1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2021-2025, STMicroelectronics 4 */ 5 6 #include <crypto/crypto.h> 7 #include <drivers/clk.h> 8 #include <drivers/clk_dt.h> 9 #include <drivers/gpio.h> 10 #include <drivers/stm32_gpio.h> 11 #include <drivers/stm32_rif.h> 12 #include <drivers/stm32_rtc.h> 13 #include <drivers/stm32mp_dt_bindings.h> 14 #include <io.h> 15 #include <kernel/dt.h> 16 #include <kernel/dt_driver.h> 17 #include <kernel/interrupt.h> 18 #include <libfdt.h> 19 #include <mm/core_memprot.h> 20 #include <stdbool.h> 21 #include <stm32_util.h> 22 23 /* STM32 Registers */ 24 #define _TAMP_CR1 0x00U 25 #define _TAMP_CR2 0x04U 26 #define _TAMP_CR3 0x08U 27 #define _TAMP_FLTCR 0x0CU 28 #define _TAMP_ATCR1 0x10U 29 #define _TAMP_ATSEEDR 0x14U 30 #define _TAMP_ATOR 0x18U 31 #define _TAMP_ATCR2 0x1CU 32 #define _TAMP_SECCFGR 0x20U 33 #define _TAMP_SMCR 0x20U 34 #define _TAMP_PRIVCFGR 0x24U 35 #define _TAMP_IER 0x2CU 36 #define _TAMP_SR 0x30U 37 #define _TAMP_MISR 0x34U 38 #define _TAMP_SMISR 0x38U 39 #define _TAMP_SCR 0x3CU 40 #define _TAMP_COUNTR 0x40U 41 #define _TAMP_COUNT2R 0x44U 42 #define _TAMP_OR 0x50U 43 #define _TAMP_ERCFGR 0X54U 44 #define _TAMP_BKPRIFR(x) (0x70U + 0x4U * ((x) - 1U)) 45 #define _TAMP_CIDCFGR(x) (0x80U + 0x4U * (x)) 46 #define _TAMP_BKPxR(x) (0x100U + 0x4U * ((x) - 1U)) 47 #define _TAMP_HWCFGR2 0x3ECU 48 #define _TAMP_HWCFGR1 0x3F0U 49 #define _TAMP_VERR 0x3F4U 50 #define _TAMP_IPIDR 0x3F8U 51 #define _TAMP_SIDR 0x3FCU 52 53 /* _TAMP_SECCFGR bit fields */ 54 #define _TAMP_SECCFGR_BKPRWSEC_MASK GENMASK_32(7, 0) 55 #define _TAMP_SECCFGR_BKPRWSEC_SHIFT 0U 56 #define _TAMP_SECCFGR_CNT2SEC BIT(14) 57 #define _TAMP_SECCFGR_CNT2SEC_SHIFT 14U 58 #define _TAMP_SECCFGR_CNT1SEC BIT(15) 59 #define _TAMP_SECCFGR_CNT1SEC_SHIFT 15U 60 #define _TAMP_SECCFGR_BKPWSEC_MASK GENMASK_32(23, 16) 61 #define _TAMP_SECCFGR_BKPWSEC_SHIFT 16U 62 #define _TAMP_SECCFGR_BHKLOCK BIT(30) 63 #define _TAMP_SECCFGR_TAMPSEC BIT(31) 64 #define _TAMP_SECCFGR_TAMPSEC_SHIFT 31U 65 #define _TAMP_SECCFGR_BUT_BKP_MASK (GENMASK_32(31, 30) | \ 66 GENMASK_32(15, 14)) 67 #define _TAMP_SECCFGR_RIF_TAMP_SEC BIT(0) 68 #define _TAMP_SECCFGR_RIF_COUNT_1 BIT(1) 69 #define _TAMP_SECCFGR_RIF_COUNT_2 BIT(2) 70 71 /* _TAMP_SMCR bit fields */ 72 #define _TAMP_SMCR_BKPRWDPROT_MASK GENMASK_32(7, 0) 73 #define _TAMP_SMCR_BKPRWDPROT_SHIFT 0U 74 #define _TAMP_SMCR_BKPWDPROT_MASK GENMASK_32(23, 16) 75 #define _TAMP_SMCR_BKPWDPROT_SHIFT 16U 76 #define _TAMP_SMCR_DPROT BIT(31) 77 /* 78 * _TAMP_PRIVCFGR bit fields 79 */ 80 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 81 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 82 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 83 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 84 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 85 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 86 GENMASK_32(15, 14)) 87 #define _TAMP_PRIVCFGR_RIF_TAMP_PRIV BIT(0) 88 #define _TAMP_PRIVCFGR_RIF_R1 BIT(1) 89 #define _TAMP_PRIVCFGR_RIF_R2 BIT(2) 90 91 /* _TAMP_PRIVCFGR bit fields */ 92 #define _TAMP_PRIVCFG_CNT2PRIV BIT(14) 93 #define _TAMP_PRIVCFG_CNT1PRIV BIT(15) 94 #define _TAMP_PRIVCFG_BKPRWPRIV BIT(29) 95 #define _TAMP_PRIVCFG_BKPWPRIV BIT(30) 96 #define _TAMP_PRIVCFG_TAMPPRIV BIT(31) 97 #define _TAMP_PRIVCFGR_MASK (GENMASK_32(31, 29) | \ 98 GENMASK_32(15, 14)) 99 100 /*_TAMP_CR1 bit fields */ 101 #define _TAMP_CR1_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 102 #define _TAMP_CR1_ETAMP(id) BIT((id) - EXT_TAMP1) 103 104 /* _TAMP_CR2 bit fields */ 105 #define _TAMP_CR2_ETAMPTRG(id) BIT((id) - EXT_TAMP1 + U(24)) 106 #define _TAMP_CR2_BKERASE BIT(23) 107 #define _TAMP_CR2_BKBLOCK BIT(22) 108 #define _TAMP_CR2_ETAMPMSK_MAX_ID 3U 109 #define _TAMP_CR2_ETAMPMSK(id) BIT((id) - EXT_TAMP1 + U(16)) 110 #define _TAMP_CR2_ETAMPNOER(id) BIT((id) - EXT_TAMP1) 111 112 /* _TAMP_CR3 bit fields */ 113 #define _TAMP_CR3_ITAMPNOER_ALL GENMASK_32(12, 0) 114 #define _TAMP_CR3_ITAMPNOER(id) BIT((id) - INT_TAMP1) 115 116 /* _TAMP_FLTCR bit fields */ 117 #define _TAMP_FLTCR_TAMPFREQ_MASK GENMASK_32(2, 0) 118 #define _TAMP_FLTCR_TAMPFREQ_SHIFT 0U 119 #define _TAMP_FLTCR_TAMPFLT_MASK GENMASK_32(4, 3) 120 #define _TAMP_FLTCR_TAMPFLT_SHIFT U(3) 121 #define _TAMP_FLTCR_TAMPPRCH_MASK GENMASK_32(6, 5) 122 #define _TAMP_FLTCR_TAMPPRCH_SHIFT 5U 123 #define _TAMP_FLTCR_TAMPPUDIS BIT(7) 124 125 /* _TAMP_ATCR bit fields */ 126 #define _TAMP_ATCR1_ATCKSEL_MASK GENMASK_32(19, 16) 127 #define _TAMP_ATCR1_ATCKSEL_SHIFT 16U 128 #define _TAMP_ATCR1_ATPER_MASK GENMASK_32(26, 24) 129 #define _TAMP_ATCR1_ATPER_SHIFT 24U 130 #define _TAMP_ATCR1_ATOSHARE BIT(30) 131 #define _TAMP_ATCR1_FLTEN BIT(31) 132 #define _TAMP_ATCR1_COMMON_MASK GENMASK_32(31, 16) 133 #define _TAMP_ATCR1_ETAMPAM(id) BIT((id) - EXT_TAMP1) 134 #define _TAMP_ATCR1_ATOSEL_MASK(id) \ 135 ({ \ 136 typeof(id) _id = (id); \ 137 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 2 + 7, \ 138 ((_id) - EXT_TAMP1) * 2 + 8); \ 139 }) 140 141 #define _TAMP_ATCR1_ATOSEL(id, od) \ 142 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 2 + 8) 143 144 /* _TAMP_ATCR2 bit fields */ 145 #define _TAMP_ATCR2_ATOSEL_MASK(id) \ 146 ({ \ 147 typeof(id) _id = (id); \ 148 GENMASK_32(((_id) - EXT_TAMP1 + 1) * 3 + 7, \ 149 ((_id) - EXT_TAMP1) * 3 + 8); \ 150 }) 151 152 #define _TAMP_ATCR2_ATOSEL(id, od) \ 153 SHIFT_U32((od) - OUT_TAMP1, ((id) - EXT_TAMP1) * 3 + 8) 154 155 /* _TAMP_ATOR bit fields */ 156 #define _TAMP_PRNG GENMASK_32(7, 0) 157 #define _TAMP_SEEDF BIT(14) 158 #define _TAMP_INITS BIT(15) 159 160 /* _TAMP_IER bit fields */ 161 #define _TAMP_IER_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 162 #define _TAMP_IER_ETAMP(id) BIT((id) - EXT_TAMP1) 163 164 /* _TAMP_SR bit fields */ 165 #define _TAMP_SR_ETAMPXF_MASK GENMASK_32(7, 0) 166 #define _TAMP_SR_ITAMPXF_MASK GENMASK_32(31, 16) 167 #define _TAMP_SR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 168 #define _TAMP_SR_ETAMP(id) BIT((id) - EXT_TAMP1) 169 170 /* _TAMP_SCR bit fields */ 171 #define _TAMP_SCR_ITAMP(id) BIT((id) - INT_TAMP1 + U(16)) 172 #define _TAMP_SCR_ETAMP(id) BIT((id) - EXT_TAMP1) 173 174 /* _TAMP_OR bit fields */ 175 #define _TAMP_OR_STM32MP13_IN1RMP_PF10 0U 176 #define _TAMP_OR_STM32MP13_IN1RMP_PC13 BIT(0) 177 #define _TAMP_OR_STM32MP13_IN2RMP_PA6 0U 178 #define _TAMP_OR_STM32MP13_IN2RMP_PI1 BIT(1) 179 #define _TAMP_OR_STM32MP13_IN3RMP_PC0 0U 180 #define _TAMP_OR_STM32MP13_IN3RMP_PI2 BIT(2) 181 #define _TAMP_OR_STM32MP13_IN4RMP_PG8 0U 182 #define _TAMP_OR_STM32MP13_IN4RMP_PI3 BIT(3) 183 184 /* For STM32MP15x, _TAMP_CFGR is _TAMP_OR */ 185 #define _TAMP_OR_STM32MP15_OUT3RMP_PI8 0U 186 #define _TAMP_OR_STM32MP15_OUT3RMP_PC13 BIT(0) 187 188 #define _TAMP_STM32MP21_OR_IN1RMP_PC4 0U 189 #define _TAMP_STM32MP21_OR_IN1RMP_PI8 BIT(0) 190 191 #define _TAMP_OR_STM32MP25_IN1RMP_PC4 0U 192 #define _TAMP_OR_STM32MP25_IN1RMP_PI8 BIT(0) 193 #define _TAMP_OR_STM32MP25_IN3RMP_PC3 0U 194 #define _TAMP_OR_STM32MP25_IN3RMP_PZ2 BIT(1) 195 #define _TAMP_OR_STM32MP25_IN5RMP_PF6 0U 196 #define _TAMP_OR_STM32MP25_IN5RMP_PZ4 BIT(2) 197 198 /* _TAMP_HWCFGR2 bit fields */ 199 #define _TAMP_HWCFGR2_TZ GENMASK_32(11, 8) 200 #define _TAMP_HWCFGR2_OR GENMASK_32(7, 0) 201 202 /* _TAMP_HWCFGR1 bit fields */ 203 #define _TAMP_HWCFGR1_BKPREG GENMASK_32(7, 0) 204 #define _TAMP_HWCFGR1_TAMPER_SHIFT 8U 205 #define _TAMP_HWCFGR1_TAMPER GENMASK_32(11, 8) 206 #define _TAMP_HWCFGR1_ACTIVE GENMASK_32(15, 12) 207 #define _TAMP_HWCFGR1_INTERN GENMASK_32(31, 16) 208 #define _TAMP_HWCFGR1_ITAMP_MAX_ID 16U 209 #define _TAMP_HWCFGR1_ITAMP(id) BIT((id) - INT_TAMP1 + 16U) 210 211 /* _TAMP_VERR bit fields */ 212 #define _TAMP_VERR_MINREV GENMASK_32(3, 0) 213 #define _TAMP_VERR_MAJREV GENMASK_32(7, 4) 214 215 /* 216 * CIDCFGR register bitfields 217 */ 218 #define _TAMP_CIDCFGR_SCID_MASK GENMASK_32(6, 4) 219 #define _TAMP_CIDCFGR_CONF_MASK (_CIDCFGR_CFEN | \ 220 _CIDCFGR_SEMEN | \ 221 _TAMP_CIDCFGR_SCID_MASK) 222 223 /* _TAMP_BKPRIFR */ 224 #define _TAMP_BKPRIFR_1_MASK GENMASK_32(7, 0) 225 #define _TAMP_BKPRIFR_2_MASK GENMASK_32(7, 0) 226 #define _TAMP_BKPRIFR_3_MASK (GENMASK_32(23, 16) | GENMASK_32(7, 0)) 227 #define _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT 16U 228 229 /* 230 * RIF miscellaneous 231 */ 232 #define TAMP_NB_BKPR_ZONES 3U 233 #define TAMP_RIF_RESOURCES 3U 234 #define TAMP_RIF_OFFSET_CNT 4U 235 236 /* 237 * Compatibility capabilities 238 * TAMP_HAS_REGISTER_SECCFGR - Supports SECCFGR, otherwise supports SMCR 239 * register 240 * TAMP_HAS_REGISTER_PRIVCFG - Supports PRIVCFGR configuration register 241 * TAMP_HAS_RIF_SUPPORT - Supports RIF 242 */ 243 #define TAMP_HAS_REGISTER_SECCFGR BIT(0) 244 #define TAMP_HAS_REGISTER_PRIVCFGR BIT(1) 245 #define TAMP_HAS_REGISTER_ERCFGR BIT(2) 246 #define TAMP_HAS_REGISTER_ATCR2 BIT(3) 247 #define TAMP_HAS_REGISTER_CR3 BIT(4) 248 #define TAMP_HAS_CR2_SECRET_STATUS BIT(5) 249 #define TAMP_SIZE_ATCR1_ATCKSEL_IS_4 BIT(7) 250 #define TAMP_HAS_RIF_SUPPORT BIT(31) 251 252 /* Tamper event modes */ 253 #define TAMP_ERASE 0x0U 254 #define TAMP_NOERASE BIT(1) 255 #define TAMP_NO_EVT_MASK 0x0U 256 #define TAMP_EVT_MASK BIT(2) 257 #define TAMP_MODE_MASK GENMASK_32(15, 0) 258 259 /* Callback return bitmask values */ 260 #define