#define F_USE_ALL_WRPXX BIT(1)
/* this flag indicates if the device embeds a TrustZone security feature */
#define F_HAS_TZ BIT(2)
+/* this flag indicates if the device has the same flash registers as STM32L5 */
+#define F_HAS_L5_FLASH_REGS BIT(3)
/* end of STM32L4 flags ******************************************************/
static const uint32_t stm32l5_ns_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
[STM32_FLASH_ACR_INDEX] = 0x000,
- [STM32_FLASH_KEYR_INDEX] = 0x008,
+ [STM32_FLASH_KEYR_INDEX] = 0x008, /* NSKEYR */
+ [STM32_FLASH_OPTKEYR_INDEX] = 0x010,
+ [STM32_FLASH_SR_INDEX] = 0x020, /* NSSR */
+ [STM32_FLASH_CR_INDEX] = 0x028, /* NSCR */
+ [STM32_FLASH_OPTR_INDEX] = 0x040,
+ [STM32_FLASH_WRP1AR_INDEX] = 0x058,
+ [STM32_FLASH_WRP1BR_INDEX] = 0x05C,
+ [STM32_FLASH_WRP2AR_INDEX] = 0x068,
+ [STM32_FLASH_WRP2BR_INDEX] = 0x06C,
+};
+
+static const uint32_t stm32l5_s_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
+ [STM32_FLASH_ACR_INDEX] = 0x000,
+ [STM32_FLASH_KEYR_INDEX] = 0x00C, /* SECKEYR */
[STM32_FLASH_OPTKEYR_INDEX] = 0x010,
- [STM32_FLASH_SR_INDEX] = 0x020,
- [STM32_FLASH_CR_INDEX] = 0x028,
+ [STM32_FLASH_SR_INDEX] = 0x024, /* SECSR */
+ [STM32_FLASH_CR_INDEX] = 0x02C, /* SECCR */
[STM32_FLASH_OPTR_INDEX] = 0x040,
[STM32_FLASH_WRP1AR_INDEX] = 0x058,
[STM32_FLASH_WRP1BR_INDEX] = 0x05C,
uint32_t user_bank_size;
uint32_t wrpxxr_mask;
const struct stm32l4_part_info *part_info;
+ uint32_t flash_regs_base;
const uint32_t *flash_regs;
bool otp_enabled;
enum stm32l4_rdp rdp;
.num_revs = ARRAY_SIZE(stm32_472_revs),
.device_str = "STM32L55/L56xx",
.max_flash_size_kb = 512,
- .flags = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ,
+ .flags = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ | F_HAS_L5_FLASH_REGS,
.flash_regs_base = 0x40022000,
.default_flash_regs = stm32l5_ns_flash_regs,
.fsize_addr = 0x0BFA05E0,
static inline uint32_t stm32l4_get_flash_reg(struct flash_bank *bank, uint32_t reg_offset)
{
struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
- return stm32l4_info->part_info->flash_regs_base + reg_offset;
+ return stm32l4_info->flash_regs_base + reg_offset;
}
static inline uint32_t stm32l4_get_flash_reg_by_index(struct flash_bank *bank,
return retval;
}
+/** set all FLASH_SECBB registers to the same value */
+static int stm32l4_set_secbb(struct flash_bank *bank, uint32_t value)
+{
+ /* This function should be used only with device with TrustZone, do just a security check */
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
+ assert(stm32l4_info->part_info->flags & F_HAS_TZ);
+
+ /* based on RM0438 Rev6 for STM32L5x devices:
+ * to modify a page block-based security attribution, it is recommended to
+ * 1- check that no flash operation is ongoing on the related page
+ * 2- add ISB instruction after modifying the page security attribute in SECBBxRy
+ * this step is not need in case of JTAG direct access
+ */
+ int retval = stm32l4_wait_status_busy(bank, FLASH_ERASE_TIMEOUT);
+ if (retval != ERROR_OK)
+ return retval;
+
+ /* write SECBBxRy registers */
+ LOG_DEBUG("setting secure block-based areas registers (SECBBxRy) to 0x%08x", value);
+
+ const uint8_t secbb_regs[] = {
+ FLASH_SECBB1(1), FLASH_SECBB1(2), FLASH_SECBB1(3), FLASH_SECBB1(4), /* bank 1 SECBB register offsets */
+ FLASH_SECBB2(1), FLASH_SECBB2(2), FLASH_SECBB2(3), FLASH_SECBB2(4) /* bank 2 SECBB register offsets */
+ };
+
+
+ unsigned int num_secbb_regs = ARRAY_SIZE(secbb_regs);
+
+ /* in single bank mode, it's useless to modify FLASH_SECBB2Rx registers
+ * then consider only the first half of secbb_regs
+ */
