Registered User m (→References) |
Registered User mNo edit summary Tag: 2017 source edit |
||
| (6 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
<noinclude>{{ApplicableFor | <noinclude>{{ApplicableFor | ||
|MPUs list=STM32MP25x | |MPUs list=STM32MP25x | ||
|MPUs checklist=STM32MP25x | |MPUs checklist= STM32MP13x, STM32MP15x, STM32MP25x | ||
}}</noinclude> | }}</noinclude> | ||
| Line 11: | Line 11: | ||
== DT bindings documentation == | == DT bindings documentation == | ||
The RISAB driver | The RISAB driver configures the memory regions referenced in the "'''memory-region'''" property. Those regions' security configuration resides in the "'''st,protreg'''" property and they must be within the memory range defined by the "'''st,mem-map"''' property. In opposition to the [[RISAF internal peripheral | RISAF]], it is possible to allow secure read/write data accesses to nonsecure blocks and pages (secure execute remains illegal) by setting the "'''st,srwiad"''' property. | ||
The device tree binding documents are stored either in the given applicable components listed below: <br> | The device tree binding documents are stored either in the given applicable components listed below: <br> | ||
| Line 47: | Line 47: | ||
The objective of this chapter is to explain how to enable and configure the RISAB DT nodes for a board.<br> | The objective of this chapter is to explain how to enable and configure the RISAB DT nodes for a board.<br> | ||
Memory regions and security configurations are done in specific board device tree files ('''board'''-resmem (regions) '''board'''-rif (secure configuration)) | Memory regions and security configurations are done in specific board device tree files ('''board'''-resmem (regions) '''board'''-rif (secure configuration)). | ||
==== DT configuration (board level) - board device tree ==== | ==== DT configuration (board level) - board device tree ==== | ||
| Line 54: | Line 54: | ||
==== DT configuration (board level) - resmem board device tree ==== | ==== DT configuration (board level) - resmem board device tree ==== | ||
This device tree file contains all board dependent reserved memory nodes declaration. All memory regions under RISAB protection | This device tree file contains all board dependent reserved memory nodes declaration. All memory regions under RISAB protection must be declared here. Example for the RISAB 3 topology in the {{CodeSource | OP-TEE_OS | core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-resmem.dtsi | stm32mp257f-ev1-ca35tdcid-resmem.dtsi}} file: | ||
{{Highlight|//Comments}} | {{Highlight|//Comments}} | ||
| Line 61: | Line 61: | ||
... | ... | ||
bsec_mirror: bsec-mirror@a040000 { | bsec_mirror: bsec-mirror@a040000 { | ||
reg = <0x0 0xa040000 0x0 0x1000>; {{Highlight|//First page of the RISAB3}} | reg = <0x0 0xa040000 0x0 0x1000>; {{Highlight|//First page of the SRAM1, covered by the RISAB3}} | ||
no-map; | no-map; | ||
}; | }; | ||
mcuram1: mcuram1@a041000 { | mcuram1: mcuram1@a041000 { | ||
reg = <0x0 0xa041000 0x0 0x1f000>; {{Highlight|//Other 31 pages of the RISAB3}} | reg = <0x0 0xa041000 0x0 0x1f000>; {{Highlight|//Other 31 pages of the SRAM1, covered by the RISAB3}} | ||
no-map; | no-map; | ||
}; | }; | ||
{{Highlight|//No block subdivision in each page}} | {{Highlight|//No block subdivision in each page}} | ||
Notice that there | Notice that there is no secure configuration present in this extract. | ||
{{Info | The topology of the memory zones and the number/size of each zone are fully customizable as long as the regions do not overlap and are within the memory range defined in the '''st,mem-map''' property of the RISAB.}} | {{Info | The topology of the memory zones and the number/size of each zone are fully customizable as long as the regions do not overlap and are within the memory range defined in the '''st,mem-map''' property of the RISAB.}} | ||
| Line 78: | Line 78: | ||
==== DT configuration (board level) - secure configuration board device tree ==== | ==== DT configuration (board level) - secure configuration board device tree ==== | ||
This device tree file contains all board customizable security configurations . All memory regions that one wishes to configure and enable | This device tree file contains all board customizable security configurations. All memory regions that one wishes to configure and enable must appear in this file. Example of a secured RISAB zone: | ||
{{Highlight|//Comments}} | {{Highlight|//Comments}} | ||
| Line 88: | Line 88: | ||
... | ... | ||
