1 // SPDX-License-Identifier: BSD-3-Clause 2 /* 3 * Copyright (c) 2021-2022, STMicroelectronics 4 */ 5 6 #include <drivers/clk.h> 7 #include <drivers/clk_dt.h> 8 #include <drivers/stm32_rif.h> 9 #include <io.h> 10 #include <kernel/dt.h> 11 #include <kernel/dt_driver.h> 12 #include <kernel/interrupt.h> 13 #include <libfdt.h> 14 #include <mm/core_memprot.h> 15 #include <stdbool.h> 16 17 /* STM32 Registers */ 18 #define _TAMP_CR1 0x00U 19 #define _TAMP_CR2 0x04U 20 #define _TAMP_CR3 0x08U 21 #define _TAMP_FLTCR 0x0CU 22 #define _TAMP_ATCR1 0x10U 23 #define _TAMP_ATSEEDR 0x14U 24 #define _TAMP_ATOR 0x18U 25 #define _TAMP_ATCR2 0x1CU 26 #define _TAMP_SECCFGR 0x20U 27 #define _TAMP_SMCR 0x20U 28 #define _TAMP_PRIVCFGR 0x24U 29 #define _TAMP_IER 0x2CU 30 #define _TAMP_SR 0x30U 31 #define _TAMP_MISR 0x34U 32 #define _TAMP_SMISR 0x38U 33 #define _TAMP_SCR 0x3CU 34 #define _TAMP_COUNTR 0x40U 35 #define _TAMP_COUNT2R 0x44U 36 #define _TAMP_OR 0x50U 37 #define _TAMP_ERCFGR 0X54U 38 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U)) 39 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x)) 40 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U)) 41 #define _TAMP_HWCFGR2 0x3ECU 42 #define _TAMP_HWCFGR1 0x3F0U 43 #define _TAMP_VERR 0x3F4U 44 #define _TAMP_IPIDR 0x3F8U 45 #define _TAMP_SIDR 0x3FCU 46 47 /* _TAMP_SECCFGR bit fields */ 48 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0) 49 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U 50 #define _TAMP_SECCFGR_CNT2SEC BIT(14) 51 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U 52 #define _TAMP_SECCFGR_CNT1SEC BIT(15) 53 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U 54 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16) 55 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U 56 #define _TAMP_SECCFGR_BHKLOCK BIT(30) 57 #define _TAMP_SECCFGR_TAMPSEC BIT(31) 58 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U 59 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \ 60 GENMASK_32(15, 14)) 61 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0) 62 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1) 63 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2) 64 65 /* _TAMP_SMCR bit fields */ 66 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0) 67 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U 68 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16) 69 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U 70 #define _TAMP_SMCR_DPROT BIT(31) 71 /* 72 * _TAMP_PRIVCFGR bit fields 73 */ 74 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 75 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 76 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 77 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 78 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 79 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 80 GENMASK_32(15, 14)) 81 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0) 82 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1) 83 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2) 84 85 /* 86 * _TAMP_PRIVCFGR bit fields 87 */ 88 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 89 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 90 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 91 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 92 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 93 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 94 GENMASK_32(15, 14)) 95 96 /* _TAMP_HWCFGR2 bit fields */ 97 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8) 98 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0) 99 100 /* _TAMP_HWCFGR1 bit fields */ 101 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0) 102 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8) 103 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12) 104 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16) 105 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U 106 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U) 107 108 /* _TAMP_VERR bit fields */ 109 #define _TAMP_VERR_MINREV GENMASK_32(3, 0) 110 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4) 111 112 /* 113 * CIDCFGR register bitfields 114 */ 115 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 116 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \ 117 _CIDCFGR_SEMEN | \ 118 _TAMP_CIDCFGR_SCID_MASK) 119 120 /* _TAMP_BKPRIFR */ 121 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0) 122 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0) 123 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0)) 124 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U 125 126 /* 127 * RIF miscellaneous 128 */ 129 #define TAMP_NB_BKPR_ZONES 3U 