1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2021-2022, STMicroelectronics 4 */ 5 6 #include <drivers/clk.h> 7 #include <drivers/clk_dt.h> 8 #include <drivers/stm32_rif.h> 9 #include <drivers/stm32_tamp.h> 10 #include <io.h> 11 #include <kernel/dt.h> 12 #include <kernel/dt_driver.h> 13 #include <kernel/interrupt.h> 14 #include <libfdt.h> 15 #include <mm/core_memprot.h> 16 #include <stdbool.h> 17 18 /* STM32 Registers */ 19 #define _TAMP_CR1 0x00U 20 #define _TAMP_CR2 0x04U 21 #define _TAMP_CR3 0x08U 22 #define _TAMP_FLTCR 0x0CU 23 #define _TAMP_ATCR1 0x10U 24 #define _TAMP_ATSEEDR 0x14U 25 #define _TAMP_ATOR 0x18U 26 #define _TAMP_ATCR2 0x1CU 27 #define _TAMP_SECCFGR 0x20U 28 #define _TAMP_SMCR 0x20U 29 #define _TAMP_PRIVCFGR 0x24U 30 #define _TAMP_IER 0x2CU 31 #define _TAMP_SR 0x30U 32 #define _TAMP_MISR 0x34U 33 #define _TAMP_SMISR 0x38U 34 #define _TAMP_SCR 0x3CU 35 #define _TAMP_COUNTR 0x40U 36 #define _TAMP_COUNT2R 0x44U 37 #define _TAMP_OR 0x50U 38 #define _TAMP_ERCFGR 0X54U 39 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U)) 40 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x)) 41 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U)) 42 #define _TAMP_HWCFGR2 0x3ECU 43 #define _TAMP_HWCFGR1 0x3F0U 44 #define _TAMP_VERR 0x3F4U 45 #define _TAMP_IPIDR 0x3F8U 46 #define _TAMP_SIDR 0x3FCU 47 48 /* _TAMP_SECCFGR bit fields */ 49 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0) 50 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U 51 #define _TAMP_SECCFGR_CNT2SEC BIT(14) 52 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U 53 #define _TAMP_SECCFGR_CNT1SEC BIT(15) 54 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U 55 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16) 56 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U 57 #define _TAMP_SECCFGR_BHKLOCK BIT(30) 58 #define _TAMP_SECCFGR_TAMPSEC BIT(31) 59 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U 60 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \ 61 GENMASK_32(15, 14)) 62 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0) 63 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1) 64 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2) 65 66 /* _TAMP_SMCR bit fields */ 67 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0) 68 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U 69 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16) 70 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U 71 #define _TAMP_SMCR_DPROT BIT(31) 72 /* 73 * _TAMP_PRIVCFGR bit fields 74 */ 75 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 76 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 77 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 78 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 79 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 80 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 81 GENMASK_32(15, 14)) 82 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0) 83 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1) 84 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2) 85 86 /* 87 * _TAMP_PRIVCFGR bit fields 88 */ 89 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 90 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 91 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 92 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 93 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 94 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 95 GENMASK_32(15, 14)) 96 97 /* _TAMP_HWCFGR2 bit fields */ 98 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8) 99 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0) 100 101 /* _TAMP_HWCFGR1 bit fields */ 102 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0) 103 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8) 104 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12) 105 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16) 106 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U 107 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U) 108 109 /* _TAMP_VERR bit fields */ 110 #define _TAMP_VERR_MINREV GENMASK_32(3, 0) 111 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4) 112 113 /* 114 * CIDCFGR register bitfields 115 */ 116 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 117 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \ 118 _CIDCFGR_SEMEN | \ 119 _TAMP_CIDCFGR_SCID_MASK) 120 121 /* _TAMP_BKPRIFR */ 122 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0) 123 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0) 124 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0)) 125 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U 126 127 /* 128 * RIF miscellaneous 129 */ 130 #define TAMP_NB_BKPR_ZONES 3U 131 #define TAMP_RIF_RESOURCES 3U 132 #define TAMP_RIF_OFFSET_CNT 4U 133 134 /* 135 * Compatibility capabilities 136 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR 137 * register 138 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register 139 * TAMP_HAS_RIF_SUPPORT - Supports RIF 140 */ 141 #define TAMP_HAS_REGISTER_SECCFGR BIT(0) 142 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1) 143 #define TAMP_HAS_RIF_SUPPORT BIT(31) 144 145 /** 146 * struct stm32_tamp_compat - TAMP compatible data 147 * @nb_monotonic_counter: Number of monotic counter supported 148 * @tags: Bit flags TAMP_HAS_* for compatibility management 149 */ 150 struct stm32_tamp_compat { 151 int nb_monotonic_counter; 152 uint32_t tags; 153 }; 154 155 /* 156 * struct stm32_bkpregs_conf_new - Backup registers zone bounds 157 * @zone1_end - Number of backup registers in zone 1 158 * @zone2_end - Number of backup registers in zone 2 + zone 1 159 * @rif_offsets - RIF offsets used for CID compartments 160 * 161 * TAMP backup registers access permissions 162 * 163 * Zone 1: read/write in secure state, no access in non-secure state 164 * Zone 2: read/write in secure state, read-only in non-secure state 165 * Zone 3: read/write in secure state, read/write in non-secure state 166 * 167 * Protection zone 1 168 * If zone1_end == 0 no backup register are in zone 1. 169 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1, 170 * with <x> = (@zone1_end - 1). 171 * 172 * Protection zone 2 173 * If zone2_end == 0 no backup register are in zone 2 and zone 1. 174 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2, 175 * with <y> = @zone1_end and <z> = (@zone2_end - 1). 176 * 177 * Protection zone 3 178 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3, 179 * with <t> = (@zone2_end - 1). 180 * 181 * When RIF is supported, each zone can be subdivided to restrain accesses to 182 * some CIDs. 183 */ 184 struct stm32_bkpregs_conf_new { 185 uint32_t zone1_end; 186 uint32_t zone2_end; 187 uint32_t *rif_offsets; 188 }; 189 190 /** 191 * struct stm32_tamp_platdata - TAMP platform data 192 * @base: IOMEM base address 193 * @bkpregs_conf: TAMP backup register configuration reference 194 * @compat: Reference to compat data passed at driver initialization 195 * @conf_data: RIF configuration data 196 * @clock: TAMP clock 197 * @nb_rif_resources: Number of RIF resources 198 * @it: TAMP interrupt number 199 * @is_tdcid: True if current processor is TDCID 200 */ 201 struct stm32_tamp_platdata { 202 struct io_pa_va base; 203 struct stm32_bkpregs_conf_new bkpregs_conf; 204 struct stm32_tamp_compat *compat; 205 struct rif_conf_data *conf_data; 206 struct clk *clock; 207 unsigned int nb_rif_resources; 208 int it; 209 bool is_tdcid; 210 }; 211 212 /** 213 * struct stm32_tamp_instance - TAMP instance data 214 * @pdata: TAMP platform data 215 * @hwconf1: Copy of TAMP HWCONF1 register content 216 * @hwconf2: Copy of TAMP HWCONF2 register content 217 */ 218 struct stm32_tamp_instance { 219 struct stm32_tamp_platdata pdata; 220 uint32_t hwconf1; 221 uint32_t hwconf2; 222 }; 223 224 /* Expects at most a single instance */ 225 static struct stm32_tamp_instance *stm32_tamp_dev; 226 227 static void apply_rif_config(void) 228 { 229 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data; 230 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 231 uint32_t access_mask_priv_reg = 0; 232 uint32_t access_mask_sec_reg = 0; 233 uint32_t privcfgr = 0; 234 uint32_t seccfgr = 0; 235 unsigned int i = 0; 236 237 if (!stm32_tamp_dev->pdata.conf_data) 238 return; 239 240 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */ 241 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 242 if (BIT(i) & rif_conf->access_mask[0]) { 243 switch (i) { 244 case 0: 245 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC; 246 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV; 247 break; 248 case 1: 249 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC; 250 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV; 251 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV; 252 break; 253 case 2: 254 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC; 255 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV; 256 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV; 257 break; 258 default: 259 panic(); 260 } 261 } 262 } 263 264 /* 265 * When TDCID, OP-TEE should be the one to set the CID filtering 266 * configuration. Clearing previous configuration prevents 267 * undesired events during the only legitimate configuration. 