Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f3bd87e6d34321d5307ff2ed9bdde0b805063636 / . / plat / st / stm32mp1 / stm32mp1_security.c
blob: 2ee5f4a85845bf62d44a4d8192175323b57b0393 [file] [log] [blame]
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]1/*
Yann Gautierd7820562019-04-25 13:29:12 +0200[diff] [blame]2 * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]7#include <stdint.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]8
9#include <platform_def.h>
10
11#include <common/debug.h>
12#include <drivers/arm/tzc400.h>
13#include <drivers/st/stm32mp1_clk.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]14#include <dt-bindings/clock/stm32mp1-clks.h>
15#include <lib/mmio.h>
16
Yann Gautiere3de4c02019-04-18 15:32:10 +0200[diff] [blame]17#define TZC_REGION_NSEC_ALL_ACCESS_RDWR \
18 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \
19 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \
20 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) | \
21 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) | \
22 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_M4_ID) | \
23 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) | \
24 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) | \
25 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) | \
26 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) | \
27 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
28 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
29
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]30static unsigned int region_nb;
31
Yann Gautierf3bd87e2020-09-04 15:55:53 +0200[diff] [blame^]32static void init_tzc400_begin(unsigned int region0_attr)
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]33{
34 tzc400_init(STM32MP1_TZC_BASE);
35 tzc400_disable_filters();
36
Yann Gautierf3bd87e2020-09-04 15:55:53 +0200[diff] [blame^]37 /* Region 0 set to cover all DRAM at 0xC000_0000 */
38 tzc400_configure_region0(region0_attr, 0);
39
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]40 region_nb = 1U;
41}
42
43static void init_tzc400_end(unsigned int action)
44{
45 tzc400_set_action(action);
46 tzc400_enable_filters();
47}
48
49static void tzc400_add_region(unsigned long long region_base,
50 unsigned long long region_top, bool sec)
51{
52 unsigned int sec_attr;
53 unsigned int nsaid_permissions;
54
55 if (sec) {
56 sec_attr = TZC_REGION_S_RDWR;
57 nsaid_permissions = 0;
58 } else {
59 sec_attr = TZC_REGION_S_NONE;
60 nsaid_permissions = TZC_REGION_NSEC_ALL_ACCESS_RDWR;
61 }
62
63 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, region_nb, region_base,
64 region_top, sec_attr, nsaid_permissions);
65
66 region_nb++;
67}
68
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]69/*******************************************************************************
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]70 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
71 * and allow Non-Secure masters full access.
72 ******************************************************************************/
73static void init_tzc400(void)
74{
75 unsigned long long region_base, region_top;
Yann Gautiera2e2a302019-02-14 11:13:39 +0100[diff] [blame]76 unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]77 unsigned long long ddr_ns_size =
78 (unsigned long long)stm32mp_get_ddr_ns_size();
79 unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]80 unsigned long long ddr_top __unused;
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]81
Yann Gautierf3bd87e2020-09-04 15:55:53 +0200[diff] [blame^]82 init_tzc400_begin(TZC_REGION_S_NONE);
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]83
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]84 /*
85 * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
86 * same configuration to all filters in the TZC.
87 */
88 region_base = ddr_base;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]89 region_top = ddr_ns_top;
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]90 tzc400_add_region(region_base, region_top, false);
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]91
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]92#ifdef AARCH32_SP_OPTEE
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]93 /* Region 2 set to cover all secure DRAM. */
94 region_base = region_top + 1U;
Yann Gautiercd40f322020-02-26 13:36:07 +0100[diff] [blame]95 region_top += STM32MP_DDR_S_SIZE;
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]96 tzc400_add_region(region_base, region_top, true);
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]97
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]98 ddr_top = STM32MP_DDR_BASE + dt_get_ddr_size() - 1U;
99 if (region_top < ddr_top) {
100 /* Region 3 set to cover non-secure memory DRAM after BL32. */
101 region_base = region_top + 1U;
102 region_top = ddr_top;
103 tzc400_add_region(region_base, region_top, false);
104 }
Yann Gautierb3386f72019-04-19 09:41:01 +0200[diff] [blame]105#endif
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]106
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]107 /*
108 * Raise an interrupt (secure FIQ) if a NS device tries to access
109 * secure memory
110 */
111 init_tzc400_end(TZC_ACTION_INT);
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]112}
113
114/*******************************************************************************
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]115 * Initialize the TrustZone Controller.
116 * Early initialization create only one region with full access to secure.
117 * This setting is used before and during DDR initialization.
118 ******************************************************************************/
119static void early_init_tzc400(void)
120{
Yann Gautiere4a3c352019-02-14 10:53:33 +0100[diff] [blame]121 stm32mp_clk_enable(TZC1);
122 stm32mp_clk_enable(TZC2);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]123
Yann Gautierf3bd87e2020-09-04 15:55:53 +0200[diff] [blame^]124 /* Region 0 set to cover all DRAM secure at 0xC000_0000 */
125 init_tzc400_begin(TZC_REGION_S_RDWR);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]126
127 /* Raise an exception if a NS device tries to access secure memory */
Yann Gautierde00f3e2020-08-20 16:36:07 +0200[diff] [blame]128 init_tzc400_end(TZC_ACTION_ERR);
Yann Gautiercaf575b2018-07-24 17:18:19 +0200[diff] [blame]129}
130
131/*******************************************************************************
132 * Initialize the secure environment. At this moment only the TrustZone
133 * Controller is initialized.
134 ******************************************************************************/
135void stm32mp1_arch_security_setup(void)
136{
137 early_init_tzc400();
138}
Yann Gautier9d135e42018-07-16 19:36:06 +0200[diff] [blame]139
140/*******************************************************************************
141 * Initialize the secure environment. At this moment only the TrustZone
142 * Controller is initialized.
143 ******************************************************************************/
144void stm32mp1_security_setup(void)
145{
146 init_tzc400();
147}