[OpenOCD-commit] Main OpenOCD repository branch, master, updated. v0.11.0-352-gc9d40366a

[OpenOCD-Gerrit <ope...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Main OpenOCD repository".

The branch, master has been updated
       via  c9d40366ad55ea3a83f2ff438aab1e62da653169 (commit)
      from  80d323c6e82b0256da4a671b1acbdceb54de9a82 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c9d40366ad55ea3a83f2ff438aab1e62da653169
Author: Tarek BOCHKATI <tar...@gm...>
Date:   Thu Nov 12 17:19:40 2020 +0100

    flash/stm32l4x: STM32L5 support programming when TZEN=1 and RDP=0xAA
    
    STM32L5 flash memory is aliased to 0x0C000000, this address mapping
    is used for secure applications. (0x08000000 for non-secure)
    
    this change allows the programming of secure and non-secure flash
    when trustzone is enabled and RDP level is 0
    
    Change-Id: I89d1f1b5d493cf01a142ca4dbfef5a3731cab96e
    Signed-off-by: Tarek BOCHKATI <tar...@gm...>
    Reviewed-on: https://review.openocd.org/c/openocd/+/5936
    Tested-by: jenkins
    Reviewed-by: Antonio Borneo <bor...@gm...>
    Reviewed-by: Oleksij Rempel <li...@re...>

diff --git a/src/flash/nor/stm32l4x.c b/src/flash/nor/stm32l4x.c
index 06d4ac1ea..db8d5e78d 100644
--- a/src/flash/nor/stm32l4x.c
+++ b/src/flash/nor/stm32l4x.c
@@ -127,6 +127,8 @@
 #define F_USE_ALL_WRPXX     BIT(1)
 /* this flag indicates if the device embeds a TrustZone security feature */
 #define F_HAS_TZ            BIT(2)
+/* this flag indicates if the device has the same flash registers as STM32L5 */
+#define F_HAS_L5_FLASH_REGS BIT(3)
 /* end of STM32L4 flags ******************************************************/
 
 
@@ -166,10 +168,23 @@ static const uint32_t stm32l4_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
 
 static const uint32_t stm32l5_ns_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
 	[STM32_FLASH_ACR_INDEX]      = 0x000,
-	[STM32_FLASH_KEYR_INDEX]     = 0x008,
+	[STM32_FLASH_KEYR_INDEX]     = 0x008, /* NSKEYR */
+	[STM32_FLASH_OPTKEYR_INDEX]  = 0x010,
+	[STM32_FLASH_SR_INDEX]       = 0x020, /* NSSR */
+	[STM32_FLASH_CR_INDEX]       = 0x028, /* NSCR */
+	[STM32_FLASH_OPTR_INDEX]     = 0x040,
+	[STM32_FLASH_WRP1AR_INDEX]   = 0x058,
+	[STM32_FLASH_WRP1BR_INDEX]   = 0x05C,
+	[STM32_FLASH_WRP2AR_INDEX]   = 0x068,
+	[STM32_FLASH_WRP2BR_INDEX]   = 0x06C,
+};
+
+static const uint32_t stm32l5_s_flash_regs[STM32_FLASH_REG_INDEX_NUM] = {
+	[STM32_FLASH_ACR_INDEX]      = 0x000,
+	[STM32_FLASH_KEYR_INDEX]     = 0x00C, /* SECKEYR */
 	[STM32_FLASH_OPTKEYR_INDEX]  = 0x010,
-	[STM32_FLASH_SR_INDEX]       = 0x020,
-	[STM32_FLASH_CR_INDEX]       = 0x028,
+	[STM32_FLASH_SR_INDEX]       = 0x024, /* SECSR */
+	[STM32_FLASH_CR_INDEX]       = 0x02C, /* SECCR */
 	[STM32_FLASH_OPTR_INDEX]     = 0x040,
 	[STM32_FLASH_WRP1AR_INDEX]   = 0x058,
 	[STM32_FLASH_WRP1BR_INDEX]   = 0x05C,
@@ -205,6 +220,7 @@ struct stm32l4_flash_bank {
 	uint32_t user_bank_size;
 	uint32_t wrpxxr_mask;
 	const struct stm32l4_part_info *part_info;
+	uint32_t flash_regs_base;
 	const uint32_t *flash_regs;
 	bool otp_enabled;
 	enum stm32l4_rdp rdp;
@@ -444,7 +460,7 @@ static const struct stm32l4_part_info stm32l4_parts[] = {
 	  .num_revs              = ARRAY_SIZE(stm32_472_revs),
 	  .device_str            = "STM32L55/L56xx",
 	  .max_flash_size_kb     = 512,
-	  .flags                 = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ,
+	  .flags                 = F_HAS_DUAL_BANK | F_USE_ALL_WRPXX | F_HAS_TZ | F_HAS_L5_FLASH_REGS,
 	  .flash_regs_base       = 0x40022000,
 	  .default_flash_regs    = stm32l5_ns_flash_regs,
 	  .fsize_addr            = 0x0BFA05E0,
@@ -653,7 +669,7 @@ static void stm32l4_sync_rdp_tzen(struct flash_bank *bank)
 static inline uint32_t stm32l4_get_flash_reg(struct flash_bank *bank, uint32_t reg_offset)
 {
 	struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
-	return stm32l4_info->part_info->flash_regs_base + reg_offset;
+	return stm32l4_info->flash_regs_base + reg_offset;
 }
 
