1 /*
2 * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <string.h>
10
11 #include <arch_helpers.h>
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <common/desc_image_load.h>
15 #include <drivers/generic_delay_timer.h>
16 #include <drivers/mmc.h>
17 #include <drivers/st/bsec.h>
18 #include <drivers/st/regulator_fixed.h>
19 #include <drivers/st/stm32_iwdg.h>
20 #include <drivers/st/stm32_rng.h>
21 #include <drivers/st/stm32_uart.h>
22 #include <drivers/st/stm32mp1_clk.h>
23 #include <drivers/st/stm32mp1_pwr.h>
24 #include <drivers/st/stm32mp1_ram.h>
25 #include <drivers/st/stm32mp_pmic.h>
26 #include <lib/fconf/fconf.h>
27 #include <lib/fconf/fconf_dyn_cfg_getter.h>
28 #include <lib/mmio.h>
29 #include <lib/optee_utils.h>
30 #include <lib/xlat_tables/xlat_tables_v2.h>
31 #include <plat/common/platform.h>
32
33 #include <platform_def.h>
34 #include <stm32mp_common.h>
35 #include <stm32mp1_dbgmcu.h>
36
37 #if DEBUG
38 static const char debug_msg[] = {
39 "***************************************************\n"
40 "** DEBUG ACCESS PORT IS OPEN! **\n"
41 "** This boot image is only for debugging purpose **\n"
42 "** and is unsafe for production use. **\n"
43 "** **\n"
44 "** If you see this message and you are not **\n"
45 "** debugging report this immediately to your **\n"
46 "** vendor! **\n"
47 "***************************************************\n"
48 };
49 #endif
50
print_reset_reason(void)51 static void print_reset_reason(void)
52 {
53 uint32_t rstsr = mmio_read_32(stm32mp_rcc_base() + RCC_MP_RSTSCLRR);
54
55 if (rstsr == 0U) {
56 WARN("Reset reason unknown\n");
57 return;
58 }
59
60 INFO("Reset reason (0x%x):\n", rstsr);
61
62 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) == 0U) {
63 if ((rstsr & RCC_MP_RSTSCLRR_STDBYRSTF) != 0U) {
64 INFO("System exits from STANDBY\n");
65 return;
66 }
67
68 if ((rstsr & RCC_MP_RSTSCLRR_CSTDBYRSTF) != 0U) {
69 INFO("MPU exits from CSTANDBY\n");
70 return;
71 }
72 }
73
74 if ((rstsr & RCC_MP_RSTSCLRR_PORRSTF) != 0U) {
75 INFO(" Power-on Reset (rst_por)\n");
76 return;
77 }
78
79 if ((rstsr & RCC_MP_RSTSCLRR_BORRSTF) != 0U) {
80 INFO(" Brownout Reset (rst_bor)\n");
81 return;
82 }
83
84 #if STM32MP15
85 if ((rstsr & RCC_MP_RSTSCLRR_MCSYSRSTF) != 0U) {
86 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
87 INFO(" System reset generated by MCU (MCSYSRST)\n");
88 } else {
89 INFO(" Local reset generated by MCU (MCSYSRST)\n");
90 }
91 return;
92 }
93 #endif
94
95 if ((rstsr & RCC_MP_RSTSCLRR_MPSYSRSTF) != 0U) {
96 INFO(" System reset generated by MPU (MPSYSRST)\n");
97 return;
98 }
99
100 if ((rstsr & RCC_MP_RSTSCLRR_HCSSRSTF) != 0U) {
101 INFO(" Reset due to a clock failure on HSE\n");
102 return;
103 }
104
105 if ((rstsr & RCC_MP_RSTSCLRR_IWDG1RSTF) != 0U) {
106 INFO(" IWDG1 Reset (rst_iwdg1)\n");
107 return;
108 }
109
110 if ((rstsr & RCC_MP_RSTSCLRR_IWDG2RSTF) != 0U) {
111 INFO(" IWDG2 Reset (rst_iwdg2)\n");
112 return;
113 }
114
115 if ((rstsr & RCC_MP_RSTSCLRR_MPUP0RSTF) != 0U) {
116 INFO(" MPU Processor 0 Reset\n");
117 return;
118 }
119
120 #if STM32MP15
121 if ((rstsr & RCC_MP_RSTSCLRR_MPUP1RSTF) != 0U) {
122 INFO(" MPU Processor 1 Reset\n");
123 return;
124 }
125 #endif
126
127 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
128 INFO(" Pad Reset from NRST\n");
129 return;
130 }
131
132 if ((rstsr & RCC_MP_RSTSCLRR_VCORERSTF) != 0U) {
133 INFO(" Reset due to a failure of VDD_CORE\n");
134 return;
135 }
136
