1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2025, STMicroelectronics 4 */ 5 6 #include <crypto/crypto.h> 7 #include <drivers/clk.h> 8 #include <drivers/clk_dt.h> 9 #include <drivers/gpio.h> 10 #include <drivers/stm32_gpio.h> 11 #include <drivers/stm32_rif.h> 12 #include <drivers/stm32_rtc.h> 13 #include <drivers/stm32mp_dt_bindings.h> 14 #include <io.h> 15 #include <kernel/dt.h> 16 #include <kernel/dt_driver.h> 17 #include <kernel/interrupt.h> 18 #include <libfdt.h> 19 #include <mm/core_memprot.h> 20 #include <stdbool.h> 21 22 /* STM32 Registers */ 23 #define _TAMP_CR1 0x00U 24 #define _TAMP_CR2 0x04U 25 #define _TAMP_CR3 0x08U 26 #define _TAMP_FLTCR 0x0CU 27 #define _TAMP_ATCR1 0x10U 28 #define _TAMP_ATSEEDR 0x14U 29 #define _TAMP_ATOR 0x18U 30 #define _TAMP_ATCR2 0x1CU 31 #define _TAMP_SECCFGR 0x20U 32 #define _TAMP_SMCR 0x20U 33 #define _TAMP_PRIVCFGR 0x24U 34 #define _TAMP_IER 0x2CU 35 #define _TAMP_SR 0x30U 36 #define _TAMP_MISR 0x34U 37 #define _TAMP_SMISR 0x38U 38 #define _TAMP_SCR 0x3CU 39 #define _TAMP_COUNTR 0x40U 40 #define _TAMP_COUNT2R 0x44U 41 #define _TAMP_OR 0x50U 42 #define _TAMP_ERCFGR 0X54U 43 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U)) 44 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x)) 45 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U)) 46 #define _TAMP_HWCFGR2 0x3ECU 47 #define _TAMP_HWCFGR1 0x3F0U 48 #define _TAMP_VERR 0x3F4U 49 #define _TAMP_IPIDR 0x3F8U 50 #define _TAMP_SIDR 0x3FCU 51 52 /* _TAMP_SECCFGR bit fields */ 53 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0) 54 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U 55 #define _TAMP_SECCFGR_CNT2SEC BIT(14) 56 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U 57 #define _TAMP_SECCFGR_CNT1SEC BIT(15) 58 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U 59 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16) 60 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U 61 #define _TAMP_SECCFGR_BHKLOCK BIT(30) 62 #define _TAMP_SECCFGR_TAMPSEC BIT(31) 63 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U 64 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \ 65 GENMASK_32(15, 14)) 66 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0) 67 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1) 68 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2) 69 70 /* _TAMP_SMCR bit fields */ 71 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0) 72 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U 73 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16) 74 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U 75 #define _TAMP_SMCR_DPROT BIT(31) 76 /* 77 * _TAMP_PRIVCFGR bit fields 78 */ 79 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 80 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 81 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 82 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 83 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 84 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 85 GENMASK_32(15, 14)) 86 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0) 87 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1) 88 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2) 89 90 /* _TAMP_PRIVCFGR bit fields */ 91 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 92 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 93 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 94 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 95 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 96 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 97 GENMASK_32(15, 14)) 98 99 /*_TAMP_CR1 bit fields */ 100 #define _TAMP_CR1_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 101 #define _TAMP_CR1_ETAMP(id) BIT((id) - EXT_TAMP1) 102 103 /* _TAMP_CR2 bit fields */ 104 #define _TAMP_CR2_ETAMPTRG(id) BIT((id) - EXT_TAMP1 + U(24)) 105 #define _TAMP_CR2_BKERASE BIT(23) 106 #define _TAMP_CR2_BKBLOCK BIT(22) 107 #define _TAMP_CR2_ETAMPMSK_MAX_ID 3U 108 #define _TAMP_CR2_ETAMPMSK(id) BIT((id) - EXT_TAMP1 + U(16)) 109 #define _TAMP_CR2_ETAMPNOER(id) BIT((id) - EXT_TAMP1) 110 111 /* _TAMP_CR3 bit fields */ 112 #define _TAMP_CR3_ITAMPNOER_ALL GENMASK_32(12, 0) 113 #define _TAMP_CR3_ITAMPNOER(id) BIT((id) - INT_TAMP1) 114 115 /* _TAMP_FLTCR bit fields */ 116 #define _TAMP_FLTCR_TAMPFREQ_MASK GENMASK_32(2, 0) 117 #define _TAMP_FLTCR_TAMPFREQ_SHIFT 0U 118 #define _TAMP_FLTCR_TAMPFLT_MASK GENMASK_32(4, 3) 119 #define _TAMP_FLTCR_TAMPFLT_SHIFT U(3) 120 #define _TAMP_FLTCR_TAMPPRCH_MASK GENMASK_32(6, 5) 121 #define _TAMP_FLTCR_TAMPPRCH_SHIFT 5U 122 #define _TAMP_FLTCR_TAMPPUDIS BIT(7) 123 124 /* _TAMP_ATCR bit fields */ 125 #define _TAMP_ATCR1_ATCKSEL_MASK GENMASK_32(19, 16) 126 #define _TAMP_ATCR1_ATCKSEL_SHIFT 16U 127 #define _TAMP_ATCR1_ATPER_MASK GENMASK_32(26, 24) 128 #define _TAMP_ATCR1_ATPER_SHIFT 24U 129 #define _TAMP_ATCR1_ATOSHARE BIT(30) 130 #define _TAMP_ATCR1_FLTEN BIT(31) 131 #define _TAMP_ATCR1_COMMON_MASK GENMASK_32(31, 16) 132 #define _TAMP_ATCR1_ETAMPAM(id) BIT((id) - EXT_TAMP1) 133 #define _TAMP_ATCR1_ATOSEL_MASK(id) \ 134 ({ \ 135 typeof(id) _id = (id); \ 136 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 2 + 7, \ 137 ((_id) - EXT_TAMP1) * 2 + 8); \ 138 }) 139 140 #define _TAMP_ATCR1_ATOSEL(id, od) \ 141 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 2 + 8) 142 143 /* _TAMP_ATCR2 bit fields */ 144 #define _TAMP_ATCR2_ATOSEL_MASK(id) \ 145 ({ \ 146 typeof(id) _id = (id); \ 147 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 3 + 7, \ 148 ((_id) - EXT_TAMP1) * 3 + 8); \ 149 }) 150 151 #define _TAMP_ATCR2_ATOSEL(id, od) \ 152 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 3 + 8) 153 154 /* _TAMP_ATOR bit fields */ 155 #define _TAMP_PRNG GENMASK_32(7, 0) 156 #define _TAMP_SEEDF BIT(14) 157 #define _TAMP_INITS BIT(15) 158 159 /* _TAMP_IER bit fields */ 160 #define _TAMP_IER_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 161 #define _TAMP_IER_ETAMP(id) BIT((id) - EXT_TAMP1) 162 163 /* _TAMP_SR bit fields */ 164 #define _TAMP_SR_ETAMPXF_MASK GENMASK_32(7, 0) 165 #define _TAMP_SR_ITAMPXF_MASK GENMASK_32(31, 16) 166 #define _TAMP_SR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 167 #define _TAMP_SR_ETAMP(id) BIT((id) - EXT_TAMP1) 168 169 /* _TAMP_SCR bit fields */ 170 #define _TAMP_SCR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 171 #define _TAMP_SCR_ETAMP(id) BIT((id) - EXT_TAMP1) 172 173 /* _TAMP_OR bit fields */ 174 #define _TAMP_OR_STM32MP13_IN1RMP_PF10 0U 175 #define _TAMP_OR_STM32MP13_IN1RMP_PC13 BIT(0) 176 #define _TAMP_OR_STM32MP13_IN2RMP_PA6 0U 177 #define _TAMP_OR_STM32MP13_IN2RMP_PI1 BIT(1) 178 #define _TAMP_OR_STM32MP13_IN3RMP_PC0 0U 179 #define _TAMP_OR_STM32MP13_IN3RMP_PI2 BIT(2) 180 #define _TAMP_OR_STM32MP13_IN4RMP_PG8 0U 181 #define _TAMP_OR_STM32MP13_IN4RMP_PI3 BIT(3) 182 183 /* For STM32MP15x, _TAMP_CFGR is _TAMP_OR */ 184 #define _TAMP_OR_STM32MP15_OUT3RMP_PI8 0U 185 #define _TAMP_OR_STM32MP15_OUT3RMP_PC13 BIT(0) 186 187 #define _TAMP_STM32MP21_OR_IN1RMP_PC4 0U 188 #define _TAMP_STM32MP21_OR_IN1RMP_PI8 BIT(0) 189 190 #define _TAMP_OR_STM32MP25_IN1RMP_PC4 0U 191 #define _TAMP_OR_STM32MP25_IN1RMP_PI8 BIT(0) 192 #define _TAMP_OR_STM32MP25_IN3RMP_PC3 0U 193 #define _TAMP_OR_STM32MP25_IN3RMP_PZ2 BIT(1) 194 #define _TAMP_OR_STM32MP25_IN5RMP_PF6 0U 195 #define _TAMP_OR_STM32MP25_IN5RMP_PZ4 BIT(2) 196 197 /* _TAMP_HWCFGR2 bit fields */ 198 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8) 199 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0) 200 201 /* _TAMP_HWCFGR1 bit fields */ 202 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0) 203 #define _TAMP_HWCFGR1_TAMPER_SHIFT 8U 204 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8) 205 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12) 206 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16) 207 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U 208 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U) 209 210 /* _TAMP_VERR bit fields */ 211 #define _TAMP_VERR_MINREV GENMASK_32(3, 0) 212 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4) 213 214 /* 215 * CIDCFGR register bitfields 216 */ 217 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 218 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \ 219 _CIDCFGR_SEMEN | \ 220 _TAMP_CIDCFGR_SCID_MASK) 221 222 /* _TAMP_BKPRIFR */ 223 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0) 224 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0) 225 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0)) 226 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U 227 228 /* 229 * RIF miscellaneous 230 */ 231 #define TAMP_NB_BKPR_ZONES 3U 232 #define TAMP_RIF_RESOURCES 3U 233 #define TAMP_RIF_OFFSET_CNT 4U 234 235 /* 236 * Compatibility capabilities 237 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR 238 * register 239 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register 240 * TAMP_HAS_RIF_SUPPORT - Supports RIF 241 */ 242 #define TAMP_HAS_REGISTER_SECCFGR BIT(0) 243 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1) 244 #define TAMP_HAS_REGISTER_ERCFGR BIT(2) 245 #define TAMP_HAS_REGISTER_ATCR2 