1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2024, STMicroelectronics 4 */ 5 6 #include <drivers/firewall.h> 7 #include <drivers/stm32_rif.h> 8 #include <drivers/stm32_shared_io.h> 9 #include <drivers/stm32mp_dt_bindings.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/dt.h> 13 #include <kernel/dt_driver.h> 14 #include <kernel/panic.h> 15 #include <kernel/pm.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <stm32_util.h> 19 #include <tee_api_defines.h> 20 #include <trace.h> 21 #include <util.h> 22 23 /* RIFSC offset register */ 24 #define _RIFSC_RISC_SECCFGR0 U(0x10) 25 #define _RIFSC_RISC_PRIVCFGR0 U(0x30) 26 #define _RIFSC_RISC_RCFGLOCKR0 U(0x50) 27 #define _RIFSC_RISC_PER0_CIDCFGR U(0x100) 28 #define _RIFSC_RISC_PER0_SEMCR U(0x104) 29 #define _RIFSC_RIMC_CR U(0xC00) 30 #define _RIFSC_RIMC_ATTR0 U(0xC10) 31 32 #define _RIFSC_HWCFGR3 U(0xFE8) 33 #define _RIFSC_HWCFGR2 U(0xFEC) 34 #define _RIFSC_HWCFGR1 U(0xFF0) 35 #define _RIFSC_VERR U(0xFF4) 36 37 /* RIFSC_HWCFGR2 register fields */ 38 #define _RIFSC_HWCFGR2_CFG1_MASK GENMASK_32(15, 0) 39 #define _RIFSC_HWCFGR2_CFG1_SHIFT U(0) 40 #define _RIFSC_HWCFGR2_CFG2_MASK GENMASK_32(23, 16) 41 #define _RIFSC_HWCFGR2_CFG2_SHIFT U(16) 42 #define _RIFSC_HWCFGR2_CFG3_MASK GENMASK_32(31, 24) 43 #define _RIFSC_HWCFGR2_CFG3_SHIFT U(24) 44 45 /* RIFSC_HWCFGR1 register fields */ 46 #define _RIFSC_HWCFGR1_CFG1_MASK GENMASK_32(3, 0) 47 #define _RIFSC_HWCFGR1_CFG1_SHIFT U(0) 48 #define _RIFSC_HWCFGR1_CFG2_MASK GENMASK_32(7, 4) 49 #define _RIFSC_HWCFGR1_CFG2_SHIFT U(4) 50 #define _RIFSC_HWCFGR1_CFG3_MASK GENMASK_32(11, 8) 51 #define _RIFSC_HWCFGR1_CFG3_SHIFT U(8) 52 #define _RIFSC_HWCFGR1_CFG4_MASK GENMASK_32(15, 12) 53 #define _RIFSC_HWCFGR1_CFG4_SHIFT U(12) 54 #define _RIFSC_HWCFGR1_CFG5_MASK GENMASK_32(19, 16) 55 #define _RIFSC_HWCFGR1_CFG5_SHIFT U(16) 56 #define _RIFSC_HWCFGR1_CFG6_MASK GENMASK_32(23, 20) 57 #define _RIFSC_HWCFGR1_CFG6_SHIFT U(20) 58 59 /* 60 * RISC_CR register fields 61 */ 62 #define _RIFSC_RISC_CR_GLOCK BIT(0) 63 64 /* 65 * RIMC_CR register fields 66 */ 67 #define _RIFSC_RIMC_CR_GLOCK BIT(0) 68 #define _RIFSC_RIMC_CR_TDCID_MASK GENMASK_32(6, 4) 69 70 /* RIFSC_VERR register fields */ 71 #define _RIFSC_VERR_MINREV_MASK GENMASK_32(3, 0) 72 #define _RIFSC_VERR_MINREV_SHIFT U(0) 73 #define _RIFSC_VERR_MAJREV_MASK GENMASK_32(7, 4) 74 #define _RIFSC_VERR_MAJREV_SHIFT U(4) 75 76 /* Periph id per register */ 77 #define _PERIPH_IDS_PER_REG U(32) 78 #define _OFFSET_PERX_CIDCFGR U(0x8) 79 80 #define RIFSC_RISC_CIDCFGR_CFEN_MASK BIT(0) 81 #define RIFSC_RISC_CIDCFGR_CFEN_SHIFT U(0) 82 #define RIFSC_RISC_CIDCFGR_SEM_EN_MASK BIT(1) 83 #define RIFSC_RISC_CIDCFGR_SEM_EN_SHIFT U(1) 84 #define RIFSC_RISC_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 85 #define RIFSC_RISC_CIDCFGR_SCID_SHIFT U(4) 86 #define RIFSC_RISC_CIDCFGR_LOCK_MASK BIT(10) 87 #define RIFSC_RISC_CIDCFGR_LOCK_SHIFT U(10) 88 #define RIFSC_RISC_CIDCFGR_SEML_MASK GENMASK_32(23, 16) 89 #define RIFSC_RISC_CIDCFGR_SEML_SHIFT U(16) 90 91 #define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CIDCFGR_CFEN_MASK | \ 92 RIFSC_RISC_CIDCFGR_SEM_EN_MASK | \ 93 RIFSC_RISC_CIDCFGR_SCID_MASK | \ 94 RIFSC_RISC_CIDCFGR_SCID_SHIFT) 95 96 #define RIFSC_RISC_PERx_CID_SHIFT U(0) 97 98 #define RIFSC_RIMC_MODE_MASK BIT(2) 99 #define RIFSC_RIMC_MCID_MASK GENMASK_32(6, 