1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2017-2022, STMicroelectronics
4 * Copyright (c) 2016-2018, Linaro Limited
5 */
6
7 #include <boot_api.h>
8 #include <config.h>
9 #include <console.h>
10 #include <drivers/gic.h>
11 #include <drivers/stm32_etzpc.h>
12 #include <drivers/stm32_iwdg.h>
13 #include <drivers/stm32_tamp.h>
14 #include <drivers/stm32_uart.h>
15 #include <drivers/stm32mp1_etzpc.h>
16 #include <drivers/stm32mp_dt_bindings.h>
17 #include <io.h>
18 #include <kernel/boot.h>
19 #include <kernel/dt.h>
20 #include <kernel/interrupt.h>
21 #include <kernel/misc.h>
22 #include <kernel/panic.h>
23 #include <kernel/spinlock.h>
24 #include <mm/core_memprot.h>
25 #include <platform_config.h>
26 #include <sm/psci.h>
27 #include <stm32_util.h>
28 #include <string.h>
29 #include <trace.h>
30
31 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB1_BASE, APB1_SIZE);
32 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB2_BASE, APB2_SIZE);
33 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB3_BASE, APB3_SIZE);
34 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB4_BASE, APB4_SIZE);
35 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, APB5_BASE, APB5_SIZE);
36 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB4_BASE, AHB4_SIZE);
37 register_phys_mem_pgdir(MEM_AREA_IO_NSEC, AHB5_BASE, AHB5_SIZE);
38
39 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB1_BASE, APB1_SIZE);
40 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB3_BASE, APB3_SIZE);
41 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB4_BASE, APB4_SIZE);
42 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB5_BASE, APB5_SIZE);
43 #ifdef CFG_STM32MP13
44 register_phys_mem_pgdir(MEM_AREA_IO_SEC, APB6_BASE, APB6_SIZE);
45 #endif
46 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB4_BASE, AHB4_SIZE);
47 register_phys_mem_pgdir(MEM_AREA_IO_SEC, AHB5_BASE, AHB5_SIZE);
48 register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE);
49
50 #ifdef CFG_STM32MP1_SCMI_SHM_BASE
51 register_phys_mem(MEM_AREA_IO_NSEC, CFG_STM32MP1_SCMI_SHM_BASE,
52 CFG_STM32MP1_SCMI_SHM_SIZE);
53 #endif
54
55 register_ddr(DDR_BASE, CFG_DRAM_SIZE);
56
57 #define _ID2STR(id) (#id)
58 #define ID2STR(id) _ID2STR(id)
59
platform_banner(void)60 static TEE_Result platform_banner(void)
61 {
62 #ifdef CFG_EMBED_DTB
63 IMSG("Platform stm32mp1: flavor %s - DT %s",
64 ID2STR(PLATFORM_FLAVOR),
65 ID2STR(CFG_EMBED_DTB_SOURCE_FILE));
66 #else
67 IMSG("Platform stm32mp1: flavor %s - no device tree",
68 ID2STR(PLATFORM_FLAVOR));
69 #endif
70
71 return TEE_SUCCESS;
72 }
73 service_init(platform_banner);
74
75 /*
76 * Console
77 *
78 * CFG_STM32_EARLY_CONSOLE_UART specifies the ID of the UART used for
79 * trace console. Value 0 disables the early console.
80 *
81 * We cannot use the generic serial_console support since probing
82 * the console requires the platform clock driver to be already
83 * up and ready which is done only once service_init are completed.
