1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2022-2024, STMicroelectronics
4 */
5
6 #include <assert.h>
7 #include <drivers/clk.h>
8 #include <drivers/clk_dt.h>
9 #include <drivers/firewall.h>
10 #include <drivers/stm32_rif.h>
11 #include <drivers/stm32_risab.h>
12 #include <dt-bindings/firewall/stm32mp25-risab.h>
13 #include <io.h>
14 #include <kernel/boot.h>
15 #include <kernel/dt.h>
16 #include <kernel/pm.h>
17 #include <kernel/spinlock.h>
18 #include <kernel/tee_misc.h>
19 #include <libfdt.h>
20 #include <mm/core_memprot.h>
21 #include <platform_config.h>
22 #include <stdint.h>
23 #include <string_ext.h>
24 #include <stm32_sysconf.h>
25 #include <util.h>
26
27 #define _RISAB_CR U(0x0)
28 #define _RISAB_IASR U(0x8)
29 #define _RISAB_IACR U(0xC)
30 #define _RISAB_RCFGLOCKR U(0x10)
31 #define _RISAB_IAESR U(0x20)
32 #define _RISAB_IADDR U(0x24)
33 #define _RISAB_PGy_SECCFGR(y) (U(0x100) + (0x4 * (y)))
34 #define _RISAB_PGy_PRIVCFGR(y) (U(0x200) + (0x4 * (y)))
35 #define _RISAB_RISAB_PGy_C2PRIVCFGR(y) (U(0x600) + (0x4 * (y)))
36 #define _RISAB_CIDxPRIVCFGR(x) (U(0x800) + (0x20 * (x)))
37 #define _RISAB_CIDxRDCFGR(x) (U(0x808) + (0x20 * (x)))
38 #define _RISAB_CIDxWRCFGR(x) (U(0x810) + (0x20 * (x)))
39 #define _RISAB_PGy_CIDCFGR(y) (U(0xA00) + (0x4 * (y)))
40 #define _RISAB_HWCFGR3 U(0xFE8)
41 #define _RISAB_HWCFGR2 U(0xFEC)
42 #define _RISAB_HWCFGR1 U(0xFF0)
43 #define _RISAB_VERR U(0xFF4)
44 #define _RISAB_IPIDR U(0xFF8)
45 #define _RISAB_SIDR U(0xFFC)
46
47 /* RISAB_CR bitfields */
48 #define _RISAB_CR_SRWIAD BIT(31)
49
50 /* RISAB_IACR bitfields */
51 #define _RISAB_IACR_CAEF BIT(0)
52 #define _RISAB_IACR_IAEF BIT(1)
53 #define _RISAB_IACR_MASK (_RISAB_IACR_CAEF | \
54 _RISAB_IACR_IAEF)
55
56 /* Define RISAB_PG_SECCFGR bitfields */
57 #define _RISAB_PG_SECCFGR_MASK GENMASK_32(7, 0)
58
59 /* Define RISAB_PG_PRIVCFGR bitfields */
60 #define _RISAB_PG_PRIVCFGR_MASK GENMASK_32(7, 0)
61
62 /* CIDCFGR bitfields */
63 #define _RISAB_PG_CIDCFGR_CFEN BIT(0)
64 #define _RISAB_PG_CIDCFGR_DCEN BIT(2)
65 #define _RISAB_PG_CIDCFGR_DDCID_SHIFT U(4)
66 #define _RISAB_PG_CIDCFGR_DDCID_MASK GENMASK_32(6, 4)
67 #define _RISAB_PG_CIDCFGR_CONF_MASK (_RISAB_PG_CIDCFGR_CFEN | \
68 _RISAB_PG_CIDCFGR_DCEN | \
69 _RISAB_PG_CIDCFGR_DDCID_MASK)
70
71 /* Miscellaneous */
72 #define _RISAB_NB_PAGES_MAX U(32)
73 #define _RISAB_PAGE_SIZE U(0x1000)
74 #define _RISAB_NB_MAX_CID_SUPPORTED U(7)
75
76 #define RISAB_NAME_LEN_MAX U(20)
77
78 struct mem_region {
79 paddr_t base;
80 size_t size;
81 };
82
83 struct stm32_risab_rif_conf {
84 unsigned int first_page;
85 unsigned int nb_pages_cfged;
86 uint32_t plist[_RISAB_NB_MAX_CID_SUPPORTED];
87 uint32_t rlist[_RISAB_NB_MAX_CID_SUPPORTED];
88 uint32_t wlist[_RISAB_NB_MAX_CID_SUPPORTED];
89 uint32_t cidcfgr;
90 uint32_t dprivcfgr;
91 uint32_t seccfgr;
92 };
93
94 struct stm32_risab_pdata {
95 unsigned int nb_regions_cfged;
96 struct clk *clock;
97 struct mem_region region_cfged;
98 struct stm32_risab_rif_conf *subr_cfg;
99 struct io_pa_va base;
100 unsigned int conf_lock;
101 char risab_name[RISAB_NAME_LEN_MAX];
102 uint32_t pages_configured;
103 bool srwiad;
104 bool errata_ahbrisab;
105
106 SLIST_ENTRY(stm32_risab_pdata) link;
107 };
108
109 static SLIST_HEAD(, stm32_risab_pdata) risab_list =
110 SLIST_HEAD_INITIALIZER(risab_list);
111
112 static bool is_tdcid;
113
risab_base(struct stm32_risab_pdata * risab)114 static vaddr_t risab_base(struct stm32_risab_pdata *risab)
115 {
116 return io_pa_or_va_secure(&risab->base, 1);
117 }
118
stm32_risab_clear_illegal_access_flags(void)119 void stm32_risab_clear_illegal_access_flags(void)
120 {
121 struct stm32_risab_pdata *risab = NULL;
