1 /*
2 * Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <string.h>
10
11 #include <arch_helpers.h>
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <common/desc_image_load.h>
15 #include <drivers/generic_delay_timer.h>
16 #include <drivers/mmc.h>
17 #include <drivers/st/bsec.h>
18 #include <drivers/st/regulator_fixed.h>
19 #include <drivers/st/stm32_iwdg.h>
20 #if STM32MP13
21 #include <drivers/st/stm32_mce.h>
22 #endif
23 #include <drivers/st/stm32_rng.h>
24 #include <drivers/st/stm32_uart.h>
25 #include <drivers/st/stm32mp1_clk.h>
26 #include <drivers/st/stm32mp1_pwr.h>
27 #include <drivers/st/stm32mp1_ram.h>
28 #include <drivers/st/stm32mp_pmic.h>
29 #include <lib/fconf/fconf.h>
30 #include <lib/fconf/fconf_dyn_cfg_getter.h>
31 #include <lib/mmio.h>
32 #include <lib/optee_utils.h>
33 #include <lib/xlat_tables/xlat_tables_v2.h>
34 #include <plat/common/platform.h>
35
36 #include <platform_def.h>
37 #include <stm32mp_common.h>
38 #include <stm32mp1_dbgmcu.h>
39
40 #if DEBUG
41 static const char debug_msg[] = {
42 "***************************************************\n"
43 "** DEBUG ACCESS PORT IS OPEN! **\n"
44 "** This boot image is only for debugging purpose **\n"
45 "** and is unsafe for production use. **\n"
46 "** **\n"
47 "** If you see this message and you are not **\n"
48 "** debugging report this immediately to your **\n"
49 "** vendor! **\n"
50 "***************************************************\n"
51 };
52 #endif
53
print_reset_reason(void)54 static void print_reset_reason(void)
55 {
56 uint32_t rstsr = mmio_read_32(stm32mp_rcc_base() + RCC_MP_RSTSCLRR);
57
58 if (rstsr == 0U) {
59 WARN("Reset reason unknown\n");
60 return;
61 }
62
63 INFO("Reset reason (0x%x):\n", rstsr);
64
65 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) == 0U) {
66 if ((rstsr & RCC_MP_RSTSCLRR_STDBYRSTF) != 0U) {
67 INFO("System exits from STANDBY\n");
68 return;
69 }
70
71 if ((rstsr & RCC_MP_RSTSCLRR_CSTDBYRSTF) != 0U) {
72 INFO("MPU exits from CSTANDBY\n");
73 return;
74 }
75 }
76
77 if ((rstsr & RCC_MP_RSTSCLRR_PORRSTF) != 0U) {
78 INFO(" Power-on Reset (rst_por)\n");
79 return;
80 }
81
82 if ((rstsr & RCC_MP_RSTSCLRR_BORRSTF) != 0U) {
83 INFO(" Brownout Reset (rst_bor)\n");
84 return;
85 }
86
87 #if STM32MP15
88 if ((rstsr & RCC_MP_RSTSCLRR_MCSYSRSTF) != 0U) {
89 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
90 INFO(" System reset generated by MCU (MCSYSRST)\n");
91 } else {
92 INFO(" Local reset generated by MCU (MCSYSRST)\n");
93 }
94 return;
95 }
96 #endif
97
98 if ((rstsr & RCC_MP_RSTSCLRR_MPSYSRSTF) != 0U) {
99 INFO(" System reset generated by MPU (MPSYSRST)\n");
100 return;
101 }
102
103 if ((rstsr & RCC_MP_RSTSCLRR_HCSSRSTF) != 0U) {
104 INFO(" Reset due to a clock failure on HSE\n");
105 return;
106 }
107
108 if ((rstsr & RCC_MP_RSTSCLRR_IWDG1RSTF) != 0U) {
109 INFO(" IWDG1 Reset (rst_iwdg1)\n");
110 return;
111 }
112
113 if ((rstsr & RCC_MP_RSTSCLRR_IWDG2RSTF) != 0U) {
114 INFO(" IWDG2 Reset (rst_iwdg2)\n");
115 return;
116 }
117
118 if ((rstsr & RCC_MP_RSTSCLRR_MPUP0RSTF) != 0U) {
119 INFO(" MPU Processor 0 Reset\n");
120 return;
121 }
122
123 #if STM32MP15
124 if ((rstsr & RCC_MP_RSTSCLRR_MPUP1RSTF) != 0U) {
125 INFO(" MPU Processor 1 Reset\n");
126 return;
127 }
128 #endif
129
130 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
131 INFO(" Pad Reset from NRST\n");
132 return;
133 }
134
135 if ((rstsr & RCC_MP_RSTSCLRR_VCORERSTF) != 0U) {