TAMP_CB_ACK BIT(0) 261 #define TAMP_CB_RESET BIT(1) 262 #define TAMP_CB_ACK_AND_RESET (TAMP_CB_RESET | TAMP_CB_ACK) 263 264 #define SEED_TIMEOUT_US 1000U 265 266 /* Define TAMPER modes from DT */ 267 #define TAMP_TRIG_ON BIT(16) 268 #define TAMP_ACTIVE BIT(17) 269 #define TAMP_IN_DT BIT(18) 270 271 enum stm32_tamp_id { 272 INT_TAMP1 = 0, 273 INT_TAMP2, 274 INT_TAMP3, 275 INT_TAMP4, 276 INT_TAMP5, 277 INT_TAMP6, 278 INT_TAMP7, 279 INT_TAMP8, 280 INT_TAMP9, 281 INT_TAMP10, 282 INT_TAMP11, 283 INT_TAMP12, 284 INT_TAMP13, 285 INT_TAMP14, 286 INT_TAMP15, 287 INT_TAMP16, 288 289 EXT_TAMP1, 290 EXT_TAMP2, 291 EXT_TAMP3, 292 EXT_TAMP4, 293 EXT_TAMP5, 294 EXT_TAMP6, 295 EXT_TAMP7, 296 EXT_TAMP8, 297 298 LAST_TAMP, 299 INVALID_TAMP = 0xFFFF, 300 }; 301 302 enum stm32_tamp_out_id { 303 OUT_TAMP1 = LAST_TAMP, 304 OUT_TAMP2, 305 OUT_TAMP3, 306 OUT_TAMP4, 307 OUT_TAMP5, 308 OUT_TAMP6, 309 OUT_TAMP7, 310 OUT_TAMP8, 311 INVALID_OUT_TAMP = INVALID_TAMP 312 }; 313 314 /** 315 * struct stm32_tamp_pin_map - Tamper pin map 316 * 317 * @id: Identifier of the tamper 318 * @conf: Internal mux configuration of the pin present in the TAMP block 319 * @bank: GPIO pin bank 320 * @pin: GPIO number in the bank 321 * @out: True if pin is used for tamper output 322 */ 323 struct stm32_tamp_pin_map { 324 uint32_t id; 325 uint32_t conf; 326 uint8_t bank; 327 uint8_t pin; 328 bool out; 329 }; 330 331 /** 332 * struct stm32_tamp_tamper_data - Tamper data 333 * 334 * @id: Identifier of the tamper 335 * @out_id: Identifier of the output tamper, tamper in active mode 336 * @mode: Mode of the tamper 337 * @func: Tamper callback in case of tamper event 338 */ 339 struct stm32_tamp_tamper_data { 340 uint32_t id; 341 uint32_t out_id; 342 uint32_t mode; 343 uint32_t (*func)(int id); 344 }; 345 346 /** 347 * struct stm32_tamp_compat - TAMP compatible data 348 * 349 * @ext_tamp: List of available external tampers 350 * @int_tamp: List of available internal tampers 351 * @pin_map: List of hardware mapped of pins supporting tamper event detection 352 * @nb_monotonic_counter: Number of monotic counter supported 353 * @ext_tamp_size: Size of @ext_tamp 354 * @int_tamp_size: Size of @int_tamp 355 * @pin_map_size: Size of pin_map 356 * @tags: Bit flags TAMP_HAS_* for compatibility management 357 */ 358 struct stm32_tamp_compat { 359 struct stm32_tamp_tamper_data *ext_tamp; 360 struct stm32_tamp_tamper_data *int_tamp; 361 const struct stm32_tamp_pin_map *pin_map; 362 int nb_monotonic_counter; 363 uint32_t ext_tamp_size; 364 uint32_t int_tamp_size; 365 uint32_t pin_map_size; 366 uint32_t tags; 367 }; 368 369 /* 370 * struct stm32_bkpregs_conf - Backup registers zone bounds 371 * @zone1_end - Number of backup registers in zone 1 372 * @zone2_end - Number of backup registers in zone 2 + zone 1 373 * @rif_offsets - RIF offsets used for CID compartments 374 * 375 * TAMP backup registers access permissions 376 * 377 * Zone 1: read/write in secure state, no access in non-secure state 378 * Zone 2: read/write in secure state, read-only in non-secure state 379 * Zone 3: read/write in secure state, read/write in non-secure state 380 * 381 * Protection zone 1 382 * If zone1_end == 0 no backup register are in zone 1. 383 * Otherwise backup registers from TAMP_BKP0R to TAMP_BKP<x>R are in zone 1, 384 * with <x> = (@zone1_end - 1). 385 * 386 * Protection zone 2 387 * If zone2_end == 0 no backup register are in zone 2 and zone 1. 388 * Otherwise backup registers from TAMP_BKP<y>R to TAMP_BKP<z>R are in zone 2, 389 * with <y> = @zone1_end and <z> = (@zone2_end - 1). 390 * 391 * Protection zone 3 392 * Backup registers from TAMP_BKP<t>R to last backup register are in zone 3, 393 * with <t> = (@zone2_end - 1). 394 * 395 * When RIF is supported, each zone can be subdivided to restrain accesses to 396 * some CIDs. 397 */ 398 struct stm32_bkpregs_conf { 399 uint32_t zone1_end; 400 uint32_t zone2_end; 401 uint32_t *rif_offsets; 402 }; 403 404 /** 405 * struct stm32_tamp_platdata - TAMP platform data 406 * @base: IOMEM base address 407 * @bkpregs_conf: TAMP backup register configuration reference 408 * @compat: Reference to compat data passed at driver initialization 409 * @conf_data: RIF configuration data 410 * @clock: TAMP clock 411 * @itr: TAMP interrupt handler 412 * @nb_rif_resources: Number of RIF resources 413 * @passive_conf: Passive tampers configuration 414 * @active_conf: Active tampers configuration 415 * @pins_conf: Configuration of mapped pins for tampers 416 * @out_pins: Output pins for passive tampers 417 * @is_wakeup_source: True if a tamper event is a wakeup source 418 * @is_tdcid: True if current processor is TDCID 419 */ 420 struct stm32_tamp_platdata { 421 struct io_pa_va base; 422 struct stm32_bkpregs_conf bkpregs_conf; 423 struct stm32_tamp_compat *compat; 424 struct rif_conf_data *conf_data; 425 struct clk *clock; 426 struct itr_handler *itr; 427 unsigned int nb_rif_resources; 428 uint32_t passive_conf; 429 uint32_t active_conf; 430 uint32_t pins_conf; 431 uint32_t out_pins; 432 bool is_wakeup_source; 433 bool is_tdcid; 434 }; 435 436 /** 437 * struct stm32_tamp_instance - TAMP instance data 438 * @pdata: TAMP platform data 439 * @hwconf1: Copy of TAMP HWCONF1 register content 440 * @hwconf2: Copy of TAMP HWCONF2 register content 441 */ 442 struct stm32_tamp_instance { 443 struct stm32_tamp_platdata pdata; 444 uint32_t hwconf1; 445 uint32_t hwconf2; 446 }; 447 448 #define GPIO_BANK(port) ((port) - 'A') 449 450 #if defined(CFG_STM32MP13) 451 static const char * const itamper_name[] = { 452 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 453 [INT_TAMP2] = "Temperature monitoring", 454 [INT_TAMP3] = "LSE monitoring", 455 [INT_TAMP4] = "HSE monitoring", 456 [INT_TAMP5] = "RTC Calendar overflow", 457 [INT_TAMP6] = "JTAG SWD access", 458 [INT_TAMP7] = "ADC2 analog watchdog monitoring 1", 459 [INT_TAMP8] = "Monotonic counter 1", 460 [INT_TAMP9] = "Cryptographic perpipheral fault", 461 [INT_TAMP10] = "Monotonic counter 2", 462 [INT_TAMP11] = "IWDG1 reset", 463 [INT_TAMP12] = "ADC2 analog watchdog monitoring 2", 464 [INT_TAMP13] = "ADC2 analog watchdog monitoring 3", 465 }; 466 467 static struct stm32_tamp_tamper_data int_tamp_mp13[] = { 468 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 469 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 470 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 471 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 472 { .id = INT_TAMP12 }, { .id = INT_TAMP13 }, 473 }; 474 475 static struct stm32_tamp_tamper_data ext_tamp_mp13[] = { 476 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 477 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 478 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 479 }; 480 481 static const struct stm32_tamp_pin_map pin_map_mp13[] = { 482 { 483 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 484 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PC13, 485 }, 486 { 487 .id = EXT_TAMP1, .bank = GPIO_BANK('F'), .pin = 10, 488 .out = false, .conf = _TAMP_OR_STM32MP13_IN1RMP_PF10, 489 }, 490 { 491 .id = EXT_TAMP2, .bank = GPIO_BANK('A'), .pin = 6, 492 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PA6, 493 }, 494 { 495 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 1, 496 .out = false, .conf = _TAMP_OR_STM32MP13_IN2RMP_PI1, 497 }, 498 { 499 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 0, 500 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PC0, 501 }, 502 { 503 .id = EXT_TAMP3, .bank = GPIO_BANK('I'), .pin = 2, 504 .out = false, .conf = _TAMP_OR_STM32MP13_IN3RMP_PI2, 505 }, 506 { 507 .id = EXT_TAMP4, .bank = GPIO_BANK('G'), .pin = 8, 508 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PG8, 509 }, 510 { 511 .id = EXT_TAMP4, .bank = GPIO_BANK('I'), .pin = 3, 512 .out = false, .conf = _TAMP_OR_STM32MP13_IN4RMP_PI3, 513 }, 514 }; 515 #endif 516 517 #if defined(CFG_STM32MP15) 518 static const char * const itamper_name[] = { 519 [INT_TAMP1] = "RTC power domain", 520 [INT_TAMP2] = "Temperature monitoring", 521 [INT_TAMP3] = "LSE monitoring", 522 [INT_TAMP5] = "RTC Calendar overflow", 523 [INT_TAMP8] = "Monotonic counter", 524 }; 525 DECLARE_KEEP_PAGER(itamper_name); 526 527 static struct stm32_tamp_tamper_data int_tamp_mp15[] = { 528 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 529 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP8 }, 530 }; 531 532 static struct stm32_tamp_tamper_data ext_tamp_mp15[] = { 533 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 534 }; 535 536 static const struct stm32_tamp_pin_map pin_map_mp15[] = { 537 { 538 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 13, 539 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 540 }, 541 { 542 .id = EXT_TAMP2, .bank = GPIO_BANK('I'), .pin = 8, 543 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 544 }, 545 { 546 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 1, 547 .out = false, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 548 }, 549 { 550 .id = OUT_TAMP2, .bank = GPIO_BANK('C'), .pin = 13, 551 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 552 }, 553 { 554 .id = OUT_TAMP3, .bank = GPIO_BANK('C'), .pin = 13, 555 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PC13, 556 }, 