BIT(3) 246 #define TAMP_HAS_REGISTER_CR3 BIT(4) 247 #define TAMP_HAS_CR2_SECRET_STATUS BIT(5) 248 #define TAMP_SIZE_ATCR1_ATCKSEL_IS_4 BIT(7) 249 #define TAMP_HAS_RIF_SUPPORT BIT(31) 250 251 /* Tamper event modes */ 252 #define TAMP_ERASE 0x0U 253 #define TAMP_NOERASE BIT(1) 254 #define TAMP_NO_EVT_MASK 0x0U 255 #define TAMP_EVT_MASK BIT(2) 256 #define TAMP_MODE_MASK GENMASK_32(15, 0) 257 258 /* Callback return bitmask values */ 259 #define TAMP_CB_ACK BIT(0) 260 #define TAMP_CB_RESET BIT(1) 261 #define TAMP_CB_ACK_AND_RESET (TAMP_CB_RESET | TAMP_CB_ACK) 262 263 #define SEED_TIMEOUT_US 1000U 264 265 /* Define TAMPER modes from DT */ 266 #define TAMP_TRIG_ON BIT(16) 267 #define TAMP_ACTIVE BIT(17) 268 #define TAMP_IN_DT BIT(18) 269 270 enum stm32_tamp_id { 271 INT_TAMP1 = 0, 272 INT_TAMP2, 273 INT_TAMP3, 274 INT_TAMP4, 275 INT_TAMP5, 276 INT_TAMP6, 277 INT_TAMP7, 278 INT_TAMP8, 279 INT_TAMP9, 280 INT_TAMP10, 281 INT_TAMP11, 282 INT_TAMP12, 283 INT_TAMP13, 284 INT_TAMP14, 285 INT_TAMP15, 286 INT_TAMP16, 287 288 EXT_TAMP1, 289 EXT_TAMP2, 290 EXT_TAMP3, 291 EXT_TAMP4, 292 EXT_TAMP5, 293 EXT_TAMP6, 294 EXT_TAMP7, 295 EXT_TAMP8, 296 297 LAST_TAMP, 298 INVALID_TAMP = 0xFFFF, 299 }; 300 301 enum stm32_tamp_out_id { 302 OUT_TAMP1 = LAST_TAMP, 303 OUT_TAMP2, 304 OUT_TAMP3, 305 OUT_TAMP4, 306 OUT_TAMP5, 307 OUT_TAMP6, 308 OUT_TAMP7, 309 OUT_TAMP8, 310 INVALID_OUT_TAMP = INVALID_TAMP 311 }; 312 313 /** 314 * struct stm32_tamp_pin_map - Tamper pin map 315 * 316 * @id: Identifier of the tamper 317 * @conf: Internal mux configuration of the pin present in the TAMP block 318 * @bank: GPIO pin bank 319 * @pin: GPIO number in the bank 320 * @out: True if pin is used for tamper output 321 */ 322 struct stm32_tamp_pin_map { 323 uint32_t id; 324 uint32_t conf; 325 uint8_t bank; 326 uint8_t pin; 327 bool out; 328 }; 329 330 /** 331 * struct stm32_tamp_tamper_data - Tamper data 332 * 333 * @id: Identifier of the tamper 334 * @out_id: Identifier of the output tamper, tamper in active mode 335 * @mode: Mode of the tamper 336 * @func: Tamper callback in case of tamper event 337 */ 338 struct stm32_tamp_tamper_data { 339 uint32_t id; 340 uint32_t out_id; 341 uint32_t mode; 342 uint32_t (*func)(int id); 343 }; 344 345 /** 346 * struct stm32_tamp_compat - TAMP compatible data 347 * 348 * @ext_tamp: List of available external tampers 349 * @int_tamp: List of available internal tampers 350 * @pin_map: List of hardware mapped of pins supporting tamper event detection 351 * @nb_monotonic_counter: Number of monotic counter supported 352 * @ext_tamp_size: Size of @ext_tamp 353 * @int_tamp_size: Size of @int_tamp 354 * @pin_map_size: Size of pin_map 355 * @tags: Bit flags TAMP_HAS_* for compatibility management 356 */ 357 struct stm32_tamp_compat { 358 struct stm32_tamp_tamper_data *ext_tamp; 359 struct stm32_tamp_tamper_data *int_tamp; 360 const struct stm32_tamp_pin_map *pin_map; 361 int nb_monotonic_counter; 362 uint32_t ext_tamp_size; 363 uint32_t int_tamp_size; 364 uint32_t pin_map_size; 365 uint32_t tags; 366 }; 367 368 /* 369 * struct stm32_bkpregs_conf - Backup registers zone bounds 370 * @zone1_end - Number of backup registers in zone 1 371 * @zone2_end - Number of backup registers in zone 2 + zone 1 372 * @rif_offsets - RIF offsets used for CID compartments 373 * 374 * TAMP backup registers access permissions 375 * 376 * Zone 1: read/write in secure state, no access in non-secure state 377 * Zone 2: read/write in secure state, read-only in non-secure state 378 * Zone 3: read/write in secure state, read/write in non-secure state 379 * 380 * Protection zone 1 381 * If zone1_end == 0 no backup register are in zone 1. 382 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1, 383 * with <x> = (@zone1_end - 1). 384 * 385 * Protection zone 2 386 * If zone2_end == 0 no backup register are in zone 2 and zone 1. 387 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2, 388 * with <y> = @zone1_end and <z> = (@zone2_end - 1). 389 * 390 * Protection zone 3 391 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3, 392 * with <t> = (@zone2_end - 1). 393 * 394 * When RIF is supported, each zone can be subdivided to restrain accesses to 395 * some CIDs. 396 */ 397 struct stm32_bkpregs_conf { 398 uint32_t zone1_end; 399 uint32_t zone2_end; 400 uint32_t *rif_offsets; 401 }; 402 403 /** 404 * struct stm32_tamp_platdata - TAMP platform data 405 * @base: IOMEM base address 406 * @bkpregs_conf: TAMP backup register configuration reference 407 * @compat: Reference to compat data passed at driver initialization 408 * @conf_data: RIF configuration data 409 * @clock: TAMP clock 410 * @itr: TAMP interrupt handler 411 * @nb_rif_resources: Number of RIF resources 412 * @passive_conf: Passive tampers configuration 413 * @active_conf: Active tampers configuration 414 * @pins_conf: Configuration of mapped pins for tampers 415 * @out_pins: Output pins for passive tampers 416 * @is_wakeup_source: True if a tamper event is a wakeup source 417 * @is_tdcid: True if current processor is TDCID 418 */ 419 struct stm32_tamp_platdata { 420 struct io_pa_va base; 421 struct stm32_bkpregs_conf bkpregs_conf; 422 struct stm32_tamp_compat *compat; 423 struct rif_conf_data *conf_data; 424 struct clk *clock; 425 struct itr_handler *itr; 426 unsigned int nb_rif_resources; 427 uint32_t passive_conf; 428 uint32_t active_conf; 429 uint32_t pins_conf; 430 uint32_t out_pins; 431 bool is_wakeup_source; 432 bool is_tdcid; 433 }; 434 435 /** 436 * struct stm32_tamp_instance - TAMP instance data 437 * @pdata: TAMP platform data 438 * @hwconf1: Copy of TAMP HWCONF1 register content 439 * @hwconf2: Copy of TAMP HWCONF2 register content 440 */ 441 struct stm32_tamp_instance { 442 struct stm32_tamp_platdata pdata; 443 uint32_t hwconf1; 444 uint32_t hwconf2; 445 }; 446 447 #define GPIO_BANK(port) ((port) - 'A') 448 449 #if defined(CFG_STM32MP13) 450 static const char * const itamper_name[] = { 451 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 452 [INT_TAMP2] = "Temperature monitoring", 453 [INT_TAMP3] = "LSE monitoring", 454 [INT_TAMP4] = "HSE monitoring", 455 [INT_TAMP5] = "RTC Calendar overflow", 456 [INT_TAMP6] = "JTAG SWD access", 457 [INT_TAMP7] = "ADC2 analog watchdog monitoring 1", 458 [INT_TAMP8] = "Monotonic counter 1", 459 [INT_TAMP9] = "Cryptographic perpipheral fault", 460 [INT_TAMP10] = "Monotonic counter 2", 461 [INT_TAMP11] = "IWDG1 reset", 462 [INT_TAMP12] = "ADC2 analog watchdog monitoring 2", 463 [INT_TAMP13] = "ADC2 analog watchdog monitoring 3", 464 }; 465 466 static struct stm32_tamp_tamper_data int_tamp_mp13[] = { 467 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 468 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 469 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 470 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 471 { .id = INT_TAMP12 }, { .id = INT_TAMP13 }, 472 }; 473 474 static struct stm32_tamp_tamper_data ext_tamp_mp13[] = { 475 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 476 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 477 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 478 }; 479 480 static const struct stm32_tamp_pin_map pin_map_mp13[] = { 481 { 482 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 483 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PC13, 484 }, 485 { 486 .id = EXT_TAMP1, .bank = GPIO_BANK('F'), .pin = 10, 487 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PF10, 488 }, 489 { 490 .id = EXT_TAMP2, .bank = GPIO_BANK('A'), .pin = 6, 491 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PA6, 492 }, 493 { 494 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 1, 495 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PI1, 496 }, 497 { 498 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 0, 499 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PC0, 500 }, 501 { 502 .id = EXT_TAMP3, .bank = GPIO_BANK('I'), .pin = 2, 503 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PI2, 504 }, 505 { 506 .id = EXT_TAMP4, .bank = GPIO_BANK('G'), .pin = 8, 507 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PG8, 508 }, 509 { 510 .id = EXT_TAMP4, .bank = GPIO_BANK('I'), .pin = 3, 511 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PI3, 512 }, 513 }; 514 #endif 515 516 #if defined(CFG_STM32MP15) 517 static const char * const itamper_name[] = { 518 [INT_TAMP1] = "RTC power domain", 519 [INT_TAMP2] = "Temperature monitoring", 520 [INT_TAMP3] = "LSE monitoring", 521 [INT_TAMP5] = "RTC Calendar overflow", 522 [INT_TAMP8] = "Monotonic counter", 523 }; 524 DECLARE_KEEP_PAGER(itamper_name); 525 526 static struct stm32_tamp_tamper_data int_tamp_mp15[] = { 527 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 528 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP8 }, 529 }; 530 531 static struct stm32_tamp_tamper_data ext_tamp_mp15[] = { 532 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 533 }; 534 535 static const struct stm32_tamp_pin_map pin_map_mp15[] = { 536 { 537 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 538 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 539 }, 540 { 541 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 