84 */
85 static struct stm32_uart_pdata console_data;
86
console_init(void)87 void console_init(void)
88 {
89 /* Early console initialization before MMU setup */
90 struct uart {
91 paddr_t pa;
92 bool secure;
93 } uarts[] = {
94 [0] = { .pa = 0 },
95 [1] = { .pa = USART1_BASE, .secure = true, },
96 [2] = { .pa = USART2_BASE, .secure = false, },
97 [3] = { .pa = USART3_BASE, .secure = false, },
98 [4] = { .pa = UART4_BASE, .secure = false, },
99 [5] = { .pa = UART5_BASE, .secure = false, },
100 [6] = { .pa = USART6_BASE, .secure = false, },
101 [7] = { .pa = UART7_BASE, .secure = false, },
102 [8] = { .pa = UART8_BASE, .secure = false, },
103 };
104
105 COMPILE_TIME_ASSERT(ARRAY_SIZE(uarts) > CFG_STM32_EARLY_CONSOLE_UART);
106
107 if (!uarts[CFG_STM32_EARLY_CONSOLE_UART].pa)
108 return;
109
110 /* No clock yet bound to the UART console */
111 console_data.clock = NULL;
112
113 console_data.secure = uarts[CFG_STM32_EARLY_CONSOLE_UART].secure;
114 stm32_uart_init(&console_data, uarts[CFG_STM32_EARLY_CONSOLE_UART].pa);
115
116 register_serial_console(&console_data.chip);
117
118 IMSG("Early console on UART#%u", CFG_STM32_EARLY_CONSOLE_UART);
119 }
120
121 #ifdef CFG_EMBED_DTB
init_console_from_dt(void)122 static TEE_Result init_console_from_dt(void)
123 {
124 struct stm32_uart_pdata *pd = NULL;
125 void *fdt = NULL;
126 int node = 0;
127 TEE_Result res = TEE_ERROR_GENERIC;
128
129 fdt = get_embedded_dt();
130 res = get_console_node_from_dt(fdt, &node, NULL, NULL);
131 if (res == TEE_ERROR_ITEM_NOT_FOUND) {
132 fdt = get_external_dt();
133 res = get_console_node_from_dt(fdt, &node, NULL, NULL);
134 if (res == TEE_ERROR_ITEM_NOT_FOUND)
135 return TEE_SUCCESS;
136 if (res != TEE_SUCCESS)
137 return res;
138 }
139
140 pd = stm32_uart_init_from_dt_node(fdt, node);
141 if (!pd) {
142 IMSG("DTB disables console");
143 register_serial_console(NULL);
144 return TEE_SUCCESS;
145 }
146
147 /* Replace early console with the new one */
148 console_flush();
149 console_data = *pd;
150 register_serial_console(&console_data.chip);
151 IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-");
152 free(pd);
153
154 return TEE_SUCCESS;
155 }
156
157 /* Probe console from DT once clock inits (service init level) are completed */
158 service_init_late(init_console_from_dt);
159 #endif
160
161 /*
162 * GIC init, used also for primary/secondary boot core wake completion
163 */
164 static struct gic_data gic_data;
165
itr_core_handler(void)166 void itr_core_handler(void)
167 {
168 gic_it_handle(&gic_data);
169 }
170
main_init_gic(void)171 void main_init_gic(void)
172 {
173 gic_init(&gic_data, GIC_BASE + GICC_OFFSET, GIC_BASE + GICD_OFFSET);
174 itr_init(&gic_data.chip);
175
176 stm32mp_register_online_cpu();
177 }
178
main_secondary_init_gic(void)179 void main_secondary_init_gic(void)
