| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260109-debug_bus-v1-5-8f2142b5a738@foss.st.com>
Date: Fri, 9 Jan 2026 11:55:05 +0100
From: Gatien Chevallier <gatien.chevallier@...s.st.com>
To: Suzuki K Poulose <suzuki.poulose@....com>,
Mike Leach
<mike.leach@...aro.org>,
James Clark <james.clark@...aro.org>, Rob Herring
<robh@...nel.org>,
Krzysztof Kozlowski <krzk+dt@...nel.org>,
Conor Dooley
<conor+dt@...nel.org>,
Mathieu Poirier <mathieu.poirier@...aro.org>,
Leo Yan
<leo.yan@...ux.dev>,
Clément Le Goffic
<legoffic.clement@...il.com>,
Linus Walleij <linusw@...nel.org>,
"Maxime
Coquelin" <mcoquelin.stm32@...il.com>,
Alexandre Torgue
<alexandre.torgue@...s.st.com>
CC: <coresight@...ts.linaro.org>, <linux-arm-kernel@...ts.infradead.org>,
<devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-gpio@...r.kernel.org>,
<linux-stm32@...md-mailman.stormreply.com>,
Gatien Chevallier <gatien.chevallier@...s.st.com>
Subject: [PATCH 05/11] drivers: bus: add the stm32 debug bus driver
Add the stm32 debug bus driver that is responsible of checking the
debug subsystem accessibility before probing the related peripheral
drivers.
This driver is OP-TEE dependent and relies on the STM32 debug access
PTA.
Signed-off-by: Gatien Chevallier <gatien.chevallier@...s.st.com>
---
MAINTAINERS | 1 +
drivers/bus/Kconfig | 10 ++
drivers/bus/Makefile | 1 +
drivers/bus/stm32_dbg_bus.c | 285 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 297 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 765ad2daa218..2489a24a0515 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -24701,6 +24701,7 @@ F: drivers/power/supply/stc3117_fuel_gauge.c
ST STM32 FIREWALL
M: Gatien Chevallier <gatien.chevallier@...s.st.com>
S: Maintained
+F: drivers/bus/stm32_dbg_bus.c
F: drivers/bus/stm32_etzpc.c
F: drivers/bus/stm32_firewall.c
F: drivers/bus/stm32_rifsc.c
diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig
index fe7600283e70..c9be21d5dfda 100644
--- a/drivers/bus/Kconfig
+++ b/drivers/bus/Kconfig
@@ -169,6 +169,16 @@ config QCOM_SSC_BLOCK_BUS
i2c/spi/uart controllers, a hexagon core, and a clock controller
which provides clocks for the above.
+config STM32_DBG_BUS
+ tristate "OP-TEE based debug access bus"
+ depends on OPTEE && STM32_FIREWALL
+ depends on ARCH_STM32 || COMPILE_TEST
+ help
+ Select this to get the support for the OP-TEE based STM32 debug bus
+ driver that is used to handle debug-related peripherals on STM32
+ platforms when the debug configuration is not accessible by the
+ normal world.
+
config STM32_FIREWALL
bool "STM32 Firewall framework"
depends on (ARCH_STM32 || COMPILE_TEST) && OF
diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile
index 8e693fe8a03a..799724cfc2df 100644
--- a/drivers/bus/Makefile
+++ b/drivers/bus/Makefile
@@ -27,6 +27,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
+obj-$(CONFIG_STM32_DBG_BUS) += stm32_dbg_bus.o
obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o stm32_rifsc.o stm32_etzpc.o
obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
diff --git a/drivers/bus/stm32_dbg_bus.c b/drivers/bus/stm32_dbg_bus.c
new file mode 100644
index 000000000000..9e1238575b94
--- /dev/null
+++ b/drivers/bus/stm32_dbg_bus.c
@@ -0,0 +1,285 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2026, STMicroelectronics - All Rights Reserved
+ */
+
+#include <linux/bus/stm32_firewall_device.h>
+#include <linux/clk.h>
+#include <linux/device.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/of.h>
+#include <linux/of_platform.h>
+#include <linux/platform_device.h>
+#include <linux/pm_runtime.h>
+#include <linux/slab.h>
+#include <linux/tee_drv.h>
+#include <linux/types.h>
+
+#include "stm32_firewall.h"
+
+enum stm32_dbg_profile {
+ PERIPHERAL_DBG_PROFILE = 0,
+ HDP_DBG_PROFILE = 1,
+};
+
+enum stm32_dbg_pta_command {
+ /*
+ * PTA_CMD_GRANT_DBG_ACCESS - Verify the debug configuration against the given debug profile
+ * and grant access or not
+ *
+ * [in] value[0].a Debug profile to grant access to.