268 */ 269 if (stm32_tamp_dev->pdata.is_tdcid) { 270 for (i = 0; i < TAMP_RIF_RESOURCES; i++) 271 if (BIT(i) & rif_conf->access_mask[0]) 272 io_clrbits32(base + _TAMP_CIDCFGR(i), 273 _TAMP_CIDCFGR_CONF_MASK); 274 } 275 276 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC) 277 seccfgr |= _TAMP_SECCFGR_TAMPSEC; 278 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1) 279 seccfgr |= _TAMP_SECCFGR_CNT1SEC; 280 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2) 281 seccfgr |= _TAMP_SECCFGR_CNT2SEC; 282 283 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV) 284 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV; 285 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1) 286 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV; 287 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2) 288 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV; 289 290 /* Security and privilege RIF configuration */ 291 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr); 292 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr); 293 294 if (!stm32_tamp_dev->pdata.is_tdcid) 295 return; 296 297 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 298 if (!(BIT(i) & rif_conf->access_mask[0])) 299 continue; 300 301 io_clrsetbits32(base + _TAMP_CIDCFGR(i), 302 _TAMP_CIDCFGR_CONF_MASK, 303 rif_conf->cid_confs[i]); 304 } 305 } 306 307 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void) 308 { 309 struct stm32_bkpregs_conf_new *bkpregs_conf = 310 &stm32_tamp_dev->pdata.bkpregs_conf; 311 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 312 unsigned int i = 0; 313 314 if (!bkpregs_conf->rif_offsets) 315 panic("No backup register configuration"); 316 317 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) { 318 if (bkpregs_conf->rif_offsets[i] > 319 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) 320 return TEE_ERROR_NOT_SUPPORTED; 321 } 322 323 /* Fill the 3 TAMP_BKPRIFRx registers */ 324 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK, 325 bkpregs_conf->rif_offsets[0]); 326 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK, 327 bkpregs_conf->rif_offsets[1]); 328 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK, 329 bkpregs_conf->rif_offsets[2] | 330 SHIFT_U32(bkpregs_conf->rif_offsets[3], 331 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT)); 332 333 DMSG("Backup registers mapping :"); 334 DMSG("********START of zone 1********"); 335 DMSG("Protection Zone 1-RIF1 begins at register: 0"); 336 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32, 337 bkpregs_conf->rif_offsets[0]); 338 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32, 339 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0); 340 DMSG("********END of zone 1********"); 341 DMSG("********START of zone 2********"); 342 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32, 343 bkpregs_conf->zone1_end); 344 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32, 345 bkpregs_conf->rif_offsets[1]); 346 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32, 347 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ? 348 bkpregs_conf->zone2_end - 1 : 0); 349 DMSG("********END of zone 2********"); 350 DMSG("********START of zone 3********"); 351 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32, 352 bkpregs_conf->zone2_end); 353 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32, 354 bkpregs_conf->rif_offsets[2]); 355 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32, 356 bkpregs_conf->rif_offsets[3]); 357 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32, 358 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG); 359 DMSG("********END of zone 3********"); 360 361 return TEE_SUCCESS; 362 } 363 364 TEE_Result stm32_tamp_set_secure_bkpregs(struct stm32_bkpregs_conf *bkr_conf) 365 { 366 struct stm32_tamp_instance *tamp = stm32_tamp_dev; 367 vaddr_t base = 0; 368 uint32_t first_z2 = 0; 369 uint32_t first_z3 = 0; 370 371 if (!tamp) 372 return TEE_ERROR_DEFER_DRIVER_INIT; 373 374 if (!bkr_conf) 375 return TEE_ERROR_BAD_PARAMETERS; 376 377 base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 378 379 first_z2 = bkr_conf->nb_zone1_regs; 380 first_z3 = bkr_conf->nb_zone1_regs + bkr_conf->nb_zone2_regs; 381 382 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) || 383 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))) 384 return TEE_ERROR_BAD_PARAMETERS; 385 386 if (stm32_tamp_dev->pdata.compat && 387 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 388 io_clrsetbits32(base + _TAMP_SECCFGR, 389 _TAMP_SECCFGR_BKPRWSEC_MASK, 390 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) & 391 _TAMP_SECCFGR_BKPRWSEC_MASK); 392 393 io_clrsetbits32(base + _TAMP_SECCFGR, 394 _TAMP_SECCFGR_BKPWSEC_MASK, 395 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) & 396 _TAMP_SECCFGR_BKPWSEC_MASK); 397 } else { 398 io_clrsetbits32(base + _TAMP_SMCR, 399 _TAMP_SMCR_BKPRWDPROT_MASK, 