557 { 558 .id = OUT_TAMP3, .bank = GPIO_BANK('I'), .pin = 8, 559 .out = true, .conf = _TAMP_OR_STM32MP15_OUT3RMP_PI8, 560 }, 561 }; 562 #endif 563 564 #if defined(CFG_STM32MP21) 565 static const char * const itamper_name[] = { 566 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 567 [INT_TAMP2] = "Temperature monitoring", 568 [INT_TAMP3] = "LSE monitoring", 569 [INT_TAMP4] = "HSE monitoring", 570 [INT_TAMP5] = "RTC Calendar overflow", 571 [INT_TAMP6] = "JTAG TAP access in secured-closed", 572 [INT_TAMP7] = "ADC2 analog watchdog monitoring1", 573 [INT_TAMP8] = "Monotonic counter 1 overflow", 574 [INT_TAMP9] = "Cryptographic peripherals fault", 575 [INT_TAMP10] = "Monotonic counter 2 overflow", 576 [INT_TAMP11] = "IWDG3 reset", 577 [INT_TAMP12] = "ADC2 analog watchdog monitoring2", 578 [INT_TAMP13] = "ADC2 analog watchdog monitoring3", 579 [INT_TAMP14] = "RIFSC or BSEC or DBGMCU fault", 580 [INT_TAMP15] = "IWDG1_reset", 581 [INT_TAMP16] = "BOOTROM fault", 582 }; 583 584 static struct stm32_tamp_tamper_data int_tamp_mp21[] = { 585 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 586 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 587 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 588 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, { .id = INT_TAMP12 }, 589 { .id = INT_TAMP13 }, { .id = INT_TAMP14 }, { .id = INT_TAMP15 }, 590 { .id = INT_TAMP16 }, 591 }; 592 593 static struct stm32_tamp_tamper_data ext_tamp_mp21[] = { 594 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 595 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 596 { .id = EXT_TAMP7 }, 597 }; 598 599 static const struct stm32_tamp_pin_map pin_map_mp21[] = { 600 { 601 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 602 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PI8, 603 }, 604 { 605 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 606 .out = false, .conf = _TAMP_STM32MP21_OR_IN1RMP_PC4, 607 }, 608 }; 609 #endif 610 611 #if defined(CFG_STM32MP25) || defined(CFG_STM32MP23) 612 static const char * const itamper_name[] = { 613 [INT_TAMP1] = "Backup domain voltage threshold monitoring", 614 [INT_TAMP2] = "Temperature monitoring", 615 [INT_TAMP3] = "LSE monitoring", 616 [INT_TAMP4] = "HSE monitoring", 617 [INT_TAMP5] = "RTC Calendar overflow", 618 [INT_TAMP6] = "JTAG/SWD access", 619 [INT_TAMP7] = "VDDCORE monitoring under/over voltage", 620 [INT_TAMP8] = "Monotonic counter 1 overflow", 621 [INT_TAMP9] = "Cryptographic peripherals fault", 622 [INT_TAMP10] = "Monotonic counter 2 overflow", 623 [INT_TAMP11] = "IWDG3 reset", 624 [INT_TAMP12] = "VDDCPU monitoring under/over voltage", 625 [INT_TAMP14] = "IWDG5_reset", 626 [INT_TAMP15] = "IWDG1_reset", 627 }; 628 629 static struct stm32_tamp_tamper_data int_tamp_mp25[] = { 630 { .id = INT_TAMP1 }, { .id = INT_TAMP2 }, { .id = INT_TAMP3 }, 631 { .id = INT_TAMP4 }, { .id = INT_TAMP5 }, { .id = INT_TAMP6 }, 632 { .id = INT_TAMP7 }, { .id = INT_TAMP8 }, { .id = INT_TAMP9 }, 633 { .id = INT_TAMP10 }, { .id = INT_TAMP11 }, 634 { .id = INT_TAMP12 }, { .id = INT_TAMP14 }, 635 { .id = INT_TAMP15 }, 636 }; 637 638 #ifdef CFG_STM32MP25 639 static struct stm32_tamp_tamper_data ext_tamp_mp25[] = { 640 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 641 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 642 { .id = EXT_TAMP7 }, { .id = EXT_TAMP8 }, 643 }; 644 #else 645 static struct stm32_tamp_tamper_data ext_tamp_mp23[] = { 646 { .id = EXT_TAMP1 }, { .id = EXT_TAMP2 }, { .id = EXT_TAMP3 }, 647 { .id = EXT_TAMP4 }, { .id = EXT_TAMP5 }, { .id = EXT_TAMP6 }, 648 { .id = EXT_TAMP7 }, 649 }; 650 #endif 651 652 static const struct stm32_tamp_pin_map pin_map_mp25[] = { 653 { 654 .id = EXT_TAMP1, .bank = GPIO_BANK('I'), .pin = 8, 655 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PI8, 656 }, 657 { 658 .id = EXT_TAMP1, .bank = GPIO_BANK('C'), .pin = 4, 659 .out = false, .conf = _TAMP_OR_STM32MP25_IN1RMP_PC4, 660 }, 661 { 662 .id = EXT_TAMP3, .bank = GPIO_BANK('C'), .pin = 3, 663 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PC3, 664 }, 665 { 666 .id = EXT_TAMP3, .bank = GPIO_BANK('Z'), .pin = 2, 667 .out = false, .conf = _TAMP_OR_STM32MP25_IN3RMP_PZ2, 668 }, 669 { 670 .id = EXT_TAMP5, .bank = GPIO_BANK('F'), .pin = 6, 671 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PF6, 672 }, 673 { 674 .id = EXT_TAMP5, .bank = GPIO_BANK('Z'), .pin = 4, 675 .out = false, .conf = _TAMP_OR_STM32MP25_IN5RMP_PZ4, 676 }, 677 }; 678 #endif 679 680 /* Expects at most a single instance */ 681 static struct stm32_tamp_instance *stm32_tamp_dev; 682 683 static vaddr_t get_base(void) 684 { 685 assert(stm32_tamp_dev && stm32_tamp_dev->pdata.base.pa); 686 687 return io_pa_or_va_secure(&stm32_tamp_dev->pdata.base, 1); 688 } 689 690 static void apply_rif_config(void) 691 { 692 struct rif_conf_data *rif_conf = stm32_tamp_dev->pdata.conf_data; 693 uint32_t access_mask_priv_reg = 0; 694 uint32_t access_mask_sec_reg = 0; 695 vaddr_t base = get_base(); 696 uint32_t privcfgr = 0; 697 uint32_t seccfgr = 0; 698 unsigned int i = 0; 699 700 if (!stm32_tamp_dev->pdata.conf_data) 701 return; 702 703 /* Build access masks for _TAMP_PRIVCFGR and _TAMP_SECCFGR */ 704 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 705 if (BIT(i) & rif_conf->access_mask[0]) { 706 switch (i) { 707 case 0: 708 access_mask_sec_reg |= _TAMP_SECCFGR_TAMPSEC; 709 access_mask_priv_reg |= _TAMP_PRIVCFG_TAMPPRIV; 710 break; 711 case 1: 712 access_mask_sec_reg |= _TAMP_SECCFGR_CNT1SEC; 713 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT1PRIV; 714 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPRWPRIV; 715 break; 716 case 2: 717 access_mask_sec_reg |= _TAMP_SECCFGR_CNT2SEC; 718 access_mask_priv_reg |= _TAMP_PRIVCFG_CNT2PRIV; 719 access_mask_priv_reg |= _TAMP_PRIVCFG_BKPWPRIV; 720 break; 721 default: 722 panic(); 723 } 724 } 725 } 726 727 /* 728 * When TDCID, OP-TEE should be the one to set the CID filtering 729 * configuration. Clearing previous configuration prevents 730 * undesired events during the only legitimate configuration. 731 */ 732 if (stm32_tamp_dev->pdata.is_tdcid) { 733 for (i = 0; i < TAMP_RIF_RESOURCES; i++) 734 if (BIT(i) & rif_conf->access_mask[0]) 735 io_clrbits32(base + _TAMP_CIDCFGR(i), 736 _TAMP_CIDCFGR_CONF_MASK); 737 } 738 739 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_TAMP_SEC) 740 seccfgr |= _TAMP_SECCFGR_TAMPSEC; 741 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_1) 742 seccfgr |= _TAMP_SECCFGR_CNT1SEC; 743 if (rif_conf->sec_conf[0] & _TAMP_SECCFGR_RIF_COUNT_2) 744 seccfgr |= _TAMP_SECCFGR_CNT2SEC; 745 746 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_TAMP_PRIV) 747 privcfgr |= _TAMP_PRIVCFG_TAMPPRIV; 748 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R1) 749 privcfgr |= _TAMP_PRIVCFG_CNT1PRIV | _TAMP_PRIVCFG_BKPRWPRIV; 750 if (rif_conf->priv_conf[0] & _TAMP_PRIVCFGR_RIF_R2) 751 privcfgr |= _TAMP_PRIVCFG_CNT2PRIV | _TAMP_PRIVCFG_BKPWPRIV; 752 753 /* Security and privilege RIF configuration */ 754 io_clrsetbits32(base + _TAMP_PRIVCFGR, access_mask_priv_reg, privcfgr); 755 io_clrsetbits32(base + _TAMP_SECCFGR, access_mask_sec_reg, seccfgr); 756 757 if (!stm32_tamp_dev->pdata.is_tdcid) 758 return; 759 760 for (i = 0; i < TAMP_RIF_RESOURCES; i++) { 761 if (!(BIT(i) & rif_conf->access_mask[0])) 762 continue; 763 764 io_clrsetbits32(base + _TAMP_CIDCFGR(i), 765 _TAMP_CIDCFGR_CONF_MASK, 766 rif_conf->cid_confs[i]); 767 } 768 } 769 770 static TEE_Result stm32_tamp_apply_bkpr_rif_conf(void) 771 { 772 struct stm32_bkpregs_conf *bkpregs_conf = 773 &stm32_tamp_dev->pdata.bkpregs_conf; 774 vaddr_t base = get_base(); 775 unsigned int i = 0; 776 777 if (!bkpregs_conf->rif_offsets) 778 panic("No backup register configuration"); 779 780 for (i = 0; i < TAMP_RIF_OFFSET_CNT; i++) { 781 if (bkpregs_conf->rif_offsets[i] > 782 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) 783 return TEE_ERROR_NOT_SUPPORTED; 784 } 785 786 /* Fill the 3 TAMP_BKPRIFRx registers */ 787 io_clrsetbits32(base + _TAMP_BKPRIFR(1), _TAMP_BKPRIFR_1_MASK, 788 bkpregs_conf->rif_offsets[0]); 789 io_clrsetbits32(base + _TAMP_BKPRIFR(2), _TAMP_BKPRIFR_2_MASK, 790 bkpregs_conf->rif_offsets[1]); 791 io_clrsetbits32(base + _TAMP_BKPRIFR(3), _TAMP_BKPRIFR_3_MASK, 792 bkpregs_conf->rif_offsets[2] | 793 SHIFT_U32(bkpregs_conf->rif_offsets[3], 794 _TAMP_BKPRIFR_ZONE3_RIF2_SHIFT)); 795 796 DMSG("Backup registers mapping :"); 797 DMSG("********START of zone 1********"); 798 DMSG("Protection Zone 1-RIF1 begins at register: 0"); 799 DMSG("Protection Zone 1-RIF2 begins at register: %"PRIu32, 800 bkpregs_conf->rif_offsets[0]); 801 DMSG("Protection Zone 1-RIF2 ends at register: %"PRIu32, 802 bkpregs_conf->zone1_end ? bkpregs_conf->zone1_end - 1 : 0); 803 DMSG("********END of zone 1********"); 804 DMSG("********START of zone 2********"); 805 DMSG("Protection Zone 2-RIF1 begins at register: %"PRIu32, 806 bkpregs_conf->zone1_end); 807 DMSG("Protection Zone 2-RIF2 begins at register: %"PRIu32, 808 bkpregs_conf->rif_offsets[1]); 809 DMSG("Protection Zone 2-RIF2 ends at register: %"PRIu32, 810 bkpregs_conf->rif_offsets[1] > bkpregs_conf->zone1_end ? 