137 ERROR(" Unidentified reset reason\n");
138 }
139
bl2_el3_early_platform_setup(u_register_t arg0,u_register_t arg1 __unused,u_register_t arg2 __unused,u_register_t arg3 __unused)140 void bl2_el3_early_platform_setup(u_register_t arg0,
141 u_register_t arg1 __unused,
142 u_register_t arg2 __unused,
143 u_register_t arg3 __unused)
144 {
145 stm32mp_setup_early_console();
146
147 stm32mp_save_boot_ctx_address(arg0);
148 }
149
bl2_platform_setup(void)150 void bl2_platform_setup(void)
151 {
152 int ret;
153
154 ret = stm32mp1_ddr_probe();
155 if (ret < 0) {
156 ERROR("Invalid DDR init: error %d\n", ret);
157 panic();
158 }
159
160 /* Map DDR for binary load, now with cacheable attribute */
161 ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
162 STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
163 if (ret < 0) {
164 ERROR("DDR mapping: error %d\n", ret);
165 panic();
166 }
167 }
168
169 #if STM32MP15
update_monotonic_counter(void)170 static void update_monotonic_counter(void)
171 {
172 uint32_t version;
173 uint32_t otp;
174
175 CASSERT(STM32_TF_VERSION <= MAX_MONOTONIC_VALUE,
176 assert_stm32mp1_monotonic_counter_reach_max);
177
178 /* Check if monotonic counter needs to be incremented */
179 if (stm32_get_otp_index(MONOTONIC_OTP, &otp, NULL) != 0) {
180 panic();
181 }
182
183 if (stm32_get_otp_value_from_idx(otp, &version) != 0) {
184 panic();
185 }
186
187 if ((version + 1U) < BIT(STM32_TF_VERSION)) {
188 uint32_t result;
189
190 /* Need to increment the monotonic counter. */
191 version = BIT(STM32_TF_VERSION) - 1U;
192
193 result = bsec_program_otp(version, otp);
194 if (result != BSEC_OK) {
195 ERROR("BSEC: MONOTONIC_OTP program Error %u\n",
196 result);
197 panic();
198 }
199 INFO("Monotonic counter has been incremented (value 0x%x)\n",
200 version);
201 }
202 }
203 #endif
204
bl2_el3_plat_arch_setup(void)205 void bl2_el3_plat_arch_setup(void)
206 {
207 const char *board_model;
208 boot_api_context_t *boot_context =
209 (boot_api_context_t *)stm32mp_get_boot_ctx_address();
210 uintptr_t pwr_base;
211 uintptr_t rcc_base;
212
213 if (bsec_probe() != 0U) {
214 panic();
215 }
216
217 mmap_add_region(BL_CODE_BASE, BL_CODE_BASE,
218 BL_CODE_END - BL_CODE_BASE,
219 MT_CODE | MT_SECURE);
220
221 /* Prevent corruption of preloaded Device Tree */
222 mmap_add_region(DTB_BASE, DTB_BASE,
223 DTB_LIMIT - DTB_BASE,
224 MT_RO_DATA | MT_SECURE);
225
226 configure_mmu();
227
228 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) {
229 panic();
230 }
231
232 pwr_base = stm32mp_pwr_base();
233 rcc_base = stm32mp_rcc_base();
234
235 /*
236 * Disable the backup domain write protection.
237 * The protection is enable at each reset by hardware
238 * and must be disabled by software.
239 */
240 mmio_setbits_32(pwr_base + PWR_CR1, PWR_CR1_DBP);
241
242 while ((mmio_read_32(pwr_base + PWR_CR1) & PWR_CR1_DBP) == 0U) {
243 ;
244 }
245
246 /* Reset backup domain on cold boot cases */
247 if ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_RTCSRC_MASK) == 0U) {
248 mmio_setbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
249
250 while ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_VSWRST) ==
251 0U) {
252 ;
253 }
254
255 mmio_clrbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
256 }
257
258 #if STM32MP15
259 /* Disable MCKPROT */
260 mmio_clrbits_32(rcc_base + RCC_TZCR, RCC_TZCR_MCKPROT);
261 #endif
262
263 /*
264 * Set minimum reset pulse duration to 31ms for discrete power
265 * supplied boards.
