 883 884 res = firewall_acquire_access(fw); 885 if (res) { 886 EMSG("%s: %s not accessible: %#"PRIx32, 887 ctrl->name, 888 fdt_get_name(fdt, subnode, NULL), res); 889 panic(); 890 } 891 892 firewall_put(fw); 893 i++; 894 } while (true); 895 896 skip_check: 897 res = dt_driver_maybe_add_probe_node(fdt, subnode); 898 if (res) { 899 EMSG("Failed on node %s with %#"PRIx32, 900 fdt_get_name(fdt, subnode, NULL), res); 901 panic(); 902 } 903 } 904 905 return TEE_SUCCESS; 906 } 907 908 static TEE_Result stm32_rifsc_probe(const void *fdt, int node, 909 const void *compat_data __unused) 910 { 911 struct firewall_controller *controller = NULL; 912 TEE_Result res = TEE_ERROR_GENERIC; 913 914 res = stm32_rifsc_parse_fdt(fdt, node, &rifsc_pdata); 915 if (res) { 916 EMSG("Could not parse RIFSC node, res = %#"PRIx32, res); 917 panic(); 918 } 919 920 if (!rifsc_pdata.drv_data) 921 stm32_rifsc_get_driverdata(&rifsc_pdata); 922 923 res = stm32_risup_setup(&rifsc_pdata); 924 if (res) { 925 EMSG("Could not setup RISUPs, res = %#"PRIx32, res); 926 panic(); 927 } 928 929 if (rifsc_pdata.is_tdcid) { 930 res = stm32_rimu_setup(&rifsc_pdata); 931 if (res) { 932 EMSG("Could not setup RIMUs, res = %#"PRIx32, res); 933 panic(); 934 } 935 936 if (IS_ENABLED(CFG_STM32MP25)) { 937 res = stm32_risal_setup(&rifsc_pdata); 938 if (res) 939 panic(); 940 } 941 } 942 943 res = stm32_rifsc_glock_config(fdt, node, &rifsc_pdata); 944 if (res) 945 panic("Couldn't lock RIFSC configuration"); 946 947 controller = calloc(1, sizeof(*controller)); 948 if (!controller) 949 panic(); 950 951 controller->name = "RIFSC"; 952 controller->priv = &rifsc_pdata; 953 controller->ops = &firewall_ops; 954 955 res = firewall_dt_controller_register(fdt, node, controller); 956 if (res) 957 panic(); 958 959 res = stm32_rifsc_dt_probe_bus(fdt, node, controller); 960 if (res) 961 panic(); 962 963 register_pm_core_service_cb(stm32_rifsc_sem_pm, NULL, 964 "stm32-rifsc-semaphores"); 965 966 return TEE_SUCCESS; 967 } 968 969 static const struct dt_device_match rifsc_match_table[] = { 970 { .compatible = "st,stm32mp25-rifsc" }, 971 { } 972 }; 973 974 DEFINE_DT_DRIVER(rifsc_dt_driver) = { 975 .name = "stm32-rifsc", 976 .match_table = rifsc_match_table, 977 .probe = stm32_rifsc_probe, 978 }; 979