Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / de00f3eb8f15f1a391c819736057d8a0f561eca5 / . / plat / st / stm32mp1 / stm32mp1_security.c
blob: 6dbf6f8c43fe655718fd93047943ae4038067b12 [file] [log] [blame]
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]1/*
Yann Gautierd7820562019-04-25 13:29:12 +0200[diff] [blame]2 * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]7#include <stdint.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]8
9#include <platform_def.h>
10
11#include <common/debug.h>
12#include <drivers/arm/tzc400.h>
13#include <drivers/st/stm32mp1_clk.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]14#include <dt-bindings/clock/stm32mp1-clks.h>
15#include <lib/mmio.h>
16
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]17#define TZC_REGION_NSEC_ALL_ACCESS_RDWR \
18 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \
19 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \
20 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) | \
21 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) | \
22 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_M4_ID) | \
23 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) | \
24 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) | \
25 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) | \
26 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) | \
27 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
28 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
29
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]30static unsigned int region_nb;
31
32static void init_tzc400_begin(void)
33{
34 tzc400_init(STM32MP1_TZC_BASE);
35 tzc400_disable_filters();
36
37 region_nb = 1U;
38}
39
40static void init_tzc400_end(unsigned int action)
41{
42 tzc400_set_action(action);
43 tzc400_enable_filters();
44}
45
46static void tzc400_add_region(unsigned long long region_base,
47 unsigned long long region_top, bool sec)
48{
49 unsigned int sec_attr;
50 unsigned int nsaid_permissions;
51
52 if (sec) {
53 sec_attr = TZC_REGION_S_RDWR;
54 nsaid_permissions = 0;
55 } else {
56 sec_attr = TZC_REGION_S_NONE;
57 nsaid_permissions = TZC_REGION_NSEC_ALL_ACCESS_RDWR;
58 }
59
60 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, region_nb, region_base,
61 region_top, sec_attr, nsaid_permissions);
62
63 region_nb++;
64}
65
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]66/*******************************************************************************
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]67 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
68 * and allow Non-Secure masters full access.
69 ******************************************************************************/
70static void init_tzc400(void)
71{
72 unsigned long long region_base, region_top;
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]73 unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]74 unsigned long long ddr_ns_size =
75 (unsigned long long)stm32mp_get_ddr_ns_size();
76 unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]77 unsigned long long ddr_top __unused;
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]78
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]79 init_tzc400_begin();
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]80
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]81 /*
82 * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
83 * same configuration to all filters in the TZC.
84 */
85 region_base = ddr_base;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]86 region_top = ddr_ns_top;
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]87 tzc400_add_region(region_base, region_top, false);
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]88
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]89#ifdef AARCH32_SP_OPTEE
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]90 /* Region 2 set to cover all secure DRAM. */
91 region_base = region_top + 1U;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]92 region_top += STM32MP_DDR_S_SIZE;
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]93 tzc400_add_region(region_base, region_top, true);
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]94
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]95 ddr_top = STM32MP_DDR_BASE + dt_get_ddr_size() - 1U;
96 if (region_top < ddr_top) {
97 /* Region 3 set to cover non-secure memory DRAM after BL32. */
98 region_base = region_top + 1U;
99 region_top = ddr_top;
100 tzc400_add_region(region_base, region_top, false);
101 }
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]102#endif
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]103
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]104 /*
105 * Raise an interrupt (secure FIQ) if a NS device tries to access
106 * secure memory
107 */
108 init_tzc400_end(TZC_ACTION_INT);
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]109}
110
111/*******************************************************************************
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]112 * Initialize the TrustZone Controller.
113 * Early initialization create only one region with full access to secure.
114 * This setting is used before and during DDR initialization.
115 ******************************************************************************/
116static void early_init_tzc400(void)
117{
Yann Gautiere4a3c352019-02-14 10:53:33 +0100[diff] [blame]118 stm32mp_clk_enable(TZC1);
119 stm32mp_clk_enable(TZC2);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]120
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]121 init_tzc400_begin();
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]122
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]123 /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]124 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]125 STM32MP_DDR_BASE,
126 STM32MP_DDR_BASE +
127 (STM32MP_DDR_MAX_SIZE - 1U),
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]128 TZC_REGION_S_NONE,
Yann Gautierf9d40d52019-01-17 14:41:46 +0100[diff] [blame]129 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]130 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
131
132 /* Raise an exception if a NS device tries to access secure memory */
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame^]133 init_tzc400_end(TZC_ACTION_ERR);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]134}
135
136/*******************************************************************************
137 * Initialize the secure environment. At this moment only the TrustZone
138 * Controller is initialized.
139 ******************************************************************************/
140void stm32mp1_arch_security_setup(void)
141{
142 early_init_tzc400();
143}
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]144
145/*******************************************************************************
146 * Initialize the secure environment. At this moment only the TrustZone
147 * Controller is initialized.
148 ******************************************************************************/
149void stm32mp1_security_setup(void)
150{
151 init_tzc400();
152}