4) 100 #define RIFSC_RIMC_MSEC_MASK BIT(8) 101 #define RIFSC_RIMC_MPRIV_MASK BIT(9) 102 #define RIFSC_RIMC_M_ID_MASK GENMASK_32(23, 16) 103 104 #define RIFSC_RIMC_ATTRx_MASK (RIFSC_RIMC_MODE_MASK | \ 105 RIFSC_RIMC_MCID_MASK | \ 106 RIFSC_RIMC_MSEC_MASK | \ 107 RIFSC_RIMC_MPRIV_MASK) 108 109 /* max entries */ 110 #define MAX_RIMU U(16) 111 #define MAX_RISUP U(128) 112 113 #define _RIF_FLD_GET(field, value) (((uint32_t)(value) & \ 114 (field ## _MASK)) >>\ 115 (field ## _SHIFT)) 116 117 struct risup_cfg { 118 uint32_t cid_attr; 119 uint32_t id; 120 bool sec; 121 bool priv; 122 bool lock; 123 bool pm_sem; 124 }; 125 126 struct rimu_cfg { 127 uint32_t id; 128 uint32_t attr; 129 }; 130 131 struct rifsc_driver_data { 132 bool rif_en; 133 bool sec_en; 134 bool priv_en; 135 uint8_t nb_rimu; 136 uint8_t nb_risup; 137 uint8_t nb_risal; 138 uint8_t version; 139 }; 140 141 struct rifsc_platdata { 142 uintptr_t base; 143 struct rifsc_driver_data *drv_data; 144 struct risup_cfg *risup; 145 unsigned int nrisup; 146 struct rimu_cfg *rimu; 147 unsigned int nrimu; 148 bool is_tdcid; 149 }; 150 151 /* There is only 1 instance of the RIFSC subsystem */ 152 static struct rifsc_driver_data rifsc_drvdata; 153 static struct rifsc_platdata rifsc_pdata; 154 155 static void stm32_rifsc_get_driverdata(struct rifsc_platdata *pdata) 156 { 157 uint32_t regval = 0; 158 159 regval = io_read32(pdata->base + _RIFSC_HWCFGR1); 160 rifsc_drvdata.rif_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG1, regval) != 0; 161 rifsc_drvdata.sec_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG2, regval) != 0; 162 rifsc_drvdata.priv_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG3, regval) != 0; 163 164 regval = io_read32(pdata->base + _RIFSC_HWCFGR2); 165 rifsc_drvdata.nb_risup = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG1, regval); 166 rifsc_drvdata.nb_rimu = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG2, regval); 167 rifsc_drvdata.nb_risal = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG3, regval); 168 169 pdata->drv_data = &rifsc_drvdata; 170 171 rifsc_drvdata.version = io_read8(pdata->base + _RIFSC_VERR); 172 173 DMSG("RIFSC version %"PRIu32".%"PRIu32, 174 _RIF_FLD_GET(_RIFSC_VERR_MAJREV, rifsc_drvdata.version), 175 _RIF_FLD_GET(_RIFSC_VERR_MINREV, rifsc_drvdata.version)); 176 177 DMSG("HW cap: enabled[rif:sec:priv]:[%s:%s:%s] nb[risup|rimu|risal]:[%"PRIu8",%"PRIu8",%"PRIu8"]", 178 rifsc_drvdata.rif_en ? "true" : "false", 179 rifsc_drvdata.sec_en ? "true" : "false", 180 rifsc_drvdata.priv_en ? "true" : "false", 181 rifsc_drvdata.nb_risup, 182 rifsc_drvdata.nb_rimu, 183 rifsc_drvdata.nb_risal); 184 } 185 186 static TEE_Result stm32_rifsc_glock_config(const void *fdt, int node, 187 struct rifsc_platdata *pdata) 188 { 189 const fdt32_t *cuint = NULL; 190 uint32_t glock_conf = 0; 191 int len = 0; 192 193 cuint = fdt_getprop(fdt, node, "st,glocked", &len); 194 if (!cuint) { 195 DMSG("No global lock on RIF configuration"); 196 return TEE_SUCCESS; 197 } 198 assert(len == sizeof(uint32_t)); 199 200 glock_conf = fdt32_to_cpu(*cuint); 201 202 if (glock_conf & RIFSC_RIMU_GLOCK) { 203 DMSG("Setting global lock on RIMU configuration"); 204 205 io_setbits32(pdata->base + _RIFSC_RIMC_CR, 206 _RIFSC_RIMC_CR_GLOCK); 207 208 if (!