811 bkpregs_conf->zone2_end - 1 : 0); 812 DMSG("********END of zone 2********"); 813 DMSG("********START of zone 3********"); 814 DMSG("Protection Zone 3-RIF1 begins at register: %"PRIu32, 815 bkpregs_conf->zone2_end); 816 DMSG("Protection Zone 3-RIF0 begins at register: %"PRIu32, 817 bkpregs_conf->rif_offsets[2]); 818 DMSG("Protection Zone 3-RIF2 begins at register: %"PRIu32, 819 bkpregs_conf->rif_offsets[3]); 820 DMSG("Protection Zone 3-RIF2 ends at the last register: %"PRIu32, 821 stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG); 822 DMSG("********END of zone 3********"); 823 824 return TEE_SUCCESS; 825 } 826 827 static TEE_Result stm32_tamp_set_secure_bkpregs(void) 828 { 829 struct stm32_bkpregs_conf *bkpregs_conf = 830 &stm32_tamp_dev->pdata.bkpregs_conf; 831 vaddr_t base = get_base(); 832 uint32_t first_z2 = 0; 833 uint32_t first_z3 = 0; 834 835 first_z2 = bkpregs_conf->zone1_end; 836 first_z3 = bkpregs_conf->zone2_end; 837 838 if ((first_z2 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG)) || 839 (first_z3 > (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_BKPREG))) 840 return TEE_ERROR_BAD_PARAMETERS; 841 842 if (stm32_tamp_dev->pdata.compat && 843 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 844 io_clrsetbits32(base + _TAMP_SECCFGR, 845 _TAMP_SECCFGR_BKPRWSEC_MASK, 846 (first_z2 << _TAMP_SECCFGR_BKPRWSEC_SHIFT) & 847 _TAMP_SECCFGR_BKPRWSEC_MASK); 848 849 io_clrsetbits32(base + _TAMP_SECCFGR, 850 _TAMP_SECCFGR_BKPWSEC_MASK, 851 (first_z3 << _TAMP_SECCFGR_BKPWSEC_SHIFT) & 852 _TAMP_SECCFGR_BKPWSEC_MASK); 853 } else { 854 io_clrsetbits32(base + _TAMP_SMCR, 855 _TAMP_SMCR_BKPRWDPROT_MASK, 856 (first_z2 << _TAMP_SMCR_BKPRWDPROT_SHIFT) & 857 _TAMP_SMCR_BKPRWDPROT_MASK); 858 859 io_clrsetbits32(base + _TAMP_SMCR, 860 _TAMP_SMCR_BKPWDPROT_MASK, 861 (first_z3 << _TAMP_SMCR_BKPWDPROT_SHIFT) & 862 _TAMP_SMCR_BKPWDPROT_MASK); 863 } 864 865 return TEE_SUCCESS; 866 } 867 868 static void stm32_tamp_set_secure(uint32_t mode) 869 { 870 vaddr_t base = get_base(); 871 872 if (stm32_tamp_dev->pdata.compat && 873 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) { 874 io_clrsetbits32(base + _TAMP_SECCFGR, 875 _TAMP_SECCFGR_BUT_BKP_MASK, 876 mode & _TAMP_SECCFGR_BUT_BKP_MASK); 877 } else { 878 /* 879 * Note: MP15 doesn't use SECCFG register and 880 * inverts the secure bit. 881 */ 882 if (mode & _TAMP_SECCFGR_TAMPSEC) 883 io_clrbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 884 else 885 io_setbits32(base + _TAMP_SMCR, _TAMP_SMCR_DPROT); 886 } 887 } 888 889 static void stm32_tamp_set_privilege(uint32_t mode) 890 { 891 vaddr_t base = get_base(); 892 893 if (stm32_tamp_dev->pdata.compat && 894 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_PRIVCFGR)) 895 io_clrsetbits32(base + _TAMP_PRIVCFGR, _TAMP_PRIVCFGR_MASK, 896 mode & _TAMP_PRIVCFGR_MASK); 897 } 898 899 static void parse_bkpregs_dt_conf(const void *fdt, int node) 900 { 901 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 902 unsigned int bkpregs_count = 0; 903 const fdt32_t *cuint = NULL; 904 int lenp = 0; 905 906 cuint = fdt_getprop(fdt, node, "st,backup-zones", &lenp); 907 if (!cuint) 908 panic("Missing backup registers configuration"); 909 910 /* 911 * When TAMP does not support RIF, the backup registers can 912 * be splited in 3 zones. These zones have specific read/write 913 * access permissions based on the secure status of the accesser. 914 * When RIF is supported, these zones can additionally be splited 915 * in subzones that have CID filtering. Zones/Subzones can be empty and 916 * are contiguous. 917 */ 918 if (!(pdata->compat->tags & TAMP_HAS_RIF_SUPPORT)) { 919 /* 3 zones, 2 offsets to apply */ 920 if (lenp != sizeof(uint32_t) * TAMP_NB_BKPR_ZONES) 921 panic("Incorrect bkpregs configuration"); 922 923 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]); 924 bkpregs_count = fdt32_to_cpu(cuint[0]); 925 926 pdata->bkpregs_conf.zone2_end = bkpregs_count + 927 fdt32_to_cpu(cuint[1]); 928 } else { 929 /* 930 * Zone 3 931 * ----------------------| 932 * Protection Zone 3-RIF2|Read non- 933 * ----------------------|secure 934 * Protection Zone 3-RIF0|Write non- 935 * ----------------------|secure 936 * Protection Zone 3-RIF1| 937 * ----------------------| 938 * 939 * Zone 2 940 * ----------------------| 941 * Protection Zone 2-RIF2|Read non- 942 * ----------------------|secure 943 * Protection Zone 2-RIF1|Write secure 944 * ----------------------| 945 * 946 * Zone 1 947 * ----------------------| 948 * Protection Zone 1-RIF2|Read secure 949 * ----------------------|Write secure 950 * Protection Zone 1-RIF1| 951 * ----------------------| 952 * 953 * (BHK => First 8 registers) 954 */ 955 pdata->bkpregs_conf.rif_offsets = calloc(TAMP_RIF_OFFSET_CNT, 956 sizeof(uint32_t)); 957 if (!pdata->bkpregs_conf.rif_offsets) 958 panic(); 959 960 /* 961 * 3 zones with 7 subzones in total(6 offsets): 962 * - 2 zone offsets 963 * - 4 subzones offsets 964 */ 965 if (lenp != sizeof(uint32_t) * 966 (TAMP_RIF_OFFSET_CNT + TAMP_NB_BKPR_ZONES)) 967 panic("Incorrect bkpregs configuration"); 968 969 /* Backup registers zone 1 */ 970 pdata->bkpregs_conf.rif_offsets[0] = fdt32_to_cpu(cuint[0]); 971 pdata->bkpregs_conf.zone1_end = fdt32_to_cpu(cuint[0]) + 972 fdt32_to_cpu(cuint[1]); 973 974 bkpregs_count = pdata->bkpregs_conf.zone1_end; 975 976 /* Backup registers zone 2 */ 977 pdata->bkpregs_conf.rif_offsets[1] = bkpregs_count + 978 fdt32_to_cpu(cuint[2]); 979 pdata->bkpregs_conf.zone2_end = bkpregs_count + 980 fdt32_to_cpu(cuint[2]) + 981 fdt32_to_cpu(cuint[3]); 982 983 bkpregs_count = pdata->bkpregs_conf.zone2_end; 984 985 /* Backup registers zone 3 */ 986 pdata->bkpregs_conf.rif_offsets[2] = bkpregs_count + 987 fdt32_to_cpu(cuint[4]); 988 pdata->bkpregs_conf.rif_offsets[3] = bkpregs_count + 989 fdt32_to_cpu(cuint[4]) + 990 fdt32_to_cpu(cuint[5]); 991 } 992 } 993 994 static void stm32_tamp_set_pins(vaddr_t base, uint32_t mode) 995 { 996 io_setbits32(base + _TAMP_OR, mode); 997 } 998 999 static TEE_Result stm32_tamp_set_seed(vaddr_t base) 1000 { 1001 uint32_t value = 0; 1002 int idx = 0; 1003 1004 for (idx = 0; idx < 4; idx++) { 1005 uint32_t rnd = 0; 1006 1007 if (crypto_rng_read(&rnd, sizeof(uint32_t))) 1008 return TEE_ERROR_BAD_STATE; 1009 1010 io_write32(base + _TAMP_ATSEEDR, rnd); 1011 } 1012 1013 if (IO_READ32_POLL_TIMEOUT(base + _TAMP_ATOR, value, 1014 !(value & _TAMP_SEEDF), 0, SEED_TIMEOUT_US)) 1015 return TEE_ERROR_BAD_STATE; 1016 1017 return TEE_SUCCESS; 1018 } 1019 1020 static TEE_Result is_int_tamp_id_valid(enum stm32_tamp_id id) 1021 { 1022 if (id - INT_TAMP1 >= _TAMP_HWCFGR1_ITAMP_MAX_ID) 1023 return TEE_ERROR_BAD_PARAMETERS; 1024 1025 if (!(stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_ITAMP(id))) 1026 return TEE_ERROR_ITEM_NOT_FOUND; 1027 1028 return TEE_SUCCESS; 1029 } 1030 1031 static bool is_ext_tamp_id_valid(enum stm32_tamp_id id) 1032 { 1033 return id - EXT_TAMP1 <= 1034 (stm32_tamp_dev->hwconf1 & _TAMP_HWCFGR1_TAMPER) >> 1035 _TAMP_HWCFGR1_TAMPER_SHIFT; 1036 } 1037 1038 static enum itr_return stm32_tamp_it_handler(struct itr_handler *h __unused) 1039 { 1040 struct optee_rtc_time __maybe_unused tamp_ts = { }; 1041 vaddr_t base = get_base(); 1042 uint32_t it = io_read32(base + _TAMP_SR); 1043 uint32_t int_it = it & _TAMP_SR_ITAMPXF_MASK; 1044 uint32_t ext_it = it & _TAMP_SR_ETAMPXF_MASK; 1045 bool ts_enabled = false; 1046 size_t i = 0; 1047 1048 if (stm32_rtc_is_timestamp_enabled(&ts_enabled)) 1049 panic(); 1050 1051 if (ts_enabled && it) { 1052 TEE_Result res = stm32_rtc_get_timestamp(&tamp_ts); 1053 1054 if (res) 1055 EMSG("Failed to get RTC timestamp: %"PRIx32, res); 1056 FMSG("Tamper event occurred at:"); 1057 FMSG("\n \t Date: %"PRIu32"/%"PRIu32"\n \t Time: %"PRIu32":%"PRIu32":%"PRIu32, 1058 tamp_ts.tm_mday, tamp_ts.tm_mon, tamp_ts.tm_hour, 1059 tamp_ts.tm_min, tamp_ts.tm_sec); 1060 } 1061 1062 while (int_it && i < stm32_tamp_dev->pdata.compat->int_tamp_size) { 1063 struct stm32_tamp_tamper_data int_tamp = 1064 stm32_tamp_dev->pdata.compat->int_tamp[i]; 1065 int id = int_tamp.id; 1066 1067 if (int_it & _TAMP_SR_ITAMP(id)) { 1068 uint32_t ret = 0; 1069 1070 int_it &= ~_TAMP_SR_ITAMP(id); 1071 1072 if (int_tamp.func) 1073 ret = int_tamp.func(id); 1074 1075 if (ret & TAMP_CB_ACK) 1076 io_setbits32(base + _TAMP_SCR, 1077 _TAMP_SCR_ITAMP(id)); 1078 1079 if (ret & TAMP_CB_RESET) 1080 do_reset("Internal tamper event detected"); 1081 } 1082 i++; 1083 } 1084 1085 i = 0; 1086 /* External tamper interrupt */ 1087 while (ext_it && i < stm32_tamp_dev->pdata.compat->ext_tamp_size) { 1088 struct stm32_tamp_tamper_data ext_tamp = 1089 stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1090 int id = ext_tamp.id; 1091 1092 if (ext_it & _TAMP_SR_ETAMP(id)) { 1093 uint32_t ret = 0; 1094 1095 ext_it &= ~_TAMP_SR_ETAMP(id); 1096 1097 if (ext_tamp.func) 1098 ret = ext_tamp.func(id); 1099 1100 if (ret & TAMP_CB_ACK) 1101 io_setbits32(base + _TAMP_SCR, 1102 _TAMP_SCR_ETAMP(id)); 1103 1104 if (ret & TAMP_CB_RESET) 1105 do_reset("External tamper event detected"); 1106 } 1107 i++; 1108 } 1109 1110 return ITRR_HANDLED; 1111 } 1112 DECLARE_KEEP_PAGER(stm32_tamp_it_handler); 1113 1114 static TEE_Result stm32_tamp_set_int_config(struct stm32_tamp_compat *tcompat, 1115 uint32_t itamp_index, uint32_t *cr1, 1116 uint32_t *cr3, uint32_t *ier) 1117 { 1118 struct stm32_tamp_tamper_data *tamp_int = NULL; 1119 enum stm32_tamp_id id = INVALID_TAMP; 1120 TEE_Result res = TEE_ERROR_GENERIC; 1121 1122 if (!tcompat) 1123 return TEE_ERROR_BAD_PARAMETERS; 1124 1125 tamp_int = &tcompat->int_tamp[itamp_index]; 1126 id = tamp_int->id; 1127 1128 res = is_int_tamp_id_valid(id); 1129 if (res == TEE_ERROR_ITEM_NOT_FOUND) 1130 return TEE_SUCCESS; 1131 else if (res) 1132 return res; 1133 1134 /* 1135 * If there is no callback 1136 * this tamper is disabled, we reset its configuration. 