Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 2bdcb1548f889394279dec8c3f8b5707cadb68a3 / . / plat / arm / board / tc / tc_dpe.h
blob: 3e1af5a81e53816688bdf13fd95c3b8bb7129361 [file] [log] [blame]
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]1/*
2 * Copyright (c) 2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Tamas Ban1bac7b02024-06-14 14:24:15 +0200[diff] [blame]7#ifndef TC_DPE_H
8#define TC_DPE_H
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]9
10/*
11 * The certificate structure on the TC platform:
12 * - The arrows indicate the parent/child relationships (who loads who).
13 * - The boxes indicate the certificates.
14 *
15 * AP FW Cert.
16 * +--------------------------------+
17 * | |
18 * Plat Cert. | +->SPx | Hyper Cert.
19 * +--------------------------+ | +->SP1 | +--------------------+
20 * RoT Cert. | | | +->TOS_FW_CONF | | |
21 * +------------+ | +->SCP_BL1 +-----+-----+-->FW_CONF +->AP_BL32 | | +->PVMFW |
22 * | | | | | | | | | | | |
Tamas Bandc15bf42024-02-22 11:35:28 +0100[diff] [blame]23 * | RSE_BL1_2--+-----+-->RSE_BL2------->AP_BL1--+-----+------------->AP_BL2------------+-----+-->AP_BL33 |
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]24 * | | | | | | | | | | | |
Tamas Bandc15bf42024-02-22 11:35:28 +0100[diff] [blame]25 * +------------+ | +->RSE_S +-----+-----+-->TB_FW_CONF +->AP_BL31 | | +->HYPERVISOR |
26 * | +->RSE_NS | | +->SCP_BL2 | | |
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]27 * | | | +->HW_CONF | | |
28 * +--------------------------+ | +---------------+-----+-->NT_FW_CONF |
29 * | | | |
30 * +--------------------------------+ +--------------------+
31 */
32
33#define DPE_AP_FW_CERT_ID 0x300 /* Includes: FW_CONF - SP1 */
34#define DPE_HYPERVISOR_CERT_ID 0x400 /* Includes: AP_BL33 - PVMFW */
35
36/* Common definition */
37#define DPE_CERT_ID_SAME_AS_PARENT 0xFFFFFFFF
38
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]39/*
40 * Target Locality:
41 * The goal is to specify that a certain component is expected to run and
42 * thereby send DPE commands from a given security domain. RSE is capable of
43 * of distinguishing the client's locality based on the MHU channel used for
44 * communication.
45 * Defines here must match with RSE side:
46 */
47#define LOCALITY_NONE -1
48/* #define LOCALITY_RSE_S 0 */ /* Not applicable on AP side */
49/* #define LOCALITY_RSE_NS 1 */ /* Not applicable on AP side */
50#define LOCALITY_AP_S 2
51#define LOCALITY_AP_NS 3
52
Tamas Ban1bac7b02024-06-14 14:24:15 +0200[diff] [blame]53#endif /* TC_DPE_H */