1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2024, STMicroelectronics 4 */ 5 6 #include <drivers/firewall.h> 7 #include <drivers/stm32_rif.h> 8 #include <drivers/stm32_shared_io.h> 9 #include <drivers/stm32mp_dt_bindings.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/dt.h> 13 #include <kernel/dt_driver.h> 14 #include <kernel/panic.h> 15 #include <kernel/pm.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <stm32_util.h> 19 #include <tee_api_defines.h> 20 #include <trace.h> 21 #include <util.h> 22 23 /* RIFSC offset register */ 24 #define _RIFSC_RISC_SECCFGR0 U(0x10) 25 #define _RIFSC_RISC_PRIVCFGR0 U(0x30) 26 #define _RIFSC_RISC_RCFGLOCKR0 U(0x50) 27 #define _RIFSC_RISC_PER0_CIDCFGR U(0x100) 28 #define _RIFSC_RISC_PER0_SEMCR U(0x104) 29 #define _RIFSC_RIMC_CR U(0xC00) 30 #define _RIFSC_RIMC_ATTR0 U(0xC10) 31 #define _RIFSC_RISAL_CFGR0_A(y) (U(0x900) + (0x10 * ((y) - 1))) 32 #define _RIFSC_RISAL_CFGR0_B(y) (U(0x908) + (0x10 * ((y) - 1))) 33 #define _RIFSC_RISAL_ADDR_A U(0x924) 34 #define _RIFSC_RISAL_ADDR_B U(0x92C) 35 #define _RIFSC_HWCFGR3 U(0xFE8) 36 #define _RIFSC_HWCFGR2 U(0xFEC) 37 #define _RIFSC_HWCFGR1 U(0xFF0) 38 #define _RIFSC_VERR U(0xFF4) 39 40 /* RIFSC_HWCFGR2 register fields */ 41 #define _RIFSC_HWCFGR2_CFG1_MASK GENMASK_32(15, 0) 42 #define _RIFSC_HWCFGR2_CFG1_SHIFT U(0) 43 #define _RIFSC_HWCFGR2_CFG2_MASK GENMASK_32(23, 16) 44 #define _RIFSC_HWCFGR2_CFG2_SHIFT U(16) 45 #define _RIFSC_HWCFGR2_CFG3_MASK GENMASK_32(31, 24) 46 #define _RIFSC_HWCFGR2_CFG3_SHIFT U(24) 47 48 /* RIFSC_HWCFGR1 register fields */ 49 #define _RIFSC_HWCFGR1_CFG1_MASK GENMASK_32(3, 0) 50 #define _RIFSC_HWCFGR1_CFG1_SHIFT U(0) 51 #define _RIFSC_HWCFGR1_CFG2_MASK GENMASK_32(7, 4) 52 #define _RIFSC_HWCFGR1_CFG2_SHIFT U(4) 53 #define _RIFSC_HWCFGR1_CFG3_MASK GENMASK_32(11, 8) 54 #define _RIFSC_HWCFGR1_CFG3_SHIFT U(8) 55 #define _RIFSC_HWCFGR1_CFG4_MASK GENMASK_32(15, 12) 56 #define _RIFSC_HWCFGR1_CFG4_SHIFT U(12) 57 #define _RIFSC_HWCFGR1_CFG5_MASK GENMASK_32(19, 16) 58 #define _RIFSC_HWCFGR1_CFG5_SHIFT U(16) 59 #define _RIFSC_HWCFGR1_CFG6_MASK GENMASK_32(23, 20) 60 #define _RIFSC_HWCFGR1_CFG6_SHIFT U(20) 61 62 /* 63 * RISC_CR register fields 64 */ 65 #define _RIFSC_RISC_CR_GLOCK BIT(0) 66 67 /* 68 * RIMC_CR register fields 69 */ 70 #define _RIFSC_RIMC_CR_GLOCK BIT(0) 71 #define _RIFSC_RIMC_CR_TDCID_MASK GENMASK_32(6, 4) 72 73 /* RIFSC_VERR register fields */ 74 #define _RIFSC_VERR_MINREV_MASK GENMASK_32(3, 0) 75 #define _RIFSC_VERR_MINREV_SHIFT U(0) 76 #define _RIFSC_VERR_MAJREV_MASK GENMASK_32(7, 4) 77 #define _RIFSC_VERR_MAJREV_SHIFT U(4) 78 79 /* Periph id per register */ 80 #define _PERIPH_IDS_PER_REG U(32) 81 #define _OFFSET_PERX_CIDCFGR U(0x8) 82 83 #define RIFSC_RISC_CIDCFGR_CFEN_MASK BIT(0) 84 #define RIFSC_RISC_CIDCFGR_CFEN_SHIFT U(0) 85 #define RIFSC_RISC_CIDCFGR_SEM_EN_MASK BIT(1) 86 #define RIFSC_RISC_CIDCFGR_SEM_EN_SHIFT U(1) 87 #define RIFSC_RISC_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 88 #define RIFSC_RISC_CIDCFGR_SCID_SHIFT U(4) 89 #define RIFSC_RISC_CIDCFGR_LOCK_MASK BIT(10) 90 #define RIFSC_RISC_CIDCFGR_LOCK_SHIFT U(10) 91 #define RIFSC_RISC_CIDCFGR_SEML_MASK GENMASK_32(23, 16) 92 #define RIFSC_RISC_CIDCFGR_SEML_SHIFT U(16) 93 94 #define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CIDCFGR_CFEN_MASK | \ 95 RIFSC_RISC_CIDCFGR_SEM_EN_MASK | \ 96 RIFSC_RISC_CIDCFGR_SCID_MASK | \ 97 RIFSC_RISC_CIDCFGR_SCID_SHIFT) 98 99 #define RIFSC_RISC_PERx_CID_SHIFT U(0) 100 101 #define RIFSC_RIMC_MODE_MASK BIT(2) 102 #define RIFSC_RIMC_MCID_MASK GENMASK_32(6, 4) 103 #define RIFSC_RIMC_MSEC_MASK BIT(8) 104 #define RIFSC_RIMC_MPRIV_MASK BIT(9) 105 #define RIFSC_RIMC_M_ID_MASK GENMASK_32(23, 16) 106 107 #define RIFSC_RIMC_ATTRx_MASK (RIFSC_RIMC_MODE_MASK | \ 108 RIFSC_RIMC_MCID_MASK | \ 109 RIFSC_RIMC_MSEC_MASK | \ 110 RIFSC_RIMC_MPRIV_MASK) 111 112 /* max entries */ 113 #define MAX_RIMU U(16) 114 #define MAX_RISUP U(128) 115 116 #define _RIF_FLD_GET(field, value) (((uint32_t)(value) & \ 117 (field ## _MASK)) >>\ 118 (field ## _SHIFT)) 119 120 struct risup_cfg { 121 uint32_t cid_attr; 122 uint32_t id; 123 bool sec; 124 bool priv; 125 bool lock; 126 bool pm_sem; 127 }; 128 129 struct rimu_cfg { 130 uint32_t id; 131 uint32_t attr; 132 }; 133 134 struct risal_cfg { 135 uint32_t id; 136 uint32_t blockid; 137 uint32_t attr; 138 }; 139 140 struct rifsc_driver_data { 141 bool rif_en; 142 bool sec_en; 143 bool priv_en; 144 uint8_t nb_rimu; 145 uint8_t nb_risup; 146 uint8_t nb_risal; 147 uint8_t version; 148 }; 149 150 struct rifsc_platdata { 151 uintptr_t base; 152 struct rifsc_driver_data *drv_data; 153 struct risup_cfg *risup; 154 unsigned int nrisup; 155 struct rimu_cfg *rimu; 156 unsigned int nrimu; 157 struct risal_cfg *risal; 158 unsigned int nrisal; 159 bool is_tdcid; 160 }; 161 162 /* There is only 1 instance of the RIFSC subsystem */ 163 static struct rifsc_driver_data rifsc_drvdata; 164 static struct rifsc_platdata rifsc_pdata; 165 166 static void stm32_rifsc_get_driverdata(struct rifsc_platdata *pdata) 167 { 168 uint32_t regval = 0; 169 170 regval = io_read32(pdata->base + _RIFSC_HWCFGR1); 171 rifsc_drvdata.rif_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG1, regval) != 0; 172 rifsc_drvdata.sec_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG2, regval) != 0; 173 rifsc_drvdata.priv_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG3, regval) != 0; 174 175 regval = io_read32(pdata->base + _RIFSC_HWCFGR2); 176 rifsc_drvdata.nb_risup = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG1, regval); 177 rifsc_drvdata.nb_rimu = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG2, regval); 178 rifsc_drvdata.nb_risal = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG3, regval); 179 180 pdata->drv_data = &rifsc_drvdata; 181 182 rifsc_drvdata.version = io_read8(pdata->base + _RIFSC_VERR); 183 184 DMSG("RIFSC version %"PRIu32".%"PRIu32, 185 _RIF_FLD_GET(_RIFSC_VERR_MAJREV, rifsc_drvdata.version), 186 _RIF_FLD_GET(_RIFSC_VERR_MINREV, rifsc_drvdata.version)); 187 188 DMSG("HW cap: enabled[rif:sec:priv]:[%s:%s:%s] nb[risup|rimu|risal]:[%"PRIu8",%"PRIu8",%"PRIu8"]", 189 rifsc_drvdata.rif_en ? "true" : "false", 190 rifsc_drvdata.sec_en ? "true" : "false", 191 rifsc_drvdata.priv_en ? "true" : "false", 192 rifsc_drvdata.nb_risup, 193 rifsc_drvdata.nb_rimu, 194 rifsc_drvdata.nb_risal); 195 } 196 197 static TEE_Result stm32_rifsc_glock_config(const void *fdt, int node, 198 struct rifsc_platdata *pdata) 199 { 200 const fdt32_t *cuint = NULL; 201 uint32_t glock_conf = 0; 202 int len = 0; 203 204 cuint = fdt_getprop(fdt, node, "st,glocked", &len); 205 if (!cuint) { 206 DMSG("No global lock on RIF configuration"); 207 return TEE_SUCCESS; 208 } 209 assert(len == sizeof(uint32_t)); 210 211 glock_conf = fdt32_to_cpu(*cuint); 212 213 if (glock_conf & RIFSC_RIMU_GLOCK) { 214 DMSG("Setting global lock on RIMU configuration"); 215 216 io_setbits32(pdata->base + _RIFSC_RIMC_CR, 217 _RIFSC_RIMC_CR_GLOCK); 218 219 if (!(io_read32(pdata->base + _RIFSC_RIMC_CR) & 220 _RIFSC_RIMC_CR_GLOCK)) 221 return TEE_ERROR_ACCESS_DENIED; 222 } 223 224 if (glock_conf & RIFSC_RISUP_GLOCK) { 225 DMSG("Setting global lock on RISUP configuration"); 226 227 io_setbits32(pdata->base, _RIFSC_RISC_CR_GLOCK); 228 229 if (!