1137 */ 1138 if (!tamp_int->func) { 1139 *cr1 &= ~_TAMP_CR1_ITAMP(id); 1140 *ier &= ~_TAMP_IER_ITAMP(id); 1141 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) 1142 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1143 1144 FMSG("INT_TAMP%d disabled", id - INT_TAMP1 + 1); 1145 return TEE_SUCCESS; 1146 } 1147 1148 *cr1 |= _TAMP_CR1_ITAMP(id); 1149 *ier |= _TAMP_IER_ITAMP(id); 1150 1151 if (tcompat->tags & TAMP_HAS_REGISTER_CR3) { 1152 if (tamp_int->mode & TAMP_NOERASE) 1153 *cr3 |= _TAMP_CR3_ITAMPNOER(id); 1154 else 1155 *cr3 &= ~_TAMP_CR3_ITAMPNOER(id); 1156 } 1157 1158 DMSG("'%s' internal tamper enabled in %s mode", 1159 itamper_name[id - INT_TAMP1], 1160 (tamp_int->mode & TAMP_NOERASE) ? "potential" : "confirmed"); 1161 1162 return TEE_SUCCESS; 1163 } 1164 1165 static TEE_Result stm32_tamp_set_ext_config(struct stm32_tamp_compat *tcompat, 1166 uint32_t etamp_index, uint32_t *cr1, 1167 uint32_t *cr2, uint32_t *atcr1, 1168 uint32_t *atcr2, uint32_t *ier) 1169 { 1170 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1171 enum stm32_tamp_id id = INVALID_TAMP; 1172 1173 if (!tcompat) 1174 return TEE_ERROR_BAD_PARAMETERS; 1175 1176 tamp_ext = &tcompat->ext_tamp[etamp_index]; 1177 id = tamp_ext->id; 1178 1179 /* Exit if not a valid TAMP_ID */ 1180 if (!is_ext_tamp_id_valid(id)) 1181 return TEE_ERROR_BAD_PARAMETERS; 1182 1183 /* 1184 * If there is no callback or this TAMPER wasn't defined in DT, 1185 * this tamper is disabled, we reset its configuration. 1186 */ 1187 if (!tamp_ext->func || !(tamp_ext->mode & TAMP_IN_DT)) { 1188 *cr1 &= ~_TAMP_CR1_ETAMP(id); 1189 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1190 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1191 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1192 *ier &= ~_TAMP_IER_ETAMP(id); 1193 1194 FMSG("EXT_TAMP%d disabled", id - EXT_TAMP1 + 1); 1195 return TEE_SUCCESS; 1196 } 1197 1198 *cr1 |= _TAMP_CR1_ETAMP(id); 1199 1200 if (tamp_ext->mode & TAMP_TRIG_ON) 1201 *cr2 |= _TAMP_CR2_ETAMPTRG(id); 1202 else 1203 *cr2 &= ~_TAMP_CR2_ETAMPTRG(id); 1204 1205 if (tamp_ext->mode & TAMP_ACTIVE) { 1206 *atcr1 |= _TAMP_ATCR1_ETAMPAM(id); 1207 1208 /* Configure output pin if ATOSHARE is selected */ 1209 if (*atcr1 & _TAMP_ATCR1_ATOSHARE) { 1210 if (tcompat->tags & TAMP_HAS_REGISTER_ATCR2) 1211 *atcr2 = (*atcr2 & 1212 ~_TAMP_ATCR2_ATOSEL_MASK(id)) | 1213 _TAMP_ATCR2_ATOSEL(id, 1214 tamp_ext->out_id); 1215 else 1216 *atcr1 = (*atcr1 & 1217 ~_TAMP_ATCR1_ATOSEL_MASK(id)) | 1218 _TAMP_ATCR1_ATOSEL(id, 1219 tamp_ext->out_id); 1220 } 1221 } else { 1222 *atcr1 &= ~_TAMP_ATCR1_ETAMPAM(id); 1223 } 1224 1225 if (tamp_ext->mode & TAMP_NOERASE) 1226 *cr2 |= _TAMP_CR2_ETAMPNOER(id); 1227 else 1228 *cr2 &= ~_TAMP_CR2_ETAMPNOER(id); 1229 1230 if (id < _TAMP_CR2_ETAMPMSK_MAX_ID) { 1231 /* 1232 * Only external TAMP 1, 2 and 3 can be masked 1233 * and we may want them masked at startup. 1234 */ 1235 if (tamp_ext->mode & TAMP_EVT_MASK) { 1236 /* 1237 * ETAMP(id) event generates a trigger event. This 1238 * ETAMP(id) is masked and internally cleared by 1239 * hardware. 1240 * The secrets are not erased. 1241 */ 1242 *ier &= ~_TAMP_IER_ETAMP(id); 1243 *cr2 |= _TAMP_CR2_ETAMPMSK(id); 1244 } else { 1245 /* 1246 * normal ETAMP interrupt: 1247 * ETAMP(id) event generates a trigger event and 1248 * TAMP(id) must be cleared by software to allow 1249 * next tamper event detection. 1250 */ 1251 *ier |= _TAMP_IER_ETAMP(id); 1252 *cr2 &= ~_TAMP_CR2_ETAMPMSK(id); 1253 } 1254 } else { 1255 /* Other than 1,2,3 external TAMP, we want its interrupt */ 1256 *ier |= _TAMP_IER_ETAMP(id); 1257 } 1258 1259 DMSG("EXT_TAMP%d enabled as a %s tamper in %s mode, trig_%s %s", 1260 id - EXT_TAMP1 + 1, 1261 (tamp_ext->mode & TAMP_ACTIVE) ? "active" : "passive", 1262 (tamp_ext->mode & TAMP_NOERASE) ? "potential" : "confirmed", 1263 (tamp_ext->mode & TAMP_TRIG_ON) ? "on" : "off", 1264 (tamp_ext->mode & TAMP_EVT_MASK) ? " (masked)" : ""); 1265 1266 if (tamp_ext->mode & TAMP_ACTIVE) 1267 DMSG(" linked with OUT_TAMP%"PRIu32, 1268 tamp_ext->out_id - OUT_TAMP1 + 1); 1269 1270 return TEE_SUCCESS; 1271 } 1272 1273 /* 1274 * Count number of 1 in bitmask 1275 * Cannot use __builtin_popcount(): libgcc.a for ARMV7 use hardfloat ABI, 1276 * but OP-TEE core is compiled with softfloat ABI. 1277 */ 1278 static int popcount(uint32_t bitmask) 1279 { 1280 int nb = 0; 1281 1282 while (bitmask) { 1283 if (bitmask & 1) 1284 nb++; 1285 bitmask >>= 1; 1286 } 1287 1288 return nb; 1289 } 1290 1291 static void stm32_tamp_set_atper(uint32_t pins_out_bits, uint32_t *atcr1) 1292 { 1293 uint32_t conf = 0; 1294 1295 switch (popcount(pins_out_bits)) { 1296 case 0: 1297 case 1: 1298 conf = 0; 1299 break; 1300 case 2: 1301 conf = 1; 1302 break; 1303 case 3: 1304 case 4: 1305 conf = 2; 1306 break; 1307 default: 1308 conf = 3; 1309 break; 1310 } 1311 1312 *atcr1 |= SHIFT_U32(conf, _TAMP_ATCR1_ATPER_SHIFT) & 1313 _TAMP_ATCR1_ATPER_MASK; 1314 } 1315 1316 static TEE_Result stm32_tamp_set_config(void) 1317 { 1318 TEE_Result ret = TEE_SUCCESS; 1319 vaddr_t base = get_base(); 1320 uint32_t atcr1 = 0; 1321 uint32_t atcr2 = 0; 1322 uint32_t fltcr = 0; 1323 uint32_t cr1 = 0; 1324 uint32_t cr2 = 0; 1325 uint32_t cr3 = 0; 1326 uint32_t ier = 0; 1327 size_t i = 0; 1328 1329 if (!stm32_tamp_dev->pdata.compat || 1330 !stm32_tamp_dev->pdata.compat->int_tamp || 1331 !stm32_tamp_dev->pdata.compat->ext_tamp) 1332 return TEE_ERROR_BAD_STATE; 1333 1334 /* Set passive filter configuration */ 1335 fltcr = stm32_tamp_dev->pdata.passive_conf; 1336 1337 /* Set active mode configuration */ 1338 atcr1 = stm32_tamp_dev->pdata.active_conf & _TAMP_ATCR1_COMMON_MASK; 1339 stm32_tamp_set_atper(stm32_tamp_dev->pdata.out_pins, &atcr1); 1340 1341 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1342 ret = stm32_tamp_set_int_config(stm32_tamp_dev->pdata.compat, i, 1343 &cr1, &cr3, &ier); 1344 if (ret) 1345 return ret; 1346 } 1347 1348 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1349 ret = stm32_tamp_set_ext_config(stm32_tamp_dev->pdata.compat, i, 1350 &cr1, &cr2, &atcr1, &atcr2, 1351 &ier); 1352 if (ret) 1353 return ret; 1354 } 1355 1356 /* 1357 * We apply configuration all in a row: 1358 * As for active ext tamper "all the needed tampers must be enabled in 1359 * the same write access". 1360 */ 1361 io_write32(base + _TAMP_FLTCR, fltcr); 1362 FMSG("Set passive conf %08"PRIx32, fltcr); 1363 1364 /* Active configuration applied only if not already done. */ 1365 if (((io_read32(base + _TAMP_ATOR) & _TAMP_INITS) != _TAMP_INITS)) { 1366 io_write32(base + _TAMP_ATCR1, atcr1); 1367 FMSG("Set active conf1 %08"PRIx32, atcr1); 1368 1369 if (stm32_tamp_dev->pdata.compat->tags & 1370 TAMP_HAS_REGISTER_ATCR2) { 1371 io_write32(base + _TAMP_ATCR2, atcr2); 1372 FMSG("Set active conf2 %08"PRIx32, atcr2); 1373 } 1374 } 1375 1376 io_write32(base + _TAMP_CR1, cr1); 1377 io_write32(base + _TAMP_CR2, cr2); 1378 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_CR3) 1379 io_write32(base + _TAMP_CR3, cr3); 1380 1381 /* If active tamper we reinit the seed. */ 1382 if (stm32_tamp_dev->pdata.active_conf) { 1383 if (stm32_tamp_set_seed(base) != TEE_SUCCESS) { 1384 EMSG("Active tamper: SEED not initialized"); 1385 return TEE_ERROR_BAD_STATE; 1386 } 1387 } 1388 1389 /* Enable interrupts. */ 1390 io_write32(base + _TAMP_IER, ier); 1391 1392 return TEE_SUCCESS; 1393 } 1394 1395 /* 1396 * Mask a tamper event detection for a given @id 1397 * If ETAMP(id) event generates a trigger event, this ETAMP(id) is masked and 1398 * internally cleared by hardware. The secrets are not erased. 1399 */ 1400 static TEE_Result __maybe_unused stm32_tamp_set_mask(enum stm32_tamp_id id) 1401 { 1402 vaddr_t base = get_base(); 1403 1404 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1405 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1406 return TEE_ERROR_BAD_PARAMETERS; 1407 1408 /* We cannot mask the event if pending. */ 1409 if (io_read32(base + _TAMP_SR) & _TAMP_SR_ETAMP(id)) 1410 return TEE_ERROR_BAD_STATE; 1411 1412 /* We disable the IT */ 1413 io_clrbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1414 /* We mask the event */ 1415 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1416 1417 return TEE_SUCCESS; 1418 } 1419 1420 /* 1421 * Unmask a tamper event detection for a given @id 1422 * ETAMP(id) event now generates a trigger event and ETAMP(id) must be cleared 1423 * by software to allow next tamper event detection. 