266 */
267 if (dt_pmic_status() <= 0) {
268 mmio_clrsetbits_32(rcc_base + RCC_RDLSICR,
269 RCC_RDLSICR_MRD_MASK,
270 31U << RCC_RDLSICR_MRD_SHIFT);
271 }
272
273 generic_delay_timer_init();
274
275 #if STM32MP_UART_PROGRAMMER
276 /* Disable programmer UART before changing clock tree */
277 if (boot_context->boot_interface_selected ==
278 BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) {
279 uintptr_t uart_prog_addr =
280 get_uart_address(boot_context->boot_interface_instance);
281
282 stm32_uart_stop(uart_prog_addr);
283 }
284 #endif
285 if (stm32mp1_clk_probe() < 0) {
286 panic();
287 }
288
289 if (stm32mp1_clk_init() < 0) {
290 panic();
291 }
292
293 stm32_save_boot_interface(boot_context->boot_interface_selected,
294 boot_context->boot_interface_instance);
295 stm32_save_boot_auth(boot_context->auth_status,
296 boot_context->boot_partition_used_toboot);
297
298 #if STM32MP_USB_PROGRAMMER && STM32MP15
299 /* Deconfigure all UART RX pins configured by ROM code */
300 stm32mp1_deconfigure_uart_pins();
301 #endif
302
303 if (stm32mp_uart_console_setup() != 0) {
304 goto skip_console_init;
305 }
306
307 stm32mp_print_cpuinfo();
308
309 board_model = dt_get_board_model();
310 if (board_model != NULL) {
311 NOTICE("Model: %s\n", board_model);
312 }
313
314 stm32mp_print_boardinfo();
315
316 if (boot_context->auth_status != BOOT_API_CTX_AUTH_NO) {
317 NOTICE("Bootrom authentication %s\n",
318 (boot_context->auth_status == BOOT_API_CTX_AUTH_FAILED) ?
319 "failed" : "succeeded");
320 }
321
322 skip_console_init:
323 #if !TRUSTED_BOARD_BOOT
324 if (stm32mp_is_closed_device()) {
325 /* Closed chip mandates authentication */
326 ERROR("Secure chip: TRUSTED_BOARD_BOOT must be enabled\n");
327 panic();
328 }
329 #endif
330
331 if (fixed_regulator_register() != 0) {
332 panic();
333 }
334
335 if (dt_pmic_status() > 0) {
336 initialize_pmic();
337 if (pmic_voltages_init() != 0) {
338 ERROR("PMIC voltages init failed\n");
339 panic();
340 }
341 print_pmic_info_and_debug();
342 }
343
344 stm32mp1_syscfg_init();
345
346 if (stm32_iwdg_init() < 0) {
347 panic();
348 }
349
350 stm32_iwdg_refresh();
351
352 if (bsec_read_debug_conf() != 0U) {
353 if (stm32mp_is_closed_device()) {
354 #if DEBUG
355 WARN("\n%s", debug_msg);
356 #else
357 ERROR("***Debug opened on closed chip***\n");
358 #endif
359 }
360 }
361
362 #if STM32MP13
363 if (stm32_rng_init() != 0) {
364 panic();
365 }
366 #endif
367
368 stm32mp1_arch_security_setup();
369
370 print_reset_reason();
371
372 #if STM32MP15
373 update_monotonic_counter();
374 #endif
375
376 stm32mp1_syscfg_enable_io_compensation_finish();
377
378 fconf_populate("TB_FW", STM32MP_DTB_BASE);
379
380 stm32mp_io_setup();
381 }
382
383 /*******************************************************************************
384 * This function can be used by the platforms to update/use image
385 * information for given `image_id`.
386 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)387 int bl2_plat_handle_post_image_load(unsigned int image_id)
388 {
389 int err = 0;
390 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
391 bl_mem_params_node_t *bl32_mem_params;
392 bl_mem_params_node_t *pager_mem_params __unused;
393 bl_mem_params_node_t *paged_mem_params __unused;
394 const struct dyn_cfg_dtb_info_t *config_info;
395 bl_mem_params_node_t *tos_fw_mem_params;
396 unsigned int i;
397 unsigned int idx;
398 unsigned long long ddr_top __unused;
399 const unsigned int image_ids[] = {
400 BL32_IMAGE_ID,
401 BL33_IMAGE_ID,
402 HW_CONFIG_ID,
403 TOS_FW_CONFIG_ID,
404 };
405
406 assert(bl_mem_params != NULL);
407
408 switch (image_id) {
409 case FW_CONFIG_ID:
410 /* Set global DTB info for fixed fw_config information */
411 set_config_info(STM32MP_FW_CONFIG_BASE, ~0UL, STM32MP_FW_CONFIG_MAX_SIZE,
412 FW_CONFIG_ID);
413 fconf_populate("FW_CONFIG", STM32MP_FW_CONFIG_BASE);
414
415 idx = dyn_cfg_dtb_info_get_index(TOS_FW_CONFIG_ID);
416
417 /* Iterate through all the fw config IDs */
418 for (i = 0U; i < ARRAY_SIZE(image_ids); i++) {
419 if ((image_ids[i] == TOS_FW_CONFIG_ID) && (idx == FCONF_INVALID_IDX)) {
420 continue;
421 }
422
423 bl_mem_params = get_bl_mem_params_node(image_ids[i]);
424 assert(bl_mem_params != NULL);
425
426 config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_ids[i]);
