1 /*
2 * Copyright (c) 2023-2025, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <cdefs.h>
9 #include <errno.h>
10 #include <stdint.h>
11
12 #include <common/debug.h>
13 #include <common/desc_image_load.h>
14 #include <drivers/clk.h>
15 #include <drivers/mmc.h>
16 #include <drivers/st/regulator_fixed.h>
17 #include <drivers/st/stm32_rifsc.h>
18 #include <drivers/st/stm32_rng.h>
19 #include <drivers/st/stm32mp2_ddr_helpers.h>
20 #include <drivers/st/stm32mp2_ram.h>
21 #include <drivers/st/stm32mp2_risaf.h>
22 #include <drivers/st/stm32mp_pmic2.h>
23 #include <drivers/st/stm32mp_risab_regs.h>
24 #include <lib/fconf/fconf.h>
25 #include <lib/fconf/fconf_dyn_cfg_getter.h>
26 #include <lib/mmio.h>
27 #include <lib/optee_utils.h>
28 #include <lib/xlat_tables/xlat_tables_v2.h>
29 #include <plat/common/platform.h>
30
31 #include <platform_def.h>
32 #include <stm32mp_common.h>
33 #include <stm32mp_dt.h>
34
35 #define BOOT_CTX_ADDR 0x0e000020UL
36
print_reset_reason(void)37 static void print_reset_reason(void)
38 {
39 uint32_t rstsr = mmio_read_32(stm32mp_rcc_base() + RCC_C1BOOTRSTSCLRR);
40 const char *reason_str = "Unidentified";
41
42 #if !STM32MP21
43 if ((rstsr & RCC_C1BOOTRSTSCLRR_C1P1RSTF) != 0U) {
44 INFO("CA35 processor core 1 reset\n");
45 }
46 #endif /* !STM32MP21 */
47
48 if ((rstsr & RCC_C1BOOTRSTSCLRR_PADRSTF) == 0U) {
49 if ((rstsr & RCC_C1BOOTRSTSCLRR_STBYC1RSTF) != 0U) {
50 reason_str = "System exits from Standby for CA35";
51 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_D1STBYRSTF) != 0U) {
52 reason_str = "D1 domain exits from DStandby";
53 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_VCPURSTF) != 0U) {
54 reason_str = "System reset from VCPU monitor";
55 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_C1RSTF) != 0U) {
56 reason_str = "CA35 reset by CM33 (C1RST)";
57 } else {
58 reason_str = "Unidentified";
59 }
60 } else {
61 if ((rstsr & RCC_C1BOOTRSTSCLRR_PORRSTF) != 0U) {
62 reason_str = "Power-on reset (por_rstn)";
63 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_BORRSTF) != 0U) {
64 reason_str = "Brownout reset (bor_rstn)";
65 } else if ((rstsr & (RCC_C1BOOTRSTSSETR_SYSC2RSTF |
66 RCC_C1BOOTRSTSSETR_SYSC1RSTF)) != 0U) {
67 reason_str = "System reset (SYSRST)";
68 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_HCSSRSTF) != 0U) {
69 reason_str = "Clock failure on HSE";
70 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_IWDGXSYSRSTF) != 0U) {
71 reason_str = "IWDG system reset (iwdgX_out_rst)";
72 } else if ((rstsr & RCC_C1BOOTRSTSCLRR_PADRSTF) != 0U) {
73 reason_str = "Pin reset from NRST";
74 } else {
75 reason_str = "Unidentified";
76 }
77 }
78
79 INFO("Reset reason: %s (0x%x)\n", reason_str, rstsr);
80 }
81
bl2_el3_early_platform_setup(u_register_t arg0 __unused,u_register_t arg1 __unused,u_register_t arg2 __unused,u_register_t arg3 __unused)82 void bl2_el3_early_platform_setup(u_register_t arg0 __unused,
83 u_register_t arg1 __unused,
84 u_register_t arg2 __unused,
85 u_register_t arg3 __unused)
86 {
87 stm32mp_save_boot_ctx_address(BOOT_CTX_ADDR);
88 }
89
bl2_platform_setup(void)90 void bl2_platform_setup(void)
91 {
92 int ret;
93
94 ret = stm32mp2_ddr_probe();
95 if (ret != 0) {
96 ERROR("DDR probe: error %d\n", ret);
97 panic();
98 }
99
100 if (stm32mp2_risaf_init() < 0) {
101 panic();
102 }
103
104 /* Map DDR for binary load, now with cacheable attribute */
105 ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
106 STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
107 if (ret < 0) {
108 ERROR("DDR mapping: error %d\n", ret);
109 panic();
110 }
111 }
112
reset_backup_domain(void)113 static void reset_backup_domain(void)
114 {
115 uintptr_t pwr_base = stm32mp_pwr_base();
116 uintptr_t rcc_base = stm32mp_rcc_base();
117
118 /*
119 * Disable the backup domain write protection.
