From 9c66ce662c076fc1f5e57c4e72126e41d56d0b80 Mon Sep 17 00:00:00 2001 From: Bhupesh Sharma Date: Tue, 6 Jan 2015 13:11:21 -0800 Subject: [PATCH] fsl-ch3/lowlevel: TZPC and TZASC programming to configure non-secure accesses This patch ensures that the TZPC (BP147) and TZASC-400 programming happens for LS2085A SoC only when the desired config flags are enabled and ensures that the TZPC programming is done to allow Non-secure (NS) + secure (S) transactions only for DCGF registers. The TZASC component is not present on LS2085A-Rev1, so the TZASC-400 config flag is turned OFF for now. Signed-off-by: Bhupesh Sharma Reviewed-by: York Sun --- arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S | 54 ++++++++++++++++++++ arch/arm/include/asm/arch-fsl-lsch3/config.h | 28 ++++++++++ doc/README.fsl-trustzone-components | 25 +++++++++ include/configs/ls2085a_common.h | 1 + 4 files changed, 108 insertions(+) create mode 100644 doc/README.fsl-trustzone-components diff --git a/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S b/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S index 2a88aab283..c2837876b1 100644 --- a/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S +++ b/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S @@ -42,6 +42,60 @@ ENTRY(lowlevel_init) ldr x0, =secondary_boot_func blr x0 2: + +#ifdef CONFIG_FSL_TZPC_BP147 + /* Set Non Secure access for all devices protected via TZPC */ + ldr x1, =TZPCDECPROT_0_SET_BASE /* Decode Protection-0 Set Reg */ + orr w0, w0, #1 << 3 /* DCFG_RESET is accessible from NS world */ + str w0, [x1] + + isb + dsb sy +#endif + +#ifdef CONFIG_FSL_TZASC_400 + /* Set TZASC so that: + * a. We use only Region0 whose global secure write/read is EN + * b. We use only Region0 whose NSAID write/read is EN + * + * NOTE: As per the CCSR map doc, TZASC 3 and TZASC 4 are just + * placeholders. + */ + ldr x1, =TZASC_GATE_KEEPER(0) + ldr x0, [x1] /* Filter 0 Gate Keeper Register */ + orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */ + str x0, [x1] + + ldr x1, =TZASC_GATE_KEEPER(1) + ldr x0, [x1] /* Filter 0 Gate Keeper Register */ + orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */ + str x0, [x1] + + ldr x1, =TZASC_REGION_ATTRIBUTES_0(0) + ldr x0, [x1] /* Region-0 Attributes Register */ + orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */ + orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */ + str x0, [x1] + + ldr x1, =TZASC_REGION_ATTRIBUTES_0(1) + ldr x0, [x1] /* Region-1 Attributes Register */ + orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */ + orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */ + str x0, [x1] + + ldr x1, =TZASC_REGION_ID_ACCESS_0(0) + ldr w0, [x1] /* Region-0 Access Register */ + mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */ + str w0, [x1] + + ldr x1, =TZASC_REGION_ID_ACCESS_0(1) + ldr w0, [x1] /* Region-1 Attributes Register */ + mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */ + str w0, [x1] + + isb + dsb sy +#endif mov lr, x29 /* Restore LR */ ret ENDPROC(lowlevel_init) diff --git a/arch/arm/include/asm/arch-fsl-lsch3/config.h b/arch/arm/include/asm/arch-fsl-lsch3/config.h index da551e8839..d4f688b330 100644 --- a/arch/arm/include/asm/arch-fsl-lsch3/config.h +++ b/arch/arm/include/asm/arch-fsl-lsch3/config.h @@ -35,6 +35,34 @@ #define I2C3_BASE_ADDR (CONFIG_SYS_IMMR + 0x01020000) #define I2C4_BASE_ADDR (CONFIG_SYS_IMMR + 0x01030000) +/* TZ Protection Controller Definitions */ +#define TZPC_BASE 0x02200000 +#define