130 #define TAMP_RIF_RESOURCES 3U 131 #define TAMP_RIF_OFFSET_CNT 4U 132 133 /* 134 * Compatibility capabilities 135 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR 136 * register 137 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register 138 * TAMP_HAS_RIF_SUPPORT - Supports RIF 139 */ 140 #define TAMP_HAS_REGISTER_SECCFGR BIT(0) 141 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1) 142 #define TAMP_HAS_RIF_SUPPORT BIT(31) 143 144 /** 145 * struct stm32_tamp_compat - TAMP compatible data 146 * @nb_monotonic_counter: Number of monotic counter supported 147 * @tags: Bit flags TAMP_HAS_* for compatibility management 148 */ 149 struct stm32_tamp_compat { 150 int nb_monotonic_counter; 151 uint32_t tags; 152 }; 153 154 /* 155 * struct stm32_bkpregs_conf - Backup registers zone bounds 156 * @zone1_end - Number of backup registers in zone 1 157 * @zone2_end - Number of backup registers in zone 2 + zone 1 158 * @rif_offsets - RIF offsets used for CID compartments 159 * 160 * TAMP backup registers access permissions 161 * 162 * Zone 1: read/write in secure state, no access in non-secure state 163 * Zone 2: read/write in secure state, read-only in non-secure state 164 * Zone 3: read/write in secure state, read/write in non-secure state 165 * 166 * Protection zone 1 167 * If zone1_end == 0 no backup register are in zone 1. 168 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1, 169 * with <x> = (@zone1_end - 1). 170 * 171 * Protection zone 2 172 * If zone2_end == 0 no backup register are in zone 2 and zone 1. 173 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2, 174 * with <y> = @zone1_end and <z> = (@zone2_end - 1). 175 * 176 * Protection zone 3 177 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3, 178 * with <t> = (@zone2_end - 1). 179 * 180 * When RIF is supported, each zone can be subdivided to restrain accesses to 181 * some CIDs. 182 */ 183 struct stm32_bkpregs_conf { 184 uint32_t zone1_end; 185 uint32_t zone2_end; 186 uint32_t *rif_offsets; 187 }; 188 189 /** 190 * struct stm32_tamp_platdata - TAMP platform data 191 * @base: IOMEM base address 192 * @bkpregs_conf: TAMP backup register configuration reference 193 * @compat: Reference to compat data passed at driver initialization 194 * @conf_data: RIF configuration data 195 * @clock: TAMP clock 196 * @nb_rif_resources: Number of RIF resources 197 * @it: TAMP interrupt number 198 * @is_tdcid: True if current processor is TDCID 199 */ 200 struct stm32_tamp_platdata { 201 struct io_pa_va base; 202 struct stm32_bkpregs_conf bkpregs_conf; 203 struct stm32_tamp_compat *compat; 204 struct rif_conf_data *conf_data; 205 struct clk *clock; 206 unsigned int nb_rif_resources; 207 int it; 208 bool is_tdcid; 209 }; 210 211 /** 212 * struct stm32_tamp_instance - TAMP instance data 213 * @pdata: TAMP platform data 214 * @hwconf1: Copy of TAMP HWCONF1 register content 215 * @hwconf2: Copy of TAMP HWCONF2 register content 216 */ 217 struct stm32_tamp_instance { 218 struct stm32_tamp_platdata pdata; 219 uint32_t hwconf1; 220 uint32_t hwconf2; 221 }; 222 223 /* Expects at most a single instance */ 224 static struct stm32_tamp_instance *stm32_tamp_dev; 225 226 static void apply_rif_config(void) 227 { 228 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data; 229 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 230 uint32_t access_mask_priv_reg = 0; 231 uint32_t access_mask_sec_reg = 0; 232 uint32_t privcfgr = 0; 233 uint32_t seccfgr = 0; 234 unsigned int i = 0; 235 236 if (!stm32_tamp_dev->pdata.conf_data) 237 return; 238 239 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */ 240 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 241 if (BIT(i) & rif_conf->access_mask[0]) { 242 switch (i) { 243 case 0: 244 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC; 245 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV; 246 break; 247 case 1: 248 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC; 249 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV; 250 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV; 251 break; 252 case 2: 253 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC; 254 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV; 255 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV; 256 break; 257 default: 258 panic(); 259 } 260 } 261 } 262 263 /* 264 * When TDCID, OP-TEE should be the one to set the CID filtering 265 * configuration. Clearing previous configuration prevents 266 * undesired events during the only legitimate configuration. 