+ if (!stm32l4_info->dual_bank_mode)
+ num_secbb_regs /= 2;
+
+ for (unsigned int i = 0; i < num_secbb_regs; i++) {
+ retval = stm32l4_write_flash_reg(bank, secbb_regs[i], value);
+ if (retval != ERROR_OK)
+ return retval;
+ }
+
+ return ERROR_OK;
+}
+
static int stm32l4_unlock_reg(struct flash_bank *bank)
{
uint32_t ctrl;
static int stm32l4_write_option(struct flash_bank *bank, uint32_t reg_offset,
uint32_t value, uint32_t mask)
{
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
uint32_t optiondata;
int retval, retval2;
if (retval != ERROR_OK)
return retval;
+ /* for STM32L5 and similar devices, use always non-secure
+ * registers for option bytes programming */
+ const uint32_t *saved_flash_regs = stm32l4_info->flash_regs;
+ if (stm32l4_info->part_info->flags & F_HAS_L5_FLASH_REGS)
+ stm32l4_info->flash_regs = stm32l5_ns_flash_regs;
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK | FLASH_OPTLOCK);
+ stm32l4_info->flash_regs = saved_flash_regs;
if (retval != ERROR_OK)
return retval;
return ERROR_TARGET_NOT_HALTED;
}
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK)
return retval;
static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
uint32_t offset, uint32_t count)
{
+ struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
int retval = ERROR_OK, retval2;
if (stm32l4_is_otp(bank) && !stm32l4_otp_is_enabled(bank)) {
if (retval != ERROR_OK)
return retval;
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK) {
LOG_ERROR("block write failed");
return retval;
LOG_INFO("device idcode = 0x%08" PRIx32 " (%s - Rev %s : 0x%04x)",
stm32l4_info->idcode, part_info->device_str, rev_str, rev_id);
+ stm32l4_info->flash_regs_base = stm32l4_info->part_info->flash_regs_base;
stm32l4_info->flash_regs = stm32l4_info->part_info->default_flash_regs;
/* read flash option register */
stm32l4_info->probed = true;
return ERROR_OK;
- } else if (bank->base != STM32_FLASH_BANK_BASE) {
+ } else if (bank->base != STM32_FLASH_BANK_BASE && bank->base != STM32_FLASH_S_BANK_BASE) {
LOG_ERROR("invalid bank base address");
return ERROR_FAIL;
}
num_pages = flash_size_kb / page_size_kb;
stm32l4_info->bank1_sectors = num_pages / 2;
}
+
+ /**
+ * by default use the non-secure registers,
+ * switch secure registers if TZ is enabled and RDP is LEVEL_0
+ */
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ stm32l4_info->flash_regs_base |= 0x10000000;
+ stm32l4_info->flash_regs = stm32l5_s_flash_regs;
+ }
break;
case 0x495: /* STM32WB5x */
case 0x496: /* STM32WB3x */
return ERROR_TARGET_NOT_HALTED;
}
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* set all FLASH pages as secure */
+ retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+ if (retval != ERROR_OK) {
+ /* restore all FLASH pages as non-secure */
+ stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+ return retval;
+ }
+ }
+
retval = stm32l4_unlock_reg(bank);
if (retval != ERROR_OK)
goto err_lock;
err_lock:
retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
+ if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+ /* restore all FLASH pages as non-secure */
+ int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+ if (retval3 != ERROR_OK)
+ return retval3;
+ }
+
if (retval != ERROR_OK)
return retval;
# use non-secure RAM by default
$_TARGETNAME configure -work-area-phys 0x20000000 -work-area-size $_WORKAREASIZE -work-area-backup 0
-# declare non-secure flash
-flash bank $_CHIPNAME.flash_ns stm32l4x 0x08000000 0 0 0 $_TARGETNAME
-flash bank $_CHIPNAME.otp stm32l4x 0x0BFA0000 0 0 0 $_TARGETNAME
+# create sec/ns flash and otp memories (sizes will be probed)
