1 /*
2 * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <string.h>
10
11 #include <arch_helpers.h>
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <common/desc_image_load.h>
15 #include <drivers/generic_delay_timer.h>
16 #include <drivers/mmc.h>
17 #include <drivers/st/bsec.h>
18 #include <drivers/st/regulator_fixed.h>
19 #include <drivers/st/stm32_iwdg.h>
20 #include <drivers/st/stm32_rng.h>
21 #include <drivers/st/stm32_uart.h>
22 #include <drivers/st/stm32mp1_clk.h>
23 #include <drivers/st/stm32mp1_pwr.h>
24 #include <drivers/st/stm32mp1_ram.h>
25 #include <drivers/st/stm32mp_pmic.h>
26 #include <lib/fconf/fconf.h>
27 #include <lib/fconf/fconf_dyn_cfg_getter.h>
28 #include <lib/mmio.h>
29 #include <lib/optee_utils.h>
30 #include <lib/xlat_tables/xlat_tables_v2.h>
31 #include <plat/common/platform.h>
32
33 #include <platform_def.h>
34 #include <stm32mp_common.h>
35 #include <stm32mp1_dbgmcu.h>
36
37 #if DEBUG
38 static const char debug_msg[] = {
39 "***************************************************\n"
40 "** DEBUG ACCESS PORT IS OPEN! **\n"
41 "** This boot image is only for debugging purpose **\n"
42 "** and is unsafe for production use. **\n"
43 "** **\n"
44 "** If you see this message and you are not **\n"
45 "** debugging report this immediately to your **\n"
46 "** vendor! **\n"
47 "***************************************************\n"
48 };
49 #endif
50
print_reset_reason(void)51 static void print_reset_reason(void)
52 {
53 uint32_t rstsr = mmio_read_32(stm32mp_rcc_base() + RCC_MP_RSTSCLRR);
54
55 if (rstsr == 0U) {
56 WARN("Reset reason unknown\n");
57 return;
58 }
59
60 INFO("Reset reason (0x%x):\n", rstsr);
61
62 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) == 0U) {
63 if ((rstsr & RCC_MP_RSTSCLRR_STDBYRSTF) != 0U) {
64 INFO("System exits from STANDBY\n");
65 return;
66 }
67
68 if ((rstsr & RCC_MP_RSTSCLRR_CSTDBYRSTF) != 0U) {
69 INFO("MPU exits from CSTANDBY\n");
70 return;
71 }
72 }
73
74 if ((rstsr & RCC_MP_RSTSCLRR_PORRSTF) != 0U) {
75 INFO(" Power-on Reset (rst_por)\n");
76 return;
77 }
78
79 if ((rstsr & RCC_MP_RSTSCLRR_BORRSTF) != 0U) {
80 INFO(" Brownout Reset (rst_bor)\n");
81 return;
82 }
83
84 #if STM32MP15
85 if ((rstsr & RCC_MP_RSTSCLRR_MCSYSRSTF) != 0U) {
86 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
87 INFO(" System reset generated by MCU (MCSYSRST)\n");
88 } else {
89 INFO(" Local reset generated by MCU (MCSYSRST)\n");
90 }
91 return;
92 }
93 #endif
94
95 if ((rstsr & RCC_MP_RSTSCLRR_MPSYSRSTF) != 0U) {
96 INFO(" System reset generated by MPU (MPSYSRST)\n");
97 return;
98 }
99
100 if ((rstsr & RCC_MP_RSTSCLRR_HCSSRSTF) != 0U) {
101 INFO(" Reset due to a clock failure on HSE\n");
102 return;
103 }
104
105 if ((rstsr & RCC_MP_RSTSCLRR_IWDG1RSTF) != 0U) {
106 INFO(" IWDG1 Reset (rst_iwdg1)\n");
107 return;
108 }
109
110 if ((rstsr & RCC_MP_RSTSCLRR_IWDG2RSTF) != 0U) {
111 INFO(" IWDG2 Reset (rst_iwdg2)\n");
112 return;
113 }
114
115 if ((rstsr & RCC_MP_RSTSCLRR_MPUP0RSTF) != 0U) {
116 INFO(" MPU Processor 0 Reset\n");
117 return;
118 }
119
120 #if STM32MP15
121 if ((rstsr & RCC_MP_RSTSCLRR_MPUP1RSTF) != 0U) {
122 INFO(" MPU Processor 1 Reset\n");
123 return;
124 }
125 #endif
126
127 if ((rstsr & RCC_MP_RSTSCLRR_PADRSTF) != 0U) {
128 INFO(" Pad Reset from NRST\n");
129 return;
130 }
131
132 if ((rstsr & RCC_MP_RSTSCLRR_VCORERSTF) != 0U) {
133 INFO(" Reset due to a failure of VDD_CORE\n");
134 return;
135 }
136