180 {
181 gic_cpu_init(&gic_data);
182
183 stm32mp_register_online_cpu();
184 }
185
186 #ifdef CFG_STM32MP13
187 #ifdef CFG_STM32_ETZPC
188 /* Configure ETZPC cell and lock it when resource is secure */
config_lock_decprot(uint32_t decprot_id,enum etzpc_decprot_attributes decprot_attr)189 static void config_lock_decprot(uint32_t decprot_id,
190 enum etzpc_decprot_attributes decprot_attr)
191 {
192 etzpc_configure_decprot(decprot_id, decprot_attr);
193
194 if (decprot_attr == ETZPC_DECPROT_S_RW)
195 etzpc_lock_decprot(decprot_id);
196 }
197
set_etzpc_secure_configuration(void)198 static TEE_Result set_etzpc_secure_configuration(void)
199 {
200 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW);
201 config_lock_decprot(STM32MP1_ETZPC_DDRCTRLPHY_ID,
202 ETZPC_DECPROT_NS_R_S_W);
203
204 /* Configure ETZPC with peripheral registering */
205 config_lock_decprot(STM32MP1_ETZPC_ADC1_ID, ETZPC_DECPROT_NS_RW);
206 config_lock_decprot(STM32MP1_ETZPC_ADC2_ID, ETZPC_DECPROT_NS_RW);
207 config_lock_decprot(STM32MP1_ETZPC_CRYP_ID, ETZPC_DECPROT_NS_RW);
208 config_lock_decprot(STM32MP1_ETZPC_DCMIPP_ID, ETZPC_DECPROT_NS_RW);
209 config_lock_decprot(STM32MP1_ETZPC_ETH1_ID, ETZPC_DECPROT_NS_RW);
210 config_lock_decprot(STM32MP1_ETZPC_ETH2_ID, ETZPC_DECPROT_NS_RW);
211 config_lock_decprot(STM32MP1_ETZPC_FMC_ID, ETZPC_DECPROT_NS_RW);
212 /* HASH is secure */
213 config_lock_decprot(STM32MP1_ETZPC_HASH_ID, ETZPC_DECPROT_S_RW);
214 config_lock_decprot(STM32MP1_ETZPC_I2C3_ID, ETZPC_DECPROT_NS_RW);
215 /* I2C4 is secure */
216 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID, ETZPC_DECPROT_S_RW);
217 config_lock_decprot(STM32MP1_ETZPC_I2C5_ID, ETZPC_DECPROT_NS_RW);
218 /* IWDG1 is secure */
219 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID, ETZPC_DECPROT_S_RW);
220 config_lock_decprot(STM32MP1_ETZPC_LPTIM2_ID, ETZPC_DECPROT_NS_RW);
221 /* LPTIM3 is secure */
222 config_lock_decprot(STM32MP1_ETZPC_LPTIM3_ID, ETZPC_DECPROT_S_RW);
223 config_lock_decprot(STM32MP1_ETZPC_LTDC_ID, ETZPC_DECPROT_NS_RW);
224 /* MCE is secure */
225 config_lock_decprot(STM32MP1_ETZPC_MCE_ID, ETZPC_DECPROT_S_RW);
226 config_lock_decprot(STM32MP1_ETZPC_OTG_ID, ETZPC_DECPROT_NS_RW);
227 /* PKA is secure */
228 config_lock_decprot(STM32MP1_ETZPC_PKA_ID, ETZPC_DECPROT_S_RW);
229 config_lock_decprot(STM32MP1_ETZPC_QSPI_ID, ETZPC_DECPROT_NS_RW);
230 /* RNG is secure */
231 config_lock_decprot(STM32MP1_ETZPC_RNG_ID, ETZPC_DECPROT_S_RW);
232 /* SAES is secure */
233 config_lock_decprot(STM32MP1_ETZPC_SAES_ID, ETZPC_DECPROT_NS_RW);
234 config_lock_decprot(STM32MP1_ETZPC_SDMMC1_ID, ETZPC_DECPROT_NS_RW);
235 config_lock_decprot(STM32MP1_ETZPC_SDMMC2_ID, ETZPC_DECPROT_NS_RW);
236 config_lock_decprot(STM32MP1_ETZPC_SPI4_ID, ETZPC_DECPROT_NS_RW);