 static inline uint32_t stm32l4_get_flash_reg_by_index(struct flash_bank *bank,
@@ -725,6 +741,49 @@ static int stm32l4_wait_status_busy(struct flash_bank *bank, int timeout)
 	return retval;
 }
 
+/** set all FLASH_SECBB registers to the same value */
+static int stm32l4_set_secbb(struct flash_bank *bank, uint32_t value)
+{
+	/* This function should be used only with device with TrustZone, do just a security check */
+	struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
+	assert(stm32l4_info->part_info->flags & F_HAS_TZ);
+
+	/* based on RM0438 Rev6 for STM32L5x devices:
+	 * to modify a page block-based security attribution, it is recommended to
+	 *  1- check that no flash operation is ongoing on the related page
+	 *  2- add ISB instruction after modifying the page security attribute in SECBBxRy
+	 *     this step is not need in case of JTAG direct access
+	 */
+	int retval = stm32l4_wait_status_busy(bank, FLASH_ERASE_TIMEOUT);
+	if (retval != ERROR_OK)
+		return retval;
+
+	/* write SECBBxRy registers */
+	LOG_DEBUG("setting secure block-based areas registers (SECBBxRy) to 0x%08x", value);
+
+	const uint8_t secbb_regs[] = {
+			FLASH_SECBB1(1), FLASH_SECBB1(2), FLASH_SECBB1(3), FLASH_SECBB1(4), /* bank 1 SECBB register offsets */
+			FLASH_SECBB2(1), FLASH_SECBB2(2), FLASH_SECBB2(3), FLASH_SECBB2(4)  /* bank 2 SECBB register offsets */
+	};
+
+
+	unsigned int num_secbb_regs = ARRAY_SIZE(secbb_regs);
+
+	/* in single bank mode, it's useless to modify FLASH_SECBB2Rx registers
+	 * then consider only the first half of secbb_regs
+	 */
+	if (!stm32l4_info->dual_bank_mode)
+		num_secbb_regs /= 2;
+
+	for (unsigned int i = 0; i < num_secbb_regs; i++) {
+		retval = stm32l4_write_flash_reg(bank, secbb_regs[i], value);
+		if (retval != ERROR_OK)
+			return retval;
+	}
+
+	return ERROR_OK;
+}
+
 static int stm32l4_unlock_reg(struct flash_bank *bank)
 {
 	uint32_t ctrl;
@@ -831,6 +890,7 @@ err_lock:
 static int stm32l4_write_option(struct flash_bank *bank, uint32_t reg_offset,
 	uint32_t value, uint32_t mask)
 {
+	struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
 	uint32_t optiondata;
 	int retval, retval2;
 
@@ -838,6 +898,12 @@ static int stm32l4_write_option(struct flash_bank *bank, uint32_t reg_offset,
 	if (retval != ERROR_OK)
 		return retval;
 
