Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 921b877751dc86c07ba094d21b229d82640bf132^! / . / plat / juno / plat_security.c
commit921b877751dc86c07ba094d21b229d82640bf132[log] [tgz]
authorJuan Castillo <juan.castillo@arm.com>Fri Sep 05 17:29:38 2014 +0100
committerJuan Castillo <juan.castillo@arm.com>Tue Oct 14 10:03:58 2014 +0100
tree18ef9d83fcd8ab9c59e7afd3bda275e41faf0d4c
parent6b672f5065450880f0b06706938e06b7e63aed59 [diff] [blame]
Juno: Reserve some DDR-DRAM for secure use

This patch configures the TrustZone Controller in Juno to split
the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
regions:

- Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
  used by the SCP for DDR retraining
- Non-Secure DDR-DRAM: remaining DRAM starting at base address

Build option PLAT_TSP_LOCATION selects the location of the secure
payload (BL3-2):

- 'tsram' : Trusted SRAM (default option)
- 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
            controller)

The MMU memory map has been updated to give BL2 permission to load
BL3-2 into the DDR-DRAM secure region.

Fixes ARM-software/tf-issues#233

Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b

diff --git a/plat/juno/plat_security.c b/plat/juno/plat_security.c
index 851a39e..64e493f 100644
--- a/plat/juno/plat_security.c
+++ b/plat/juno/plat_security.c

@@ -43,9 +43,38 @@
 	/* Disable filters. */
 	tzc_disable_filters();
 
-	/* Configure region 0. Juno TZC-400 handles 40-bit addresses. */
-	tzc_configure_region(0xf, 0, 0x0ull, 0xffffffffffull,
+	/* Region 1 set to cover Non-Secure DRAM at 0x8000_0000. Apply the
+	 * same configuration to all filters in the TZC. */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 1,
+			DRAM_NS_BASE, DRAM_NS_BASE + DRAM_NS_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Region 2 set to cover Secure DRAM */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 2,
+			DRAM_SEC_BASE, DRAM_SEC_BASE + DRAM_SEC_SIZE - 1,
 			TZC_REGION_S_RDWR,
+			0);
+
+	/* Region 3 set to cover DRAM used by SCP for DDR retraining */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 3,
+			DRAM_SCP_BASE, DRAM_SCP_BASE + DRAM_SCP_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP));
+
+	/* Region 4 set to cover Non-Secure DRAM at 0x8_8000_0000 */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 4,
+			DRAM2_BASE, DRAM2_BASE + DRAM2_SIZE - 1,
+			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
@@ -55,7 +84,6 @@
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
-			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
 
 	/* Raise an exception if a NS device tries to access secure memory */