Example for the RISAB3 | Example for the RISAB3 regions described in the [[RISAB device tree configuration#DT configuration (board level) - resmem board device tree | reserved memory description chapter]]. | ||
{{Highlight|//Comments}} | {{Highlight|//Comments}} | ||
... | ... | ||
&bsec_mirror { | |||
st,protreg = <RISABPROT(RIF_DDCID_DIS, | st,protreg = <RISABPROT(RIF_DDCID_DIS, RIF_UNUSED, RIF_SEC, RIF_UNUSED, RIF_CFEN, RIF_CID1_BF|RIF_CID2_BF, RIF_CID1_BF, RIF_CID1_BF|RIF_CID2_BF)>; | ||
}; | |||
{{Highlight|// | {{Highlight|//bsec_mirror region is not delegated, secure and accessible only by CID1(Read/Write/Priv-only) and CID2(Read/Priv-only) modes}} | ||
&cm33_sram1 { | |||
st,protreg = <RISABPROT(RIF_DDCID_DIS, | st,protreg = <RISABPROT(RIF_DDCID_DIS, RIF_UNUSED, RIF_NSEC, RIF_UNUSED, RIF_CFEN, RIF_CID2_BF, RIF_CID2_BF, 0)>; | ||
} | }; | ||
{{Highlight|//cm33_sram1 region is not delegated, non-secure and accessible only by CID2 in Read/Write modes}} | |||
... | ... | ||
{{Highlight|// | {{Highlight|//The memory zones that will be configured by a RISAB's driver are listed in its node}} | ||
&risab3 { | &risab3 { | ||
st,srwiad; {{Highlight|//The non-secure memory zones covered by this RISAB will be accessible in read/write by the secure world}} | st,srwiad; {{Highlight|//The non-secure memory zones covered by this RISAB will be accessible in read/write by the secure world}} | ||
| Line 107: | Line 108: | ||
}; | }; | ||
{{Info | If a | {{Info | If a memory range is not covered by a region in the memory-region property, it will not be configured by the RISAB driver and will inherit from the RISAB default configuration, which is fixed to secure, nonprivileged and TDCID accesses only.}} | ||
{{Info | For more information on the RISABPROT macro, | {{Info | For more information on the RISABPROT macro, refer to the RISABPROT section of the {{CodeSource | OP-TEE_OS | documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml | Memory region bindings}}.}} | ||
==How to configure the DT using STM32CubeMX== | ==How to configure the DT using STM32CubeMX== | ||
The [[STM32CubeMX]] tool can be used to configure the STM32MPU device and get the corresponding [[Device_tree#STM32_MPU|platform configuration device tree]] files.<br /> | The [[STM32CubeMX]] tool can be used to configure the STM32MPU device and get the corresponding [[Device_tree#STM32_MPU|platform configuration device tree]] files.<br /> | ||
STM32CubeMX may not support all the properties described in DT binding files listed in the above [[#DT bindings documentation|DT bindings documentation]] paragraph. If so, the tool inserts '''user sections''' in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to [[STM32CubeMX]] user manual for further information. | STM32CubeMX may not support all the properties described in the DT binding files listed in the above [[#DT bindings documentation|DT bindings documentation]] paragraph. If so, the tool inserts '''user sections''' in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to the [[STM32CubeMX]] user manual for further information. | ||
==Debug the configuration== | |||
To learn more on this subject, visit: [[How to analyze IAC & SERC errors]] | |||
==References== | ==References== | ||
| Line 120: | Line 124: | ||
<references /> | <references /> | ||
<noinclude> | <noinclude> | ||
{{ArticleBasedOnModel | Peripheral or framework device tree configuration model}} | {{ArticleBasedOnModel | Peripheral or framework device tree configuration model}} | ||
[[Category:Device tree configuration]] | [[Category:Device tree configuration]] | ||
[[Category:Security]] | [[Category:Security]] | ||
{{PublicationRequestId |31423| 2024-06-17 | }} | |||
</noinclude> | </noinclude> | ||
Latest revision as of 15:21, 19 June 2024
1. Article purpose[edit | edit source]
The purpose of this article is to explain how to configure the RISAB peripheral using the device tree mechanism, relying on the bindings documentation, that is the description of the required and optional device-tree properties.
The RISAB peripheral configuration can only be done by the CPU running in TDCID mode.
2. DT bindings documentation[edit | edit source]
The RISAB driver configures the memory regions referenced in the "memory-region" property. Those regions' security configuration resides in the "st,protreg" property and they must be within the memory range defined by the "st,mem-map" property. In opposition to the RISAF, it is possible to allow secure read/write data accesses to nonsecure blocks and pages (secure execute remains illegal) by setting the "st,srwiad" property.