1424 */ 1425 static TEE_Result __maybe_unused stm32_tamp_unset_mask(enum stm32_tamp_id id) 1426 { 1427 vaddr_t base = get_base(); 1428 1429 /* Only EXT_TAMP1, EXT_TAMP2, EXT_TAMP3 can be masked. */ 1430 if (id < EXT_TAMP1 || id > (EXT_TAMP1 + _TAMP_CR2_ETAMPMSK_MAX_ID)) 1431 return TEE_ERROR_BAD_PARAMETERS; 1432 1433 /* We unmask the event */ 1434 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_ETAMPMSK(id)); 1435 /* We enable the IT */ 1436 io_setbits32(base + _TAMP_IER, _TAMP_IER_ETAMP(id)); 1437 1438 return TEE_SUCCESS; 1439 } 1440 1441 /* This will increment the monotonic counter by 1. It cannot roll-over */ 1442 static TEE_Result __maybe_unused stm32_tamp_write_mcounter(int cnt_idx) 1443 { 1444 vaddr_t base = get_base(); 1445 1446 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1447 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1448 return TEE_ERROR_BAD_PARAMETERS; 1449 1450 io_write32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t), 1); 1451 1452 return TEE_SUCCESS; 1453 } 1454 1455 static uint32_t __maybe_unused stm32_tamp_read_mcounter(int cnt_idx) 1456 { 1457 vaddr_t base = get_base(); 1458 1459 if (cnt_idx < 0 || !stm32_tamp_dev->pdata.compat || 1460 cnt_idx >= stm32_tamp_dev->pdata.compat->nb_monotonic_counter) 1461 return 0U; 1462 1463 return io_read32(base + _TAMP_COUNTR + cnt_idx * sizeof(uint32_t)); 1464 } 1465 1466 static TEE_Result stm32_tamp_configure_int(struct stm32_tamp_tamper_data *tamp, 1467 uint32_t mode, 1468 uint32_t (*cb)(int id)) 1469 { 1470 if (mode & TAMP_EVT_MASK) 1471 return TEE_ERROR_BAD_PARAMETERS; 1472 1473 tamp->mode |= (mode & TAMP_MODE_MASK); 1474 tamp->func = cb; 1475 1476 return TEE_SUCCESS; 1477 } 1478 1479 static TEE_Result stm32_tamp_configure_ext(struct stm32_tamp_tamper_data *tamp, 1480 uint32_t mode, 1481 uint32_t (*cb)(int id)) 1482 { 1483 enum stm32_tamp_id id = tamp->id; 1484 1485 if (mode & TAMP_EVT_MASK && !is_ext_tamp_id_valid(id)) 1486 return TEE_ERROR_BAD_PARAMETERS; 1487 1488 if (!(tamp->mode & TAMP_IN_DT)) 1489 return TEE_ERROR_ITEM_NOT_FOUND; 1490 1491 tamp->mode |= (mode & TAMP_MODE_MASK); 1492 tamp->func = cb; 1493 1494 return TEE_SUCCESS; 1495 } 1496 1497 /* 1498 * stm32_tamp_activate_tamp: Configure and activate one tamper (internal or 1499 * external). 1500 * 1501 * @id: tamper ID 1502 * @mode: bitmask from TAMPER modes define: 1503 * TAMP_ERASE/TAMP_NOERASE: 1504 * TAMP_ERASE: when this tamper event is triggered; secrets are 1505 * erased. 1506 * TAMP_NOERASE: when this event is triggered; cryptographic 1507 * and some secure peripherals are locked until the event is 1508 * acknowledged. If the callback confirms the TAMPER, it 1509 * can manually erase secrets with stm32_tamp_erase_secrets(). 1510 * TAMP_NO_EVT_MASK/TAMP_EVT_MASK: 1511 * TAMP_NO_EVT_MASK: normal behavior. 1512 * TAMP_EVT_MASK: if the event is triggered, the event is masked and 1513 * internally cleared by hardware. Secrets are not erased. Only 1514 * applicable for some external tampers. This defines only the status 1515 * at boot. To change mask while runtime: stm32_tamp_set_mask() and 1516 * stm32_tamp_unset_mask() can be used. 1517 * @cb: function to call when a tamper event is raised (cannot be NULL). 1518 * It is called in interrupt context and returns a bitmask defining 1519 * the action to take by the driver: 1520 * TAMP_CB_RESET: will reset the board. 1521 * TAMP_CB_ACK: this specific tamper is acknowledged (in case 1522 * of no-erase tamper, blocked secret are unblocked). 1523 * 1524 * return: TEE_ERROR_BAD_PARAMETERS: 1525 * if @id is not a valid tamper ID, 1526 * if @cb is NULL, 1527 * if TAMP_EVT_MASK @mode is set for an unsupported @id. 1528 * TEE_ERROR_BAD_STATE 1529 * if driver was not previously initialized. 1530 * TEE_ERROR_ITEM_NOT_FOUND 1531 * if the activated external tamper was not previously 1532 * defined in the device tree. 1533 * else TEE_SUCCESS. 1534 */ 1535 static TEE_Result stm32_tamp_activate_tamp(enum stm32_tamp_id id, uint32_t mode, 1536 uint32_t (*cb)(int id)) 1537 { 1538 struct stm32_tamp_tamper_data *tamp_conf = NULL; 1539 size_t i = 0; 1540 1541 if (!stm32_tamp_dev->pdata.compat) 1542 return TEE_ERROR_BAD_STATE; 1543 1544 assert(is_unpaged(cb)); 1545 1546 if (!cb) 1547 return TEE_ERROR_BAD_PARAMETERS; 1548 1549 /* Find internal Tamp struct */ 1550 for (i = 0; i < stm32_tamp_dev->pdata.compat->int_tamp_size; i++) { 1551 if (stm32_tamp_dev->pdata.compat->int_tamp[i].id == id) { 1552 tamp_conf = &stm32_tamp_dev->pdata.compat->int_tamp[i]; 1553 return stm32_tamp_configure_int(tamp_conf, mode, cb); 1554 } 1555 } 1556 1557 /* Find external Tamp struct */ 1558 for (i = 0; i < stm32_tamp_dev->pdata.compat->ext_tamp_size; i++) { 1559 if (stm32_tamp_dev->pdata.compat->ext_tamp[i].id == id) { 1560 tamp_conf = &stm32_tamp_dev->pdata.compat->ext_tamp[i]; 1561 return stm32_tamp_configure_ext(tamp_conf, mode, cb); 1562 } 1563 } 1564 1565 EMSG("Did not find existing tamper for ID:%d", id); 1566 1567 return TEE_ERROR_BAD_PARAMETERS; 1568 } 1569 1570 static bool __maybe_unused stm32_tamp_are_secrets_blocked(void) 1571 { 1572 if (stm32_tamp_dev->pdata.compat && 1573 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) { 1574 vaddr_t base = get_base(); 1575 1576 return ((io_read32(base + _TAMP_CR2) & _TAMP_CR2_BKBLOCK) || 1577 io_read32(base + _TAMP_SR)); 1578 } else { 1579 return false; 1580 } 1581 } 1582 1583 static void __maybe_unused stm32_tamp_block_secrets(void) 1584 { 1585 vaddr_t base = get_base(); 1586 1587 if (stm32_tamp_dev->pdata.compat && 1588 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1589 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1590 } 1591 1592 static void __maybe_unused stm32_tamp_unblock_secrets(void) 1593 { 1594 vaddr_t base = get_base(); 1595 1596 if (stm32_tamp_dev->pdata.compat && 1597 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1598 io_clrbits32(base + _TAMP_CR2, _TAMP_CR2_BKBLOCK); 1599 } 1600 1601 static void __maybe_unused stm32_tamp_erase_secrets(void) 1602 { 1603 vaddr_t base = get_base(); 1604 1605 if (stm32_tamp_dev->pdata.compat && 1606 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_CR2_SECRET_STATUS)) 1607 io_setbits32(base + _TAMP_CR2, _TAMP_CR2_BKERASE); 1608 } 1609 1610 static void __maybe_unused stm32_tamp_lock_boot_hardware_key(void) 1611 { 1612 vaddr_t base = get_base(); 1613 1614 if (stm32_tamp_dev->pdata.compat && 1615 (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_REGISTER_SECCFGR)) 1616 io_setbits32(base + _TAMP_SECCFGR, _TAMP_SECCFGR_BHKLOCK); 1617 } 1618 1619 static void stm32_tamp_configure_pin(uint32_t id, struct gpio *gpio, bool out, 1620 struct stm32_tamp_platdata *pdata) 1621 { 1622 struct stm32_tamp_compat *compat = pdata->compat; 1623 unsigned int bank = stm32_gpio_chip_bank_id(gpio->chip); 1624 unsigned int pin = gpio->pin; 1625 size_t i = 0; 1626 1627 if (!compat) 1628 return; 1629 1630 /* Configure option registers */ 1631 for (i = 0; i < compat->pin_map_size; i++) { 1632 if (id == compat->pin_map[i].id && 1633 bank == compat->pin_map[i].bank && 1634 pin == compat->pin_map[i].pin && 1635 out == compat->pin_map[i].out) { 1636 pdata->pins_conf |= compat->pin_map[i].conf; 1637 break; 1638 } 1639 } 1640 } 1641 1642 static TEE_Result 1643 stm32_tamp_configure_pin_from_dt(const void *fdt, int node, 1644 struct stm32_tamp_platdata *pdata, 1645 uint32_t ext_tamp_id, uint32_t out_tamp_id) 1646 { 1647 enum stm32_tamp_out_id out_id = INVALID_OUT_TAMP; 1648 struct stm32_tamp_tamper_data *tamp_ext = NULL; 1649 enum stm32_tamp_id id = INVALID_TAMP; 1650 TEE_Result res = TEE_SUCCESS; 1651 struct gpio *gpio_out = NULL; 1652 struct gpio *gpio_ext = NULL; 1653 bool active = false; 1654 unsigned int i = 0; 1655 1656 /* 1657 * First GPIO in the tamper-gpios property is required and refers to the 1658 * EXT_TAMP control. Second GPIO in the tamper-gpios property is 1659 * optional and, if defined, refers to the OUT_TAMP control. 1660 * If only one GPIO is defined, the tamper control is a passive tamper. 1661 * Else, it is an active tamper. 1662 */ 1663 res = gpio_dt_cfg_by_index(fdt, node, 1, "tamper", GPIO_IN, &gpio_out); 1664 if (res && res != TEE_ERROR_ITEM_NOT_FOUND) 1665 return res; 1666 1667 if (res != TEE_ERROR_ITEM_NOT_FOUND) { 1668 active = true; 1669 out_id = OUT_TAMP1 + out_tamp_id - 1; 1670 if (out_tamp_id > pdata->compat->ext_tamp_size) { 1671 gpio_put(gpio_out); 1672 return TEE_ERROR_BAD_PARAMETERS; 1673 } 1674 1675 stm32_tamp_configure_pin(out_id, gpio_out, true, pdata); 1676 } 1677 1678 res = gpio_dt_cfg_by_index(fdt, node, 0, "tamper", GPIO_IN, &gpio_ext); 1679 if (res) { 1680 gpio_put(gpio_out); 1681 return res; 1682 } 1683 1684 /* We now configure first pin */ 1685 id = ext_tamp_id + EXT_TAMP1 - 1; 1686 1687 /* Find external TAMP struct */ 1688 for (i = 0; i < pdata->compat->ext_tamp_size; i++) { 1689 if (pdata->compat->ext_tamp[i].id == id) { 1690 tamp_ext = &pdata->compat->ext_tamp[i]; 1691 break; 1692 } 1693 } 1694 1695 if (!tamp_ext) { 1696 gpio_put(gpio_out); 1697 gpio_put(gpio_ext); 1698 return TEE_ERROR_BAD_PARAMETERS; 1699 } 1700 1701 if (active) { 1702 tamp_ext->mode |= TAMP_ACTIVE; 1703 tamp_ext->out_id = out_id; 1704 pdata->out_pins |= BIT(tamp_ext->out_id - OUT_TAMP1); 1705 1706 if (out_id - OUT_TAMP1 != id - EXT_TAMP1) 1707 pdata->active_conf |= _TAMP_ATCR1_ATOSHARE; 1708 } else { 1709 if (fdt_getprop(fdt, node, "st,trig-on", NULL)) 1710 tamp_ext->mode |= TAMP_TRIG_ON; 1711 } 1712 1713 tamp_ext->mode |= TAMP_IN_DT; 1714 1715 stm32_tamp_configure_pin(id, gpio_ext, false, pdata); 1716 1717 return TEE_SUCCESS; 