(io_read32(pdata->base + _RIFSC_RIMC_CR) & 209 _RIFSC_RIMC_CR_GLOCK)) 210 return TEE_ERROR_ACCESS_DENIED; 211 } 212 213 if (glock_conf & RIFSC_RISUP_GLOCK) { 214 DMSG("Setting global lock on RISUP configuration"); 215 216 io_setbits32(pdata->base, _RIFSC_RISC_CR_GLOCK); 217 218 if (!(io_read32(pdata->base) & _RIFSC_RISC_CR_GLOCK)) 219 return TEE_ERROR_ACCESS_DENIED; 220 } 221 222 return TEE_SUCCESS; 223 } 224 225 static TEE_Result stm32_rifsc_dt_conf_risup(const void *fdt, int node, 226 struct rifsc_platdata *pdata) 227 { 228 const fdt32_t *conf_list = NULL; 229 unsigned int i = 0; 230 int len = 0; 231 232 conf_list = fdt_getprop(fdt, node, "st,protreg", &len); 233 if (!conf_list) { 234 DMSG("No RISUP configuration in DT"); 235 return TEE_ERROR_ITEM_NOT_FOUND; 236 } 237 assert(!(len % sizeof(uint32_t))); 238 239 pdata->nrisup = len / sizeof(uint32_t); 240 pdata->risup = calloc(pdata->nrisup, sizeof(*pdata->risup)); 241 if (!pdata->risup) 242 return TEE_ERROR_OUT_OF_MEMORY; 243 244 for (i = 0; i < pdata->nrisup; i++) { 245 uint32_t value = fdt32_to_cpu(conf_list[i]); 246 struct risup_cfg *risup = pdata->risup + i; 247 248 risup->id = _RIF_FLD_GET(RIF_PER_ID, value); 249 risup->sec = _RIF_FLD_GET(RIF_SEC, value) != 0; 250 risup->priv = _RIF_FLD_GET(RIF_PRIV, value) != 0; 251 risup->lock = _RIF_FLD_GET(RIF_LOCK, value) != 0; 252 risup->cid_attr = _RIF_FLD_GET(RIF_PERx_CID, value); 253 } 254 255 return TEE_SUCCESS; 256 } 257 258 static TEE_Result stm32_rifsc_dt_conf_rimu(const void *fdt, int node, 259 struct rifsc_platdata *pdata) 260 { 261 const fdt32_t *conf_list = NULL; 262 unsigned int i = 0; 263 int len = 0; 264 265 conf_list = fdt_getprop(fdt, node, "st,rimu", &len); 266 if (!conf_list) { 267 DMSG("No RIMU configuration in DT"); 268 return TEE_ERROR_ITEM_NOT_FOUND; 269 } 270 assert(!(len % sizeof(uint32_t))); 271 272 pdata->nrimu = len / sizeof(uint32_t); 273 pdata->rimu = calloc(pdata->nrimu, sizeof(*pdata->rimu)); 274 if (!pdata->rimu) 275 return TEE_ERROR_OUT_OF_MEMORY; 276 277 for (i = 0; i < pdata->nrimu; i++) { 278 uint32_t value = fdt32_to_cpu(*conf_list); 279 struct rimu_cfg *rimu = pdata->rimu + i; 280 281 rimu->id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, value) - 282 RIMU_ID_OFFSET; 283 rimu->attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, value); 284 } 285 286 return TEE_SUCCESS; 287 } 288 289 static TEE_Result stm32_rifsc_parse_fdt(const void *fdt, int node, 290 struct rifsc_platdata *pdata) 291 { 292 TEE_Result res = TEE_ERROR_GENERIC; 293 struct io_pa_va base = { }; 294 size_t reg_size = 0; 295 296 if (fdt_reg_info(fdt, node, &base.pa, ®_size)) 297 return TEE_ERROR_BAD_PARAMETERS; 298 299 pdata->base = io_pa_or_va_secure(&base, reg_size); 300 301 res = stm32_rifsc_check_tdcid(&rifsc_pdata.is_tdcid); 302 if (res) 303 panic(); 304 305 res = stm32_rifsc_dt_conf_risup(fdt, node, pdata); 306 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 307 return res; 308 309 if (rifsc_pdata.is_tdcid) { 310 res = stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 311 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 312 return res; 313 } 314 315 return stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 316 } 317 318 static TEE_Result stm32_risup_cfg(struct rifsc_platdata *pdata, 319 struct risup_cfg *risup) 320 { 321 uintptr_t offset = sizeof(uint32_t) * (risup->id / _PERIPH_IDS_PER_REG); 