1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2025, STMicroelectronics 4 */ 5 6 #include <crypto/crypto.h> 7 #include <drivers/clk.h> 8 #include <drivers/clk_dt.h> 9 #include <drivers/gpio.h> 10 #include <drivers/stm32_gpio.h> 11 #include <drivers/stm32_rif.h> 12 #include <drivers/stm32_rtc.h> 13 #include <drivers/stm32mp_dt_bindings.h> 14 #include <io.h> 15 #include <kernel/dt.h> 16 #include <kernel/dt_driver.h> 17 #include <kernel/interrupt.h> 18 #include <libfdt.h> 19 #include <mm/core_memprot.h> 20 #include <stdbool.h> 21 #include <stm32_util.h> 22 23 /* STM32 Registers */ 24 #define _TAMP_CR1 0x00U 25 #define _TAMP_CR2 0x04U 26 #define _TAMP_CR3 0x08U 27 #define _TAMP_FLTCR 0x0CU 28 #define _TAMP_ATCR1 0x10U 29 #define _TAMP_ATSEEDR 0x14U 30 #define _TAMP_ATOR 0x18U 31 #define _TAMP_ATCR2 0x1CU 32 #define _TAMP_SECCFGR 0x20U 33 #define _TAMP_SMCR 0x20U 34 #define _TAMP_PRIVCFGR 0x24U 35 #define _TAMP_IER 0x2CU 36 #define _TAMP_SR 0x30U 37 #define _TAMP_MISR 0x34U 38 #define _TAMP_SMISR 0x38U 39 #define _TAMP_SCR 0x3CU 40 #define _TAMP_COUNTR 0x40U 41 #define _TAMP_COUNT2R 0x44U 42 #define _TAMP_OR 0x50U 43 #define _TAMP_ERCFGR 0X54U 44 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U)) 45 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x)) 46 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U)) 47 #define _TAMP_HWCFGR2 0x3ECU 48 #define _TAMP_HWCFGR1 0x3F0U 49 #define _TAMP_VERR 0x3F4U 50 #define _TAMP_IPIDR 0x3F8U 51 #define _TAMP_SIDR 0x3FCU 52 53 /* _TAMP_SECCFGR bit fields */ 54 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0) 55 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U 56 #define _TAMP_SECCFGR_CNT2SEC BIT(14) 57 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U 58 #define _TAMP_SECCFGR_CNT1SEC BIT(15) 59 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U 60 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16) 61 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U 62 #define _TAMP_SECCFGR_BHKLOCK BIT(30) 63 #define _TAMP_SECCFGR_TAMPSEC BIT(31) 64 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U 65 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \ 66 GENMASK_32(15, 14)) 67 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0) 68 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1) 69 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2) 70 71 /* _TAMP_SMCR bit fields */ 72 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0) 73 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U 74 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16) 75 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U 76 #define _TAMP_SMCR_DPROT BIT(31) 77 /* 78 * _TAMP_PRIVCFGR bit fields 79 */ 80 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 81 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 82 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 83 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 84 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 85 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 86 GENMASK_32(15, 14)) 87 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0) 88 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1) 89 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2) 90 91 /* _TAMP_PRIVCFGR bit fields */ 92 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 93 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 94 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 95 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 96 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 97 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 98 GENMASK_32(15, 14)) 99 100 /*_TAMP_CR1 bit fields */ 101 #define _TAMP_CR1_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 102 #define _TAMP_CR1_ETAMP(id) BIT((id) - EXT_TAMP1) 103 104 /* _TAMP_CR2 bit fields */ 105 #define _TAMP_CR2_ETAMPTRG(id) BIT((id) - EXT_TAMP1 + U(24)) 106 #define _TAMP_CR2_BKERASE BIT(23) 107 #define _TAMP_CR2_BKBLOCK BIT(22) 108 #define _TAMP_CR2_ETAMPMSK_MAX_ID 3U 109 #define _TAMP_CR2_ETAMPMSK(id) BIT((id) - EXT_TAMP1 + U(16)) 110 #define _TAMP_CR2_ETAMPNOER(id) BIT((id) - EXT_TAMP1) 111 112 /* _TAMP_CR3 bit fields */ 113 #define _TAMP_CR3_ITAMPNOER_ALL GENMASK_32(12, 0) 114 #define _TAMP_CR3_ITAMPNOER(id) BIT((id) - INT_TAMP1) 115 116 /* _TAMP_FLTCR bit fields */ 117 #define _TAMP_FLTCR_TAMPFREQ_MASK GENMASK_32(2, 0) 118 #define _TAMP_FLTCR_TAMPFREQ_SHIFT 0U 119 #define _TAMP_FLTCR_TAMPFLT_MASK GENMASK_32(4, 3) 120 #define _TAMP_FLTCR_TAMPFLT_SHIFT U(3) 121 #define _TAMP_FLTCR_TAMPPRCH_MASK GENMASK_32(6, 5) 122 #define _TAMP_FLTCR_TAMPPRCH_SHIFT 5U 123 #define _TAMP_FLTCR_TAMPPUDIS BIT(7) 124 125 /* _TAMP_ATCR bit fields */ 126 #define _TAMP_ATCR1_ATCKSEL_MASK GENMASK_32(19, 16) 127 #define _TAMP_ATCR1_ATCKSEL_SHIFT 16U 128 #define _TAMP_ATCR1_ATPER_MASK GENMASK_32(26, 24) 129 #define _TAMP_ATCR1_ATPER_SHIFT 24U 130 #define _TAMP_ATCR1_ATOSHARE BIT(30) 131 #define _TAMP_ATCR1_FLTEN BIT(31) 132 #define _TAMP_ATCR1_COMMON_MASK GENMASK_32(31, 16) 133 #define _TAMP_ATCR1_ETAMPAM(id) BIT((id) - EXT_TAMP1) 134 #define _TAMP_ATCR1_ATOSEL_MASK(id) \ 135 ({ \ 136 typeof(id) _id = (id); \ 137 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 2 + 7, \ 138 ((_id) - EXT_TAMP1) * 2 + 8); \ 139 }) 140 141 #define _TAMP_ATCR1_ATOSEL(id, od) \ 142 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 2 + 8) 143 144 /* _TAMP_ATCR2 bit fields */ 145 #define _TAMP_ATCR2_ATOSEL_MASK(id) \ 146 ({ \ 147 typeof(id) _id = (id); \ 148 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 3 + 7, \ 149 ((_id) - EXT_TAMP1) * 3 + 8); \ 150 }) 151 152 #define _TAMP_ATCR2_ATOSEL(id, od) \ 153 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 3 + 8) 154 155 /* _TAMP_ATOR bit fields */ 156 #define _TAMP_PRNG GENMASK_32(7, 0) 157 #define _TAMP_SEEDF BIT(14) 158 #define _TAMP_INITS BIT(15) 159 160 /* _TAMP_IER bit fields */ 161 #define _TAMP_IER_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 162 #define _TAMP_IER_ETAMP(id) BIT((id) - EXT_TAMP1) 163 164 /* _TAMP_SR bit fields */ 165 #define _TAMP_SR_ETAMPXF_MASK GENMASK_32(7, 0) 166 #define _TAMP_SR_ITAMPXF_MASK GENMASK_32(31, 16) 167 #define _TAMP_SR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 168 #define _TAMP_SR_ETAMP(id) BIT((id) - EXT_TAMP1) 169 170 /* _TAMP_SCR bit fields */ 171 #define _TAMP_SCR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 172 #define _TAMP_SCR_ETAMP(id) BIT((id) - EXT_TAMP1) 173 174 /* _TAMP_OR bit fields */ 175 #define _TAMP_OR_STM32MP13_IN1RMP_PF10 0U 176 #define _TAMP_OR_STM32MP13_IN1RMP_PC13 BIT(0) 177 #define _TAMP_OR_STM32MP13_IN2RMP_PA6 0U 178 #define _TAMP_OR_STM32MP13_IN2RMP_PI1 BIT(1) 179 #define _TAMP_OR_STM32MP13_IN3RMP_PC0 0U 180 #define _TAMP_OR_STM32MP13_IN3RMP_PI2 BIT(2) 181 #define _TAMP_OR_STM32MP13_IN4RMP_PG8 0U 182 #define _TAMP_OR_STM32MP13_IN4RMP_PI3 BIT(3) 183 184 /* For STM32MP15x, _TAMP_CFGR is _TAMP_OR */ 185 #define _TAMP_OR_STM32MP15_OUT3RMP_PI8 0U 186 #define _TAMP_OR_STM32MP15_OUT3RMP_PC13 BIT(0) 187 188 #define _TAMP_STM32MP21_OR_IN1RMP_PC4 0U 189 #define _TAMP_STM32MP21_OR_IN1RMP_PI8 BIT(0) 190 191 #define _TAMP_OR_STM32MP25_IN1RMP_PC4 0U 192 #define _TAMP_OR_STM32MP25_IN1RMP_PI8 BIT(0) 193 #define _TAMP_OR_STM32MP25_IN3RMP_PC3 0U 194 #define _TAMP_OR_STM32MP25_IN3RMP_PZ2 BIT(1) 195 #define _TAMP_OR_STM32MP25_IN5RMP_PF6 0U 196 #define _TAMP_OR_STM32MP25_IN5RMP_PZ4 BIT(2) 197 198 /* _TAMP_HWCFGR2 bit fields */ 199 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8) 200 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0) 201 202 /* _TAMP_HWCFGR1 bit fields */ 203 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0) 204 #define _TAMP_HWCFGR1_TAMPER_SHIFT 8U 205 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8) 206 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12) 207 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16) 208 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U 209 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U) 210 211 /* _TAMP_VERR bit fields */ 212 #define _TAMP_VERR_MINREV GENMASK_32(3, 0) 213 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4) 214 215 /* 216 * CIDCFGR register bitfields 217 */ 218 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 219 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \ 220 _CIDCFGR_SEMEN | \ 221 _TAMP_CIDCFGR_SCID_MASK) 222 223 /* _TAMP_BKPRIFR */ 224 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0) 225 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0) 226 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0)) 227 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U 228 229 /* 230 * RIF miscellaneous 231 */ 232 #define TAMP_NB_BKPR_ZONES 3U 233 #define TAMP_RIF_RESOURCES 3U 234 #define TAMP_RIF_OFFSET_CNT 4U 235 236 /* 237 * Compatibility capabilities 238 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR 239 * register 240 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register 241 * TAMP_HAS_RIF_SUPPORT - Supports RIF 242 */ 243 #define TAMP_HAS_REGISTER_SECCFGR BIT(0) 244 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1) 245 #define TAMP_HAS_REGISTER_ERCFGR