1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2024, STMicroelectronics 4 */ 5 6 #include <drivers/firewall.h> 7 #include <drivers/stm32_rif.h> 8 #include <drivers/stm32_shared_io.h> 9 #include <drivers/stm32mp_dt_bindings.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/dt.h> 13 #include <kernel/dt_driver.h> 14 #include <kernel/panic.h> 15 #include <kernel/pm.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <stm32_util.h> 19 #include <tee_api_defines.h> 20 #include <trace.h> 21 #include <util.h> 22 23 /* RIFSC offset register */ 24 #define _RIFSC_RISC_SECCFGR0 U(0x10) 25 #define _RIFSC_RISC_PRIVCFGR0 U(0x30) 26 #define _RIFSC_RISC_RCFGLOCKR0 U(0x50) 27 #define _RIFSC_RISC_PER0_CIDCFGR U(0x100) 28 #define _RIFSC_RISC_PER0_SEMCR U(0x104) 29 #define _RIFSC_RIMC_CR U(0xC00) 30 #define _RIFSC_RIMC_ATTR0 U(0xC10) 31 #define _RIFSC_RISAL_CFGR0_A(y) (U(0x900) + (0x10 * ((y) - 1))) 32 #define _RIFSC_RISAL_CFGR0_B(y) (U(0x908) + (0x10 * ((y) - 1))) 33 #define _RIFSC_RISAL_ADDR_A U(0x924) 34 #define _RIFSC_RISAL_ADDR_B U(0x92C) 35 #define _RIFSC_HWCFGR3 U(0xFE8) 36 #define _RIFSC_HWCFGR2 U(0xFEC) 37 #define _RIFSC_HWCFGR1 U(0xFF0) 38 #define _RIFSC_VERR U(0xFF4) 39 40 /* RIFSC_HWCFGR2 register fields */ 41 #define _RIFSC_HWCFGR2_CFG1_MASK GENMASK_32(15, 0) 42 #define _RIFSC_HWCFGR2_CFG1_SHIFT U(0) 43 #define _RIFSC_HWCFGR2_CFG2_MASK GENMASK_32(23, 16) 44 #define _RIFSC_HWCFGR2_CFG2_SHIFT U(16) 45 #define _RIFSC_HWCFGR2_CFG3_MASK GENMASK_32(31, 24) 46 #define _RIFSC_HWCFGR2_CFG3_SHIFT U(24) 47 48 /* RIFSC_HWCFGR1 register fields */ 49 #define _RIFSC_HWCFGR1_CFG1_MASK GENMASK_32(3, 0) 50 #define _RIFSC_HWCFGR1_CFG1_SHIFT U(0) 51 #define _RIFSC_HWCFGR1_CFG2_MASK GENMASK_32(7, 4) 52 #define _RIFSC_HWCFGR1_CFG2_SHIFT U(4) 53 #define _RIFSC_HWCFGR1_CFG3_MASK GENMASK_32(11, 8) 54 #define _RIFSC_HWCFGR1_CFG3_SHIFT U(8) 55 #define _RIFSC_HWCFGR1_CFG4_MASK GENMASK_32(15, 12) 56 #define _RIFSC_HWCFGR1_CFG4_SHIFT U(12) 57 #define _RIFSC_HWCFGR1_CFG5_MASK GENMASK_32(19, 16) 58 #define _RIFSC_HWCFGR1_CFG5_SHIFT U(16) 59 #define _RIFSC_HWCFGR1_CFG6_MASK GENMASK_32(23, 20) 60 #define _RIFSC_HWCFGR1_CFG6_SHIFT U(20) 61 62 /* 63 * RISC_CR register fields 64 */ 65 #define _RIFSC_RISC_CR_GLOCK BIT(0) 66 67 /* 68 * RIMC_CR register fields 69 */ 70 #define _RIFSC_RIMC_CR_GLOCK BIT(0) 71 #define _RIFSC_RIMC_CR_TDCID_MASK GENMASK_32(6, 4) 72 73 /* RIFSC_VERR register fields */ 74 #define _RIFSC_VERR_MINREV_MASK GENMASK_32(3, 0) 75 #define _RIFSC_VERR_MINREV_SHIFT U(0) 76 #define _RIFSC_VERR_MAJREV_MASK GENMASK_32(7, 4) 77 #define _RIFSC_VERR_MAJREV_SHIFT U(4) 78 79 /* Periph id per register */ 80 #define _PERIPH_IDS_PER_REG U(32) 81 #define _OFFSET_PERX_CIDCFGR U(0x8) 82 83 #define RIFSC_RISC_CIDCFGR_CFEN_MASK BIT(0) 84 #define RIFSC_RISC_CIDCFGR_CFEN_SHIFT U(0) 85 #define RIFSC_RISC_CIDCFGR_SEM_EN_MASK BIT(1) 86 #define RIFSC_RISC_CIDCFGR_SEM_EN_SHIFT U(1) 87 #define RIFSC_RISC_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 88 #define RIFSC_RISC_CIDCFGR_SCID_SHIFT U(4) 89 #define RIFSC_RISC_CIDCFGR_LOCK_MASK BIT(10) 90 #define RIFSC_RISC_CIDCFGR_LOCK_SHIFT U(10) 91 #define RIFSC_RISC_CIDCFGR_SEML_MASK GENMASK_32(23, 16) 92 #define RIFSC_RISC_CIDCFGR_SEML_SHIFT U(16) 93 94 #define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CIDCFGR_CFEN_MASK | \ 95 RIFSC_RISC_CIDCFGR_SEM_EN_MASK | \ 96 RIFSC_RISC_CIDCFGR_SCID_MASK | \ 97 RIFSC_RISC_CIDCFGR_SCID_SHIFT) 98 99 #define RIFSC_RISC_PERx_CID_SHIFT U(0) 100 101 #define RIFSC_RIMC_CIDSEL_MASK BIT(2) 102 #define RIFSC_RIMC_CIDSEL_SHIFT U(2) 103 #define RIFSC_RIMC_MCID_MASK GENMASK_32(6, 4) 104 #define RIFSC_RIMC_MCID_SHIFT U(4) 105 #define RIFSC_RIMC_MSEC_MASK BIT(8) 106 #define RIFSC_RIMC_MPRIV_MASK BIT(9) 107 #define RIFSC_RIMC_M_ID_MASK GENMASK_32(23, 16) 108 109 #define RIFSC_RIMC_ATTRx_MASK (RIFSC_RIMC_MODE_MASK | \ 110 RIFSC_RIMC_MCID_MASK | \ 111 RIFSC_RIMC_MSEC_MASK | \ 112 RIFSC_RIMC_MPRIV_MASK) 113 114 /* max entries */ 115 #define MAX_RIMU U(16) 116 #define MAX_RISUP U(128) 117 118 #define _RIF_FLD_GET(field, value) (((uint32_t)(value) & \ 