1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2024, STMicroelectronics 4 */ 5 6 #include <drivers/firewall.h> 7 #include <drivers/stm32_rif.h> 8 #include <drivers/stm32_shared_io.h> 9 #include <drivers/stm32mp_dt_bindings.h> 10 #include <io.h> 11 #include <kernel/boot.h> 12 #include <kernel/dt.h> 13 #include <kernel/dt_driver.h> 14 #include <kernel/panic.h> 15 #include <kernel/pm.h> 16 #include <libfdt.h> 17 #include <mm/core_memprot.h> 18 #include <stm32_util.h> 19 #include <tee_api_defines.h> 20 #include <trace.h> 21 #include <util.h> 22 23 /* RIFSC offset register */ 24 #define _RIFSC_RISC_SECCFGR0 U(0x10) 25 #define _RIFSC_RISC_PRIVCFGR0 U(0x30) 26 #define _RIFSC_RISC_RCFGLOCKR0 U(0x50) 27 #define _RIFSC_RISC_PER0_CIDCFGR U(0x100) 28 #define _RIFSC_RISC_PER0_SEMCR U(0x104) 29 #define _RIFSC_RIMC_CR U(0xC00) 30 #define _RIFSC_RIMC_ATTR0 U(0xC10) 31 32 #define _RIFSC_HWCFGR3 U(0xFE8) 33 #define _RIFSC_HWCFGR2 U(0xFEC) 34 #define _RIFSC_HWCFGR1 U(0xFF0) 35 #define _RIFSC_VERR U(0xFF4) 36 37 /* RIFSC_HWCFGR2 register fields */ 38 #define _RIFSC_HWCFGR2_CFG1_MASK GENMASK_32(15, 0) 39 #define _RIFSC_HWCFGR2_CFG1_SHIFT U(0) 40 #define _RIFSC_HWCFGR2_CFG2_MASK GENMASK_32(23, 16) 41 #define _RIFSC_HWCFGR2_CFG2_SHIFT U(16) 42 #define _RIFSC_HWCFGR2_CFG3_MASK GENMASK_32(31, 24) 43 #define _RIFSC_HWCFGR2_CFG3_SHIFT U(24) 44 45 /* RIFSC_HWCFGR1 register fields */ 46 #define _RIFSC_HWCFGR1_CFG1_MASK GENMASK_32(3, 0) 47 #define _RIFSC_HWCFGR1_CFG1_SHIFT U(0) 48 #define _RIFSC_HWCFGR1_CFG2_MASK GENMASK_32(7, 4) 49 #define _RIFSC_HWCFGR1_CFG2_SHIFT U(4) 50 #define _RIFSC_HWCFGR1_CFG3_MASK GENMASK_32(11, 8) 51 #define _RIFSC_HWCFGR1_CFG3_SHIFT U(8) 52 #define _RIFSC_HWCFGR1_CFG4_MASK GENMASK_32(15, 12) 53 #define _RIFSC_HWCFGR1_CFG4_SHIFT U(12) 54 #define _RIFSC_HWCFGR1_CFG5_MASK GENMASK_32(19, 16) 55 #define _RIFSC_HWCFGR1_CFG5_SHIFT U(16) 56 #define _RIFSC_HWCFGR1_CFG6_MASK GENMASK_32(23, 20) 57 #define _RIFSC_HWCFGR1_CFG6_SHIFT U(20) 58 59 /* 60 * RISC_CR register fields 61 */ 62 #define _RIFSC_RISC_CR_GLOCK BIT(0) 63 64 /* 65 * RIMC_CR register fields 66 */ 67 #define _RIFSC_RIMC_CR_GLOCK BIT(0) 68 #define _RIFSC_RIMC_CR_TDCID_MASK GENMASK_32(6, 4) 69 70 /* RIFSC_VERR register fields */ 71 #define _RIFSC_VERR_MINREV_MASK GENMASK_32(3, 0) 72 #define _RIFSC_VERR_MINREV_SHIFT U(0) 73 #define _RIFSC_VERR_MAJREV_MASK GENMASK_32(7, 4) 74 #define _RIFSC_VERR_MAJREV_SHIFT U(4) 75 76 /* Periph id per register */ 77 #define _PERIPH_IDS_PER_REG U(32) 78 #define _OFFSET_PERX_CIDCFGR U(0x8) 79 80 #define RIFSC_RISC_CIDCFGR_CFEN_MASK BIT(0) 81 #define RIFSC_RISC_CIDCFGR_CFEN_SHIFT U(0) 82 #define RIFSC_RISC_CIDCFGR_SEM_EN_MASK BIT(1) 83 #define RIFSC_RISC_CIDCFGR_SEM_EN_SHIFT U(1) 84 #define RIFSC_RISC_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 85 #define RIFSC_RISC_CIDCFGR_SCID_SHIFT U(4) 86 #define RIFSC_RISC_CIDCFGR_LOCK_MASK BIT(10) 87 #define RIFSC_RISC_CIDCFGR_LOCK_SHIFT U(10) 88 #define RIFSC_RISC_CIDCFGR_SEML_MASK GENMASK_32(23, 16) 89 #define RIFSC_RISC_CIDCFGR_SEML_SHIFT U(16) 90 91 #define RIFSC_RISC_PERx_CID_MASK (RIFSC_RISC_CIDCFGR_CFEN_MASK | \ 92 RIFSC_RISC_CIDCFGR_SEM_EN_MASK | \ 93 RIFSC_RISC_CIDCFGR_SCID_MASK | \ 94 RIFSC_RISC_CIDCFGR_SCID_SHIFT) 95 96 #define RIFSC_RISC_PERx_CID_SHIFT U(0) 97 98 #define RIFSC_RIMC_MODE_MASK BIT(2) 99 #define RIFSC_RIMC_MCID_MASK