The device tree binding documents are stored either in the given applicable components listed below:
- OP-TEE:
- Reserved-memory device tree bindings: Memory region and its RIF configuration
- RISAB device tree bindings RISAB bindings
3. DT configuration[edit | edit source]
This hardware description is a combination of the STM32 microprocessor device tree files (.dtsi extension) and board device tree files (.dts extension). See the Device tree for an explanation of the device-tree file organization.
STM32CubeMX can be used to generate the board device tree. Refer to How to configure the DT using STM32CubeMX for more details.
RISAB is used to assign memory pages (memory regions) to one or more security domains (secure, privilege, compartment). The definition of these regions/sub regions resides in the board-resmem device tree file and their secure configuration resides in the board-rif device tree file. Both are fully customizable.
3.1. DT configuration (STM32/SoC level)[edit | edit source]
The RISAB node is located in the device tree file for the software components supporting the peripheral and listed in the above DT bindings documentation paragraph.
The RISAB nodes are defined at SoC device file level as:
//Comments risab3: risab@42110000 { compatible = "st,stm32mp25-risab"; reg = <0x42110000 0x1000>; clocks = <&rcc CK_ICN_LS_MCU>; st,mem-map = <0xa040000 0x20000>; //Memory range covered by the RISAB3 (128KBytes SRAM1) };
3.2. DT configuration (board level)[edit | edit source]
The objective of this chapter is to explain how to enable and configure the RISAB DT nodes for a board.
Memory regions and security configurations are done in specific board device tree files (board-resmem (regions) board-rif (secure configuration)).
3.2.1. DT configuration (board level) - board device tree[edit | edit source]
All of the RISAB instances are default enabled at board level.
3.2.2. DT configuration (board level) - resmem board device tree[edit | edit source]
This device tree file contains all board dependent reserved memory nodes declaration. All memory regions under RISAB protection must be declared here. Example for the RISAB 3 topology in the stm32mp257f-ev1-ca35tdcid-resmem.dtsi file:
//Comments /* Internal RAM reserved memory declaration */ ... bsec_mirror: bsec-mirror@a040000 { reg = <0x0 0xa040000 0x0 0x1000>; //First page of the SRAM1, covered by the RISAB3 no-map; }; mcuram1: mcuram1@a041000 { reg = <0x0 0xa041000 0x0 0x1f000>; //Other 31 pages of the SRAM1, covered by the RISAB3 no-map; }; //No block subdivision in each page
Notice that there is no secure configuration present in this extract.
3.2.3. DT configuration (board level) - secure configuration board device tree[edit | edit source]
This device tree file contains all board customizable security configurations. All memory regions that one wishes to configure and enable must appear in this file. Example of a secured RISAB zone:
//Comments ... //SYSRAM1 zone is not delegated, is secure and accessible in read/write/privileged modes by CID1 &sysram1 { st,protreg = <RISABPROT(RIF_DDCID_DIS, 0, RIF_SEC, RIF_PRIV, RIF_CFEN, RIF_CID1_BF, RIF_CID1_BF, RIF_CID1_BF)>; }; ...
Example for the RISAB3 regions described in the reserved memory description chapter.
//Comments ... &bsec_mirror { st,protreg = <RISABPROT(RIF_DDCID_DIS, RIF_UNUSED, RIF_SEC, RIF_UNUSED, RIF_CFEN, RIF_CID1_BF|RIF_CID2_BF, RIF_CID1_BF, RIF_CID1_BF|RIF_CID2_BF)>; }; //bsec_mirror region is not delegated, secure and accessible only by CID1(Read/Write/Priv-only) and CID2(Read/Priv-only) modes &cm33_sram1 { st,protreg = <RISABPROT(RIF_DDCID_DIS, RIF_UNUSED, RIF_NSEC, RIF_UNUSED, RIF_CFEN, RIF_CID2_BF, RIF_CID2_BF, 0)>; }; //cm33_sram1 region is not delegated, non-secure and accessible only by CID2 in Read/Write modes ... //The memory zones that will be configured by a RISAB's driver are listed in its node &risab3 { st,srwiad; //The non-secure memory zones covered by this RISAB will be accessible in read/write by the secure world memory-region = <&bsec_mirror>, <&mcuram1>; };
4. How to configure the DT using STM32CubeMX[edit | edit source]
The STM32CubeMX tool can be used to configure the STM32MPU device and get the corresponding platform configuration device tree files.
STM32CubeMX may not support all the properties described in the DT binding files listed in the above DT bindings documentation paragraph. If so, the tool inserts user sections in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to the STM32CubeMX user manual for further information.
5. Debug the configuration[edit | edit source]
To learn more on this subject, visit: How to analyze IAC & SERC errors
6. References[edit | edit source]
Refer to the following links for additional information: RIF overview