BIT(2) 246 #define TAMP_HAS_REGISTER_ATCR2 BIT(3) 247 #define TAMP_HAS_REGISTER_CR3 BIT(4) 248 #define TAMP_HAS_CR2_SECRET_STATUS BIT(5) 249 #define TAMP_SIZE_ATCR1_ATCKSEL_IS_4 BIT(7) 250 #define TAMP_HAS_RIF_SUPPORT BIT(31) 251 252 /* Tamper event modes */ 253 #define TAMP_ERASE 0x0U 254 #define TAMP_NOERASE BIT(1) 255 #define TAMP_NO_EVT_MASK 0x0U 256 #define TAMP_EVT_MASK BIT(2) 257 #define TAMP_MODE_MASK GENMASK_32(15, 0) 258 259 /* Callback return bitmask values */ 260 #define TAMP_CB_ACK BIT(0) 261 #define TAMP_CB_RESET BIT(1) 262 #define TAMP_CB_ACK_AND_RESET (TAMP_CB_RESET | TAMP_CB_ACK) 263 264 #define SEED_TIMEOUT_US 1000U 265 266 /* Define TAMPER modes from DT */ 267 #define TAMP_TRIG_ON BIT(16) 268 #define TAMP_ACTIVE BIT(17) 269 #define TAMP_IN_DT BIT(18) 270 271 enum stm32_tamp_id { 272 INT_TAMP1 = 0, 273 INT_TAMP2, 274 INT_TAMP3, 275 INT_TAMP4, 276 INT_TAMP5, 277 INT_TAMP6, 278 INT_TAMP7, 279 INT_TAMP8, 280 INT_TAMP9, 281 INT_TAMP10, 282 INT_TAMP11, 283 INT_TAMP12, 284 INT_TAMP13, 285 INT_TAMP14, 286 INT_TAMP15, 287 INT_TAMP16, 288 289 EXT_TAMP1, 290 EXT_TAMP2, 291 EXT_TAMP3, 292 EXT_TAMP4, 293 EXT_TAMP5, 294 EXT_TAMP6, 295 EXT_TAMP7, 296 EXT_TAMP8, 297 298 LAST_TAMP, 299 INVALID_TAMP = 0xFFFF, 300 }; 301 302 enum stm32_tamp_out_id { 303 OUT_TAMP1 = LAST_TAMP, 304 OUT_TAMP2, 305 OUT_TAMP3, 306 OUT_TAMP4, 307 OUT_TAMP5, 308 OUT_TAMP6, 309 OUT_TAMP7, 310 OUT_TAMP8, 311 INVALID_OUT_TAMP = INVALID_TAMP 312 }; 313 314 /** 315 * struct stm32_tamp_pin_map - Tamper pin map 316 * 317 * @id: Identifier of the tamper 318 * @conf: Internal mux configuration of the pin present in the TAMP block 319 * @bank: GPIO pin bank 320 * @pin: GPIO number in the bank 321 * @out: True if pin is used for tamper output 322 */ 323 struct stm32_tamp_pin_map { 324 uint32_t id; 325 uint32_t conf; 326 uint8_t bank; 327 uint8_t pin; 328 bool out; 329 }; 330 331 /** 332 * struct stm32_tamp_tamper_data - Tamper data 333 * 334 * @id: Identifier of the tamper 335 * @out_id: Identifier of the output tamper, tamper in active mode 336 * @mode: Mode of the tamper 337 * @func: Tamper callback in case of tamper event 338 */ 339 struct stm32_tamp_tamper_data { 340 uint32_t id; 341 uint32_t out_id; 342 uint32_t mode; 343 uint32_t (*func)(int id); 344 }; 345 346 /** 347 * struct stm32_tamp_compat - TAMP compatible data 348 * 349 * @ext_tamp: List of available external tampers 350 * @int_tamp: List of available internal tampers 351 * @pin_map: List of hardware mapped of pins supporting tamper event detection 352 * @nb_monotonic_counter: Number of monotic counter supported 353 * @ext_tamp_size: Size of @ext_tamp 354 * @int_tamp_size: Size of @int_tamp 355 * @pin_map_size: Size of pin_map 356 * @tags: Bit flags TAMP_HAS_* for compatibility management 357 */ 358 struct stm32_tamp_compat { 359 struct stm32_tamp_tamper_data *ext_tamp; 360 struct stm32_tamp_tamper_data *int_tamp; 361 const struct stm32_tamp_pin_map *pin_map; 362 int nb_monotonic_counter; 363 uint32_t ext_tamp_size; 364 uint32_t int_tamp_size; 365 uint32_t pin_map_size; 366 uint32_t tags; 367 }; 368 369 /* 370 * struct stm32_bkpregs_conf - Backup registers zone bounds 371 * @zone1_end - Number of backup registers in zone 1 372 * @zone2_end - Number of backup registers in zone 2 + zone 1 373 * @rif_offsets - RIF offsets used for CID compartments 374 * 375 * TAMP backup registers access permissions 376 * 377 * Zone 1: read/write in secure state, no access in non-secure state 378 * Zone 2: read/write in secure state, read-only in non-secure state 379 * Zone 3: read/write in secure state, read/write in non-secure state 380 * 381 * Protection zone 1 382 * If zone1_end == 0 no backup register are in zone 1. 383 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1, 384 * with <x> = (@zone1_end - 1). 385 * 386 * Protection zone 2 387 * If zone2_end == 0 no backup register are in zone 2 and zone 1. 388 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2, 389 * with <y> = @zone1_end and <z> = (@zone2_end - 1). 390 * 391 * Protection zone 3 392 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3, 393 * with <t> = (@zone2_end - 1). 394 * 395 * When RIF is supported, each zone can be subdivided to restrain accesses to 396 * some CIDs. 397 */ 398 struct stm32_bkpregs_conf { 399 uint32_t zone1_end; 400 uint32_t zone2_end; 401 uint32_t *rif_offsets; 402 }; 403 404 /** 405 * struct stm32_tamp_platdata - TAMP platform data 406 * @base: IOMEM base address 407 * @bkpregs_conf: TAMP backup register configuration reference 408 * @compat: Reference to compat data passed at driver initialization 409 * @conf_data: RIF configuration data 410 * @clock: TAMP clock 411 * @itr: TAMP interrupt handler 412 * @nb_rif_resources: Number of RIF resources 413 * @passive_conf: Passive tampers configuration 414 * @active_conf: Active tampers configuration 415 * @pins_conf: Configuration of mapped pins for tampers 416 * @out_pins: Output pins for passive tampers 417 * @is_wakeup_source: True if a tamper event is a wakeup source 418 * @is_tdcid: True if current processor is TDCID 419 */ 420 struct stm32_tamp_platdata { 421 struct io_pa_va base; 422 struct stm32_bkpregs_conf bkpregs_conf; 423 struct stm32_tamp_compat *compat; 424 struct rif_conf_data *conf_data; 425 struct clk *clock; 426 struct itr_handler *itr; 427 unsigned int nb_rif_resources; 428 uint32_t passive_conf; 429 uint32_t active_conf; 430 uint32_t pins_conf; 431 uint32_t out_pins; 432 bool is_wakeup_source; 433 bool is_tdcid; 434 }; 435 436 /** 437 * struct stm32_tamp_instance - TAMP instance data 438 * @pdata: TAMP platform data 439 * @hwconf1: Copy of TAMP HWCONF1 register content 440 * @hwconf2: Copy of TAMP HWCONF2 register content 441 */ 442 struct stm32_tamp_instance { 443 struct stm32_tamp_platdata pdata; 444 uint32_t hwconf1; 445 uint32_t hwconf2; 446 }; 447 448 #define GPIO_BANK(port) ((port) - 'A') 449 450 #if defined(CFG_STM32MP13) 451 static const char * const itamper_name[] = { 452 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 453 [INT_TAMP2] = "Temperature monitoring", 454 [INT_TAMP3] = "LSE monitoring", 455 [INT_TAMP4] = "HSE monitoring", 456 [INT_TAMP5] = "RTC Calendar overflow", 457 [INT_TAMP6] = "JTAG SWD access", 458 [INT_TAMP7] = "ADC2 analog watchdog monitoring 1", 459 [INT_TAMP8] = "Monotonic counter 1", 460 [INT_TAMP9] = "Cryptographic perpipheral fault", 461 [INT_TAMP10] = "Monotonic counter 2", 462 [INT_TAMP11] = "IWDG1 reset", 463 [INT_TAMP12] = "ADC2 analog watchdog monitoring 2", 464 [INT_TAMP13] = "ADC2 analog watchdog monitoring 3", 465 }; 466 467 static struct stm32_tamp_tamper_data int_tamp_mp13[] = { 468 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 469 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 470 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 471 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 472 { .id = INT_TAMP12 }, { .id = INT_TAMP13 }, 473 }; 474 475 static struct stm32_tamp_tamper_data ext_tamp_mp13[] = { 476 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 477 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 478 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 479 }; 480 481 static const struct stm32_tamp_pin_map pin_map_mp13[] = { 482 { 483 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 484 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PC13, 485 }, 486 { 487 .id = EXT_TAMP1, .bank = GPIO_BANK('F'), .pin = 10, 488 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PF10, 489 }, 490 { 491 .id = EXT_TAMP2, .bank = GPIO_BANK('A'), .pin = 6, 492 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PA6, 493 }, 494 { 495 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 1, 496 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PI1, 497 }, 498 { 499 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 0, 500 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PC0, 501 }, 502 { 503 .id = EXT_TAMP3, .bank = GPIO_BANK('I'), .pin = 2, 504 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PI2, 505 }, 506 { 507 .id = EXT_TAMP4, .bank = GPIO_BANK('G'), .pin = 8, 508 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PG8, 509 }, 510 { 511 .id = EXT_TAMP4, .bank = GPIO_BANK('I'), .pin = 3, 512 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PI3, 513 }, 514 }; 515 #endif 516 517 #if defined(CFG_STM32MP15) 518 static const char * const itamper_name[] = { 519 [INT_TAMP1] = "RTC power domain", 520 [INT_TAMP2] = "Temperature monitoring", 521 [INT_TAMP3] = "LSE monitoring", 522 [INT_TAMP5] = "RTC Calendar overflow", 523 [INT_TAMP8] = "Monotonic counter", 524 }; 525 DECLARE_KEEP_PAGER(itamper_name); 526 527 static struct stm32_tamp_tamper_data int_tamp_mp15[] = { 528 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 529 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP8 }, 530 }; 531 532 static struct stm32_tamp_tamper_data ext_tamp_mp15[] = { 533 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 534 }; 535 536 static const struct stm32_tamp_pin_map pin_map_mp15[] = { 537 { 538 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 539 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 540 }, 541 { 542 