119 (field ## _MASK)) >>\ 120 (field ## _SHIFT)) 121 122 #define NO_RISUP_ID UINT32_MAX 123 124 struct risup_cfg { 125 uint32_t cid_attr; 126 uint32_t id; 127 bool sec; 128 bool priv; 129 bool lock; 130 bool pm_sem; 131 }; 132 133 struct rimu_cfg { 134 uint32_t id; 135 uint32_t risup_id; 136 uint32_t attr; 137 }; 138 139 struct risal_cfg { 140 uint32_t id; 141 uint32_t blockid; 142 uint32_t attr; 143 }; 144 145 struct rifsc_driver_data { 146 bool rif_en; 147 bool sec_en; 148 bool priv_en; 149 uint8_t nb_rimu; 150 uint8_t nb_risup; 151 uint8_t nb_risal; 152 uint8_t version; 153 }; 154 155 struct rifsc_platdata { 156 uintptr_t base; 157 struct rifsc_driver_data *drv_data; 158 struct risup_cfg *risup; 159 unsigned int nrisup; 160 struct rimu_cfg *rimu; 161 unsigned int nrimu; 162 struct risal_cfg *risal; 163 unsigned int nrisal; 164 bool is_tdcid; 165 bool errata_ahbrisab; 166 }; 167 168 /** 169 * struct rimu_risup_pairs - Association of a RISUP and RIMU ID for a peripheral 170 * 171 * @rimu_id: ID of the RIMU 172 * @risup_id: ID of the associated RISUP 173 */ 174 struct rimu_risup_pairs { 175 uint32_t rimu_id; 176 uint32_t risup_id; 177 }; 178 179 static const struct rimu_risup_pairs rimu_risup[] = { 180 [0] = { 181 .rimu_id = 0, 182 .risup_id = NO_RISUP_ID, 183 }, 184 [1] = { 185 .rimu_id = 1, 186 .risup_id = STM32MP25_RIFSC_SDMMC1_ID, 187 }, 188 [2] = { 189 .rimu_id = 2, 190 .risup_id = STM32MP25_RIFSC_SDMMC2_ID, 191 }, 192 [3] = { 193 .rimu_id = 3, 194 .risup_id = STM32MP25_RIFSC_SDMMC3_ID, 195 }, 196 [4] = { 197 .rimu_id = 4, 198 .risup_id = STM32MP25_RIFSC_USB3DR_ID, 199 }, 200 [5] = { 201 .rimu_id = 5, 202 .risup_id = STM32MP25_RIFSC_USBH_ID, 203 }, 204 [6] = { 205 .rimu_id = 6, 206 .risup_id = STM32MP25_RIFSC_ETH1_ID, 207 }, 208 [7] = { 209 .rimu_id = 7, 210 .risup_id = STM32MP25_RIFSC_ETH2_ID, 211 }, 212 [8] = { 213 .rimu_id = 8, 214 .risup_id = STM32MP25_RIFSC_PCIE_ID, 215 }, 216 [9] = { 217 .rimu_id = 9, 218 .risup_id = STM32MP25_RIFSC_GPU_ID, 219 }, 220 [10] = { 221 .rimu_id = 10, 222 .risup_id = STM32MP25_RIFSC_DCMIPP_ID, 223 }, 224 [11] = { 225 .rimu_id = 11, 226 .risup_id = NO_RISUP_ID, 227 }, 228 [12] = { 229 .rimu_id = 12, 230 .risup_id = NO_RISUP_ID, 231 }, 232 [13] = { 233 .rimu_id = 13, 234 .risup_id = NO_RISUP_ID, 235 }, 236 [14] = { 237 .rimu_id = 14, 238 .risup_id = STM32MP25_RIFSC_VDEC_ID, 239 }, 240 [15] = { 241 .rimu_id = 15, 242 .risup_id = STM32MP25_RIFSC_VENC_ID, 243 }, 244 }; 245 246 /* There is only 1 instance of the RIFSC subsystem */ 247 static struct rifsc_driver_data rifsc_drvdata; 248 static struct rifsc_platdata rifsc_pdata; 249 250 static void stm32_rifsc_get_driverdata(struct rifsc_platdata *pdata) 251 { 252 uint32_t regval = 0; 253 254 regval = io_read32(pdata->base + _RIFSC_HWCFGR1); 255 rifsc_drvdata.rif_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG1, regval) != 0; 256 rifsc_drvdata.sec_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG2, regval) != 0; 257 rifsc_drvdata.priv_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG3, regval) != 0; 258 259 regval = io_read32(pdata->base + _RIFSC_HWCFGR2); 260 rifsc_drvdata.nb_risup = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG1, regval); 261 rifsc_drvdata.nb_rimu = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG2, regval); 262 rifsc_drvdata.nb_risal = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG3, regval); 263 264 pdata->drv_data = &rifsc_drvdata; 265 266 rifsc_drvdata.version = io_read8(pdata->base + _RIFSC_VERR); 267 268 DMSG("RIFSC version %"PRIu32".