122
123 SLIST_FOREACH(risab, &risab_list, link) {
124 vaddr_t base = risab_base(risab);
125
126 if (!io_read32(base + _RISAB_IASR))
127 continue;
128
129 io_write32(base + _RISAB_IACR, _RISAB_IACR_CAEF |
130 _RISAB_IACR_IAEF);
131 }
132 }
133
134 #ifdef CFG_TEE_CORE_DEBUG
stm32_risab_print_erroneous_data(void)135 void stm32_risab_print_erroneous_data(void)
136 {
137 struct stm32_risab_pdata *risab = NULL;
138
139 SLIST_FOREACH(risab, &risab_list, link) {
140 vaddr_t base = risab_base(risab);
141
142 /* Check if faulty address on this RISAB */
143 if (!io_read32(base + _RISAB_IASR))
144 continue;
145
146 EMSG("\n\nDUMPING DATA FOR %s\n\n", risab->risab_name);
147 EMSG("=====================================================");
148 EMSG("Status register (IAESR): %#"PRIx32,
149 io_read32(base + _RISAB_IAESR));
150 EMSG("-----------------------------------------------------");
151 EMSG("Faulty address (IADDR): %#"PRIx32,
152 io_read32(base + _RISAB_IADDR));
153 EMSG("=====================================================\n");
154 };
155 }
156 #endif /* CFG_TEE_CORE_DEBUG */
157
regs_access_granted(struct stm32_risab_pdata * risab_d,unsigned int reg_idx)158 static bool regs_access_granted(struct stm32_risab_pdata *risab_d,
159 unsigned int reg_idx)
160 {
161 unsigned int first_page = risab_d->subr_cfg[reg_idx].first_page;
162 uint32_t cidcfgr = io_read32(risab_base(risab_d) +
163 _RISAB_PGy_CIDCFGR(first_page));
164
165 if (virt_to_phys((void *)risab_base(risab_d)) == RISAB1_BASE ||
166 virt_to_phys((void *)risab_base(risab_d)) == RISAB2_BASE)
167 return true;
168
169 /* No CID filtering */
170 if (!(cidcfgr & _RISAB_PG_CIDCFGR_CFEN))
171 return true;
172
173 /* Trusted CID access */
174 if (is_tdcid && !(cidcfgr & _RISAB_PG_CIDCFGR_DCEN))
175 return true;
176
177 /* Delegated CID access check */
178 if (cidcfgr & _RISAB_PG_CIDCFGR_DCEN &&
179 ((cidcfgr & _RISAB_PG_CIDCFGR_DDCID_MASK) >>
180 _RISAB_PG_CIDCFGR_DDCID_SHIFT) == RIF_CID1)
181 return true;
182
183 return false;
184 }
185
set_block_seccfgr(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)186 static void set_block_seccfgr(struct stm32_risab_pdata *risab_d,
187 struct stm32_risab_rif_conf *subr_cfg)
188 {
189 vaddr_t base = risab_base(risab_d);
190 unsigned int i = 0;
191 unsigned int last_page = subr_cfg->first_page +
192 subr_cfg->nb_pages_cfged - 1;
193
194 for (i = subr_cfg->first_page; i <= last_page; i++)
195 io_clrsetbits32(base + _RISAB_PGy_SECCFGR(i),
196 _RISAB_PG_SECCFGR_MASK, subr_cfg->seccfgr);
197 }
198
set_block_dprivcfgr(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)199 static void set_block_dprivcfgr(struct stm32_risab_pdata *risab_d,
200 struct stm32_risab_rif_conf *subr_cfg)
201 {
202 vaddr_t base = risab_base(risab_d);
203 unsigned int i = 0;
204 unsigned int last_page = subr_cfg->first_page +
205 subr_cfg->nb_pages_cfged - 1;
206
207 for (i = subr_cfg->first_page; i <= last_page; i++)
208 io_clrsetbits32(base + _RISAB_PGy_PRIVCFGR(i),
209 _RISAB_PG_PRIVCFGR_MASK,
210 subr_cfg->dprivcfgr);
211 }
212
set_cidcfgr(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)213 static void set_cidcfgr(struct stm32_risab_pdata *risab_d,
214 struct stm32_risab_rif_conf *subr_cfg)
215 {
216 vaddr_t base = risab_base(risab_d);
217 unsigned int i = 0;
218 unsigned int last_page = subr_cfg->first_page +
219 subr_cfg->nb_pages_cfged - 1;
220
221 for (i = subr_cfg->first_page; i <= last_page; i++) {
222 /*
223 * When TDCID, OP-TEE should be the one to set the CID filtering
224 * configuration. Clearing previous configuration prevents
225 * undesired events during the only legitimate configuration.
