From ef828b474cb7504c18f7952e8bf85c965d34c574 Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Tue, 19 Dec 2023 20:17:52 +0100 Subject: [PATCH] plat-stm32mp1: shared_resource: disable MCKPROT if not needed Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow non-secure world to control Cortex-M coprocessor. This change is needed when RCC secure hardening is enabled (RCC[TZEN] control bit) as it also default enable RCC MCKPROT preventing non-secure world from accessing some coprocessor SoC resources. Signed-off-by: Etienne Carriere --- .../arch/arm/plat-stm32mp1/shared_resources.c | 24 ++++++++++++------- core/include/drivers/stm32mp1_rcc.h | 11 +++++++++ 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/core/arch/arm/plat-stm32mp1/shared_resources.c b/core/arch/arm/plat-stm32mp1/shared_resources.c index 76ce6485918..a414579d107 100644 --- a/core/arch/arm/plat-stm32mp1/shared_resources.c +++ b/core/arch/arm/plat-stm32mp1/shared_resources.c @@ -663,7 +663,8 @@ static void check_rcc_secure_configuration(void) bool secure = stm32_rcc_is_secure(); bool mckprot = stm32_rcc_is_mckprot(); enum stm32mp_shres id = STM32MP1_SHRES_COUNT; - bool have_error = false; + bool need_secure = false; + bool need_mckprot = false; uint32_t state = 0; if (stm32_bsec_get_state(&state)) @@ -683,21 +684,26 @@ static void check_rcc_secure_configuration(void) id == STM32MP1_SHRES_SRAM4) continue; - if ((mckprot_resource(id) && !mckprot) || !secure) { - EMSG("RCC %s MCKPROT %s and %s (%u) secure", - secure ? "secure" : "non-secure", - mckprot ? "set" : "not set", - shres2str_id(id), id); - have_error = true; - } + need_secure = true; + if (mckprot_resource(id)) + need_mckprot = true; + + if (!secure || (need_mckprot && !mckprot)) + EMSG("Error RCC TZEN=%u MCKPROT=%u and %s (%u) secure", + secure, mckprot, shres2str_id(id), id); } - if (have_error) { + if ((need_secure && !secure) || (need_mckprot && !mckprot)) { if (IS_ENABLED(CFG_INSECURE)) EMSG("WARNING: CFG_INSECURE allows insecure RCC configuration"); else panic(); } + + if (!need_mckprot && mckprot) { + DMSG("Disable RCC MCKPROT"); + stm32_rcc_set_mckprot(false); + } } static void set_gpio_secure_configuration(void) diff --git a/core/include/drivers/stm32mp1_rcc.h b/core/include/drivers/stm32mp1_rcc.h index 311cea8449e..83f3ead80e7 100644 --- a/core/include/drivers/stm32mp1_rcc.h +++ b/core/include/drivers/stm32mp1_rcc.h @@ -561,6 +561,17 @@ static inline bool stm32_rcc_is_mckprot(void) { return io_read32(stm32_rcc_base() + RCC_TZCR) & RCC_TZCR_MCKPROT; } + +static inline void stm32_rcc_set_mckprot(bool enable) +{ + vaddr_t tzcr_reg = stm32_rcc_base() + RCC_TZCR; + + if (enable) + io_setbits32(tzcr_reg, RCC_TZCR_MCKPROT); + else + io_clrbits32(tzcr_reg, RCC_TZCR_MCKPROT); +} + #endif /*__ASSEMBLER__*/ #endif /*__DRIVERS_STM32MP1_RCC_H__*/