136 INFO(" Reset due to a failure of VDD_CORE\n");
137 return;
138 }
139
140 ERROR(" Unidentified reset reason\n");
141 }
142
bl2_el3_early_platform_setup(u_register_t arg0,u_register_t arg1 __unused,u_register_t arg2 __unused,u_register_t arg3 __unused)143 void bl2_el3_early_platform_setup(u_register_t arg0,
144 u_register_t arg1 __unused,
145 u_register_t arg2 __unused,
146 u_register_t arg3 __unused)
147 {
148 stm32mp_save_boot_ctx_address(arg0);
149 }
150
bl2_platform_setup(void)151 void bl2_platform_setup(void)
152 {
153 int ret;
154
155 ret = stm32mp1_ddr_probe();
156 if (ret < 0) {
157 ERROR("Invalid DDR init: error %d\n", ret);
158 panic();
159 }
160
161 /* Map DDR for binary load, now with cacheable attribute */
162 ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
163 STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
164 if (ret < 0) {
165 ERROR("DDR mapping: error %d\n", ret);
166 panic();
167 }
168 }
169
170 #if STM32MP15
update_monotonic_counter(void)171 static void update_monotonic_counter(void)
172 {
173 uint32_t version;
174 uint32_t otp;
175
176 CASSERT(STM32_TF_VERSION <= MAX_MONOTONIC_VALUE,
177 assert_stm32mp1_monotonic_counter_reach_max);
178
179 /* Check if monotonic counter needs to be incremented */
180 if (stm32_get_otp_index(MONOTONIC_OTP, &otp, NULL) != 0) {
181 panic();
182 }
183
184 if (stm32_get_otp_value_from_idx(otp, &version) != 0) {
185 panic();
186 }
187
188 if ((version + 1U) < BIT(STM32_TF_VERSION)) {
189 uint32_t result;
190
191 /* Need to increment the monotonic counter. */
192 version = BIT(STM32_TF_VERSION) - 1U;
193
194 result = bsec_program_otp(version, otp);
195 if (result != BSEC_OK) {
196 ERROR("BSEC: MONOTONIC_OTP program Error %u\n",
197 result);
198 panic();
199 }
200 INFO("Monotonic counter has been incremented (value 0x%x)\n",
201 version);
202 }
203 }
204 #endif
205
bl2_el3_plat_arch_setup(void)206 void bl2_el3_plat_arch_setup(void)
207 {
208 const char *board_model;
209 boot_api_context_t *boot_context =
210 (boot_api_context_t *)stm32mp_get_boot_ctx_address();
211 uintptr_t pwr_base;
212 uintptr_t rcc_base;
213
214 if (bsec_probe() != 0U) {
215 panic();
216 }
217
218 mmap_add_region(BL_CODE_BASE, BL_CODE_BASE,
219 BL_CODE_END - BL_CODE_BASE,
220 MT_CODE | MT_SECURE);
221
222 /* Prevent corruption of preloaded Device Tree */
223 mmap_add_region(DTB_BASE, DTB_BASE,
224 DTB_LIMIT - DTB_BASE,
225 MT_RO_DATA | MT_SECURE);
226
227 configure_mmu();
228
229 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) {
230 panic();
231 }
232
233 pwr_base = stm32mp_pwr_base();
234 rcc_base = stm32mp_rcc_base();
235
236 /*
237 * Disable the backup domain write protection.
238 * The protection is enable at each reset by hardware
239 * and must be disabled by software.
240 */
241 mmio_setbits_32(pwr_base + PWR_CR1, PWR_CR1_DBP);
242
243 while ((mmio_read_32(pwr_base + PWR_CR1) & PWR_CR1_DBP) == 0U) {
244 ;
245 }
246
247 /* Reset backup domain on cold boot cases */
248 if ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_RTCSRC_MASK) == 0U) {
249 mmio_setbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
250
251 while ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_VSWRST) ==
252 0U) {
253 ;
254 }
255
256 mmio_clrbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
257 }
258
259 /*
260 * Set minimum reset pulse duration to 31ms for discrete power
261 * supplied boards.