1718 } 1719 1720 static TEE_Result 1721 stm32_tamp_parse_passive_conf(const void *fdt, int node, 1722 struct stm32_tamp_platdata *pdata) 1723 { 1724 const fdt32_t *cuint = NULL; 1725 uint32_t precharge = 0; 1726 uint32_t nb_sample = 0; 1727 uint32_t clk_div = 32768; 1728 uint32_t conf = 0; 1729 1730 cuint = fdt_getprop(fdt, node, "st,tamp-passive-precharge", NULL); 1731 if (cuint) 1732 precharge = fdt32_to_cpu(*cuint); 1733 1734 cuint = fdt_getprop(fdt, node, "st,tamp-passive-nb-sample", NULL); 1735 if (cuint) 1736 nb_sample = fdt32_to_cpu(*cuint); 1737 1738 cuint = fdt_getprop(fdt, node, "st,tamp-passive-sample-clk-div", NULL); 1739 if (cuint) 1740 clk_div = fdt32_to_cpu(*cuint); 1741 1742 DMSG("Passive conf from dt: precharge=%"PRIu32", nb_sample=%"PRIu32 1743 ", clk_div=%"PRIu32, precharge, nb_sample, clk_div); 1744 1745 switch (precharge) { 1746 case 0: 1747 /* No precharge, => we disable the pull-up */ 1748 conf |= _TAMP_FLTCR_TAMPPUDIS; 1749 break; 1750 case 1: 1751 /* Precharge for one cycle value stay 0 */ 1752 break; 1753 case 2: 1754 /* Precharge passive pin 2 cycles */ 1755 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1756 break; 1757 case 4: 1758 /* Precharge passive pin 4 cycles */ 1759 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1760 break; 1761 case 8: 1762 /* Precharge passive pin 8 cycles */ 1763 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPPRCH_SHIFT); 1764 break; 1765 default: 1766 return TEE_ERROR_BAD_PARAMETERS; 1767 } 1768 1769 switch (nb_sample) { 1770 case 0: 1771 /* Activation on edge, no pull-up: value stay 0 */ 1772 break; 1773 case 2: 1774 /* 1775 * Tamper event is activated after 2 consecutive samples at 1776 * active level. 1777 */ 1778 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFLT_SHIFT); 1779 break; 1780 case 4: 1781 /* 1782 * Tamper event is activated after 4 consecutive samples at 1783 * active level. 1784 */ 1785 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFLT_SHIFT); 1786 break; 1787 case 8: 1788 /* 1789 * Tamper event is activated after 8 consecutive samples at 1790 * active level. 1791 */ 1792 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFLT_SHIFT); 1793 break; 1794 default: 1795 return TEE_ERROR_BAD_PARAMETERS; 1796 } 1797 1798 switch (clk_div) { 1799 case 32768: 1800 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1801 break; 1802 case 16384: 1803 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1804 conf |= SHIFT_U32(1, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1805 break; 1806 case 8192: 1807 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1808 conf |= SHIFT_U32(2, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1809 break; 1810 case 4096: 1811 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1812 conf |= SHIFT_U32(3, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1813 break; 1814 case 2048: 1815 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1816 conf |= SHIFT_U32(4, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1817 break; 1818 case 1024: 1819 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1820 conf |= SHIFT_U32(5, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1821 break; 1822 case 512: 1823 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1824 conf |= SHIFT_U32(6, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1825 break; 1826 case 256: 1827 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1828 conf |= SHIFT_U32(7, _TAMP_FLTCR_TAMPFREQ_SHIFT); 1829 break; 1830 default: 1831 return TEE_ERROR_BAD_PARAMETERS; 1832 } 1833 1834 pdata->passive_conf = conf; 1835 1836 return TEE_SUCCESS; 1837 } 1838 1839 static uint32_t stm32_tamp_itamper_action(int id) 1840 { 1841 const char __maybe_unused *tamp_name = NULL; 1842 1843 if (id >= 0 && ((size_t)id < ARRAY_SIZE(itamper_name))) 1844 tamp_name = itamper_name[id]; 1845 1846 MSG("Internal tamper event %u (%s) occurred", id - INT_TAMP1 + 1, 1847 tamp_name); 1848 1849 return TAMP_CB_ACK_AND_RESET; 1850 } 1851 DECLARE_KEEP_PAGER(stm32_tamp_itamper_action); 1852 1853 static uint32_t stm32_tamp_etamper_action(int id __maybe_unused) 1854 { 1855 MSG("External tamper %u occurs", id - EXT_TAMP1 + 1); 1856 1857 return TAMP_CB_ACK_AND_RESET; 1858 } 1859 DECLARE_KEEP_PAGER(stm32_tamp_etamper_action); 1860 1861 static TEE_Result stm32_configure_tamp(const void *fdt, int node) 1862 { 1863 const fdt32_t *internal_tampers = 0; 1864 uint32_t i_tampers[EXT_TAMP1 * 2] = { }; 1865 int subnode = -FDT_ERR_NOTFOUND; 1866 TEE_Result res = TEE_SUCCESS; 1867 int retval = 0; 1868 int len = 0; 1869 int i = 0; 1870 1871 /* Internal tampers configuration */ 1872 internal_tampers = fdt_getprop(fdt, node, "st,tamp-internal-tampers", 1873 &len); 1874 if (len == -FDT_ERR_NOTFOUND) 1875 goto skip_int_tamp; 1876 1877 if ((internal_tampers && len % (2 * sizeof(uint32_t))) || 1878 !internal_tampers || len / sizeof(uint32_t) > EXT_TAMP1 * 2) 1879 return TEE_ERROR_BAD_PARAMETERS; 1880 1881 retval = fdt_read_uint32_array(fdt, node, "st,tamp-internal-tampers", 1882 i_tampers, len / sizeof(uint32_t)); 1883 if (retval && retval != -FDT_ERR_NOTFOUND) 1884 return TEE_ERROR_BAD_PARAMETERS; 1885 1886 len = len / sizeof(uint32_t); 1887 for (i = 0; i < len; i += 2) { 1888 uint32_t i_tamper_id = i_tampers[i] - 1; 1889 uint32_t i_tamper_mode = i_tampers[i + 1]; 1890 1891 res = stm32_tamp_activate_tamp(i_tamper_id, i_tamper_mode, 1892 stm32_tamp_itamper_action); 1893 if (res) 1894 return res; 1895 } 1896 1897 skip_int_tamp: 1898 fdt_for_each_subnode(subnode, fdt, node) { 1899 unsigned int ext_tamp_id = 0; 1900 unsigned int out_tamp_id = 0; 1901 const fdt32_t *cuint = 0; 1902 unsigned int mode = 0; 1903 int lenp = 0; 1904 1905 if (!fdt_getprop(fdt, subnode, "tamper-gpios", NULL) || 1906 fdt_get_status(fdt, subnode) == DT_STATUS_DISABLED) 1907 continue; 1908 1909 cuint = fdt_getprop(fdt, subnode, "st,tamp-mode", NULL); 1910 if (!cuint) 1911 return TEE_ERROR_BAD_PARAMETERS; 1912 1913 mode = fdt32_to_cpu(*cuint); 1914 1915 cuint = fdt_getprop(fdt, subnode, "st,tamp-id", &lenp); 1916 if (!cuint) 1917 return TEE_ERROR_BAD_PARAMETERS; 1918 1919 ext_tamp_id = fdt32_to_cpu(*cuint); 1920 if (lenp > (int)sizeof(uint32_t)) 1921 out_tamp_id = fdt32_to_cpu(*(cuint + 1)); 1922 1923 res = stm32_tamp_configure_pin_from_dt(fdt, subnode, 1924 &stm32_tamp_dev->pdata, 1925 ext_tamp_id, 1926 out_tamp_id); 1927 if (res) 1928 return res; 1929 1930 res = stm32_tamp_activate_tamp(EXT_TAMP1 + ext_tamp_id - 1, 1931 mode, stm32_tamp_etamper_action); 1932 if (res) 1933 return res; 1934 } 1935 1936 if (stm32_tamp_set_config()) 1937 panic(); 1938 1939 /* Enable timestamp for tamper */ 1940 if (stm32_rtc_set_tamper_timestamp()) 1941 panic(); 1942 1943 return TEE_SUCCESS; 1944 } 1945 1946 static TEE_Result 1947 stm32_tamp_parse_active_conf(const void *fdt, int node, 1948 struct stm32_tamp_platdata *pdata) 1949 { 1950 const fdt32_t *cuint = NULL; 1951 uint32_t clk_div = 1; 1952 uint32_t conf = 0; 1953 1954 cuint = fdt_getprop(fdt, node, "st,tamp-active-filter", NULL); 1955 if (cuint) 1956 conf |= _TAMP_ATCR1_FLTEN; 1957 1958 /* 1959 * Here we will select a divisor for the RTCCLK. 1960 * Note that RTCCLK is also divided by (RTC_PRER_PREDIV_A - 1). 1961 */ 1962 cuint = fdt_getprop(fdt, node, "st,tamp-active-clk-div", NULL); 1963 if (cuint) 1964 clk_div = fdt32_to_cpu(*cuint); 1965 1966 DMSG("Active conf from dt: %s clk_div=%"PRIu32, 1967 (conf & _TAMP_ATCR1_FLTEN) ? "filter" : "no filter", clk_div); 1968 1969 switch (clk_div) { 1970 case 1: 1971 /* RTCCLK / 32768 (1 Hz when RTCCLK = 32768 Hz): stay 0 */ 1972 break; 1973 case 2: 1974 /* RTCCLK / 16384 (2 Hz when RTCCLK = 32768 Hz) */ 1975 conf |= SHIFT_U32(1, _TAMP_ATCR1_ATCKSEL_SHIFT); 1976 break; 1977 case 4: 1978 /* RTCCLK / 8192 (4 Hz when RTCCLK = 32768 Hz) */ 1979 conf |= SHIFT_U32(2, _TAMP_ATCR1_ATCKSEL_SHIFT); 1980 break; 1981 case 8: 1982 /* RTCCLK / 4096 (8 Hz when RTCCLK = 32768 Hz) */ 1983 conf |= SHIFT_U32(3, _TAMP_ATCR1_ATCKSEL_SHIFT); 1984 break; 1985 case 16: 1986 /* RTCCLK / 2048 (16 Hz when RTCCLK = 32768 Hz) */ 1987 conf |= SHIFT_U32(4, _TAMP_ATCR1_ATCKSEL_SHIFT); 1988 break; 1989 case 32: 1990 /* RTCCLK / 1024 (32 Hz when RTCCLK = 32768 Hz) */ 1991 conf |= SHIFT_U32(5, _TAMP_ATCR1_ATCKSEL_SHIFT); 1992 break; 1993 case 64: 1994 /* RTCCLK / 512 (64 Hz when RTCCLK = 32768 Hz) */ 1995 conf |= SHIFT_U32(6, _TAMP_ATCR1_ATCKSEL_SHIFT); 1996 break; 1997 case 128: 1998 /* RTCCLK / 256 (128 Hz when RTCCLK = 32768 Hz) */ 1999 conf |= SHIFT_U32(7, _TAMP_ATCR1_ATCKSEL_SHIFT); 2000 break; 2001 case 2048: 2002 if (pdata->compat && 2003 (pdata->compat->tags & TAMP_SIZE_ATCR1_ATCKSEL_IS_4)) { 2004 /* 2005 * RTCCLK/2048 when (PREDIV_A+1) = 128 and (PREDIV_S+1) 2006 * is a multiple of 16. 