120 * The protection is enable at each reset by hardware
121 * and must be disabled by software.
122 */
123 #if STM32MP21
124 mmio_setbits_32(pwr_base + PWR_BDCR, PWR_BDCR_DBP);
125
126 while ((mmio_read_32(pwr_base + PWR_BDCR) & PWR_BDCR_DBP) == 0U) {
127 ;
128 }
129 #else /* STM32MP21 */
130 mmio_setbits_32(pwr_base + PWR_BDCR1, PWR_BDCR1_DBD3P);
131
132 while ((mmio_read_32(pwr_base + PWR_BDCR1) & PWR_BDCR1_DBD3P) == 0U) {
133 ;
134 }
135 #endif /* STM32MP21 */
136
137 /* Reset backup domain on cold boot cases */
138 if ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_RTCCKEN) == 0U) {
139 mmio_setbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
140
141 while ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_VSWRST) == 0U) {
142 ;
143 }
144
145 mmio_clrbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
146 }
147 }
148
bl2_el3_plat_arch_setup(void)149 void bl2_el3_plat_arch_setup(void)
150 {
151 const char *board_model;
152 boot_api_context_t *boot_context =
153 (boot_api_context_t *)stm32mp_get_boot_ctx_address();
154
155 if (stm32_otp_probe() != 0U) {
156 EARLY_ERROR("OTP probe failed\n");
157 panic();
158 }
159
160 mmap_add_region(BL_CODE_BASE, BL_CODE_BASE,
161 BL_CODE_END - BL_CODE_BASE,
162 MT_CODE | MT_SECURE);
163
164 configure_mmu();
165
166 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) {
167 panic();
168 }
169
170 reset_backup_domain();
171
172 /*
173 * Initialize DDR sub-system clock. This needs to be done before enabling DDR PLL (PLL2),
174 * and so before stm32mp2_clk_init().
175 */
176 ddr_sub_system_clk_init();
177
178 if (stm32mp2_clk_init() < 0) {
179 panic();
180 }
181
182 #if STM32MP_DDR_FIP_IO_STORAGE
183 /*
184 * RISAB3 setup (dedicated for SRAM1)
185 *
186 * Allow secure read/writes data accesses to non-secure
187 * blocks or pages, all RISAB registers are writable.
188 * DDR firmwares are saved there before being loaded in DDRPHY memory.
189 */
190 mmio_write_32(RISAB3_BASE + RISAB_CR, RISAB_CR_SRWIAD);
191 #endif
192
193 stm32_save_boot_info(boot_context);
194
195 if (stm32mp_uart_console_setup() != 0) {
196 goto skip_console_init;
197 }
198
199 stm32mp_print_cpuinfo();
200
201 board_model = dt_get_board_model();
202 if (board_model != NULL) {
203 NOTICE("Model: %s\n", board_model);
204 }
205
206 stm32mp_print_boardinfo();
207
208 print_reset_reason();
209
210 skip_console_init:
211 if (stm32_rng_init() != 0) {
212 panic();
213 }
214
215 if (fixed_regulator_register() != 0) {
216 panic();
217 }
218
219 if (dt_pmic_status() > 0) {
220 initialize_pmic();
221 }
222
223 fconf_populate("TB_FW", STM32MP_DTB_BASE);
224
225 #if STM32MP_USB_PROGRAMMER
226 stm32_rifsc_ip_configure(STM32MP2_RIMU_USB3DR, STM32MP25_RIFSC_USB3DR_ID,
227 RIFSC_USB_BOOT_USB3DR_RIMC_CONF);
228 #endif /* STM32MP_USB_PROGRAMMER */
229
230 /*
231 * RISAB5 setup (dedicated for RETRAM)
232 *
233 * Allow secure read/writes data accesses to non-secure
234 * blocks or pages, all RISAB registers are writable.
235 * DDR retention registers are saved there and restored
236 * when exiting standby low power state.
237 */
238 mmio_write_32(RISAB5_BASE + RISAB_CR, RISAB_CR_SRWIAD);
239
240 stm32mp_io_setup();
241 }
242
prepare_encryption(void)243 static void prepare_encryption(void)
244 {
245 uint8_t mkey[RISAF_KEY_SIZE_IN_BYTES];
246
247 /* Generate RISAF encryption key from RNG */
248 if (stm32_rng_read(mkey, RISAF_KEY_SIZE_IN_BYTES) != 0) {
249 panic();
250 }
251
252 if (stm32mp2_risaf_write_encryption_key(RISAF4_INST, mkey) != 0) {
253 panic();
254 }
255 }
256
257 /*******************************************************************************
258 * This function can be used by the platforms to update/use image
259 * information for given `image_id`.
