vexpress: disable cci ace slave ports when booting in non-sec/hyp mode

Commit f225d39d3093 ("vexpress: Check TC2 firmware support before defaulting
to nonsec booting") added support to check if the firmware on TC2  is
configured appropriately before booting in nonsec/hyp mode.

However when booting in non-secure/hyp mode, CCI control must be done in
secure firmware and can't  be done in non-secure/hyp mode. In order to
ensure that, this patch disables the cci slave port inteface so that it
is not accessed at all.

Cc: Jon Medhurst <tixy@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Jon Medhurst <tixy@linaro.org>
Tested-by: Jon Medhurst <tixy@linaro.org>
diff --git a/board/armltd/vexpress/vexpress_tc2.c b/board/armltd/vexpress/vexpress_tc2.c
index ebb41a8..c7adf95 100644
--- a/board/armltd/vexpress/vexpress_tc2.c
+++ b/board/armltd/vexpress/vexpress_tc2.c
@@ -7,7 +7,11 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
+#include <asm/armv7.h>
 #include <asm/io.h>
+#include <asm/u-boot.h>
+#include <common.h>
+#include <libfdt.h>
 
 #define SCC_BASE	0x7fff0000
 
@@ -31,3 +35,51 @@
 	return (readl((u32 *)(SCC_BASE + 0x700)) & ((1 << 12) | (1 << 13))) == 0;
 #endif
 }
+
+#ifdef CONFIG_OF_BOARD_SETUP
+int ft_board_setup(void *fdt, bd_t *bd)
+{
+	int offset, tmp, len;
+	const struct fdt_property *prop;
+	const char *cci_compatible = "arm,cci-400-ctrl-if";
+
+#ifdef CONFIG_ARMV7_NONSEC
+	if (!armv7_boot_nonsec())
+		return 0;
+#else
+	return 0;
+#endif
+	/* Booting in nonsec mode, disable CCI access */
+	offset = fdt_path_offset(fdt, "/cpus");
+	if (offset < 0) {
+		printf("couldn't find /cpus\n");
+		return offset;
+	}
+
+	/* delete cci-control-port in each cpu node */
+	for (tmp = fdt_first_subnode(fdt, offset); tmp >= 0;
+	     tmp = fdt_next_subnode(fdt, tmp))
+		fdt_delprop(fdt, tmp, "cci-control-port");
+
+	/* disable all ace cci slave ports */
+	offset = fdt_node_offset_by_prop_value(fdt, offset, "compatible",
+					       cci_compatible, 20);
+	while (offset > 0) {
+		prop = fdt_get_property(fdt, offset, "interface-type",
+					&len);
+		if (!prop)
+			continue;
+		if (len < 4)
+			continue;
+		if (strcmp(prop->data, "ace"))
+			continue;
+
+		fdt_setprop_string(fdt, offset, "status", "disabled");
+
+		offset = fdt_node_offset_by_prop_value(fdt, offset, "compatible",
+						       cci_compatible, 20);
+	}
+
+	return 0;
+}
+#endif /* CONFIG_OF_BOARD_SETUP */
diff --git a/configs/vexpress_ca15_tc2_defconfig b/configs/vexpress_ca15_tc2_defconfig
index 2f141dd..5154803 100644
--- a/configs/vexpress_ca15_tc2_defconfig
+++ b/configs/vexpress_ca15_tc2_defconfig
@@ -1,5 +1,6 @@
 CONFIG_ARM=y
 CONFIG_TARGET_VEXPRESS_CA15_TC2=y
+CONFIG_OF_BOARD_SETUP=y
 CONFIG_HUSH_PARSER=y
 # CONFIG_CMD_CONSOLE is not set
 # CONFIG_CMD_BOOTD is not set