#define F_USE_ALL_WRPXX BIT(1)
/* this flag indicates if the device embeds a TrustZone security feature */
#define F_HAS_TZ BIT(2)
+/* this flag indicates if the device has the same flash registers as STM32L5 */
+#define F_HAS_L5_FLASH_REGS BIT(3)
/* end of STM32L4 flags ******************************************************/
static const uint32_t stm32l5_ns_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
[STM32_FLASH_ACR_INDEX] = 0x000,
- [STM32_FLASH_KEYR_INDEX] = 0x008,
+ [STM32_FLASH_KEYR_INDEX] = 0x008, /* NSKEYR */
+ [STM32_FLASH_OPTKEYR_INDEX] = 0x010,
+ [STM32_FLASH_SR_INDEX] = 0x020, /* NSSR */
+ [STM32_FLASH_CR_INDEX] = 0x028, /* NSCR */
+ [STM32_FLASH_OPTR_INDEX] = 0x040,
+ [STM32_FLASH_WRP1AR_INDEX] = 0x058,
+ [STM32_FLASH_WRP1BR_INDEX] = 0x05C,
+ [STM32_FLASH_WRP2AR_INDEX] = 0x068,
+ [STM32_FLASH_WRP2BR_INDEX] = 0x06C,
+};
+
+static const uint32_t stm32l5_s_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
+ [STM32_FLASH_ACR_INDEX] = 0x000,
+ [STM32_FLASH_KEYR_INDEX] = 0x00C, /* SECKEYR */
[STM32_FLASH_OPTKEYR_INDEX] = 0x010,
- [STM32_FLASH_SR_INDEX] = 0x020,
- [STM32_FLASH_CR_INDEX] = 0x028,
+ [STM32_FLASH_SR_INDEX] = 0x024, /* SECSR */
+ [STM32_FLASH_CR_INDEX] = 0x02C, /* SECCR */
[STM32_FLASH_OPTR_INDEX] = 0x040,
[STM32_FLASH_WRP1AR_INDEX] = 0x058,
[STM32_FLASH_WRP1BR_INDEX] = 0x05C,
uint32_t user_bank_size;
uint32_t wrpxxr_mask;
const struct stm32l4_part_info *part_info;
+ uint32_t flash_regs_base;
const uint32_t *flash_regs;
bool otp_enabled;
enum stm32l4_rdp rdp;
bool tzen;
+ uint32_t optr;
};
enum stm32_bank_id {
.num_revs = ARRAY_SIZE(stm32_472_revs),
.device_str = "STM32L55/L56xx",
.max_flash_size_kb = 512,
- .flags = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ,
+ .flags = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ | F_HAS_L5_FLASH_REGS,
.flash_regs_base = 0x40022000,
.default_flash_regs = stm32l5_ns_flash_regs,
.fsize_addr = 0x0BFA05E0,
return stm32l4_info->otp_enabled;
}
-static void stm32l4_sync_rdp_tzen(struct flash_bank *bank, uint32_t optr_value)
+static void stm32l4_sync_rdp_tzen(struct flash_bank *bank)
{
struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
bool tzen = false;
if (stm32l4_info->part_info->flags & F_HAS_TZ)
- tzen = (optr_value & FLASH_TZEN) != 0;
+ tzen = (stm32l4_info->optr & FLASH_TZEN) != 0;
- uint32_t rdp = optr_value & FLASH_RDP_MASK;
+ uint32_t rdp = stm32l4_info->optr & FLASH_RDP_MASK;
/* for devices without TrustZone:
* RDP level 0 and 2 values are to 0xAA and 0xCC
static inline uint32_t stm32l4_get_flash_reg(struct flash_bank *bank, uint32_t reg_offset)
{
struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
- return stm32l4_info->part_info->flash_regs_base + reg_offset;
+ return stm32l4_info->flash_regs_base + reg_offset;
}
static inline uint32_t stm32l4_get_flash_reg_by_index(struct flash_bank *bank,
return retval;
}
+/** set all FLASH_SECBB registers to the same value */
+static int stm32l4_set_secbb(struct flash_bank *bank, uint32_t value)
+{
+ /* This function should be used only with device with TrustZone, do just a security check */
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
+ assert(stm32l4_info->part_info->flags & F_HAS_TZ);
+
+ /* based on RM0438 Rev6 for STM32L5x devices:
+ * to modify a page block-based security attribution, it is recommended to
+ * 1- check that no flash operation is ongoing on the related page
+ * 2- add ISB instruction after modifying the page security attribute in SECBBxRy