322 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 323 struct rifsc_driver_data *drv_data = pdata->drv_data; 324 uint32_t shift = risup->id % _PERIPH_IDS_PER_REG; 325 TEE_Result res = TEE_ERROR_GENERIC; 326 327 if (!risup || risup->id >= drv_data->nb_risup) 328 return TEE_ERROR_BAD_PARAMETERS; 329 330 if (drv_data->sec_en) 331 io_clrsetbits32_stm32shregs(pdata->base + _RIFSC_RISC_SECCFGR0 + 332 offset, BIT(shift), 333 SHIFT_U32(risup->sec, shift)); 334 335 if (drv_data->priv_en) 336 io_clrsetbits32_stm32shregs(pdata->base + 337 _RIFSC_RISC_PRIVCFGR0 + offset, 338 BIT(shift), 339 SHIFT_U32(risup->priv, shift)); 340 341 if (rifsc_pdata.is_tdcid) { 342 if (drv_data->rif_en) 343 io_write32(pdata->base + _RIFSC_RISC_PER0_CIDCFGR + 344 cidcfgr_offset, risup->cid_attr); 345 346 /* Lock configuration for this RISUP */ 347 if (risup->lock) { 348 DMSG("Locking RIF conf for peripheral ID: %"PRIu32, 349 risup->id); 350 io_setbits32_stm32shregs(pdata->base + 351 _RIFSC_RISC_RCFGLOCKR0 + 352 offset, BIT(shift)); 353 } 354 } 355 356 /* Take semaphore if the resource is in semaphore mode and secured */ 357 if (stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, RIF_CID1)) { 358 if (!(io_read32(pdata->base + _RIFSC_RISC_SECCFGR0 + offset) & 359 BIT(shift))) { 360 res = 361 stm32_rif_release_semaphore(pdata->base + 362 _RIFSC_RISC_PER0_SEMCR + 363 cidcfgr_offset, 364 MAX_CID_SUPPORTED); 365 if (res) { 366 EMSG("Couldn't release semaphore for resource %"PRIu32, 367 risup->id); 368 return TEE_ERROR_ACCESS_DENIED; 369 } 370 } else { 371 res = 372 stm32_rif_acquire_semaphore(pdata->base + 373 _RIFSC_RISC_PER0_SEMCR + 374 cidcfgr_offset, 375 MAX_CID_SUPPORTED); 376 if (res) { 377 EMSG("Couldn't acquire semaphore for resource %"PRIu32, 378 risup->id); 379 return TEE_ERROR_ACCESS_DENIED; 380 } 381 } 382 } 383 384 return TEE_SUCCESS; 385 } 386 387 static TEE_Result stm32_risup_setup(struct rifsc_platdata *pdata) 388 { 389 struct rifsc_driver_data *drv_data = pdata->drv_data; 390 TEE_Result res = TEE_ERROR_GENERIC; 391 unsigned int i = 0; 392 393 for (i = 0; i < pdata->nrisup && i < drv_data->nb_risup; i++) { 394 struct risup_cfg *risup = pdata->risup + i; 395 396 res = stm32_risup_cfg(pdata, risup); 397 if (res) { 398 EMSG("risup cfg(%d/%d) error", i + 1, pdata->nrisup); 399 return res; 400 } 401 } 402 403 return TEE_SUCCESS; 404 } 405 406 static TEE_Result stm32_rimu_cfg(struct rifsc_platdata *pdata, 407 struct rimu_cfg *rimu) 408 { 409 uintptr_t offset = _RIFSC_RIMC_ATTR0 + (sizeof(uint32_t) * rimu->id); 410 struct rifsc_driver_data *drv_data = pdata->drv_data; 411 412 if (!rimu || rimu->id >= drv_data->nb_rimu) 413 return TEE_ERROR_BAD_PARAMETERS; 414 415 if (drv_data->rif_en) 416 io_write32(pdata->base + offset, rimu->attr); 417 418 return TEE_SUCCESS; 419 } 420 421 static TEE_Result stm32_rimu_setup(struct rifsc_platdata *pdata) 422 { 423 struct rifsc_driver_data *drv_data = pdata->drv_data; 424 TEE_Result res = TEE_ERROR_GENERIC; 425 unsigned int i = 0; 426 427 for (i = 0; i < pdata->nrimu && i < drv_data->nb_rimu; i++) { 428 struct rimu_cfg *rimu = pdata->rimu + i; 429 430 res = stm32_rimu_cfg(pdata, rimu); 431 if (res) { 432 EMSG("rimu cfg(%d/%d) error", i + 1, pdata->nrimu); 433 return res; 434 } 435 } 436 437 return TEE_SUCCESS; 438 } 439 440 static TEE_Result stm32_rifsc_check_access(struct