262 */
263 if (dt_pmic_status() <= 0) {
264 mmio_clrsetbits_32(rcc_base + RCC_RDLSICR,
265 RCC_RDLSICR_MRD_MASK,
266 31U << RCC_RDLSICR_MRD_SHIFT);
267 }
268
269 generic_delay_timer_init();
270
271 #if STM32MP_UART_PROGRAMMER
272 /* Disable programmer UART before changing clock tree */
273 if (boot_context->boot_interface_selected ==
274 BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) {
275 uintptr_t uart_prog_addr =
276 get_uart_address(boot_context->boot_interface_instance);
277
278 stm32_uart_stop(uart_prog_addr);
279 }
280 #endif
281 if (stm32mp1_clk_probe() < 0) {
282 panic();
283 }
284
285 if (stm32mp1_clk_init() < 0) {
286 panic();
287 }
288
289 stm32_save_boot_info(boot_context);
290
291 #if STM32MP_USB_PROGRAMMER && STM32MP15
292 /* Deconfigure all UART RX pins configured by ROM code */
293 stm32mp1_deconfigure_uart_pins();
294 #endif
295
296 if (stm32mp_uart_console_setup() != 0) {
297 goto skip_console_init;
298 }
299
300 stm32mp_print_cpuinfo();
301
302 board_model = dt_get_board_model();
303 if (board_model != NULL) {
304 NOTICE("Model: %s\n", board_model);
305 }
306
307 stm32mp_print_boardinfo();
308
309 if (boot_context->auth_status != BOOT_API_CTX_AUTH_NO) {
310 NOTICE("Bootrom authentication %s\n",
311 (boot_context->auth_status == BOOT_API_CTX_AUTH_FAILED) ?
312 "failed" : "succeeded");
313 }
314
315 skip_console_init:
316 #if !TRUSTED_BOARD_BOOT
317 if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
318 /* Closed chip mandates authentication */
319 ERROR("Secure chip: TRUSTED_BOARD_BOOT must be enabled\n");
320 panic();
321 }
322 #endif
323
324 if (fixed_regulator_register() != 0) {
325 panic();
326 }
327
328 if (dt_pmic_status() > 0) {
329 initialize_pmic();
330 if (pmic_voltages_init() != 0) {
331 ERROR("PMIC voltages init failed\n");
332 panic();
333 }
334 print_pmic_info_and_debug();
335 }
336
337 stm32mp_syscfg_init();
338
339 if (stm32_iwdg_init() < 0) {
340 panic();
341 }
342
343 stm32_iwdg_refresh();
344
345 if (bsec_read_debug_conf() != 0U) {
346 if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
347 #if DEBUG
348 WARN("\n%s", debug_msg);
349 #else
350 ERROR("***Debug opened on closed chip***\n");
351 #endif
352 }
353 }
354
355 #if STM32MP13
356 if (stm32_rng_init() != 0) {
357 panic();
358 }
359 #endif
360
361 stm32mp1_arch_security_setup();
362
363 print_reset_reason();
364
365 #if STM32MP15
366 if (stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) {
367 update_monotonic_counter();
368 }
369 #endif
370
371 stm32mp_syscfg_enable_io_compensation_finish();
372
373 fconf_populate("TB_FW", STM32MP_DTB_BASE);
374
375 stm32mp_io_setup();
376 }
377
378 #if STM32MP13
prepare_encryption(void)379 static void prepare_encryption(void)
380 {
381 uint8_t mkey[MCE_KEY_SIZE_IN_BYTES];
382
383 stm32_mce_init();
384
385 /* Generate MCE master key from RNG */
386 if (stm32_rng_read(mkey, MCE_KEY_SIZE_IN_BYTES) != 0) {
387 panic();
388 }
389
390 if (stm32_mce_write_master_key(mkey) != 0) {
391 panic();
392 }
393
394 stm32_mce_lock_master_key();
395 }
396 #endif
397
398 /*******************************************************************************
399 * This function can be used by the platforms to update/use image
400 * information for given `image_id`.
401 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)402 int bl2_plat_handle_post_image_load(unsigned int image_id)
403 {
404 int err = 0;
405 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
406 bl_mem_params_node_t *bl32_mem_params;
407 bl_mem_params_node_t *pager_mem_params __unused;
408 bl_mem_params_node_t *paged_mem_params __unused;
409 const struct dyn_cfg_dtb_info_t *config_info;
410 bl_mem_params_node_t *tos_fw_mem_params;
411 unsigned int i;
412 unsigned int idx;
413 unsigned long long ddr_top __unused;
414 const unsigned int image_ids[] = {
415 BL32_IMAGE_ID,
416 BL33_IMAGE_ID,
417 HW_CONFIG_ID,
418 TOS_FW_CONFIG_ID,
419 };
420
421 assert(bl_mem_params != NULL);
422
423 switch (image_id) {
424 case FW_CONFIG_ID:
425 #if STM32MP13
426 if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) ||
427 stm32mp_is_auth_supported()) {
428 prepare_encryption();
429 }
430 #endif
431 /* Set global DTB info for fixed fw_config information */
432 set_config_info(STM32MP_FW_CONFIG_BASE, ~0UL, STM32MP_FW_CONFIG_MAX_SIZE,
433 FW_CONFIG_ID);
434 fconf_populate("FW_CONFIG", STM32MP_FW_CONFIG_BASE);
435
436 idx = dyn_cfg_dtb_info_get_index(TOS_FW_CONFIG_ID);
437
438 /* Iterate through all the fw config IDs */