%"PRIu32, 269 _RIF_FLD_GET(_RIFSC_VERR_MAJREV, rifsc_drvdata.version), 270 _RIF_FLD_GET(_RIFSC_VERR_MINREV, rifsc_drvdata.version)); 271 272 DMSG("HW cap: enabled[rif:sec:priv]:[%s:%s:%s] nb[risup|rimu|risal]:[%"PRIu8",%"PRIu8",%"PRIu8"]", 273 rifsc_drvdata.rif_en ? "true" : "false", 274 rifsc_drvdata.sec_en ? "true" : "false", 275 rifsc_drvdata.priv_en ? "true" : "false", 276 rifsc_drvdata.nb_risup, 277 rifsc_drvdata.nb_rimu, 278 rifsc_drvdata.nb_risal); 279 } 280 281 static TEE_Result stm32_rifsc_glock_config(const void *fdt, int node, 282 struct rifsc_platdata *pdata) 283 { 284 const fdt32_t *cuint = NULL; 285 uint32_t glock_conf = 0; 286 int len = 0; 287 288 cuint = fdt_getprop(fdt, node, "st,glocked", &len); 289 if (!cuint) { 290 DMSG("No global lock on RIF configuration"); 291 return TEE_SUCCESS; 292 } 293 assert(len == sizeof(uint32_t)); 294 295 glock_conf = fdt32_to_cpu(*cuint); 296 297 if (glock_conf & RIFSC_RIMU_GLOCK) { 298 DMSG("Setting global lock on RIMU configuration"); 299 300 io_setbits32(pdata->base + _RIFSC_RIMC_CR, 301 _RIFSC_RIMC_CR_GLOCK); 302 303 if (!(io_read32(pdata->base + _RIFSC_RIMC_CR) & 304 _RIFSC_RIMC_CR_GLOCK)) 305 return TEE_ERROR_ACCESS_DENIED; 306 } 307 308 if (glock_conf & RIFSC_RISUP_GLOCK) { 309 DMSG("Setting global lock on RISUP configuration"); 310 311 io_setbits32(pdata->base, _RIFSC_RISC_CR_GLOCK); 312 313 if (!(io_read32(pdata->base) & _RIFSC_RISC_CR_GLOCK)) 314 return TEE_ERROR_ACCESS_DENIED; 315 } 316 317 return TEE_SUCCESS; 318 } 319 320 static TEE_Result stm32_rifsc_dt_conf_risup(const void *fdt, int node, 321 struct rifsc_platdata *pdata) 322 { 323 const fdt32_t *conf_list = NULL; 324 unsigned int i = 0; 325 int len = 0; 326 327 conf_list = fdt_getprop(fdt, node, "st,protreg", &len); 328 if (!conf_list) { 329 DMSG("No RISUP configuration in DT"); 330 return TEE_ERROR_ITEM_NOT_FOUND; 331 } 332 assert(!(len % sizeof(uint32_t))); 333 334 pdata->nrisup = len / sizeof(uint32_t); 335 pdata->risup = calloc(pdata->nrisup, sizeof(*pdata->risup)); 336 if (!pdata->risup) 337 return TEE_ERROR_OUT_OF_MEMORY; 338 339 for (i = 0; i < pdata->nrisup; i++) { 340 uint32_t value = fdt32_to_cpu(conf_list[i]); 341 struct risup_cfg *risup = pdata->risup + i; 342 343 risup->id = _RIF_FLD_GET(RIF_PER_ID, value); 344 risup->sec = _RIF_FLD_GET(RIF_SEC, value) != 0; 345 risup->priv = _RIF_FLD_GET(RIF_PRIV, value) != 0; 346 risup->lock = _RIF_FLD_GET(RIF_LOCK, value) != 0; 347 risup->cid_attr = _RIF_FLD_GET(RIF_PERx_CID, value); 348 } 349 350 return TEE_SUCCESS; 351 } 352 353 static TEE_Result stm32_rifsc_dt_conf_rimu(const void *fdt, int node, 354 struct rifsc_platdata *pdata) 355 { 356 const fdt32_t *conf_list = NULL; 357 unsigned int i = 0; 358 int len = 0; 359 360 conf_list = fdt_getprop(fdt, node, "st,rimu", &len); 361 if (!conf_list) { 362 DMSG("No RIMU configuration in DT"); 363 return TEE_ERROR_ITEM_NOT_FOUND; 364 } 365 assert(!(len % sizeof(uint32_t))); 366 367 pdata->nrimu = len / sizeof(uint32_t); 368 pdata->rimu = calloc(pdata->nrimu, sizeof(*pdata->rimu)); 369 if (!pdata->rimu) 370 return TEE_ERROR_OUT_OF_MEMORY; 371 372 for (i = 0; i < pdata->nrimu; i++) { 373 uint32_t value = fdt32_to_cpu(conf_list[i]); 374 struct rimu_cfg *rimu = pdata->rimu + i; 375 376 rimu->id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, value) - 377 RIMU_ID_OFFSET; 378 rimu->attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, value); 379 } 380 381 return TEE_SUCCESS; 382 } 383 384 static TEE_Result stm32_rifsc_dt_conf_risal(const void *fdt, int node, 385 struct rifsc_platdata *pdata) 386 { 387 const fdt32_t *cuint = NULL; 388 int i = 0; 389 int len = 0; 390 391 cuint = fdt_getprop(fdt, node, "st,risal", &len); 392 if (!cuint) { 393 DMSG("No RISAL configuration in DT"); 394 pdata->nrisal = 0; 395 return TEE_ERROR_ITEM_NOT_FOUND; 396 } 397 398 len = len / sizeof(uint32_t); 399 400 pdata->nrisal = len; 401 pdata->risal = calloc(len, sizeof(*pdata->risal)); 402 if (!pdata->risal) 403 return TEE_ERROR_OUT_OF_MEMORY; 404 405 for (i = 0; i < len; i++) { 406 uint32_t value = fdt32_to_cpu(cuint[i]); 407 struct risal_cfg *risal = pdata->risal + i; 408 409 risal->id = _RIF_FLD_GET(RIFSC_RISAL_REG_ID, value); 410 risal->blockid = _RIF_FLD_GET(RIFSC_RISAL_BLOCK_ID, value); 411 risal->attr = _RIF_FLD_GET(RIFSC_RISAL_REGx_CFGR, value); 412 } 413 414 return TEE_SUCCESS; 415 } 416 417 static TEE_Result stm32_rifsc_parse_fdt(const void *fdt, int node, 418 struct rifsc_platdata *pdata) 419 { 420 TEE_Result res = TEE_ERROR_GENERIC; 421 struct io_pa_va base = { }; 422 size_t