267 */ 268 if (stm32_tamp_dev->pdata.is_tdcid) { 269 for (i = 0; i < TAMP_RIF_RESOURCES; i++) 270 if (BIT(i) & rif_conf->access_mask[0]) 271 io_clrbits32(base + _TAMP_CIDCFGR(i), 272 _TAMP_CIDCFGR_CONF_MASK); 273 } 274 275 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC) 276 seccfgr |= _TAMP_SECCFGR_TAMPSEC; 277 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1) 278 seccfgr |= _TAMP_SECCFGR_CNT1SEC; 279 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2) 280 seccfgr |= _TAMP_SECCFGR_CNT2SEC; 281 282 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV) 283 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV; 284 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1) 285 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV; 286 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2) 287 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV; 288 289 /* Security and privilege RIF configuration */ 290 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr); 291 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr); 292 293 if (!stm32_tamp_dev->pdata.is_tdcid) 294 return; 295 296 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 297 if (!(BIT(i) & rif_conf->access_mask[0])) 298 continue; 299 300 io_clrsetbits32(base + _TAMP_CIDCFGR(i), 301 _TAMP_CIDCFGR_CONF_MASK, 302 rif_conf->cid_confs[i]); 303 } 304 } 305 306 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void) 307 { 308 struct stm32_bkpregs_conf *bkpregs_conf = 309 &stm32_tamp_dev->pdata.bkpregs_conf; 310 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 311 unsigned int i = 0; 312 313 if (!bkpregs_conf->rif_offsets) 314 panic("No backup register configuration"); 315 316 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) { 317 if (bkpregs_conf->rif_offsets[i] > 318 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) 319 return TEE_ERROR_NOT_SUPPORTED; 320 } 321 322 /* Fill the 3 TAMP_BKPRIFRx registers */ 323 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK, 324 bkpregs_conf->rif_offsets[0]); 325 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK, 326 bkpregs_conf->rif_offsets[1]); 327 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK, 328 bkpregs_conf->rif_offsets[2] | 329 SHIFT_U32(bkpregs_conf->rif_offsets[3], 330 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT)); 331 332 DMSG("Backup registers mapping :"); 333 DMSG("********START of zone 1********"); 334 DMSG("Protection Zone 1-RIF1 begins at register: 0"); 335 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32, 336 bkpregs_conf->rif_offsets[0]); 337 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32, 338 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0); 339 DMSG("********END of zone 1********"); 340 DMSG("********START of zone 2********"); 341 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32, 342 bkpregs_conf->zone1_end); 343 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32, 344 bkpregs_conf->rif_offsets[1]); 345 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32, 346 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ? 347 bkpregs_conf->zone2_end - 1 : 0); 348 DMSG("********END of zone 2********"); 349 DMSG("********START of zone 3********"); 350 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32, 351 bkpregs_conf->zone2_end); 352 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32, 353 bkpregs_conf->rif_offsets[2]); 354 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32, 355 bkpregs_conf->rif_offsets[3]); 356 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32, 357 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG); 358 DMSG("********END of zone 3********"); 359 360 return TEE_SUCCESS; 361 } 362 363 static TEE_Result stm32_tamp_set_secure_bkpregs(void) 364 { 365 struct stm32_bkpregs_conf *bkpregs_conf = 366 &stm32_tamp_dev->pdata.bkpregs_conf; 367 vaddr_t base = 0; 368 uint32_t first_z2 = 0; 369 uint32_t first_z3 = 0; 370 371 base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 372 373 first_z2 = bkpregs_conf->zone1_end; 374 first_z3 = bkpregs_conf->zone2_end; 375 376 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) || 377 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))) 378 return TEE_ERROR_BAD_PARAMETERS; 379 380 if (stm32_tamp_dev->pdata.compat && 381 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 382 io_clrsetbits32(base + _TAMP_SECCFGR, 383 _TAMP_SECCFGR_BKPRWSEC_MASK, 384 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) & 385 _TAMP_SECCFGR_BKPRWSEC_MASK); 386 387 io_clrsetbits32(base + _TAMP_SECCFGR, 388 _TAMP_SECCFGR_BKPWSEC_MASK, 389 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) & 390 _TAMP_SECCFGR_BKPWSEC_MASK); 391 } else { 392 io_clrsetbits32(base + _TAMP_SMCR, 393 _TAMP_SMCR_BKPRWDPROT_MASK, 394 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) & 395 _TAMP_SMCR_BKPRWDPROT_MASK); 396 397 io_clrsetbits32(base + _TAMP_SMCR, 398 _TAMP_SMCR_BKPWDPROT_MASK, 399 