Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
plat-stm32mp1: shared_resource: disable MCKPROT if not needed
Browse files Browse the repository at this point in the history
Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow
non-secure world to control Cortex-M coprocessor. This change is needed
when RCC secure hardening is enabled (RCC[TZEN] control bit) as it
also default enable RCC MCKPROT preventing non-secure world from
accessing some coprocessor SoC resources.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
etienne-lms committed Jan 16, 2024
1 parent 8e9d8ac commit ef828b4
Showing 2 changed files with 26 additions and 9 deletions.
24 changes: 15 additions & 9 deletions core/arch/arm/plat-stm32mp1/shared_resources.c
Original file line number Diff line number Diff line change
@@ -663,7 +663,8 @@ static void check_rcc_secure_configuration(void)
bool secure = stm32_rcc_is_secure();
bool mckprot = stm32_rcc_is_mckprot();
enum stm32mp_shres id = STM32MP1_SHRES_COUNT;
bool have_error = false;
bool need_secure = false;
bool need_mckprot = false;
uint32_t state = 0;

if (stm32_bsec_get_state(&state))
@@ -683,21 +684,26 @@ static void check_rcc_secure_configuration(void)
id == STM32MP1_SHRES_SRAM4)
continue;

if ((mckprot_resource(id) && !mckprot) || !secure) {
EMSG("RCC %s MCKPROT %s and %s (%u) secure",
secure ? "secure" : "non-secure",
mckprot ? "set" : "not set",
shres2str_id(id), id);
have_error = true;
}
need_secure = true;
if (mckprot_resource(id))
need_mckprot = true;

if (!secure || (need_mckprot && !mckprot))
EMSG("Error RCC TZEN=%u MCKPROT=%u and %s (%u) secure",
secure, mckprot, shres2str_id(id), id);
}

if (have_error) {
if ((need_secure && !secure) || (need_mckprot && !mckprot)) {
if (IS_ENABLED(CFG_INSECURE))
EMSG("WARNING: CFG_INSECURE allows insecure RCC configuration");
else
panic();
}

if (!need_mckprot && mckprot) {
DMSG("Disable RCC MCKPROT");
stm32_rcc_set_mckprot(false);
}
}

static void set_gpio_secure_configuration(void)
11 changes: 11 additions & 0 deletions core/include/drivers/stm32mp1_rcc.h
Original file line number Diff line number Diff line change
@@ -561,6 +561,17 @@ static inline bool stm32_rcc_is_mckprot(void)
{
return io_read32(stm32_rcc_base() + RCC_TZCR) & RCC_TZCR_MCKPROT;
}

static inline void stm32_rcc_set_mckprot(bool enable)
{
vaddr_t tzcr_reg = stm32_rcc_base() + RCC_TZCR;

if (enable)
io_setbits32(tzcr_reg, RCC_TZCR_MCKPROT);
else
io_clrbits32(tzcr_reg, RCC_TZCR_MCKPROT);
}

#endif /*__ASSEMBLER__*/

#endif /*__DRIVERS_STM32MP1_RCC_H__*/

0 comments on commit ef828b4

Please sign in to comment.