reg_size = 0; 423 424 if (fdt_reg_info(fdt, node, &base.pa, ®_size)) 425 return TEE_ERROR_BAD_PARAMETERS; 426 427 pdata->base = io_pa_or_va_secure(&base, reg_size); 428 429 res = stm32_rifsc_check_tdcid(&rifsc_pdata.is_tdcid); 430 if (res) 431 panic(); 432 433 res = stm32_rifsc_dt_conf_risup(fdt, node, pdata); 434 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 435 return res; 436 437 if (rifsc_pdata.is_tdcid) { 438 res = stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 439 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 440 return res; 441 442 if (IS_ENABLED(CFG_STM32MP25)) { 443 res = stm32_rifsc_dt_conf_risal(fdt, node, pdata); 444 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 445 return res; 446 } 447 } 448 449 rifsc_pdata.errata_ahbrisab = fdt_getprop(fdt, node, 450 "st,errata-ahbrisab", NULL); 451 452 return TEE_SUCCESS; 453 } 454 455 static TEE_Result stm32_risup_cfg(struct rifsc_platdata *pdata, 456 struct risup_cfg *risup) 457 { 458 uintptr_t offset = sizeof(uint32_t) * (risup->id / _PERIPH_IDS_PER_REG); 459 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 460 struct rifsc_driver_data *drv_data = pdata->drv_data; 461 uint32_t shift = risup->id % _PERIPH_IDS_PER_REG; 462 463 if (!risup || risup->id >= drv_data->nb_risup) 464 return TEE_ERROR_BAD_PARAMETERS; 465 466 if (drv_data->sec_en) 467 io_clrsetbits32_stm32shregs(pdata->base + _RIFSC_RISC_SECCFGR0 + 468 offset, BIT(shift), 469 SHIFT_U32(risup->sec, shift)); 470 471 if (drv_data->priv_en) 472 io_clrsetbits32_stm32shregs(pdata->base + 473 _RIFSC_RISC_PRIVCFGR0 + offset, 474 BIT(shift), 475 SHIFT_U32(risup->priv, shift)); 476 477 if (rifsc_pdata.is_tdcid) { 478 if (drv_data->rif_en) 479 io_write32(pdata->base + _RIFSC_RISC_PER0_CIDCFGR + 480 cidcfgr_offset, risup->cid_attr); 481 482 /* Lock configuration for this RISUP */ 483 if (risup->lock) { 484 DMSG("Locking RIF conf for peripheral ID: %"PRIu32, 485 risup->id); 486 io_setbits32_stm32shregs(pdata->base + 487 _RIFSC_RISC_RCFGLOCKR0 + 488 offset, BIT(shift)); 489 } 490 } 491 492 return TEE_SUCCESS; 493 } 494 495 static TEE_Result stm32_risup_setup(struct rifsc_platdata *pdata) 496 { 497 struct rifsc_driver_data *drv_data = pdata->drv_data; 498 TEE_Result res = TEE_ERROR_GENERIC; 499 unsigned int i = 0; 500 501 for (i = 0; i < pdata->nrisup && i < drv_data->nb_risup; i++) { 502 struct risup_cfg *risup = pdata->risup + i; 503 504 res = stm32_risup_cfg(pdata, risup); 505 if (res) { 506 EMSG("risup cfg(%d/%d) error", i + 1, pdata->nrisup); 507 return res; 508 } 509 } 510 511 return TEE_SUCCESS; 512 } 513 514 /* 515 * Errata: When CID filtering is enabled on one of RISAB 3/4/5 instances, we 516 * forbid the use of CID0 for any initiator on the bus to handle transient CID0 517 * transactions on these RAMs. 518 */ 519 static void stm32_rimu_errata_ahbrisab(struct rifsc_platdata *pdata, 520 struct rimu_cfg *rimu) 521 { 522 unsigned int i = 0; 523 524 if (!pdata->errata_ahbrisab) 525 return; 526 527 for (i = 0; i < ARRAY_SIZE(rimu_risup); i++) { 528 if (rimu->id == rimu_risup[i].rimu_id) { 529 rimu->risup_id = rimu_risup[i].risup_id; 530 break; 531 } 532 } 533 534 if (i == ARRAY_SIZE(rimu_risup)) 535 panic(); 536 537 if (rimu->attr & RIFSC_RIMC_CIDSEL_MASK) { 538 /* No inheritance mode for this RIMU */ 539 if ((rimu->attr & RIFSC_RIMC_MCID_MASK) >> 540 RIFSC_RIMC_MCID_SHIFT == RIF_CID0) { 541 EMSG("A CID should be set for RIMU %"PRIu32, rimu->id); 542 if (!IS_ENABLED(CFG_INSECURE)) 543 panic(); 544 } 545 } else { 546 struct risup_cfg *risup = NULL; 547 uint32_t risup_cidcfgr = 0; 548 unsigned int j = 0; 549 550 /* Handle RIMU with no inheritance mode */ 551 if (rimu->risup_id == NO_RISUP_ID) { 552 EMSG("RIMU %"PRIu32" cannot be set in inheritance mode", 553 rimu->id); 554 if (!IS_ENABLED(CFG_INSECURE)) 555 panic(); 556 return; 557 } 558 559 for (j = 0; j < pdata->nrisup; j++) { 560 if (rimu->risup_id == pdata->risup[j].id) { 561 risup = &pdata->risup[j]; 562 break; 563 } 564 } 565 566 if (!risup) 567 panic(); 568 569 risup_cidcfgr = io_read32(pdata->base + 570 _RIFSC_RISC_PER0_CIDCFGR + 571 _OFFSET_PERX_CIDCFGR * risup->id); 572 573 if (!