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 8, 543 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 544 }, 545 { 546 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 1, 547 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 548 }, 549 { 550 .id = OUT_TAMP2, .bank = GPIO_BANK('C'), .pin = 13, 551 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 552 }, 553 { 554 .id = OUT_TAMP3, .bank = GPIO_BANK('C'), .pin = 13, 555 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PC13, 556 }, 557 { 558 .id = OUT_TAMP3, .bank = GPIO_BANK('I'), .pin = 8, 559 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 560 }, 561 }; 562 #endif 563 564 #if defined(CFG_STM32MP21) 565 static const char * const itamper_name[] = { 566 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 567 [INT_TAMP2] = "Temperature monitoring", 568 [INT_TAMP3] = "LSE monitoring", 569 [INT_TAMP4] = "HSE monitoring", 570 [INT_TAMP5] = "RTC Calendar overflow", 571 [INT_TAMP6] = "JTAG TAP access in secured-closed", 572 [INT_TAMP7] = "ADC2 analog watchdog monitoring1", 573 [INT_TAMP8] = "Monotonic counter 1 overflow", 574 [INT_TAMP9] = "Cryptographic peripherals fault", 575 [INT_TAMP10] = "Monotonic counter 2 overflow", 576 [INT_TAMP11] = "IWDG3 reset", 577 [INT_TAMP12] = "ADC2 analog watchdog monitoring2", 578 [INT_TAMP13] = "ADC2 analog watchdog monitoring3", 579 [INT_TAMP14] = "RIFSC or BSEC or DBGMCU fault", 580 [INT_TAMP15] = "IWDG1_reset", 581 [INT_TAMP16] = "BOOTROM fault", 582 }; 583 584 static struct stm32_tamp_tamper_data int_tamp_mp21[] = { 585 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 586 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 587 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 588 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, { .id = INT_TAMP12 }, 589 { .id = INT_TAMP13 }, { .id = INT_TAMP14 }, { .id = INT_TAMP15 }, 590 { .id = INT_TAMP16 }, 591 }; 592 593 static struct stm32_tamp_tamper_data ext_tamp_mp21[] = { 594 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 595 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 596 { .id = EXT_TAMP7 }, 597 }; 598 599 static const struct stm32_tamp_pin_map pin_map_mp21[] = { 600 { 601 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 602 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PI8, 603 }, 604 { 605 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 606 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PC4, 607 }, 608 }; 609 #endif 610 611 #if defined(CFG_STM32MP25) 612 static const char * const itamper_name[] = { 613 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 614 [INT_TAMP2] = "Temperature monitoring", 615 [INT_TAMP3] = "LSE monitoring", 616 [INT_TAMP4] = "HSE monitoring", 617 [INT_TAMP5] = "RTC Calendar overflow", 618 [INT_TAMP6] = "JTAG/SWD access", 619 [INT_TAMP7] = "VDDCORE monitoring under/over voltage", 620 [INT_TAMP8] = "Monotonic counter 1 overflow", 621 [INT_TAMP9] = "Cryptographic peripherals fault", 622 [INT_TAMP10] = "Monotonic counter 2 overflow", 623 [INT_TAMP11] = "IWDG3 reset", 624 [INT_TAMP12] = "VDDCPU monitoring under/over voltage", 625 [INT_TAMP14] = "IWDG5_reset", 626 [INT_TAMP15] = "IWDG1_reset", 627 }; 628 629 static struct stm32_tamp_tamper_data int_tamp_mp25[] = { 630 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 631 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 632 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 633 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 634 { .id = INT_TAMP12 }, { .id = INT_TAMP14 }, 635 { .id = INT_TAMP15 }, 636 }; 637 638 static struct stm32_tamp_tamper_data ext_tamp_mp25[] = { 639 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 640 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 641 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 642 }; 643 644 static const struct stm32_tamp_pin_map pin_map_mp25[] = { 645 { 646 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 647 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PI8, 648 }, 649 { 650 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 651 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PC4, 652 }, 653 { 654 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 3, 655 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PC3, 656 }, 657 { 658 .id = EXT_TAMP3, .bank = GPIO_BANK('Z'), .pin = 2, 659 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PZ2, 660 }, 661 { 662 .id = EXT_TAMP5, .bank = GPIO_BANK('F'), .pin = 6, 663 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PF6, 664 }, 665 { 666 .id = EXT_TAMP5, .bank = GPIO_BANK('Z'), .pin = 4, 667 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PZ4, 668 }, 669 }; 670 #endif 671 672 /* Expects at most a single instance */ 673 static struct stm32_tamp_instance *stm32_tamp_dev; 674 675 static vaddr_t get_base(void) 676 { 677 assert(stm32_tamp_dev && stm32_tamp_dev->pdata.base.pa); 678 679 return io_pa_or_va_secure(&stm32_tamp_dev->pdata.base, 1); 680 } 681 682 static void apply_rif_config(void) 683 { 684 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data; 685 uint32_t access_mask_priv_reg = 0; 686 uint32_t access_mask_sec_reg = 0; 687 vaddr_t base = get_base(); 688 uint32_t privcfgr = 0; 689 uint32_t seccfgr = 0; 690 unsigned int i = 0; 691 692 if (!stm32_tamp_dev->pdata.conf_data) 693 return; 694 695 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */ 696 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 697 if (BIT(i) & rif_conf->access_mask[0]) { 698 switch (i) { 699 case 0: 700 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC; 701 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV; 702 break; 703 case 1: 704 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC; 705 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV; 706 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV; 707 break; 708 case 2: 709 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC; 710 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV; 711 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV; 712 break; 713 default: 714 panic(); 715 } 716 } 717 } 718 719 /* 720 * When TDCID, OP-TEE should be the one to set the CID filtering 721 * configuration. Clearing previous configuration prevents 722 * undesired events during the only legitimate configuration. 723 */ 724 if (stm32_tamp_dev->pdata.is_tdcid) { 725 for (i = 0; i < TAMP_RIF_RESOURCES; i++) 726 if (BIT(i) & rif_conf->access_mask[0]) 727 io_clrbits32(base + _TAMP_CIDCFGR(i), 728 _TAMP_CIDCFGR_CONF_MASK); 729 } 730 731 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC) 732 seccfgr |= _TAMP_SECCFGR_TAMPSEC; 733 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1) 734 seccfgr |= _TAMP_SECCFGR_CNT1SEC; 735 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2) 736 seccfgr |= _TAMP_SECCFGR_CNT2SEC; 737 738 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV) 739 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV; 740 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1) 741 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV; 742 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2) 743 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV; 744 745 /* Security and privilege RIF configuration */ 746 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr); 747 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr); 748 749 if (!stm32_tamp_dev->pdata.is_tdcid) 750 return; 751 752 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 753 if (!(BIT(i) & rif_conf->access_mask[0])) 754 continue; 755 756 io_clrsetbits32(base + _TAMP_CIDCFGR(i), 757 _TAMP_CIDCFGR_CONF_MASK, 758 rif_conf->cid_confs[i]); 759 } 760 } 761 762 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void) 763 { 764 struct stm32_bkpregs_conf *bkpregs_conf = 765 &stm32_tamp_dev->pdata.bkpregs_conf; 766 vaddr_t base = get_base(); 767 unsigned int i = 0; 768 769 if (!bkpregs_conf->rif_offsets) 770 panic("No backup register configuration"); 771 772 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) { 773 if (bkpregs_conf->rif_offsets[i] > 774 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) 775 return TEE_ERROR_NOT_SUPPORTED; 776 } 777 778 /* Fill the 3 TAMP_BKPRIFRx registers */ 779 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK, 780 bkpregs_conf->rif_offsets[0]); 781 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK, 782 bkpregs_conf->rif_offsets[1]); 783 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK, 784 bkpregs_conf->rif_offsets[2] | 785 SHIFT_U32(bkpregs_conf->rif_offsets[3], 786 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT)); 787 788 DMSG("Backup registers mapping :"); 789 DMSG("********START of zone 1********"); 790 DMSG("Protection Zone 1-RIF1 begins at register: 0"); 791 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32, 792 bkpregs_conf->rif_offsets[0]); 793 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32, 794 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0); 795 DMSG("********END of zone 1********"); 796 DMSG("********START of zone 2********"); 797 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32, 798 bkpregs_conf->zone1_end); 799 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32, 800 bkpregs_conf->rif_offsets[1]); 801 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32, 802 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ? 