From: Gatien Chevallier <gatien.chevallier@foss.st.com>
To: "Suzuki K Poulose" <suzuki.poulose@arm.com>,
"Mike Leach" <mike.leach@linaro.org>,
"James Clark" <james.clark@linaro.org>,
"Rob Herring" <robh@kernel.org>,
"Krzysztof Kozlowski" <krzk+dt@kernel.org>,
"Conor Dooley" <conor+dt@kernel.org>,
"Mathieu Poirier" <mathieu.poirier@linaro.org>,
"Leo Yan" <leo.yan@linux.dev>,
"Clément Le Goffic" <legoffic.clement@gmail.com>,
"Linus Walleij" <linusw@kernel.org>,
"Maxime Coquelin" <mcoquelin.stm32@gmail.com>,
"Alexandre Torgue" <alexandre.torgue@foss.st.com>,
jens.wiklander@linaro.org
Cc: <coresight@lists.linaro.org>,
<linux-arm-kernel@lists.infradead.org>,
<devicetree@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-gpio@vger.kernel.org>,
<linux-stm32@st-md-mailman.stormreply.com>,
Gatien Chevallier <gatien.chevallier@foss.st.com>
Subject: [PATCH v4 06/12] drivers: bus: add the stm32 debug bus driver
Date: Thu, 22 Jan 2026 17:19:19 +0100 [thread overview]
Message-ID: <20260122-debug_bus-v4-6-28f0f2a25f2c@foss.st.com> (raw)
In-Reply-To: <20260122-debug_bus-v4-0-28f0f2a25f2c@foss.st.com>
Add the stm32 debug bus driver that is responsible of checking the
debug subsystem accessibility before probing the related peripheral
drivers.
This driver is OP-TEE dependent and relies on the STM32 debug access
PTA.
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
---
MAINTAINERS | 1 +
drivers/bus/Kconfig | 10 ++
drivers/bus/Makefile | 1 +
drivers/bus/stm32_dbg_bus.c | 236 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 248 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 5b11839cba9d..fd8390e02070 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -24698,6 +24698,7 @@ F: drivers/power/supply/stc3117_fuel_gauge.c
ST STM32 FIREWALL
M: Gatien Chevallier <gatien.chevallier@foss.st.com>
S: Maintained
+F: drivers/bus/stm32_dbg_bus.c
F: drivers/bus/stm32_etzpc.c
F: drivers/bus/stm32_firewall.c
F: drivers/bus/stm32_rifsc.c
diff --git a/drivers/bus/Kconfig b/drivers/bus/Kconfig
index fe7600283e70..c9be21d5dfda 100644
--- a/drivers/bus/Kconfig
+++ b/drivers/bus/Kconfig
@@ -169,6 +169,16 @@ config QCOM_SSC_BLOCK_BUS
i2c/spi/uart controllers, a hexagon core, and a clock controller
which provides clocks for the above.
+config STM32_DBG_BUS
+ tristate "OP-TEE based debug access bus"
+ depends on OPTEE && STM32_FIREWALL
+ depends on ARCH_STM32 || COMPILE_TEST
+ help
+ Select this to get the support for the OP-TEE based STM32 debug bus
+ driver that is used to handle debug-related peripherals on STM32
+ platforms when the debug configuration is not accessible by the
+ normal world.