226 */
227 io_clrsetbits32(base + _RISAB_PGy_CIDCFGR(i),
228 _RISAB_PG_CIDCFGR_CONF_MASK,
229 subr_cfg->cidcfgr);
230 }
231 }
232
set_read_conf(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)233 static void set_read_conf(struct stm32_risab_pdata *risab_d,
234 struct stm32_risab_rif_conf *subr_cfg)
235 {
236 vaddr_t base = risab_base(risab_d);
237 unsigned int i = 0;
238 unsigned int last_page = subr_cfg->first_page +
239 subr_cfg->nb_pages_cfged - 1;
240 uint32_t mask = GENMASK_32(last_page, subr_cfg->first_page);
241
242 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
243 /*
244 * Errata: CID0 must be authorized for RISAB accesses if
245 * CID filtering is enabled on some RISAB instances so that
246 * transient CID0 transactions are handled.
247 */
248 if (subr_cfg->rlist[i] ||
249 (risab_d->errata_ahbrisab && i == RIF_CID0))
250 io_clrsetbits32(base + _RISAB_CIDxRDCFGR(i), mask,
251 mask);
252 }
253 }
254
set_write_conf(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)255 static void set_write_conf(struct stm32_risab_pdata *risab_d,
256 struct stm32_risab_rif_conf *subr_cfg)
257 {
258 vaddr_t base = risab_base(risab_d);
259 unsigned int i = 0;
260 unsigned int last_page = subr_cfg->first_page +
261 subr_cfg->nb_pages_cfged - 1;
262 uint32_t mask = GENMASK_32(last_page, subr_cfg->first_page);
263
264 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
265 /*
266 * Errata: CID0 must be authorized for RISAB accesses if
267 * CID filtering is enabled on some RISAB instances so that
268 * transient CID0 transactions are handled.
269 */
270 if (subr_cfg->wlist[i] ||
271 (risab_d->errata_ahbrisab && i == RIF_CID0))
272 io_clrsetbits32(base + _RISAB_CIDxWRCFGR(i), mask,
273 mask);
274 }
275 }
276
set_cid_priv_conf(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg)277 static void set_cid_priv_conf(struct stm32_risab_pdata *risab_d,
278 struct stm32_risab_rif_conf *subr_cfg)
279 {
280 vaddr_t base = risab_base(risab_d);
281 unsigned int i = 0;
282 unsigned int last_page = subr_cfg->first_page +
283 subr_cfg->nb_pages_cfged - 1;
284 uint32_t mask = GENMASK_32(last_page, subr_cfg->first_page);
285
286 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
287 if (subr_cfg->plist[i])
288 io_clrsetbits32(base + _RISAB_CIDxPRIVCFGR(i), mask,
289 subr_cfg->plist[i]);
290 }
291 }
292
set_rif_registers(struct stm32_risab_pdata * risab,unsigned int reg_idx)293 static TEE_Result set_rif_registers(struct stm32_risab_pdata *risab,
294 unsigned int reg_idx)
295 {
296 struct stm32_risab_rif_conf *subr_cfg = NULL;
297
298 assert(&risab->subr_cfg[reg_idx]);
299
300 subr_cfg = &risab->subr_cfg[reg_idx];
301
302 /*
303 * This sequence will generate an IAC if the CID filtering
304 * configuration is inconsistent with these desired rights
305 * to apply.
306 */
307 if (!regs_access_granted(risab, reg_idx))
308 return TEE_ERROR_ACCESS_DENIED;
309
310 set_block_dprivcfgr(risab, subr_cfg);
311 set_block_seccfgr(risab, subr_cfg);
312
313 /*
314 * Grant page access to some CIDs, in read and/or write, and the
315 * necessary privilege level.