260 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)261 int bl2_plat_handle_post_image_load(unsigned int image_id)
262 {
263 int err = 0;
264 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
265 bl_mem_params_node_t *pager_mem_params;
266 const struct dyn_cfg_dtb_info_t *config_info;
267 unsigned int i;
268 const unsigned int image_ids[] = {
269 BL31_IMAGE_ID,
270 SOC_FW_CONFIG_ID,
271 BL32_IMAGE_ID,
272 BL33_IMAGE_ID,
273 HW_CONFIG_ID,
274 };
275
276 assert(bl_mem_params != NULL);
277
278 #if STM32MP_SDMMC || STM32MP_EMMC
279 /*
280 * Invalidate remaining data read from MMC but not flushed by load_image_flush().
281 * We take the worst case which is 2 MMC blocks.
282 */
283 if ((image_id != FW_CONFIG_ID) &&
284 ((bl_mem_params->image_info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U)) {
285 inv_dcache_range(bl_mem_params->image_info.image_base +
286 bl_mem_params->image_info.image_size,
287 2U * MMC_BLOCK_SIZE);
288 }
289 #endif /* STM32MP_SDMMC || STM32MP_EMMC */
290
291 switch (image_id) {
292 case FW_CONFIG_ID:
293 if ((stm32mp_check_closed_device() == STM32MP_CHIP_SEC_CLOSED) ||
294 stm32mp_is_auth_supported()) {
295 prepare_encryption();
296 }
297
298 /* Set global DTB info for fixed fw_config information */
299 set_config_info(STM32MP_FW_CONFIG_BASE, ~0UL, STM32MP_FW_CONFIG_MAX_SIZE,
300 FW_CONFIG_ID);
301 fconf_populate("FW_CONFIG", STM32MP_FW_CONFIG_BASE);
302
303 /* Iterate through all the fw config IDs */
304 for (i = 0U; i < ARRAY_SIZE(image_ids); i++) {
305 bl_mem_params = get_bl_mem_params_node(image_ids[i]);
306 assert(bl_mem_params != NULL);
307
308 config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_ids[i]);
309 if (config_info == NULL) {
310 continue;
311 }
312
313 bl_mem_params->image_info.image_base = config_info->config_addr;
314 bl_mem_params->image_info.image_max_size = config_info->config_max_size;
315
316 bl_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
317
318 switch (image_ids[i]) {
319 case BL31_IMAGE_ID:
320 bl_mem_params->ep_info.pc = config_info->config_addr;
321 break;
322
323 case BL32_IMAGE_ID:
324 bl_mem_params->ep_info.pc = config_info->config_addr;
325
326 /* In case of OPTEE, initialize address space with tos_fw addr */
327 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
328 if (pager_mem_params != NULL) {
329 pager_mem_params->image_info.image_base =
330 config_info->config_addr;
331 pager_mem_params->image_info.image_max_size =
332 config_info->config_max_size;
333 }
334 break;
335
336 case BL33_IMAGE_ID:
337 bl_mem_params->ep_info.pc = config_info->config_addr;
338 break;
339
340 case HW_CONFIG_ID:
341 case SOC_FW_CONFIG_ID:
342 break;
343
344 default:
345 return -EINVAL;
346 }
347 }
348
349 /*
350 * After this step, the BL2 device tree area will be overwritten
351 * with BL31 binary, no other data should be read from BL2 DT.
352 */
353
354 break;
355
356 case BL32_IMAGE_ID:
357 if ((bl_mem_params->image_info.image_base != 0UL) &&
358 (optee_header_is_valid(bl_mem_params->image_info.image_base))) {
359 /* BL32 is OP-TEE header */
360 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
361 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
362 assert(pager_mem_params != NULL);
363
364 err = parse_optee_header(&bl_mem_params->ep_info,
365 &pager_mem_params->image_info,
366 NULL);
367 if (err != 0) {
368 ERROR("OPTEE header parse error.\n");
369 panic();
370 }
371
372 /* Set optee boot info from parsed header data */
373 bl_mem_params->ep_info.args.arg0 = 0U; /* Unused */
374 bl_mem_params->ep_info.args.arg1 = 0U; /* Unused */
375 bl_mem_params->ep_info.args.arg2 = 0U; /* No DT supported */
376 }
377 break;
378
379 case BL33_IMAGE_ID:
380 #if PSA_FWU_SUPPORT
381 stm32_fwu_set_boot_idx();
382 #endif /* PSA_FWU_SUPPORT */
383 break;
384
385 default:
386 /* Do nothing in default case */
387 break;
388 }
389
390 return err;
391 }
392