firewall_query *firewall) 441 { 442 uintptr_t rifsc_base = rifsc_pdata.base; 443 unsigned int cid_reg_offset = 0; 444 unsigned int periph_offset = 0; 445 unsigned int resource_id = 0; 446 uint32_t cid_to_check = 0; 447 unsigned int reg_id = 0; 448 bool priv_check = true; 449 bool sec_check = true; 450 uint32_t privcfgr = 0; 451 uint32_t seccfgr = 0; 452 uint32_t cidcfgr = 0; 453 454 assert(rifsc_base); 455 456 if (!firewall || firewall->arg_count != 1) 457 return TEE_ERROR_BAD_PARAMETERS; 458 459 /* 460 * Peripheral configuration, we assume the configuration is as 461 * follows: 462 * firewall->args[0]: RIF configuration to check 463 */ 464 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 465 if (resource_id >= RIMU_ID_OFFSET) 466 return TEE_SUCCESS; 467 468 reg_id = resource_id / _PERIPH_IDS_PER_REG; 469 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 470 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 471 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 472 cid_reg_offset); 473 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 474 privcfgr = io_read32(rifsc_base + _RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 475 sec_check = (BIT(RIF_SEC_SHIFT) & firewall->args[0]) != 0; 476 priv_check = (BIT(RIF_PRIV_SHIFT) & firewall->args[0]) != 0; 477 cid_to_check = (firewall->args[0] & RIF_SCID_MASK) >> RIF_SCID_SHIFT; 478 479 if (!sec_check && seccfgr & BIT(periph_offset)) 480 return TEE_ERROR_ACCESS_DENIED; 481 482 if (!priv_check && (privcfgr & BIT(periph_offset))) 483 return TEE_ERROR_ACCESS_DENIED; 484 485 if (!(cidcfgr & _CIDCFGR_CFEN)) 486 return TEE_SUCCESS; 487 488 if ((cidcfgr & _CIDCFGR_SEMEN && 489 !stm32_rif_semaphore_enabled_and_ok(cidcfgr, cid_to_check)) || 490 (!(cidcfgr & _CIDCFGR_SEMEN) && 491 !stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, 492 cid_to_check))) 493 return TEE_ERROR_BAD_PARAMETERS; 494 495 return TEE_SUCCESS; 496 } 497 498 static TEE_Result stm32_rifsc_acquire_access(struct firewall_query *firewall) 499 { 500 uintptr_t rifsc_base = rifsc_pdata.base; 501 unsigned int cid_reg_offset = 0; 502 unsigned int periph_offset = 0; 503 unsigned int resource_id = 0; 504 unsigned int reg_id = 0; 505 uint32_t cidcfgr = 0; 506 uint32_t seccfgr = 0; 507 508 assert(rifsc_base); 509 510 if (!firewall || !firewall->arg_count) 511 return TEE_ERROR_BAD_PARAMETERS; 512 513 /* 514 * Peripheral configuration, we assume the configuration is as 515 * follows: 516 * firewall->args[0]: Firewall ID of the resource to acquire 517 */ 518 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 519 if (resource_id >= RIMU_ID_OFFSET) 520 return TEE_SUCCESS; 521 522 reg_id = resource_id / _PERIPH_IDS_PER_REG; 523 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 524 525 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 526 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 527 cid_reg_offset); 528 529 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 530 if (!(seccfgr & BIT(periph_offset))) 531 return TEE_ERROR_ACCESS_DENIED; 532 533 /* Only check CID attributes */ 534 if (!