137 ERROR(" Unidentified reset reason\n");
138 }
139
bl2_el3_early_platform_setup(u_register_t arg0,u_register_t arg1 __unused,u_register_t arg2 __unused,u_register_t arg3 __unused)140 void bl2_el3_early_platform_setup(u_register_t arg0,
141 u_register_t arg1 __unused,
142 u_register_t arg2 __unused,
143 u_register_t arg3 __unused)
144 {
145 stm32mp_setup_early_console();
146
147 stm32mp_save_boot_ctx_address(arg0);
148 }
149
bl2_platform_setup(void)150 void bl2_platform_setup(void)
151 {
152 int ret;
153
154 ret = stm32mp1_ddr_probe();
155 if (ret < 0) {
156 ERROR("Invalid DDR init: error %d\n", ret);
157 panic();
158 }
159
160 /* Map DDR for binary load, now with cacheable attribute */
161 ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
162 STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
163 if (ret < 0) {
164 ERROR("DDR mapping: error %d\n", ret);
165 panic();
166 }
167 }
168
169 #if STM32MP15
update_monotonic_counter(void)170 static void update_monotonic_counter(void)
171 {
172 uint32_t version;
173 uint32_t otp;
174
175 CASSERT(STM32_TF_VERSION <= MAX_MONOTONIC_VALUE,
176 assert_stm32mp1_monotonic_counter_reach_max);
177
178 /* Check if monotonic counter needs to be incremented */
179 if (stm32_get_otp_index(MONOTONIC_OTP, &otp, NULL) != 0) {
180 panic();
181 }
182
183 if (stm32_get_otp_value_from_idx(otp, &version) != 0) {
184 panic();
185 }
186
187 if ((version + 1U) < BIT(STM32_TF_VERSION)) {
188 uint32_t result;
189
190 /* Need to increment the monotonic counter. */
191 version = BIT(STM32_TF_VERSION) - 1U;
192
193 result = bsec_program_otp(version, otp);
194 if (result != BSEC_OK) {
195 ERROR("BSEC: MONOTONIC_OTP program Error %u\n",
196 result);
197 panic();
198 }
199 INFO("Monotonic counter has been incremented (value 0x%x)\n",
200 version);
201 }
202 }
203 #endif
204
bl2_el3_plat_arch_setup(void)205 void bl2_el3_plat_arch_setup(void)
206 {
207 const char *board_model;
208 boot_api_context_t *boot_context =
209 (boot_api_context_t *)stm32mp_get_boot_ctx_address();
210 uintptr_t pwr_base;
211 uintptr_t rcc_base;
212
213 if (bsec_probe() != 0U) {
214 panic();
215 }
216
217 mmap_add_region(BL_CODE_BASE, BL_CODE_BASE,
218 BL_CODE_END - BL_CODE_BASE,
219 MT_CODE | MT_SECURE);
220
221 /* Prevent corruption of preloaded Device Tree */
222 mmap_add_region(DTB_BASE, DTB_BASE,
223 DTB_LIMIT - DTB_BASE,
224 MT_RO_DATA | MT_SECURE);
225
226 configure_mmu();
227
228 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) {
229 panic();
230 }
231
232 pwr_base = stm32mp_pwr_base();
233 rcc_base = stm32mp_rcc_base();
234
235 /*
236 * Disable the backup domain write protection.
237 * The protection is enable at each reset by hardware
238 * and must be disabled by software.
239 */
240 mmio_setbits_32(pwr_base + PWR_CR1, PWR_CR1_DBP);
241
242 while ((mmio_read_32(pwr_base + PWR_CR1) & PWR_CR1_DBP) == 0U) {
243 ;
244 }
245
246 /* Reset backup domain on cold boot cases */
247 if ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_RTCSRC_MASK) == 0U) {
248 mmio_setbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
249
250 while ((mmio_read_32(rcc_base + RCC_BDCR) & RCC_BDCR_VSWRST) ==
251 0U) {
252 ;
253 }
254
255 mmio_clrbits_32(rcc_base + RCC_BDCR, RCC_BDCR_VSWRST);
256 }
257
258 #if STM32MP15
259 /* Disable MCKPROT */
260 mmio_clrbits_32(rcc_base + RCC_TZCR, RCC_TZCR_MCKPROT);
261 #endif
262
263 /*
264 * Set minimum reset pulse duration to 31ms for discrete power
265 * supplied boards.