GENMASK_32(6, 4) 100 #define RIFSC_RIMC_MSEC_MASK BIT(8) 101 #define RIFSC_RIMC_MPRIV_MASK BIT(9) 102 #define RIFSC_RIMC_M_ID_MASK GENMASK_32(23, 16) 103 104 #define RIFSC_RIMC_ATTRx_MASK (RIFSC_RIMC_MODE_MASK | \ 105 RIFSC_RIMC_MCID_MASK | \ 106 RIFSC_RIMC_MSEC_MASK | \ 107 RIFSC_RIMC_MPRIV_MASK) 108 109 /* max entries */ 110 #define MAX_RIMU U(16) 111 #define MAX_RISUP U(128) 112 113 #define _RIF_FLD_GET(field, value) (((uint32_t)(value) & \ 114 (field ## _MASK)) >>\ 115 (field ## _SHIFT)) 116 117 struct risup_cfg { 118 uint32_t cid_attr; 119 uint32_t id; 120 bool sec; 121 bool priv; 122 bool lock; 123 bool pm_sem; 124 }; 125 126 struct rimu_cfg { 127 uint32_t id; 128 uint32_t attr; 129 }; 130 131 struct rifsc_driver_data { 132 bool rif_en; 133 bool sec_en; 134 bool priv_en; 135 uint8_t nb_rimu; 136 uint8_t nb_risup; 137 uint8_t nb_risal; 138 uint8_t version; 139 }; 140 141 struct rifsc_platdata { 142 uintptr_t base; 143 struct rifsc_driver_data *drv_data; 144 struct risup_cfg *risup; 145 unsigned int nrisup; 146 struct rimu_cfg *rimu; 147 unsigned int nrimu; 148 bool is_tdcid; 149 }; 150 151 /* There is only 1 instance of the RIFSC subsystem */ 152 static struct rifsc_driver_data rifsc_drvdata; 153 static struct rifsc_platdata rifsc_pdata; 154 155 static void stm32_rifsc_get_driverdata(struct rifsc_platdata *pdata) 156 { 157 uint32_t regval = 0; 158 159 regval = io_read32(pdata->base + _RIFSC_HWCFGR1); 160 rifsc_drvdata.rif_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG1, regval) != 0; 161 rifsc_drvdata.sec_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG2, regval) != 0; 162 rifsc_drvdata.priv_en = _RIF_FLD_GET(_RIFSC_HWCFGR1_CFG3, regval) != 0; 163 164 regval = io_read32(pdata->base + _RIFSC_HWCFGR2); 165 rifsc_drvdata.nb_risup = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG1, regval); 166 rifsc_drvdata.nb_rimu = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG2, regval); 167 rifsc_drvdata.nb_risal = _RIF_FLD_GET(_RIFSC_HWCFGR2_CFG3, regval); 168 169 pdata->drv_data = &rifsc_drvdata; 170 171 rifsc_drvdata.version = io_read8(pdata->base + _RIFSC_VERR); 172 173 DMSG("RIFSC version %"PRIu32".%"PRIu32, 174 _RIF_FLD_GET(_RIFSC_VERR_MAJREV, rifsc_drvdata.version), 175 _RIF_FLD_GET(_RIFSC_VERR_MINREV, rifsc_drvdata.version)); 176 177 DMSG("HW cap: enabled[rif:sec:priv]:[%s:%s:%s] nb[risup|rimu|risal]:[%"PRIu8",%"PRIu8",%"PRIu8"]", 178 rifsc_drvdata.rif_en ? "true" : "false", 179 rifsc_drvdata.sec_en ? "true" : "false", 180 rifsc_drvdata.priv_en ? "true" : "false", 181 rifsc_drvdata.nb_risup, 182 rifsc_drvdata.nb_rimu, 183 rifsc_drvdata.nb_risal); 184 } 185 186 static TEE_Result stm32_rifsc_glock_config(const void *fdt, int node, 187 struct rifsc_platdata *pdata) 188 { 189 const fdt32_t *cuint = NULL; 190 uint32_t glock_conf = 0; 191 int len = 0; 192 193 cuint = fdt_getprop(fdt, node, "st,glocked", &len); 194 if (!cuint) { 195 DMSG("No global lock on RIF configuration"); 196 return TEE_SUCCESS; 197 } 198 assert(len == sizeof(uint32_t)); 199 200 glock_conf = fdt32_to_cpu(*cuint); 201 202 if (glock_conf & RIFSC_RIMU_GLOCK) { 203 DMSG("Setting global lock on RIMU configuration"); 204 205 io_setbits32(pdata->base + _RIFSC_RIMC_CR, 206 _RIFSC_RIMC_CR_GLOCK); 207 208 if (!