+ * this step is not need in case of JTAG direct access
+ */
+ int retval = stm32l4_wait_status_busy(bank, FLASH_ERASE_TIMEOUT);
+ if (retval != ERROR_OK)
+ return retval;
+
+ /* write SECBBxRy registers */
+ LOG_DEBUG("setting secure block-based areas registers (SECBBxRy) to 0x%08x", value);
+
+ const uint8_t secbb_regs[] = {
+ FLASH_SECBB1(1), FLASH_SECBB1(2), FLASH_SECBB1(3), FLASH_SECBB1(4), /* bank 1 SECBB register offsets */
+ FLASH_SECBB2(1), FLASH_SECBB2(2), FLASH_SECBB2(3), FLASH_SECBB2(4) /* bank 2 SECBB register offsets */
+ };
+
+
+ unsigned int num_secbb_regs = ARRAY_SIZE(secbb_regs);
+
+ /* in single bank mode, it's useless to modify FLASH_SECBB2Rx registers
+ * then consider only the first half of secbb_regs
+ */
+ if (!stm32l4_info->dual_bank_mode)
+ num_secbb_regs /= 2;
+
+ for (unsigned int i = 0; i < num_secbb_regs; i++) {
+ retval = stm32l4_write_flash_reg(bank, secbb_regs[i], value);
+ if (retval != ERROR_OK)
+ return retval;
+ }
+
+ return ERROR_OK;
+}
+
static int stm32l4_unlock_reg(struct flash_bank *bank)
{
uint32_t ctrl;
return ERROR_OK;
}
+static int stm32l4_perform_obl_launch(struct flash_bank *bank)
+{
+ int retval, retval2;
+
+ retval = stm32l4_unlock_reg(bank);
+ if (retval != ERROR_OK)
+ goto err_lock;
+
+ retval = stm32l4_unlock_option_reg(bank);
+ if (retval != ERROR_OK)
+ goto err_lock;
+
+ /* Set OBL_LAUNCH bit in CR -> system reset and option bytes reload,
+ * but the RMs explicitly do *NOT* list this as power-on reset cause, and:
+ * "Note: If the read protection is set while the debugger is still
+ * connected through JTAG/SWD, apply a POR (power-on reset) instead of a system reset."
+ */
+
+ /* "Setting OBL_LAUNCH generates a reset so the option byte loading is performed under system reset" */
+ /* Due to this reset ST-Link reports an SWD_DP_ERROR, despite the write was successful,
+ * then just ignore the returned value */
+ stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_OBL_LAUNCH);
+
+ /* Need to re-probe after change */
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
+ stm32l4_info->probed = false;
+
+err_lock:
+ retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK | FLASH_OPTLOCK);
+
+ if (retval != ERROR_OK)
+ return retval;
+
+ return retval2;
+}
+
static int stm32l4_write_option(struct flash_bank *bank, uint32_t reg_offset,
uint32_t value, uint32_t mask)
{
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
uint32_t optiondata;
int retval, retval2;
if (retval != ERROR_OK)
return retval;
+ /* for STM32L5 and similar devices, use always non-secure
+ * registers for option bytes programming */
+ const uint32_t *saved_flash_regs = stm32l4_info->flash_regs;
+ if (stm32l4_info->part_info->flags & F_HAS_L5_FLASH_REGS)
+ stm32l4_info->flash_regs = stm32l5_ns_flash_regs;
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK | FLASH_OPTLOCK);
+ stm32l4_info->flash_regs = saved_flash_regs;
if (retval != ERROR_OK)
return retval;
return ERROR_TARGET_NOT_HALTED;
}
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK)
return retval;
static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
uint32_t offset, uint32_t count)
{
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
int retval = ERROR_OK, retval2;
if (stm32l4_is_otp(bank) && !stm32l4_otp_is_enabled(bank)) {
if (retval != ERROR_OK)
return retval;
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK) {
LOG_ERROR("block write failed");
return retval;
struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
const struct stm32l4_part_info *part_info;
