vexpress: disable cci ace slave ports when booting in non-sec/hyp mode
Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
to nonsec booting") added support to check if the firmware on TC2 is
configured appropriately before booting in nonsec/hyp mode.
However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.
Cc: Jon Medhurst <tixy@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Jon Medhurst <tixy@linaro.org>
Tested-by: Jon Medhurst <tixy@linaro.org>
diff --git a/board/armltd/vexpress/vexpress_tc2.c b/board/armltd/vexpress/vexpress_tc2.c
index ebb41a8..c7adf95 100644
--- a/board/armltd/vexpress/vexpress_tc2.c
+++ b/board/armltd/vexpress/vexpress_tc2.c
@@ -7,7 +7,11 @@
* SPDX-License-Identifier: GPL-2.0+
*/
+#include <asm/armv7.h>
#include <asm/io.h>
+#include <asm/u-boot.h>
+#include <common.h>
+#include <libfdt.h>
#define SCC_BASE 0x7fff0000
@@ -31,3 +35,51 @@
return (readl((u32 *)(SCC_BASE + 0x700)) & ((1 << 12) | (1 << 13))) == 0;
#endif
}
+
+#ifdef CONFIG_OF_BOARD_SETUP
+int ft_board_setup(void *fdt, bd_t *bd)
+{
+ int offset, tmp, len;
+ const struct fdt_property *prop;
+ const char *cci_compatible = "arm,cci-400-ctrl-if";
+
+#ifdef CONFIG_ARMV7_NONSEC
+ if (!armv7_boot_nonsec())
+ return 0;
+#else
+ return 0;
+#endif
+ /* Booting in nonsec mode, disable CCI access */
+ offset = fdt_path_offset(fdt, "/cpus");
+ if (offset < 0) {
+ printf("couldn't find /cpus\n");
+ return offset;
+ }
+
+ /* delete cci-control-port in each cpu node */
+ for (tmp = fdt_first_subnode(fdt, offset); tmp >= 0;
+ tmp = fdt_next_subnode(fdt, tmp))
+ fdt_delprop(fdt, tmp, "cci-control-port");
+
+ /* disable all ace cci slave ports */
+ offset = fdt_node_offset_by_prop_value(fdt, offset, "compatible",
+ cci_compatible, 20);
+ while (offset > 0) {
+ prop = fdt_get_property(fdt, offset, "interface-type",
+ &len);
+ if (!prop)
+ continue;
+ if (len < 4)
+ continue;
+ if (strcmp(prop->data, "ace"))
+ continue;
+
+ fdt_setprop_string(fdt, offset, "status", "disabled");
+
+ offset = fdt_node_offset_by_prop_value(fdt, offset, "compatible",
+ cci_compatible, 20);
+ }
+
+ return 0;
+}
+#endif /* CONFIG_OF_BOARD_SETUP */
diff --git a/configs/vexpress_ca15_tc2_defconfig b/configs/vexpress_ca15_tc2_defconfig
index 2f141dd..5154803 100644
--- a/configs/vexpress_ca15_tc2_defconfig
+++ b/configs/vexpress_ca15_tc2_defconfig
@@ -1,5 +1,6 @@
CONFIG_ARM=y
CONFIG_TARGET_VEXPRESS_CA15_TC2=y
+CONFIG_OF_BOARD_SETUP=y
CONFIG_HUSH_PARSER=y
# CONFIG_CMD_CONSOLE is not set
# CONFIG_CMD_BOOTD is not set