TZPCR0SIZE_BASE (TZPC_BASE) +#define TZPCDECPROT_0_STAT_BASE (TZPC_BASE + 0x800) +#define TZPCDECPROT_0_SET_BASE (TZPC_BASE + 0x804) +#define TZPCDECPROT_0_CLR_BASE (TZPC_BASE + 0x808) +#define TZPCDECPROT_1_STAT_BASE (TZPC_BASE + 0x80C) +#define TZPCDECPROT_1_SET_BASE (TZPC_BASE + 0x810) +#define TZPCDECPROT_1_CLR_BASE (TZPC_BASE + 0x814) +#define TZPCDECPROT_2_STAT_BASE (TZPC_BASE + 0x818) +#define TZPCDECPROT_2_SET_BASE (TZPC_BASE + 0x81C) +#define TZPCDECPROT_2_CLR_BASE (TZPC_BASE + 0x820) + +/* TZ Address Space Controller Definitions */ +#define TZASC1_BASE 0x01100000 /* as per CCSR map. */ +#define TZASC2_BASE 0x01110000 /* as per CCSR map. */ +#define TZASC3_BASE 0x01120000 /* as per CCSR map. */ +#define TZASC4_BASE 0x01130000 /* as per CCSR map. */ +#define TZASC_BUILD_CONFIG_REG(x) ((TZASC1_BASE + (x * 0x10000))) +#define TZASC_ACTION_REG(x) ((TZASC1_BASE + (x * 0x10000)) + 0x004) +#define TZASC_GATE_KEEPER(x) ((TZASC1_BASE + (x * 0x10000)) + 0x008) +#define TZASC_REGION_BASE_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x100) +#define TZASC_REGION_BASE_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x104) +#define TZASC_REGION_TOP_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x108) +#define TZASC_REGION_TOP_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x10C) +#define TZASC_REGION_ATTRIBUTES_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x110) +#define TZASC_REGION_ID_ACCESS_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x114) + /* Generic Interrupt Controller Definitions */ #define GICD_BASE 0x06000000 #define GICR_BASE 0x06100000 diff --git a/doc/README.fsl-trustzone-components b/doc/README.fsl-trustzone-components new file mode 100644 index 0000000000..a3afd1f5f4 --- /dev/null +++ b/doc/README.fsl-trustzone-components @@ -0,0 +1,25 @@ +Freescale ARM64 SoCs like LS2085A have ARM TrustZone components like +TZPC-BP147 (TrustZone Protection Controller) and TZASC-400 (TrustZone +Address Space Controller). + +While most of the configuration related programming of these peripherals +is left to a root-of-trust security software layer (running in EL3 +privilege mode), but still some configurations of these peripherals +might be required while the bootloader is executing in EL3 privilege +mode. The following sections define how to turn on these features for +LS2085A like SoCs. + +TZPC-BP147 (TrustZone Protection Controller) +============================================ +- Depends on CONFIG_FSL_TZPC_BP147 configuration flag. +- Separates Secure World and Normal World on-chip RAM (OCRAM) spaces. +- Provides a programming model to set access control policy via the TZPC + TZDECPROT Registers. + +TZASC-400 (TrustZone Address Space Controller) +============================================== +- Depends on CONFIG_FSL_TZASC_400 configuration flag. +- Separates Secure World and Normal World external memory spaces for bus masters + such as processors and DMA-equipped peripherals. +- Supports 8 fully programmable address regions, initially inactive at reset, + and one base region, always active, that covers the remaining address space. diff --git a/include/configs/ls2085a_common.h b/include/configs/ls2085a_common.h index 6fe032c9ff..38984432b5 100644 --- a/include/configs/ls2085a_common.h +++ b/include/configs/ls2085a_common.h @@ -13,6 +13,7 @@ #define CONFIG_FSL_LSCH3 #define CONFIG_LS2085A #define CONFIG_GICV3 +#define CONFIG_FSL_TZPC_BP147 /* Link Definitions */ #define CONFIG_SYS_TEXT_BASE 0x30001000 -- 2.25.1