803 bkpregs_conf->zone2_end - 1 : 0); 804 DMSG("********END of zone 2********"); 805 DMSG("********START of zone 3********"); 806 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32, 807 bkpregs_conf->zone2_end); 808 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32, 809 bkpregs_conf->rif_offsets[2]); 810 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32, 811 bkpregs_conf->rif_offsets[3]); 812 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32, 813 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG); 814 DMSG("********END of zone 3********"); 815 816 return TEE_SUCCESS; 817 } 818 819 static TEE_Result stm32_tamp_set_secure_bkpregs(void) 820 { 821 struct stm32_bkpregs_conf *bkpregs_conf = 822 &stm32_tamp_dev->pdata.bkpregs_conf; 823 vaddr_t base = get_base(); 824 uint32_t first_z2 = 0; 825 uint32_t first_z3 = 0; 826 827 first_z2 = bkpregs_conf->zone1_end; 828 first_z3 = bkpregs_conf->zone2_end; 829 830 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) || 831 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))) 832 return TEE_ERROR_BAD_PARAMETERS; 833 834 if (stm32_tamp_dev->pdata.compat && 835 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 836 io_clrsetbits32(base + _TAMP_SECCFGR, 837 _TAMP_SECCFGR_BKPRWSEC_MASK, 838 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) & 839 _TAMP_SECCFGR_BKPRWSEC_MASK); 840 841 io_clrsetbits32(base + _TAMP_SECCFGR, 842 _TAMP_SECCFGR_BKPWSEC_MASK, 843 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) & 844 _TAMP_SECCFGR_BKPWSEC_MASK); 845 } else { 846 io_clrsetbits32(base + _TAMP_SMCR, 847 _TAMP_SMCR_BKPRWDPROT_MASK, 848 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) & 849 _TAMP_SMCR_BKPRWDPROT_MASK); 850 851 io_clrsetbits32(base + _TAMP_SMCR, 852 _TAMP_SMCR_BKPWDPROT_MASK, 853 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) & 854 _TAMP_SMCR_BKPWDPROT_MASK); 855 } 856 857 return TEE_SUCCESS; 858 } 859 860 static void stm32_tamp_set_secure(uint32_t mode) 861 { 862 vaddr_t base = get_base(); 863 864 if (stm32_tamp_dev->pdata.compat && 865 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 866 io_clrsetbits32(base + _TAMP_SECCFGR, 867 _TAMP_SECCFGR_BUT_BKP_MASK, 868 mode & _TAMP_SECCFGR_BUT_BKP_MASK); 869 } else { 870 /* 871 * Note: MP15 doesn't use SECCFG register and 872 * inverts the secure bit. 873 */ 874 if (mode & _TAMP_SECCFGR_TAMPSEC) 875 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 876 else 877 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 878 } 879 } 880 881 static void stm32_tamp_set_privilege(uint32_t mode) 882 { 883 vaddr_t base = get_base(); 884 885 if (stm32_tamp_dev->pdata.compat && 886 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR)) 887 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK, 888 mode & _TAMP_PRIVCFGR_MASK); 889 } 890 891 static void parse_bkpregs_dt_conf(const void *fdt, int node) 892 { 893 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 894 unsigned int bkpregs_count = 0; 895 const fdt32_t *cuint = NULL; 896 int lenp = 0; 897 898 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp); 899 if (!cuint) 900 panic("Missing backup registers configuration"); 901 902 /* 903 * When TAMP does not support RIF, the backup registers can 904 * be splited in 3 zones. These zones have specific read/write 905 * access permissions based on the secure status of the accesser. 906 * When RIF is supported, these zones can additionally be splited 907 * in subzones that have CID filtering. Zones/Subzones can be empty and 908 * are contiguous. 909 */ 910 if (!(pdata->compat->tags & TAMP_HAS_RIF_SUPPORT)) { 911 /* 3 zones, 2 offsets to apply */ 912 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES) 913 panic("Incorrect bkpregs configuration"); 914 915 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]); 916 bkpregs_count = fdt32_to_cpu(cuint[0]); 917 918 pdata->bkpregs_conf.zone2_end = bkpregs_count + 919 fdt32_to_cpu(cuint[1]); 920 } else { 921 /* 922 * Zone 3 923 * ----------------------| 924 * Protection Zone 3-RIF2|Read non- 925 * ----------------------|secure 926 * Protection Zone 3-RIF0|Write non- 927 * ----------------------|secure 928 * Protection Zone 3-RIF1| 929 * ----------------------| 930 * 931 * Zone 2 932 * ----------------------| 933 * Protection Zone 2-RIF2|Read non- 934 * ----------------------|secure 935 * Protection Zone 2-RIF1|Write secure 936 * ----------------------| 937 * 938 * Zone 1 939 * ----------------------| 940 * Protection Zone 1-RIF2|Read secure 941 * ----------------------|Write secure 942 * Protection Zone 1-RIF1| 943 * ----------------------| 944 * 945 * (BHK => First 8 registers) 946 */ 947 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT, 948 sizeof(uint32_t)); 949 if (!pdata->bkpregs_conf.rif_offsets) 950 panic(); 951 952 /* 953 * 3 zones with 7 subzones in total(6 offsets): 954 * - 2 zone offsets 955 * - 4 subzones offsets 956 */ 957 if (lenp != sizeof(uint32_t) * 958 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES)) 959 panic("Incorrect bkpregs configuration"); 960 961 /* Backup registers zone 1 */ 962 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]); 963 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) + 964 fdt32_to_cpu(cuint[1]); 965 966 bkpregs_count = pdata->bkpregs_conf.zone1_end; 967 968 /* Backup registers zone 2 */ 969 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count + 970 fdt32_to_cpu(cuint[2]); 971 pdata->bkpregs_conf.zone2_end = bkpregs_count + 972 fdt32_to_cpu(cuint[2]) + 973 fdt32_to_cpu(cuint[3]); 974 975 bkpregs_count = pdata->bkpregs_conf.zone2_end; 976 977 /* Backup registers zone 3 */ 978 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count + 979 fdt32_to_cpu(cuint[4]); 980 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count + 981 fdt32_to_cpu(cuint[4]) + 982 fdt32_to_cpu(cuint[5]); 983 } 984 } 985 986 static void stm32_tamp_set_pins(vaddr_t base, uint32_t mode) 987 { 988 io_setbits32(base + _TAMP_OR, mode); 989 } 990 991 static TEE_Result stm32_tamp_set_seed(vaddr_t base) 992 { 993 uint32_t value = 0; 994 int idx = 0; 995 996 for (idx = 0; idx < 4; idx++) { 997 uint32_t rnd = 0; 998 999 if (crypto_rng_read(&rnd, sizeof(uint32_t))) 1000 return TEE_ERROR_BAD_STATE; 1001 1002 io_write32(base + _TAMP_ATSEEDR, rnd); 1003 } 1004 1005 if (IO_READ32_POLL_TIMEOUT(base + _TAMP_ATOR, value, 1006 !(value & _TAMP_SEEDF), 0, SEED_TIMEOUT_US)) 1007 return TEE_ERROR_BAD_STATE; 1008 1009 return TEE_SUCCESS; 1010 } 1011 1012 static TEE_Result is_int_tamp_id_valid(enum stm32_tamp_id id) 1013 { 1014 if (id - INT_TAMP1 >= _TAMP_HWCFGR1_ITAMP_MAX_ID) 1015 return TEE_ERROR_BAD_PARAMETERS; 1016 1017 if (!(stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_ITAMP(id))) 1018 return TEE_ERROR_ITEM_NOT_FOUND; 1019 1020 return TEE_SUCCESS; 1021 } 1022 1023 static bool is_ext_tamp_id_valid(enum stm32_tamp_id id) 1024 { 1025 return id - EXT_TAMP1 <= 1026 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_TAMPER) >> 1027 _TAMP_HWCFGR1_TAMPER_SHIFT; 1028 } 1029 1030 static enum itr_return stm32_tamp_it_handler(struct itr_handler *h __unused) 1031 { 1032 struct optee_rtc_time __maybe_unused tamp_ts = { }; 1033 vaddr_t base = get_base(); 1034 uint32_t it = io_read32(base + _TAMP_SR); 1035 uint32_t int_it = it & _TAMP_SR_ITAMPXF_MASK; 1036 uint32_t ext_it = it & _TAMP_SR_ETAMPXF_MASK; 1037 bool ts_enabled = false; 1038 size_t i = 0; 1039 1040 if (stm32_rtc_is_timestamp_enabled(&ts_enabled)) 1041 panic(); 1042 1043 if (ts_enabled && it) { 1044 TEE_Result res = stm32_rtc_get_timestamp(&tamp_ts); 1045 1046 if (res) 1047 EMSG("Failed to get RTC timestamp: %"PRIx32, res); 1048 FMSG("Tamper event occurred at:"); 1049 FMSG("\n \t Date: %"PRIu32"/%"PRIu32"\n \t Time: %"PRIu32":%"PRIu32":%"PRIu32, 1050 tamp_ts.tm_mday, tamp_ts.tm_mon, tamp_ts.tm_hour, 1051 tamp_ts.tm_min, tamp_ts.tm_sec); 1052 } 1053 1054 while (int_it && i < stm32_tamp_dev->pdata.compat->int_tamp_size) { 1055 struct stm32_tamp_tamper_data int_tamp = 1056 stm32_tamp_dev->pdata.compat->int_tamp[i]; 1057 int id = int_tamp.id; 1058 1059 if (int_it & _TAMP_SR_ITAMP(id)) { 1060 uint32_t ret = 0; 1061 1062 int_it &= ~_TAMP_SR_ITAMP(id); 1063 1064 if (int_tamp.func) 1065 ret = int_tamp.func(id); 1066 1067 if (ret & TAMP_CB_ACK) 1068 io_setbits32(base + _TAMP_SCR, 1069 _TAMP_SCR_ITAMP(id)); 1070 1071 if (ret & TAMP_CB_RESET) 1072 do_reset("Internal tamper event detected"); 1073 } 1074 i++; 1075 } 1076 1077 i = 0; 1078 /* External tamper interrupt */ 1079 while (ext_it && i < stm32_tamp_dev->pdata.compat->ext_tamp_size) { 1080 struct stm32_tamp_tamper_data ext_tamp = 1081 stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1082 int id = ext_tamp.id; 1083 1084 if (ext_it & _TAMP_SR_ETAMP(id)) { 1085 uint32_t ret = 0; 1086 1087 ext_it &= ~_TAMP_SR_ETAMP(id); 1088 1089 if (ext_tamp.func) 1090 ret = ext_tamp.func(id); 1091 1092 if (ret & TAMP_CB_ACK) 1093 io_setbits32(base + _TAMP_SCR, 1094 _TAMP_SCR_ETAMP(id)); 1095 1096 if (ret & TAMP_CB_RESET) 1097 do_reset("External tamper event detected"); 1098 } 1099 i++; 1100 } 1101 1102 return ITRR_HANDLED; 1103 } 1104 DECLARE_KEEP_PAGER(stm32_tamp_it_handler); 1105 1106 static TEE_Result stm32_tamp_set_int_config(struct stm32_tamp_compat *tcompat, 1107 uint32_t itamp_index, uint32_t *cr1, 1108 uint32_t *cr3, uint32_t *ier) 1109 { 1110 struct stm32_tamp_tamper_data *tamp_int = NULL; 1111 enum stm32_tamp_id id = INVALID_TAMP; 1112 TEE_Result res = TEE_ERROR_GENERIC; 1113 1114 if (!tcompat) 1115 return TEE_ERROR_BAD_PARAMETERS; 1116 1117 tamp_int = &tcompat->int_tamp[itamp_index]; 1118 id = tamp_int->id; 1119 1120 res = is_int_tamp_id_valid(id); 1121 if (res == TEE_ERROR_ITEM_NOT_FOUND) 1122 return TEE_SUCCESS; 1123 else if (res) 1124 return res; 1125 1126 /* 1127 * If there is no callback 1128 * this tamper is disabled, we reset its configuration. 