board/rdv1mc: initialize tzc400 controllers
A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
across the Chips.
For use by secure software, configure the first chip's trustzone
controller to protect the upper 16MB of the memory of the first DRAM
block for secure accesses only. The other regions are configured for
non-secure read write access. For all the remote chips, all the DRAM
regions are allowed for non-secure read and write access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I809f27eccadfc23ea0ef64e2fd87f95eb8f195c1
diff --git a/plat/arm/board/rdv1mc/include/platform_def.h b/plat/arm/board/rdv1mc/include/platform_def.h
index 112b210..12ce806 100644
--- a/plat/arm/board/rdv1mc/include/platform_def.h
+++ b/plat/arm/board/rdv1mc/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,6 +20,29 @@
#define CSS_SYSTEM_PWR_DMN_LVL ARM_PWR_LVL2
#define PLAT_MAX_PWR_LVL ARM_PWR_LVL1
+/* TZC Related Constants */
+#define PLAT_ARM_TZC_BASE UL(0x21830000)
+#define TZC400_BASE(n) (PLAT_ARM_TZC_BASE + \
+ (n * TZC400_OFFSET))
+#define TZC400_OFFSET UL(0x1000000)
+#define TZC400_COUNT U(8)
+#define PLAT_ARM_TZC_FILTERS TZC_400_REGION_ATTR_FILTER_BIT(0)
+
+#define TZC_NSAID_ALL_AP U(0)
+#define TZC_NSAID_PCI U(1)
+#define TZC_NSAID_HDLCD0 U(2)
+#define TZC_NSAID_CLCD U(7)
+#define TZC_NSAID_AP U(9)
+#define TZC_NSAID_VIRTIO U(15)
+
+#define PLAT_ARM_TZC_NS_DEV_ACCESS \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_ALL_AP)) | \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_HDLCD0)) | \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_PCI)) | \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_AP)) | \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_CLCD)) | \
+ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_VIRTIO))
+
/* Virtual address used by dynamic mem_protect for chunk_base */
#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xC0000000)
diff --git a/plat/arm/board/rdv1mc/platform.mk b/plat/arm/board/rdv1mc/platform.mk
index 5072841..fb05793 100644
--- a/plat/arm/board/rdv1mc/platform.mk
+++ b/plat/arm/board/rdv1mc/platform.mk
@@ -1,4 +1,4 @@
-# Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -23,6 +23,8 @@
BL2_SOURCES += ${RDV1MC_BASE}/rdv1mc_plat.c \
${RDV1MC_BASE}/rdv1mc_security.c \
${RDV1MC_BASE}/rdv1mc_err.c \
+ drivers/arm/tzc/tzc400.c \
+ plat/arm/common/arm_tzc400.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
diff --git a/plat/arm/board/rdv1mc/rdv1mc_security.c b/plat/arm/board/rdv1mc/rdv1mc_security.c
index 541f800..adc0bf8 100644
--- a/plat/arm/board/rdv1mc/rdv1mc_security.c
+++ b/plat/arm/board/rdv1mc/rdv1mc_security.c
@@ -1,10 +1,64 @@
/*
- * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <common/debug.h>
+#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
+
+/* TZC memory regions for the first chip */
+static const arm_tzc_regions_info_t tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {}
+};
+
+#if CSS_SGI_CHIP_COUNT > 1
+static const arm_tzc_regions_info_t tzc_regions_mc[][CSS_SGI_CHIP_COUNT - 1] = {
+ {
+ /* TZC memory regions for second chip */
+ SGI_PLAT_TZC_NS_REMOTE_REGIONS_DEF(1),
+ {}
+ },
+#if CSS_SGI_CHIP_COUNT > 2
+ {
+ /* TZC memory regions for third chip */
+ SGI_PLAT_TZC_NS_REMOTE_REGIONS_DEF(2),
+ {}
+ },
+#endif
+#if CSS_SGI_CHIP_COUNT > 3
+ {
+ /* TZC memory regions for fourth chip */
+ SGI_PLAT_TZC_NS_REMOTE_REGIONS_DEF(3),
+ {}
+ },
+#endif
+};
+#endif /* CSS_SGI_CHIP_COUNT */
+
/* Initialize the secure environment */
void plat_arm_security_setup(void)
{
+ unsigned int i;
+
+ INFO("Configuring TrustZone Controller for Chip 0\n");
+
+ for (i = 0; i < TZC400_COUNT; i++) {
+ arm_tzc400_setup(TZC400_BASE(i), tzc_regions);
+ }
+
+#if CSS_SGI_CHIP_COUNT > 1
+ unsigned int j;
+
+ for (i = 1; i < CSS_SGI_CHIP_COUNT; i++) {
+ INFO("Configuring TrustZone Controller for Chip %u\n", i);
+
+ for (j = 0; j < TZC400_COUNT; j++) {
+ arm_tzc400_setup(CSS_SGI_REMOTE_CHIP_MEM_OFFSET(i)
+ + TZC400_BASE(j), tzc_regions_mc[i-1]);
+ }
+ }
+#endif
}