1 /*
2 * Copyright (c) 2017-2020, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <stdint.h>
9
10 #include <platform_def.h>
11
12 #include <common/debug.h>
13 #include <drivers/st/etzpc.h>
14 #include <drivers/st/stm32_gpio.h>
15
16 #include <stm32mp_shared_resources.h>
17
18 /*
19 * Once one starts to get the resource registering state, one cannot register
20 * new resources. This ensures resource state cannot change.
21 */
22 static bool registering_locked;
23
24 /*
25 * Shared peripherals and resources registration
26 *
27 * Each resource assignation is stored in a table. The state defaults
28 * to PERIPH_UNREGISTERED if the resource is not explicitly assigned.
29 *
30 * Resource driver that as not embedded (a.k.a their related CFG_xxx build
31 * directive is disabled) are assigned to the non-secure world.
32 *
33 * Each pin of the GPIOZ bank can be secure or non-secure.
34 *
35 * It is the platform responsibility the ensure resource assignation
36 * matches the access permission firewalls configuration.
37 */
38 enum shres_state {
39 SHRES_UNREGISTERED = 0,
40 SHRES_SECURE,
41 SHRES_NON_SECURE,
42 };
43
44 /* Force uint8_t array for array of enum shres_state for size considerations */
45 static uint8_t shres_state[STM32MP1_SHRES_COUNT];
46
47 static const char *shres2str_id_tbl[STM32MP1_SHRES_COUNT] __unused = {
48 [STM32MP1_SHRES_GPIOZ(0)] = "GPIOZ0",
49 [STM32MP1_SHRES_GPIOZ(1)] = "GPIOZ1",
50 [STM32MP1_SHRES_GPIOZ(2)] = "GPIOZ2",
51 [STM32MP1_SHRES_GPIOZ(3)] = "GPIOZ3",
52 [STM32MP1_SHRES_GPIOZ(4)] = "GPIOZ4",
53 [STM32MP1_SHRES_GPIOZ(5)] = "GPIOZ5",
54 [STM32MP1_SHRES_GPIOZ(6)] = "GPIOZ6",
55 [STM32MP1_SHRES_GPIOZ(7)] = "GPIOZ7",
56 [STM32MP1_SHRES_IWDG1] = "IWDG1",
57 [STM32MP1_SHRES_USART1] = "USART1",
58 [STM32MP1_SHRES_SPI6] = "SPI6",
59 [STM32MP1_SHRES_I2C4] = "I2C4",
60 [STM32MP1_SHRES_RNG1] = "RNG1",
61 [STM32MP1_SHRES_HASH1] = "HASH1",
62 [STM32MP1_SHRES_CRYP1] = "CRYP1",
63 [STM32MP1_SHRES_I2C6] = "I2C6",
64 [STM32MP1_SHRES_RTC] = "RTC",
65 [STM32MP1_SHRES_MCU] = "MCU",
66 [STM32MP1_SHRES_MDMA] = "MDMA",
67 [STM32MP1_SHRES_PLL3] = "PLL3",
68 };
69
shres2str_id(enum stm32mp_shres id)70 static const char __unused *shres2str_id(enum stm32mp_shres id)
71 {
72 assert(id < ARRAY_SIZE(shres2str_id_tbl));
73
74 return shres2str_id_tbl[id];
75 }
76
77 static const char __unused *shres2str_state_tbl[] = {
78 [SHRES_UNREGISTERED] = "unregistered",
79 [SHRES_NON_SECURE] = "non-secure",
80 [SHRES_SECURE] = "secure",
81 };
82
shres2str_state(unsigned int state)83 static const char __unused *shres2str_state(unsigned int state)
84 {
85 assert(state < ARRAY_SIZE(shres2str_state_tbl));
86
87 return shres2str_state_tbl[state];
88 }
89
90 /* Get resource state: these accesses lock the registering support */
lock_registering(void)91 static void lock_registering(void)
92 {
93 registering_locked = true;
94 }
95
periph_is_non_secure(enum stm32mp_shres id)96 static bool periph_is_non_secure(enum stm32mp_shres id)
97 {
98 lock_registering();
99
100 return (shres_state[id] == SHRES_NON_SECURE) ||
101 (shres_state[id] == SHRES_UNREGISTERED);
102 }
103
periph_is_secure(enum stm32mp_shres id)104 static bool periph_is_secure(enum stm32mp_shres id)
105 {
106 return !periph_is_non_secure(id);