+	/* for STM32L5 and similar devices, use always non-secure
+	 * registers for option bytes programming */
+	const uint32_t *saved_flash_regs = stm32l4_info->flash_regs;
+	if (stm32l4_info->part_info->flags & F_HAS_L5_FLASH_REGS)
+		stm32l4_info->flash_regs = stm32l5_ns_flash_regs;
+
 	retval = stm32l4_unlock_reg(bank);
 	if (retval != ERROR_OK)
 		goto err_lock;
@@ -860,6 +926,7 @@ static int stm32l4_write_option(struct flash_bank *bank, uint32_t reg_offset,
 
 err_lock:
 	retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK | FLASH_OPTLOCK);
+	stm32l4_info->flash_regs = saved_flash_regs;
 
 	if (retval != ERROR_OK)
 		return retval;
@@ -1007,6 +1074,16 @@ static int stm32l4_erase(struct flash_bank *bank, unsigned int first,
 		return ERROR_TARGET_NOT_HALTED;
 	}
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* set all FLASH pages as secure */
+		retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+		if (retval != ERROR_OK) {
+			/* restore all FLASH pages as non-secure */
+			stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+			return retval;
+		}
+	}
+
 	retval = stm32l4_unlock_reg(bank);
 	if (retval != ERROR_OK)
 		goto err_lock;
@@ -1044,6 +1121,13 @@ static int stm32l4_erase(struct flash_bank *bank, unsigned int first,
 err_lock:
 	retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* restore all FLASH pages as non-secure */
+		int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+		if (retval3 != ERROR_OK)
+			return retval3;
+	}
+
 	if (retval != ERROR_OK)
 		return retval;
 
@@ -1281,6 +1365,7 @@ static int stm32l4_write_block(struct flash_bank *bank, const uint8_t *buffer,
 static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
 	uint32_t offset, uint32_t count)
 {
+	struct stm32l4_flash_bank *stm32l4_info = bank->driver_priv;
 	int retval = ERROR_OK, retval2;
 
 	if (stm32l4_is_otp(bank) && !stm32l4_otp_is_enabled(bank)) {
@@ -1335,6 +1420,16 @@ static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
 	if (retval != ERROR_OK)
 		return retval;
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* set all FLASH pages as secure */
+		retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+		if (retval != ERROR_OK) {
+			/* restore all FLASH pages as non-secure */
+			stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+			return retval;
+		}
+	}
+
 	retval = stm32l4_unlock_reg(bank);
 	if (retval != ERROR_OK)
 		goto err_lock;
@@ -1344,6 +1439,13 @@ static int stm32l4_write(struct flash_bank *bank, const uint8_t *buffer,
 err_lock:
 	retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* restore all FLASH pages as non-secure */
+		int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+		if (retval3 != ERROR_OK)
+			return retval3;
+	}
+
 	if (retval != ERROR_OK) {
 		LOG_ERROR("block write failed");
 		return retval;
@@ -1426,6 +1528,7 @@ static int stm32l4_probe(struct flash_bank *bank)
 	LOG_INFO("device idcode = 0x%08" PRIx32 " (%s - Rev %s : 0x%04x)",
 			stm32l4_info->idcode, part_info->device_str, rev_str, rev_id);
 
+	stm32l4_info->flash_regs_base = stm32l4_info->part_info->flash_regs_base;
 	stm32l4_info->flash_regs = stm32l4_info->part_info->default_flash_regs;
 
 	/* read flash option register */
@@ -1461,7 +1564,7 @@ static int stm32l4_probe(struct flash_bank *bank)
 
 		stm32l4_info->probed = true;
 		return ERROR_OK;
-	} else if (bank->base != STM32_FLASH_BANK_BASE) {
+	} else if (bank->base != STM32_FLASH_BANK_BASE && bank->base != STM32_FLASH_S_BANK_BASE) {
 		LOG_ERROR("invalid bank base address");
 		return ERROR_FAIL;
 	}
@@ -1589,6 +1692,15 @@ static int stm32l4_probe(struct flash_bank *bank)
 			num_pages = flash_size_kb / page_size_kb;
 			stm32l4_info->bank1_sectors = num_pages / 2;
 		}
+
+		/**
+		 * by default use the non-secure registers,
+		 * switch secure registers if TZ is enabled and RDP is LEVEL_0
+		 */
+		if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+			stm32l4_info->flash_regs_base |= 0x10000000;
+			stm32l4_info->flash_regs = stm32l5_s_flash_regs;
+		}
 		break;
 	case 0x495: /* STM32WB5x */
 	case 0x496: /* STM32WB3x */
@@ -1714,6 +1826,16 @@ static int stm32l4_mass_erase(struct flash_bank *bank)
 		return ERROR_TARGET_NOT_HALTED;
 	}
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* set all FLASH pages as secure */
+		retval = stm32l4_set_secbb(bank, FLASH_SECBB_SECURE);
+		if (retval != ERROR_OK) {
+			/* restore all FLASH pages as non-secure */
+			stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE); /* ignore the return value */
+			return retval;
+		}
+	}
+
 	retval = stm32l4_unlock_reg(bank);
 	if (retval != ERROR_OK)
 		goto err_lock;
@@ -1736,6 +1858,13 @@ static int stm32l4_mass_erase(struct flash_bank *bank)
 err_lock:
 	retval2 = stm32l4_write_flash_reg_by_index(bank, STM32_FLASH_CR_INDEX, FLASH_LOCK);
 
+	if (stm32l4_info->tzen && (stm32l4_info->rdp == RDP_LEVEL_0)) {
+		/* restore all FLASH pages as non-secure */
+		int retval3 = stm32l4_set_secbb(bank, FLASH_SECBB_NON_SECURE);
+		if (retval3 != ERROR_OK)
+			return retval3;
+	}
+
 	if (retval != ERROR_OK)
 		return retval;
 
diff --git a/src/flash/nor/stm32l4x.h b/src/flash/nor/stm32l4x.h
index 41b5ff82d..ebc6ed95a 100644
--- a/src/flash/nor/stm32l4x.h
+++ b/src/flash/nor/stm32l4x.h
@@ -60,11 +60,19 @@
 #define FLASH_RDP_MASK			0xFF
 #define FLASH_TZEN				(1 << 31)
 
+/* FLASH secure block based bank 1/2 register offsets */
+#define FLASH_SECBB1(X) (0x80 + 4 * (X - 1))
+#define FLASH_SECBB2(X) (0xA0 + 4 * (X - 1))
+
+#define FLASH_SECBB_SECURE      0xFFFFFFFF
+#define FLASH_SECBB_NON_SECURE  0
+
 /* other registers */
 #define DBGMCU_IDCODE_G0		0x40015800
 #define DBGMCU_IDCODE_L4_G4		0xE0042000
 #define DBGMCU_IDCODE_L5		0xE0044000
 
 #define STM32_FLASH_BANK_BASE	0x08000000
+#define STM32_FLASH_S_BANK_BASE	0x0C000000
 
 #endif
diff --git a/tcl/target/stm32l5x.cfg b/tcl/target/stm32l5x.cfg
index 92083b9e0..02297e369 100644
--- a/tcl/target/stm32l5x.cfg
+++ b/tcl/target/stm32l5x.cfg
@@ -52,9 +52,10 @@ target create $_TARGETNAME cortex_m -endian $_ENDIAN -dap $_CHIPNAME.dap
 # use non-secure RAM by default
 $_TARGETNAME configure -work-area-phys 0x20000000 -work-area-size $_WORKAREASIZE -work-area-backup 0
 
-# declare non-secure flash
-flash bank $_CHIPNAME.flash_ns stm32l4x 0x08000000 0 0 0 $_TARGETNAME
-flash bank $_CHIPNAME.otp      stm32l4x 0x0BFA0000 0 0 0 $_TARGETNAME
+# create sec/ns flash and otp memories (sizes will be probed)
+flash bank $_CHIPNAME.flash_ns      stm32l4x 0x08000000 0 0 0 $_TARGETNAME
+flash bank $_CHIPNAME.flash_alias_s stm32l4x 0x0C000000 0 0 0 $_TARGETNAME
+flash bank $_CHIPNAME.otp           stm32l4x 0x0BFA0000 0 0 0 $_TARGETNAME
 
 # Common knowledges tells JTAG speed should be <= F_CPU/6.
 # F_CPU after reset is MSI 4MHz, so use F_JTAG = 500 kHz to stay on
@@ -77,30 +78,47 @@ if {![using_hla]} {
 	cortex_m reset_config sysresetreq
 }
 