2007 */ 2008 conf |= SHIFT_U32(11, _TAMP_ATCR1_ATCKSEL_SHIFT); 2009 break; 2010 } 2011 2012 return TEE_ERROR_BAD_PARAMETERS; 2013 default: 2014 return TEE_ERROR_BAD_PARAMETERS; 2015 } 2016 2017 pdata->active_conf = conf; 2018 2019 return TEE_SUCCESS; 2020 } 2021 2022 static TEE_Result stm32_tamp_parse_fdt(const void *fdt, int node, 2023 const void *compat) 2024 { 2025 struct stm32_tamp_platdata *pdata = &stm32_tamp_dev->pdata; 2026 TEE_Result res = TEE_ERROR_GENERIC; 2027 size_t reg_size = 0; 2028 2029 pdata->compat = (struct stm32_tamp_compat *)compat; 2030 2031 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2032 res = stm32_rifsc_check_tdcid(&pdata->is_tdcid); 2033 if (res) 2034 return res; 2035 } 2036 2037 if (fdt_reg_info(fdt, node, &pdata->base.pa, ®_size)) 2038 panic(); 2039 2040 io_pa_or_va_secure(&pdata->base, reg_size); 2041 assert(pdata->base.va); 2042 2043 res = clk_dt_get_by_index(fdt, node, 0, &pdata->clock); 2044 if (res) 2045 return res; 2046 2047 res = stm32_tamp_parse_passive_conf(fdt, node, pdata); 2048 if (res) 2049 return res; 2050 2051 res = stm32_tamp_parse_active_conf(fdt, node, pdata); 2052 if (res) 2053 return res; 2054 2055 if (fdt_getprop(fdt, node, "wakeup-source", NULL)) 2056 pdata->is_wakeup_source = true; 2057 2058 parse_bkpregs_dt_conf(fdt, node); 2059 2060 if (pdata->compat->tags & TAMP_HAS_RIF_SUPPORT) { 2061 const fdt32_t *cuint = NULL; 2062 unsigned int i = 0; 2063 int lenp = 0; 2064 2065 cuint = fdt_getprop(fdt, node, "st,protreg", &lenp); 2066 if (!cuint) { 2067 DMSG("No RIF configuration available"); 2068 return TEE_SUCCESS; 2069 } 2070 2071 pdata->conf_data = calloc(1, sizeof(*pdata->conf_data)); 2072 if (!pdata->conf_data) 2073 panic(); 2074 2075 pdata->nb_rif_resources = (unsigned int)(lenp / 2076 sizeof(uint32_t)); 2077 assert(pdata->nb_rif_resources <= TAMP_RIF_RESOURCES); 2078 2079 pdata->conf_data->cid_confs = calloc(TAMP_RIF_RESOURCES, 2080 sizeof(uint32_t)); 2081 pdata->conf_data->sec_conf = calloc(1, sizeof(uint32_t)); 2082 pdata->conf_data->priv_conf = calloc(1, sizeof(uint32_t)); 2083 pdata->conf_data->access_mask = calloc(1, sizeof(uint32_t)); 2084 if (!pdata->conf_data->cid_confs || 2085 !pdata->conf_data->sec_conf || 2086 !pdata->conf_data->priv_conf || 2087 !pdata->conf_data->access_mask) 2088 panic("Not enough memory capacity for TAMP RIF config"); 2089 2090 for (i = 0; i < pdata->nb_rif_resources; i++) 2091 stm32_rif_parse_cfg(fdt32_to_cpu(cuint[i]), 2092 pdata->conf_data, 2093 TAMP_RIF_RESOURCES); 2094 } 2095 2096 return TEE_SUCCESS; 2097 } 2098 2099 static TEE_Result stm32_tamp_probe(const void *fdt, int node, 2100 const void *compat_data) 2101 { 2102 size_t it_num = DT_INFO_INVALID_INTERRUPT; 2103 uint32_t __maybe_unused revision = 0; 2104 struct itr_chip *chip = NULL; 2105 TEE_Result res = TEE_SUCCESS; 2106 vaddr_t base = 0; 2107 2108 /* Manage dependency on RNG driver */ 2109 res = dt_driver_get_crypto(); 2110 if (res) 2111 return res; 2112 2113 /* Manage dependency on RTC driver */ 2114 res = stm32_rtc_driver_is_initialized(); 2115 if (res) 2116 return res; 2117 2118 res = interrupt_dt_get_by_index(fdt, node, 0, &chip, &it_num); 2119 if (res) 2120 return res; 2121 2122 stm32_tamp_dev = calloc(1, sizeof(*stm32_tamp_dev)); 2123 if (!stm32_tamp_dev) 2124 return TEE_ERROR_OUT_OF_MEMORY; 2125 2126 res = stm32_tamp_parse_fdt(fdt, node, compat_data); 2127 if (res) 2128 goto err; 2129 2130 if (clk_enable(stm32_tamp_dev->pdata.clock)) 2131 panic(); 2132 2133 base = get_base(); 2134 2135 stm32_tamp_dev->hwconf1 = io_read32(base + _TAMP_HWCFGR1); 2136 stm32_tamp_dev->hwconf2 = io_read32(base + _TAMP_HWCFGR2); 2137 2138 revision = io_read32(base + _TAMP_VERR); 2139 FMSG("STM32 TAMPER V%"PRIx32".%"PRIu32, 2140 (revision & _TAMP_VERR_MAJREV) >> 4, revision & _TAMP_VERR_MINREV); 2141 2142 if (!(stm32_tamp_dev->hwconf2 & _TAMP_HWCFGR2_TZ)) { 2143 EMSG("TAMP doesn't support TrustZone"); 2144 res = TEE_ERROR_NOT_SUPPORTED; 2145 goto err_clk; 2146 } 2147 2148 if (stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) { 2149 apply_rif_config(); 2150 2151 if (stm32_tamp_dev->pdata.is_tdcid) { 2152 res = stm32_tamp_apply_bkpr_rif_conf(); 2153 if (res) 2154 goto err_clk; 2155 } 2156 } else { 2157 /* 2158 * Enforce secure only access to protected TAMP registers. 2159 * Allow non-secure access to monotonic counter. 2160 */ 2161 stm32_tamp_set_secure(_TAMP_SECCFGR_TAMPSEC); 2162 2163 /* 2164 * Enforce privilege only access to TAMP registers, backup 2165 * registers and monotonic counter. 2166 */ 2167 stm32_tamp_set_privilege(_TAMP_PRIVCFG_TAMPPRIV | 2168 _TAMP_PRIVCFG_BKPRWPRIV | 2169 _TAMP_PRIVCFG_BKPWPRIV); 2170 } 2171 2172 if (!(stm32_tamp_dev->pdata.compat->tags & TAMP_HAS_RIF_SUPPORT) || 2173 stm32_tamp_dev->pdata.is_tdcid) { 2174 res = stm32_tamp_set_secure_bkpregs(); 2175 if (res) 2176 goto err_clk; 2177 } 2178 2179 res = interrupt_create_handler(chip, it_num, stm32_tamp_it_handler, 2180 NULL, ITRF_TRIGGER_LEVEL, 2181 &stm32_tamp_dev->pdata.itr); 2182 if (res) 2183 goto err_clk; 2184 2185 if (stm32_tamp_dev->pdata.is_wakeup_source && 2186 interrupt_can_set_wake(chip)) { 2187 interrupt_set_wake(chip, it_num, true); 2188 DMSG("Tamper event wakeup capability enabled"); 2189 } 2190 2191 res = stm32_configure_tamp(fdt, node); 2192 if (res) 2193 goto err_clk; 2194 2195 stm32_tamp_set_pins(base, stm32_tamp_dev->pdata.pins_conf); 2196 2197 interrupt_enable(chip, it_num); 2198 2199 return TEE_SUCCESS; 2200 2201 err_clk: 2202 clk_disable(stm32_tamp_dev->pdata.clock); 2203 err: 2204 if (stm32_tamp_dev->pdata.conf_data) { 2205 free(stm32_tamp_dev->pdata.conf_data->cid_confs); 2206 free(stm32_tamp_dev->pdata.conf_data->sec_conf); 2207 free(stm32_tamp_dev->pdata.conf_data->priv_conf); 2208 free(stm32_tamp_dev->pdata.conf_data->access_mask); 2209 free(stm32_tamp_dev->pdata.conf_data); 2210 } 2211 2212 if (stm32_tamp_dev->pdata.itr) { 2213 interrupt_disable(chip, it_num); 2214 interrupt_remove_free_handler(stm32_tamp_dev->pdata.itr); 2215 } 2216 2217 free(stm32_tamp_dev->pdata.bkpregs_conf.rif_offsets); 2218 free(stm32_tamp_dev); 2219 2220 return res; 2221 } 2222 2223 static const struct stm32_tamp_compat mp13_compat = { 2224 .nb_monotonic_counter = 2, 2225 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2226 TAMP_HAS_REGISTER_ERCFGR | TAMP_HAS_REGISTER_CR3 | 2227 TAMP_HAS_REGISTER_ATCR2 | TAMP_HAS_CR2_SECRET_STATUS | 2228 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2229 #if defined(CFG_STM32MP13) 2230 .int_tamp = int_tamp_mp13, 2231 .int_tamp_size = ARRAY_SIZE(int_tamp_mp13), 2232 .ext_tamp = ext_tamp_mp13, 2233 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp13), 2234 .pin_map = pin_map_mp13, 2235 .pin_map_size = ARRAY_SIZE(pin_map_mp13), 2236 #endif 2237 }; 2238 2239 static const struct stm32_tamp_compat mp15_compat = { 2240 .nb_monotonic_counter = 1, 2241 .tags = 0, 2242 #if defined(CFG_STM32MP15) 2243 .int_tamp = int_tamp_mp15, 2244 .int_tamp_size = ARRAY_SIZE(int_tamp_mp15), 2245 .ext_tamp = ext_tamp_mp15, 2246 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp15), 2247 .pin_map = pin_map_mp15, 2248 .pin_map_size = ARRAY_SIZE(pin_map_mp15), 2249 #endif 2250 }; 2251 2252 static const struct stm32_tamp_compat mp21_compat = { 2253 .nb_monotonic_counter = 2, 2254 .tags = TAMP_HAS_REGISTER_SECCFGR | 2255 TAMP_HAS_REGISTER_PRIVCFGR | 2256 TAMP_HAS_RIF_SUPPORT | 2257 TAMP_HAS_REGISTER_ERCFGR | 2258 TAMP_HAS_REGISTER_CR3 | 2259 TAMP_HAS_REGISTER_ATCR2 | 2260 TAMP_HAS_CR2_SECRET_STATUS | 2261 TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2262 #if defined(CFG_STM32MP21) 2263 .int_tamp = int_tamp_mp21, 2264 .int_tamp_size = ARRAY_SIZE(int_tamp_mp21), 2265 .ext_tamp = ext_tamp_mp21, 2266 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp21), 2267 .pin_map = pin_map_mp21, 2268 .pin_map_size = ARRAY_SIZE(pin_map_mp21), 2269 #endif 2270 }; 2271 2272 static const struct stm32_tamp_compat mp25_compat = { 2273 .nb_monotonic_counter = 2, 2274 .tags = TAMP_HAS_REGISTER_SECCFGR | TAMP_HAS_REGISTER_PRIVCFGR | 2275 TAMP_HAS_RIF_SUPPORT | TAMP_HAS_REGISTER_ERCFGR | 2276 TAMP_HAS_REGISTER_CR3 | TAMP_HAS_REGISTER_ATCR2 | 2277 TAMP_HAS_CR2_SECRET_STATUS | TAMP_SIZE_ATCR1_ATCKSEL_IS_4, 2278 #if defined(CFG_STM32MP25) 2279 .int_tamp = int_tamp_mp25, 2280 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25), 2281 .ext_tamp = ext_tamp_mp25, 2282 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp25), 2283 .pin_map = pin_map_mp25, 2284 .pin_map_size = ARRAY_SIZE(pin_map_mp25), 2285 #endif 2286 }; 2287 2288 static const struct stm32_tamp_compat mp23_compat = { 2289 .nb_monotonic_counter = 2, 2290 .tags = TAMP_HAS_REGISTER_SECCFGR | 2291 TAMP_HAS_REGISTER_PRIVCFGR | 2292 TAMP_HAS_RIF_SUPPORT | 2293 TAMP_HAS_REGISTER_ERCFGR | 2294 TAMP_HAS_REGISTER_CR3 | 2295 TAMP_HAS_REGISTER_ATCR2 | 2296 TAMP_HAS_CR2_SECRET_STATUS, 2297 #if defined(CFG_STM32MP23) 2298 .int_tamp = int_tamp_mp25, 2299 .int_tamp_size = ARRAY_SIZE(int_tamp_mp25), 2300 .ext_tamp = ext_tamp_mp23, 2301 .ext_tamp_size = ARRAY_SIZE(ext_tamp_mp23), 2302 .pin_map = pin_map_mp25, 2303 .pin_map_size = ARRAY_SIZE(pin_map_mp25), 2304 #endif 2305 }; 2306 2307 static const struct dt_device_match stm32_tamp_match_table[] = { 2308 { .compatible = "st,stm32mp25-tamp", .compat_data = &mp25_compat }, 2309 { .compatible = "st,stm32mp23-tamp", .compat_data = &mp23_compat }, 2310 { .compatible = "st,stm32mp21-tamp", .compat_data = &mp21_compat }, 2311 { .compatible = "st,stm32mp13-tamp", .compat_data = &mp13_compat }, 2312 { .compatible = "st,stm32-tamp", .compat_data = &mp15_compat }, 2313 { } 2314 }; 2315 2316 DEFINE_DT_DRIVER(stm32_tamp_dt_driver) = { 2317 .name = "stm32-tamp", 2318 .match_table = stm32_tamp_match_table, 2319 .probe = stm32_tamp_probe, 2320 }; 2321