Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f2de68193c2eb2b069a0a9b9aeec82b173e7d90a / . / plat / st / stm32mp1 / stm32mp1_security.c
blob: 195b3a5501b04950de083483902e1f7e6f3a91a2 [file] [log] [blame]
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]1/*
Yann Gautierd7820562019-04-25 13:29:12 +0200[diff] [blame]2 * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]7#include <stdint.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]8
9#include <platform_def.h>
10
11#include <common/debug.h>
12#include <drivers/arm/tzc400.h>
13#include <drivers/st/stm32mp1_clk.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]14#include <dt-bindings/clock/stm32mp1-clks.h>
15#include <lib/mmio.h>
16
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]17#define TZC_REGION_NSEC_ALL_ACCESS_RDWR \
18 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \
19 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \
20 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) | \
21 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) | \
22 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_M4_ID) | \
23 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) | \
24 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) | \
25 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) | \
26 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) | \
27 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
28 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
29
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]30/*******************************************************************************
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]31 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
32 * and allow Non-Secure masters full access.
33 ******************************************************************************/
34static void init_tzc400(void)
35{
36 unsigned long long region_base, region_top;
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]37 unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]38 unsigned long long ddr_ns_size =
39 (unsigned long long)stm32mp_get_ddr_ns_size();
40 unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]41
42 tzc400_init(STM32MP1_TZC_BASE);
43
44 tzc400_disable_filters();
45
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]46 /*
47 * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
48 * same configuration to all filters in the TZC.
49 */
50 region_base = ddr_base;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]51 region_top = ddr_ns_top;
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]52 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
53 region_base,
54 region_top,
55 TZC_REGION_S_NONE,
56 TZC_REGION_NSEC_ALL_ACCESS_RDWR);
57
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]58#ifdef AARCH32_SP_OPTEE
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]59 /* Region 2 set to cover all secure DRAM. */
60 region_base = region_top + 1U;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]61 region_top += STM32MP_DDR_S_SIZE;
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]62 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 2,
63 region_base,
64 region_top,
65 TZC_REGION_S_RDWR,
66 0);
67
68 /* Region 3 set to cover non-secure shared memory DRAM. */
69 region_base = region_top + 1U;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]70 region_top += STM32MP_DDR_SHMEM_SIZE;
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]71 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 3,
72 region_base,
73 region_top,
74 TZC_REGION_S_NONE,
75 TZC_REGION_NSEC_ALL_ACCESS_RDWR);
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]76#endif
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]77
Yann Gautierd7820562019-04-25 13:29:12 +0200[diff] [blame]78 tzc400_set_action(TZC_ACTION_INT);
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]79
80 tzc400_enable_filters();
81}
82
83/*******************************************************************************
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]84 * Initialize the TrustZone Controller.
85 * Early initialization create only one region with full access to secure.
86 * This setting is used before and during DDR initialization.
87 ******************************************************************************/
88static void early_init_tzc400(void)
89{
Yann Gautiere4a3c352019-02-14 10:53:33 +0100[diff] [blame]90 stm32mp_clk_enable(TZC1);
91 stm32mp_clk_enable(TZC2);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]92
93 tzc400_init(STM32MP1_TZC_BASE);
94
95 tzc400_disable_filters();
96
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]97 /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]98 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]99 STM32MP_DDR_BASE,
100 STM32MP_DDR_BASE +
101 (STM32MP_DDR_MAX_SIZE - 1U),
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]102 TZC_REGION_S_NONE,
Yann Gautierf9d40d52019-01-17 14:41:46 +0100[diff] [blame]103 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]104 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
105
106 /* Raise an exception if a NS device tries to access secure memory */
107 tzc400_set_action(TZC_ACTION_ERR);
108
109 tzc400_enable_filters();
110}
111
112/*******************************************************************************
113 * Initialize the secure environment. At this moment only the TrustZone
114 * Controller is initialized.
115 ******************************************************************************/
116void stm32mp1_arch_security_setup(void)
117{
118 early_init_tzc400();
119}
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]120
121/*******************************************************************************
122 * Initialize the secure environment. At this moment only the TrustZone
123 * Controller is initialized.
124 ******************************************************************************/
125void stm32mp1_security_setup(void)
126{
127 init_tzc400();
128}