8, 542 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 543 }, 544 { 545 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 1, 546 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 547 }, 548 { 549 .id = OUT_TAMP2, .bank = GPIO_BANK('C'), .pin = 13, 550 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 551 }, 552 { 553 .id = OUT_TAMP3, .bank = GPIO_BANK('C'), .pin = 13, 554 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PC13, 555 }, 556 { 557 .id = OUT_TAMP3, .bank = GPIO_BANK('I'), .pin = 8, 558 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 559 }, 560 }; 561 #endif 562 563 #if defined(CFG_STM32MP21) 564 static const char * const itamper_name[] = { 565 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 566 [INT_TAMP2] = "Temperature monitoring", 567 [INT_TAMP3] = "LSE monitoring", 568 [INT_TAMP4] = "HSE monitoring", 569 [INT_TAMP5] = "RTC Calendar overflow", 570 [INT_TAMP6] = "JTAG TAP access in secured-closed", 571 [INT_TAMP7] = "ADC2 analog watchdog monitoring1", 572 [INT_TAMP8] = "Monotonic counter 1 overflow", 573 [INT_TAMP9] = "Cryptographic peripherals fault", 574 [INT_TAMP10] = "Monotonic counter 2 overflow", 575 [INT_TAMP11] = "IWDG3 reset", 576 [INT_TAMP12] = "ADC2 analog watchdog monitoring2", 577 [INT_TAMP13] = "ADC2 analog watchdog monitoring3", 578 [INT_TAMP14] = "RIFSC or BSEC or DBGMCU fault", 579 [INT_TAMP15] = "IWDG1_reset", 580 [INT_TAMP16] = "BOOTROM fault", 581 }; 582 583 static struct stm32_tamp_tamper_data int_tamp_mp21[] = { 584 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 585 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 586 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 587 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, { .id = INT_TAMP12 }, 588 { .id = INT_TAMP13 }, { .id = INT_TAMP14 }, { .id = INT_TAMP15 }, 589 { .id = INT_TAMP16 }, 590 }; 591 592 static struct stm32_tamp_tamper_data ext_tamp_mp21[] = { 593 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 594 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 595 { .id = EXT_TAMP7 }, 596 }; 597 598 static const struct stm32_tamp_pin_map pin_map_mp21[] = { 599 { 600 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 601 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PI8, 602 }, 603 { 604 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 605 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PC4, 606 }, 607 }; 608 #endif 609 610 #if defined(CFG_STM32MP25) 611 static const char * const itamper_name[] = { 612 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 613 [INT_TAMP2] = "Temperature monitoring", 614 [INT_TAMP3] = "LSE monitoring", 615 [INT_TAMP4] = "HSE monitoring", 616 [INT_TAMP5] = "RTC Calendar overflow", 617 [INT_TAMP6] = "JTAG/SWD access", 618 [INT_TAMP7] = "VDDCORE monitoring under/over voltage", 619 [INT_TAMP8] = "Monotonic counter 1 overflow", 620 [INT_TAMP9] = "Cryptographic peripherals fault", 621 [INT_TAMP10] = "Monotonic counter 2 overflow", 622 [INT_TAMP11] = "IWDG3 reset", 623 [INT_TAMP12] = "VDDCPU monitoring under/over voltage", 624 [INT_TAMP14] = "IWDG5_reset", 625 [INT_TAMP15] = "IWDG1_reset", 626 }; 627 628 static struct stm32_tamp_tamper_data int_tamp_mp25[] = { 629 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 630 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 631 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 632 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 633 { .id = INT_TAMP12 }, { .id = INT_TAMP14 }, 634 { .id = INT_TAMP15 }, 635 }; 636 637 static struct stm32_tamp_tamper_data ext_tamp_mp25[] = { 638 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 639 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 640 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 641 }; 642 643 static const struct stm32_tamp_pin_map pin_map_mp25[] = { 644 { 645 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 646 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PI8, 647 }, 648 { 649 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 650 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PC4, 651 }, 652 { 653 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 3, 654 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PC3, 655 }, 656 { 657 .id = EXT_TAMP3, .bank = GPIO_BANK('Z'), .pin = 2, 658 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PZ2, 659 }, 660 { 661 .id = EXT_TAMP5, .bank = GPIO_BANK('F'), .pin = 6, 662 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PF6, 663 }, 664 { 665 .id = EXT_TAMP5, .bank = GPIO_BANK('Z'), .pin = 4, 666 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PZ4, 667 }, 668 }; 669 #endif 670 671 /* Expects at most a single instance */ 672 static struct stm32_tamp_instance *stm32_tamp_dev; 673 674 static vaddr_t get_base(void) 675 { 676 assert(stm32_tamp_dev && stm32_tamp_dev->pdata.base.pa); 677 678 return io_pa_or_va_secure(&stm32_tamp_dev->pdata.base, 1); 679 } 680 681 static void apply_rif_config(void) 682 { 683 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data; 684 uint32_t access_mask_priv_reg = 0; 685 uint32_t access_mask_sec_reg = 0; 686 vaddr_t base = get_base(); 687 uint32_t privcfgr = 0; 688 uint32_t seccfgr = 0; 689 unsigned int i = 0; 690 691 if (!stm32_tamp_dev->pdata.conf_data) 692 return; 693 694 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */ 695 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 696 if (BIT(i) & rif_conf->access_mask[0]) { 697 switch (i) { 698 case 0: 699 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC; 700 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV; 701 break; 702 case 1: 703 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC; 704 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV; 705 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV; 706 break; 707 case 2: 708 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC; 709 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV; 710 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV; 711 break; 712 default: 713 panic(); 714 } 715 } 716 } 717 718 /* 719 * When TDCID, OP-TEE should be the one to set the CID filtering 720 * configuration. Clearing previous configuration prevents 721 * undesired events during the only legitimate configuration. 722 */ 723 if (stm32_tamp_dev->pdata.is_tdcid) { 724 for (i = 0; i < TAMP_RIF_RESOURCES; i++) 725 if (BIT(i) & rif_conf->access_mask[0]) 726 io_clrbits32(base + _TAMP_CIDCFGR(i), 727 _TAMP_CIDCFGR_CONF_MASK); 728 } 729 730 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC) 731 seccfgr |= _TAMP_SECCFGR_TAMPSEC; 732 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1) 733 seccfgr |= _TAMP_SECCFGR_CNT1SEC; 734 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2) 735 seccfgr |= _TAMP_SECCFGR_CNT2SEC; 736 737 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV) 738 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV; 739 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1) 740 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV; 741 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2) 742 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV; 743 744 /* Security and privilege RIF configuration */ 745 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr); 746 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr); 747 748 if (!stm32_tamp_dev->pdata.is_tdcid) 749 return; 750 751 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 752 if (!(BIT(i) & rif_conf->access_mask[0])) 753 continue; 754 755 io_clrsetbits32(base + _TAMP_CIDCFGR(i), 756 _TAMP_CIDCFGR_CONF_MASK, 757 rif_conf->cid_confs[i]); 758 } 759 } 760 761 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void) 762 { 763 struct stm32_bkpregs_conf *bkpregs_conf = 764 &stm32_tamp_dev->pdata.bkpregs_conf; 765 vaddr_t base = get_base(); 766 unsigned int i = 0; 767 768 if (!bkpregs_conf->rif_offsets) 769 panic("No backup register configuration"); 770 771 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) { 772 if (bkpregs_conf->rif_offsets[i] > 773 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) 774 return TEE_ERROR_NOT_SUPPORTED; 775 } 776 777 /* Fill the 3 TAMP_BKPRIFRx registers */ 778 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK, 779 bkpregs_conf->rif_offsets[0]); 780 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK, 781 bkpregs_conf->rif_offsets[1]); 782 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK, 783 bkpregs_conf->rif_offsets[2] | 784 SHIFT_U32(bkpregs_conf->rif_offsets[3], 785 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT)); 786 787 DMSG("Backup registers mapping :"); 788 DMSG("********START of zone 1********"); 789 DMSG("Protection Zone 1-RIF1 begins at register: 0"); 790 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32, 791 bkpregs_conf->rif_offsets[0]); 792 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32, 793 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0); 794 DMSG("********END of zone 1********"); 795 DMSG("********START of zone 2********"); 796 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32, 797 bkpregs_conf->zone1_end); 798 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32, 799 bkpregs_conf->rif_offsets[1]); 800 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32, 801 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ? 