(io_read32(pdata->base + _RIFSC_RIMC_CR) & 209 _RIFSC_RIMC_CR_GLOCK)) 210 return TEE_ERROR_ACCESS_DENIED; 211 } 212 213 if (glock_conf & RIFSC_RISUP_GLOCK) { 214 DMSG("Setting global lock on RISUP configuration"); 215 216 io_setbits32(pdata->base, _RIFSC_RISC_CR_GLOCK); 217 218 if (!(io_read32(pdata->base) & _RIFSC_RISC_CR_GLOCK)) 219 return TEE_ERROR_ACCESS_DENIED; 220 } 221 222 return TEE_SUCCESS; 223 } 224 225 static TEE_Result stm32_rifsc_dt_conf_risup(const void *fdt, int node, 226 struct rifsc_platdata *pdata) 227 { 228 const fdt32_t *conf_list = NULL; 229 unsigned int i = 0; 230 int len = 0; 231 232 conf_list = fdt_getprop(fdt, node, "st,protreg", &len); 233 if (!conf_list) { 234 DMSG("No RISUP configuration in DT"); 235 return TEE_ERROR_ITEM_NOT_FOUND; 236 } 237 assert(!(len % sizeof(uint32_t))); 238 239 pdata->nrisup = len / sizeof(uint32_t); 240 pdata->risup = calloc(pdata->nrisup, sizeof(*pdata->risup)); 241 if (!pdata->risup) 242 return TEE_ERROR_OUT_OF_MEMORY; 243 244 for (i = 0; i < pdata->nrisup; i++) { 245 uint32_t value = fdt32_to_cpu(conf_list[i]); 246 struct risup_cfg *risup = pdata->risup + i; 247 248 risup->id = _RIF_FLD_GET(RIF_PER_ID, value); 249 risup->sec = _RIF_FLD_GET(RIF_SEC, value) != 0; 250 risup->priv = _RIF_FLD_GET(RIF_PRIV, value) != 0; 251 risup->lock = _RIF_FLD_GET(RIF_LOCK, value) != 0; 252 risup->cid_attr = _RIF_FLD_GET(RIF_PERx_CID, value); 253 } 254 255 return TEE_SUCCESS; 256 } 257 258 static TEE_Result stm32_rifsc_dt_conf_rimu(const void *fdt, int node, 259 struct rifsc_platdata *pdata) 260 { 261 const fdt32_t *conf_list = NULL; 262 unsigned int i = 0; 263 int len = 0; 264 265 conf_list = fdt_getprop(fdt, node, "st,rimu", &len); 266 if (!conf_list) { 267 DMSG("No RIMU configuration in DT"); 268 return TEE_ERROR_ITEM_NOT_FOUND; 269 } 270 assert(!(len % sizeof(uint32_t))); 271 272 pdata->nrimu = len / sizeof(uint32_t); 273 pdata->rimu = calloc(pdata->nrimu, sizeof(*pdata->rimu)); 274 if (!pdata->rimu) 275 return TEE_ERROR_OUT_OF_MEMORY; 276 277 for (i = 0; i < pdata->nrimu; i++) { 278 uint32_t value = fdt32_to_cpu(*conf_list); 279 struct rimu_cfg *rimu = pdata->rimu + i; 280 281 rimu->id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, value) - 282 RIMU_ID_OFFSET; 283 rimu->attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, value); 284 } 285 286 return TEE_SUCCESS; 287 } 288 289 static TEE_Result stm32_rifsc_parse_fdt(const void *fdt, int node, 290 struct rifsc_platdata *pdata) 291 { 292 TEE_Result res = TEE_ERROR_GENERIC; 293 struct io_pa_va base = { }; 294 size_t reg_size = 0; 295 296 base.pa = fdt_reg_base_address(fdt, node); 297 if (base.pa == DT_INFO_INVALID_REG) 298 return TEE_ERROR_BAD_PARAMETERS; 299 300 reg_size = fdt_reg_size(fdt, node); 301 if (reg_size == DT_INFO_INVALID_REG_SIZE) 302 return TEE_ERROR_BAD_PARAMETERS; 303 304 pdata->base = io_pa_or_va_secure(&base, reg_size); 305 306 res = stm32_rifsc_check_tdcid(&rifsc_pdata.is_tdcid); 307 if (res) 308 panic(); 309 310 res = stm32_rifsc_dt_conf_risup(fdt, node, pdata); 311 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 312 return res; 313 314 if (rifsc_pdata.is_tdcid) { 315 res = stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 316 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 317 return res; 318 } 319 320 return stm32_rifsc_dt_conf_rimu(fdt, node, pdata); 321 } 322 323 static TEE_Result stm32_risup_cfg(struct rifsc_platdata *pdata, 324 struct risup_cfg *risup) 325 { 326 uintptr_t offset = sizeof(uint32_t) * (risup->id / _PERIPH_IDS_PER_REG); 327 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 328 struct rifsc_driver_data *drv_data = pdata->drv_data; 329 uint32_t shift = risup->id % _PERIPH_IDS_PER_REG; 330 TEE_Result res = TEE_ERROR_GENERIC; 331 332 if (!risup || risup->id >= drv_data->nb_risup) 333 return TEE_ERROR_BAD_PARAMETERS; 334 335 if (drv_data->sec_en) 336 io_clrsetbits32_stm32shregs(pdata->base + _RIFSC_RISC_SECCFGR0 + 337 offset, BIT(shift), 338 SHIFT_U32(risup->sec, shift)); 339 340 if (drv_data->priv_en) 341 io_clrsetbits32_stm32shregs(pdata->base + 342 _RIFSC_RISC_PRIVCFGR0 + offset, 343 BIT(shift), 344 SHIFT_U32(risup->priv, shift)); 345 346 if (rifsc_pdata.is_tdcid) { 347 if (drv_data->rif_en) 348 io_write32(pdata->base + _RIFSC_RISC_PER0_CIDCFGR + 349 cidcfgr_offset, risup->cid_attr); 350 351 /* Lock configuration for this RISUP */ 352 if (risup->lock) { 353 DMSG("Locking RIF conf for peripheral ID: %"PRIu32, 354 risup->id); 355 io_setbits32_stm32shregs(pdata->base + 356 _RIFSC_RISC_RCFGLOCKR0 + 357 offset, BIT(shift)); 358 } 359 } 360 361 /* Take semaphore if the resource is in semaphore mode and secured */ 362 if (stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, RIF_CID1)) { 363 if (!(io_read32(pdata->base + _RIFSC_RISC_SECCFGR0 + offset) & 364 BIT(shift))) { 365 res = 366 stm32_rif_release_semaphore(pdata->base + 367 _RIFSC_RISC_PER0_SEMCR + 368 cidcfgr_offset, 369 MAX_CID_SUPPORTED); 370 if (res) { 371 EMSG("Couldn't release semaphore for resource %"PRIu32, 372 risup->id); 373 return TEE_ERROR_ACCESS_DENIED; 374 } 375 } else { 376 res = 377 stm32_rif_acquire_semaphore(pdata->base + 378 _RIFSC_RISC_PER0_SEMCR + 379 cidcfgr_offset, 380 MAX_CID_SUPPORTED); 381 if (res) { 382 EMSG("Couldn't acquire semaphore for resource %"PRIu32, 383 risup->id); 384 return TEE_ERROR_ACCESS_DENIED; 385 } 386 } 387 } 388 389 return TEE_SUCCESS; 390 } 391 392 static TEE_Result stm32_risup_setup(struct rifsc_platdata *pdata) 393 { 394 struct rifsc_driver_data *drv_data = pdata->drv_data; 395 TEE_Result res = TEE_ERROR_GENERIC; 396 unsigned int i = 0; 397 398 for (i = 0; i < pdata->nrisup && i < drv_data->nb_risup; i++) { 399 struct risup_cfg *risup = pdata->risup + i; 400 401 res = stm32_risup_cfg(pdata, risup); 402 if (res) { 403 EMSG("risup cfg(%d/%d) error", i + 1, pdata->nrisup); 404 return res; 405 } 406 } 407 408 return TEE_SUCCESS; 409 } 410 411 static TEE_Result stm32_rimu_cfg(struct rifsc_platdata *pdata, 412 struct rimu_cfg *rimu) 413 { 414 uintptr_t offset = _RIFSC_RIMC_ATTR0 + (sizeof(uint32_t) * rimu->id); 415 struct rifsc_driver_data *drv_data = pdata->drv_data; 416 417 if (!rimu || rimu->id >= drv_data->nb_rimu) 418 return TEE_ERROR_BAD_PARAMETERS; 419 420 if (drv_data->rif_en) 421 io_write32(pdata->base + offset, rimu->attr); 422 423 return TEE_SUCCESS; 424 } 425 426 static TEE_Result stm32_rimu_setup(struct rifsc_platdata *pdata) 427 { 428 struct rifsc_driver_data *drv_data = pdata->drv_data; 429 TEE_Result res = TEE_ERROR_GENERIC; 430 unsigned int i = 0; 431 432 for (i = 0; i < pdata->nrimu && i < drv_data->nb_rimu; i++) { 433 struct rimu_cfg *rimu = pdata->rimu + i; 434 435 res = stm32_rimu_cfg(pdata, rimu); 436 if (res) { 437 EMSG("rimu cfg(%d/%d) error", i + 1, pdata->nrimu); 438 return res; 439 } 440 } 441 442 return TEE_SUCCESS; 443 } 444 445 static TEE_Result stm32_rifsc_check_access(struct firewall_query *firewall) 446 { 447 uintptr_t rifsc_base = rifsc_pdata.base; 448 unsigned int cid_reg_offset = 0; 449 unsigned int periph_offset = 0; 450 unsigned int resource_id = 0; 451 uint32_t cid_to_check = 0; 452 unsigned int reg_id = 0; 453 bool priv_check = true; 454 bool sec_check = true; 455 uint32_t privcfgr = 0; 456 uint32_t seccfgr = 0; 457 uint32_t cidcfgr = 0; 458 459 assert(rifsc_base); 460 461 if (!firewall || firewall->arg_count != 1) 462 return TEE_ERROR_BAD_PARAMETERS; 463 464 /* 465 * Peripheral configuration, we assume the configuration is as 466 * follows: 467 * firewall->args[0]: RIF configuration to check 468 */ 469 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 470 if (resource_id >= RIMU_ID_OFFSET) 471 return TEE_SUCCESS; 472 473 reg_id = resource_id / _PERIPH_IDS_PER_REG; 474 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 475 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 476 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 477 cid_reg_offset); 478 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 479 privcfgr = io_read32(rifsc_base + _RIFSC_RISC_PRIVCFGR0 + 0x4 * reg_id); 480 sec_check = (BIT(RIF_SEC_SHIFT) & firewall->args[0]) != 0; 481 priv_check = (BIT(RIF_PRIV_SHIFT) & firewall->args[0]) != 0; 482 cid_to_check = (firewall->args[0] & RIF_SCID_MASK) >> RIF_SCID_SHIFT; 483 484 if (!sec_check && seccfgr & BIT(periph_offset)) 485 return TEE_ERROR_ACCESS_DENIED; 486 487 if (!priv_check && (privcfgr & BIT(periph_offset))) 488 return TEE_ERROR_ACCESS_DENIED; 489 490 if (!(cidcfgr & _CIDCFGR_CFEN)) 491 return TEE_SUCCESS; 492 493 if ((cidcfgr & _CIDCFGR_SEMEN && 494 !stm32_rif_semaphore_enabled_and_ok(cidcfgr, cid_to_check)) || 495 (!(cidcfgr & _CIDCFGR_SEMEN) && 496 !stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, 497 cid_to_check))) 498 return TEE_ERROR_BAD_PARAMETERS; 499 500 return TEE_SUCCESS; 501 } 502 503 static TEE_Result stm32_rifsc_acquire_access(struct firewall_query *firewall) 504 { 505 uintptr_t rifsc_base = rifsc_pdata.base; 506 unsigned int cid_reg_offset = 0; 507 unsigned int periph_offset = 0; 508 unsigned int resource_id = 0; 509 unsigned int reg_id = 0; 510 uint32_t cidcfgr = 0; 511 uint32_t seccfgr = 0; 512 513 assert(rifsc_base); 514 515 if (!firewall || !firewall->arg_count) 516 return TEE_ERROR_BAD_PARAMETERS; 517 518 /* 519 * Peripheral configuration, we assume the configuration is as 520 * follows: 521 * firewall->args[0]: Firewall ID of the resource to acquire 522 */ 523 resource_id = firewall->args[0] & RIF_PER_ID_MASK; 524 if (resource_id >= RIMU_ID_OFFSET) 525 return TEE_SUCCESS; 526 527 reg_id = resource_id / _PERIPH_IDS_PER_REG; 528 periph_offset = resource_id % _PERIPH_IDS_PER_REG; 529 530 cid_reg_offset = _OFFSET_PERX_CIDCFGR * resource_id; 531 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 532 cid_reg_offset); 533 534 seccfgr = io_read32(rifsc_base + _RIFSC_RISC_SECCFGR0 + 0x4 * reg_id); 535 if (!(seccfgr & BIT(periph_offset))) 536 return TEE_ERROR_ACCESS_DENIED; 537 538 /* Only check CID attributes */ 539 if (!