1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2019-2020, STMicroelectronics
4  */
5 
6 #include <assert.h>
7 #include <config.h>
8 #include <drivers/tzc400.h>
9 #include <initcall.h>
10 #include <kernel/interrupt.h>
11 #include <kernel/panic.h>
12 #include <mm/core_memprot.h>
13 #include <platform_config.h>
14 #include <trace.h>
15 #include <util.h>
16 
tzc_it_handler(struct itr_handler * handler __unused)17 static enum itr_return tzc_it_handler(struct itr_handler *handler __unused)
18 {
19 	EMSG("TZC permission failure");
20 	tzc_fail_dump();
21 
22 	if (IS_ENABLED(CFG_STM32MP_PANIC_ON_TZC_PERM_VIOLATION))
23 		panic();
24 	else
25 		tzc_int_clear();
26 
27 	return ITRR_HANDLED;
28 }
29 
30 static struct itr_handler tzc_itr_handler = {
31 	.it = STM32MP1_IRQ_TZC,
32 	.handler = tzc_it_handler,
33 };
34 DECLARE_KEEP_PAGER(tzc_itr_handler);
35 
tzc_region_is_non_secure(unsigned int i,vaddr_t base,size_t size)36 static bool tzc_region_is_non_secure(unsigned int i, vaddr_t base, size_t size)
37 {
38 	struct tzc_region_config region_cfg = { };
39 	uint32_t ns_cpu_mask = TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID);
40 	uint32_t filters_mask = GENMASK_32(1, 0);
41 
42 	if (tzc_get_region_config(i, &region_cfg))
43 		panic();
44 
45 	return region_cfg.base == base && region_cfg.top == (base + size - 1) &&
46 	       region_cfg.sec_attr == TZC_REGION_S_NONE &&
47 	       (region_cfg.ns_device_access & ns_cpu_mask) == ns_cpu_mask &&
48 	       region_cfg.filters == filters_mask;
49 }
50 
tzc_region_is_secure(unsigned int i,vaddr_t base,size_t size)51 static bool tzc_region_is_secure(unsigned int i, vaddr_t base, size_t size)
52 {
53 	struct tzc_region_config region_cfg = { };
54 	uint32_t filters_mask = GENMASK_32(1, 0);
55 
56 	if (tzc_get_region_config(i, &region_cfg))
57 		panic();
58 
59 	return region_cfg.base == base && region_cfg.top == (base + size - 1) &&
60 	       region_cfg.sec_attr == TZC_REGION_S_RDWR &&
61 	       region_cfg.ns_device_access == 0 &&
62 	       region_cfg.filters == filters_mask;
63 }
64 
init_stm32mp1_tzc(void)65 static TEE_Result init_stm32mp1_tzc(void)
66 {
67 	void *base = phys_to_virt(TZC_BASE, MEM_AREA_IO_SEC, 1);
68 	unsigned int region_index = 1;
69 	const uint64_t dram_start = DDR_BASE;
70 	const uint64_t dram_end = dram_start + CFG_DRAM_SIZE;
71 	const uint64_t tzdram_start = CFG_TZDRAM_START;
72 	const uint64_t tzdram_size = CFG_TZDRAM_SIZE;
73 	const uint64_t tzdram_end = tzdram_start + tzdram_size;
74 
75 	assert(base);
76 
77 	tzc_init((vaddr_t)base);
78 	tzc_dump_state();
79 
80 	/*
81 	 * Early boot stage is in charge of configuring memory regions
82 	 * OP-TEE hence here only check this complies with static Core
83 	 * expectations.
84 	 */
85 	if (dram_start < tzdram_start) {
86 		if (!tzc_region_is_non_secure(region_index, dram_start,
87 					      tzdram_start - dram_start))
88 			panic("Unexpected TZC area on non-secure region");
89 
90 		region_index++;
91 	}
92 
93 	if (!tzc_region_is_secure(region_index, tzdram_start, tzdram_size))
94 		panic("Unexpected TZC configuration on secure region");
95 
96 	if (tzdram_end < dram_end) {
97 		region_index++;
98 
99 		if (!tzc_region_is_non_secure(region_index, tzdram_end,
100 					      dram_end - tzdram_end))
101 			panic("Unexpected TZC area on non-secure region");
102 	}
103 
104 	itr_add(&tzc_itr_handler);
105 	itr_enable(tzc_itr_handler.it);
106 	tzc_set_action(TZC_ACTION_INT);
107 
108 	return TEE_SUCCESS;
109 }
110 driver_init(init_stm32mp1_tzc);
111