316 */
317 set_read_conf(risab, subr_cfg);
318 set_write_conf(risab, subr_cfg);
319 set_cid_priv_conf(risab, subr_cfg);
320
321 if (virt_to_phys((void *)risab_base(risab)) != RISAB1_BASE &&
322 virt_to_phys((void *)risab_base(risab)) != RISAB2_BASE) {
323 /* Delegate RIF configuration or not */
324 if (!is_tdcid)
325 DMSG("Cannot set %s CID config for region %u",
326 risab->risab_name, reg_idx);
327 else
328 set_cidcfgr(risab, subr_cfg);
329 } else {
330 set_cidcfgr(risab, subr_cfg);
331 }
332
333 dsb();
334
335 return TEE_SUCCESS;
336 }
337
apply_rif_config(struct stm32_risab_pdata * risab_d)338 static void apply_rif_config(struct stm32_risab_pdata *risab_d)
339 {
340 vaddr_t base = risab_base(risab_d);
341 unsigned int i = 0;
342
343 /* If TDCID, we expect to restore default RISAB configuration */
344 if (is_tdcid) {
345 for (i = 0; i < _RISAB_NB_PAGES_MAX; i++) {
346 io_clrbits32(base + _RISAB_PGy_CIDCFGR(i),
347 _RISAB_PG_CIDCFGR_CONF_MASK);
348 io_clrbits32(base + _RISAB_PGy_SECCFGR(i),
349 _RISAB_PG_SECCFGR_MASK);
350 io_clrbits32(base + _RISAB_PGy_PRIVCFGR(i),
351 _RISAB_PG_PRIVCFGR_MASK);
352 }
353 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
354 io_clrbits32(base + _RISAB_CIDxRDCFGR(i), UINT32_MAX);
355 io_clrbits32(base + _RISAB_CIDxWRCFGR(i), UINT32_MAX);
356 io_clrbits32(base + _RISAB_CIDxPRIVCFGR(i), UINT32_MAX);
357 }
358 }
359
360 for (i = 0; i < risab_d->nb_regions_cfged; i++) {
361 if (set_rif_registers(risab_d, i))
362 panic();
363 }
364 }
365
parse_risab_rif_conf(struct stm32_risab_pdata * risab_d,struct stm32_risab_rif_conf * subr_cfg,uint32_t rif_conf,bool check_overlap)366 static void parse_risab_rif_conf(struct stm32_risab_pdata *risab_d,
367 struct stm32_risab_rif_conf *subr_cfg,
368 uint32_t rif_conf, bool check_overlap)
369 {
370 unsigned int first_page = subr_cfg->first_page;
371 unsigned int last_page = first_page + subr_cfg->nb_pages_cfged - 1;
372 uint32_t reg_pages_cfged = GENMASK_32(last_page, first_page);
373 unsigned int i = 0;
374
375 assert(last_page <= _RISAB_NB_PAGES_MAX);
376
377 DMSG("Configuring pages %u to %u", first_page, last_page);
378
379 /* Parse secure configuration */
380 if (rif_conf & BIT(RISAB_SEC_SHIFT)) {
381 subr_cfg->seccfgr = _RISAB_PG_SECCFGR_MASK;
382 /*
383 * Memory region overlapping should only be checked at platform
384 * setup when memory mapping is first applied. A region's
385 * attributes can later be dynamically modified but not its
386 * bounds.
387 */
388 if (check_overlap &&
389 reg_pages_cfged & risab_d->pages_configured)
390 panic("Memory region overlap detected");
391 } else {
392 subr_cfg->seccfgr = 0;
393 }
394
395 /* Parse default privilege configuration */
396 if (rif_conf & BIT(RISAB_DPRIV_SHIFT)) {
397 subr_cfg->dprivcfgr = _RISAB_PG_PRIVCFGR_MASK;
398 if (check_overlap &&
399 reg_pages_cfged & risab_d->pages_configured)
400 panic("Memory region overlap detected");
401 } else {
402 subr_cfg->dprivcfgr = 0;
403 }
404
405 if (check_overlap)
406 risab_d->pages_configured |= reg_pages_cfged;
407
408 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
409 /* RISAB compartment priv configuration */
410 if (rif_conf & BIT(i))
411 subr_cfg->plist[i] |= GENMASK_32(last_page, first_page);
412
413 /* RISAB compartment read configuration */
414 if (rif_conf & BIT(i + RISAB_READ_LIST_SHIFT))
415 subr_cfg->rlist[i] |= GENMASK_32(last_page, first_page);
416
417 /* RISAB compartment write configuration */
418 if (rif_conf & BIT(i + RISAB_WRITE_LIST_SHIFT))
419 subr_cfg->wlist[i] |= GENMASK_32(last_page, first_page);
420 }
421
422 /* CID filtering configuration */
423 if (rif_conf & BIT(RISAB_CFEN_SHIFT))
424 subr_cfg->cidcfgr |= _RISAB_PG_CIDCFGR_CFEN;
425
426 if (rif_conf & BIT(RISAB_DCEN_SHIFT))
427 subr_cfg->cidcfgr |= _RISAB_PG_CIDCFGR_DCEN;
428
429 if (rif_conf & RISAB_DCCID_MASK) {
430 uint32_t ddcid = SHIFT_U32((rif_conf & RISAB_DCCID_MASK) >>
431 RISAB_DCCID_SHIFT,
432 _RISAB_PG_CIDCFGR_DDCID_SHIFT);
433
434 assert(((rif_conf & RISAB_DCCID_MASK) >> RISAB_DCCID_SHIFT) <
435 _RISAB_NB_MAX_CID_SUPPORTED);
436
437 subr_cfg->cidcfgr |= ddcid;
438 }
439 }
440
parse_dt(const void * fdt,int node,struct stm32_risab_pdata * risab_d)441 static TEE_Result parse_dt(const void *fdt, int node,
442 struct stm32_risab_pdata *risab_d)
443 {
444 TEE_Result res = TEE_ERROR_GENERIC;
445 const fdt32_t *mem_regions = NULL;
446 struct dt_node_info info = { };