802 bkpregs_conf->zone2_end - 1 : 0); 803 DMSG("********END of zone 2********"); 804 DMSG("********START of zone 3********"); 805 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32, 806 bkpregs_conf->zone2_end); 807 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32, 808 bkpregs_conf->rif_offsets[2]); 809 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32, 810 bkpregs_conf->rif_offsets[3]); 811 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32, 812 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG); 813 DMSG("********END of zone 3********"); 814 815 return TEE_SUCCESS; 816 } 817 818 static TEE_Result stm32_tamp_set_secure_bkpregs(void) 819 { 820 struct stm32_bkpregs_conf *bkpregs_conf = 821 &stm32_tamp_dev->pdata.bkpregs_conf; 822 vaddr_t base = get_base(); 823 uint32_t first_z2 = 0; 824 uint32_t first_z3 = 0; 825 826 first_z2 = bkpregs_conf->zone1_end; 827 first_z3 = bkpregs_conf->zone2_end; 828 829 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) || 830 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))) 831 return TEE_ERROR_BAD_PARAMETERS; 832 833 if (stm32_tamp_dev->pdata.compat && 834 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 835 io_clrsetbits32(base + _TAMP_SECCFGR, 836 _TAMP_SECCFGR_BKPRWSEC_MASK, 837 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) & 838 _TAMP_SECCFGR_BKPRWSEC_MASK); 839 840 io_clrsetbits32(base + _TAMP_SECCFGR, 841 _TAMP_SECCFGR_BKPWSEC_MASK, 842 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) & 843 _TAMP_SECCFGR_BKPWSEC_MASK); 844 } else { 845 io_clrsetbits32(base + _TAMP_SMCR, 846 _TAMP_SMCR_BKPRWDPROT_MASK, 847 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) & 848 _TAMP_SMCR_BKPRWDPROT_MASK); 849 850 io_clrsetbits32(base + _TAMP_SMCR, 851 _TAMP_SMCR_BKPWDPROT_MASK, 852 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) & 853 _TAMP_SMCR_BKPWDPROT_MASK); 854 } 855 856 return TEE_SUCCESS; 857 } 858 859 static void stm32_tamp_set_secure(uint32_t mode) 860 { 861 vaddr_t base = get_base(); 862 863 if (stm32_tamp_dev->pdata.compat && 864 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 865 io_clrsetbits32(base + _TAMP_SECCFGR, 866 _TAMP_SECCFGR_BUT_BKP_MASK, 867 mode & _TAMP_SECCFGR_BUT_BKP_MASK); 868 } else { 869 /* 870 * Note: MP15 doesn't use SECCFG register and 871 * inverts the secure bit. 872 */ 873 if (mode & _TAMP_SECCFGR_TAMPSEC) 874 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 875 else 876 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 877 } 878 } 879 880 static void stm32_tamp_set_privilege(uint32_t mode) 881 { 882 vaddr_t base = get_base(); 883 884 if (stm32_tamp_dev->pdata.compat && 885 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR)) 886 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK, 887 mode & _TAMP_PRIVCFGR_MASK); 888 } 889 890 static void parse_bkpregs_dt_conf(const void *fdt, int node) 891 { 892 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 893 unsigned int bkpregs_count = 0; 894 const fdt32_t *cuint = NULL; 895 int lenp = 0; 896 897 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp); 898 if (!cuint) 899 panic("Missing backup registers configuration"); 900 901 /* 902 * When TAMP does not support RIF, the backup registers can 903 * be splited in 3 zones. These zones have specific read/write 904 * access permissions based on the secure status of the accesser. 905 * When RIF is supported, these zones can additionally be splited 906 * in subzones that have CID filtering. Zones/Subzones can be empty and 907 * are contiguous. 908 */ 909 if (!(pdata->compat->tags & TAMP_HAS_RIF_SUPPORT)) { 910 /* 3 zones, 2 offsets to apply */ 911 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES) 912 panic("Incorrect bkpregs configuration"); 913 914 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]); 915 bkpregs_count = fdt32_to_cpu(cuint[0]); 916 917 pdata->bkpregs_conf.zone2_end = bkpregs_count + 918 fdt32_to_cpu(cuint[1]); 919 } else { 920 /* 921 * Zone 3 922 * ----------------------| 923 * Protection Zone 3-RIF2|Read non- 924 * ----------------------|secure 925 * Protection Zone 3-RIF0|Write non- 926 * ----------------------|secure 927 * Protection Zone 3-RIF1| 928 * ----------------------| 929 * 930 * Zone 2 931 * ----------------------| 932 * Protection Zone 2-RIF2|Read non- 933 * ----------------------|secure 934 * Protection Zone 2-RIF1|Write secure 935 * ----------------------| 936 * 937 * Zone 1 938 * ----------------------| 939 * Protection Zone 1-RIF2|Read secure 940 * ----------------------|Write secure 941 * Protection Zone 1-RIF1| 942 * ----------------------| 943 * 944 * (BHK => First 8 registers) 945 */ 946 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT, 947 sizeof(uint32_t)); 948 if (!pdata->bkpregs_conf.rif_offsets) 949 panic(); 950 951 /* 952 * 3 zones with 7 subzones in total(6 offsets): 953 * - 2 zone offsets 954 * - 4 subzones offsets 955 */ 956 if (lenp != sizeof(uint32_t) * 957 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES)) 958 panic("Incorrect bkpregs configuration"); 959 960 /* Backup registers zone 1 */ 961 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]); 962 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) + 963 fdt32_to_cpu(cuint[1]); 964 965 bkpregs_count = pdata->bkpregs_conf.zone1_end; 966 967 /* Backup registers zone 2 */ 968 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count + 969 fdt32_to_cpu(cuint[2]); 970 pdata->bkpregs_conf.zone2_end = bkpregs_count + 971 fdt32_to_cpu(cuint[2]) + 972 fdt32_to_cpu(cuint[3]); 973 974 bkpregs_count = pdata->bkpregs_conf.zone2_end; 975 976 /* Backup registers zone 3 */ 977 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count + 978 fdt32_to_cpu(cuint[4]); 979 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count + 980 fdt32_to_cpu(cuint[4]) + 981 fdt32_to_cpu(cuint[5]); 982 } 983 } 984 985 static void stm32_tamp_set_pins(vaddr_t base, uint32_t mode) 986 { 987 io_setbits32(base + _TAMP_OR, mode); 988 } 989 990 static TEE_Result stm32_tamp_set_seed(vaddr_t base) 991 { 992 uint32_t value = 0; 993 int idx = 0; 994 995 for (idx = 0; idx < 4; idx++) { 996 uint32_t rnd = 0; 997 998 if (crypto_rng_read(&rnd, sizeof(uint32_t))) 999 return TEE_ERROR_BAD_STATE; 1000 1001 io_write32(base + _TAMP_ATSEEDR, rnd); 1002 } 1003 1004 if (IO_READ32_POLL_TIMEOUT(base + _TAMP_ATOR, value, 1005 !(value & _TAMP_SEEDF), 0, SEED_TIMEOUT_US)) 1006 return TEE_ERROR_BAD_STATE; 1007 1008 return TEE_SUCCESS; 1009 } 1010 1011 static TEE_Result is_int_tamp_id_valid(enum stm32_tamp_id id) 1012 { 1013 if (id - INT_TAMP1 >= _TAMP_HWCFGR1_ITAMP_MAX_ID) 1014 return TEE_ERROR_BAD_PARAMETERS; 1015 1016 if (!(stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_ITAMP(id))) 1017 return TEE_ERROR_ITEM_NOT_FOUND; 1018 1019 return TEE_SUCCESS; 1020 } 1021 1022 static bool is_ext_tamp_id_valid(enum stm32_tamp_id id) 1023 { 1024 return id - EXT_TAMP1 <= 1025 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_TAMPER) >> 1026 _TAMP_HWCFGR1_TAMPER_SHIFT; 1027 } 1028 1029 static enum itr_return stm32_tamp_it_handler(struct itr_handler *h __unused) 1030 { 1031 struct optee_rtc_time __maybe_unused tamp_ts = { }; 1032 vaddr_t base = get_base(); 1033 uint32_t it = io_read32(base + _TAMP_SR); 1034 uint32_t int_it = it & _TAMP_SR_ITAMPXF_MASK; 1035 uint32_t ext_it = it & _TAMP_SR_ETAMPXF_MASK; 1036 bool ts_enabled = false; 1037 size_t i = 0; 1038 1039 if (stm32_rtc_is_timestamp_enabled(&ts_enabled)) 1040 panic(); 1041 1042 if (ts_enabled && it) { 1043 TEE_Result res = stm32_rtc_get_timestamp(&tamp_ts); 1044 1045 if (res) 1046 EMSG("Failed to get RTC timestamp: %"PRIx32, res); 1047 FMSG("Tamper event occurred at:"); 1048 FMSG("\n \t Date: %"PRIu32"/%"PRIu32"\n \t Time: %"PRIu32":%"PRIu32":%"PRIu32, 1049 tamp_ts.tm_mday, tamp_ts.tm_mon, tamp_ts.tm_hour, 1050 tamp_ts.tm_min, tamp_ts.tm_sec); 1051 } 1052 1053 while (int_it && i < stm32_tamp_dev->pdata.compat->int_tamp_size) { 1054 struct stm32_tamp_tamper_data int_tamp = 1055 stm32_tamp_dev->pdata.compat->int_tamp[i]; 1056 int id = int_tamp.id; 1057 1058 if (int_it & _TAMP_SR_ITAMP(id)) { 1059 uint32_t ret = 0; 1060 1061 int_it &= ~_TAMP_SR_ITAMP(id); 1062 1063 if (int_tamp.func) 1064 ret = int_tamp.func(id); 1065 1066 if (ret & TAMP_CB_ACK) 1067 io_setbits32(base + _TAMP_SCR, 1068 _TAMP_SCR_ITAMP(id)); 1069 1070 /* TODO: reset the platform */ 1071 if (ret & TAMP_CB_RESET) 1072 MSG("System will reset"); 1073 } 1074 i++; 1075 } 1076 1077 i = 0; 1078 /* External tamper interrupt */ 1079 while (ext_it && i < stm32_tamp_dev->pdata.compat->ext_tamp_size) { 1080 struct stm32_tamp_tamper_data ext_tamp = 1081 stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1082 int id = ext_tamp.id; 1083 1084 if (ext_it & _TAMP_SR_ETAMP(id)) { 1085 uint32_t ret = 0; 1086 1087 ext_it &= ~_TAMP_SR_ETAMP(id); 1088 1089 if (ext_tamp.func) 1090 ret = ext_tamp.func(id); 1091 1092 if (ret & TAMP_CB_ACK) 1093 io_setbits32(base + _TAMP_SCR, 1094 _TAMP_SCR_ETAMP(id)); 1095 1096 /* TODO: reset the platform */ 1097 if (ret & TAMP_CB_RESET) 1098 MSG("System will reset"); 1099 } 1100 i++; 1101 } 1102 1103 return ITRR_HANDLED; 1104 } 1105 DECLARE_KEEP_PAGER(stm32_tamp_it_handler); 1106 1107 static TEE_Result stm32_tamp_set_int_config(struct stm32_tamp_compat *tcompat, 1108 uint32_t itamp_index, uint32_t *cr1, 1109 uint32_t *cr3, uint32_t *ier) 1110 { 1111 struct stm32_tamp_tamper_data *tamp_int = NULL; 1112 enum stm32_tamp_id id = INVALID_TAMP; 1113 TEE_Result res = TEE_ERROR_GENERIC; 1114 1115 if (!tcompat) 1116 return TEE_ERROR_BAD_PARAMETERS; 1117 1118 tamp_int = &tcompat->int_tamp[itamp_index]; 1119 id = tamp_int->id; 1120 1121 res = is_int_tamp_id_valid(id); 1122 if (res == TEE_ERROR_ITEM_NOT_FOUND) 1123 return TEE_SUCCESS; 1124 else if (res) 1125 return res; 1126 1127 /* 1128 * If there is no callback 1129 * this tamper is disabled, we reset its configuration. 