(risup_cidcfgr & RIFSC_RISC_CIDCFGR_CFEN_MASK) || 574 (!(risup_cidcfgr & RIFSC_RISC_CIDCFGR_SEM_EN_MASK) && 575 ((risup_cidcfgr & RIFSC_RISC_CIDCFGR_SCID_MASK) >> 576 RIFSC_RISC_CIDCFGR_SCID_SHIFT) == RIF_CID0) || 577 (risup_cidcfgr & RIFSC_RISC_CIDCFGR_SEM_EN_MASK && 578 risup_cidcfgr & BIT(RIF_CID0 + 579 RIFSC_RISC_CIDCFGR_SEML_SHIFT))) { 580 EMSG("RIMU %"PRIu32" in inheritance mode with CID0", 581 rimu->id); 582 if (!IS_ENABLED(CFG_INSECURE)) 583 panic(); 584 } 585 } 586 } 587 588 static TEE_Result stm32_rimu_cfg(struct rifsc_platdata *pdata, 589 struct rimu_cfg *rimu) 590 { 591 uintptr_t offset = _RIFSC_RIMC_ATTR0 + (sizeof(uint32_t) * rimu->id); 592 struct rifsc_driver_data *drv_data = pdata->drv_data; 593 594 if (!rimu || rimu->id >= drv_data->nb_rimu) 595 return TEE_ERROR_BAD_PARAMETERS; 596 597 stm32_rimu_errata_ahbrisab(pdata, rimu); 598 599 if (drv_data->rif_en) 600 io_write32(pdata->base + offset, rimu->attr); 601 602 return TEE_SUCCESS; 603 } 604 605 static TEE_Result stm32_rimu_setup(struct rifsc_platdata *pdata) 606 { 607 struct rifsc_driver_data *drv_data = pdata->drv_data; 608 TEE_Result res = TEE_ERROR_GENERIC; 609 unsigned int i = 0; 610 611 for (i = 0; i < pdata->nrimu && i < drv_data->nb_rimu; i++) { 612 struct rimu_cfg *rimu = pdata->rimu + i; 613 614 res = stm32_rimu_cfg(pdata, rimu); 615 if (res) { 616 EMSG("rimu cfg(%d/%d) error", i + 1, pdata->nrimu); 617 return res; 618 } 619 } 620 621 return TEE_SUCCESS; 622 } 623 624 static TEE_Result stm32_risal_cfg(struct rifsc_platdata *pdata, 625 struct risal_cfg *risal) 626 { 627 struct rifsc_driver_data *drv_data = pdata->drv_data; 628 629 if (!risal || risal->id > drv_data->nb_risal) 630 return TEE_ERROR_BAD_PARAMETERS; 631 632 if (drv_data->rif_en) { 633 uintptr_t offset_a = _RIFSC_RISAL_CFGR0_A(risal->id); 634 uintptr_t offset_b = _RIFSC_RISAL_CFGR0_B(risal->id); 635 636 if (risal->blockid == RIFSC_RISAL_BLOCK_A) 637 io_write32(pdata->base + offset_a, risal->attr); 638 if (risal->blockid == RIFSC_RISAL_BLOCK_B) 639 io_write32(pdata->base + offset_b, risal->attr); 640 } 641 642 return TEE_SUCCESS; 643 } 644 645 static TEE_Result stm32_risal_setup(struct rifsc_platdata *pdata) 646 { 647 unsigned int i = 0; 648 TEE_Result res = TEE_ERROR_GENERIC; 649 650 for (i = 0; i < pdata->nrisal; i++) { 651 struct risal_cfg *risal = pdata->risal + i; 652 653 res = stm32_risal_cfg(pdata, risal); 654 if (res) { 655 EMSG("risal cfg(%u/%u) error", i + 1, pdata->nrisal); 656 return res; 657 } 658 } 659 660 return TEE_SUCCESS; 661 } 662 663 static TEE_Result stm32_rifsc_check_access(struct firewall_query *firewall) 664 { 665 uintptr_t rifsc_base = rifsc_pdata.base; 666 unsigned int cid_reg_offset = 0; 667 unsigned int periph_offset = 0; 668 unsigned int resource_id = 0; 669 uint32_t cid_to_check = 0; 670 unsigned int reg_id = 0; 671 bool priv_check = true; 672 bool sec_check = true; 673 uint32_t privcfgr = 0; 674 uint32_t seccfgr = 0; 675 uint32_t cidcfgr = 0; 676 677 assert(rifsc_base); 678 679 if (!firewall || firewall->arg_count != 1) 680 return TEE_ERROR_BAD_PARAMETERS; 681 682 /* 683 * Peripheral configuration, we assume the configuration is as 684 * follows: 685 * firewall->args[0]: RIF configuration to check 686 */ 687 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 688 if (resource_id >= RIMU_ID_OFFSET) 689 return TEE_SUCCESS; 690 691 reg_id = resource_id / _PERIPH_IDS_PER_REG; 692 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 693 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 694 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 695 cid_reg_offset); 696 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 697 privcfgr = io_read32(rifsc_base + _RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 698 sec_check = (BIT(RIF_SEC_SHIFT) & firewall->args[0]) != 0; 699 priv_check = (BIT(RIF_PRIV_SHIFT) & firewall->args[0]) != 0; 700 cid_to_check = (firewall->args[0] & RIF_SCID_MASK) >> RIF_SCID_SHIFT; 701 702 if (!sec_check && seccfgr & BIT(periph_offset)) 703 return TEE_ERROR_ACCESS_DENIED; 704 705 if (!priv_check && (privcfgr & BIT(periph_offset))) 706 return TEE_ERROR_ACCESS_DENIED; 707 708 if (!