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) & 400 _TAMP_SMCR_BKPWDPROT_MASK); 401 } 402 403 return TEE_SUCCESS; 404 } 405 406 static void stm32_tamp_set_secure(uint32_t mode) 407 { 408 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 409 410 if (stm32_tamp_dev->pdata.compat && 411 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 412 io_clrsetbits32(base + _TAMP_SECCFGR, 413 _TAMP_SECCFGR_BUT_BKP_MASK, 414 mode & _TAMP_SECCFGR_BUT_BKP_MASK); 415 } else { 416 /* 417 * Note: MP15 doesn't use SECCFG register and 418 * inverts the secure bit. 419 */ 420 if (mode & _TAMP_SECCFGR_TAMPSEC) 421 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 422 else 423 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 424 } 425 } 426 427 static void stm32_tamp_set_privilege(uint32_t mode) 428 { 429 vaddr_t base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 430 431 if (stm32_tamp_dev->pdata.compat && 432 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR)) 433 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK, 434 mode & _TAMP_PRIVCFGR_MASK); 435 } 436 437 static void parse_bkpregs_dt_conf(const void *fdt, int node) 438 { 439 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 440 unsigned int bkpregs_count = 0; 441 const fdt32_t *cuint = NULL; 442 int lenp = 0; 443 444 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp); 445 if (!cuint) 446 panic("Missing backup registers configuration"); 447 448 /* 449 * When TAMP does not support RIF, the backup registers can 450 * be splited in 3 zones. These zones have specific read/write 451 * access permissions based on the secure status of the accesser. 452 * When RIF is supported, these zones can additionally be splited 453 * in subzones that have CID filtering. Zones/Subzones can be empty and 454 * are contiguous. 455 */ 456 if (!(pdata->compat->tags & TAMP_HAS_RIF_SUPPORT)) { 457 /* 3 zones, 2 offsets to apply */ 458 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES) 459 panic("Incorrect bkpregs configuration"); 460 461 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]); 462 bkpregs_count = fdt32_to_cpu(cuint[0]); 463 464 pdata->bkpregs_conf.zone2_end = bkpregs_count + 465 fdt32_to_cpu(cuint[1]); 466 } else { 467 /* 468 * Zone 3 469 * ----------------------| 470 * Protection Zone 3-RIF2|Read non- 471 * ----------------------|secure 472 * Protection Zone 3-RIF0|Write non- 473 * ----------------------|secure 474 * Protection Zone 3-RIF1| 475 * ----------------------| 476 * 477 * Zone 2 478 * ----------------------| 479 * Protection Zone 2-RIF2|Read non- 480 * ----------------------|secure 481 * Protection Zone 2-RIF1|Write secure 482 * ----------------------| 483 * 484 * Zone 1 485 * ----------------------| 486 * Protection Zone 1-RIF2|Read secure 487 * ----------------------|Write secure 488 * Protection Zone 1-RIF1| 489 * ----------------------| 490 * 491 * (BHK => First 8 registers) 492 */ 493 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT, 494 sizeof(uint32_t)); 495 if (!pdata->bkpregs_conf.rif_offsets) 496 panic(); 497 498 /* 499 * 3 zones with 7 subzones in total(6 offsets): 500 * - 2 zone offsets 501 * - 4 subzones offsets 502 */ 503 if (lenp != sizeof(uint32_t) * 504 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES)) 505 panic("Incorrect bkpregs configuration"); 506 507 /* Backup registers zone 1 */ 508 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]); 509 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) + 510 fdt32_to_cpu(cuint[1]); 511 512 bkpregs_count = pdata->bkpregs_conf.zone1_end; 513 514 /* Backup registers zone 2 */ 515 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count + 516 fdt32_to_cpu(cuint[2]); 517 pdata->bkpregs_conf.zone2_end = bkpregs_count + 518 fdt32_to_cpu(cuint[2]) + 519 fdt32_to_cpu(cuint[3]); 520 521 bkpregs_count = pdata->bkpregs_conf.zone2_end; 522 523 /* Backup registers zone 3 */ 524 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count + 525 fdt32_to_cpu(cuint[4]); 526 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count + 527 fdt32_to_cpu(cuint[4]) + 528 fdt32_to_cpu(cuint[5]); 529 } 530 } 531 532 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node, 533 const void *compat) 534 { 535 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 536 TEE_Result res = TEE_ERROR_GENERIC; 537 struct dt_node_info dt_tamp = { }; 538 539 fdt_fill_device_info(fdt, &dt_tamp, node); 540 541 if (dt_tamp.reg == DT_INFO_INVALID_REG || 542 dt_tamp.reg_size == DT_INFO_INVALID_REG_SIZE) 543 return TEE_ERROR_BAD_PARAMETERS; 544 545 pdata->compat = (struct stm32_tamp_compat *)compat; 546 pdata->it = dt_tamp.interrupt; 547 pdata->base.pa = dt_tamp.reg; 548 io_pa_or_va_secure(&pdata->base, dt_tamp.reg_size); 549 550 