1130 */ 1131 if (!tamp_int->func) { 1132 *cr1 &= ~_TAMP_CR1_ITAMP(id); 1133 *ier &= ~_TAMP_IER_ITAMP(id); 1134 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) 1135 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1136 1137 FMSG("INT_TAMP%d disabled", id - INT_TAMP1 + 1); 1138 return TEE_SUCCESS; 1139 } 1140 1141 *cr1 |= _TAMP_CR1_ITAMP(id); 1142 *ier |= _TAMP_IER_ITAMP(id); 1143 1144 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) { 1145 if (tamp_int->mode & TAMP_NOERASE) 1146 *cr3 |= _TAMP_CR3_ITAMPNOER(id); 1147 else 1148 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1149 } 1150 1151 DMSG("'%s' internal tamper enabled in %s mode", 1152 itamper_name[id - INT_TAMP1], 1153 (tamp_int->mode & TAMP_NOERASE) ? "potential" : "confirmed"); 1154 1155 return TEE_SUCCESS; 1156 } 1157 1158 static TEE_Result stm32_tamp_set_ext_config(struct stm32_tamp_compat *tcompat, 1159 uint32_t etamp_index, uint32_t *cr1, 1160 uint32_t *cr2, uint32_t *atcr1, 1161 uint32_t *atcr2, uint32_t *ier) 1162 { 1163 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1164 enum stm32_tamp_id id = INVALID_TAMP; 1165 1166 if (!tcompat) 1167 return TEE_ERROR_BAD_PARAMETERS; 1168 1169 tamp_ext = &tcompat->ext_tamp[etamp_index]; 1170 id = tamp_ext->id; 1171 1172 /* Exit if not a valid TAMP_ID */ 1173 if (!is_ext_tamp_id_valid(id)) 1174 return TEE_ERROR_BAD_PARAMETERS; 1175 1176 /* 1177 * If there is no callback or this TAMPER wasn't defined in DT, 1178 * this tamper is disabled, we reset its configuration. 1179 */ 1180 if (!tamp_ext->func || !(tamp_ext->mode & TAMP_IN_DT)) { 1181 *cr1 &= ~_TAMP_CR1_ETAMP(id); 1182 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1183 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1184 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1185 *ier &= ~_TAMP_IER_ETAMP(id); 1186 1187 FMSG("EXT_TAMP%d disabled", id - EXT_TAMP1 + 1); 1188 return TEE_SUCCESS; 1189 } 1190 1191 *cr1 |= _TAMP_CR1_ETAMP(id); 1192 1193 if (tamp_ext->mode & TAMP_TRIG_ON) 1194 *cr2 |= _TAMP_CR2_ETAMPTRG(id); 1195 else 1196 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1197 1198 if (tamp_ext->mode & TAMP_ACTIVE) { 1199 *atcr1 |= _TAMP_ATCR1_ETAMPAM(id); 1200 1201 /* Configure output pin if ATOSHARE is selected */ 1202 if (*atcr1 & _TAMP_ATCR1_ATOSHARE) { 1203 if (tcompat->tags & TAMP_HAS_REGISTER_ATCR2) 1204 *atcr2 = (*atcr2 & 1205 ~_TAMP_ATCR2_ATOSEL_MASK(id)) | 1206 _TAMP_ATCR2_ATOSEL(id, 1207 tamp_ext->out_id); 1208 else 1209 *atcr1 = (*atcr1 & 1210 ~_TAMP_ATCR1_ATOSEL_MASK(id)) | 1211 _TAMP_ATCR1_ATOSEL(id, 1212 tamp_ext->out_id); 1213 } 1214 } else { 1215 *atcr1 &= ~_TAMP_ATCR1_ETAMPAM(id); 1216 } 1217 1218 if (tamp_ext->mode & TAMP_NOERASE) 1219 *cr2 |= _TAMP_CR2_ETAMPNOER(id); 1220 else 1221 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1222 1223 if (id < _TAMP_CR2_ETAMPMSK_MAX_ID) { 1224 /* 1225 * Only external TAMP 1, 2 and 3 can be masked 1226 * and we may want them masked at startup. 1227 */ 1228 if (tamp_ext->mode & TAMP_EVT_MASK) { 1229 /* 1230 * ETAMP(id) event generates a trigger event. This 1231 * ETAMP(id) is masked and internally cleared by 1232 * hardware. 1233 * The secrets are not erased. 1234 */ 1235 *ier &= ~_TAMP_IER_ETAMP(id); 1236 *cr2 |= _TAMP_CR2_ETAMPMSK(id); 1237 } else { 1238 /* 1239 * normal ETAMP interrupt: 1240 * ETAMP(id) event generates a trigger event and 1241 * TAMP(id) must be cleared by software to allow 1242 * next tamper event detection. 1243 */ 1244 *ier |= _TAMP_IER_ETAMP(id); 1245 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1246 } 1247 } else { 1248 /* Other than 1,2,3 external TAMP, we want its interrupt */ 1249 *ier |= _TAMP_IER_ETAMP(id); 1250 } 1251 1252 DMSG("EXT_TAMP%d enabled as a %s tamper in %s mode, trig_%s %s", 1253 id - EXT_TAMP1 + 1, 1254 (tamp_ext->mode & TAMP_ACTIVE) ? "active" : "passive", 1255 (tamp_ext->mode & TAMP_NOERASE) ? "potential" : "confirmed", 1256 (tamp_ext->mode & TAMP_TRIG_ON) ? "on" : "off", 1257 (tamp_ext->mode & TAMP_EVT_MASK) ? " (masked)" : ""); 1258 1259 if (tamp_ext->mode & TAMP_ACTIVE) 1260 DMSG(" linked with OUT_TAMP%"PRIu32, 1261 tamp_ext->out_id - OUT_TAMP1 + 1); 1262 1263 return TEE_SUCCESS; 1264 } 1265 1266 /* 1267 * Count number of 1 in bitmask 1268 * Cannot use __builtin_popcount(): libgcc.a for ARMV7 use hardfloat ABI, 1269 * but OP-TEE core is compiled with softfloat ABI. 1270 */ 1271 static int popcount(uint32_t bitmask) 1272 { 1273 int nb = 0; 1274 1275 while (bitmask) { 1276 if (bitmask & 1) 1277 nb++; 1278 bitmask >>= 1; 1279 } 1280 1281 return nb; 1282 } 1283 1284 static void stm32_tamp_set_atper(uint32_t pins_out_bits, uint32_t *atcr1) 1285 { 1286 uint32_t conf = 0; 1287 1288 switch (popcount(pins_out_bits)) { 1289 case 0: 1290 case 1: 1291 conf = 0; 1292 break; 1293 case 2: 1294 conf = 1; 1295 break; 1296 case 3: 1297 case 4: 1298 conf = 2; 1299 break; 1300 default: 1301 conf = 3; 1302 break; 1303 } 1304 1305 *atcr1 |= SHIFT_U32(conf, _TAMP_ATCR1_ATPER_SHIFT) & 1306 _TAMP_ATCR1_ATPER_MASK; 1307 } 1308 1309 static TEE_Result stm32_tamp_set_config(void) 1310 { 1311 TEE_Result ret = TEE_SUCCESS; 1312 vaddr_t base = get_base(); 1313 uint32_t atcr1 = 0; 1314 uint32_t atcr2 = 0; 1315 uint32_t fltcr = 0; 1316 uint32_t cr1 = 0; 1317 uint32_t cr2 = 0; 1318 uint32_t cr3 = 0; 1319 uint32_t ier = 0; 1320 size_t i = 0; 1321 1322 if (!stm32_tamp_dev->pdata.compat || 1323 !stm32_tamp_dev->pdata.compat->int_tamp || 1324 !stm32_tamp_dev->pdata.compat->ext_tamp) 1325 return TEE_ERROR_BAD_STATE; 1326 1327 /* Set passive filter configuration */ 1328 fltcr = stm32_tamp_dev->pdata.passive_conf; 1329 1330 /* Set active mode configuration */ 1331 atcr1 = stm32_tamp_dev->pdata.active_conf & _TAMP_ATCR1_COMMON_MASK; 1332 stm32_tamp_set_atper(stm32_tamp_dev->pdata.out_pins, &atcr1); 1333 1334 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1335 ret = stm32_tamp_set_int_config(stm32_tamp_dev->pdata.compat, i, 1336 &cr1, &cr3, &ier); 1337 if (ret) 1338 return ret; 1339 } 1340 1341 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1342 ret = stm32_tamp_set_ext_config(stm32_tamp_dev->pdata.compat, i, 1343 &cr1, &cr2, &atcr1, &atcr2, 1344 &ier); 1345 if (ret) 1346 return ret; 1347 } 1348 1349 /* 1350 * We apply configuration all in a row: 1351 * As for active ext tamper "all the needed tampers must be enabled in 1352 * the same write access". 1353 */ 1354 io_write32(base + _TAMP_FLTCR, fltcr); 1355 FMSG("Set passive conf %08"PRIx32, fltcr); 1356 1357 /* Active configuration applied only if not already done. */ 1358 if (((io_read32(base + _TAMP_ATOR) & _TAMP_INITS) != _TAMP_INITS)) { 1359 io_write32(base + _TAMP_ATCR1, atcr1); 1360 FMSG("Set active conf1 %08"PRIx32, atcr1); 1361 1362 if (stm32_tamp_dev->pdata.compat->tags & 1363 TAMP_HAS_REGISTER_ATCR2) { 1364 io_write32(base + _TAMP_ATCR2, atcr2); 1365 FMSG("Set active conf2 %08"PRIx32, atcr2); 1366 } 1367 } 1368 1369 io_write32(base + _TAMP_CR1, cr1); 1370 io_write32(base + _TAMP_CR2, cr2); 1371 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_CR3) 1372 io_write32(base + _TAMP_CR3, cr3); 1373 1374 /* If active tamper we reinit the seed. */ 1375 if (stm32_tamp_dev->pdata.active_conf) { 1376 if (stm32_tamp_set_seed(base) != TEE_SUCCESS) { 1377 EMSG("Active tamper: SEED not initialized"); 1378 return TEE_ERROR_BAD_STATE; 1379 } 1380 } 1381 1382 /* Enable interrupts. */ 1383 io_write32(base + _TAMP_IER, ier); 1384 1385 return TEE_SUCCESS; 1386 } 1387 1388 /* 1389 * Mask a tamper event detection for a given @id 1390 * If ETAMP(id) event generates a trigger event, this ETAMP(id) is masked and 1391 * internally cleared by hardware. The secrets are not erased. 1392 */ 1393 static TEE_Result __maybe_unused stm32_tamp_set_mask(enum stm32_tamp_id id) 1394 { 1395 vaddr_t base = get_base(); 1396 1397 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1398 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1399 return TEE_ERROR_BAD_PARAMETERS; 1400 1401 /* We cannot mask the event if pending. */ 1402 if (io_read32(base + _TAMP_SR) & _TAMP_SR_ETAMP(id)) 1403 return TEE_ERROR_BAD_STATE; 1404 1405 /* We disable the IT */ 1406 io_clrbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1407 /* We mask the event */ 1408 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1409 1410 return TEE_SUCCESS; 1411 } 1412 1413 /* 1414 * Unmask a tamper event detection for a given @id 1415 * ETAMP(id) event now generates a trigger event and ETAMP(id) must be cleared 1416 * by software to allow next tamper event detection. 