447 const fdt32_t *cuint = NULL;
448 int mem_reg_node = 0;
449 unsigned int i = 0;
450 int lenp = 0;
451
452 fdt_fill_device_info(fdt, &info, node);
453 assert(info.reg != DT_INFO_INVALID_REG &&
454 info.reg_size != DT_INFO_INVALID_REG_SIZE);
455
456 risab_d->base.pa = info.reg;
457
458 /* Gate the IP */
459 res = clk_dt_get_by_index(fdt, node, 0, &risab_d->clock);
460 if (res)
461 return res;
462
463 strlcpy(risab_d->risab_name, fdt_get_name(fdt, node, NULL),
464 sizeof(risab_d->risab_name));
465
466 cuint = fdt_getprop(fdt, node, "st,srwiad", NULL);
467 if (cuint)
468 risab_d->srwiad = true;
469
470 risab_d->errata_ahbrisab = fdt_getprop(fdt, node, "st,errata-ahbrisab",
471 NULL);
472
473 /* Get the memory region being configured */
474 cuint = fdt_getprop(fdt, node, "st,mem-map", &lenp);
475 if (!cuint)
476 panic("Missing st,mem-map property in configure memory region");
477
478 assert((unsigned int)(lenp / sizeof(uint32_t)) == 2);
479
480 risab_d->region_cfged.base = fdt32_to_cpu(cuint[0]);
481 risab_d->region_cfged.size = fdt32_to_cpu(cuint[1]);
482
483 /* Get the memory regions to configure */
484 mem_regions = fdt_getprop(fdt, node, "memory-region", &lenp);
485 if (!mem_regions)
486 panic("No memory region to configure");
487
488 risab_d->nb_regions_cfged = (unsigned int)(lenp / sizeof(uint32_t));
489 assert(risab_d->nb_regions_cfged < _RISAB_NB_PAGES_MAX);
490
491 risab_d->subr_cfg = calloc(risab_d->nb_regions_cfged,
492 sizeof(*risab_d->subr_cfg));
493 if (!risab_d->subr_cfg)
494 return TEE_ERROR_OUT_OF_MEMORY;
495
496 for (i = 0; i < risab_d->nb_regions_cfged; i++) {
497 uint32_t phandle = fdt32_to_cpu(mem_regions[i]);
498 size_t sub_region_offset = 0;
499 paddr_t address = 0;
500 size_t length = 0;
501
502 mem_reg_node = fdt_node_offset_by_phandle(fdt, phandle);
503 if (mem_reg_node < 0)
504 return TEE_ERROR_ITEM_NOT_FOUND;
505
506 /*
507 * Get the reg property to determine the number of pages
508 * to configure
509 */
510 address = fdt_reg_base_address(fdt, mem_reg_node);
511 length = fdt_reg_size(fdt, mem_reg_node);
512
513 assert(IS_ALIGNED(address, _RISAB_PAGE_SIZE) &&
514 IS_ALIGNED(length, _RISAB_PAGE_SIZE));
515
516 /*
517 * Get the sub region offset and check if it is not out
518 * of bonds
519 */
520 sub_region_offset = address - risab_d->region_cfged.base;
521
522 if (!core_is_buffer_inside(address, length,
523 risab_d->region_cfged.base,
524 risab_d->region_cfged.size)) {
525 EMSG("Region %#"PRIxPA"..%#"PRIxPA" outside RISAB area %#"PRIxPA"...%#"PRIxPA,
526 address, address + length,
527 risab_d->region_cfged.base,
528 risab_d->region_cfged.base +
529 risab_d->region_cfged.size);
530 return TEE_ERROR_BAD_PARAMETERS;
531 }
532
533 risab_d->subr_cfg[i].first_page = sub_region_offset /
534 _RISAB_PAGE_SIZE;
535 risab_d->subr_cfg[i].nb_pages_cfged = length /
536 _RISAB_PAGE_SIZE;
537 if (!risab_d->subr_cfg[i].nb_pages_cfged)
538 panic("Range to configure is < to the size of a page");
539
540 /* Get the RIF configuration for this region */
541 cuint = fdt_getprop(fdt, mem_reg_node, "st,protreg", &lenp);
542 if (!cuint)
543 panic("No RIF configuration available");
544
545 /* There should be only one configuration for this region */
546 assert((unsigned int)(lenp / sizeof(uint32_t)) == 1);
547
548 parse_risab_rif_conf(risab_d, &risab_d->subr_cfg[i],
549 fdt32_to_cpu(cuint[0]),
550 true /*check_overlap*/);
551 }
552
553 return TEE_SUCCESS;
554 }
555
enable_srwiad_if_set(struct stm32_risab_pdata * risab_d)556 static void enable_srwiad_if_set(struct stm32_risab_pdata *risab_d)
557 {
558 if (is_tdcid && risab_d->srwiad)
559 io_setbits32(risab_base(risab_d), _RISAB_CR_SRWIAD);
560 };
561
disable_srwiad_if_unset(struct stm32_risab_pdata * risab_d)562 static void disable_srwiad_if_unset(struct stm32_risab_pdata *risab_d)
563 {
564 if (is_tdcid && !risab_d->srwiad)
565 io_clrbits32(risab_base(risab_d), _RISAB_CR_SRWIAD);
566 };
567
clear_iac_regs(struct stm32_risab_pdata * risab_d)568 static void clear_iac_regs(struct stm32_risab_pdata *risab_d)
569 {
570 io_setbits32(risab_base(risab_d) + _RISAB_IACR, _RISAB_IACR_MASK);
571 }
572
set_vderam_syscfg(struct stm32_risab_pdata * risab_d)573 static void set_vderam_syscfg(struct stm32_risab_pdata *risab_d)
574 {
575 /*
576 * Set the VDERAMCR_VDERAM_EN bit if the VDERAM should be accessed by
577 * the system. Else, clear it so that VDEC/VENC can access it.
