Tegra: memctrl_v2: secure the on-chip TZSRAM memory
This patch programs the Memory controller's control registers
to disable non-secure accesses to the TZRAM. In case these
registers are already programmed by the BL2/BL30, then the
driver just bails out.
Change-Id: Ia1416988050e3d067296373060c717a260499122
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
diff --git a/plat/nvidia/tegra/common/drivers/memctrl/memctrl_v2.c b/plat/nvidia/tegra/common/drivers/memctrl/memctrl_v2.c
index c82ddd4..a674b59 100644
--- a/plat/nvidia/tegra/common/drivers/memctrl/memctrl_v2.c
+++ b/plat/nvidia/tegra/common/drivers/memctrl/memctrl_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -284,6 +284,49 @@
}
/*
+ * Secure the BL31 TZRAM aperture.
+ *
+ * phys_base = physical base of TZRAM aperture
+ * size_in_bytes = size of aperture in bytes
+ */
+void tegra_memctrl_tzram_setup(uint64_t phys_base, uint32_t size_in_bytes)
+{
+ uint64_t tzram_end = phys_base + size_in_bytes - 1;
+ uint32_t val;
+
+ /*
+ * Check if the TZRAM is locked already.
+ */
+ if (tegra_mc_read_32(MC_TZRAM_REG_CTRL) == DISABLE_TZRAM_ACCESS)
+ return;
+
+ /*
+ * Setup the Memory controller to allow only secure accesses to
+ * the TZRAM carveout
+ */
+ INFO("Configuring TrustZone RAM (SysRAM) Memory Carveout\n");
+
+ /* Program the base and end values */
+ tegra_mc_write_32(MC_TZRAM_BASE, (uint32_t)phys_base);
+ tegra_mc_write_32(MC_TZRAM_END, (uint32_t)tzram_end);
+
+ /* Extract the high address bits from the base/end values */
+ val = (uint32_t)(phys_base >> 32) & TZRAM_ADDR_HI_BITS_MASK;
+ val |= (((uint32_t)(tzram_end >> 32) << TZRAM_END_HI_BITS_SHIFT) &
+ TZRAM_ADDR_HI_BITS_MASK);
+ tegra_mc_write_32(MC_TZRAM_HI_ADDR_BITS, val);
+
+ /* Disable further writes to the TZRAM setup registers */
+ tegra_mc_write_32(MC_TZRAM_REG_CTRL, DISABLE_TZRAM_ACCESS);
+
+ /*
+ * MCE propogates the security configuration values across the
+ * CCPLEX.
+ */
+ mce_update_gsc_tzram();
+}
+
+/*
* Program the Video Memory carveout region
*
* phys_base = physical base of aperture
diff --git a/plat/nvidia/tegra/include/drivers/memctrl_v2.h b/plat/nvidia/tegra/include/drivers/memctrl_v2.h
index 1d5ba0e..0736b59 100644
--- a/plat/nvidia/tegra/include/drivers/memctrl_v2.h
+++ b/plat/nvidia/tegra/include/drivers/memctrl_v2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -264,6 +264,17 @@
#define MC_VIDEO_PROTECT_BASE_LO 0x648
#define MC_VIDEO_PROTECT_SIZE_MB 0x64c
+/*******************************************************************************
+ * TZRAM carveout configuration registers
+ ******************************************************************************/
+#define MC_TZRAM_BASE 0x1850
+#define MC_TZRAM_END 0x1854
+#define MC_TZRAM_HI_ADDR_BITS 0x1588
+ #define TZRAM_ADDR_HI_BITS_MASK 0x3
+ #define TZRAM_END_HI_BITS_SHIFT 8
+#define MC_TZRAM_REG_CTRL 0x185c
+ #define DISABLE_TZRAM_ACCESS 1
+
static inline uint32_t tegra_mc_read_32(uint32_t off)
{
return mmio_read_32(TEGRA_MC_BASE + off);
diff --git a/plat/nvidia/tegra/include/t186/tegra_def.h b/plat/nvidia/tegra/include/t186/tegra_def.h
index 16615a8..bd2c5db 100644
--- a/plat/nvidia/tegra/include/t186/tegra_def.h
+++ b/plat/nvidia/tegra/include/t186/tegra_def.h
@@ -111,4 +111,10 @@
******************************************************************************/
#define TEGRA_SMMU_BASE 0x12000000
+/*******************************************************************************
+ * Tegra TZRAM constants
+ ******************************************************************************/
+#define TEGRA_TZRAM_BASE 0x30000000
+#define TEGRA_TZRAM_SIZE 0x50000
+
#endif /* __TEGRA_DEF_H__ */