237 config_lock_decprot(STM32MP1_ETZPC_SPI5_ID, ETZPC_DECPROT_NS_RW);
238 config_lock_decprot(STM32MP1_ETZPC_SRAM1_ID, ETZPC_DECPROT_NS_RW);
239 config_lock_decprot(STM32MP1_ETZPC_SRAM2_ID, ETZPC_DECPROT_NS_RW);
240 /* SRAM3 is secure */
241 config_lock_decprot(STM32MP1_ETZPC_SRAM3_ID, ETZPC_DECPROT_S_RW);
242 /* STGENC is secure */
243 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW);
244 /* TIM12 is secure */
245 config_lock_decprot(STM32MP1_ETZPC_TIM12_ID, ETZPC_DECPROT_S_RW);
246 config_lock_decprot(STM32MP1_ETZPC_TIM13_ID, ETZPC_DECPROT_NS_RW);
247 config_lock_decprot(STM32MP1_ETZPC_TIM14_ID, ETZPC_DECPROT_NS_RW);
248 /* TIM15 is secure */
249 config_lock_decprot(STM32MP1_ETZPC_TIM15_ID, ETZPC_DECPROT_S_RW);
250 config_lock_decprot(STM32MP1_ETZPC_TIM16_ID, ETZPC_DECPROT_NS_RW);
251 config_lock_decprot(STM32MP1_ETZPC_TIM17_ID, ETZPC_DECPROT_NS_RW);
252 config_lock_decprot(STM32MP1_ETZPC_USART1_ID, ETZPC_DECPROT_NS_RW);
253 config_lock_decprot(STM32MP1_ETZPC_USART2_ID, ETZPC_DECPROT_NS_RW);
254 config_lock_decprot(STM32MP1_ETZPC_USBPHYCTRL_ID, ETZPC_DECPROT_NS_RW);
255 config_lock_decprot(STM32MP1_ETZPC_VREFBUF_ID, ETZPC_DECPROT_NS_RW);
256
257 return TEE_SUCCESS;
258 }
259
260 driver_init_late(set_etzpc_secure_configuration);
261 #endif /* CFG_STM32_ETZPC */
262
263 #ifdef CFG_STM32_GPIO
264
265 #define NB_PINS_PER_BANK U(16)
266 #define NB_PINS_BANK_H U(14)
267 #define NB_PINS_BANK_I U(8)
268
set_all_gpios_non_secure(void)269 static TEE_Result set_all_gpios_non_secure(void)
270 {
271 unsigned int bank = 0;
272 unsigned int pin = 0;
273 unsigned int nb_pin_bank = 0;
274
275 for (bank = 0; bank <= GPIO_BANK_I; bank++) {
276 switch (bank) {
277 case GPIO_BANK_H:
278 nb_pin_bank = NB_PINS_BANK_H;
279 break;
280 case GPIO_BANK_I:
281 nb_pin_bank = NB_PINS_BANK_I;
282 break;
283 default:
284 nb_pin_bank = NB_PINS_PER_BANK;
285 break;
286 }
287
288 for (pin = 0; pin <= nb_pin_bank; pin++)
289 stm32_gpio_set_secure_cfg(bank, pin, false);
290 }
291
292 return TEE_SUCCESS;
293 }
294
295 early_init_late(set_all_gpios_non_secure);
296 #endif /* CFG_STM32_GPIO */
297 #endif /* CFG_STM32MP13 */
298
init_stm32mp1_drivers(void)299 static TEE_Result init_stm32mp1_drivers(void)
300 {
301 /* Without secure DTB support, some drivers must be inited */
302 if (!IS_ENABLED(CFG_EMBED_DTB))
303 stm32_etzpc_init(ETZPC_BASE);
304
305 /* Secure internal memories for the platform, once ETZPC is ready */
306 etzpc_configure_tzma(0, ETZPC_TZMA_ALL_SECURE);
307 etzpc_lock_tzma(0);
308
309 #ifdef CFG_TZSRAM_START
310 COMPILE_TIME_ASSERT(((SYSRAM_BASE + SYSRAM_SIZE) <= CFG_TZSRAM_START) ||
311 ((SYSRAM_BASE <= CFG_TZSRAM_START) &&
312 (SYSRAM_SEC_SIZE >= CFG_TZSRAM_SIZE)));
313 #endif /* CFG_TZSRAM_START */
314
315 etzpc_configure_tzma(1, SYSRAM_SEC_SIZE >> SMALL_PAGE_SHIFT);
316 etzpc_lock_tzma(1);
317