1417 */ 1418 static TEE_Result __maybe_unused stm32_tamp_unset_mask(enum stm32_tamp_id id) 1419 { 1420 vaddr_t base = get_base(); 1421 1422 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1423 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1424 return TEE_ERROR_BAD_PARAMETERS; 1425 1426 /* We unmask the event */ 1427 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1428 /* We enable the IT */ 1429 io_setbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1430 1431 return TEE_SUCCESS; 1432 } 1433 1434 /* This will increment the monotonic counter by 1. It cannot roll-over */ 1435 static TEE_Result __maybe_unused stm32_tamp_write_mcounter(int cnt_idx) 1436 { 1437 vaddr_t base = get_base(); 1438 1439 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1440 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1441 return TEE_ERROR_BAD_PARAMETERS; 1442 1443 io_write32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t), 1); 1444 1445 return TEE_SUCCESS; 1446 } 1447 1448 static uint32_t __maybe_unused stm32_tamp_read_mcounter(int cnt_idx) 1449 { 1450 vaddr_t base = get_base(); 1451 1452 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1453 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1454 return 0U; 1455 1456 return io_read32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t)); 1457 } 1458 1459 static TEE_Result stm32_tamp_configure_int(struct stm32_tamp_tamper_data *tamp, 1460 uint32_t mode, 1461 uint32_t (*cb)(int id)) 1462 { 1463 if (mode & TAMP_EVT_MASK) 1464 return TEE_ERROR_BAD_PARAMETERS; 1465 1466 tamp->mode |= (mode & TAMP_MODE_MASK); 1467 tamp->func = cb; 1468 1469 return TEE_SUCCESS; 1470 } 1471 1472 static TEE_Result stm32_tamp_configure_ext(struct stm32_tamp_tamper_data *tamp, 1473 uint32_t mode, 1474 uint32_t (*cb)(int id)) 1475 { 1476 enum stm32_tamp_id id = tamp->id; 1477 1478 if (mode & TAMP_EVT_MASK && !is_ext_tamp_id_valid(id)) 1479 return TEE_ERROR_BAD_PARAMETERS; 1480 1481 if (!(tamp->mode & TAMP_IN_DT)) 1482 return TEE_ERROR_ITEM_NOT_FOUND; 1483 1484 tamp->mode |= (mode & TAMP_MODE_MASK); 1485 tamp->func = cb; 1486 1487 return TEE_SUCCESS; 1488 } 1489 1490 /* 1491 * stm32_tamp_activate_tamp: Configure and activate one tamper (internal or 1492 * external). 1493 * 1494 * @id: tamper ID 1495 * @mode: bitmask from TAMPER modes define: 1496 * TAMP_ERASE/TAMP_NOERASE: 1497 * TAMP_ERASE: when this tamper event is triggered; secrets are 1498 * erased. 1499 * TAMP_NOERASE: when this event is triggered; cryptographic 1500 * and some secure peripherals are locked until the event is 1501 * acknowledged. If the callback confirms the TAMPER, it 1502 * can manually erase secrets with stm32_tamp_erase_secrets(). 1503 * TAMP_NO_EVT_MASK/TAMP_EVT_MASK: 1504 * TAMP_NO_EVT_MASK: normal behavior. 1505 * TAMP_EVT_MASK: if the event is triggered, the event is masked and 1506 * internally cleared by hardware. Secrets are not erased. Only 1507 * applicable for some external tampers. This defines only the status 1508 * at boot. To change mask while runtime: stm32_tamp_set_mask() and 1509 * stm32_tamp_unset_mask() can be used. 1510 * @cb: function to call when a tamper event is raised (cannot be NULL). 1511 * It is called in interrupt context and returns a bitmask defining 1512 * the action to take by the driver: 1513 * TAMP_CB_RESET: will reset the board. 1514 * TAMP_CB_ACK: this specific tamper is acknowledged (in case 1515 * of no-erase tamper, blocked secret are unblocked). 1516 * 1517 * return: TEE_ERROR_BAD_PARAMETERS: 1518 * if @id is not a valid tamper ID, 1519 * if @cb is NULL, 1520 * if TAMP_EVT_MASK @mode is set for an unsupported @id. 1521 * TEE_ERROR_BAD_STATE 1522 * if driver was not previously initialized. 1523 * TEE_ERROR_ITEM_NOT_FOUND 1524 * if the activated external tamper was not previously 1525 * defined in the device tree. 1526 * else TEE_SUCCESS. 1527 */ 1528 static TEE_Result stm32_tamp_activate_tamp(enum stm32_tamp_id id, uint32_t mode, 1529 uint32_t (*cb)(int id)) 1530 { 1531 struct stm32_tamp_tamper_data *tamp_conf = NULL; 1532 size_t i = 0; 1533 1534 if (!stm32_tamp_dev->pdata.compat) 1535 return TEE_ERROR_BAD_STATE; 1536 1537 assert(is_unpaged(cb)); 1538 1539 if (!cb) 1540 return TEE_ERROR_BAD_PARAMETERS; 1541 1542 /* Find internal Tamp struct */ 1543 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1544 if (stm32_tamp_dev->pdata.compat->int_tamp[i].id == id) { 1545 tamp_conf = &stm32_tamp_dev->pdata.compat->int_tamp[i]; 1546 return stm32_tamp_configure_int(tamp_conf, mode, cb); 1547 } 1548 } 1549 1550 /* Find external Tamp struct */ 1551 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1552 if (stm32_tamp_dev->pdata.compat->ext_tamp[i].id == id) { 1553 tamp_conf = &stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1554 return stm32_tamp_configure_ext(tamp_conf, mode, cb); 1555 } 1556 } 1557 1558 EMSG("Did not find existing tamper for ID:%d", id); 1559 1560 return TEE_ERROR_BAD_PARAMETERS; 1561 } 1562 1563 static bool __maybe_unused stm32_tamp_are_secrets_blocked(void) 1564 { 1565 if (stm32_tamp_dev->pdata.compat && 1566 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) { 1567 vaddr_t base = get_base(); 1568 1569 return ((io_read32(base + _TAMP_CR2) & _TAMP_CR2_BKBLOCK) || 1570 io_read32(base + _TAMP_SR)); 1571 } else { 1572 return false; 1573 } 1574 } 1575 1576 static void __maybe_unused stm32_tamp_block_secrets(void) 1577 { 1578 vaddr_t base = get_base(); 1579 1580 if (stm32_tamp_dev->pdata.compat && 1581 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1582 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1583 } 1584 1585 static void __maybe_unused stm32_tamp_unblock_secrets(void) 1586 { 1587 vaddr_t base = get_base(); 1588 1589 if (stm32_tamp_dev->pdata.compat && 1590 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1591 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1592 } 1593 1594 static void __maybe_unused stm32_tamp_erase_secrets(void) 1595 { 1596 vaddr_t base = get_base(); 1597 1598 if (stm32_tamp_dev->pdata.compat && 1599 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1600 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKERASE); 1601 } 1602 1603 static void __maybe_unused stm32_tamp_lock_boot_hardware_key(void) 1604 { 1605 vaddr_t base = get_base(); 1606 1607 if (stm32_tamp_dev->pdata.compat && 1608 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) 1609 io_setbits32(base + _TAMP_SECCFGR, _TAMP_SECCFGR_BHKLOCK); 1610 } 1611 1612 static void stm32_tamp_configure_pin(uint32_t id, struct gpio *gpio, bool out, 1613 struct stm32_tamp_platdata *pdata) 1614 { 1615 struct stm32_tamp_compat *compat = pdata->compat; 1616 unsigned int bank = stm32_gpio_chip_bank_id(gpio->chip); 1617 unsigned int pin = gpio->pin; 1618 size_t i = 0; 1619 1620 if (!compat) 1621 return; 1622 1623 /* Configure option registers */ 1624 for (i = 0; i < compat->pin_map_size; i++) { 1625 if (id == compat->pin_map[i].id && 1626 bank == compat->pin_map[i].bank && 1627 pin == compat->pin_map[i].pin && 1628 out == compat->pin_map[i].out) { 1629 pdata->pins_conf |= compat->pin_map[i].conf; 1630 break; 1631 } 1632 } 1633 } 1634 1635 static TEE_Result 1636 stm32_tamp_configure_pin_from_dt(const void *fdt, int node, 1637 struct stm32_tamp_platdata *pdata, 1638 uint32_t ext_tamp_id, uint32_t out_tamp_id) 1639 { 1640 enum stm32_tamp_out_id out_id = INVALID_OUT_TAMP; 1641 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1642 enum stm32_tamp_id id = INVALID_TAMP; 1643 TEE_Result res = TEE_SUCCESS; 1644 struct gpio *gpio_out = NULL; 1645 struct gpio *gpio_ext = NULL; 1646 bool active = false; 1647 unsigned int i = 0; 1648 1649 /* 1650 * First GPIO in the tamper-gpios property is required and refers to the 1651 * EXT_TAMP control. Second GPIO in the tamper-gpios property is 1652 * optional and, if defined, refers to the OUT_TAMP control. 1653 * If only one GPIO is defined, the tamper control is a passive tamper. 1654 * Else, it is an active tamper. 