107 }
108
109 /* GPIOZ pin count is saved in RAM to prevent parsing FDT several times */
110 static int8_t gpioz_nbpin = -1;
111
get_gpio_nbpin(unsigned int bank)112 static unsigned int get_gpio_nbpin(unsigned int bank)
113 {
114 if (bank != GPIO_BANK_Z) {
115 int count = fdt_get_gpio_bank_pin_count(bank);
116
117 assert((count >= 0) || (count <= (GPIO_PIN_MAX + 1)));
118
119 return (unsigned int)count;
120 }
121
122 if (gpioz_nbpin < 0) {
123 int count = fdt_get_gpio_bank_pin_count(GPIO_BANK_Z);
124
125 assert((count == 0) || (count == STM32MP_GPIOZ_PIN_MAX_COUNT));
126
127 gpioz_nbpin = count;
128 }
129
130 return (unsigned int)gpioz_nbpin;
131 }
132
get_gpioz_nbpin(void)133 static unsigned int get_gpioz_nbpin(void)
134 {
135 return get_gpio_nbpin(GPIO_BANK_Z);
136 }
137
register_periph(enum stm32mp_shres id,unsigned int state)138 static void register_periph(enum stm32mp_shres id, unsigned int state)
139 {
140 assert((id < STM32MP1_SHRES_COUNT) &&
141 ((state == SHRES_SECURE) || (state == SHRES_NON_SECURE)));
142
143 if (registering_locked) {
144 if (shres_state[id] == state) {
145 return;
146 }
147 panic();
148 }
149
150 if ((shres_state[id] != SHRES_UNREGISTERED) &&
151 (shres_state[id] != state)) {
152 VERBOSE("Cannot change %s from %s to %s\n",
153 shres2str_id(id),
154 shres2str_state(shres_state[id]),
155 shres2str_state(state));
156 panic();
157 }
158
159 if (shres_state[id] == SHRES_UNREGISTERED) {
160 VERBOSE("Register %s as %s\n",
161 shres2str_id(id), shres2str_state(state));
162 }
163
164 if ((id >= STM32MP1_SHRES_GPIOZ(0)) &&
165 (id <= STM32MP1_SHRES_GPIOZ(7)) &&
166 ((id - STM32MP1_SHRES_GPIOZ(0)) >= get_gpioz_nbpin())) {
167 ERROR("Invalid GPIO pin %u, %u pin(s) available\n",
168 id - STM32MP1_SHRES_GPIOZ(0), get_gpioz_nbpin());
169 panic();
170 }
171
172 shres_state[id] = (uint8_t)state;
173
174 /* Explore clock tree to lock dependencies */
175 if (state == SHRES_SECURE) {
176 enum stm32mp_shres clock_res_id;
177
178 switch (id) {
179 case STM32MP1_SHRES_GPIOZ(0):
180 case STM32MP1_SHRES_GPIOZ(1):
181 case STM32MP1_SHRES_GPIOZ(2):
182 case STM32MP1_SHRES_GPIOZ(3):
183 case STM32MP1_SHRES_GPIOZ(4):
184 case STM32MP1_SHRES_GPIOZ(5):
185 case STM32MP1_SHRES_GPIOZ(6):
186 case STM32MP1_SHRES_GPIOZ(7):
187 clock_res_id = GPIOZ;
188 break;
189 case STM32MP1_SHRES_IWDG1:
190 clock_res_id = IWDG1;
191 break;
192 case STM32MP1_SHRES_USART1:
193 clock_res_id = USART1_K;
194 break;
195 case STM32MP1_SHRES_SPI6:
196 clock_res_id = SPI6_K;
197 break;
198 case STM32MP1_SHRES_I2C4:
199 clock_res_id = I2C4_K;
200 break;
201 case STM32MP1_SHRES_RNG1:
202 clock_res_id = RNG1_K;
203 break;
204 case STM32MP1_SHRES_HASH1:
205 clock_res_id = HASH1;
206 break;
207 case STM32MP1_SHRES_CRYP1:
208 clock_res_id = CRYP1;
209 break;
210 case STM32MP1_SHRES_I2C6:
211 clock_res_id = I2C6_K;
212 break;
213 case STM32MP1_SHRES_RTC:
214 clock_res_id = RTC;
215 break;
216 default:
217 /* No clock resource dependency */
218 return;
219 }
220
221 stm32mp1_register_clock_parents_secure(clock_res_id);
222 }
223 }
224
225 /* Register resource by ID */
stm32mp_register_secure_periph(enum stm32mp_shres id)226 void stm32mp_register_secure_periph(enum stm32mp_shres id)