(io_read32(pdata->base) & _RIFSC_RISC_CR_GLOCK)) 230 return TEE_ERROR_ACCESS_DENIED; 231 } 232 233 return TEE_SUCCESS; 234 } 235 236 static TEE_Result stm32_rifsc_dt_conf_risup(const void *fdt, int node, 237 struct rifsc_platdata *pdata) 238 { 239 const fdt32_t *conf_list = NULL; 240 unsigned int i = 0; 241 int len = 0; 242 243 conf_list = fdt_getprop(fdt, node, "st,protreg", &len); 244 if (!conf_list) { 245 DMSG("No RISUP configuration in DT"); 246 return TEE_ERROR_ITEM_NOT_FOUND; 247 } 248 assert(!(len % sizeof(uint32_t))); 249 250 pdata->nrisup = len / sizeof(uint32_t); 251 pdata->risup = calloc(pdata->nrisup, sizeof(*pdata->risup)); 252 if (!pdata->risup) 253 return TEE_ERROR_OUT_OF_MEMORY; 254 255 for (i = 0; i < pdata->nrisup; i++) { 256 uint32_t value = fdt32_to_cpu(conf_list[i]); 257 struct risup_cfg *risup = pdata->risup + i; 258 259 risup->id = _RIF_FLD_GET(RIF_PER_ID, value); 260 risup->sec = _RIF_FLD_GET(RIF_SEC, value) != 0; 261 risup->priv = _RIF_FLD_GET(RIF_PRIV, value) != 0; 262 risup->lock = _RIF_FLD_GET(RIF_LOCK, value) != 0; 263 risup->cid_attr = _RIF_FLD_GET(RIF_PERx_CID, value); 264 } 265 266 return TEE_SUCCESS; 267 } 268 269 static TEE_Result stm32_rifsc_dt_conf_rimu(const void *fdt, int node, 270 struct rifsc_platdata *pdata) 271 { 272 const fdt32_t *conf_list = NULL; 273 unsigned int i = 0; 274 int len = 0; 275 276 conf_list = fdt_getprop(fdt, node, "st,rimu", &len); 277 if (!conf_list) { 278 DMSG("No RIMU configuration in DT"); 279 return TEE_ERROR_ITEM_NOT_FOUND; 280 } 281 assert(!(len % sizeof(uint32_t))); 282 283 pdata->nrimu = len / sizeof(uint32_t); 284 pdata->rimu = calloc(pdata->nrimu, sizeof(*pdata->rimu)); 285 if (!pdata->rimu) 286 return TEE_ERROR_OUT_OF_MEMORY; 287 288 for (i = 0; i < pdata->nrimu; i++) { 289 uint32_t value = fdt32_to_cpu(*conf_list); 290 struct rimu_cfg *rimu = pdata->rimu + i; 291 292 rimu->id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, value) - 293 RIMU_ID_OFFSET; 294 rimu->attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, value); 295 } 296 297 return TEE_SUCCESS; 298 } 299 300 static TEE_Result stm32_rifsc_dt_conf_risal(const void *fdt, int node, 301 struct rifsc_platdata *pdata) 302 { 303 const fdt32_t *cuint = NULL; 304 int i = 0; 305 int len = 0; 306 307 cuint = fdt_getprop(fdt, node, "st,risal", &len); 308 if (!cuint) { 309 DMSG("No RISAL configuration in DT"); 310 pdata->nrisal = 0; 311 return TEE_ERROR_ITEM_NOT_FOUND; 312 } 313 314 len = len / sizeof(uint32_t); 315 316 pdata->nrisal = len; 317 pdata->risal = calloc(len, sizeof(*pdata->risal)); 318 if (!pdata->risal) 319 return TEE_ERROR_OUT_OF_MEMORY; 320 321 for (i = 0; i < len; i++) { 322 uint32_t value = fdt32_to_cpu(cuint[i]); 323 struct risal_cfg *risal = pdata->risal + i; 324 325 risal->id = _RIF_FLD_GET(RIFSC_RISAL_REG_ID, value); 326 risal->blockid = _RIF_FLD_GET(RIFSC_RISAL_BLOCK_ID, value); 327 risal->attr = _RIF_FLD_GET(RIFSC_RISAL_REGx_CFGR, value); 328 } 329 330 return TEE_SUCCESS; 331 } 332 333 static TEE_Result stm32_rifsc_parse_fdt(const void *fdt, int node, 334 struct rifsc_platdata *pdata) 335 { 336 TEE_Result res = TEE_ERROR_GENERIC; 337 struct io_pa_va base = { }; 338 size_t reg_size = 0; 339 340 if (fdt_reg_info(fdt, node, &base.pa, ®_size)) 341 return TEE_ERROR_BAD_PARAMETERS; 342 343 pdata->base = io_pa_or_va_secure(&base, reg_size); 344 345 res = stm32_rifsc_check_tdcid(&rifsc_pdata.is_tdcid); 346 if (res) 347 panic(); 348 349 res = stm32_rifsc_dt_conf_risup(fdt, node, pdata); 350 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 351 return res; 352 353 if (rifsc_pdata.is_tdcid) { 354 res = stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 355 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 356 return res; 357 358 if (IS_ENABLED(CFG_STM32MP25)) { 359 res = stm32_rifsc_dt_conf_risal(fdt, node, pdata); 360 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 361 return res; 362 } 363 } 364 365 return stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 366 } 367 368 static TEE_Result stm32_risup_cfg(struct rifsc_platdata *pdata, 369 struct risup_cfg *risup) 370 { 371 uintptr_t offset = sizeof(uint32_t) * (risup->id / _PERIPH_IDS_PER_REG); 372 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 373 struct rifsc_driver_data *drv_data = pdata->drv_data; 374 uint32_t shift = risup->id % _PERIPH_IDS_PER_REG; 375 376 if (!risup || risup->id >= drv_data->nb_risup) 377 return TEE_ERROR_BAD_PARAMETERS; 378 379 if (drv_data->sec_en) 380 io_clrsetbits32_stm32shregs(pdata->base + _RIFSC_RISC_SECCFGR0 + 381 offset, BIT(shift), 382 SHIFT_U32(risup->sec, shift)); 383 384 if (drv_data->priv_en) 385 io_clrsetbits32_stm32shregs(pdata->base + 386 _RIFSC_RISC_PRIVCFGR0 + offset, 387 BIT(shift), 388 SHIFT_U32(risup->priv, shift)); 389 390 if (rifsc_pdata.is_tdcid) { 391 if (drv_data->rif_en) 392 io_write32(pdata->base + _RIFSC_RISC_PER0_CIDCFGR + 393 cidcfgr_offset, risup->cid_attr); 394 395 /* Lock configuration for this RISUP */ 396 if (risup->lock) { 397 DMSG("Locking RIF conf for peripheral ID: %"PRIu32, 398 risup->id); 399 io_setbits32_stm32shregs(pdata->base + 400 _RIFSC_RISC_RCFGLOCKR0 + 401 offset, BIT(shift)); 402 } 403 } 404 405 return TEE_SUCCESS; 406 } 407 408 static TEE_Result stm32_risup_setup(struct rifsc_platdata *pdata) 409 { 410 struct rifsc_driver_data *drv_data = pdata->drv_data; 411 TEE_Result res = TEE_ERROR_GENERIC; 412 unsigned int i = 0; 413 414 for (i = 0; i < pdata->nrisup && i < drv_data->nb_risup; i++) { 415 struct risup_cfg *risup = pdata->risup + i; 416 417 res = stm32_risup_cfg(pdata, risup); 418 if (res) { 419 EMSG("risup cfg(%d/%d) error", i + 1, pdata->nrisup); 420 return res; 421 } 422 } 423 424 return TEE_SUCCESS; 425 } 426 427 static TEE_Result stm32_rimu_cfg(struct rifsc_platdata *pdata, 428 struct rimu_cfg *rimu) 429 { 430 uintptr_t offset = _RIFSC_RIMC_ATTR0 + (sizeof(uint32_t) * rimu->id); 431 struct rifsc_driver_data *drv_data = pdata->drv_data; 432 433 if (!rimu || rimu->id >= drv_data->nb_rimu) 434 return TEE_ERROR_BAD_PARAMETERS; 435 436 if (drv_data->rif_en) 437 io_write32(pdata->base + offset, rimu->attr); 438 439 return TEE_SUCCESS; 440 } 441 442 static TEE_Result stm32_rimu_setup(struct rifsc_platdata *pdata) 443 { 444 struct rifsc_driver_data *drv_data = pdata->drv_data; 445 TEE_Result res = TEE_ERROR_GENERIC; 446 unsigned int i = 0; 447 448 for (i = 0; i < pdata->nrimu && i < drv_data->nb_rimu; i++) { 449 struct rimu_cfg *rimu = pdata->rimu + i; 450 451 res = stm32_rimu_cfg(pdata, rimu); 452 if (res) { 453 EMSG("rimu cfg(%d/%d) error", i + 1, pdata->nrimu); 454 return res; 455 } 456 } 457 458 return TEE_SUCCESS; 459 } 460 461 static TEE_Result stm32_risal_cfg(struct rifsc_platdata *pdata, 462 struct risal_cfg *risal) 463 { 464 struct rifsc_driver_data *drv_data = pdata->drv_data; 465 466 if (!risal || risal->id > drv_data->nb_risal) 467 return TEE_ERROR_BAD_PARAMETERS; 468 469 if (drv_data->rif_en) { 470 uintptr_t offset_a = _RIFSC_RISAL_CFGR0_A(risal->id); 471 uintptr_t offset_b = _RIFSC_RISAL_CFGR0_B(risal->id); 472 473 if (risal->blockid == RIFSC_RISAL_BLOCK_A) 474 io_write32(pdata->base + offset_a, risal->attr); 475 if (risal->blockid == RIFSC_RISAL_BLOCK_B) 476 io_write32(pdata->base + offset_b, risal->attr); 477 } 478 479 return TEE_SUCCESS; 480 } 481 482 static TEE_Result stm32_risal_setup(struct rifsc_platdata *pdata) 483 { 484 unsigned int i = 0; 485 TEE_Result res = TEE_ERROR_GENERIC; 486 487 for (i = 0; i < pdata->nrisal; i++) { 488 struct risal_cfg *risal = pdata->risal + i; 489 490 res = stm32_risal_cfg(pdata, risal); 491 if (res) { 492 EMSG("risal cfg(%u/%u) error", i + 1, pdata->nrisal); 493 return res; 494 } 495 } 496 497 return TEE_SUCCESS; 498 } 499 500 static TEE_Result stm32_rifsc_check_access(struct firewall_query *firewall) 501 { 502 uintptr_t rifsc_base = rifsc_pdata.base; 503 unsigned int cid_reg_offset = 0; 504 unsigned int periph_offset = 0; 505 unsigned int resource_id = 0; 506 uint32_t cid_to_check = 0; 507 unsigned int reg_id = 0; 508 bool priv_check = true; 509 bool sec_check = true; 510 uint32_t privcfgr = 0; 511 uint32_t seccfgr = 0; 512 uint32_t cidcfgr = 0; 513 514 assert(rifsc_base); 515 516 if (!firewall || firewall->arg_count != 1) 517 return TEE_ERROR_BAD_PARAMETERS; 518 519 /* 520 * Peripheral configuration, we assume the configuration is as 521 * follows: 522 * firewall->args[0]: RIF configuration to check 523 */ 524 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 525 if (resource_id >= RIMU_ID_OFFSET) 526 return TEE_SUCCESS; 527 528 reg_id = resource_id / _PERIPH_IDS_PER_REG; 529 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 530 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 531 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 532 cid_reg_offset); 533 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 534 privcfgr = io_read32(rifsc_base + _RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 535 sec_check = (BIT(RIF_SEC_SHIFT) & firewall->args[0]) != 0; 536 priv_check = (BIT(RIF_PRIV_SHIFT) & firewall->args[0]) != 0; 537 cid_to_check = (firewall->args[0] & RIF_SCID_MASK) >> RIF_SCID_SHIFT; 538 539 if (!sec_check && seccfgr & BIT(periph_offset)) 540 return TEE_ERROR_ACCESS_DENIED; 541 542 if (!priv_check && (privcfgr & BIT(periph_offset))) 543 return TEE_ERROR_ACCESS_DENIED; 544 545 if (!(cidcfgr & _CIDCFGR_CFEN)) 546 return TEE_SUCCESS; 547 548 if ((cidcfgr & _CIDCFGR_SEMEN && 549 !stm32_rif_semaphore_enabled_and_ok(cidcfgr, cid_to_check)) || 550 (!(cidcfgr & _CIDCFGR_SEMEN) && 551 !stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, 552 cid_to_check))) 553 return TEE_ERROR_BAD_PARAMETERS; 554 555 return TEE_SUCCESS; 556 } 557 558 static TEE_Result stm32_rifsc_acquire_access(struct firewall_query *firewall) 559 { 560 uintptr_t rifsc_base = rifsc_pdata.base; 561 unsigned int cid_reg_offset = 0; 562 unsigned int periph_offset = 0; 563 unsigned int resource_id = 0; 564 unsigned int reg_id = 0; 565 uint32_t cidcfgr = 0; 566 uint32_t seccfgr = 0; 567 568 assert(rifsc_base); 569 570 if (!firewall || !firewall->arg_count) 571 return TEE_ERROR_BAD_PARAMETERS; 572 573 /* 574 * Peripheral configuration, we assume the configuration is as 575 * follows: 576 * firewall->args[0]: Firewall ID of the resource to acquire 577 */ 578 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 579 if (resource_id >= RIMU_ID_OFFSET) 580 return TEE_SUCCESS; 581 582 reg_id = resource_id / _PERIPH_IDS_PER_REG; 583 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 584 585 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 586 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 587 cid_reg_offset); 588 589 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 590 if (!