1655 */ 1656 res = gpio_dt_get_by_index(fdt, node, 1, "tamper", &gpio_out); 1657 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 1658 return res; 1659 1660 if (res != TEE_ERROR_ITEM_NOT_FOUND) { 1661 active = true; 1662 out_id = OUT_TAMP1 + out_tamp_id - 1; 1663 if (out_tamp_id > pdata->compat->ext_tamp_size) { 1664 gpio_put(gpio_out); 1665 return TEE_ERROR_BAD_PARAMETERS; 1666 } 1667 1668 stm32_tamp_configure_pin(out_id, gpio_out, true, pdata); 1669 } 1670 1671 res = gpio_dt_get_by_index(fdt, node, 0, "tamper", &gpio_ext); 1672 if (res) { 1673 gpio_put(gpio_out); 1674 return res; 1675 } 1676 1677 /* We now configure first pin */ 1678 id = ext_tamp_id + EXT_TAMP1 - 1; 1679 1680 /* Find external TAMP struct */ 1681 for (i = 0; i < pdata->compat->ext_tamp_size; i++) { 1682 if (pdata->compat->ext_tamp[i].id == id) { 1683 tamp_ext = &pdata->compat->ext_tamp[i]; 1684 break; 1685 } 1686 } 1687 1688 if (!tamp_ext) { 1689 gpio_put(gpio_out); 1690 gpio_put(gpio_ext); 1691 return TEE_ERROR_BAD_PARAMETERS; 1692 } 1693 1694 if (active) { 1695 tamp_ext->mode |= TAMP_ACTIVE; 1696 tamp_ext->out_id = out_id; 1697 pdata->out_pins |= BIT(tamp_ext->out_id - OUT_TAMP1); 1698 1699 if (out_id - OUT_TAMP1 != id - EXT_TAMP1) 1700 pdata->active_conf |= _TAMP_ATCR1_ATOSHARE; 1701 } else { 1702 if (fdt_getprop(fdt, node, "st,trig-on", NULL)) 1703 tamp_ext->mode |= TAMP_TRIG_ON; 1704 } 1705 1706 tamp_ext->mode |= TAMP_IN_DT; 1707 1708 stm32_tamp_configure_pin(id, gpio_ext, false, pdata); 1709 1710 return TEE_SUCCESS; 1711 } 1712 1713 static TEE_Result 1714 stm32_tamp_parse_passive_conf(const void *fdt, int node, 1715 struct stm32_tamp_platdata *pdata) 1716 { 1717 const fdt32_t *cuint = NULL; 1718 uint32_t precharge = 0; 1719 uint32_t nb_sample = 0; 1720 uint32_t clk_div = 32768; 1721 uint32_t conf = 0; 1722 1723 cuint = fdt_getprop(fdt, node, "st,tamp-passive-precharge", NULL); 1724 if (cuint) 1725 precharge = fdt32_to_cpu(*cuint); 1726 1727 cuint = fdt_getprop(fdt, node, "st,tamp-passive-nb-sample", NULL); 1728 if (cuint) 1729 nb_sample = fdt32_to_cpu(*cuint); 1730 1731 cuint = fdt_getprop(fdt, node, "st,tamp-passive-sample-clk-div", NULL); 1732 if (cuint) 1733 clk_div = fdt32_to_cpu(*cuint); 1734 1735 DMSG("Passive conf from dt: precharge=%"PRIu32", nb_sample=%"PRIu32 1736 ", clk_div=%"PRIu32, precharge, nb_sample, clk_div); 1737 1738 switch (precharge) { 1739 case 0: 1740 /* No precharge, => we disable the pull-up */ 1741 conf |= _TAMP_FLTCR_TAMPPUDIS; 1742 break; 1743 case 1: 1744 /* Precharge for one cycle value stay 0 */ 1745 break; 1746 case 2: 1747 /* Precharge passive pin 2 cycles */ 1748 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1749 break; 1750 case 4: 1751 /* Precharge passive pin 4 cycles */ 1752 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1753 break; 1754 case 8: 1755 /* Precharge passive pin 8 cycles */ 1756 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1757 break; 1758 default: 1759 return TEE_ERROR_BAD_PARAMETERS; 1760 } 1761 1762 switch (nb_sample) { 1763 case 0: 1764 /* Activation on edge, no pull-up: value stay 0 */ 1765 break; 1766 case 2: 1767 /* 1768 * Tamper event is activated after 2 consecutive samples at 1769 * active level. 1770 */ 1771 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFLT_SHIFT); 1772 break; 1773 case 4: 1774 /* 1775 * Tamper event is activated after 4 consecutive samples at 1776 * active level. 1777 */ 1778 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFLT_SHIFT); 1779 break; 1780 case 8: 1781 /* 1782 * Tamper event is activated after 8 consecutive samples at 1783 * active level. 1784 */ 1785 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFLT_SHIFT); 1786 break; 1787 default: 1788 return TEE_ERROR_BAD_PARAMETERS; 1789 } 1790 1791 switch (clk_div) { 1792 case 32768: 1793 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1794 break; 1795 case 16384: 1796 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1797 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1798 break; 1799 case 8192: 1800 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1801 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1802 break; 1803 case 4096: 1804 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1805 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1806 break; 1807 case 2048: 1808 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1809 conf |= SHIFT_U32(4, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1810 break; 1811 case 1024: 1812 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1813 conf |= SHIFT_U32(5, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1814 break; 1815 case 512: 1816 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1817 conf |= SHIFT_U32(6, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1818 break; 1819 case 256: 1820 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1821 conf |= SHIFT_U32(7, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1822 break; 1823 default: 1824 return TEE_ERROR_BAD_PARAMETERS; 1825 } 1826 1827 pdata->passive_conf = conf; 1828 1829 return TEE_SUCCESS; 1830 } 1831 1832 static uint32_t stm32_tamp_itamper_action(int id) 1833 { 1834 const char __maybe_unused *tamp_name = NULL; 1835 1836 if (id >= 0 && ((size_t)id < ARRAY_SIZE(itamper_name))) 1837 tamp_name = itamper_name[id]; 1838 1839 MSG("Internal tamper event %u (%s) occurred", id - INT_TAMP1 + 1, 1840 tamp_name); 1841 1842 return TAMP_CB_ACK_AND_RESET; 1843 } 1844 DECLARE_KEEP_PAGER(stm32_tamp_itamper_action); 1845 1846 static uint32_t stm32_tamp_etamper_action(int id __maybe_unused) 1847 { 1848 MSG("External tamper %u occurs", id - EXT_TAMP1 + 1); 1849 1850 return TAMP_CB_ACK_AND_RESET; 1851 } 1852 DECLARE_KEEP_PAGER(stm32_tamp_etamper_action); 1853 1854 static TEE_Result stm32_configure_tamp(const void *fdt, int node) 1855 { 1856 const fdt32_t *internal_tampers = 0; 1857 uint32_t i_tampers[EXT_TAMP1 * 2] = { }; 1858 int subnode = -FDT_ERR_NOTFOUND; 1859 TEE_Result res = TEE_SUCCESS; 1860 int retval = 0; 1861 int len = 0; 1862 int i = 0; 1863 1864 /* Internal tampers configuration */ 1865 internal_tampers = fdt_getprop(fdt, node, "st,tamp-internal-tampers", 1866 &len); 1867 if (len == -FDT_ERR_NOTFOUND) 1868 goto skip_int_tamp; 1869 1870 if ((internal_tampers && len % (2 * sizeof(uint32_t))) || 1871 !internal_tampers || len / sizeof(uint32_t) > EXT_TAMP1 * 2) 1872 return TEE_ERROR_BAD_PARAMETERS; 1873 1874 retval = fdt_read_uint32_array(fdt, node, "st,tamp-internal-tampers", 1875 i_tampers, len / sizeof(uint32_t)); 1876 if (retval && retval != -FDT_ERR_NOTFOUND) 1877 return TEE_ERROR_BAD_PARAMETERS; 1878 1879 len = len / sizeof(uint32_t); 1880 for (i = 0; i < len; i += 2) { 1881 uint32_t i_tamper_id = i_tampers[i] - 1; 1882 uint32_t i_tamper_mode = i_tampers[i + 1]; 1883 1884 res = stm32_tamp_activate_tamp(i_tamper_id, i_tamper_mode, 1885 stm32_tamp_itamper_action); 1886 if (res) 1887 return res; 1888 } 1889 1890 skip_int_tamp: 1891 fdt_for_each_subnode(subnode, fdt, node) { 1892 unsigned int ext_tamp_id = 0; 1893 unsigned int out_tamp_id = 0; 1894 const fdt32_t *cuint = 0; 1895 unsigned int mode = 0; 1896 int lenp = 0; 1897 1898 if (!fdt_getprop(fdt, subnode, "tamper-gpios", NULL) || 1899 fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 1900 continue; 1901 1902 cuint = fdt_getprop(fdt, subnode, "st,tamp-mode", NULL); 1903 if (!cuint) 1904 return TEE_ERROR_BAD_PARAMETERS; 1905 1906 mode = fdt32_to_cpu(*cuint); 1907 1908 cuint = fdt_getprop(fdt, subnode, "st,tamp-id", &lenp); 1909 if (!cuint) 1910 return TEE_ERROR_BAD_PARAMETERS; 1911 1912 ext_tamp_id = fdt32_to_cpu(*cuint); 1913 if (lenp > (int)sizeof(uint32_t)) 1914 out_tamp_id = fdt32_to_cpu(*(cuint + 1)); 1915 1916 res = stm32_tamp_configure_pin_from_dt(fdt, subnode, 1917 &stm32_tamp_dev->pdata, 1918 ext_tamp_id, 1919 out_tamp_id); 1920 if (res) 1921 return res; 1922 1923 res = stm32_tamp_activate_tamp(EXT_TAMP1 + ext_tamp_id - 1, 1924 mode, stm32_tamp_etamper_action); 1925 if (res) 1926 return res; 1927 } 1928 1929 if (stm32_tamp_set_config()) 1930 panic(); 1931 1932 /* Enable timestamp for tamper */ 1933 if (stm32_rtc_set_tamper_timestamp()) 1934 panic(); 1935 1936 return TEE_SUCCESS; 1937 } 1938 1939 static TEE_Result 1940 stm32_tamp_parse_active_conf(const void *fdt, int node, 1941 struct stm32_tamp_platdata *pdata) 1942 { 1943 const fdt32_t *cuint = NULL; 1944 uint32_t clk_div = 1; 1945 uint32_t conf = 0; 1946 1947 cuint = fdt_getprop(fdt, node, "st,tamp-active-filter", NULL); 1948 if (cuint) 1949 conf |= _TAMP_ATCR1_FLTEN; 1950 1951 /* 1952 * Here we will select a divisor for the RTCCLK. 1953 * Note that RTCCLK is also divided by (RTC_PRER_PREDIV_A - 1). 1954 */ 1955 cuint = fdt_getprop(fdt, node, "st,tamp-active-clk-div", NULL); 1956 if (cuint) 1957 clk_div = fdt32_to_cpu(*cuint); 1958 1959 DMSG("Active conf from dt: %s clk_div=%"PRIu32, 1960 (conf & _TAMP_ATCR1_FLTEN) ? "filter" : "no filter", clk_div); 1961 1962 switch (clk_div) { 1963 case 1: 1964 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1965 break; 1966 case 2: 1967 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1968 conf |= SHIFT_U32(1, _TAMP_ATCR1_ATCKSEL_SHIFT); 1969 break; 1970 case 4: 1971 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1972 conf |= SHIFT_U32(2, _TAMP_ATCR1_ATCKSEL_SHIFT); 1973 break; 1974 case 8: 1975 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1976 conf |= SHIFT_U32(3, _TAMP_ATCR1_ATCKSEL_SHIFT); 1977 break; 1978 case 16: 1979 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1980 conf |= SHIFT_U32(4, _TAMP_ATCR1_ATCKSEL_SHIFT); 1981 break; 1982 case 32: 1983 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1984 conf |= SHIFT_U32(5, _TAMP_ATCR1_ATCKSEL_SHIFT); 1985 break; 1986 case 64: 1987 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1988 conf |= SHIFT_U32(6, _TAMP_ATCR1_ATCKSEL_SHIFT); 1989 break; 1990 case 128: 1991 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1992 conf |= SHIFT_U32(7, _TAMP_ATCR1_ATCKSEL_SHIFT); 1993 break; 1994 case 2048: 1995 if (pdata->compat && 1996 (pdata->compat->tags & TAMP_SIZE_ATCR1_ATCKSEL_IS_4)) { 1997 /* 1998 * RTCCLK/2048 when (PREDIV_A+1) = 128 and (PREDIV_S+1) 1999 * is a multiple of 16. 