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock); 551 if (res) 552 return res; 553 554 parse_bkpregs_dt_conf(fdt, node); 555 556 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) { 557 const fdt32_t *cuint = NULL; 558 unsigned int i = 0; 559 int lenp = 0; 560 561 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid); 562 if (res) 563 return res; 564 565 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp); 566 if (!cuint) { 567 DMSG("No RIF configuration available"); 568 return TEE_SUCCESS; 569 } 570 571 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data)); 572 if (!pdata->conf_data) 573 panic(); 574 575 pdata->nb_rif_resources = (unsigned int)(lenp / 576 sizeof(uint32_t)); 577 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES); 578 579 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES, 580 sizeof(uint32_t)); 581 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t)); 582 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t)); 583 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t)); 584 if (!pdata->conf_data->cid_confs || 585 !pdata->conf_data->sec_conf || 586 !pdata->conf_data->priv_conf || 587 !pdata->conf_data->access_mask) 588 panic("Not enough memory capacity for TAMP RIF config"); 589 590 for (i = 0; i < pdata->nb_rif_resources; i++) 591 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]), 592 pdata->conf_data, 593 TAMP_RIF_RESOURCES); 594 } 595 596 return TEE_SUCCESS; 597 } 598 599 static TEE_Result stm32_tamp_probe(const void *fdt, int node, 600 const void *compat_data) 601 { 602 uint32_t __maybe_unused revision = 0; 603 TEE_Result res = TEE_SUCCESS; 604 vaddr_t base = 0; 605 606 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev)); 607 if (!stm32_tamp_dev) 608 return TEE_ERROR_OUT_OF_MEMORY; 609 610 res = stm32_tamp_parse_fdt(fdt, node, compat_data); 611 if (res) 612 goto err; 613 614 if (clk_enable(stm32_tamp_dev->pdata.clock)) 615 panic(); 616 617 base = io_pa_or_va(&stm32_tamp_dev->pdata.base, 1); 618 619 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1); 620 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2); 621 622 revision = io_read32(base + _TAMP_VERR); 623 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32, 624 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV); 625 626 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) { 627 EMSG("TAMP doesn't support TrustZone"); 628 res = TEE_ERROR_NOT_SUPPORTED; 629 goto err_clk; 630 } 631 632 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 633 apply_rif_config(); 634 635 if (stm32_tamp_dev->pdata.is_tdcid) { 636 res = stm32_tamp_apply_bkpr_rif_conf(); 637 if (res) 638 goto err_clk; 639 } 640 } else { 641 /* 642 * Enforce secure only access to protected TAMP registers. 643 * Allow non-secure access to monotonic counter. 644 */ 645 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC); 646 647 /* 648 * Enforce privilege only access to TAMP registers, backup 649 * registers and monotonic counter. 650 */ 651 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV | 652 _TAMP_PRIVCFG_BKPRWPRIV | 653 _TAMP_PRIVCFG_BKPWPRIV); 654 } 655 656 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) || 657 stm32_tamp_dev->pdata.is_tdcid) { 658 res = stm32_tamp_set_secure_bkpregs(); 659 if (res) 660 goto err_clk; 661 } 662 663 return TEE_SUCCESS; 664 665 err_clk: 666 clk_disable(stm32_tamp_dev->pdata.clock); 667 err: 668 if (stm32_tamp_dev->pdata.conf_data) { 669 free(stm32_tamp_dev->pdata.conf_data->cid_confs); 670 free(stm32_tamp_dev->pdata.conf_data->sec_conf); 671 free(stm32_tamp_dev->pdata.conf_data->priv_conf); 672 free(stm32_tamp_dev->pdata.conf_data->access_mask); 673 free(stm32_tamp_dev->pdata.conf_data); 674 } 675 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets); 676 free(stm32_tamp_dev); 677 678 return res; 679 } 680 681 static const struct stm32_tamp_compat mp13_compat = { 682 .nb_monotonic_counter = 2, 683 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR, 684 }; 685 686 static const struct stm32_tamp_compat mp15_compat = { 687 .nb_monotonic_counter = 1, 688 .tags = 0, 689 }; 690 691 static const struct stm32_tamp_compat mp25_compat = { 692 .nb_monotonic_counter = 2, 693 .tags = TAMP_HAS_REGISTER_SECCFGR | 694 TAMP_HAS_REGISTER_PRIVCFGR | 695 TAMP_HAS_RIF_SUPPORT, 696 }; 697 698 static const struct dt_device_match stm32_tamp_match_table[] = { 699 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat }, 700 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat }, 701 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat }, 702 { } 703 }; 704 705 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = { 706 .name = "stm32-tamp", 707 .match_table = stm32_tamp_match_table, 708 .probe = stm32_tamp_probe, 709 }; 710