578 */
579 if (risab_d->nb_regions_cfged)
580 stm32mp_syscfg_write(SYSCFG_VDERAMCR, VDERAMCR_VDERAM_EN,
581 VDERAMCR_MASK);
582 else
583 stm32mp_syscfg_write(SYSCFG_VDERAMCR, 0, VDERAMCR_MASK);
584 }
585
586 static struct stm32_risab_rif_conf *
get_subreg_by_range(struct stm32_risab_pdata * risab,paddr_t paddr,size_t size)587 get_subreg_by_range(struct stm32_risab_pdata *risab, paddr_t paddr, size_t size)
588 {
589 unsigned int nb_page = size / _RISAB_PAGE_SIZE;
590 unsigned int i = 0;
591
592 for (i = 0; i < risab->nb_regions_cfged; i++) {
593 unsigned int first_page = (paddr - risab->region_cfged.base) /
594 _RISAB_PAGE_SIZE;
595
596 if (first_page == risab->subr_cfg[i].first_page &&
597 nb_page == risab->subr_cfg[i].nb_pages_cfged)
598 return risab->subr_cfg + i;
599 }
600
601 return NULL;
602 }
603
stm32_risab_check_access(struct firewall_query * fw,paddr_t paddr,size_t size,bool read,bool write)604 static TEE_Result stm32_risab_check_access(struct firewall_query *fw,
605 paddr_t paddr, size_t size,
606 bool read, bool write)
607 {
608 struct stm32_risab_rif_conf *reg_conf = NULL;
609 struct stm32_risab_pdata *risab = NULL;
610 unsigned int first_page = 0;
611 uint32_t write_cids = 0;
612 uint32_t read_cids = 0;
613 uint32_t priv_cids = 0;
614 uint32_t dprivcfgr = 0;
615 uint32_t seccfgr = 0;
616 uint32_t cidcfgr = 0;
617 uint32_t q_conf = 0;
618 unsigned int i = 0;
619 vaddr_t base = 0;
620
621 assert(fw->ctrl->priv && (read || write));
622
623 risab = fw->ctrl->priv;
624 base = risab_base(risab);
625
626 if (!IS_ALIGNED(paddr, _RISAB_PAGE_SIZE) ||
627 !IS_ALIGNED(size, _RISAB_PAGE_SIZE)) {
628 EMSG("Physical address %"PRIxPA" or size:%#zx misaligned with RISAB page boundaries",
629 paddr, size);
630 return TEE_ERROR_BAD_PARAMETERS;
631 }
632
633 if (fw->arg_count != 1)
634 return TEE_ERROR_BAD_PARAMETERS;
635
636 /*
637 * RISAF region configuration, we assume the query is as
638 * follows:
639 * fw->args[0]: Configuration of the region
640 */
641 q_conf = fw->args[0];
642
643 reg_conf = get_subreg_by_range(risab, paddr, size);
644 if (!reg_conf)
645 return TEE_ERROR_BAD_PARAMETERS;
646
647 first_page = reg_conf->first_page;
648
649 seccfgr = io_read32(base + _RISAB_PGy_SECCFGR(first_page));
650 /* Security level is exclusive on memories */
651 if (!!(q_conf & BIT(RISAB_SEC_SHIFT)) ^ !!(seccfgr & BIT(first_page))) {
652 if (!(q_conf & BIT(RISAB_SEC_SHIFT) &&
653 (io_read32(base + _RISAB_CR) & _RISAB_CR_SRWIAD)))
654 return TEE_ERROR_ACCESS_DENIED;
655 }
656
657 dprivcfgr = io_read32(base + _RISAB_PGy_PRIVCFGR(first_page));
658 cidcfgr = io_read32(base + _RISAB_PGy_CIDCFGR(first_page));
659
660 if (!(cidcfgr & _RISAB_PG_CIDCFGR_CFEN)) {
661 if (dprivcfgr && !(q_conf & BIT(RISAB_DPRIV_SHIFT)))
662 return TEE_ERROR_ACCESS_DENIED;
663 else
664 return TEE_SUCCESS;
665 }
666
667 read_cids = SHIFT_U32(q_conf & RISAB_RLIST_MASK, RISAB_READ_LIST_SHIFT);
668 write_cids = SHIFT_U32(q_conf & RISAB_WLIST_MASK,
669 RISAB_WRITE_LIST_SHIFT);
670 priv_cids = q_conf & RISAB_PLIST_MASK;
671
672 for (i = 0; i < _RISAB_NB_MAX_CID_SUPPORTED; i++) {
673 uint32_t read_list = io_read32(base + _RISAB_CIDxRDCFGR(i));
674 uint32_t write_list = io_read32(base + _RISAB_CIDxWRCFGR(i));
675 uint32_t priv_list = io_read32(base + _RISAB_CIDxPRIVCFGR(i));
676
677 if (read && (read_cids & BIT(i)) &&
678 !(read_list & BIT(first_page)))