(cidcfgr & _CIDCFGR_CFEN)) 535 return TEE_SUCCESS; 536 537 if (cidcfgr & _CIDCFGR_SEMEN) { 538 if (!stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 539 return TEE_ERROR_BAD_PARAMETERS; 540 541 /* Take the semaphore, static CID is irrelevant here */ 542 return stm32_rif_acquire_semaphore(rifsc_base + 543 _RIFSC_RISC_PER0_SEMCR + 544 cid_reg_offset, 545 MAX_CID_SUPPORTED); 546 } 547 548 if (!stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, RIF_CID1)) 549 return TEE_ERROR_ACCESS_DENIED; 550 551 return TEE_SUCCESS; 552 } 553 554 static TEE_Result stm32_rifsc_set_config(struct firewall_query *firewall) 555 { 556 struct rimu_cfg rimu = { }; 557 unsigned int id = 0; 558 uint32_t conf = 0; 559 560 if (!firewall || firewall->arg_count != 1) 561 return TEE_ERROR_BAD_PARAMETERS; 562 563 /* 564 * Peripheral configuration, we assume the configuration is as 565 * follows: 566 * firewall->args[0]: RIF configuration to set 567 */ 568 id = firewall->args[0] & RIF_PER_ID_MASK; 569 conf = firewall->args[0]; 570 571 if (id < RIMU_ID_OFFSET) { 572 struct risup_cfg risup = { }; 573 uint32_t cidcfgr = 0; 574 575 risup.id = id; 576 risup.sec = (BIT(RIF_SEC_SHIFT) & conf) != 0; 577 risup.priv = (BIT(RIF_PRIV_SHIFT) & conf) != 0; 578 risup.lock = (BIT(RIF_LOCK_SHIFT) & conf) != 0; 579 risup.cid_attr = _RIF_FLD_GET(RIF_PERx_CID, conf); 580 581 if (!rifsc_pdata.is_tdcid) { 582 cidcfgr = io_read32(rifsc_pdata.base + 583 _OFFSET_PERX_CIDCFGR * risup.id + 584 _RIFSC_RISC_PER0_CIDCFGR); 585 586 if (cidcfgr != risup.cid_attr) 587 return TEE_ERROR_BAD_PARAMETERS; 588 } 589 590 DMSG("Setting config for peripheral: %u, %s, %s, cid attr: %#"PRIx32", %s", 591 id, risup.sec ? "Secure" : "Non secure", 592 risup.priv ? "Privileged" : "Non privileged", 593 risup.cid_attr, risup.lock ? "Locked" : "Unlocked"); 594 595 return stm32_risup_cfg(&rifsc_pdata, &risup); 596 } 597 598 if (!rifsc_pdata.is_tdcid) 599 return TEE_ERROR_ACCESS_DENIED; 600 601 rimu.id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, conf) - RIMU_ID_OFFSET; 602 rimu.attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, conf); 603 604 return stm32_rimu_cfg(&rifsc_pdata, &rimu); 605 } 606 607 static void stm32_rifsc_release_access(struct firewall_query *firewall) 608 { 609 uintptr_t rifsc_base = rifsc_pdata.base; 610 uint32_t cidcfgr = 0; 611 uint32_t id = 0; 612 613 assert(rifsc_base && firewall && firewall->arg_count); 614 615 id = firewall->args[0]; 616 617 if (id >= RIMU_ID_OFFSET) 618 return; 619 620 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 621 _OFFSET_PERX_CIDCFGR * id); 622 623 /* Only thing possible is to release a semaphore taken by OP-TEE CID */ 624 if (stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 625 if (stm32_rif_release_semaphore(rifsc_base + 626 _RIFSC_RISC_PER0_SEMCR + 627 id * _OFFSET_PERX_CIDCFGR, 628 MAX_CID_SUPPORTED)) 629 panic("Could not release the RIF semaphore"); 630 } 631 632 static TEE_Result stm32_rifsc_sem_pm_suspend(void) 633 { 634 unsigned int i = 0; 635 636 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 637 uint32_t semcfgr = io_read32(rifsc_pdata.base + 638 _RIFSC_RISC_PER0_SEMCR + 639 _OFFSET_PERX_CIDCFGR * i); 640 struct risup_cfg *risup = rifsc_pdata.risup + i; 641 642 /* Save semaphores that were taken by the CID1 */ 643 risup->pm_sem = semcfgr & _SEMCR_MUTEX && 644 ((semcfgr & _SEMCR_SEMCID_MASK) >> 645 _SEMCR_SEMCID_SHIFT) == RIF_CID1; 646 647 FMSG("RIF semaphore %s for ID: %"PRIu32, 648 risup->pm_sem ? "SAVED" : "NOT SAVED", risup->id); 649 } 650 651 return TEE_SUCCESS; 652 } 653 654 static