uint16_t flash_size_kb = 0xffff;
- uint32_t options;
stm32l4_info->probed = false;
LOG_INFO("device idcode = 0x%08" PRIx32 " (%s - Rev %s : 0x%04x)",
stm32l4_info->idcode, part_info->device_str, rev_str, rev_id);
+ stm32l4_info->flash_regs_base = stm32l4_info->part_info->flash_regs_base;
stm32l4_info->flash_regs = stm32l4_info->part_info->default_flash_regs;
/* read flash option register */
- retval = stm32l4_read_flash_reg_by_index(bank, STM32_FLASH_OPTR_INDEX, &options);
+ retval = stm32l4_read_flash_reg_by_index(bank, STM32_FLASH_OPTR_INDEX, &stm32l4_info->optr);
if (retval != ERROR_OK)
return retval;
- stm32l4_sync_rdp_tzen(bank, options);
+ stm32l4_sync_rdp_tzen(bank);
if (part_info->flags & F_HAS_TZ)
LOG_INFO("TZEN = %d : TrustZone %s by option bytes",
stm32l4_info->probed = true;
return ERROR_OK;
- } else if (bank->base != STM32_FLASH_BANK_BASE) {
+ } else if (bank->base != STM32_FLASH_BANK_BASE && bank->base != STM32_FLASH_S_BANK_BASE) {
LOG_ERROR("invalid bank base address");
return ERROR_FAIL;
}
stm32l4_info->bank1_sectors = num_pages;
/* check DUAL_BANK bit[21] if the flash is less than 1M */
- if (flash_size_kb == 1024 || (options & BIT(21))) {
+ if (flash_size_kb == 1024 || (stm32l4_info->optr & BIT(21))) {
stm32l4_info->dual_bank_mode = true;
stm32l4_info->bank1_sectors = num_pages / 2;
}
page_size_kb = 4;
num_pages = flash_size_kb / page_size_kb;
stm32l4_info->bank1_sectors = num_pages;
- if (options & BIT(22)) {
+ if (stm32l4_info->optr & BIT(22)) {
stm32l4_info->dual_bank_mode = true;
page_size_kb = 2;
num_pages = flash_size_kb / page_size_kb;
num_pages = flash_size_kb / page_size_kb;
stm32l4_info->bank1_sectors = num_pages;
use_dbank_bit = flash_size_kb == part_info->max_flash_size_kb;
- if ((use_dbank_bit && (options & BIT(22))) ||
- (!use_dbank_bit && (options & BIT(21)))) {
+ if ((use_dbank_bit && (stm32l4_info->optr & BIT(22))) ||
+ (!use_dbank_bit && (stm32l4_info->optr & BIT(21)))) {
stm32l4_info->dual_bank_mode = true;
page_size_kb = 4;
num_pages = flash_size_kb / page_size_kb;
num_pages = flash_size_kb / page_size_kb;
stm32l4_info->bank1_sectors = num_pages;
use_dbank_bit = flash_size_kb == part_info->max_flash_size_kb;
- if ((use_dbank_bit && (options & BIT(22))) ||
- (!use_dbank_bit && (options & BIT(21)))) {
+ if ((use_dbank_bit && (stm32l4_info->optr & BIT(22))) ||
+ (!use_dbank_bit && (stm32l4_info->optr & BIT(21)))) {
stm32l4_info->dual_bank_mode = true;
page_size_kb = 2;
num_pages = flash_size_kb / page_size_kb;
stm32l4_info->bank1_sectors = num_pages / 2;
}
+
+ /**
+ * by default use the non-secure registers,
+ * switch secure registers if TZ is enabled and RDP is LEVEL_0
+ */
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ stm32l4_info->flash_regs_base |= 0x10000000;
+ stm32l4_info->flash_regs = stm32l5_s_flash_regs;
+ }
break;
case 0x495: /* STM32WB5x */
case 0x496: /* STM32WB3x */
static int stm32l4_auto_probe(struct flash_bank *bank)
{
struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
- if (stm32l4_info->probed)
- return ERROR_OK;
+ if (stm32l4_info->probed) {
+ uint32_t optr_cur;
+
+ /* read flash option register and re-probe if optr value is changed */
+ int retval = stm32l4_read_flash_reg_by_index(bank, STM32_FLASH_OPTR_INDEX, &optr_cur);
+ if (retval != ERROR_OK)
+ return retval;
+
+ if (stm32l4_info->optr == optr_cur)
+ return ERROR_OK;
+ }
return stm32l4_probe(bank);
}
return ERROR_TARGET_NOT_HALTED;
}
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK)