(cidcfgr & _CIDCFGR_CFEN)) 540 return TEE_SUCCESS; 541 542 if (cidcfgr & _CIDCFGR_SEMEN) { 543 if (!stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 544 return TEE_ERROR_BAD_PARAMETERS; 545 546 /* Take the semaphore, static CID is irrelevant here */ 547 return stm32_rif_acquire_semaphore(rifsc_base + 548 _RIFSC_RISC_PER0_SEMCR + 549 cid_reg_offset, 550 MAX_CID_SUPPORTED); 551 } 552 553 if (!stm32_rif_scid_ok(cidcfgr, RIFSC_RISC_CIDCFGR_SCID_MASK, RIF_CID1)) 554 return TEE_ERROR_ACCESS_DENIED; 555 556 return TEE_SUCCESS; 557 } 558 559 static TEE_Result stm32_rifsc_set_config(struct firewall_query *firewall) 560 { 561 struct rimu_cfg rimu = { }; 562 unsigned int id = 0; 563 uint32_t conf = 0; 564 565 if (!firewall || firewall->arg_count != 1) 566 return TEE_ERROR_BAD_PARAMETERS; 567 568 /* 569 * Peripheral configuration, we assume the configuration is as 570 * follows: 571 * firewall->args[0]: RIF configuration to set 572 */ 573 id = firewall->args[0] & RIF_PER_ID_MASK; 574 conf = firewall->args[0]; 575 576 if (id < RIMU_ID_OFFSET) { 577 struct risup_cfg risup = { }; 578 uint32_t cidcfgr = 0; 579 580 risup.id = id; 581 risup.sec = (BIT(RIF_SEC_SHIFT) & conf) != 0; 582 risup.priv = (BIT(RIF_PRIV_SHIFT) & conf) != 0; 583 risup.lock = (BIT(RIF_LOCK_SHIFT) & conf) != 0; 584 risup.cid_attr = _RIF_FLD_GET(RIF_PERx_CID, conf); 585 586 if (!rifsc_pdata.is_tdcid) { 587 cidcfgr = io_read32(rifsc_pdata.base + 588 _OFFSET_PERX_CIDCFGR * risup.id + 589 _RIFSC_RISC_PER0_CIDCFGR); 590 591 if (cidcfgr != risup.cid_attr) 592 return TEE_ERROR_BAD_PARAMETERS; 593 } 594 595 DMSG("Setting config for peripheral: %u, %s, %s, cid attr: %#"PRIx32", %s", 596 id, risup.sec ? "Secure" : "Non secure", 597 risup.priv ? "Privileged" : "Non privileged", 598 risup.cid_attr, risup.lock ? "Locked" : "Unlocked"); 599 600 return stm32_risup_cfg(&rifsc_pdata, &risup); 601 } 602 603 if (!rifsc_pdata.is_tdcid) 604 return TEE_ERROR_ACCESS_DENIED; 605 606 rimu.id = _RIF_FLD_GET(RIMUPROT_RIMC_M_ID, conf) - RIMU_ID_OFFSET; 607 rimu.attr = _RIF_FLD_GET(RIMUPROT_RIMC_ATTRx, conf); 608 609 return stm32_rimu_cfg(&rifsc_pdata, &rimu); 610 } 611 612 static void stm32_rifsc_release_access(struct firewall_query *firewall) 613 { 614 uintptr_t rifsc_base = rifsc_pdata.base; 615 uint32_t cidcfgr = 0; 616 uint32_t id = 0; 617 618 assert(rifsc_base && firewall && firewall->arg_count); 619 620 id = firewall->args[0]; 621 622 if (id >= RIMU_ID_OFFSET) 623 return; 624 625 cidcfgr = io_read32(rifsc_base + _RIFSC_RISC_PER0_CIDCFGR + 626 _OFFSET_PERX_CIDCFGR * id); 627 628 /* Only thing possible is to release a semaphore taken by OP-TEE CID */ 629 if (stm32_rif_semaphore_enabled_and_ok(cidcfgr, RIF_CID1)) 630 if (stm32_rif_release_semaphore(rifsc_base + 631 _RIFSC_RISC_PER0_SEMCR + 632 id * _OFFSET_PERX_CIDCFGR, 633 MAX_CID_SUPPORTED)) 634 panic("Could not release the RIF semaphore"); 635 } 636 637 static TEE_Result stm32_rifsc_sem_pm_suspend(void) 638 { 639 unsigned int i = 0; 640 641 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 642 uint32_t semcfgr = io_read32(rifsc_pdata.base + 643 _RIFSC_RISC_PER0_SEMCR + 644 _OFFSET_PERX_CIDCFGR * i); 645 struct risup_cfg *risup = rifsc_pdata.risup + i; 646 647 /* Save semaphores that were taken by the CID1 */ 648 risup->pm_sem = semcfgr & _SEMCR_MUTEX && 649 ((semcfgr & _SEMCR_SEMCID_MASK) >> 650 _SEMCR_SEMCID_SHIFT) == RIF_CID1; 651 652 FMSG("RIF semaphore %s for ID: %"PRIu32, 653 risup->pm_sem ? "SAVED" : "NOT SAVED", risup->id); 654 } 655 656 return TEE_SUCCESS; 