sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
465663e9f128428323e6c6e4431dd15ac287a24c
system76-edk2/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
Bhupesh Sharma 465663e9f1 ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled 
ARM TZASC-380 IP provides a mechanism to split memory regions being
protected via it into eight equal-sized sub-regions. A bit-setting
allows the corresponding subregion to be disabled.

Several NXP/FSL SoCs support the TZASC-380 IP block and allow
the DDR connected via the TZASC to be partitioned into regions
having different security settings and also allow subregions
to be disabled.

This patch enables this support and can be used for SoCs which
support such a partition of DDR regions.

Details of the 'subregion_disable' register can be viewed here:
http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
[bhupesh.linux@gmail.com : Added gmail ID as NXP one is no longer valid]
Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-01-26 14:31:37 +00:00

177 lines
6.6 KiB
C
Raw Blame History

/** @file
*
* Copyright (c) 2011-2013, ARM Limited. All rights reserved.
*
* This program and the accompanying materials
* are licensed and made available under the terms and conditions of the BSD License
* which accompanies this distribution. The full text of the license may be found at
* http://opensource.org/licenses/bsd-license.php
*
* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
*
**/
#include <Library/ArmPlatformLib.h>
#include <Library/ArmPlatformSysConfigLib.h>
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>
#include <Library/SerialPortLib.h>
#include <Drivers/ArmTrustzone.h>
#include <Drivers/PL310L2Cache.h>
#include <ArmPlatform.h>
#define SerialPrint(txt) SerialPortWrite ((UINT8*)(txt), AsciiStrLen(txt)+1)
/**
Initialize the Secure peripherals and memory regions
If Trustzone is supported by your platform then this function makes the required initialization
of the secure peripherals and memory regions.
**/
VOID
ArmPlatformSecTrustzoneInit (
IN UINTN MpId
)
{
// Nothing to do
if (!ArmPlatformIsPrimaryCore (MpId)) {
return;
}
//
// Setup TZ Protection Controller
//
if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
} else {
ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
}
// Set Non Secure access for all devices
TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);
// Remove Non secure access to secure devices
TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);
TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);
//
// Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
//
// NOR Flash 0 non secure (BootMon)
TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR0_BASE,0,
TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
// NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
//Note: Your OS Kernel must be aware of the secure regions before to enable this region
TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
} else {
TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
ARM_VE_SMB_NOR1_BASE,0,
TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
}
// Base of SRAM. Only half of SRAM in Non Secure world
// First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
//Note: Your OS Kernel must be aware of the secure regions before to enable this region
TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
ARM_VE_SMB_SRAM_BASE,0,
TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
} else {
TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
ARM_VE_SMB_SRAM_BASE,0,
TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
}
// Memory Mapped Peripherals. All in non secure world
TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
ARM_VE_SMB_PERIPH_BASE,0,
TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
// MotherBoard Peripherals and On-chip peripherals.
TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
}
/**
Initialize controllers that must setup at the early stage
Some peripherals must be initialized in Secure World.
For example, some L2x0 requires to be initialized in Secure World
**/
RETURN_STATUS
ArmPlatformSecInitialize (
IN UINTN MpId
)
{
UINT32 Value;
// If the DRAM is remapped at 0x0 then we need to wake up the secondary cores from wfe
// (waiting for the memory to be initialized) as the instruction is still in the remapped
// flash region at 0x0 to jump in the C-code which lives in the NOR1 at 0x44000000 before
// the region 0x0 is remapped as DRAM.
if (!FeaturePcdGet (PcdNorFlashRemapping)) {
if (!ArmPlatformIsPrimaryCore (MpId)) {
// Replaced ArmCallWFE () in ArmPlatformPkg/Sec/SecEntryPoint.(S|asm)
ArmCallWFE ();
} else {
// Wake up the secondary core from ArmCallWFE () in ArmPlatformPkg/Sec/SecEntryPoint.(S|asm)
ArmCallSEV ();
}
}
// If it is not the primary core then there is nothing to do
if (!ArmPlatformIsPrimaryCore (MpId)) {
return RETURN_SUCCESS;
}
// The L2x0 controller must be intialize in Secure World
L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
0,~0, // Use default setting for the Auxiliary Control Register
FALSE);
// Initialize the System Configuration
ArmPlatformSysConfigInitialize ();
// If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
// If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
if ((FeaturePcdGet (PcdSystemMemoryInitializeInSec)) || (FeaturePcdGet (PcdStandalone) == FALSE)) {
// If it is not a standalone build ensure the PcdSystemMemoryInitializeInSec has been set
ASSERT(FeaturePcdGet (PcdSystemMemoryInitializeInSec) == TRUE);
// Initialize system memory (DRAM)
ArmPlatformInitializeSystemMemory ();
}
// Memory Map remapping
if (FeaturePcdGet (PcdNorFlashRemapping)) {
SerialPrint ("Secure ROM at 0x0\n\r");
} else {
Value = MmioRead32 (ARM_VE_SYS_CFGRW1_REG); //Scc - CFGRW1
// Remap the DRAM to 0x0
MmioWrite32 (ARM_VE_SYS_CFGRW1_REG, (Value & 0x0FFFFFFF) | ARM_VE_CFGRW1_REMAP_DRAM);
}
return RETURN_SUCCESS;
}
Reference in New Issue View Git Blame Copy Permalink