1129 */ 1130 if (!tamp_int->func) { 1131 *cr1 &= ~_TAMP_CR1_ITAMP(id); 1132 *ier &= ~_TAMP_IER_ITAMP(id); 1133 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) 1134 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1135 1136 FMSG("INT_TAMP%d disabled", id - INT_TAMP1 + 1); 1137 return TEE_SUCCESS; 1138 } 1139 1140 *cr1 |= _TAMP_CR1_ITAMP(id); 1141 *ier |= _TAMP_IER_ITAMP(id); 1142 1143 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) { 1144 if (tamp_int->mode & TAMP_NOERASE) 1145 *cr3 |= _TAMP_CR3_ITAMPNOER(id); 1146 else 1147 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1148 } 1149 1150 DMSG("'%s' internal tamper enabled in %s mode", 1151 itamper_name[id - INT_TAMP1], 1152 (tamp_int->mode & TAMP_NOERASE) ? "potential" : "confirmed"); 1153 1154 return TEE_SUCCESS; 1155 } 1156 1157 static TEE_Result stm32_tamp_set_ext_config(struct stm32_tamp_compat *tcompat, 1158 uint32_t etamp_index, uint32_t *cr1, 1159 uint32_t *cr2, uint32_t *atcr1, 1160 uint32_t *atcr2, uint32_t *ier) 1161 { 1162 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1163 enum stm32_tamp_id id = INVALID_TAMP; 1164 1165 if (!tcompat) 1166 return TEE_ERROR_BAD_PARAMETERS; 1167 1168 tamp_ext = &tcompat->ext_tamp[etamp_index]; 1169 id = tamp_ext->id; 1170 1171 /* Exit if not a valid TAMP_ID */ 1172 if (!is_ext_tamp_id_valid(id)) 1173 return TEE_ERROR_BAD_PARAMETERS; 1174 1175 /* 1176 * If there is no callback or this TAMPER wasn't defined in DT, 1177 * this tamper is disabled, we reset its configuration. 1178 */ 1179 if (!tamp_ext->func || !(tamp_ext->mode & TAMP_IN_DT)) { 1180 *cr1 &= ~_TAMP_CR1_ETAMP(id); 1181 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1182 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1183 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1184 *ier &= ~_TAMP_IER_ETAMP(id); 1185 1186 FMSG("EXT_TAMP%d disabled", id - EXT_TAMP1 + 1); 1187 return TEE_SUCCESS; 1188 } 1189 1190 *cr1 |= _TAMP_CR1_ETAMP(id); 1191 1192 if (tamp_ext->mode & TAMP_TRIG_ON) 1193 *cr2 |= _TAMP_CR2_ETAMPTRG(id); 1194 else 1195 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1196 1197 if (tamp_ext->mode & TAMP_ACTIVE) { 1198 *atcr1 |= _TAMP_ATCR1_ETAMPAM(id); 1199 1200 /* Configure output pin if ATOSHARE is selected */ 1201 if (*atcr1 & _TAMP_ATCR1_ATOSHARE) { 1202 if (tcompat->tags & TAMP_HAS_REGISTER_ATCR2) 1203 *atcr2 = (*atcr2 & 1204 ~_TAMP_ATCR2_ATOSEL_MASK(id)) | 1205 _TAMP_ATCR2_ATOSEL(id, 1206 tamp_ext->out_id); 1207 else 1208 *atcr1 = (*atcr1 & 1209 ~_TAMP_ATCR1_ATOSEL_MASK(id)) | 1210 _TAMP_ATCR1_ATOSEL(id, 1211 tamp_ext->out_id); 1212 } 1213 } else { 1214 *atcr1 &= ~_TAMP_ATCR1_ETAMPAM(id); 1215 } 1216 1217 if (tamp_ext->mode & TAMP_NOERASE) 1218 *cr2 |= _TAMP_CR2_ETAMPNOER(id); 1219 else 1220 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1221 1222 if (id < _TAMP_CR2_ETAMPMSK_MAX_ID) { 1223 /* 1224 * Only external TAMP 1, 2 and 3 can be masked 1225 * and we may want them masked at startup. 1226 */ 1227 if (tamp_ext->mode & TAMP_EVT_MASK) { 1228 /* 1229 * ETAMP(id) event generates a trigger event. This 1230 * ETAMP(id) is masked and internally cleared by 1231 * hardware. 1232 * The secrets are not erased. 1233 */ 1234 *ier &= ~_TAMP_IER_ETAMP(id); 1235 *cr2 |= _TAMP_CR2_ETAMPMSK(id); 1236 } else { 1237 /* 1238 * normal ETAMP interrupt: 1239 * ETAMP(id) event generates a trigger event and 1240 * TAMP(id) must be cleared by software to allow 1241 * next tamper event detection. 1242 */ 1243 *ier |= _TAMP_IER_ETAMP(id); 1244 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1245 } 1246 } else { 1247 /* Other than 1,2,3 external TAMP, we want its interrupt */ 1248 *ier |= _TAMP_IER_ETAMP(id); 1249 } 1250 1251 DMSG("EXT_TAMP%d enabled as a %s tamper in %s mode, trig_%s %s", 1252 id - EXT_TAMP1 + 1, 1253 (tamp_ext->mode & TAMP_ACTIVE) ? "active" : "passive", 1254 (tamp_ext->mode & TAMP_NOERASE) ? "potential" : "confirmed", 1255 (tamp_ext->mode & TAMP_TRIG_ON) ? "on" : "off", 1256 (tamp_ext->mode & TAMP_EVT_MASK) ? " (masked)" : ""); 1257 1258 if (tamp_ext->mode & TAMP_ACTIVE) 1259 DMSG(" linked with OUT_TAMP%"PRIu32, 1260 tamp_ext->out_id - OUT_TAMP1 + 1); 1261 1262 return TEE_SUCCESS; 1263 } 1264 1265 /* 1266 * Count number of 1 in bitmask 1267 * Cannot use __builtin_popcount(): libgcc.a for ARMV7 use hardfloat ABI, 1268 * but OP-TEE core is compiled with softfloat ABI. 1269 */ 1270 static int popcount(uint32_t bitmask) 1271 { 1272 int nb = 0; 1273 1274 while (bitmask) { 1275 if (bitmask & 1) 1276 nb++; 1277 bitmask >>= 1; 1278 } 1279 1280 return nb; 1281 } 1282 1283 static void stm32_tamp_set_atper(uint32_t pins_out_bits, uint32_t *atcr1) 1284 { 1285 uint32_t conf = 0; 1286 1287 switch (popcount(pins_out_bits)) { 1288 case 0: 1289 case 1: 1290 conf = 0; 1291 break; 1292 case 2: 1293 conf = 1; 1294 break; 1295 case 3: 1296 case 4: 1297 conf = 2; 1298 break; 1299 default: 1300 conf = 3; 1301 break; 1302 } 1303 1304 *atcr1 |= SHIFT_U32(conf, _TAMP_ATCR1_ATPER_SHIFT) & 1305 _TAMP_ATCR1_ATPER_MASK; 1306 } 1307 1308 static TEE_Result stm32_tamp_set_config(void) 1309 { 1310 TEE_Result ret = TEE_SUCCESS; 1311 vaddr_t base = get_base(); 1312 uint32_t atcr1 = 0; 1313 uint32_t atcr2 = 0; 1314 uint32_t fltcr = 0; 1315 uint32_t cr1 = 0; 1316 uint32_t cr2 = 0; 1317 uint32_t cr3 = 0; 1318 uint32_t ier = 0; 1319 size_t i = 0; 1320 1321 if (!stm32_tamp_dev->pdata.compat || 1322 !stm32_tamp_dev->pdata.compat->int_tamp || 1323 !stm32_tamp_dev->pdata.compat->ext_tamp) 1324 return TEE_ERROR_BAD_STATE; 1325 1326 /* Set passive filter configuration */ 1327 fltcr = stm32_tamp_dev->pdata.passive_conf; 1328 1329 /* Set active mode configuration */ 1330 atcr1 = stm32_tamp_dev->pdata.active_conf & _TAMP_ATCR1_COMMON_MASK; 1331 stm32_tamp_set_atper(stm32_tamp_dev->pdata.out_pins, &atcr1); 1332 1333 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1334 ret = stm32_tamp_set_int_config(stm32_tamp_dev->pdata.compat, i, 1335 &cr1, &cr3, &ier); 1336 if (ret) 1337 return ret; 1338 } 1339 1340 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1341 ret = stm32_tamp_set_ext_config(stm32_tamp_dev->pdata.compat, i, 1342 &cr1, &cr2, &atcr1, &atcr2, 1343 &ier); 1344 if (ret) 1345 return ret; 1346 } 1347 1348 /* 1349 * We apply configuration all in a row: 1350 * As for active ext tamper "all the needed tampers must be enabled in 1351 * the same write access". 1352 */ 1353 io_write32(base + _TAMP_FLTCR, fltcr); 1354 FMSG("Set passive conf %08"PRIx32, fltcr); 1355 1356 /* Active configuration applied only if not already done. */ 1357 if (((io_read32(base + _TAMP_ATOR) & _TAMP_INITS) != _TAMP_INITS)) { 1358 io_write32(base + _TAMP_ATCR1, atcr1); 1359 FMSG("Set active conf1 %08"PRIx32, atcr1); 1360 1361 if (stm32_tamp_dev->pdata.compat->tags & 1362 TAMP_HAS_REGISTER_ATCR2) { 1363 io_write32(base + _TAMP_ATCR2, atcr2); 1364 FMSG("Set active conf2 %08"PRIx32, atcr2); 1365 } 1366 } 1367 1368 io_write32(base + _TAMP_CR1, cr1); 1369 io_write32(base + _TAMP_CR2, cr2); 1370 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_CR3) 1371 io_write32(base + _TAMP_CR3, cr3); 1372 1373 /* If active tamper we reinit the seed. */ 1374 if (stm32_tamp_dev->pdata.active_conf) { 1375 if (stm32_tamp_set_seed(base) != TEE_SUCCESS) { 1376 EMSG("Active tamper: SEED not initialized"); 1377 return TEE_ERROR_BAD_STATE; 1378 } 1379 } 1380 1381 /* Enable interrupts. */ 1382 io_write32(base + _TAMP_IER, ier); 1383 1384 return TEE_SUCCESS; 1385 } 1386 1387 /* 1388 * Mask a tamper event detection for a given @id 1389 * If ETAMP(id) event generates a trigger event, this ETAMP(id) is masked and 1390 * internally cleared by hardware. The secrets are not erased. 1391 */ 1392 static TEE_Result __maybe_unused stm32_tamp_set_mask(enum stm32_tamp_id id) 1393 { 1394 vaddr_t base = get_base(); 1395 1396 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1397 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1398 return TEE_ERROR_BAD_PARAMETERS; 1399 1400 /* We cannot mask the event if pending. */ 1401 if (io_read32(base + _TAMP_SR) & _TAMP_SR_ETAMP(id)) 1402 return TEE_ERROR_BAD_STATE; 1403 1404 /* We disable the IT */ 1405 io_clrbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1406 /* We mask the event */ 1407 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1408 1409 return TEE_SUCCESS; 1410 } 1411 1412 /* 1413 * Unmask a tamper event detection for a given @id 1414 * ETAMP(id) event now generates a trigger event and ETAMP(id) must be cleared 1415 * by software to allow next tamper event detection. 