refactor(plat/st): map DDR secure at boot
In BL2, the DDR can be mapped as secured in MMU, as no other SW
has access to it during its execution.
The TZC400 configuration is also updated to reflect this. When using
OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE
mapping. Else, SP_min will be in charge to reconfigure TZC400 to set
DDR non-secure.
Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103
Signed-off-by: Yann Gautier <yann.gautier@st.com>
diff --git a/plat/st/common/stm32mp_common.c b/plat/st/common/stm32mp_common.c
index d3de1e1..aa87c5d 100644
--- a/plat/st/common/stm32mp_common.c
+++ b/plat/st/common/stm32mp_common.c
@@ -105,7 +105,7 @@
{
return mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
STM32MP_DDR_MAX_SIZE,
- MT_NON_CACHEABLE | MT_RW | MT_NS);
+ MT_NON_CACHEABLE | MT_RW | MT_SECURE);
}
int stm32mp_unmap_ddr(void)
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 91073b8..3e179fb 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -132,7 +132,6 @@
void bl2_platform_setup(void)
{
int ret;
- uint32_t ddr_ns_size;
if (dt_pmic_status() > 0) {
initialize_pmic();
@@ -144,24 +143,16 @@
panic();
}
- ddr_ns_size = stm32mp_get_ddr_ns_size();
- assert(ddr_ns_size > 0U);
-
- /* Map non secure DDR for BL33 load, now with cacheable attribute */
+ /* Map DDR for binary load, now with cacheable attribute */
ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
- ddr_ns_size, MT_MEMORY | MT_RW | MT_NS);
- assert(ret == 0);
+ STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
+ if (ret < 0) {
+ ERROR("DDR mapping: error %d\n", ret);
+ panic();
+ }
#ifdef AARCH32_SP_OPTEE
INFO("BL2 runs OP-TEE setup\n");
-
- /* Map secure DDR for OP-TEE paged area */
- ret = mmap_add_dynamic_region(STM32MP_DDR_BASE + ddr_ns_size,
- STM32MP_DDR_BASE + ddr_ns_size,
- STM32MP_DDR_S_SIZE,
- MT_MEMORY | MT_RW | MT_SECURE);
- assert(ret == 0);
-
/* Initialize tzc400 after DDR initialization */
stm32mp1_security_setup();
#else
diff --git a/plat/st/stm32mp1/stm32mp1_security.c b/plat/st/stm32mp1/stm32mp1_security.c
index 6dbf6f8..2ee5f4a 100644
--- a/plat/st/stm32mp1/stm32mp1_security.c
+++ b/plat/st/stm32mp1/stm32mp1_security.c
@@ -29,11 +29,14 @@
static unsigned int region_nb;
-static void init_tzc400_begin(void)
+static void init_tzc400_begin(unsigned int region0_attr)
{
tzc400_init(STM32MP1_TZC_BASE);
tzc400_disable_filters();
+ /* Region 0 set to cover all DRAM at 0xC000_0000 */
+ tzc400_configure_region0(region0_attr, 0);
+
region_nb = 1U;
}
@@ -76,7 +79,7 @@
unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
unsigned long long ddr_top __unused;
- init_tzc400_begin();
+ init_tzc400_begin(TZC_REGION_S_NONE);
/*
* Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
@@ -118,16 +121,8 @@
stm32mp_clk_enable(TZC1);
stm32mp_clk_enable(TZC2);
- init_tzc400_begin();
-
- /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
- tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
- STM32MP_DDR_BASE,
- STM32MP_DDR_BASE +
- (STM32MP_DDR_MAX_SIZE - 1U),
- TZC_REGION_S_NONE,
- TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
- TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
+ /* Region 0 set to cover all DRAM secure at 0xC000_0000 */
+ init_tzc400_begin(TZC_REGION_S_RDWR);
/* Raise an exception if a NS device tries to access secure memory */
init_tzc400_end(TZC_ACTION_ERR);