xref: /optee_os/core/arch/arm/plat-k3/drivers/ti_crypto.c (revision 3322f1326f141ef3f41ac7a1c1e08ca23a869fd4) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Texas Instruments Crypto Operations
4  *
5  * Copyright (C) 2025 Texas Instruments Incorporated - https://www.ti.com/
6  *	Andrew Davis <afd@ti.com>
7  */
8 
9 #include <drivers/ti_sci.h>
10 #include <platform_config.h>
11 #include <trace.h>
12 #include "ti_crypto.h"
13 
ti_crypto_init_rng_fwl(uint16_t fwl_id,uint16_t fwl_region)14 TEE_Result ti_crypto_init_rng_fwl(uint16_t fwl_id, uint16_t fwl_region)
15 {
16 	uint16_t rng_region = RNG_TI_SCI_FW_RGN_ID;
17 	uint8_t owner_index = OPTEE_HOST_ID;
18 	uint8_t owner_privid = 0;
19 	uint16_t owner_permission_bits = 0;
20 	uint32_t control = 0;
21 	uint32_t permissions[FWL_MAX_PRIVID_SLOTS] = { };
22 	uint32_t num_perm = 0;
23 	uint64_t start_address = 0;
24 	uint64_t end_address = 0;
25 	int ret = 0;
26 
27 	/* Try to claim background firewall region for ourselves */
28 	ret = ti_sci_change_fwl_owner(fwl_id, fwl_region, owner_index,
29 				      &owner_privid, &owner_permission_bits);
30 	if (ret) {
31 #if !defined(PLATFORM_FLAVOR_am62lx)
32 		/*
33 		 * In devices that use SA2UL, this is not fatal. It just means
34 		 * we are on an HS device where the DMSC already owns the
35 		 * accelerator. On GP we need to do additional setup for access
36 		 * permissions below.
37 		 */
38 		DMSG("Could not change Security Accelerator firewall owner");
39 #else
40 		EMSG("Could not set firewall region information");
41 		return TEE_ERROR_GENERIC;
42 #endif
43 	} else {
44 		IMSG("Fixing background firewall owner");
45 
46 		/* Modify current firewall configuration */
47 		control = FW_BACKGROUND_REGION | FW_ENABLE_REGION;
48 		permissions[0] = (FW_WILDCARD_PRIVID << 16) | FW_NON_SECURE;
49 		ret = ti_sci_set_fwl_region(fwl_id, fwl_region, 1,
50 					    control, permissions,
51 					    0x0, UINT32_MAX);
52 
53 		if (ret) {
54 			EMSG("Could not set firewall region information");
55 			return TEE_ERROR_GENERIC;
56 		}
57 	}
58 	/* Claim the TRNG firewall configurations */
59 	ret = ti_sci_change_fwl_owner(fwl_id, rng_region, owner_index,
60 				      &owner_privid, &owner_permission_bits);
61 	if (ret) {
62 		EMSG("Could not change TRNG firewall owner");
63 		return TEE_ERROR_GENERIC;
64 	}
65 
66 	/* Modify TRNG firewall to block all others access */
67 	control = FW_ENABLE_REGION;
68 	start_address = RNG_BASE;
69 	end_address = RNG_BASE + RNG_REG_SIZE - 1;
70 	permissions[num_perm++] = (FW_BIG_ARM_PRIVID << 16) | FW_SECURE_ONLY;
71 	permissions[num_perm++] = (FW_TIFS_PRIVID << 16) | FW_NON_SECURE;
72 	ret = ti_sci_set_fwl_region(fwl_id, rng_region, num_perm, control,
73 				    permissions, start_address, end_address);
74 	if (ret) {
75 		EMSG("Could not set firewall region information");
76 		return TEE_ERROR_GENERIC;
77 	}
78 
79 	return TEE_SUCCESS;
80 }
81