439 for (i = 0U; i < ARRAY_SIZE(image_ids); i++) {
440 if ((image_ids[i] == TOS_FW_CONFIG_ID) && (idx == FCONF_INVALID_IDX)) {
441 continue;
442 }
443
444 bl_mem_params = get_bl_mem_params_node(image_ids[i]);
445 assert(bl_mem_params != NULL);
446
447 config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_ids[i]);
448 if (config_info == NULL) {
449 continue;
450 }
451
452 bl_mem_params->image_info.image_base = config_info->config_addr;
453 bl_mem_params->image_info.image_max_size = config_info->config_max_size;
454
455 bl_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
456
457 switch (image_ids[i]) {
458 case BL32_IMAGE_ID:
459 bl_mem_params->ep_info.pc = config_info->config_addr;
460
461 /* In case of OPTEE, initialize address space with tos_fw addr */
462 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
463 assert(pager_mem_params != NULL);
464 pager_mem_params->image_info.image_base = config_info->config_addr;
465 pager_mem_params->image_info.image_max_size =
466 config_info->config_max_size;
467
468 /* Init base and size for pager if exist */
469 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
470 if (paged_mem_params != NULL) {
471 paged_mem_params->image_info.image_base = STM32MP_DDR_BASE +
472 (dt_get_ddr_size() - STM32MP_DDR_S_SIZE);
473 paged_mem_params->image_info.image_max_size =
474 STM32MP_DDR_S_SIZE;
475 }
476 break;
477
478 case BL33_IMAGE_ID:
479 bl_mem_params->ep_info.pc = config_info->config_addr;
480 break;
481
482 case HW_CONFIG_ID:
483 case TOS_FW_CONFIG_ID:
484 break;
485
486 default:
487 return -EINVAL;
488 }
489 }
490 break;
491
492 case BL32_IMAGE_ID:
493 if ((bl_mem_params->image_info.image_base != 0UL) &&
494 (optee_header_is_valid(bl_mem_params->image_info.image_base))) {
495 image_info_t *paged_image_info = NULL;
496
497 /* BL32 is OP-TEE header */
498 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
499 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
500 assert(pager_mem_params != NULL);
501
502 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
503 if (paged_mem_params != NULL) {
504 paged_image_info = &paged_mem_params->image_info;
505 }
506
507 err = parse_optee_header(&bl_mem_params->ep_info,
508 &pager_mem_params->image_info,
509 paged_image_info);
510 if (err != 0) {
511 ERROR("OPTEE header parse error.\n");
512 panic();
513 }
514
515 /* Set optee boot info from parsed header data */
516 if (paged_mem_params != NULL) {
517 bl_mem_params->ep_info.args.arg0 =
518 paged_mem_params->image_info.image_base;
519 } else {
520 bl_mem_params->ep_info.args.arg0 = 0U;
521 }
522
523 bl_mem_params->ep_info.args.arg1 = 0U; /* Unused */
524 bl_mem_params->ep_info.args.arg2 = 0U; /* No DT supported */
525 } else {
526 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
527 tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
528 assert(tos_fw_mem_params != NULL);
529 bl_mem_params->image_info.image_max_size +=
530 tos_fw_mem_params->image_info.image_max_size;
531 bl_mem_params->ep_info.args.arg0 = 0;
532 }
533 break;
534
535 case BL33_IMAGE_ID:
536 bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
537 assert(bl32_mem_params != NULL);
538 bl32_mem_params->ep_info.lr_svc = bl_mem_params->ep_info.pc;
539 #if PSA_FWU_SUPPORT
540 stm32_fwu_set_boot_idx();
541 #endif /* PSA_FWU_SUPPORT */
542 break;
543
544 default:
545 /* Do nothing in default case */
546 break;
547 }
548
549 #if STM32MP_SDMMC || STM32MP_EMMC
550 /*
551 * Invalidate remaining data read from MMC but not flushed by load_image_flush().
552 * We take the worst case which is 2 MMC blocks.
553 */
554 if ((image_id != FW_CONFIG_ID) &&
555 ((bl_mem_params->image_info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U)) {
556 inv_dcache_range(bl_mem_params->image_info.image_base +
557 bl_mem_params->image_info.image_size,
558 2U * MMC_BLOCK_SIZE);
559 }
560 #endif /* STM32MP_SDMMC || STM32MP_EMMC */
561
562 return err;
563 }
564
bl2_el3_plat_prepare_exit(void)565 void bl2_el3_plat_prepare_exit(void)
566 {
567 #if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
568 uint16_t boot_itf = stm32mp_get_boot_itf_selected();
569
570 if ((boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) ||
571 (boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB)) {
572 /* Invalidate the downloaded buffer used with io_memmap */
573 inv_dcache_range(DWL_BUFFER_BASE, DWL_BUFFER_SIZE);
574 }
575 #endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
576
577 stm32mp1_security_setup();
578 }
579