+
config STM32_FIREWALL
bool "STM32 Firewall framework"
depends on (ARCH_STM32 || COMPILE_TEST) && OF
diff --git a/drivers/bus/Makefile b/drivers/bus/Makefile
index 8e693fe8a03a..799724cfc2df 100644
--- a/drivers/bus/Makefile
+++ b/drivers/bus/Makefile
@@ -27,6 +27,7 @@ obj-$(CONFIG_OMAP_INTERCONNECT) += omap_l3_smx.o omap_l3_noc.o
obj-$(CONFIG_OMAP_OCP2SCP) += omap-ocp2scp.o
obj-$(CONFIG_QCOM_EBI2) += qcom-ebi2.o
obj-$(CONFIG_QCOM_SSC_BLOCK_BUS) += qcom-ssc-block-bus.o
+obj-$(CONFIG_STM32_DBG_BUS) += stm32_dbg_bus.o
obj-$(CONFIG_STM32_FIREWALL) += stm32_firewall.o stm32_rifsc.o stm32_etzpc.o
obj-$(CONFIG_SUN50I_DE2_BUS) += sun50i-de2.o
obj-$(CONFIG_SUNXI_RSB) += sunxi-rsb.o
diff --git a/drivers/bus/stm32_dbg_bus.c b/drivers/bus/stm32_dbg_bus.c
new file mode 100644
index 000000000000..9427d4da0da7
--- /dev/null
+++ b/drivers/bus/stm32_dbg_bus.c
@@ -0,0 +1,236 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2026, STMicroelectronics - All Rights Reserved
+ */
+
+#include <linux/bus/stm32_firewall_device.h>
+#include <linux/device.h>
+#include <linux/err.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/of.h>
+#include <linux/of_platform.h>
+#include <linux/platform_device.h>
+#include <linux/pm_runtime.h>
+#include <linux/tee_drv.h>
+#include <linux/types.h>
+
+#include "stm32_firewall.h"
+
+enum stm32_dbg_profile {
+ PERIPHERAL_DBG_PROFILE = 0,
+ HDP_DBG_PROFILE = 1,
+};
+
+enum stm32_dbg_pta_command {
+ /*
+ * PTA_CMD_GRANT_DBG_ACCESS - Verify the debug configuration against the given debug profile
+ * and grant access or not
+ *
+ * [in] value[0].a Debug profile to grant access to.
+ */
+ PTA_CMD_GRANT_DBG_ACCESS,
+};
+
+/**
+ * struct stm32_dbg_bus - OP-TEE based STM32 debug bus private data
+ * @dev: STM32 debug bus device.
+ * @ctx: OP-TEE context handler.
+ */
+struct stm32_dbg_bus {
+ struct device *dev;
+ struct tee_context *ctx;
+};
+
+/* Expect at most 1 instance of this driver */
+static struct stm32_dbg_bus *stm32_dbg_bus_priv;
+
+static int stm32_dbg_pta_open_session(u32 *id)
+{
+ struct tee_client_device *dbg_bus_dev = to_tee_client_device(stm32_dbg_bus_priv->dev);
+ struct tee_ioctl_open_session_arg sess_arg;
+ int ret;
+
+ memset(&sess_arg, 0, sizeof(sess_arg));
+ export_uuid(sess_arg.uuid, &dbg_bus_dev->id.uuid);
+ sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL;
+
+ ret = tee_client_open_session(stm32_dbg_bus_priv->ctx, &sess_arg, NULL);
+ if (ret < 0 || sess_arg.ret) {
+ dev_err(stm32_dbg_bus_priv->dev, "Failed opening tee session, err: %#x\n",
+ sess_arg.ret);
+ return -EOPNOTSUPP;
+ }
+
+ *id = sess_arg.session;
+
+ return 0;
+}
+
+static void stm32_dbg_pta_close_session(u32 id)
+{
+ tee_client_close_session(stm32_dbg_bus_priv->ctx, id);
+}
+
+static int stm32_dbg_bus_grant_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile)
+{
+ struct tee_ioctl_invoke_arg inv_arg = {0};
+ struct tee_param param[1] = {0};
+ u32 session_id;
+ int ret;
+
+ if (dbg_profile != PERIPHERAL_DBG_PROFILE && dbg_profile != HDP_DBG_PROFILE)
+ return -EOPNOTSUPP;
+
+ ret = stm32_dbg_pta_open_session(&session_id);
+ if (ret)
+ return ret;
+
+ inv_arg.func = PTA_CMD_GRANT_DBG_ACCESS;
+ inv_arg.session = session_id;
+ inv_arg.num_params = 1;
+ param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT;