+proc is_secure {} {
+	# read Debug Security Control and Status Regsiter (DSCSR) and check CDS (bit 16)
+	set DSCSR [mrw 0xE000EE08]
+	return [expr {($DSCSR & (1 << 16)) != 0}]
+}
+
 proc clock_config_110_mhz {} {
+	set offset [expr {[is_secure] ? 0x10000000 : 0}]
 	# MCU clock is MSI (4MHz) after reset, set MCU freq at 110 MHz with PLL
 	# RCC_APB1ENR1 = PWREN
-	mww 0x40021058 0x10000000
+	mww [expr {0x40021058 + $offset}] 0x10000000
 	# delay for register clock enable (read back reg)
-	mrw 0x40021058
+	mrw [expr {0x40021058 + $offset}]
 	# PWR_CR1 : VOS Range 0
-	mww 0x40007000 0
+	mww [expr {0x40007000 + $offset}] 0
 	# while (PWR_SR2 & VOSF)
-	while {([mrw 0x40007014] & 0x0400)} {}
+	while {([mrw [expr {0x40007014 + $offset}]] & 0x0400)} {}
 	# FLASH_ACR : 5 WS for 110 MHz HCLK
 	mww 0x40022000 0x00000005
 	# RCC_PLLCFGR = PLLP=PLLQ=0, PLLR=00=2, PLLREN=1, PLLN=55, PLLM=0000=1, PLLSRC=MSI 4MHz
 	# fVCO = 4 x 55 /1 = 220
 	# SYSCLOCK = fVCO/PLLR = 220/2 = 110 MHz
-	mww 0x4002100C 0x01003711
+	mww [expr {0x4002100C + $offset}] 0x01003711
 	# RCC_CR |= PLLON
-	mmw 0x40021000 0x01000000 0
+	mmw [expr {0x40021000 + $offset}] 0x01000000 0
 	# while !(RCC_CR & PLLRDY)
-	while {!([mrw 0x40021000] & 0x02000000)} {}
+	while {!([mrw [expr {0x40021000 + $offset}]] & 0x02000000)} {}
 	# RCC_CFGR |= SW_PLL
-	mmw 0x40021008 0x00000003 0
+	mmw [expr {0x40021008 + $offset}] 0x00000003 0
 	# while ((RCC_CFGR & SWS) != PLL)
-	while {([mrw 0x40021008] & 0x0C) != 0x0C} {}
+	while {([mrw [expr {0x40021008 + $offset}]] & 0x0C) != 0x0C} {}
+}
+
+proc ahb_ap_non_secure_access {} {
+	# SPROT=1=Non Secure access, Priv=1
+	[[target current] cget -dap] apcsw 0x4B000000 0x4F000000
+}
+
+proc ahb_ap_secure_access {} {
+	# SPROT=0=Secure access, Priv=1
+	[[target current] cget -dap] apcsw 0x0B000000 0x4F000000
 }
 
 $_TARGETNAME configure -event reset-init {
@@ -123,6 +141,53 @@ $_TARGETNAME configure -event examine-end {
 	mmw 0xE0044008 0x00001800 0
 }
 
+$_TARGETNAME configure -event halted {
+	set secure [is_secure]
+
+	if {$secure} {
+		set secure_str "Secure"
+		ahb_ap_secure_access
+	} else {
+		set secure_str "Non-Secure"
+		ahb_ap_non_secure_access
+	}
+
+	# print the secure state only when it changes
+	set _TARGETNAME [target current]
+	global $_TARGETNAME.secure
+
+	if {![info exists $_TARGETNAME.secure] || $secure != [set $_TARGETNAME.secure]} {
+		echo "CPU in $secure_str state"
+		# update saved security state
+		set $_TARGETNAME.secure $secure
+	}
+}
+
+$_TARGETNAME configure -event gdb-flash-erase-start {
+	set use_secure_workarea 0
+	# check if FLASH_OPTR.TZEN is enabled
+	set FLASH_OPTR [mrw 0x40022040]
+	if {[expr {$FLASH_OPTR & 0x80000000}] == 0} {
+		echo "TZEN option bit disabled"
+		ahb_ap_non_secure_access
+	} {
+		ahb_ap_secure_access
+		echo "TZEN option bit enabled"
+		set use_secure_workarea 1
+	}
+
+	set workarea_addr [$_TARGETNAME cget -work-area-phys]
+	echo "workarea_addr $workarea_addr"
+
+	if {$use_secure_workarea} {
+		set workarea_addr [expr {$workarea_addr | 0x10000000}]
+	} {
+		set workarea_addr [expr {$workarea_addr & ~0x10000000}]
+	}
+
+	$_TARGETNAME configure -work-area-phys $workarea_addr
+}
+
 $_TARGETNAME configure -event trace-config {
 	# Set TRACE_IOEN; TRACE_MODE is set to async; when using sync
 	# change this value accordingly to configure trace pins

-----------------------------------------------------------------------

Summary of changes:
 src/flash/nor/stm32l4x.c | 141 +++++++++++++++++++++++++++++++++++++++++++++--
 src/flash/nor/stm32l4x.h |   8 +++
 tcl/target/stm32l5x.cfg  |  89 ++++++++++++++++++++++++++----
 3 files changed, 220 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
Main OpenOCD repository