aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEtienne Carriere <etienne.carriere@st.com>2019-03-14 09:06:29 +0100
committerJérôme Forissier <jerome.forissier@linaro.org>2019-04-11 14:52:21 +0200
commit23b2f911c063a32264f4eb32ce83d07245c11f7a (patch)
treed1335d8f86cc841903852cbdd756682f9f2d85f7
parent84d74c3b616ac57db678cba2c9392ace243926e7 (diff)
stm32mp1: shres: configure ETZPC protection
With this change, platform configures the ETZPC firewall according to shared peripheral being assigned to either the secure or the non-secure world. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-rw-r--r--core/arch/arm/plat-stm32mp1/shared_resources.c48
1 files changed, 48 insertions, 0 deletions
diff --git a/core/arch/arm/plat-stm32mp1/shared_resources.c b/core/arch/arm/plat-stm32mp1/shared_resources.c
index bf77efd2..44295a4f 100644
--- a/core/arch/arm/plat-stm32mp1/shared_resources.c
+++ b/core/arch/arm/plat-stm32mp1/shared_resources.c
@@ -3,6 +3,8 @@
* Copyright (c) 2017-2019, STMicroelectronics
*/
+#include <drivers/stm32_etzpc.h>
+#include <drivers/stm32mp1_etzpc.h>
#include <drivers/stm32mp1_rcc.h>
#include <dt-bindings/clock/stm32mp1-clks.h>
#include <initcall.h>
@@ -564,6 +566,51 @@ static bool mckprot_resource(enum stm32mp_shres id)
}
}
+#ifdef CFG_STM32_ETZPC
+static enum etzpc_decprot_attributes shres2decprot_attr(enum stm32mp_shres id)
+{
+ if (stm32mp_periph_is_non_secure(id))
+ return ETZPC_DECPROT_NS_RW;
+
+ if (mckprot_resource(id))
+ return ETZPC_DECPROT_MCU_ISOLATION;
+
+ return ETZPC_DECPROT_S_RW;
+}
+
+static void set_etzpc_secure_configuration(void)
+{
+ /* Some peripherals shall be secure */
+ etzpc_configure_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW);
+ etzpc_configure_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW);
+ etzpc_configure_decprot(STM32MP1_ETZPC_DDRCTRL_ID, ETZPC_DECPROT_S_RW);
+ etzpc_configure_decprot(STM32MP1_ETZPC_DDRPHYC_ID, ETZPC_DECPROT_S_RW);
+
+ /* Configure ETZPC with peripheral registering */
+ etzpc_configure_decprot(STM32MP1_ETZPC_IWDG1_ID,
+ shres2decprot_attr(STM32MP1_SHRES_IWDG1));
+ etzpc_configure_decprot(STM32MP1_ETZPC_USART1_ID,
+ shres2decprot_attr(STM32MP1_SHRES_USART1));
+ etzpc_configure_decprot(STM32MP1_ETZPC_SPI6_ID,
+ shres2decprot_attr(STM32MP1_SHRES_SPI6));
+ etzpc_configure_decprot(STM32MP1_ETZPC_I2C4_ID,
+ shres2decprot_attr(STM32MP1_SHRES_I2C4));
+ etzpc_configure_decprot(STM32MP1_ETZPC_RNG1_ID,
+ shres2decprot_attr(STM32MP1_SHRES_RNG1));
+ etzpc_configure_decprot(STM32MP1_ETZPC_HASH1_ID,
+ shres2decprot_attr(STM32MP1_SHRES_HASH1));
+ etzpc_configure_decprot(STM32MP1_ETZPC_CRYP1_ID,
+ shres2decprot_attr(STM32MP1_SHRES_CRYP1));
+ etzpc_configure_decprot(STM32MP1_ETZPC_I2C6_ID,
+ shres2decprot_attr(STM32MP1_SHRES_I2C6));
+}
+#else
+static void set_etzpc_secure_configuration(void)
+{
+ /* Nothing to do */
+}
+#endif
+
static void check_rcc_secure_configuration(void)
{
bool secure = stm32_rcc_is_secure();
@@ -607,6 +654,7 @@ static TEE_Result stm32mp1_lock_shared_resources(void)
shres2str_id(id), id, shres2str_state(*state));
}
+ set_etzpc_secure_configuration();
check_rcc_secure_configuration();
return TEE_SUCCESS;