318 if (SYSRAM_SIZE > SYSRAM_SEC_SIZE) {
319 size_t nsec_size = SYSRAM_SIZE - SYSRAM_SEC_SIZE;
320 paddr_t nsec_start = SYSRAM_BASE + SYSRAM_SEC_SIZE;
321 uint8_t *va = phys_to_virt(nsec_start, MEM_AREA_IO_NSEC,
322 nsec_size);
323
324 IMSG("Non-secure SYSRAM [%p %p]", va, va + nsec_size - 1);
325
326 /* Clear content from the non-secure part */
327 memset(va, 0, nsec_size);
328 }
329
330 return TEE_SUCCESS;
331 }
332
333 service_init_late(init_stm32mp1_drivers);
334
init_late_stm32mp1_drivers(void)335 static TEE_Result init_late_stm32mp1_drivers(void)
336 {
337 TEE_Result res = TEE_ERROR_GENERIC;
338
339 /* Set access permission to TAM backup registers */
340 if (IS_ENABLED(CFG_STM32_TAMP)) {
341 struct stm32_bkpregs_conf conf = {
342 .nb_zone1_regs = TAMP_BKP_REGISTER_ZONE1_COUNT,
343 .nb_zone2_regs = TAMP_BKP_REGISTER_ZONE2_COUNT,
344 };
345
346 res = stm32_tamp_set_secure_bkpregs(&conf);
347 if (res == TEE_ERROR_DEFER_DRIVER_INIT) {
348 /* TAMP driver was not probed if disabled in the DT */
349 res = TEE_SUCCESS;
350 }
351 if (res)
352 panic();
353 }
354
355 return TEE_SUCCESS;
356 }
357
358 driver_init_late(init_late_stm32mp1_drivers);
359
stm32_rcc_base(void)360 vaddr_t stm32_rcc_base(void)
361 {
362 static struct io_pa_va base = { .pa = RCC_BASE };
363
364 return io_pa_or_va_secure(&base, 1);
365 }
366
get_gicd_base(void)367 vaddr_t get_gicd_base(void)
368 {
369 struct io_pa_va base = { .pa = GIC_BASE + GICD_OFFSET };
370
371 return io_pa_or_va_secure(&base, 1);
372 }
373
stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg * cfg)374 void stm32mp_get_bsec_static_cfg(struct stm32_bsec_static_cfg *cfg)
375 {
376 cfg->base = BSEC_BASE;
377 cfg->upper_start = STM32MP1_UPPER_OTP_START;
378 cfg->max_id = STM32MP1_OTP_MAX_ID;
379 }
380
stm32mp_with_pmic(void)381 bool __weak stm32mp_with_pmic(void)
382 {
383 return false;
384 }
385
may_spin_lock(unsigned int * lock)386 uint32_t may_spin_lock(unsigned int *lock)
387 {
388 if (!lock || !cpu_mmu_enabled())
389 return 0;
390
391 return cpu_spin_lock_xsave(lock);
392 }
393
may_spin_unlock(unsigned int * lock,uint32_t exceptions)394 void may_spin_unlock(unsigned int *lock, uint32_t exceptions)
395 {
396 if (!lock || !cpu_mmu_enabled())
397 return;
398
399 cpu_spin_unlock_xrestore(lock, exceptions);
400 }
401
stm32_tamp_base(void)402 static vaddr_t stm32_tamp_base(void)
403 {
404 static struct io_pa_va base = { .pa = TAMP_BASE };
405
406 return io_pa_or_va_secure(&base, 1);
407 }
408
bkpreg_base(void)409 static vaddr_t bkpreg_base(void)
410 {
411 return stm32_tamp_base() + TAMP_BKP_REGISTER_OFF;
412 }
413
stm32mp_bkpreg(unsigned int idx)414 vaddr_t stm32mp_bkpreg(unsigned int idx)
415 {
416 return bkpreg_base() + (idx * sizeof(uint32_t));
417 }
418
bank_is_valid(unsigned int bank)419 static bool __maybe_unused bank_is_valid(unsigned int bank)
