Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / b5d2ed4a7ed7115f8318b049a18064a38763548c / . / plat / st / stm32mp1 / stm32mp1_security.c
blob: baa3916d08ce906ebc6fee3674018e5abf9df7b2 [file] [log] [blame]
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]1/*
Yann Gautierf9d40d52019-01-17 14:41:46 +0100[diff] [blame]2 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]7#include <stdint.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]8
9#include <platform_def.h>
10
11#include <common/debug.h>
12#include <drivers/arm/tzc400.h>
13#include <drivers/st/stm32mp1_clk.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]14#include <dt-bindings/clock/stm32mp1-clks.h>
15#include <lib/mmio.h>
16
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]17/*******************************************************************************
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]18 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
19 * and allow Non-Secure masters full access.
20 ******************************************************************************/
21static void init_tzc400(void)
22{
23 unsigned long long region_base, region_top;
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]24 unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]25 unsigned long long ddr_size = (unsigned long long)dt_get_ddr_size();
26
27 tzc400_init(STM32MP1_TZC_BASE);
28
29 tzc400_disable_filters();
30
31 /* Region 1 set to cover all DRAM at 0xC000_0000. Apply the
32 * same configuration to all filters in the TZC.
33 */
34 region_base = ddr_base;
35 region_top = ddr_base + (ddr_size - 1U);
36 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
37 region_base,
38 region_top,
39 TZC_REGION_S_RDWR,
40 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
41 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) |
42 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) |
43 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) |
44 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) |
45 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) |
46 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) |
47 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) |
48 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) |
49 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID));
50
51 /* Raise an exception if a NS device tries to access secure memory */
52 tzc400_set_action(TZC_ACTION_ERR);
53
54 tzc400_enable_filters();
55}
56
57/*******************************************************************************
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]58 * Initialize the TrustZone Controller.
59 * Early initialization create only one region with full access to secure.
60 * This setting is used before and during DDR initialization.
61 ******************************************************************************/
62static void early_init_tzc400(void)
63{
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]64 if (stm32mp_clk_enable(TZC1) != 0) {
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]65 ERROR("Cannot enable TZC1 clock\n");
66 panic();
67 }
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]68 if (stm32mp_clk_enable(TZC2) != 0) {
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]69 ERROR("Cannot enable TZC2 clock\n");
70 panic();
71 }
72
73 tzc400_init(STM32MP1_TZC_BASE);
74
75 tzc400_disable_filters();
76
77 /*
78 * Region 1 set to cover Non-Secure DRAM at 0x8000_0000. Apply the
79 * same configuration to all filters in the TZC.
80 */
81 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]82 STM32MP_DDR_BASE,
83 STM32MP_DDR_BASE +
84 (STM32MP_DDR_MAX_SIZE - 1U),
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]85 TZC_REGION_S_RDWR,
Yann Gautierf9d40d52019-01-17 14:41:46 +0100[diff] [blame]86 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]87 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
88
89 /* Raise an exception if a NS device tries to access secure memory */
90 tzc400_set_action(TZC_ACTION_ERR);
91
92 tzc400_enable_filters();
93}
94
95/*******************************************************************************
96 * Initialize the secure environment. At this moment only the TrustZone
97 * Controller is initialized.
98 ******************************************************************************/
99void stm32mp1_arch_security_setup(void)
100{
101 early_init_tzc400();
102}
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]103
104/*******************************************************************************
105 * Initialize the secure environment. At this moment only the TrustZone
106 * Controller is initialized.
107 ******************************************************************************/
108void stm32mp1_security_setup(void)
109{
110 init_tzc400();
111}