227 {
228 register_periph(id, SHRES_SECURE);
229 }
230
stm32mp_register_non_secure_periph(enum stm32mp_shres id)231 void stm32mp_register_non_secure_periph(enum stm32mp_shres id)
232 {
233 register_periph(id, SHRES_NON_SECURE);
234 }
235
register_periph_iomem(uintptr_t base,unsigned int state)236 static void register_periph_iomem(uintptr_t base, unsigned int state)
237 {
238 enum stm32mp_shres id;
239
240 switch (base) {
241 case CRYP1_BASE:
242 id = STM32MP1_SHRES_CRYP1;
243 break;
244 case HASH1_BASE:
245 id = STM32MP1_SHRES_HASH1;
246 break;
247 case I2C4_BASE:
248 id = STM32MP1_SHRES_I2C4;
249 break;
250 case I2C6_BASE:
251 id = STM32MP1_SHRES_I2C6;
252 break;
253 case IWDG1_BASE:
254 id = STM32MP1_SHRES_IWDG1;
255 break;
256 case RNG1_BASE:
257 id = STM32MP1_SHRES_RNG1;
258 break;
259 case RTC_BASE:
260 id = STM32MP1_SHRES_RTC;
261 break;
262 case SPI6_BASE:
263 id = STM32MP1_SHRES_SPI6;
264 break;
265 case USART1_BASE:
266 id = STM32MP1_SHRES_USART1;
267 break;
268
269 case GPIOA_BASE:
270 case GPIOB_BASE:
271 case GPIOC_BASE:
272 case GPIOD_BASE:
273 case GPIOE_BASE:
274 case GPIOF_BASE:
275 case GPIOG_BASE:
276 case GPIOH_BASE:
277 case GPIOI_BASE:
278 case GPIOJ_BASE:
279 case GPIOK_BASE:
280 case USART2_BASE:
281 case USART3_BASE:
282 case UART4_BASE:
283 case UART5_BASE:
284 case USART6_BASE:
285 case UART7_BASE:
286 case UART8_BASE:
287 case IWDG2_BASE:
288 /* Allow drivers to register some non-secure resources */
289 VERBOSE("IO for non-secure resource 0x%x\n",
290 (unsigned int)base);
291 if (state != SHRES_NON_SECURE) {
292 panic();
293 }
294
295 return;
296
297 default:
298 panic();
299 }
300
301 register_periph(id, state);
302 }
303
stm32mp_register_secure_periph_iomem(uintptr_t base)304 void stm32mp_register_secure_periph_iomem(uintptr_t base)
305 {
306 register_periph_iomem(base, SHRES_SECURE);
307 }
308
stm32mp_register_non_secure_periph_iomem(uintptr_t base)309 void stm32mp_register_non_secure_periph_iomem(uintptr_t base)
310 {
311 register_periph_iomem(base, SHRES_NON_SECURE);
312 }
313
stm32mp_register_secure_gpio(unsigned int bank,unsigned int pin)314 void stm32mp_register_secure_gpio(unsigned int bank, unsigned int pin)
315 {
316 switch (bank) {
317 case GPIO_BANK_Z:
318 register_periph(STM32MP1_SHRES_GPIOZ(pin), SHRES_SECURE);
319 break;
320 default:
321 ERROR("GPIO bank %u cannot be secured\n", bank);
322 panic();
323 }
324 }
325
stm32mp_register_non_secure_gpio(unsigned int bank,unsigned int pin)326 void stm32mp_register_non_secure_gpio(unsigned int bank, unsigned int pin)
327 {
328 switch (bank) {
329 case GPIO_BANK_Z:
330 register_periph(STM32MP1_SHRES_GPIOZ(pin), SHRES_NON_SECURE);
331 break;
332 default:
333 break;
334 }
335 }
336
stm32mp_gpio_bank_is_non_secure(unsigned int bank)337 static bool stm32mp_gpio_bank_is_non_secure(unsigned int bank)
338 {
339 unsigned int non_secure = 0U;
340 unsigned int i;
341
342 lock_registering();
343
344 if (bank != GPIO_BANK_Z) {
345 return true;
346 }
347
348 for (i = 0U; i < get_gpioz_nbpin(); i++) {
349 if (periph_is_non_secure(STM32MP1_SHRES_GPIOZ(i))) {
350 non_secure++;
351 }
352 }
353
354 return non_secure == get_gpioz_nbpin();
355 }
356