+ param[0].u.value.a = dbg_profile;
+
+ ret = tee_client_invoke_func(stm32_dbg_bus_priv->ctx, &inv_arg, param);
+ if (ret < 0 || inv_arg.ret != 0) {
+ dev_dbg(stm32_dbg_bus_priv->dev,
+ "When invoking function, err %x, TEE returns: %x\n", ret, inv_arg.ret);
+ if (!ret)
+ ret = -EACCES;
+ }
+
+ stm32_dbg_pta_close_session(session_id);
+
+ return ret;
+}
+
+/* Implement mandatory release_access ops even if it does nothing*/
+static void stm32_dbg_bus_release_access(struct stm32_firewall_controller *ctrl, u32 dbg_profile)
+{
+}
+
+static int stm32_dbg_bus_plat_probe(struct platform_device *pdev)
+{
+ struct stm32_firewall_controller *dbg_controller;
+ int ret;
+
+ if (!stm32_dbg_bus_priv)
+ return dev_err_probe(&pdev->dev, -EPROBE_DEFER,
+ "OP-TEE debug services not yet available\n");
+
+ dbg_controller = devm_kzalloc(&pdev->dev, sizeof(*dbg_controller), GFP_KERNEL);
+ if (!dbg_controller)
+ return dev_err_probe(&pdev->dev, -ENOMEM, "Couldn't allocate debug controller\n");
+
+ dbg_controller->dev = &pdev->dev;
+ dbg_controller->mmio = NULL;
+ dbg_controller->name = dev_driver_string(dbg_controller->dev);
+ dbg_controller->type = STM32_PERIPHERAL_FIREWALL;
+ dbg_controller->grant_access = stm32_dbg_bus_grant_access;
+ dbg_controller->release_access = stm32_dbg_bus_release_access;
+
+ ret = stm32_firewall_controller_register(dbg_controller);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't register as a firewall controller: %d", ret);
+ return ret;
+ }
+
+ ret = stm32_firewall_populate_bus(dbg_controller);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't populate debug bus: %d", ret);
+ stm32_firewall_controller_unregister(dbg_controller);
+ return ret;
+ }
+
+ pm_runtime_enable(&pdev->dev);
+
+ ret = of_platform_populate(pdev->dev.of_node, NULL, NULL, &pdev->dev);
+ if (ret) {
+ dev_err(dbg_controller->dev, "Couldn't populate the node: %d", ret);
+ stm32_firewall_controller_unregister(dbg_controller);
+ return ret;
+ }
+
+ return 0;
+}
+
+static const struct of_device_id stm32_dbg_bus_of_match[] = {
+ { .compatible = "st,stm32mp131-dbg-bus", },
+ { .compatible = "st,stm32mp151-dbg-bus", },
+ { },
+};
+MODULE_DEVICE_TABLE(of, stm32_dbg_bus_of_match);
+
+static struct platform_driver stm32_dbg_bus_driver = {
+ .probe = stm32_dbg_bus_plat_probe,
+ .driver = {
+ .name = "stm32-dbg-bus",
+ .of_match_table = stm32_dbg_bus_of_match,
+ },
+};
+
+static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
+{
+ return (ver->impl_id == TEE_IMPL_ID_OPTEE);
+}
+
+static void stm32_dbg_bus_remove(struct tee_client_device *tee_dev)
+{
+ tee_client_close_context(stm32_dbg_bus_priv->ctx);
+ stm32_dbg_bus_priv = NULL;
+
+ of_platform_depopulate(&tee_dev->dev);
+}
+
+static int stm32_dbg_bus_probe(struct tee_client_device *tee_dev)
+{
+ struct device *dev = &tee_dev->dev;
+ struct stm32_dbg_bus *priv;
+ int ret = 0;
+
+ if (stm32_dbg_bus_priv)
+ return dev_err_probe(dev, -EBUSY,
+ "A STM32 debug bus device is already initialized\n");
+
+ priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
+ if (!priv)
+ return -ENOMEM;
+
+ /* Open context with TEE driver */
+ priv->ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, NULL);
+ if (IS_ERR_OR_NULL(priv->ctx))