+flash bank $_CHIPNAME.flash_ns stm32l4x 0x08000000 0 0 0 $_TARGETNAME
+flash bank $_CHIPNAME.flash_alias_s stm32l4x 0x0C000000 0 0 0 $_TARGETNAME
+flash bank $_CHIPNAME.otp stm32l4x 0x0BFA0000 0 0 0 $_TARGETNAME
# Common knowledges tells JTAG speed should be <= F_CPU/6.
# F_CPU after reset is MSI 4MHz, so use F_JTAG = 500 kHz to stay on
cortex_m reset_config sysresetreq
}
+proc is_secure {} {
+ # read Debug Security Control and Status Regsiter (DSCSR) and check CDS (bit 16)
+ set DSCSR [mrw 0xE000EE08]
+ return [expr {($DSCSR & (1 << 16)) != 0}]
+}
+
proc clock_config_110_mhz {} {
+ set offset [expr {[is_secure] ? 0x10000000 : 0}]
# MCU clock is MSI (4MHz) after reset, set MCU freq at 110 MHz with PLL
# RCC_APB1ENR1 = PWREN
- mww 0x40021058 0x10000000
+ mww [expr {0x40021058 + $offset}] 0x10000000
# delay for register clock enable (read back reg)
- mrw 0x40021058
+ mrw [expr {0x40021058 + $offset}]
# PWR_CR1 : VOS Range 0
- mww 0x40007000 0
+ mww [expr {0x40007000 + $offset}] 0
# while (PWR_SR2 & VOSF)
- while {([mrw 0x40007014] & 0x0400)} {}
+ while {([mrw [expr {0x40007014 + $offset}]] & 0x0400)} {}
# FLASH_ACR : 5 WS for 110 MHz HCLK
mww 0x40022000 0x00000005
# RCC_PLLCFGR = PLLP=PLLQ=0, PLLR=00=2, PLLREN=1, PLLN=55, PLLM=0000=1, PLLSRC=MSI 4MHz
# fVCO = 4 x 55 /1 = 220
# SYSCLOCK = fVCO/PLLR = 220/2 = 110 MHz
- mww 0x4002100C 0x01003711
+ mww [expr {0x4002100C + $offset}] 0x01003711
# RCC_CR |= PLLON
- mmw 0x40021000 0x01000000 0
+ mmw [expr {0x40021000 + $offset}] 0x01000000 0
# while !(RCC_CR & PLLRDY)
- while {!([mrw 0x40021000] & 0x02000000)} {}
+ while {!([mrw [expr {0x40021000 + $offset}]] & 0x02000000)} {}
# RCC_CFGR |= SW_PLL
- mmw 0x40021008 0x00000003 0
+ mmw [expr {0x40021008 + $offset}] 0x00000003 0
# while ((RCC_CFGR & SWS) != PLL)
- while {([mrw 0x40021008] & 0x0C) != 0x0C} {}
+ while {([mrw [expr {0x40021008 + $offset}]] & 0x0C) != 0x0C} {}
+}
+
+proc ahb_ap_non_secure_access {} {
+ # SPROT=1=Non Secure access, Priv=1
+ [[target current] cget -dap] apcsw 0x4B000000 0x4F000000
+}
+
+proc ahb_ap_secure_access {} {
+ # SPROT=0=Secure access, Priv=1
+ [[target current] cget -dap] apcsw 0x0B000000 0x4F000000
}
$_TARGETNAME configure -event reset-init {
mmw 0xE0044008 0x00001800 0
}
+$_TARGETNAME configure -event halted {
+ set secure [is_secure]
+
+ if {$secure} {
+ set secure_str "Secure"
+ ahb_ap_secure_access
+ } else {
+ set secure_str "Non-Secure"
+ ahb_ap_non_secure_access
+ }
+
+ # print the secure state only when it changes
+ set _TARGETNAME [target current]
+ global $_TARGETNAME.secure
+
+ if {![info exists $_TARGETNAME.secure] || $secure != [set $_TARGETNAME.secure]} {
+ echo "CPU in $secure_str state"
+ # update saved security state
+ set $_TARGETNAME.secure $secure
+ }
+}
+
+$_TARGETNAME configure -event gdb-flash-erase-start {
+ set use_secure_workarea 0
+ # check if FLASH_OPTR.TZEN is enabled
+ set FLASH_OPTR [mrw 0x40022040]
+ if {[expr {$FLASH_OPTR & 0x80000000}] == 0} {
+ echo "TZEN option bit disabled"
+ ahb_ap_non_secure_access
+ } {
+ ahb_ap_secure_access
+ echo "TZEN option bit enabled"
+ set use_secure_workarea 1
+ }
+
+ set workarea_addr [$_TARGETNAME cget -work-area-phys]
+ echo "workarea_addr $workarea_addr"
+
+ if {$use_secure_workarea} {
+ set workarea_addr [expr {$workarea_addr | 0x10000000}]
+ } {
+ set workarea_addr [expr {$workarea_addr & ~0x10000000}]
+ }
+
+ $_TARGETNAME configure -work-area-phys $workarea_addr
+}
+
$_TARGETNAME configure -event trace-config {
# Set TRACE_IOEN; TRACE_MODE is set to async; when using sync
# change this value accordingly to configure trace pins