(seccfgr & BIT(periph_offset))) 591 return TEE_ERROR_ACCESS_DENIED; 592 593 /* Only check CID attributes */ 594 if (!(cidcfgr & _CIDCFGR_CFEN)) 595 return TEE_SUCCESS; 596 597 if (cidcfgr & _CIDCFGR_SEMEN) { 598 if (!stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 599 return TEE_ERROR_BAD_PARAMETERS; 600 601 /* Take the semaphore, static CID is irrelevant here */ 602 return stm32_rif_acquire_semaphore(rifsc_base + 603 _RIFSC_RISC_PER0_SEMCR + 604 cid_reg_offset, 605 MAX_CID_SUPPORTED); 606 } 607 608 if (!stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, RIF_CID1)) 609 return TEE_ERROR_ACCESS_DENIED; 610 611 return TEE_SUCCESS; 612 } 613 614 static TEE_Result stm32_rifsc_set_config(struct firewall_query *firewall) 615 { 616 struct rimu_cfg rimu = { }; 617 unsigned int id = 0; 618 uint32_t conf = 0; 619 620 if (!firewall || firewall->arg_count != 1) 621 return TEE_ERROR_BAD_PARAMETERS; 622 623 /* 624 * Peripheral configuration, we assume the configuration is as 625 * follows: 626 * firewall->args[0]: RIF configuration to set 627 */ 628 id = firewall->args[0] & RIF_PER_ID_MASK; 629 conf = firewall->args[0]; 630 631 if (id < RIMU_ID_OFFSET) { 632 struct risup_cfg risup = { }; 633 uint32_t cidcfgr = 0; 634 635 risup.id = id; 636 risup.sec = (BIT(RIF_SEC_SHIFT) & conf) != 0; 637 risup.priv = (BIT(RIF_PRIV_SHIFT) & conf) != 0; 638 risup.lock = (BIT(RIF_LOCK_SHIFT) & conf) != 0; 639 risup.cid_attr = _RIF_FLD_GET(RIF_PERx_CID, conf); 640 641 if (!rifsc_pdata.is_tdcid) { 642 cidcfgr = io_read32(rifsc_pdata.base + 643 _OFFSET_PERX_CIDCFGR * risup.id + 644 _RIFSC_RISC_PER0_CIDCFGR); 645 646 if (cidcfgr != risup.cid_attr) 647 return TEE_ERROR_BAD_PARAMETERS; 648 } 649 650 DMSG("Setting config for peripheral: %u, %s, %s, cid attr: %#"PRIx32", %s", 651 id, risup.sec ? "Secure" : "Non secure", 652 risup.priv ? "Privileged" : "Non privileged", 653 risup.cid_attr, risup.lock ? "Locked" : "Unlocked"); 654 655 return stm32_risup_cfg(&rifsc_pdata, &risup); 656 } 657 658 if (!rifsc_pdata.is_tdcid) 659 return TEE_ERROR_ACCESS_DENIED; 660 661 rimu.id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, conf) - RIMU_ID_OFFSET; 662 rimu.attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, conf); 663 664 return stm32_rimu_cfg(&rifsc_pdata, &rimu); 665 } 666 667 static void stm32_rifsc_release_access(struct firewall_query *firewall) 668 { 669 uintptr_t rifsc_base = rifsc_pdata.base; 670 uint32_t cidcfgr = 0; 671 uint32_t id = 0; 672 673 assert(rifsc_base && firewall && firewall->arg_count); 674 675 id = firewall->args[0]; 676 677 if (id >= RIMU_ID_OFFSET) 678 return; 679 680 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 681 _OFFSET_PERX_CIDCFGR * id); 682 683 /* Only thing possible is to release a semaphore taken by OP-TEE CID */ 684 if (stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 685 if (stm32_rif_release_semaphore(rifsc_base + 686 _RIFSC_RISC_PER0_SEMCR + 687 id * _OFFSET_PERX_CIDCFGR, 688 MAX_CID_SUPPORTED)) 689 panic("Could not release the RIF semaphore"); 690 } 691 692 static TEE_Result stm32_rifsc_sem_pm_suspend(void) 693 { 694 unsigned int i = 0; 695 696 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 697 uint32_t semcfgr = io_read32(rifsc_pdata.base + 698 _RIFSC_RISC_PER0_SEMCR + 699 _OFFSET_PERX_CIDCFGR * i); 700 struct risup_cfg *risup = rifsc_pdata.risup + i; 701 702 /* Save semaphores that were taken by the CID1 */ 703 risup->pm_sem = semcfgr & _SEMCR_MUTEX && 704 ((semcfgr & _SEMCR_SEMCID_MASK) >> 705 _SEMCR_SEMCID_SHIFT) == RIF_CID1; 706 707 FMSG("RIF semaphore %s for ID: %"PRIu32, 708 risup->pm_sem ? "SAVED" : "NOT SAVED", risup->id); 709 } 710 711 return TEE_SUCCESS; 712 } 713 714 static TEE_Result stm32_rifsc_sem_pm_resume(void) 715 { 716 TEE_Result res = TEE_ERROR_GENERIC; 717 unsigned int i = 0; 718 719 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 720 struct risup_cfg *risup = rifsc_pdata.risup + i; 721 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 722 uintptr_t offset = sizeof(uint32_t) * 723 (risup->id / _PERIPH_IDS_PER_REG); 724 uintptr_t perih_offset = risup->id % _PERIPH_IDS_PER_REG; 725 uint32_t seccgfr = io_read32(rifsc_pdata.base + 726 _RIFSC_RISC_SECCFGR0 + offset); 727 uint32_t privcgfr = io_read32(rifsc_pdata.base + 728 _RIFSC_RISC_PRIVCFGR0 + offset); 729 uint32_t lockcfgr = io_read32(rifsc_pdata.base + 730 _RIFSC_RISC_RCFGLOCKR0 + offset); 731 732 /* Update RISUPs fields */ 733 risup->cid_attr = io_read32(rifsc_pdata.base + 734 _RIFSC_RISC_PER0_CIDCFGR + 735 cidcfgr_offset); 736 risup->sec = (seccgfr & BIT(perih_offset)) != 0; 737 risup->priv = (privcgfr & BIT(perih_offset)) != 0; 738 risup->lock = (lockcfgr & BIT(perih_offset)) != 0; 739 740 /* Acquire available appropriate semaphores */ 741 if (!stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, 742 RIF_CID1) || 743 !risup->pm_sem) 744 continue; 745 746 res = stm32_rif_acquire_semaphore(rifsc_pdata.base + 747 _RIFSC_RISC_PER0_SEMCR + 748 cidcfgr_offset, 749 MAX_CID_SUPPORTED); 750 if (res) { 751 EMSG("Could not acquire semaphore for resource %"PRIu32, 752 risup->id); 753 return TEE_ERROR_ACCESS_DENIED; 754 } 755 } 756 757 return TEE_SUCCESS; 758 } 759 760 static TEE_Result 761 stm32_rifsc_sem_pm(enum pm_op op, unsigned int pm_hint, 762 const struct pm_callback_handle *pm_handle __unused) 763 { 764 TEE_Result res = TEE_ERROR_GENERIC; 765 766 if (pm_hint != PM_HINT_CONTEXT_STATE) 767 return TEE_SUCCESS; 768 769 if (op == PM_OP_RESUME) 770 res = stm32_rifsc_sem_pm_resume(); 771 else 772 res = stm32_rifsc_sem_pm_suspend(); 773 774 return res; 775 } 776 777 TEE_Result stm32_rifsc_check_tdcid(bool *tdcid_state) 778 { 779 if (!rifsc_pdata.base) 780 return TEE_ERROR_DEFER_DRIVER_INIT; 781 782 if (((io_read32(rifsc_pdata.base + _RIFSC_RIMC_CR) & 783 _RIFSC_RIMC_CR_TDCID_MASK)) == (RIF_CID1 << _CIDCFGR_SCID_SHIFT)) 784 *tdcid_state = true; 785 else 786 *tdcid_state = false; 787 788 return TEE_SUCCESS; 789 } 790 791 static const struct firewall_controller_ops firewall_ops = { 792 .set_conf = stm32_rifsc_set_config, 793 .check_access = stm32_rifsc_check_access, 794 .acquire_access = stm32_rifsc_acquire_access, 795 .release_access = stm32_rifsc_release_access, 796 }; 797 798 /** 799 * stm32_rifsc_dt_probe_bus() - Add bus device tree subnodes that are accessible 800 * by OP-TEE and secure to the driver probe list. This is used at boot time 801 * only, as a sanity check between device tree and firewalls hardware 802 * configurations to prevent undesired accesses when access to a device is not 803 * authorized. This function tries to acquire access to every resource entries 804 * listed in the access-controllers property of each of the subnodes. It panics 805 * if it fails to do so. When CFG_INSECURE is enabled, platform can bypass this 806 * access control test for specific devices assigned to non-secure world and 807 * used by OP-TEE, such as an UART console device. 