TEE_Result stm32_rifsc_sem_pm_resume(void) 655 { 656 TEE_Result res = TEE_ERROR_GENERIC; 657 unsigned int i = 0; 658 659 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 660 struct risup_cfg *risup = rifsc_pdata.risup + i; 661 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 662 uintptr_t offset = sizeof(uint32_t) * 663 (risup->id / _PERIPH_IDS_PER_REG); 664 uintptr_t perih_offset = risup->id % _PERIPH_IDS_PER_REG; 665 uint32_t seccgfr = io_read32(rifsc_pdata.base + 666 _RIFSC_RISC_SECCFGR0 + offset); 667 uint32_t privcgfr = io_read32(rifsc_pdata.base + 668 _RIFSC_RISC_PRIVCFGR0 + offset); 669 uint32_t lockcfgr = io_read32(rifsc_pdata.base + 670 _RIFSC_RISC_RCFGLOCKR0 + offset); 671 672 /* Update RISUPs fields */ 673 risup->cid_attr = io_read32(rifsc_pdata.base + 674 _RIFSC_RISC_PER0_CIDCFGR + 675 cidcfgr_offset); 676 risup->sec = (seccgfr & BIT(perih_offset)) != 0; 677 risup->priv = (privcgfr & BIT(perih_offset)) != 0; 678 risup->lock = (lockcfgr & BIT(perih_offset)) != 0; 679 680 /* Acquire available appropriate semaphores */ 681 if (!stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, 682 RIF_CID1) || 683 !risup->pm_sem) 684 continue; 685 686 res = stm32_rif_acquire_semaphore(rifsc_pdata.base + 687 _RIFSC_RISC_PER0_SEMCR + 688 cidcfgr_offset, 689 MAX_CID_SUPPORTED); 690 if (res) { 691 EMSG("Could not acquire semaphore for resource %"PRIu32, 692 risup->id); 693 return TEE_ERROR_ACCESS_DENIED; 694 } 695 } 696 697 return TEE_SUCCESS; 698 } 699 700 static TEE_Result 701 stm32_rifsc_sem_pm(enum pm_op op, unsigned int pm_hint, 702 const struct pm_callback_handle *pm_handle __unused) 703 { 704 TEE_Result res = TEE_ERROR_GENERIC; 705 706 if (pm_hint != PM_HINT_CONTEXT_STATE) 707 return TEE_SUCCESS; 708 709 if (op == PM_OP_RESUME) 710 res = stm32_rifsc_sem_pm_resume(); 711 else 712 res = stm32_rifsc_sem_pm_suspend(); 713 714 return res; 715 } 716 717 TEE_Result stm32_rifsc_check_tdcid(bool *tdcid_state) 718 { 719 if (!rifsc_pdata.base) 720 return TEE_ERROR_DEFER_DRIVER_INIT; 721 722 if (((io_read32(rifsc_pdata.base + _RIFSC_RIMC_CR) & 723 _RIFSC_RIMC_CR_TDCID_MASK)) == (RIF_CID1 << _CIDCFGR_SCID_SHIFT)) 724 *tdcid_state = true; 725 else 726 *tdcid_state = false; 727 728 return TEE_SUCCESS; 729 } 730 731 static const struct firewall_controller_ops firewall_ops = { 732 .set_conf = stm32_rifsc_set_config, 733 .check_access = stm32_rifsc_check_access, 734 .acquire_access = stm32_rifsc_acquire_access, 735 .release_access = stm32_rifsc_release_access, 736 }; 737 738 /** 739 * stm32_rifsc_dt_probe_bus() - Add bus device tree subnodes that are accessible 740 * by OP-TEE and secure to the driver probe list. This is used at boot time 741 * only, as a sanity check between device tree and firewalls hardware 742 * configurations to prevent undesired accesses when access to a device is not 743 * authorized. This function tries to acquire access to every resource entries 744 * listed in the access-controllers property of each of the subnodes. It panics 745 * if it fails to do so. When CFG_INSECURE is enabled, platform can bypass this 746 * access control test for specific devices assigned to non-secure world and 747 * used by OP-TEE, such as an UART console device. 