657 } 658 659 static TEE_Result stm32_rifsc_sem_pm_resume(void) 660 { 661 TEE_Result res = TEE_ERROR_GENERIC; 662 unsigned int i = 0; 663 664 for (i = 0; i < rifsc_pdata.nrisup && i < rifsc_drvdata.nb_risup; i++) { 665 struct risup_cfg *risup = rifsc_pdata.risup + i; 666 uintptr_t cidcfgr_offset = _OFFSET_PERX_CIDCFGR * risup->id; 667 uintptr_t offset = sizeof(uint32_t) * 668 (risup->id / _PERIPH_IDS_PER_REG); 669 uintptr_t perih_offset = risup->id % _PERIPH_IDS_PER_REG; 670 uint32_t seccgfr = io_read32(rifsc_pdata.base + 671 _RIFSC_RISC_SECCFGR0 + offset); 672 uint32_t privcgfr = io_read32(rifsc_pdata.base + 673 _RIFSC_RISC_PRIVCFGR0 + offset); 674 uint32_t lockcfgr = io_read32(rifsc_pdata.base + 675 _RIFSC_RISC_RCFGLOCKR0 + offset); 676 677 /* Update RISUPs fields */ 678 risup->cid_attr = io_read32(rifsc_pdata.base + 679 _RIFSC_RISC_PER0_CIDCFGR + 680 cidcfgr_offset); 681 risup->sec = (seccgfr & BIT(perih_offset)) != 0; 682 risup->priv = (privcgfr & BIT(perih_offset)) != 0; 683 risup->lock = (lockcfgr & BIT(perih_offset)) != 0; 684 685 /* Acquire available appropriate semaphores */ 686 if (!stm32_rif_semaphore_enabled_and_ok(risup->cid_attr, 687 RIF_CID1) || 688 !risup->pm_sem) 689 continue; 690 691 res = stm32_rif_acquire_semaphore(rifsc_pdata.base + 692 _RIFSC_RISC_PER0_SEMCR + 693 cidcfgr_offset, 694 MAX_CID_SUPPORTED); 695 if (res) { 696 EMSG("Could not acquire semaphore for resource %"PRIu32, 697 risup->id); 698 return TEE_ERROR_ACCESS_DENIED; 699 } 700 } 701 702 return TEE_SUCCESS; 703 } 704 705 static TEE_Result 706 stm32_rifsc_sem_pm(enum pm_op op, unsigned int pm_hint, 707 const struct pm_callback_handle *pm_handle __unused) 708 { 709 TEE_Result res = TEE_ERROR_GENERIC; 710 711 if (pm_hint != PM_HINT_CONTEXT_STATE) 712 return TEE_SUCCESS; 713 714 if (op == PM_OP_RESUME) 715 res = stm32_rifsc_sem_pm_resume(); 716 else 717 res = stm32_rifsc_sem_pm_suspend(); 718 719 return res; 720 } 721 722 TEE_Result stm32_rifsc_check_tdcid(bool *tdcid_state) 723 { 724 if (!rifsc_pdata.base) 725 return TEE_ERROR_DEFER_DRIVER_INIT; 726 727 if (((io_read32(rifsc_pdata.base + _RIFSC_RIMC_CR) & 728 _RIFSC_RIMC_CR_TDCID_MASK)) == (RIF_CID1 << SCID_SHIFT)) 729 *tdcid_state = true; 730 else 731 *tdcid_state = false; 732 733 return TEE_SUCCESS; 734 } 735 736 static const struct firewall_controller_ops firewall_ops = { 737 .set_conf = stm32_rifsc_set_config, 738 .check_access = stm32_rifsc_check_access, 739 .acquire_access = stm32_rifsc_acquire_access, 740 .release_access = stm32_rifsc_release_access, 741 }; 742 743 /** 744 * stm32_rifsc_dt_probe_bus() - Add bus device tree subnodes that are accessible 745 * by OP-TEE and secure to the driver probe list. This is used at boot time 746 * only, as a sanity check between device tree and firewalls hardware 747 * configurations to prevent undesired accesses when access to a device is not 748 * authorized. This function tries to acquire access to every resource entries 749 * listed in the access-controllers property of each of the subnodes. It panics 750 * if it fails to do so. When CFG_INSECURE is enabled, platform can bypass this 751 * access control test for specific devices assigned to non-secure world and 752 * used by OP-TEE, such as an UART console device. 