return retval;
return retval;
}
-COMMAND_HANDLER(stm32l4_handle_option_load_command)
+COMMAND_HANDLER(stm32l4_handle_trustzone_command)
{
- if (CMD_ARGC != 1)
+ if (CMD_ARGC < 1 || CMD_ARGC > 2)
return ERROR_COMMAND_SYNTAX_ERROR;
struct flash_bank *bank;
if (retval != ERROR_OK)
return retval;
- retval = stm32l4_unlock_reg(bank);
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
+ if (!(stm32l4_info->part_info->flags & F_HAS_TZ)) {
+ LOG_ERROR("This device does not have a TrustZone");
+ return ERROR_FAIL;
+ }
+
+ retval = stm32l4_read_flash_reg_by_index(bank, STM32_FLASH_OPTR_INDEX, &stm32l4_info->optr);
if (retval != ERROR_OK)
return retval;
- retval = stm32l4_unlock_option_reg(bank);
+ stm32l4_sync_rdp_tzen(bank);
+
+ if (CMD_ARGC == 1) {
+ /* only display the TZEN value */
+ LOG_INFO("Global TrustZone Security is %s", stm32l4_info->tzen ? "enabled" : "disabled");
+ return ERROR_OK;
+ }
+
+ bool new_tzen;
+ COMMAND_PARSE_ENABLE(CMD_ARGV[1], new_tzen);
+
+ if (new_tzen == stm32l4_info->tzen) {
+ LOG_INFO("The requested TZEN is already programmed");
+ return ERROR_OK;
+ }
+
+ if (new_tzen) {
+ if (stm32l4_info->rdp != RDP_LEVEL_0) {
+ LOG_ERROR("TZEN can be set only when RDP level is 0");
+ return ERROR_FAIL;
+ }
+ retval = stm32l4_write_option(bank, stm32l4_info->flash_regs[STM32_FLASH_OPTR_INDEX],
+ FLASH_TZEN, FLASH_TZEN);
+ } else {
+ /* Deactivation of TZEN (from 1 to 0) is only possible when the RDP is
+ * changing to level 0 (from level 1 to level 0 or from level 0.5 to level 0). */
+ if (stm32l4_info->rdp != RDP_LEVEL_1 && stm32l4_info->rdp != RDP_LEVEL_0_5) {
+ LOG_ERROR("Deactivation of TZEN is only possible when the RDP is changing to level 0");
+ return ERROR_FAIL;
+ }
+
+ retval = stm32l4_write_option(bank, stm32l4_info->flash_regs[STM32_FLASH_OPTR_INDEX],
+ RDP_LEVEL_0, FLASH_RDP_MASK | FLASH_TZEN);
+ }
+
if (retval != ERROR_OK)
return retval;
- /* Set OBL_LAUNCH bit in CR -> system reset and option bytes reload,
- * but the RMs explicitly do *NOT* list this as power-on reset cause, and:
- * "Note: If the read protection is set while the debugger is still
- * connected through JTAG/SWD, apply a POR (power-on reset) instead of a system reset."
- */
- retval = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_OBL_LAUNCH);
+ return stm32l4_perform_obl_launch(bank);
+}
- command_print(CMD, "stm32l4x option load completed. Power-on reset might be required");
+COMMAND_HANDLER(stm32l4_handle_option_load_command)
+{
+ if (CMD_ARGC != 1)
+ return ERROR_COMMAND_SYNTAX_ERROR;
- /* Need to re-probe after change */
- struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
- stm32l4_info->probed = false;
+ struct flash_bank *bank;
+ int retval = CALL_COMMAND_HANDLER(flash_command_get_bank, 0, &bank);
+ if (retval != ERROR_OK)
+ return retval;
- return retval;
+ retval = stm32l4_perform_obl_launch(bank);
+ if (retval != ERROR_OK) {
+ command_print(CMD, "stm32l4x option load failed");
+ return retval;
+ }
+
+
+ command_print(CMD, "stm32l4x option load completed. Power-on reset might be required");
+
+ return ERROR_OK;
}
COMMAND_HANDLER(stm32l4_handle_lock_command)
.usage = "bank_id reg_offset value mask",
.help = "Write device option bit fields with provided value.",
},
+ {
+ .name = "trustzone",
+ .handler = stm32l4_handle_trustzone_command,
+ .mode = COMMAND_EXEC,
+ .usage = "<bank_id> [enable|disable]",
+ .help = "Configure TrustZone security",
+ },
{
.name = "wrp_info",
.handler = stm32l4_handle_wrp_info_command,