stm32mp_gpio_bank_is_secure(unsigned int bank)357 static bool stm32mp_gpio_bank_is_secure(unsigned int bank)
358 {
359 unsigned int secure = 0U;
360 unsigned int i;
361
362 lock_registering();
363
364 if (bank != GPIO_BANK_Z) {
365 return false;
366 }
367
368 for (i = 0U; i < get_gpioz_nbpin(); i++) {
369 if (periph_is_secure(STM32MP1_SHRES_GPIOZ(i))) {
370 secure++;
371 }
372 }
373
374 return secure == get_gpioz_nbpin();
375 }
376
stm32mp_nsec_can_access_clock(unsigned long clock_id)377 bool stm32mp_nsec_can_access_clock(unsigned long clock_id)
378 {
379 enum stm32mp_shres shres_id = STM32MP1_SHRES_COUNT;
380
381 switch (clock_id) {
382 case CK_CSI:
383 case CK_HSE:
384 case CK_HSE_DIV2:
385 case CK_HSI:
386 case CK_LSE:
387 case CK_LSI:
388 case PLL1_P:
389 case PLL1_Q:
390 case PLL1_R:
391 case PLL2_P:
392 case PLL2_Q:
393 case PLL2_R:
394 case PLL3_P:
395 case PLL3_Q:
396 case PLL3_R:
397 case RTCAPB:
398 return true;
399 case GPIOZ:
400 /* Allow clock access if at least one pin is non-secure */
401 return !stm32mp_gpio_bank_is_secure(GPIO_BANK_Z);
402 case CRYP1:
403 shres_id = STM32MP1_SHRES_CRYP1;
404 break;
405 case HASH1:
406 shres_id = STM32MP1_SHRES_HASH1;
407 break;
408 case I2C4_K:
409 shres_id = STM32MP1_SHRES_I2C4;
410 break;
411 case I2C6_K:
412 shres_id = STM32MP1_SHRES_I2C6;
413 break;
414 case IWDG1:
415 shres_id = STM32MP1_SHRES_IWDG1;
416 break;
417 case RNG1_K:
418 shres_id = STM32MP1_SHRES_RNG1;
419 break;
420 case RTC:
421 shres_id = STM32MP1_SHRES_RTC;
422 break;
423 case SPI6_K:
424 shres_id = STM32MP1_SHRES_SPI6;
425 break;
426 case USART1_K:
427 shres_id = STM32MP1_SHRES_USART1;
428 break;
429 default:
430 return false;
431 }
432
433 return periph_is_non_secure(shres_id);
434 }
435
stm32mp_nsec_can_access_reset(unsigned int reset_id)436 bool stm32mp_nsec_can_access_reset(unsigned int reset_id)
437 {
438 enum stm32mp_shres shres_id = STM32MP1_SHRES_COUNT;
439
440 switch (reset_id) {
441 case CRYP1_R:
442 shres_id = STM32MP1_SHRES_CRYP1;
443 break;
444 case GPIOZ_R:
445 /* GPIOZ reset mandates all pins are non-secure */
446 return stm32mp_gpio_bank_is_non_secure(GPIO_BANK_Z);
447 case HASH1_R:
448 shres_id = STM32MP1_SHRES_HASH1;
449 break;
450 case I2C4_R:
451 shres_id = STM32MP1_SHRES_I2C4;
452 break;
453 case I2C6_R:
454 shres_id = STM32MP1_SHRES_I2C6;
455 break;
456 case MCU_R:
457 shres_id = STM32MP1_SHRES_MCU;
458 break;
459 case MDMA_R:
460 shres_id = STM32MP1_SHRES_MDMA;
461 break;
462 case RNG1_R:
463 shres_id = STM32MP1_SHRES_RNG1;
464 break;
465 case SPI6_R:
466 shres_id = STM32MP1_SHRES_SPI6;
467 break;
468 case USART1_R:
469 shres_id = STM32MP1_SHRES_USART1;
470 break;
471 default:
472 return false;
473 }
474
475 return periph_is_non_secure(shres_id);
476 }
477
mckprot_protects_periph(enum stm32mp_shres id)478 static bool mckprot_protects_periph(enum stm32mp_shres id)
479 {
480 switch (id) {
481 case STM32MP1_SHRES_MCU:
482 case STM32MP1_SHRES_PLL3:
483 return true;
484 default:
485 return false;
486 }
487 }
488
489 /* ETZPC configuration at drivers initialization completion */
shres2decprot_attr(enum stm32mp_shres id)490 static enum etzpc_decprot_attributes shres2decprot_attr(enum stm32mp_shres id)
491 {
492 assert((id < STM32MP1_SHRES_GPIOZ(0)) ||
493 (id > STM32MP1_SHRES_GPIOZ(7)));