+ */
+ PTA_CMD_GRANT_DBG_ACCESS,
+};
+
+/**
+ * struct stm32_dbg_bus - OP-TEE based STM32 debug bus private data
+ * @dev: STM32 debug bus device.
+ * @ctx: OP-TEE context handler.
+ * @dbg_clk: Debug bus clock.
+ */
+struct stm32_dbg_bus {
+ struct device *dev;
+ struct tee_context *ctx;
+ struct clk *dbg_clk;
+};
+
+/* Expect at most 1 instance of this driver */
+static struct stm32_dbg_bus *stm32_dbg_bus_priv;
+
+static int stm32_dbg_pta_open_session(u32 *id)
+{
+ struct tee_client_device *dbg_bus_dev = to_tee_client_device(stm32_dbg_bus_priv->dev);
+ struct tee_ioctl_open_session_arg sess_arg;
+ int ret;
+
+ memset(&sess_arg, 0, sizeof(sess_arg));
+ export_uuid(sess_arg.uuid, &dbg_bus_dev->id.uuid);
+ sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL;
+
+ ret = tee_client_open_session(stm32_dbg_bus_priv->ctx, &sess_arg, NULL);
+ if (ret < 0 || sess_arg.ret) {
+ dev_err(stm32_dbg_bus_priv->dev, "Failed opening tee session, err: %#x\n",
+ sess_arg.ret);
+ return -EOPNOTSUPP;
+ }
+
+ *id = sess_arg.session;
+
+ return 0;
+}
+
+static void stm32_dbg_pta_close_session(u32 id)
+{
+ tee_client_close_session(stm32_dbg_bus_priv->ctx, id);
+}
+
+static int stm32_dbg_bus_grant_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile)
+{
+ struct tee_ioctl_invoke_arg inv_arg = {0};
+ struct tee_param param[1] = {0};
+ u32 session_id;
+ int ret;
+
+ if (dbg_profile != PERIPHERAL_DBG_PROFILE && dbg_profile != HDP_DBG_PROFILE)
+ return -EOPNOTSUPP;
+
+ ret = stm32_dbg_pta_open_session(&session_id);
+ if (ret)
+ return ret;
+
+ inv_arg.func = PTA_CMD_GRANT_DBG_ACCESS;
+ inv_arg.session = session_id;
+ inv_arg.num_params = 1;
+ param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT;
+ param[0].u.value.a = dbg_profile;
+
+ ret = tee_client_invoke_func(stm32_dbg_bus_priv->ctx, &inv_arg, param);
+ if (ret < 0 || inv_arg.ret != 0) {
+ dev_dbg(stm32_dbg_bus_priv->dev,
+ "When invoking function, err %x, TEE returns: %x\n", ret, inv_arg.ret);
+ if (!ret)
+ ret = -EACCES;
+ }
+
+ stm32_dbg_pta_close_session(session_id);
+
+ return ret;
+}
+
+/* Implement mandatory release_access ops even if it does nothing*/
+static void stm32_dbg_bus_release_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile)
+{
+}
+
+static int stm32_dbg_bus_plat_probe(struct platform_device *pdev)
+{
+ struct stm32_firewall_controller *dbg_controller;
+ int ret;
+
+ if (!stm32_dbg_bus_priv)
+ return dev_err_probe(&pdev->dev, -EPROBE_DEFER,
+ "OP-TEE debug services not yet available\n");
+
+ dbg_controller = devm_kzalloc(&pdev->dev, sizeof(*dbg_controller), GFP_KERNEL);
+ if (!dbg_controller)
+ return dev_err_probe(&pdev->dev, -ENOMEM, "Couldn't allocate debug controller\n");
+
+ dbg_controller->dev = &pdev->dev;
+ dbg_controller->mmio = NULL;
+ dbg_controller->name = dev_driver_string(dbg_controller->dev);
+ dbg_controller->type = STM32_PERIPHERAL_FIREWALL;
+ dbg_controller->grant_access = stm32_dbg_bus_grant_access;
+ dbg_controller->release_access = stm32_dbg_bus_release_access;
+
+ stm32_dbg_bus_priv->dbg_clk = devm_clk_get_enabled(&pdev->dev, NULL);
+ if (IS_ERR(stm32_dbg_bus_priv->dbg_clk))
+ return PTR_ERR(stm32_dbg_bus_priv->dbg_clk);
+
+ ret = stm32_firewall_controller_register(dbg_controller);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't register as a firewall controller: %d", ret);
+ return ret;
+ }
+
+ ret = stm32_firewall_populate_bus(dbg_controller);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't populate debug bus: %d", ret);