1416 */ 1417 static TEE_Result __maybe_unused stm32_tamp_unset_mask(enum stm32_tamp_id id) 1418 { 1419 vaddr_t base = get_base(); 1420 1421 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1422 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1423 return TEE_ERROR_BAD_PARAMETERS; 1424 1425 /* We unmask the event */ 1426 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1427 /* We enable the IT */ 1428 io_setbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1429 1430 return TEE_SUCCESS; 1431 } 1432 1433 /* This will increment the monotonic counter by 1. It cannot roll-over */ 1434 static TEE_Result __maybe_unused stm32_tamp_write_mcounter(int cnt_idx) 1435 { 1436 vaddr_t base = get_base(); 1437 1438 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1439 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1440 return TEE_ERROR_BAD_PARAMETERS; 1441 1442 io_write32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t), 1); 1443 1444 return TEE_SUCCESS; 1445 } 1446 1447 static uint32_t __maybe_unused stm32_tamp_read_mcounter(int cnt_idx) 1448 { 1449 vaddr_t base = get_base(); 1450 1451 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1452 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1453 return 0U; 1454 1455 return io_read32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t)); 1456 } 1457 1458 static TEE_Result stm32_tamp_configure_int(struct stm32_tamp_tamper_data *tamp, 1459 uint32_t mode, 1460 uint32_t (*cb)(int id)) 1461 { 1462 if (mode & TAMP_EVT_MASK) 1463 return TEE_ERROR_BAD_PARAMETERS; 1464 1465 tamp->mode |= (mode & TAMP_MODE_MASK); 1466 tamp->func = cb; 1467 1468 return TEE_SUCCESS; 1469 } 1470 1471 static TEE_Result stm32_tamp_configure_ext(struct stm32_tamp_tamper_data *tamp, 1472 uint32_t mode, 1473 uint32_t (*cb)(int id)) 1474 { 1475 enum stm32_tamp_id id = tamp->id; 1476 1477 if (mode & TAMP_EVT_MASK && !is_ext_tamp_id_valid(id)) 1478 return TEE_ERROR_BAD_PARAMETERS; 1479 1480 if (!(tamp->mode & TAMP_IN_DT)) 1481 return TEE_ERROR_ITEM_NOT_FOUND; 1482 1483 tamp->mode |= (mode & TAMP_MODE_MASK); 1484 tamp->func = cb; 1485 1486 return TEE_SUCCESS; 1487 } 1488 1489 /* 1490 * stm32_tamp_activate_tamp: Configure and activate one tamper (internal or 1491 * external). 1492 * 1493 * @id: tamper ID 1494 * @mode: bitmask from TAMPER modes define: 1495 * TAMP_ERASE/TAMP_NOERASE: 1496 * TAMP_ERASE: when this tamper event is triggered; secrets are 1497 * erased. 1498 * TAMP_NOERASE: when this event is triggered; cryptographic 1499 * and some secure peripherals are locked until the event is 1500 * acknowledged. If the callback confirms the TAMPER, it 1501 * can manually erase secrets with stm32_tamp_erase_secrets(). 1502 * TAMP_NO_EVT_MASK/TAMP_EVT_MASK: 1503 * TAMP_NO_EVT_MASK: normal behavior. 1504 * TAMP_EVT_MASK: if the event is triggered, the event is masked and 1505 * internally cleared by hardware. Secrets are not erased. Only 1506 * applicable for some external tampers. This defines only the status 1507 * at boot. To change mask while runtime: stm32_tamp_set_mask() and 1508 * stm32_tamp_unset_mask() can be used. 1509 * @cb: function to call when a tamper event is raised (cannot be NULL). 1510 * It is called in interrupt context and returns a bitmask defining 1511 * the action to take by the driver: 1512 * TAMP_CB_RESET: will reset the board. 1513 * TAMP_CB_ACK: this specific tamper is acknowledged (in case 1514 * of no-erase tamper, blocked secret are unblocked). 1515 * 1516 * return: TEE_ERROR_BAD_PARAMETERS: 1517 * if @id is not a valid tamper ID, 1518 * if @cb is NULL, 1519 * if TAMP_EVT_MASK @mode is set for an unsupported @id. 1520 * TEE_ERROR_BAD_STATE 1521 * if driver was not previously initialized. 1522 * TEE_ERROR_ITEM_NOT_FOUND 1523 * if the activated external tamper was not previously 1524 * defined in the device tree. 1525 * else TEE_SUCCESS. 1526 */ 1527 static TEE_Result stm32_tamp_activate_tamp(enum stm32_tamp_id id, uint32_t mode, 1528 uint32_t (*cb)(int id)) 1529 { 1530 struct stm32_tamp_tamper_data *tamp_conf = NULL; 1531 size_t i = 0; 1532 1533 if (!stm32_tamp_dev->pdata.compat) 1534 return TEE_ERROR_BAD_STATE; 1535 1536 assert(is_unpaged(cb)); 1537 1538 if (!cb) 1539 return TEE_ERROR_BAD_PARAMETERS; 1540 1541 /* Find internal Tamp struct */ 1542 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1543 if (stm32_tamp_dev->pdata.compat->int_tamp[i].id == id) { 1544 tamp_conf = &stm32_tamp_dev->pdata.compat->int_tamp[i]; 1545 return stm32_tamp_configure_int(tamp_conf, mode, cb); 1546 } 1547 } 1548 1549 /* Find external Tamp struct */ 1550 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1551 if (stm32_tamp_dev->pdata.compat->ext_tamp[i].id == id) { 1552 tamp_conf = &stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1553 return stm32_tamp_configure_ext(tamp_conf, mode, cb); 1554 } 1555 } 1556 1557 EMSG("Did not find existing tamper for ID:%d", id); 1558 1559 return TEE_ERROR_BAD_PARAMETERS; 1560 } 1561 1562 static bool __maybe_unused stm32_tamp_are_secrets_blocked(void) 1563 { 1564 if (stm32_tamp_dev->pdata.compat && 1565 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) { 1566 vaddr_t base = get_base(); 1567 1568 return ((io_read32(base + _TAMP_CR2) & _TAMP_CR2_BKBLOCK) || 1569 io_read32(base + _TAMP_SR)); 1570 } else { 1571 return false; 1572 } 1573 } 1574 1575 static void __maybe_unused stm32_tamp_block_secrets(void) 1576 { 1577 vaddr_t base = get_base(); 1578 1579 if (stm32_tamp_dev->pdata.compat && 1580 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1581 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1582 } 1583 1584 static void __maybe_unused stm32_tamp_unblock_secrets(void) 1585 { 1586 vaddr_t base = get_base(); 1587 1588 if (stm32_tamp_dev->pdata.compat && 1589 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1590 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1591 } 1592 1593 static void __maybe_unused stm32_tamp_erase_secrets(void) 1594 { 1595 vaddr_t base = get_base(); 1596 1597 if (stm32_tamp_dev->pdata.compat && 1598 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1599 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKERASE); 1600 } 1601 1602 static void __maybe_unused stm32_tamp_lock_boot_hardware_key(void) 1603 { 1604 vaddr_t base = get_base(); 1605 1606 if (stm32_tamp_dev->pdata.compat && 1607 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) 1608 io_setbits32(base + _TAMP_SECCFGR, _TAMP_SECCFGR_BHKLOCK); 1609 } 1610 1611 static void stm32_tamp_configure_pin(uint32_t id, struct gpio *gpio, bool out, 1612 struct stm32_tamp_platdata *pdata) 1613 { 1614 struct stm32_tamp_compat *compat = pdata->compat; 1615 unsigned int bank = stm32_gpio_chip_bank_id(gpio->chip); 1616 unsigned int pin = gpio->pin; 1617 size_t i = 0; 1618 1619 if (!compat) 1620 return; 1621 1622 /* Configure option registers */ 1623 for (i = 0; i < compat->pin_map_size; i++) { 1624 if (id == compat->pin_map[i].id && 1625 bank == compat->pin_map[i].bank && 1626 pin == compat->pin_map[i].pin && 1627 out == compat->pin_map[i].out) { 1628 pdata->pins_conf |= compat->pin_map[i].conf; 1629 break; 1630 } 1631 } 1632 } 1633 1634 static TEE_Result 1635 stm32_tamp_configure_pin_from_dt(const void *fdt, int node, 1636 struct stm32_tamp_platdata *pdata, 1637 uint32_t ext_tamp_id, uint32_t out_tamp_id) 1638 { 1639 enum stm32_tamp_out_id out_id = INVALID_OUT_TAMP; 1640 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1641 enum stm32_tamp_id id = INVALID_TAMP; 1642 TEE_Result res = TEE_SUCCESS; 1643 struct gpio *gpio_out = NULL; 1644 struct gpio *gpio_ext = NULL; 1645 bool active = false; 1646 unsigned int i = 0; 1647 1648 /* 1649 * First GPIO in the tamper-gpios property is required and refers to the 1650 * EXT_TAMP control. Second GPIO in the tamper-gpios property is 1651 * optional and, if defined, refers to the OUT_TAMP control. 1652 * If only one GPIO is defined, the tamper control is a passive tamper. 1653 * Else, it is an active tamper. 