679 return TEE_ERROR_ACCESS_DENIED;
680
681 if (write && (write_cids & BIT(i)) &&
682 !(write_list & BIT(first_page)))
683 return TEE_ERROR_ACCESS_DENIED;
684
685 if ((priv_list & BIT(first_page)) && !(priv_cids & BIT(i)))
686 return TEE_ERROR_ACCESS_DENIED;
687 }
688
689 return TEE_SUCCESS;
690 }
691
stm32_risab_reconfigure_region(struct firewall_query * fw,paddr_t paddr,size_t size)692 static TEE_Result stm32_risab_reconfigure_region(struct firewall_query *fw,
693 paddr_t paddr, size_t size)
694 {
695 struct stm32_risab_pdata *risab = NULL;
696 TEE_Result res = TEE_ERROR_GENERIC;
697 paddr_t sub_region_offset = 0;
698 uint32_t exceptions = 0;
699 unsigned int i = 0;
700
701 assert(fw->ctrl->priv);
702
703 risab = fw->ctrl->priv;
704
705 if (!IS_ALIGNED(paddr, _RISAB_PAGE_SIZE) ||
706 !IS_ALIGNED(size, _RISAB_PAGE_SIZE)) {
707 EMSG("Unaligned region: pa %#"PRIxPA" size %zx", paddr, size);
708 return TEE_ERROR_BAD_PARAMETERS;
709 }
710
711 if (fw->arg_count != 1)
712 return TEE_ERROR_BAD_PARAMETERS;
713
714 /*
715 * Get the sub region offset and check if it is not out
716 * of bounds
717 */
718 sub_region_offset = paddr - risab->region_cfged.base;
719 if (!core_is_buffer_inside(paddr, size, risab->region_cfged.base,
720 risab->region_cfged.size))
721 return TEE_ERROR_BAD_PARAMETERS;
722
723 /*
724 * RISAF region configuration, we assume the query is as
725 * follows:
726 * fw->args[0]: Configuration of the region
727 */
728 for (i = 0; i < risab->nb_regions_cfged; i++) {
729 if (sub_region_offset / _RISAB_PAGE_SIZE !=
730 risab->subr_cfg[i].first_page ||
731 (size / _RISAB_PAGE_SIZE) !=
732 risab->subr_cfg[i].nb_pages_cfged)
733 continue;
734
735 parse_risab_rif_conf(risab, &risab->subr_cfg[i], fw->args[0],
736 false /*!check_overlap*/);
737
738 break;
739 }
740
741 if (i == risab->nb_regions_cfged)
742 return TEE_ERROR_BAD_PARAMETERS;
743
744 DMSG("Reconfiguring %s pages %u-%u: %s, %s, CID attributes: %#"PRIx32", R:%#"PRIx32", W:%#"PRIx32", P:%#"PRIx32"",
745 risab->risab_name, risab->subr_cfg[i].first_page,
746 risab->subr_cfg[i].first_page +
747 risab->subr_cfg[i].nb_pages_cfged - 1,
748 risab->subr_cfg[i].seccfgr ? "Secure" : "Non secure",
749 risab->subr_cfg[i].dprivcfgr ? "Default priv" : "Default unpriv",
750 risab->subr_cfg[i].cidcfgr,
751 fw->args[0] & RISAB_RLIST_MASK,
752 fw->args[0] & RISAB_WLIST_MASK,
753 fw->args[0] & RISAB_PLIST_MASK);
754
755 exceptions = cpu_spin_lock_xsave(&risab->conf_lock);
756
757 res = set_rif_registers(risab, i);
758
759 cpu_spin_unlock_xrestore(&risab->conf_lock, exceptions);
760
761 return res;
762 }
763
stm32_risab_pm_resume(struct stm32_risab_pdata * risab)764 static TEE_Result stm32_risab_pm_resume(struct stm32_risab_pdata *risab)
765 {
766 unsigned int i = 0;
767
768 if (risab->base.pa == RISAB6_BASE)
769 set_vderam_syscfg(risab);
770 enable_srwiad_if_set(risab);
771 clear_iac_regs(risab);
772
773 for (i = 0; i < risab->nb_regions_cfged; i++) {
774 if (set_rif_registers(risab, i))
775 panic();
776 }
777
778 disable_srwiad_if_unset(risab);
779
780 return TEE_SUCCESS;
781 }
782
stm32_risab_pm_suspend(struct stm32_risab_pdata * risab)783 static TEE_Result stm32_risab_pm_suspend(struct stm32_risab_pdata *risab)
784 {
785 vaddr_t base = risab_base(risab);
786 size_t i = 0;
787
788 for (i = 0; i < risab->nb_regions_cfged; i++) {