(cidcfgr & _CIDCFGR_CFEN)) 709 return TEE_SUCCESS; 710 711 if ((cidcfgr & _CIDCFGR_SEMEN && 712 !stm32_rif_semaphore_enabled_and_ok(cidcfgr, cid_to_check)) || 713 (!(cidcfgr & _CIDCFGR_SEMEN) && 714 !stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, 715 cid_to_check))) 716 return TEE_ERROR_BAD_PARAMETERS; 717 718 return TEE_SUCCESS; 719 } 720 721 static TEE_Result stm32_rifsc_acquire_access(struct firewall_query *firewall) 722 { 723 uintptr_t rifsc_base = rifsc_pdata.base; 724 unsigned int cid_reg_offset = 0; 725 unsigned int periph_offset = 0; 726 unsigned int resource_id = 0; 727 unsigned int reg_id = 0; 728 uint32_t cidcfgr = 0; 729 uint32_t seccfgr = 0; 730 731 assert(rifsc_base); 732 733 if (!firewall || !firewall->arg_count) 734 return TEE_ERROR_BAD_PARAMETERS; 735 736 /* 737 * Peripheral configuration, we assume the configuration is as 738 * follows: 739 * firewall->args[0]: Firewall ID of the resource to acquire 740 */ 741 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 742 if (resource_id >= RIMU_ID_OFFSET) 743 return TEE_SUCCESS; 744 745 reg_id = resource_id / _PERIPH_IDS_PER_REG; 746 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 747 748 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 749 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 750 cid_reg_offset); 751 752 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 753 if (!(seccfgr & BIT(periph_offset))) 754 return TEE_ERROR_ACCESS_DENIED; 755 756 /* Only check CID attributes */ 757 if (!(cidcfgr & _CIDCFGR_CFEN)) 758 return TEE_SUCCESS; 759 760 if (cidcfgr & _CIDCFGR_SEMEN) { 761 if (!stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 762 return TEE_ERROR_BAD_PARAMETERS; 763 764 /* Take the semaphore, static CID is irrelevant here */ 765 return stm32_rif_acquire_semaphore(rifsc_base + 766 _RIFSC_RISC_PER0_SEMCR + 767 cid_reg_offset, 768 MAX_CID_SUPPORTED); 769 } 770 771 if (!stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, RIF_CID1)) 772 return TEE_ERROR_ACCESS_DENIED; 773 774 return TEE_SUCCESS; 775 } 776 777 static TEE_Result stm32_rifsc_set_config(struct firewall_query *firewall) 778 { 779 struct rimu_cfg rimu = { }; 780 unsigned int id = 0; 781 uint32_t conf = 0; 782 783 if (!firewall || firewall->arg_count != 1) 784 return TEE_ERROR_BAD_PARAMETERS; 785 786 /* 787 * Peripheral configuration, we assume the configuration is as 788 * follows: 789 * firewall->args[0]: RIF configuration to set 790 */ 791 id = firewall->args[0] & RIF_PER_ID_MASK; 792 conf = firewall->args[0]; 793 794 if (id < RIMU_ID_OFFSET) { 795 struct risup_cfg risup = { }; 796 uint32_t cidcfgr = 0; 797 798 risup.id = id; 799 risup.sec = (BIT(RIF_SEC_SHIFT) & conf) != 0; 800 risup.priv = (BIT(RIF_PRIV_SHIFT) & conf) != 0; 801 risup.lock = (BIT(RIF_LOCK_SHIFT) & conf) != 0; 802 risup.cid_attr = _RIF_FLD_GET(RIF_PERx_CID, conf); 803 804 if (!rifsc_pdata.is_tdcid) { 805 cidcfgr = io_read32(rifsc_pdata.base + 806 _OFFSET_PERX_CIDCFGR * risup.id + 807 _RIFSC_RISC_PER0_CIDCFGR); 808 809 if (cidcfgr != risup.cid_attr) 810 return TEE_ERROR_BAD_PARAMETERS; 811 } 812 813 DMSG("Setting config for peripheral: %u, %s, %s, cid attr: %#"PRIx32", %s", 814 id, risup.sec ? "Secure" : "Non secure", 815 risup.priv ? "Privileged" : "Non privileged", 816 risup.cid_attr, risup.lock ? "Locked" : "Unlocked"); 817 818 return stm32_risup_cfg(&rifsc_pdata, &risup); 819 } 820 821 if (!rifsc_pdata.is_tdcid) 822 return TEE_ERROR_ACCESS_DENIED; 823 824 rimu.id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, conf) - RIMU_ID_OFFSET; 825 rimu.attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, conf); 826 827 return stm32_rimu_cfg(&rifsc_pdata, &rimu); 828 } 829 830 static void stm32_rifsc_release_access(struct firewall_query *firewall) 831 { 832 uintptr_t rifsc_base = rifsc_pdata.base; 833 uint32_t cidcfgr = 0; 834 uint32_t id = 0; 835 836 