1654 */ 1655 res = gpio_dt_get_by_index(fdt, node, 1, "tamper", &gpio_out); 1656 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 1657 return res; 1658 1659 if (res != TEE_ERROR_ITEM_NOT_FOUND) { 1660 active = true; 1661 out_id = OUT_TAMP1 + out_tamp_id - 1; 1662 if (out_tamp_id > pdata->compat->ext_tamp_size) { 1663 gpio_put(gpio_out); 1664 return TEE_ERROR_BAD_PARAMETERS; 1665 } 1666 1667 stm32_tamp_configure_pin(out_id, gpio_out, true, pdata); 1668 } 1669 1670 res = gpio_dt_get_by_index(fdt, node, 0, "tamper", &gpio_ext); 1671 if (res) { 1672 gpio_put(gpio_out); 1673 return res; 1674 } 1675 1676 /* We now configure first pin */ 1677 id = ext_tamp_id + EXT_TAMP1 - 1; 1678 1679 /* Find external TAMP struct */ 1680 for (i = 0; i < pdata->compat->ext_tamp_size; i++) { 1681 if (pdata->compat->ext_tamp[i].id == id) { 1682 tamp_ext = &pdata->compat->ext_tamp[i]; 1683 break; 1684 } 1685 } 1686 1687 if (!tamp_ext) { 1688 gpio_put(gpio_out); 1689 gpio_put(gpio_ext); 1690 return TEE_ERROR_BAD_PARAMETERS; 1691 } 1692 1693 if (active) { 1694 tamp_ext->mode |= TAMP_ACTIVE; 1695 tamp_ext->out_id = out_id; 1696 pdata->out_pins |= BIT(tamp_ext->out_id - OUT_TAMP1); 1697 1698 if (out_id - OUT_TAMP1 != id - EXT_TAMP1) 1699 pdata->active_conf |= _TAMP_ATCR1_ATOSHARE; 1700 } else { 1701 if (fdt_getprop(fdt, node, "st,trig-on", NULL)) 1702 tamp_ext->mode |= TAMP_TRIG_ON; 1703 } 1704 1705 tamp_ext->mode |= TAMP_IN_DT; 1706 1707 stm32_tamp_configure_pin(id, gpio_ext, false, pdata); 1708 1709 return TEE_SUCCESS; 1710 } 1711 1712 static TEE_Result 1713 stm32_tamp_parse_passive_conf(const void *fdt, int node, 1714 struct stm32_tamp_platdata *pdata) 1715 { 1716 const fdt32_t *cuint = NULL; 1717 uint32_t precharge = 0; 1718 uint32_t nb_sample = 0; 1719 uint32_t clk_div = 32768; 1720 uint32_t conf = 0; 1721 1722 cuint = fdt_getprop(fdt, node, "st,tamp-passive-precharge", NULL); 1723 if (cuint) 1724 precharge = fdt32_to_cpu(*cuint); 1725 1726 cuint = fdt_getprop(fdt, node, "st,tamp-passive-nb-sample", NULL); 1727 if (cuint) 1728 nb_sample = fdt32_to_cpu(*cuint); 1729 1730 cuint = fdt_getprop(fdt, node, "st,tamp-passive-sample-clk-div", NULL); 1731 if (cuint) 1732 clk_div = fdt32_to_cpu(*cuint); 1733 1734 DMSG("Passive conf from dt: precharge=%"PRIu32", nb_sample=%"PRIu32 1735 ", clk_div=%"PRIu32, precharge, nb_sample, clk_div); 1736 1737 switch (precharge) { 1738 case 0: 1739 /* No precharge, => we disable the pull-up */ 1740 conf |= _TAMP_FLTCR_TAMPPUDIS; 1741 break; 1742 case 1: 1743 /* Precharge for one cycle value stay 0 */ 1744 break; 1745 case 2: 1746 /* Precharge passive pin 2 cycles */ 1747 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1748 break; 1749 case 4: 1750 /* Precharge passive pin 4 cycles */ 1751 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1752 break; 1753 case 8: 1754 /* Precharge passive pin 8 cycles */ 1755 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1756 break; 1757 default: 1758 return TEE_ERROR_BAD_PARAMETERS; 1759 } 1760 1761 switch (nb_sample) { 1762 case 0: 1763 /* Activation on edge, no pull-up: value stay 0 */ 1764 break; 1765 case 2: 1766 /* 1767 * Tamper event is activated after 2 consecutive samples at 1768 * active level. 1769 */ 1770 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFLT_SHIFT); 1771 break; 1772 case 4: 1773 /* 1774 * Tamper event is activated after 4 consecutive samples at 1775 * active level. 1776 */ 1777 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFLT_SHIFT); 1778 break; 1779 case 8: 1780 /* 1781 * Tamper event is activated after 8 consecutive samples at 1782 * active level. 1783 */ 1784 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFLT_SHIFT); 1785 break; 1786 default: 1787 return TEE_ERROR_BAD_PARAMETERS; 1788 } 1789 1790 switch (clk_div) { 1791 case 32768: 1792 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1793 break; 1794 case 16384: 1795 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1796 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1797 break; 1798 case 8192: 1799 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1800 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1801 break; 1802 case 4096: 1803 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1804 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1805 break; 1806 case 2048: 1807 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1808 conf |= SHIFT_U32(4, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1809 break; 1810 case 1024: 1811 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1812 conf |= SHIFT_U32(5, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1813 break; 1814 case 512: 1815 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1816 conf |= SHIFT_U32(6, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1817 break; 1818 case 256: 1819 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1820 conf |= SHIFT_U32(7, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1821 break; 1822 default: 1823 return TEE_ERROR_BAD_PARAMETERS; 1824 } 1825 1826 pdata->passive_conf = conf; 1827 1828 return TEE_SUCCESS; 1829 } 1830 1831 static uint32_t stm32_tamp_itamper_action(int id) 1832 { 1833 const char __maybe_unused *tamp_name = NULL; 1834 1835 if (id >= 0 && ((size_t)id < ARRAY_SIZE(itamper_name))) 1836 tamp_name = itamper_name[id]; 1837 1838 MSG("Internal tamper event %u (%s) occurred", id - INT_TAMP1 + 1, 1839 tamp_name); 1840 1841 return TAMP_CB_ACK_AND_RESET; 1842 } 1843 DECLARE_KEEP_PAGER(stm32_tamp_itamper_action); 1844 1845 static uint32_t stm32_tamp_etamper_action(int id __maybe_unused) 1846 { 1847 MSG("External tamper %u occurs", id - EXT_TAMP1 + 1); 1848 1849 return TAMP_CB_ACK_AND_RESET; 1850 } 1851 DECLARE_KEEP_PAGER(stm32_tamp_etamper_action); 1852 1853 static TEE_Result stm32_configure_tamp(const void *fdt, int node) 1854 { 1855 const fdt32_t *internal_tampers = 0; 1856 uint32_t i_tampers[EXT_TAMP1 * 2] = { }; 1857 int subnode = -FDT_ERR_NOTFOUND; 1858 TEE_Result res = TEE_SUCCESS; 1859 int retval = 0; 1860 int len = 0; 1861 int i = 0; 1862 1863 /* Internal tampers configuration */ 1864 internal_tampers = fdt_getprop(fdt, node, "st,tamp-internal-tampers", 1865 &len); 1866 if (len == -FDT_ERR_NOTFOUND) 1867 goto skip_int_tamp; 1868 1869 if ((internal_tampers && len % (2 * sizeof(uint32_t))) || 1870 !internal_tampers || len / sizeof(uint32_t) > EXT_TAMP1 * 2) 1871 return TEE_ERROR_BAD_PARAMETERS; 1872 1873 retval = fdt_read_uint32_array(fdt, node, "st,tamp-internal-tampers", 1874 i_tampers, len / sizeof(uint32_t)); 1875 if (retval && retval != -FDT_ERR_NOTFOUND) 1876 return TEE_ERROR_BAD_PARAMETERS; 1877 1878 len = len / sizeof(uint32_t); 1879 for (i = 0; i < len; i += 2) { 1880 uint32_t i_tamper_id = i_tampers[i] - 1; 1881 uint32_t i_tamper_mode = i_tampers[i + 1]; 1882 1883 res = stm32_tamp_activate_tamp(i_tamper_id, i_tamper_mode, 1884 stm32_tamp_itamper_action); 1885 if (res) 1886 return res; 1887 } 1888 1889 skip_int_tamp: 1890 fdt_for_each_subnode(subnode, fdt, node) { 1891 unsigned int ext_tamp_id = 0; 1892 unsigned int out_tamp_id = 0; 1893 const fdt32_t *cuint = 0; 1894 unsigned int mode = 0; 1895 int lenp = 0; 1896 1897 if (!fdt_getprop(fdt, subnode, "tamper-gpios", NULL) || 1898 fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 1899 continue; 1900 1901 cuint = fdt_getprop(fdt, subnode, "st,tamp-mode", NULL); 1902 if (!cuint) 1903 return TEE_ERROR_BAD_PARAMETERS; 1904 1905 mode = fdt32_to_cpu(*cuint); 1906 1907 cuint = fdt_getprop(fdt, subnode, "st,tamp-id", &lenp); 1908 if (!cuint) 1909 return TEE_ERROR_BAD_PARAMETERS; 1910 1911 ext_tamp_id = fdt32_to_cpu(*cuint); 1912 if (lenp > (int)sizeof(uint32_t)) 1913 out_tamp_id = fdt32_to_cpu(*(cuint + 1)); 1914 1915 res = stm32_tamp_configure_pin_from_dt(fdt, subnode, 1916 &stm32_tamp_dev->pdata, 1917 ext_tamp_id, 1918 out_tamp_id); 1919 if (res) 1920 return res; 1921 1922 res = stm32_tamp_activate_tamp(EXT_TAMP1 + ext_tamp_id - 1, 1923 mode, stm32_tamp_etamper_action); 1924 if (res) 1925 return res; 1926 } 1927 1928 if (stm32_tamp_set_config()) 1929 panic(); 1930 1931 /* Enable timestamp for tamper */ 1932 if (stm32_rtc_set_tamper_timestamp()) 1933 panic(); 1934 1935 return TEE_SUCCESS; 1936 } 1937 1938 static TEE_Result 1939 stm32_tamp_parse_active_conf(const void *fdt, int node, 1940 struct stm32_tamp_platdata *pdata) 1941 { 1942 const fdt32_t *cuint = NULL; 1943 uint32_t clk_div = 1; 1944 uint32_t conf = 0; 1945 1946 cuint = fdt_getprop(fdt, node, "st,tamp-active-filter", NULL); 1947 if (cuint) 1948 conf |= _TAMP_ATCR1_FLTEN; 1949 1950 /* 1951 * Here we will select a divisor for the RTCCLK. 1952 * Note that RTCCLK is also divided by (RTC_PRER_PREDIV_A - 1). 1953 */ 1954 cuint = fdt_getprop(fdt, node, "st,tamp-active-clk-div", NULL); 1955 if (cuint) 1956 clk_div = fdt32_to_cpu(*cuint); 1957 1958 DMSG("Active conf from dt: %s clk_div=%"PRIu32, 1959 (conf & _TAMP_ATCR1_FLTEN) ? "filter" : "no filter", clk_div); 1960 1961 switch (clk_div) { 1962 case 1: 1963 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1964 break; 1965 case 2: 1966 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1967 conf |= SHIFT_U32(1, _TAMP_ATCR1_ATCKSEL_SHIFT); 1968 break; 1969 case 4: 1970 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1971 conf |= SHIFT_U32(2, _TAMP_ATCR1_ATCKSEL_SHIFT); 1972 break; 1973 case 8: 1974 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1975 conf |= SHIFT_U32(3, _TAMP_ATCR1_ATCKSEL_SHIFT); 1976 break; 1977 case 16: 1978 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1979 conf |= SHIFT_U32(4, _TAMP_ATCR1_ATCKSEL_SHIFT); 1980 break; 1981 case 32: 1982 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1983 conf |= SHIFT_U32(5, _TAMP_ATCR1_ATCKSEL_SHIFT); 1984 break; 1985 case 64: 1986 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1987 conf |= SHIFT_U32(6, _TAMP_ATCR1_ATCKSEL_SHIFT); 1988 break; 1989 case 128: 1990 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1991 conf |= SHIFT_U32(7, _TAMP_ATCR1_ATCKSEL_SHIFT); 1992 break; 1993 case 2048: 1994 if (pdata->compat && 1995 (pdata->compat->tags & TAMP_SIZE_ATCR1_ATCKSEL_IS_4)) { 1996 /* 1997 * RTCCLK/2048 when (PREDIV_A+1) = 128 and (PREDIV_S+1) 1998 * is a multiple of 16. 