427 if (config_info == NULL) {
428 continue;
429 }
430
431 bl_mem_params->image_info.image_base = config_info->config_addr;
432 bl_mem_params->image_info.image_max_size = config_info->config_max_size;
433
434 bl_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
435
436 switch (image_ids[i]) {
437 case BL32_IMAGE_ID:
438 bl_mem_params->ep_info.pc = config_info->config_addr;
439
440 /* In case of OPTEE, initialize address space with tos_fw addr */
441 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
442 assert(pager_mem_params != NULL);
443 pager_mem_params->image_info.image_base = config_info->config_addr;
444 pager_mem_params->image_info.image_max_size =
445 config_info->config_max_size;
446
447 /* Init base and size for pager if exist */
448 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
449 if (paged_mem_params != NULL) {
450 paged_mem_params->image_info.image_base = STM32MP_DDR_BASE +
451 (dt_get_ddr_size() - STM32MP_DDR_S_SIZE -
452 STM32MP_DDR_SHMEM_SIZE);
453 paged_mem_params->image_info.image_max_size =
454 STM32MP_DDR_S_SIZE;
455 }
456 break;
457
458 case BL33_IMAGE_ID:
459 bl_mem_params->ep_info.pc = config_info->config_addr;
460 break;
461
462 case HW_CONFIG_ID:
463 case TOS_FW_CONFIG_ID:
464 break;
465
466 default:
467 return -EINVAL;
468 }
469 }
470 break;
471
472 case BL32_IMAGE_ID:
473 if (optee_header_is_valid(bl_mem_params->image_info.image_base)) {
474 image_info_t *paged_image_info = NULL;
475
476 /* BL32 is OP-TEE header */
477 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
478 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
479 assert(pager_mem_params != NULL);
480
481 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
482 if (paged_mem_params != NULL) {
483 paged_image_info = &paged_mem_params->image_info;
484 }
485
486 err = parse_optee_header(&bl_mem_params->ep_info,
487 &pager_mem_params->image_info,
488 paged_image_info);
489 if (err != 0) {
490 ERROR("OPTEE header parse error.\n");
491 panic();
492 }
493
494 /* Set optee boot info from parsed header data */
495 if (paged_mem_params != NULL) {
496 bl_mem_params->ep_info.args.arg0 =
497 paged_mem_params->image_info.image_base;
498 } else {
499 bl_mem_params->ep_info.args.arg0 = 0U;
500 }
501
502 bl_mem_params->ep_info.args.arg1 = 0U; /* Unused */
503 bl_mem_params->ep_info.args.arg2 = 0U; /* No DT supported */
504 } else {
505 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
506 tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
507 assert(tos_fw_mem_params != NULL);
508 bl_mem_params->image_info.image_max_size +=
509 tos_fw_mem_params->image_info.image_max_size;
510 bl_mem_params->ep_info.args.arg0 = 0;
511 }
512 break;
513
514 case BL33_IMAGE_ID:
515 bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
516 assert(bl32_mem_params != NULL);
517 bl32_mem_params->ep_info.lr_svc = bl_mem_params->ep_info.pc;
518 #if PSA_FWU_SUPPORT
519 stm32mp1_fwu_set_boot_idx();
520 #endif /* PSA_FWU_SUPPORT */
521 break;
522
523 default:
524 /* Do nothing in default case */
525 break;
526 }
527
528 #if STM32MP_SDMMC || STM32MP_EMMC
529 /*
530 * Invalidate remaining data read from MMC but not flushed by load_image_flush().
531 * We take the worst case which is 2 MMC blocks.
532 */
533 if ((image_id != FW_CONFIG_ID) &&
534 ((bl_mem_params->image_info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U)) {
535 inv_dcache_range(bl_mem_params->image_info.image_base +
536 bl_mem_params->image_info.image_size,
537 2U * MMC_BLOCK_SIZE);
538 }
539 #endif /* STM32MP_SDMMC || STM32MP_EMMC */
540
541 return err;
542 }
543
bl2_el3_plat_prepare_exit(void)544 void bl2_el3_plat_prepare_exit(void)
545 {
546 uint16_t boot_itf = stm32mp_get_boot_itf_selected();
547
548 switch (boot_itf) {
549 #if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
550 case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART:
551 case BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB:
552 /* Invalidate the downloaded buffer used with io_memmap */
553 inv_dcache_range(DWL_BUFFER_BASE, DWL_BUFFER_SIZE);
554 break;
555 #endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
556 default:
557 /* Do nothing in default case */
558 break;
559 }
560
561 stm32mp1_security_setup();
562 }
563