400 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) & 401 _TAMP_SMCR_BKPRWDPROT_MASK); 402 403 io_clrsetbits32(base + _TAMP_SMCR, 404 _TAMP_SMCR_BKPWDPROT_MASK, 405 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) & 406 _TAMP_SMCR_BKPWDPROT_MASK); 407 } 408 409 return TEE_SUCCESS; 410 } 411 412 static void stm32_tamp_set_secure(uint32_t mode) 413 { 414 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 415 416 if (stm32_tamp_dev->pdata.compat && 417 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 418 io_clrsetbits32(base + _TAMP_SECCFGR, 419 _TAMP_SECCFGR_BUT_BKP_MASK, 420 mode & _TAMP_SECCFGR_BUT_BKP_MASK); 421 } else { 422 /* 423 * Note: MP15 doesn't use SECCFG register and 424 * inverts the secure bit. 425 */ 426 if (mode & _TAMP_SECCFGR_TAMPSEC) 427 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 428 else 429 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 430 } 431 } 432 433 static void stm32_tamp_set_privilege(uint32_t mode) 434 { 435 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 436 437 if (stm32_tamp_dev->pdata.compat && 438 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR)) 439 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK, 440 mode & _TAMP_PRIVCFGR_MASK); 441 } 442 443 static void parse_bkpregs_dt_conf(const void *fdt, int node, 444 struct stm32_tamp_platdata *pdata) 445 { 446 const fdt32_t *cuint = NULL; 447 unsigned int bkpregs_count = 0; 448 int lenp = 0; 449 450 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp); 451 if (!cuint) 452 panic("Missing backup registers configuration"); 453 454 /* 455 * When TAMP does not support RIF, the backup registers can 456 * be splited in 3 zones. These zones have specific read/write 457 * access permissions based on the secure status of the accesser. 458 * When RIF is supported, these zones can additionally be splited 459 * in subzones that have CID filtering. Zones/Subzones can be empty and 460 * are contiguous. 461 */ 462 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT)) { 463 /* 3 zones, 2 offsets to apply */ 464 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES) 465 panic("Incorrect bkpregs configuration"); 466 467 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]); 468 bkpregs_count = fdt32_to_cpu(cuint[0]); 469 470 pdata->bkpregs_conf.zone2_end = bkpregs_count + 471 fdt32_to_cpu(cuint[1]); 472 } else { 473 /* 474 * Zone 3 475 * ----------------------| 476 * Protection Zone 3-RIF2|Read non- 477 * ----------------------|secure 478 * Protection Zone 3-RIF0|Write non- 479 * ----------------------|secure 480 * Protection Zone 3-RIF1| 481 * ----------------------| 482 * 483 * Zone 2 484 * ----------------------| 485 * Protection Zone 2-RIF2|Read non- 486 * ----------------------|secure 487 * Protection Zone 2-RIF1|Write secure 488 * ----------------------| 489 * 490 * Zone 1 491 * ----------------------| 492 * Protection Zone 1-RIF2|Read secure 493 * ----------------------|Write secure 494 * Protection Zone 1-RIF1| 495 * ----------------------| 496 * 497 * (BHK => First 8 registers) 498 */ 499 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT, 500 sizeof(uint32_t)); 501 if (!pdata->bkpregs_conf.rif_offsets) 502 panic(); 503 504 /* 505 * 3 zones with 7 subzones in total(6 offsets): 506 * - 2 zone offsets 507 * - 4 subzones offsets 508 */ 509 if (lenp != sizeof(uint32_t) * 510 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES)) 511 panic("Incorrect bkpregs configuration"); 512 513 /* Backup registers zone 1 */ 514 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]); 515 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) + 516 fdt32_to_cpu(cuint[1]); 517 518 bkpregs_count = pdata->bkpregs_conf.zone1_end; 519 520 /* Backup registers zone 2 */ 521 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count + 522 fdt32_to_cpu(cuint[2]); 523 pdata->bkpregs_conf.zone2_end = bkpregs_count + 524 fdt32_to_cpu(cuint[2]) + 525 fdt32_to_cpu(cuint[3]); 526 527 bkpregs_count = pdata->bkpregs_conf.zone2_end; 528 529 /* Backup registers zone 3 */ 530 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count + 531 fdt32_to_cpu(cuint[4]); 532 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count + 533 fdt32_to_cpu(cuint[4]) + 534 fdt32_to_cpu(cuint[5]); 535 } 536 } 537 538 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node, 539 const void *compat) 540 { 541 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 542 TEE_Result res = TEE_ERROR_GENERIC; 543 struct dt_node_info dt_tamp = { }; 544 545 fdt_fill_device_info(fdt, &dt_tamp, node); 546 547 if (dt_tamp.reg == DT_INFO_INVALID_REG || 548 dt_tamp.reg_size == DT_INFO_INVALID_REG_SIZE) 549 return TEE_ERROR_BAD_PARAMETERS; 550 551 pdata->compat = (struct