2000 */ 2001 conf |= SHIFT_U32(11, _TAMP_ATCR1_ATCKSEL_SHIFT); 2002 break; 2003 } 2004 2005 return TEE_ERROR_BAD_PARAMETERS; 2006 default: 2007 return TEE_ERROR_BAD_PARAMETERS; 2008 } 2009 2010 pdata->active_conf = conf; 2011 2012 return TEE_SUCCESS; 2013 } 2014 2015 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node, 2016 const void *compat) 2017 { 2018 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 2019 TEE_Result res = TEE_ERROR_GENERIC; 2020 size_t reg_size = 0; 2021 2022 pdata->compat = (struct stm32_tamp_compat *)compat; 2023 2024 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2025 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid); 2026 if (res) 2027 return res; 2028 } 2029 2030 if (fdt_reg_info(fdt, node, &pdata->base.pa, ®_size)) 2031 panic(); 2032 2033 io_pa_or_va_secure(&pdata->base, reg_size); 2034 assert(pdata->base.va); 2035 2036 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock); 2037 if (res) 2038 return res; 2039 2040 res = stm32_tamp_parse_passive_conf(fdt, node, pdata); 2041 if (res) 2042 return res; 2043 2044 res = stm32_tamp_parse_active_conf(fdt, node, pdata); 2045 if (res) 2046 return res; 2047 2048 if (fdt_getprop(fdt, node, "wakeup-source", NULL)) 2049 pdata->is_wakeup_source = true; 2050 2051 parse_bkpregs_dt_conf(fdt, node); 2052 2053 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) { 2054 const fdt32_t *cuint = NULL; 2055 unsigned int i = 0; 2056 int lenp = 0; 2057 2058 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp); 2059 if (!cuint) { 2060 DMSG("No RIF configuration available"); 2061 return TEE_SUCCESS; 2062 } 2063 2064 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data)); 2065 if (!pdata->conf_data) 2066 panic(); 2067 2068 pdata->nb_rif_resources = (unsigned int)(lenp / 2069 sizeof(uint32_t)); 2070 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES); 2071 2072 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES, 2073 sizeof(uint32_t)); 2074 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t)); 2075 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t)); 2076 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t)); 2077 if (!pdata->conf_data->cid_confs || 2078 !pdata->conf_data->sec_conf || 2079 !pdata->conf_data->priv_conf || 2080 !pdata->conf_data->access_mask) 2081 panic("Not enough memory capacity for TAMP RIF config"); 2082 2083 for (i = 0; i < pdata->nb_rif_resources; i++) 2084 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]), 2085 pdata->conf_data, 2086 TAMP_RIF_RESOURCES); 2087 } 2088 2089 return TEE_SUCCESS; 2090 } 2091 2092 static TEE_Result stm32_tamp_probe(const void *fdt, int node, 2093 const void *compat_data) 2094 { 2095 size_t it_num = DT_INFO_INVALID_INTERRUPT; 2096 uint32_t __maybe_unused revision = 0; 2097 struct itr_chip *chip = NULL; 2098 TEE_Result res = TEE_SUCCESS; 2099 vaddr_t base = 0; 2100 2101 /* Manage dependency on RNG driver */ 2102 res = dt_driver_get_crypto(); 2103 if (res) 2104 return res; 2105 2106 /* Manage dependency on RTC driver */ 2107 res = stm32_rtc_driver_is_initialized(); 2108 if (res) 2109 return res; 2110 2111 res = interrupt_dt_get_by_index(fdt, node, 0, &chip, &it_num); 2112 if (res) 2113 return res; 2114 2115 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev)); 2116 if (!stm32_tamp_dev) 2117 return TEE_ERROR_OUT_OF_MEMORY; 2118 2119 res = stm32_tamp_parse_fdt(fdt, node, compat_data); 2120 if (res) 2121 goto err; 2122 2123 if (clk_enable(stm32_tamp_dev->pdata.clock)) 2124 panic(); 2125 2126 base = get_base(); 2127 2128 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1); 2129 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2); 2130 2131 revision = io_read32(base + _TAMP_VERR); 2132 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32, 2133 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV); 2134 2135 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) { 2136 EMSG("TAMP doesn't support TrustZone"); 2137 res = TEE_ERROR_NOT_SUPPORTED; 2138 goto err_clk; 2139 } 2140 2141 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2142 apply_rif_config(); 2143 2144 if (stm32_tamp_dev->pdata.is_tdcid) { 2145 res = stm32_tamp_apply_bkpr_rif_conf(); 2146 if (res) 2147 goto err_clk; 2148 } 2149 } else { 2150 /* 2151 * Enforce secure only access to protected TAMP registers. 2152 * Allow non-secure access to monotonic counter. 2153 */ 2154 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC); 2155 2156 /* 2157 * Enforce privilege only access to TAMP registers, backup 2158 * registers and monotonic counter. 2159 */ 2160 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV | 2161 _TAMP_PRIVCFG_BKPRWPRIV | 2162 _TAMP_PRIVCFG_BKPWPRIV); 2163 } 2164 2165 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) || 2166 stm32_tamp_dev->pdata.is_tdcid) { 2167 res = stm32_tamp_set_secure_bkpregs(); 2168 if (res) 2169 goto err_clk; 2170 } 2171 2172 res = interrupt_create_handler(chip, it_num, stm32_tamp_it_handler, 2173 NULL, ITRF_TRIGGER_LEVEL, 2174 &stm32_tamp_dev->pdata.itr); 2175 if (res) 2176 goto err_clk; 2177 2178 if (stm32_tamp_dev->pdata.is_wakeup_source && 2179 interrupt_can_set_wake(chip)) { 2180 interrupt_set_wake(chip, it_num, true); 2181 DMSG("Tamper event wakeup capability enabled"); 2182 } 2183 2184 res = stm32_configure_tamp(fdt, node); 2185 if (res) 2186 goto err_clk; 2187 2188 stm32_tamp_set_pins(base, stm32_tamp_dev->pdata.pins_conf); 2189 2190 interrupt_enable(chip, it_num); 2191 2192 return TEE_SUCCESS; 2193 2194 err_clk: 2195 clk_disable(stm32_tamp_dev->pdata.clock); 2196 err: 2197 if (stm32_tamp_dev->pdata.conf_data) { 2198 free(stm32_tamp_dev->pdata.conf_data->cid_confs); 2199 free(stm32_tamp_dev->pdata.conf_data->sec_conf); 2200 free(stm32_tamp_dev->pdata.conf_data->priv_conf); 2201 free(stm32_tamp_dev->pdata.conf_data->access_mask); 2202 free(stm32_tamp_dev->pdata.conf_data); 2203 } 2204 2205 if (stm32_tamp_dev->pdata.itr) { 2206 interrupt_disable(chip, it_num); 2207 interrupt_remove_free_handler(stm32_tamp_dev->pdata.itr); 2208 } 2209 2210 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets); 2211 free(stm32_tamp_dev); 2212 2213 return res; 2214 } 2215 2216 static const struct stm32_tamp_compat mp13_compat = { 2217 .nb_monotonic_counter = 2, 2218 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2219 TAMP_HAS_REGISTER_ERCFGR | TAMP_HAS_REGISTER_CR3 | 2220 TAMP_HAS_REGISTER_ATCR2 | TAMP_HAS_CR2_SECRET_STATUS | 2221 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2222 #if defined(CFG_STM32MP13) 2223 .int_tamp = int_tamp_mp13, 2224 .int_tamp_size = ARRAY_SIZE(int_tamp_mp13), 2225 .ext_tamp = ext_tamp_mp13, 2226 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp13), 2227 .pin_map = pin_map_mp13, 2228 .pin_map_size = ARRAY_SIZE(pin_map_mp13), 2229 #endif 2230 }; 2231 2232 static const struct stm32_tamp_compat mp15_compat = { 2233 .nb_monotonic_counter = 1, 2234 .tags = 0, 2235 #if defined(CFG_STM32MP15) 2236 .int_tamp = int_tamp_mp15, 2237 .int_tamp_size = ARRAY_SIZE(int_tamp_mp15), 2238 .ext_tamp = ext_tamp_mp15, 2239 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp15), 2240 .pin_map = pin_map_mp15, 2241 .pin_map_size = ARRAY_SIZE(pin_map_mp15), 2242 #endif 2243 }; 2244 2245 static const struct stm32_tamp_compat mp21_compat = { 2246 .nb_monotonic_counter = 2, 2247 .tags = TAMP_HAS_REGISTER_SECCFGR | 2248 TAMP_HAS_REGISTER_PRIVCFGR | 2249 TAMP_HAS_RIF_SUPPORT | 2250 TAMP_HAS_REGISTER_ERCFGR | 2251 TAMP_HAS_REGISTER_CR3 | 2252 TAMP_HAS_REGISTER_ATCR2 | 2253 TAMP_HAS_CR2_SECRET_STATUS | 2254 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2255 #if defined(CFG_STM32MP21) 2256 .int_tamp = int_tamp_mp21, 2257 .int_tamp_size = ARRAY_SIZE(int_tamp_mp21), 2258 .ext_tamp = ext_tamp_mp21, 2259 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp21), 2260 .pin_map = pin_map_mp21, 2261 .pin_map_size = ARRAY_SIZE(pin_map_mp21), 2262 #endif 2263 }; 2264 2265 static const struct stm32_tamp_compat mp25_compat = { 2266 .nb_monotonic_counter = 2, 2267 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2268 TAMP_HAS_RIF_SUPPORT | TAMP_HAS_REGISTER_ERCFGR | 2269 TAMP_HAS_REGISTER_CR3 | TAMP_HAS_REGISTER_ATCR2 | 2270 TAMP_HAS_CR2_SECRET_STATUS | TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2271 #if defined(CFG_STM32MP25) 2272 .int_tamp = int_tamp_mp25, 2273 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25), 2274 .ext_tamp = ext_tamp_mp25, 2275 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp25), 2276 .pin_map = pin_map_mp25, 2277 .pin_map_size = ARRAY_SIZE(pin_map_mp25), 2278 #endif 2279 }; 2280 2281 static const struct dt_device_match stm32_tamp_match_table[] = { 2282 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat }, 2283 { .compatible = "st,stm32mp21-tamp", .compat_data = &mp21_compat }, 2284 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat }, 2285 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat }, 2286 { } 2287 }; 2288 2289 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = { 2290 .name = "stm32-tamp", 2291 .match_table = stm32_tamp_match_table, 2292 .probe = stm32_tamp_probe, 2293 }; 2294