1999 */ 2000 conf |= SHIFT_U32(11, _TAMP_ATCR1_ATCKSEL_SHIFT); 2001 break; 2002 } 2003 2004 return TEE_ERROR_BAD_PARAMETERS; 2005 default: 2006 return TEE_ERROR_BAD_PARAMETERS; 2007 } 2008 2009 pdata->active_conf = conf; 2010 2011 return TEE_SUCCESS; 2012 } 2013 2014 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node, 2015 const void *compat) 2016 { 2017 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 2018 TEE_Result res = TEE_ERROR_GENERIC; 2019 size_t reg_size = 0; 2020 2021 pdata->compat = (struct stm32_tamp_compat *)compat; 2022 2023 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2024 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid); 2025 if (res) 2026 return res; 2027 } 2028 2029 if (fdt_reg_info(fdt, node, &pdata->base.pa, ®_size)) 2030 panic(); 2031 2032 io_pa_or_va_secure(&pdata->base, reg_size); 2033 assert(pdata->base.va); 2034 2035 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock); 2036 if (res) 2037 return res; 2038 2039 res = stm32_tamp_parse_passive_conf(fdt, node, pdata); 2040 if (res) 2041 return res; 2042 2043 res = stm32_tamp_parse_active_conf(fdt, node, pdata); 2044 if (res) 2045 return res; 2046 2047 if (fdt_getprop(fdt, node, "wakeup-source", NULL)) 2048 pdata->is_wakeup_source = true; 2049 2050 parse_bkpregs_dt_conf(fdt, node); 2051 2052 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) { 2053 const fdt32_t *cuint = NULL; 2054 unsigned int i = 0; 2055 int lenp = 0; 2056 2057 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp); 2058 if (!cuint) { 2059 DMSG("No RIF configuration available"); 2060 return TEE_SUCCESS; 2061 } 2062 2063 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data)); 2064 if (!pdata->conf_data) 2065 panic(); 2066 2067 pdata->nb_rif_resources = (unsigned int)(lenp / 2068 sizeof(uint32_t)); 2069 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES); 2070 2071 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES, 2072 sizeof(uint32_t)); 2073 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t)); 2074 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t)); 2075 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t)); 2076 if (!pdata->conf_data->cid_confs || 2077 !pdata->conf_data->sec_conf || 2078 !pdata->conf_data->priv_conf || 2079 !pdata->conf_data->access_mask) 2080 panic("Not enough memory capacity for TAMP RIF config"); 2081 2082 for (i = 0; i < pdata->nb_rif_resources; i++) 2083 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]), 2084 pdata->conf_data, 2085 TAMP_RIF_RESOURCES); 2086 } 2087 2088 return TEE_SUCCESS; 2089 } 2090 2091 static TEE_Result stm32_tamp_probe(const void *fdt, int node, 2092 const void *compat_data) 2093 { 2094 size_t it_num = DT_INFO_INVALID_INTERRUPT; 2095 uint32_t __maybe_unused revision = 0; 2096 struct itr_chip *chip = NULL; 2097 TEE_Result res = TEE_SUCCESS; 2098 vaddr_t base = 0; 2099 2100 /* Manage dependency on RNG driver */ 2101 res = dt_driver_get_crypto(); 2102 if (res) 2103 return res; 2104 2105 /* Manage dependency on RTC driver */ 2106 res = stm32_rtc_driver_is_initialized(); 2107 if (res) 2108 return res; 2109 2110 res = interrupt_dt_get_by_index(fdt, node, 0, &chip, &it_num); 2111 if (res) 2112 return res; 2113 2114 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev)); 2115 if (!stm32_tamp_dev) 2116 return TEE_ERROR_OUT_OF_MEMORY; 2117 2118 res = stm32_tamp_parse_fdt(fdt, node, compat_data); 2119 if (res) 2120 goto err; 2121 2122 if (clk_enable(stm32_tamp_dev->pdata.clock)) 2123 panic(); 2124 2125 base = get_base(); 2126 2127 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1); 2128 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2); 2129 2130 revision = io_read32(base + _TAMP_VERR); 2131 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32, 2132 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV); 2133 2134 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) { 2135 EMSG("TAMP doesn't support TrustZone"); 2136 res = TEE_ERROR_NOT_SUPPORTED; 2137 goto err_clk; 2138 } 2139 2140 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2141 apply_rif_config(); 2142 2143 if (stm32_tamp_dev->pdata.is_tdcid) { 2144 res = stm32_tamp_apply_bkpr_rif_conf(); 2145 if (res) 2146 goto err_clk; 2147 } 2148 } else { 2149 /* 2150 * Enforce secure only access to protected TAMP registers. 2151 * Allow non-secure access to monotonic counter. 2152 */ 2153 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC); 2154 2155 /* 2156 * Enforce privilege only access to TAMP registers, backup 2157 * registers and monotonic counter. 2158 */ 2159 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV | 2160 _TAMP_PRIVCFG_BKPRWPRIV | 2161 _TAMP_PRIVCFG_BKPWPRIV); 2162 } 2163 2164 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) || 2165 stm32_tamp_dev->pdata.is_tdcid) { 2166 res = stm32_tamp_set_secure_bkpregs(); 2167 if (res) 2168 goto err_clk; 2169 } 2170 2171 res = interrupt_create_handler(chip, it_num, stm32_tamp_it_handler, 2172 NULL, ITRF_TRIGGER_LEVEL, 2173 &stm32_tamp_dev->pdata.itr); 2174 if (res) 2175 goto err_clk; 2176 2177 if (stm32_tamp_dev->pdata.is_wakeup_source && 2178 interrupt_can_set_wake(chip)) { 2179 interrupt_set_wake(chip, it_num, true); 2180 DMSG("Tamper event wakeup capability enabled"); 2181 } 2182 2183 res = stm32_configure_tamp(fdt, node); 2184 if (res) 2185 goto err_clk; 2186 2187 stm32_tamp_set_pins(base, stm32_tamp_dev->pdata.pins_conf); 2188 2189 interrupt_enable(chip, it_num); 2190 2191 return TEE_SUCCESS; 2192 2193 err_clk: 2194 clk_disable(stm32_tamp_dev->pdata.clock); 2195 err: 2196 if (stm32_tamp_dev->pdata.conf_data) { 2197 free(stm32_tamp_dev->pdata.conf_data->cid_confs); 2198 free(stm32_tamp_dev->pdata.conf_data->sec_conf); 2199 free(stm32_tamp_dev->pdata.conf_data->priv_conf); 2200 free(stm32_tamp_dev->pdata.conf_data->access_mask); 2201 free(stm32_tamp_dev->pdata.conf_data); 2202 } 2203 2204 if (stm32_tamp_dev->pdata.itr) { 2205 interrupt_disable(chip, it_num); 2206 interrupt_remove_free_handler(stm32_tamp_dev->pdata.itr); 2207 } 2208 2209 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets); 2210 free(stm32_tamp_dev); 2211 2212 return res; 2213 } 2214 2215 static const struct stm32_tamp_compat mp13_compat = { 2216 .nb_monotonic_counter = 2, 2217 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2218 TAMP_HAS_REGISTER_ERCFGR | TAMP_HAS_REGISTER_CR3 | 2219 TAMP_HAS_REGISTER_ATCR2 | TAMP_HAS_CR2_SECRET_STATUS | 2220 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2221 #if defined(CFG_STM32MP13) 2222 .int_tamp = int_tamp_mp13, 2223 .int_tamp_size = ARRAY_SIZE(int_tamp_mp13), 2224 .ext_tamp = ext_tamp_mp13, 2225 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp13), 2226 .pin_map = pin_map_mp13, 2227 .pin_map_size = ARRAY_SIZE(pin_map_mp13), 2228 #endif 2229 }; 2230 2231 static const struct stm32_tamp_compat mp15_compat = { 2232 .nb_monotonic_counter = 1, 2233 .tags = 0, 2234 #if defined(CFG_STM32MP15) 2235 .int_tamp = int_tamp_mp15, 2236 .int_tamp_size = ARRAY_SIZE(int_tamp_mp15), 2237 .ext_tamp = ext_tamp_mp15, 2238 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp15), 2239 .pin_map = pin_map_mp15, 2240 .pin_map_size = ARRAY_SIZE(pin_map_mp15), 2241 #endif 2242 }; 2243 2244 static const struct stm32_tamp_compat mp21_compat = { 2245 .nb_monotonic_counter = 2, 2246 .tags = TAMP_HAS_REGISTER_SECCFGR | 2247 TAMP_HAS_REGISTER_PRIVCFGR | 2248 TAMP_HAS_RIF_SUPPORT | 2249 TAMP_HAS_REGISTER_ERCFGR | 2250 TAMP_HAS_REGISTER_CR3 | 2251 TAMP_HAS_REGISTER_ATCR2 | 2252 TAMP_HAS_CR2_SECRET_STATUS | 2253 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2254 #if defined(CFG_STM32MP21) 2255 .int_tamp = int_tamp_mp21, 2256 .int_tamp_size = ARRAY_SIZE(int_tamp_mp21), 2257 .ext_tamp = ext_tamp_mp21, 2258 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp21), 2259 .pin_map = pin_map_mp21, 2260 .pin_map_size = ARRAY_SIZE(pin_map_mp21), 2261 #endif 2262 }; 2263 2264 static const struct stm32_tamp_compat mp25_compat = { 2265 .nb_monotonic_counter = 2, 2266 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2267 TAMP_HAS_RIF_SUPPORT | TAMP_HAS_REGISTER_ERCFGR | 2268 TAMP_HAS_REGISTER_CR3 | TAMP_HAS_REGISTER_ATCR2 | 2269 TAMP_HAS_CR2_SECRET_STATUS | TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2270 #if defined(CFG_STM32MP25) 2271 .int_tamp = int_tamp_mp25, 2272 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25), 2273 .ext_tamp = ext_tamp_mp25, 2274 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp25), 2275 .pin_map = pin_map_mp25, 2276 .pin_map_size = ARRAY_SIZE(pin_map_mp25), 2277 #endif 2278 }; 2279 2280 static const struct dt_device_match stm32_tamp_match_table[] = { 2281 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat }, 2282 { .compatible = "st,stm32mp21-tamp", .compat_data = &mp21_compat }, 2283 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat }, 2284 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat }, 2285 { } 2286 }; 2287 2288 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = { 2289 .name = "stm32-tamp", 2290 .match_table = stm32_tamp_match_table, 2291 .probe = stm32_tamp_probe, 2292 }; 2293