420 {
421 if (IS_ENABLED(CFG_STM32MP15))
422 return bank == GPIO_BANK_Z || bank <= GPIO_BANK_K;
423
424 if (IS_ENABLED(CFG_STM32MP13))
425 return bank <= GPIO_BANK_I;
426
427 panic();
428 }
429
stm32_get_gpio_bank_base(unsigned int bank)430 vaddr_t stm32_get_gpio_bank_base(unsigned int bank)
431 {
432 static struct io_pa_va base = { .pa = GPIOA_BASE };
433
434 static_assert(GPIO_BANK_A == 0);
435 assert(bank_is_valid(bank));
436
437 if (IS_ENABLED(CFG_STM32MP15)) {
438 static struct io_pa_va zbase = { .pa = GPIOZ_BASE };
439
440 /* Get secure mapping address for GPIOZ */
441 if (bank == GPIO_BANK_Z)
442 return io_pa_or_va_secure(&zbase, GPIO_BANK_OFFSET);
443
444 /* Other are mapped non-secure */
445 return io_pa_or_va_nsec(&base, (bank + 1) * GPIO_BANK_OFFSET) +
446 (bank * GPIO_BANK_OFFSET);
447 }
448
449 if (IS_ENABLED(CFG_STM32MP13))
450 return io_pa_or_va_secure(&base,
451 (bank + 1) * GPIO_BANK_OFFSET) +
452 (bank * GPIO_BANK_OFFSET);
453
454 panic();
455 }
456
stm32_get_gpio_bank_offset(unsigned int bank)457 unsigned int stm32_get_gpio_bank_offset(unsigned int bank)
458 {
459 assert(bank_is_valid(bank));
460
461 if (bank == GPIO_BANK_Z)
462 return 0;
463
464 return bank * GPIO_BANK_OFFSET;
465 }
466
stm32_get_gpio_bank_clock(unsigned int bank)467 unsigned int stm32_get_gpio_bank_clock(unsigned int bank)
468 {
469 assert(bank_is_valid(bank));
470
471 #ifdef CFG_STM32MP15
472 if (bank == GPIO_BANK_Z)
473 return GPIOZ;
474 #endif
475
476 return GPIOA + bank;
477 }
478
stm32_get_gpio_bank_clk(unsigned int bank)479 struct clk *stm32_get_gpio_bank_clk(unsigned int bank)
480 {
481 assert(bank_is_valid(bank));
482
483 if (!IS_ENABLED(CFG_DRIVERS_CLK))
484 return NULL;
485
486 return stm32mp_rcc_clock_id_to_clk(stm32_get_gpio_bank_clock(bank));
487 }
488
489 #ifdef CFG_STM32_IWDG
stm32_get_iwdg_otp_config(paddr_t pbase,struct stm32_iwdg_otp_data * otp_data)490 TEE_Result stm32_get_iwdg_otp_config(paddr_t pbase,
491 struct stm32_iwdg_otp_data *otp_data)
492 {
493 unsigned int idx = 0;
494 uint32_t otp_id = 0;
495 size_t bit_len = 0;
496 uint32_t otp_value = 0;
497
498 switch (pbase) {
499 case IWDG1_BASE:
500 idx = 0;
501 break;
502 case IWDG2_BASE:
503 idx = 1;
504 break;
505 default:
506 panic();
507 }
508
509 if (stm32_bsec_find_otp_in_nvmem_layout("hw2_otp", &otp_id, &bit_len) ||
510 bit_len != 32)
511 panic();
512
513 if (stm32_bsec_read_otp(&otp_value, otp_id))
514 panic();
515
516 otp_data->hw_enabled = otp_value &
517 BIT(idx + HW2_OTP_IWDG_HW_ENABLE_SHIFT);
518 otp_data->disable_on_stop = otp_value &
519 BIT(idx + HW2_OTP_IWDG_FZ_STOP_SHIFT);
520 otp_data->disable_on_standby = otp_value &
521 BIT(idx + HW2_OTP_IWDG_FZ_STANDBY_SHIFT);
522
523 return TEE_SUCCESS;
524 }
525 #endif /*CFG_STM32_IWDG*/
526