+ stm32_firewall_controller_unregister(dbg_controller);
+ return ret;
+ }
+
+ pm_runtime_enable(&pdev->dev);
+
+ ret = of_platform_populate(pdev->dev.of_node, NULL, NULL, &pdev->dev);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't populate the node: %d", ret);
+ stm32_firewall_controller_unregister(dbg_controller);
+ return ret;
+ }
+
+ return 0;
+}
+
+static int __maybe_unused stm32_dbg_bus_runtime_suspend(struct device *dev)
+{
+ clk_disable_unprepare(stm32_dbg_bus_priv->dbg_clk);
+
+ return 0;
+}
+
+static int __maybe_unused stm32_dbg_bus_runtime_resume(struct device *dev)
+{
+ int ret = clk_prepare_enable(stm32_dbg_bus_priv->dbg_clk);
+
+ if (ret) {
+ dev_err(dev, "Failed to enable clock: %d\n", ret);
+ return ret;
+ }
+
+ return 0;
+}
+
+static const struct of_device_id stm32_dbg_bus_of_match[] = {
+ { .compatible = "st,stm32mp131-dbg-bus", },
+ { .compatible = "st,stm32mp151-dbg-bus", },
+ { },
+};
+MODULE_DEVICE_TABLE(of, stm32_dbg_bus_of_match);
+
+static const struct dev_pm_ops simple_pm_bus_pm_ops = {
+ SET_RUNTIME_PM_OPS(stm32_dbg_bus_runtime_suspend, stm32_dbg_bus_runtime_resume, NULL)
+ SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume)
+};
+
+static struct platform_driver stm32_dbg_bus_driver = {
+ .probe = stm32_dbg_bus_plat_probe,
+ .driver = {
+ .name = "stm32-dbg-bus",
+ .of_match_table = of_match_ptr(stm32_dbg_bus_of_match),
+ .pm = pm_ptr(&simple_pm_bus_pm_ops),
+ },
+};
+
+static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
+{
+ return (ver->impl_id == TEE_IMPL_ID_OPTEE);
+}
+
+static int stm32_dbg_bus_probe(struct device *dev)
+{
+ struct stm32_dbg_bus *priv;
+
+ if (stm32_dbg_bus_priv)
+ return dev_err_probe(dev, -EBUSY,
+ "A STM32 debug bus device is already initialized\n");
+
+ priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
+ if (!priv)
+ return dev_err_probe(dev, -ENOMEM, "Cannot allocate priv data\n");
+
+ /* Open context with TEE driver */
+ priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL);
+ if (IS_ERR_OR_NULL(priv->ctx))
+ return dev_err_probe(dev, PTR_ERR_OR_ZERO(priv->ctx), "Cannot open TEE context\n");
+
+ stm32_dbg_bus_priv = priv;
+ stm32_dbg_bus_priv->dev = dev;
+
+ return 0;
+}
+
+static int stm32_dbg_bus_remove(struct device *dev)
+{
+ tee_client_close_context(stm32_dbg_bus_priv->ctx);
+ stm32_dbg_bus_priv = NULL;
+
+ return 0;
+}
+
+static const struct tee_client_device_id optee_dbg_bus_id_table[] = {
+ {UUID_INIT(0xdd05bc8b, 0x9f3b, 0x49f0,
+ 0xb6, 0x49, 0x01, 0xaa, 0x10, 0xc1, 0xc2, 0x10)},
+ {}
+};
+
+static struct tee_client_driver stm32_optee_dbg_bus_driver = {
+ .id_table = optee_dbg_bus_id_table,
+ .driver = {
+ .name = "optee_dbg_bus",
+ .bus = &tee_bus_type,
+ .probe = stm32_dbg_bus_probe,
+ .remove = stm32_dbg_bus_remove,
+ },
+};
+
+static int __init optee_dbg_bus_mod_init(void)
+{
+ int ret;
+
+ ret = driver_register(&stm32_optee_dbg_bus_driver.driver);
+ if (ret)
+ return ret;
+
+ ret = platform_driver_register(&stm32_dbg_bus_driver);
+ if (ret)
+ driver_unregister(&stm32_optee_dbg_bus_driver.driver);
+
+ return ret;
+}
+
+static void __exit optee_dbg_bus_mod_exit(void)
+{
+ platform_driver_unregister(&stm32_dbg_bus_driver);
+ driver_unregister(&stm32_optee_dbg_bus_driver.driver);
+}
+
+module_init(optee_dbg_bus_mod_init);
+module_exit(optee_dbg_bus_mod_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@...s.st.com>");
+MODULE_DESCRIPTION("OP-TEE based STM32 debug access bus driver");
--
2.43.0
Powered by blists - more mailing lists