assert(rifsc_base && firewall && firewall->arg_count); 837 838 id = firewall->args[0]; 839 840 if (id >= RIMU_ID_OFFSET) 841 return; 842 843 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 844 _OFFSET_PERX_CIDCFGR * id); 845 846 /* Only thing possible is to release a semaphore taken by OP-TEE CID */ 847 if (stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 848 if (stm32_rif_release_semaphore(rifsc_base + 849 _RIFSC_RISC_PER0_SEMCR + 850 id * _OFFSET_PERX_CIDCFGR, 851 MAX_CID_SUPPORTED)) 852 panic("Could not release the RIF semaphore"); 853 } 854 855 static TEE_Result stm32_rifsc_sem_pm_suspend(void) 856 { 857 unsigned int i = 0; 858 859 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 860 uint32_t semcfgr = io_read32(rifsc_pdata.base + 861 _RIFSC_RISC_PER0_SEMCR + 862 _OFFSET_PERX_CIDCFGR * i); 863 struct risup_cfg *risup = rifsc_pdata.risup + i; 864 865 /* Save semaphores that were taken by the CID1 */ 866 risup->pm_sem = semcfgr & _SEMCR_MUTEX && 867 ((semcfgr & _SEMCR_SEMCID_MASK) >> 868 _SEMCR_SEMCID_SHIFT) == RIF_CID1; 869 870 FMSG("RIF semaphore %s for ID: %"PRIu32, 871 risup->pm_sem ? "SAVED" : "NOT SAVED", risup->id); 872 } 873 874 return TEE_SUCCESS; 875 } 876 877 static TEE_Result stm32_rifsc_sem_pm_resume(void) 878 { 879 TEE_Result res = TEE_ERROR_GENERIC; 880 unsigned int i = 0; 881 882 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 883 struct risup_cfg *risup = rifsc_pdata.risup + i; 884 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 885 uintptr_t offset = sizeof(uint32_t) * 886 (risup->id / _PERIPH_IDS_PER_REG); 887 uintptr_t perih_offset = risup->id % _PERIPH_IDS_PER_REG; 888 uint32_t seccgfr = io_read32(rifsc_pdata.base + 889 _RIFSC_RISC_SECCFGR0 + offset); 890 uint32_t privcgfr = io_read32(rifsc_pdata.base + 891 _RIFSC_RISC_PRIVCFGR0 + offset); 892 uint32_t lockcfgr = io_read32(rifsc_pdata.base + 893 _RIFSC_RISC_RCFGLOCKR0 + offset); 894 895 /* Update RISUPs fields */ 896 risup->cid_attr = io_read32(rifsc_pdata.base + 897 _RIFSC_RISC_PER0_CIDCFGR + 898 cidcfgr_offset); 899 risup->sec = (seccgfr & BIT(perih_offset)) != 0; 900 risup->priv = (privcgfr & BIT(perih_offset)) != 0; 901 risup->lock = (lockcfgr & BIT(perih_offset)) != 0; 902 903 /* Acquire available appropriate semaphores */ 904 if (!stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, 905 RIF_CID1) || 906 !risup->pm_sem) 907 continue; 908 909 res = stm32_rif_acquire_semaphore(rifsc_pdata.base + 910 _RIFSC_RISC_PER0_SEMCR + 911 cidcfgr_offset, 912 MAX_CID_SUPPORTED); 913 if (res) { 914 EMSG("Could not acquire semaphore for resource %"PRIu32, 915 risup->id); 916 return TEE_ERROR_ACCESS_DENIED; 917 } 918 } 919 920 return TEE_SUCCESS; 921 } 922 923 static TEE_Result 924 stm32_rifsc_sem_pm(enum pm_op op, unsigned int pm_hint, 925 const struct pm_callback_handle *pm_handle __unused) 926 { 927 TEE_Result res = TEE_ERROR_GENERIC; 928 929 if (pm_hint != PM_HINT_CONTEXT_STATE) 930 return TEE_SUCCESS; 931 932 if (op == PM_OP_RESUME) 933 res = stm32_rifsc_sem_pm_resume(); 934 else 935 res = stm32_rifsc_sem_pm_suspend(); 936 937 return res; 938 } 939 940 TEE_Result stm32_rifsc_check_tdcid(bool *tdcid_state) 941 { 942 if (!rifsc_pdata.base) 943 return TEE_ERROR_DEFER_DRIVER_INIT; 944 945 if (((io_read32(rifsc_pdata.base + _RIFSC_RIMC_CR) & 946 _RIFSC_RIMC_CR_TDCID_MASK)) == (RIF_CID1 << _CIDCFGR_SCID_SHIFT)) 947 *tdcid_state = true; 948 else 949 *tdcid_state = false; 950 951 return TEE_SUCCESS; 952 } 953 954 static const struct firewall_controller_ops firewall_ops = { 955 .set_conf = stm32_rifsc_set_config, 956 .check_access = stm32_rifsc_check_access, 957 .acquire_access = stm32_rifsc_acquire_access, 958 .release_access = stm32_rifsc_release_access, 959 }; 960 961 /** 962 * stm32_rifsc_dt_probe_bus() - Add bus device tree subnodes that are accessible 963 * by OP-TEE and secure to the driver probe list. This is used at boot time 964 * only, as a sanity check between device tree and firewalls hardware 965 * configurations to prevent undesired accesses when access to a device is not 966 * authorized. This function tries to acquire access to every resource entries 967 * listed in the access-controllers property of each of the subnodes. It panics 968 * if it fails to do so. When CFG_INSECURE is enabled, platform can bypass this 969 * access control test for specific devices assigned to non-secure world and 970 * used by OP-TEE, such as an UART console device. 