808 * 809 * @fdt: FDT to work on 810 * @node: RIFSC node 811 * @ctrl: RIFSC firewall controller reference 812 */ 813 static TEE_Result 814 stm32_rifsc_dt_probe_bus(const void *fdt, int node, 815 struct firewall_controller *ctrl __maybe_unused) 816 { 817 TEE_Result res = TEE_ERROR_GENERIC; 818 struct firewall_query *fw = NULL; 819 int subnode = 0; 820 821 DMSG("Populating %s firewall bus", ctrl->name); 822 823 fdt_for_each_subnode(subnode, fdt, node) { 824 unsigned int i = 0; 825 826 if (fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 827 continue; 828 829 if (IS_ENABLED(CFG_INSECURE) && 830 stm32mp_allow_probe_shared_device(fdt, subnode)) { 831 DMSG("Skipping firewall attributes check for %s", 832 fdt_get_name(fdt, subnode, NULL)); 833 goto skip_check; 834 } 835 836 DMSG("Acquiring firewall access for %s when probing bus", 837 fdt_get_name(fdt, subnode, NULL)); 838 839 do { 840 /* 841 * The access-controllers property is mandatory for 842 * firewall bus devices 843 */ 844 res = firewall_dt_get_by_index(fdt, subnode, i, &fw); 845 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 846 /* Stop when nothing more to parse */ 847 break; 848 } else if (res) { 849 EMSG("%s: Error on node %s: %#"PRIx32, 850 ctrl->name, 851 fdt_get_name(fdt, subnode, NULL), res); 852 panic(); 853 } 854 855 res = firewall_acquire_access(fw); 856 if (res) { 857 EMSG("%s: %s not accessible: %#"PRIx32, 858 ctrl->name, 859 fdt_get_name(fdt, subnode, NULL), res); 860 panic(); 861 } 862 863 firewall_put(fw); 864 i++; 865 } while (true); 866 867 skip_check: 868 res = dt_driver_maybe_add_probe_node(fdt, subnode); 869 if (res) { 870 EMSG("Failed on node %s with %#"PRIx32, 871 fdt_get_name(fdt, subnode, NULL), res); 872 panic(); 873 } 874 } 875 876 return TEE_SUCCESS; 877 } 878 879 static TEE_Result stm32_rifsc_probe(const void *fdt, int node, 880 const void *compat_data __unused) 881 { 882 struct firewall_controller *controller = NULL; 883 TEE_Result res = TEE_ERROR_GENERIC; 884 885 res = stm32_rifsc_parse_fdt(fdt, node, &rifsc_pdata); 886 if (res) { 887 EMSG("Could not parse RIFSC node, res = %#"PRIx32, res); 888 panic(); 889 } 890 891 if (!rifsc_pdata.drv_data) 892 stm32_rifsc_get_driverdata(&rifsc_pdata); 893 894 res = stm32_risup_setup(&rifsc_pdata); 895 if (res) { 896 EMSG("Could not setup RISUPs, res = %#"PRIx32, res); 897 panic(); 898 } 899 900 if (rifsc_pdata.is_tdcid) { 901 res = stm32_rimu_setup(&rifsc_pdata); 902 if (res) { 903 EMSG("Could not setup RIMUs, res = %#"PRIx32, res); 904 panic(); 905 } 906 907 if (IS_ENABLED(CFG_STM32MP25)) { 908 res = stm32_risal_setup(&rifsc_pdata); 909 if (res) 910 panic(); 911 } 912 } 913 914 res = stm32_rifsc_glock_config(fdt, node, &rifsc_pdata); 915 if (res) 916 panic("Couldn't lock RIFSC configuration"); 917 918 controller = calloc(1, sizeof(*controller)); 919 if (!controller) 920 panic(); 921 922 controller->name = "RIFSC"; 923 controller->priv = &rifsc_pdata; 924 controller->ops = &firewall_ops; 925 926 res = firewall_dt_controller_register(fdt, node, controller); 927 if (res) 928 panic(); 929 930 res = stm32_rifsc_dt_probe_bus(fdt, node, controller); 931 if (res) 932 panic(); 933 934 register_pm_core_service_cb(stm32_rifsc_sem_pm, NULL, 935 "stm32-rifsc-semaphores"); 936 937 return TEE_SUCCESS; 938 } 939 940 static const struct dt_device_match rifsc_match_table[] = { 941 { .compatible = "st,stm32mp25-rifsc" }, 942 { } 943 }; 944 945 DEFINE_DT_DRIVER(rifsc_dt_driver) = { 946 .name = "stm32-rifsc", 947 .match_table = rifsc_match_table, 948 .probe = stm32_rifsc_probe, 949 }; 950