266 */
267 if (dt_pmic_status() <= 0) {
268 mmio_clrsetbits_32(rcc_base + RCC_RDLSICR,
269 RCC_RDLSICR_MRD_MASK,
270 31U << RCC_RDLSICR_MRD_SHIFT);
271 }
272
273 generic_delay_timer_init();
274
275 #if STM32MP_UART_PROGRAMMER
276 /* Disable programmer UART before changing clock tree */
277 if (boot_context->boot_interface_selected ==
278 BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) {
279 uintptr_t uart_prog_addr =
280 get_uart_address(boot_context->boot_interface_instance);
281
282 stm32_uart_stop(uart_prog_addr);
283 }
284 #endif
285 if (stm32mp1_clk_probe() < 0) {
286 panic();
287 }
288
289 if (stm32mp1_clk_init() < 0) {
290 panic();
291 }
292
293 stm32_save_boot_info(boot_context);
294
295 #if STM32MP_USB_PROGRAMMER && STM32MP15
296 /* Deconfigure all UART RX pins configured by ROM code */
297 stm32mp1_deconfigure_uart_pins();
298 #endif
299
300 if (stm32mp_uart_console_setup() != 0) {
301 goto skip_console_init;
302 }
303
304 stm32mp_print_cpuinfo();
305
306 board_model = dt_get_board_model();
307 if (board_model != NULL) {
308 NOTICE("Model: %s\n", board_model);
309 }
310
311 stm32mp_print_boardinfo();
312
313 if (boot_context->auth_status != BOOT_API_CTX_AUTH_NO) {
314 NOTICE("Bootrom authentication %s\n",
315 (boot_context->auth_status == BOOT_API_CTX_AUTH_FAILED) ?
316 "failed" : "succeeded");
317 }
318
319 skip_console_init:
320 #if !TRUSTED_BOARD_BOOT
321 if (stm32mp_is_closed_device()) {
322 /* Closed chip mandates authentication */
323 ERROR("Secure chip: TRUSTED_BOARD_BOOT must be enabled\n");
324 panic();
325 }
326 #endif
327
328 if (fixed_regulator_register() != 0) {
329 panic();
330 }
331
332 if (dt_pmic_status() > 0) {
333 initialize_pmic();
334 if (pmic_voltages_init() != 0) {
335 ERROR("PMIC voltages init failed\n");
336 panic();
337 }
338 print_pmic_info_and_debug();
339 }
340
341 stm32mp1_syscfg_init();
342
343 if (stm32_iwdg_init() < 0) {
344 panic();
345 }
346
347 stm32_iwdg_refresh();
348
349 if (bsec_read_debug_conf() != 0U) {
350 if (stm32mp_is_closed_device()) {
351 #if DEBUG
352 WARN("\n%s", debug_msg);
353 #else
354 ERROR("***Debug opened on closed chip***\n");
355 #endif
356 }
357 }
358
359 #if STM32MP13
360 if (stm32_rng_init() != 0) {
361 panic();
362 }
363 #endif
364
365 stm32mp1_arch_security_setup();
366
367 print_reset_reason();
368
369 #if STM32MP15
370 update_monotonic_counter();
371 #endif
372
373 stm32mp1_syscfg_enable_io_compensation_finish();
374
375 fconf_populate("TB_FW", STM32MP_DTB_BASE);
376
377 stm32mp_io_setup();
378 }
379
380 /*******************************************************************************
381 * This function can be used by the platforms to update/use image
382 * information for given `image_id`.
383 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)384 int bl2_plat_handle_post_image_load(unsigned int image_id)
385 {
386 int err = 0;
387 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
388 bl_mem_params_node_t *bl32_mem_params;
389 bl_mem_params_node_t *pager_mem_params __unused;
390 bl_mem_params_node_t *paged_mem_params __unused;
391 const struct dyn_cfg_dtb_info_t *config_info;
392 bl_mem_params_node_t *tos_fw_mem_params;
393 unsigned int i;
394 unsigned int idx;
395 unsigned long long ddr_top __unused;
396 const unsigned int image_ids[] = {
397 BL32_IMAGE_ID,
398 BL33_IMAGE_ID,
399 HW_CONFIG_ID,
400 TOS_FW_CONFIG_ID,
401 };
402
403 assert(bl_mem_params != NULL);
404
405 switch (image_id) {
406 case FW_CONFIG_ID:
407 /* Set global DTB info for fixed fw_config information */
408 set_config_info(STM32MP_FW_CONFIG_BASE, ~0UL, STM32MP_FW_CONFIG_MAX_SIZE,
409 FW_CONFIG_ID);
410 fconf_populate("FW_CONFIG", STM32MP_FW_CONFIG_BASE);
411
412 idx = dyn_cfg_dtb_info_get_index(TOS_FW_CONFIG_ID);
413
414 /* Iterate through all the fw config IDs */
415 for (i = 0U; i < ARRAY_SIZE(image_ids); i++) {
416 if ((image_ids[i] == TOS_FW_CONFIG_ID) && (idx == FCONF_INVALID_IDX)) {
417 continue;
418 }
419
420 bl_mem_params = get_bl_mem_params_node(image_ids[i]);
421 assert(bl_mem_params != NULL);
422
423 config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_ids[i]);
424 if (config_info == NULL) {