971 * 972 * @fdt: FDT to work on 973 * @node: RIFSC node 974 * @ctrl: RIFSC firewall controller reference 975 */ 976 static TEE_Result 977 stm32_rifsc_dt_probe_bus(const void *fdt, int node, 978 struct firewall_controller *ctrl __maybe_unused) 979 { 980 TEE_Result res = TEE_ERROR_GENERIC; 981 struct firewall_query *fw = NULL; 982 int subnode = 0; 983 984 DMSG("Populating %s firewall bus", ctrl->name); 985 986 fdt_for_each_subnode(subnode, fdt, node) { 987 unsigned int i = 0; 988 989 if (fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 990 continue; 991 992 if (IS_ENABLED(CFG_INSECURE) && 993 stm32mp_allow_probe_shared_device(fdt, subnode)) { 994 DMSG("Skipping firewall attributes check for %s", 995 fdt_get_name(fdt, subnode, NULL)); 996 goto skip_check; 997 } 998 999 DMSG("Acquiring firewall access for %s when probing bus", 1000 fdt_get_name(fdt, subnode, NULL)); 1001 1002 do { 1003 /* 1004 * The access-controllers property is mandatory for 1005 * firewall bus devices 1006 */ 1007 res = firewall_dt_get_by_index(fdt, subnode, i, &fw); 1008 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 1009 /* Stop when nothing more to parse */ 1010 break; 1011 } else if (res) { 1012 EMSG("%s: Error on node %s: %#"PRIx32, 1013 ctrl->name, 1014 fdt_get_name(fdt, subnode, NULL), res); 1015 panic(); 1016 } 1017 1018 res = firewall_acquire_access(fw); 1019 if (res) { 1020 EMSG("%s: %s not accessible: %#"PRIx32, 1021 ctrl->name, 1022 fdt_get_name(fdt, subnode, NULL), res); 1023 panic(); 1024 } 1025 1026 firewall_put(fw); 1027 i++; 1028 } while (true); 1029 1030 skip_check: 1031 res = dt_driver_maybe_add_probe_node(fdt, subnode); 1032 if (res) { 1033 EMSG("Failed on node %s with %#"PRIx32, 1034 fdt_get_name(fdt, subnode, NULL), res); 1035 panic(); 1036 } 1037 } 1038 1039 return TEE_SUCCESS; 1040 } 1041 1042 static TEE_Result stm32_rifsc_probe(const void *fdt, int node, 1043 const void *compat_data __unused) 1044 { 1045 struct firewall_controller *controller = NULL; 1046 TEE_Result res = TEE_ERROR_GENERIC; 1047 1048 res = stm32_rifsc_parse_fdt(fdt, node, &rifsc_pdata); 1049 if (res) { 1050 EMSG("Could not parse RIFSC node, res = %#"PRIx32, res); 1051 panic(); 1052 } 1053 1054 if (!rifsc_pdata.drv_data) 1055 stm32_rifsc_get_driverdata(&rifsc_pdata); 1056 1057 res = stm32_risup_setup(&rifsc_pdata); 1058 if (res) { 1059 EMSG("Could not setup RISUPs, res = %#"PRIx32, res); 1060 panic(); 1061 } 1062 1063 if (rifsc_pdata.is_tdcid) { 1064 res = stm32_rimu_setup(&rifsc_pdata); 1065 if (res) { 1066 EMSG("Could not setup RIMUs, res = %#"PRIx32, res); 1067 panic(); 1068 } 1069 1070 if (IS_ENABLED(CFG_STM32MP25)) { 1071 res = stm32_risal_setup(&rifsc_pdata); 1072 if (res) 1073 panic(); 1074 } 1075 } 1076 1077 res = stm32_rifsc_glock_config(fdt, node, &rifsc_pdata); 1078 if (res) 1079 panic("Couldn't lock RIFSC configuration"); 1080 1081 controller = calloc(1, sizeof(*controller)); 1082 if (!controller) 1083 panic(); 1084 1085 controller->name = "RIFSC"; 1086 controller->priv = &rifsc_pdata; 1087 controller->ops = &firewall_ops; 1088 1089 res = firewall_dt_controller_register(fdt, node, controller); 1090 if (res) 1091 panic(); 1092 1093 res = stm32_rifsc_dt_probe_bus(fdt, node, controller); 1094 if (res) 1095 panic(); 1096 1097 register_pm_core_service_cb(stm32_rifsc_sem_pm, NULL, 1098 "stm32-rifsc-semaphores"); 1099 1100 return TEE_SUCCESS; 1101 } 1102 1103 static const struct dt_device_match rifsc_match_table[] = { 1104 { .compatible = "st,stm32mp25-rifsc" }, 1105 { } 1106 }; 1107 1108 DEFINE_DT_DRIVER(rifsc_dt_driver) = { 1109 .name = "stm32-rifsc", 1110 .match_table = rifsc_match_table, 1111 .probe = stm32_rifsc_probe, 1112 }; 1113