789 size_t j = 0;
790 unsigned int first_page = risab->subr_cfg[i].first_page;
791
792 /* Save all configuration fields that need to be restored */
793 risab->subr_cfg[i].seccfgr =
794 io_read32(base + _RISAB_PGy_SECCFGR(first_page));
795 risab->subr_cfg[i].dprivcfgr =
796 io_read32(base + _RISAB_PGy_PRIVCFGR(first_page));
797 risab->subr_cfg[i].cidcfgr =
798 io_read32(base + _RISAB_PGy_CIDCFGR(first_page));
799
800 for (j = 0; j < _RISAB_NB_MAX_CID_SUPPORTED; j++) {
801 risab->subr_cfg[i].rlist[j] =
802 io_read32(base + _RISAB_CIDxRDCFGR(j));
803 risab->subr_cfg[i].wlist[j] =
804 io_read32(base + _RISAB_CIDxWRCFGR(j));
805 risab->subr_cfg[i].plist[j] =
806 io_read32(base + _RISAB_CIDxPRIVCFGR(j));
807 }
808 }
809
810 return TEE_SUCCESS;
811 }
812
813 static TEE_Result
stm32_risab_pm(enum pm_op op,unsigned int pm_hint,const struct pm_callback_handle * pm_handle)814 stm32_risab_pm(enum pm_op op, unsigned int pm_hint,
815 const struct pm_callback_handle *pm_handle)
816 {
817 struct stm32_risab_pdata *risab = pm_handle->handle;
818 TEE_Result res = TEE_ERROR_GENERIC;
819
820 if (!PM_HINT_IS_STATE(pm_hint, CONTEXT) || !is_tdcid)
821 return TEE_SUCCESS;
822
823 if (op == PM_OP_RESUME)
824 res = stm32_risab_pm_resume(risab);
825 else
826 res = stm32_risab_pm_suspend(risab);
827
828 return res;
829 }
830
831 static const struct firewall_controller_ops firewall_ops = {
832 .check_memory_access = stm32_risab_check_access,
833 .set_memory_conf = stm32_risab_reconfigure_region,
834 };
835
stm32_risab_probe(const void * fdt,int node,const void * compat_data __maybe_unused)836 static TEE_Result stm32_risab_probe(const void *fdt, int node,
837 const void *compat_data __maybe_unused)
838 {
839 struct firewall_controller *controller = NULL;
840 struct stm32_risab_pdata *risab_d = NULL;
841 TEE_Result res = TEE_ERROR_GENERIC;
842
843 res = stm32_rifsc_check_tdcid(&is_tdcid);
844 if (res)
845 return res;
846
847 risab_d = calloc(1, sizeof(*risab_d));
848 if (!risab_d)
849 return TEE_ERROR_OUT_OF_MEMORY;
850
851 res = parse_dt(fdt, node, risab_d);
852 if (res)
853 goto err;
854
855 if (clk_enable(risab_d->clock))
856 panic("Can't enable RISAB clock");
857
858 if (is_tdcid) {
859 if (risab_d->base.pa == RISAB6_BASE)
860 set_vderam_syscfg(risab_d);
861 clear_iac_regs(risab_d);
862 enable_srwiad_if_set(risab_d);
863 }
864
865 apply_rif_config(risab_d);
866
867 disable_srwiad_if_unset(risab_d);
868
869 controller = calloc(1, sizeof(*controller));
870 if (!controller) {
871 res = TEE_ERROR_OUT_OF_MEMORY;
872 goto err;
873 }
874
875 controller->base = &risab_d->base;
876 controller->name = risab_d->risab_name;
877 controller->priv = risab_d;
878 controller->ops = &firewall_ops;
879
880 SLIST_INSERT_HEAD(&risab_list, risab_d, link);
881
882 res = firewall_dt_controller_register(fdt, node, controller);
883 if (res)
884 panic();
885
886 register_pm_core_service_cb(stm32_risab_pm, risab_d, "stm32-risab");
887
888 return TEE_SUCCESS;
889
890 err:
891 clk_disable(risab_d->clock);
892 free(risab_d->subr_cfg);
893 free(risab_d);
894
895 return res;
896 }
897
898 static const struct dt_device_match risab_match_table[] = {
899 { .compatible = "st,stm32mp25-risab" },
900 { }
901 };
902
903 DEFINE_DT_DRIVER(risab_dt_driver) = {
904 .name = "stm32-risab",
905 .match_table = risab_match_table,
906 .probe = stm32_risab_probe,
907 };
908