748 * 749 * @fdt: FDT to work on 750 * @node: RIFSC node 751 * @ctrl: RIFSC firewall controller reference 752 */ 753 static TEE_Result 754 stm32_rifsc_dt_probe_bus(const void *fdt, int node, 755 struct firewall_controller *ctrl __maybe_unused) 756 { 757 TEE_Result res = TEE_ERROR_GENERIC; 758 struct firewall_query *fw = NULL; 759 int subnode = 0; 760 761 DMSG("Populating %s firewall bus", ctrl->name); 762 763 fdt_for_each_subnode(subnode, fdt, node) { 764 unsigned int i = 0; 765 766 if (fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 767 continue; 768 769 if (IS_ENABLED(CFG_INSECURE) && 770 stm32mp_allow_probe_shared_device(fdt, subnode)) { 771 DMSG("Skipping firewall attributes check for %s", 772 fdt_get_name(fdt, subnode, NULL)); 773 goto skip_check; 774 } 775 776 DMSG("Acquiring firewall access for %s when probing bus", 777 fdt_get_name(fdt, subnode, NULL)); 778 779 do { 780 /* 781 * The access-controllers property is mandatory for 782 * firewall bus devices 783 */ 784 res = firewall_dt_get_by_index(fdt, subnode, i, &fw); 785 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 786 /* Stop when nothing more to parse */ 787 break; 788 } else if (res) { 789 EMSG("%s: Error on node %s: %#"PRIx32, 790 ctrl->name, 791 fdt_get_name(fdt, subnode, NULL), res); 792 panic(); 793 } 794 795 res = firewall_acquire_access(fw); 796 if (res) { 797 EMSG("%s: %s not accessible: %#"PRIx32, 798 ctrl->name, 799 fdt_get_name(fdt, subnode, NULL), res); 800 panic(); 801 } 802 803 firewall_put(fw); 804 i++; 805 } while (true); 806 807 skip_check: 808 res = dt_driver_maybe_add_probe_node(fdt, subnode); 809 if (res) { 810 EMSG("Failed on node %s with %#"PRIx32, 811 fdt_get_name(fdt, subnode, NULL), res); 812 panic(); 813 } 814 } 815 816 return TEE_SUCCESS; 817 } 818 819 static TEE_Result stm32_rifsc_probe(const void *fdt, int node, 820 const void *compat_data __unused) 821 { 822 struct firewall_controller *controller = NULL; 823 TEE_Result res = TEE_ERROR_GENERIC; 824 825 res = stm32_rifsc_parse_fdt(fdt, node, &rifsc_pdata); 826 if (res) { 827 EMSG("Could not parse RIFSC node, res = %#"PRIx32, res); 828 panic(); 829 } 830 831 if (!rifsc_pdata.drv_data) 832 stm32_rifsc_get_driverdata(&rifsc_pdata); 833 834 res = stm32_risup_setup(&rifsc_pdata); 835 if (res) { 836 EMSG("Could not setup RISUPs, res = %#"PRIx32, res); 837 panic(); 838 } 839 840 if (rifsc_pdata.is_tdcid) { 841 res = stm32_rimu_setup(&rifsc_pdata); 842 if (res) { 843 EMSG("Could not setup RIMUs, res = %#"PRIx32, res); 844 panic(); 845 } 846 } 847 848 res = stm32_rifsc_glock_config(fdt, node, &rifsc_pdata); 849 if (res) 850 panic("Couldn't lock RIFSC configuration"); 851 852 controller = calloc(1, sizeof(*controller)); 853 if (!controller) 854 panic(); 855 856 controller->name = "RIFSC"; 857 controller->priv = &rifsc_pdata; 858 controller->ops = &firewall_ops; 859 860 res = firewall_dt_controller_register(fdt, node, controller); 861 if (res) 862 panic(); 863 864 res = stm32_rifsc_dt_probe_bus(fdt, node, controller); 865 if (res) 866 panic(); 867 868 register_pm_core_service_cb(stm32_rifsc_sem_pm, NULL, 869 "stm32-rifsc-semaphores"); 870 871 return TEE_SUCCESS; 872 } 873 874 static const struct dt_device_match rifsc_match_table[] = { 875 { .compatible = "st,stm32mp25-rifsc" }, 876 { } 877 }; 878 879 DEFINE_DT_DRIVER(rifsc_dt_driver) = { 880 .name = "stm32-rifsc", 881 .match_table = rifsc_match_table, 882 .probe = stm32_rifsc_probe, 883 }; 884