494
495 if (periph_is_non_secure(id)) {
496 return ETZPC_DECPROT_NS_RW;
497 }
498
499 return ETZPC_DECPROT_S_RW;
500 }
501
set_etzpc_secure_configuration(void)502 static void set_etzpc_secure_configuration(void)
503 {
504 /* Some system peripherals shall be secure */
505 etzpc_configure_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW);
506 etzpc_configure_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW);
507 etzpc_configure_decprot(STM32MP1_ETZPC_DDRCTRL_ID,
508 ETZPC_DECPROT_NS_R_S_W);
509 etzpc_configure_decprot(STM32MP1_ETZPC_DDRPHYC_ID,
510 ETZPC_DECPROT_NS_R_S_W);
511
512 /* Configure ETZPC with peripheral registering */
513 etzpc_configure_decprot(STM32MP1_ETZPC_CRYP1_ID,
514 shres2decprot_attr(STM32MP1_SHRES_CRYP1));
515 etzpc_configure_decprot(STM32MP1_ETZPC_HASH1_ID,
516 shres2decprot_attr(STM32MP1_SHRES_HASH1));
517 etzpc_configure_decprot(STM32MP1_ETZPC_I2C4_ID,
518 shres2decprot_attr(STM32MP1_SHRES_I2C4));
519 etzpc_configure_decprot(STM32MP1_ETZPC_I2C6_ID,
520 shres2decprot_attr(STM32MP1_SHRES_I2C6));
521 etzpc_configure_decprot(STM32MP1_ETZPC_IWDG1_ID,
522 shres2decprot_attr(STM32MP1_SHRES_IWDG1));
523 etzpc_configure_decprot(STM32MP1_ETZPC_RNG1_ID,
524 shres2decprot_attr(STM32MP1_SHRES_RNG1));
525 etzpc_configure_decprot(STM32MP1_ETZPC_USART1_ID,
526 shres2decprot_attr(STM32MP1_SHRES_USART1));
527 etzpc_configure_decprot(STM32MP1_ETZPC_SPI6_ID,
528 shres2decprot_attr(STM32MP1_SHRES_SPI6));
529 }
530
check_rcc_secure_configuration(void)531 static void check_rcc_secure_configuration(void)
532 {
533 uint32_t n;
534 uint32_t error = 0U;
535 bool mckprot = stm32mp1_rcc_is_mckprot();
536 bool secure = stm32mp1_rcc_is_secure();
537
538 for (n = 0U; n < ARRAY_SIZE(shres_state); n++) {
539 if (shres_state[n] != SHRES_SECURE) {
540 continue;
541 }
542
543 if (!secure || (mckprot_protects_periph(n) && (!mckprot))) {
544 ERROR("RCC %s MCKPROT %s and %s secure\n",
545 secure ? "secure" : "non-secure",
546 mckprot ? "set" : "not set",
547 shres2str_id(n));
548 error++;
549 }
550 }
551
552 if (error != 0U) {
553 panic();
554 }
555 }
556
set_gpio_secure_configuration(void)557 static void set_gpio_secure_configuration(void)
558 {
559 uint32_t pin;
560
561 for (pin = 0U; pin < get_gpioz_nbpin(); pin++) {
562 bool secure_state = periph_is_secure(STM32MP1_SHRES_GPIOZ(pin));
563
564 set_gpio_secure_cfg(GPIO_BANK_Z, pin, secure_state);
565 }
566 }
567
print_shared_resources_state(void)568 static void print_shared_resources_state(void)
569 {
570 unsigned int id;
571
572 for (id = 0U; id < STM32MP1_SHRES_COUNT; id++) {
573 switch (shres_state[id]) {
574 case SHRES_SECURE:
575 INFO("stm32mp1 %s is secure\n", shres2str_id(id));
576 break;
577 case SHRES_NON_SECURE:
578 case SHRES_UNREGISTERED:
579 VERBOSE("stm32mp %s is non-secure\n", shres2str_id(id));
580 break;
581 default:
582 VERBOSE("stm32mp %s is invalid\n", shres2str_id(id));
583 panic();
584 }
585 }
586 }
587
stm32mp_lock_periph_registering(void)588 void stm32mp_lock_periph_registering(void)
589 {
590 registering_locked = true;
591
592 print_shared_resources_state();
593
594 check_rcc_secure_configuration();
595 set_etzpc_secure_configuration();
596 set_gpio_secure_configuration();
597 }
598