753 * 754 * @fdt: FDT to work on 755 * @node: RIFSC node 756 * @ctrl: RIFSC firewall controller reference 757 */ 758 static TEE_Result 759 stm32_rifsc_dt_probe_bus(const void *fdt, int node, 760 struct firewall_controller *ctrl __maybe_unused) 761 { 762 TEE_Result res = TEE_ERROR_GENERIC; 763 struct firewall_query *fw = NULL; 764 int subnode = 0; 765 766 DMSG("Populating %s firewall bus", ctrl->name); 767 768 fdt_for_each_subnode(subnode, fdt, node) { 769 unsigned int i = 0; 770 771 if (fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 772 continue; 773 774 if (IS_ENABLED(CFG_INSECURE) && 775 stm32mp_allow_probe_shared_device(fdt, subnode)) { 776 DMSG("Skipping firewall attributes check for %s", 777 fdt_get_name(fdt, subnode, NULL)); 778 goto skip_check; 779 } 780 781 DMSG("Acquiring firewall access for %s when probing bus", 782 fdt_get_name(fdt, subnode, NULL)); 783 784 do { 785 /* 786 * The access-controllers property is mandatory for 787 * firewall bus devices 788 */ 789 res = firewall_dt_get_by_index(fdt, subnode, i, &fw); 790 if (res == TEE_ERROR_ITEM_NOT_FOUND) { 791 /* Stop when nothing more to parse */ 792 break; 793 } else if (res) { 794 EMSG("%s: Error on node %s: %#"PRIx32, 795 ctrl->name, 796 fdt_get_name(fdt, subnode, NULL), res); 797 panic(); 798 } 799 800 res = firewall_acquire_access(fw); 801 if (res) { 802 EMSG("%s: %s not accessible: %#"PRIx32, 803 ctrl->name, 804 fdt_get_name(fdt, subnode, NULL), res); 805 panic(); 806 } 807 808 firewall_put(fw); 809 i++; 810 } while (true); 811 812 skip_check: 813 res = dt_driver_maybe_add_probe_node(fdt, subnode); 814 if (res) { 815 EMSG("Failed on node %s with %#"PRIx32, 816 fdt_get_name(fdt, subnode, NULL), res); 817 panic(); 818 } 819 } 820 821 return TEE_SUCCESS; 822 } 823 824 static TEE_Result stm32_rifsc_probe(const void *fdt, int node, 825 const void *compat_data __unused) 826 { 827 struct firewall_controller *controller = NULL; 828 TEE_Result res = TEE_ERROR_GENERIC; 829 830 res = stm32_rifsc_parse_fdt(fdt, node, &rifsc_pdata); 831 if (res) { 832 EMSG("Could not parse RIFSC node, res = %#"PRIx32, res); 833 panic(); 834 } 835 836 if (!rifsc_pdata.drv_data) 837 stm32_rifsc_get_driverdata(&rifsc_pdata); 838 839 res = stm32_risup_setup(&rifsc_pdata); 840 if (res) { 841 EMSG("Could not setup RISUPs, res = %#"PRIx32, res); 842 panic(); 843 } 844 845 if (rifsc_pdata.is_tdcid) { 846 res = stm32_rimu_setup(&rifsc_pdata); 847 if (res) { 848 EMSG("Could not setup RIMUs, res = %#"PRIx32, res); 849 panic(); 850 } 851 } 852 853 res = stm32_rifsc_glock_config(fdt, node, &rifsc_pdata); 854 if (res) 855 panic("Couldn't lock RIFSC configuration"); 856 857 controller = calloc(1, sizeof(*controller)); 858 if (!controller) 859 panic(); 860 861 controller->name = "RIFSC"; 862 controller->priv = &rifsc_pdata; 863 controller->ops = &firewall_ops; 864 865 res = firewall_dt_controller_register(fdt, node, controller); 866 if (res) 867 panic(); 868 869 res = stm32_rifsc_dt_probe_bus(fdt, node, controller); 870 if (res) 871 panic(); 872 873 register_pm_core_service_cb(stm32_rifsc_sem_pm, NULL, 874 "stm32-rifsc-semaphores"); 875 876 return TEE_SUCCESS; 877 } 878 879 static const struct dt_device_match rifsc_match_table[] = { 880 { .compatible = "st,stm32mp25-rifsc" }, 881 { } 882 }; 883 884 DEFINE_DT_DRIVER(rifsc_dt_driver) = { 885 .name = "stm32-rifsc", 886 .match_table = rifsc_match_table, 887 .probe = stm32_rifsc_probe, 888 }; 889