425 continue;
426 }
427
428 bl_mem_params->image_info.image_base = config_info->config_addr;
429 bl_mem_params->image_info.image_max_size = config_info->config_max_size;
430
431 bl_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
432
433 switch (image_ids[i]) {
434 case BL32_IMAGE_ID:
435 bl_mem_params->ep_info.pc = config_info->config_addr;
436
437 /* In case of OPTEE, initialize address space with tos_fw addr */
438 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
439 assert(pager_mem_params != NULL);
440 pager_mem_params->image_info.image_base = config_info->config_addr;
441 pager_mem_params->image_info.image_max_size =
442 config_info->config_max_size;
443
444 /* Init base and size for pager if exist */
445 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
446 if (paged_mem_params != NULL) {
447 paged_mem_params->image_info.image_base = STM32MP_DDR_BASE +
448 (dt_get_ddr_size() - STM32MP_DDR_S_SIZE -
449 STM32MP_DDR_SHMEM_SIZE);
450 paged_mem_params->image_info.image_max_size =
451 STM32MP_DDR_S_SIZE;
452 }
453 break;
454
455 case BL33_IMAGE_ID:
456 bl_mem_params->ep_info.pc = config_info->config_addr;
457 break;
458
459 case HW_CONFIG_ID:
460 case TOS_FW_CONFIG_ID:
461 break;
462
463 default:
464 return -EINVAL;
465 }
466 }
467 break;
468
469 case BL32_IMAGE_ID:
470 if (optee_header_is_valid(bl_mem_params->image_info.image_base)) {
471 image_info_t *paged_image_info = NULL;
472
473 /* BL32 is OP-TEE header */
474 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
475 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
476 assert(pager_mem_params != NULL);
477
478 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
479 if (paged_mem_params != NULL) {
480 paged_image_info = &paged_mem_params->image_info;
481 }
482
483 err = parse_optee_header(&bl_mem_params->ep_info,
484 &pager_mem_params->image_info,
485 paged_image_info);
486 if (err != 0) {
487 ERROR("OPTEE header parse error.\n");
488 panic();
489 }
490
491 /* Set optee boot info from parsed header data */
492 if (paged_mem_params != NULL) {
493 bl_mem_params->ep_info.args.arg0 =
494 paged_mem_params->image_info.image_base;
495 } else {
496 bl_mem_params->ep_info.args.arg0 = 0U;
497 }
498
499 bl_mem_params->ep_info.args.arg1 = 0U; /* Unused */
500 bl_mem_params->ep_info.args.arg2 = 0U; /* No DT supported */
501 } else {
502 bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
503 tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
504 assert(tos_fw_mem_params != NULL);
505 bl_mem_params->image_info.image_max_size +=
506 tos_fw_mem_params->image_info.image_max_size;
507 bl_mem_params->ep_info.args.arg0 = 0;
508 }
509 break;
510
511 case BL33_IMAGE_ID:
512 bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
513 assert(bl32_mem_params != NULL);
514 bl32_mem_params->ep_info.lr_svc = bl_mem_params->ep_info.pc;
515 #if PSA_FWU_SUPPORT
516 stm32mp1_fwu_set_boot_idx();
517 #endif /* PSA_FWU_SUPPORT */
518 break;
519
520 default:
521 /* Do nothing in default case */
522 break;
523 }
524
525 #if STM32MP_SDMMC || STM32MP_EMMC
526 /*
527 * Invalidate remaining data read from MMC but not flushed by load_image_flush().
528 * We take the worst case which is 2 MMC blocks.
529 */
530 if ((image_id != FW_CONFIG_ID) &&
531 ((bl_mem_params->image_info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U)) {
532 inv_dcache_range(bl_mem_params->image_info.image_base +
533 bl_mem_params->image_info.image_size,
534 2U * MMC_BLOCK_SIZE);
535 }
536 #endif /* STM32MP_SDMMC || STM32MP_EMMC */
537
538 return err;
539 }
540
bl2_el3_plat_prepare_exit(void)541 void bl2_el3_plat_prepare_exit(void)
542 {
543 #if STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER
544 uint16_t boot_itf = stm32mp_get_boot_itf_selected();
545
546 if ((boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_UART) ||
547 (boot_itf == BOOT_API_CTX_BOOT_INTERFACE_SEL_SERIAL_USB)) {
548 /* Invalidate the downloaded buffer used with io_memmap */
549 inv_dcache_range(DWL_BUFFER_BASE, DWL_BUFFER_SIZE);
550 }
551 #endif /* STM32MP_UART_PROGRAMMER || STM32MP_USB_PROGRAMMER */
552
553 stm32mp1_security_setup();
554 }
555