stm32_tamp_compat *)compat; 552 pdata->it = dt_tamp.interrupt; 553 pdata->base.pa = dt_tamp.reg; 554 io_pa_or_va_secure(&pdata->base, dt_tamp.reg_size); 555 556 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock); 557 if (res) 558 return res; 559 560 parse_bkpregs_dt_conf(fdt, node, pdata); 561 562 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) { 563 const fdt32_t *cuint = NULL; 564 unsigned int i = 0; 565 int lenp = 0; 566 567 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid); 568 if (res) 569 return res; 570 571 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp); 572 if (!cuint) { 573 DMSG("No RIF configuration available"); 574 return TEE_SUCCESS; 575 } 576 577 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data)); 578 if (!pdata->conf_data) 579 panic(); 580 581 pdata->nb_rif_resources = (unsigned int)(lenp / 582 sizeof(uint32_t)); 583 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES); 584 585 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES, 586 sizeof(uint32_t)); 587 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t)); 588 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t)); 589 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t)); 590 if (!pdata->conf_data->cid_confs || 591 !pdata->conf_data->sec_conf || 592 !pdata->conf_data->priv_conf || 593 !pdata->conf_data->access_mask) 594 panic("Not enough memory capacity for TAMP RIF config"); 595 596 for (i = 0; i < pdata->nb_rif_resources; i++) 597 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]), 598 pdata->conf_data, 599 TAMP_RIF_RESOURCES); 600 } 601 602 return TEE_SUCCESS; 603 } 604 605 static TEE_Result stm32_tamp_probe(const void *fdt, int node, 606 const void *compat_data) 607 { 608 uint32_t __maybe_unused revision = 0; 609 TEE_Result res = TEE_SUCCESS; 610 vaddr_t base = 0; 611 612 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev)); 613 if (!stm32_tamp_dev) 614 return TEE_ERROR_OUT_OF_MEMORY; 615 616 res = stm32_tamp_parse_fdt(fdt, node, compat_data); 617 if (res) 618 goto err; 619 620 if (clk_enable(stm32_tamp_dev->pdata.clock)) 621 panic(); 622 623 base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 624 625 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1); 626 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2); 627 628 revision = io_read32(base + _TAMP_VERR); 629 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32, 630 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV); 631 632 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) { 633 EMSG("TAMP doesn't support TrustZone"); 634 res = TEE_ERROR_NOT_SUPPORTED; 635 goto err_clk; 636 } 637 638 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 639 apply_rif_config(); 640 641 if (stm32_tamp_dev->pdata.is_tdcid) { 642 res = stm32_tamp_apply_bkpr_rif_conf(); 643 if (res) 644 goto err_clk; 645 } 646 } else { 647 /* 648 * Enforce secure only access to protected TAMP registers. 649 * Allow non-secure access to monotonic counter. 650 */ 651 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC); 652 653 /* 654 * Enforce privilege only access to TAMP registers, backup 655 * registers and monotonic counter. 656 */ 657 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV | 658 _TAMP_PRIVCFG_BKPRWPRIV | 659 _TAMP_PRIVCFG_BKPWPRIV); 660 } 661 662 return TEE_SUCCESS; 663 664 err_clk: 665 clk_disable(stm32_tamp_dev->pdata.clock); 666 err: 667 if (stm32_tamp_dev->pdata.conf_data) { 668 free(stm32_tamp_dev->pdata.conf_data->cid_confs); 669 free(stm32_tamp_dev->pdata.conf_data->sec_conf); 670 free(stm32_tamp_dev->pdata.conf_data->priv_conf); 671 free(stm32_tamp_dev->pdata.conf_data->access_mask); 672 free(stm32_tamp_dev->pdata.conf_data); 673 } 674 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets); 675 free(stm32_tamp_dev); 676 677 return res; 678 } 679 680 static const struct stm32_tamp_compat mp13_compat = { 681 .nb_monotonic_counter = 2, 682 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR, 683 }; 684 685 static const struct stm32_tamp_compat mp15_compat = { 686 .nb_monotonic_counter = 1, 687 .tags = 0, 688 }; 689 690 static const struct stm32_tamp_compat mp25_compat = { 691 .nb_monotonic_counter = 2, 692 .tags = TAMP_HAS_REGISTER_SECCFGR | 693 TAMP_HAS_REGISTER_PRIVCFGR | 694 TAMP_HAS_RIF_SUPPORT, 695 }; 696 697 static const struct dt_device_match stm32_tamp_match_table[] = { 698 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat }, 699 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat }, 700 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat }, 701 { } 702 }; 703 704 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = { 705 .name = "stm32-tamp", 706 .match_table = stm32_tamp_match_table, 707 .probe = stm32_tamp_probe, 708 }; 709