+ return dev_err_probe(dev, PTR_ERR_OR_ZERO(priv->ctx), "Cannot open TEE context\n");
+
+ stm32_dbg_bus_priv = priv;
+ stm32_dbg_bus_priv->dev = dev;
+
+ ret = platform_driver_register(&stm32_dbg_bus_driver);
+ if (ret) {
+ stm32_dbg_bus_remove(tee_dev);
+ return ret;
+ }
+
+ return ret;
+}
+
+static const struct tee_client_device_id optee_dbg_bus_id_table[] = {
+ {UUID_INIT(0xdd05bc8b, 0x9f3b, 0x49f0,
+ 0xb6, 0x49, 0x01, 0xaa, 0x10, 0xc1, 0xc2, 0x10)},
+ {}
+};
+
+static struct tee_client_driver stm32_optee_dbg_bus_driver = {
+ .id_table = optee_dbg_bus_id_table,
+ .probe = stm32_dbg_bus_probe,
+ .remove = stm32_dbg_bus_remove,
+ .driver = {
+ .name = "optee_dbg_bus",
+ },
+};
+
+module_tee_client_driver(stm32_optee_dbg_bus_driver);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Gatien Chevallier <gatien.chevallier@foss.st.com>");
+MODULE_DESCRIPTION("OP-TEE based STM32 debug access bus driver");
--
2.43.0
next prev parent reply other threads:[~2026-01-22 16:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-22 16:19 [PATCH v4 00/12] bus: add stm32 debug bus and coresight support for stm32mp1x platforms Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 01/12] dt-bindings: document access-controllers property for coresight peripherals Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 02/12] dt-bindings: pinctrl: document access-controllers property for stm32 HDP Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 03/12] dt-bindings: bus: document the stm32 debug bus Gatien Chevallier
2026-01-22 16:22 ` Gatien CHEVALLIER
2026-01-22 23:21 ` Rob Herring
2026-01-23 10:27 ` Gatien CHEVALLIER
2026-01-22 16:19 ` [PATCH v4 04/12] bus: stm32_firewall: allow check on different firewall controllers Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 05/12] bus: stm32_firewall: add stm32_firewall_get_grant_all_access() API Gatien Chevallier
2026-01-22 16:19 ` Gatien Chevallier [this message]
2026-01-22 16:19 ` [PATCH v4 07/12] arm: dts: stm32: introduce the debug bus for stm32mp1x platforms Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 08/12] arm: dts: stm32: enable the debug bus on stm32mp1x boards Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 09/12] arm: dts: stm32: enable CoreSight on stm32mp15xx-dkx boards Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 10/12] arm: dts: stm32: enable CoreSight on the stm32mp157c-ev1 board Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 11/12] arm: dts: stm32: enable CoreSight on the stm32mp135f-dk board Gatien Chevallier
2026-01-22 16:19 ` [PATCH v4 12/12] pinctrl: stm32: add firewall checks before probing the HDP driver Gatien Chevallier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260122-debug_bus-v4-6-28f0f2a25f2c@foss.st.com \
--to=gatien.chevallier@foss.st.com \
--cc=alexandre.torgue@foss.st.com \
--cc=conor+dt@kernel.org \
--cc=coresight@lists.linaro.org \
--cc=devicetree@vger.kernel.org \
--cc=james.clark@linaro.org \
--cc=jens.wiklander@linaro.org \
--cc=krzk+dt@kernel.org \
--cc=legoffic.clement@gmail.com \
--cc=leo.yan@linux.dev \
--cc=linusw@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=mathieu.poirier@linaro.org \
--cc=mcoquelin.stm32@gmail.com \
--cc=mike.leach@linaro.org \
--cc=robh@kernel.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox