xref: /rk3399_ARM-atf/plat/arm/board/juno/juno_security.c (revision 06f3c7058c42a9f1a9f7df75ea2de71a000855e8) 
1 /*
2  * Copyright (c) 2014-2023, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 #include <assert.h>
7 
8 #include <common/debug.h>
9 #include <drivers/arm/nic_400.h>
10 #include <lib/mmio.h>
11 #include <platform_def.h>
12 #include <plat/arm/common/plat_arm.h>
13 #include <plat/arm/soc/common/soc_css.h>
14 #include <plat/common/platform.h>
15 
16 #include "juno_ethosn_tzmp1_def.h"
17 #include "juno_tzmp1_def.h"
18 
19 #ifdef JUNO_TZMP1
20 /*
21  * Protect buffer for VPU/GPU/DPU memory usage with hardware protection
22  * enabled. Propose 224MB video output, 96 MB video input and 32MB video
23  * private.
24  *
25  * Ind	Memory Range			Caption			  S_ATTR  NS_ATTR
26  * 1	0x080000000 - 0x0E7FFFFFF	ARM_NS_DRAM1		  NONE	  RDWR | MEDIA_RW
27  * 2	0x0E8000000 - 0x0F5FFFFFF	JUNO_MEDIA_TZC_PROT_DRAM1 NONE	  MEDIA_RW | AP_WR
28  * 3	0x0F6000000 - 0x0FBFFFFFF	JUNO_VPU_TZC_PROT_DRAM1	  RDWR	  VPU_PROT_RW
29  * 4	0x0FC000000 - 0x0FDFFFFFF	JUNO_VPU_TZC_PRIV_DRAM1	  RDWR	  VPU_PRIV_RW
30  * 5	0x0FE000000 - 0x0FEFFFFFF	JUNO_AP_TZC_SHARE_DRAM1	  NONE	  RDWR | MEDIA_RW
31  * 6	0x0FF000000 - 0x0FFFFFFFF	ARM_AP_TZC_DRAM1	  RDWR	  NONE
32  * 7	0x880000000 - 0x9FFFFFFFF	ARM_DRAM2		  NONE	  RDWR | MEDIA_RW
33  *
34  * Memory regions are neighbored to save limited TZC regions. Calculation
35  * started from ARM_TZC_SHARE_DRAM1 since it is known and fixed for both
36  * protected-enabled and protected-disabled settings.
37  *
38  * Video private buffer aheads of ARM_TZC_SHARE_DRAM1
39  */
40 
41 static const arm_tzc_regions_info_t juno_tzmp1_tzc_regions[] = {
42 	{ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, TZC_REGION_S_RDWR, 0},
43 	{JUNO_NS_DRAM1_PT1_BASE, JUNO_NS_DRAM1_PT1_END,
44 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
45 	{JUNO_MEDIA_TZC_PROT_DRAM1_BASE, JUNO_MEDIA_TZC_PROT_DRAM1_END,
46 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_PROT_ACCESS},
47 	{JUNO_VPU_TZC_PROT_DRAM1_BASE, JUNO_VPU_TZC_PROT_DRAM1_END,
48 			TZC_REGION_S_RDWR, JUNO_VPU_TZC_PROT_ACCESS},
49 	{JUNO_VPU_TZC_PRIV_DRAM1_BASE, JUNO_VPU_TZC_PRIV_DRAM1_END,
50 			TZC_REGION_S_RDWR, JUNO_VPU_TZC_PRIV_ACCESS},
51 	{JUNO_AP_TZC_SHARE_DRAM1_BASE, JUNO_AP_TZC_SHARE_DRAM1_END,
52 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
53 	{ARM_DRAM2_BASE, ARM_DRAM2_END,
54 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
55 	{},
56 };
57 
58 /*******************************************************************************
59  * Program dp650 to configure NSAID value for protected mode.
60  ******************************************************************************/
61 static void init_dp650(void)
62 {
63 	mmio_write_32(DP650_BASE + DP650_PROT_NSAID_OFFSET,
64 		      DP650_PROT_NSAID_CONFIG);
65 }
66 
67 /*******************************************************************************
68  * Program v550 to configure NSAID value for protected mode.
69  ******************************************************************************/
70 static void init_v550(void)
71 {
72 	/*
73 	 * bits[31:28] is for PRIVATE,
74 	 * bits[27:24] is for OUTBUF,
75 	 * bits[23:20] is for PROTECTED.
76 	 */
77 	mmio_write_32(V550_BASE + V550_PROTCTRL_OFFSET, V550_PROTCTRL_CONFIG);
78 }
79 
80 #endif /* JUNO_TZMP1 */
81 
82 #ifdef JUNO_ETHOSN_TZMP1
83 
84 static const arm_tzc_regions_info_t juno_ethosn_tzmp1_tzc_regions[] = {
85 	JUNO_ETHOSN_TZMP_REGIONS_DEF,
86 	{},
87 };
88 
89 #endif /* JUNO_ETHOSN_TZMP1 */
90 
91 /*******************************************************************************
92  * Set up the MMU-401 SSD tables. The power-on configuration has all stream IDs
93  * assigned to Non-Secure except some for the DMA-330. Assign those back to the
94  * Non-Secure world as well, otherwise EL1 may end up erroneously generating
95  * (untranslated) Secure transactions if it turns the SMMU on.
96  ******************************************************************************/
97 static void init_mmu401(void)
98 {
99 	uint32_t reg = mmio_read_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET);
100 	reg |= 0x1FF;
101 	mmio_write_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET, reg);
102 }
103 
104 /*******************************************************************************
105  * Program CSS-NIC400 to allow non-secure access to some CSS regions.
106  ******************************************************************************/
107 static void css_init_nic400(void)
108 {
109 	/* Note: This is the NIC-400 device on the CSS */
110 	mmio_write_32(PLAT_SOC_CSS_NIC400_BASE +
111 		NIC400_ADDR_CTRL_SECURITY_REG(CSS_NIC400_SLAVE_BOOTSECURE),
112 		~0);
113 }
114 
115 /*******************************************************************************
116  * Initialize debug configuration.
117  ******************************************************************************/
118 static void init_debug_cfg(void)
119 {
120 #if !DEBUG
121 	/* Set internal drive selection for SPIDEN. */
122 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET,
123 		1U << SPIDEN_SEL_SET_SHIFT);
124 
125 	/* Drive SPIDEN LOW to disable invasive debug of secure state. */
126 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR,
127 		1U << SPIDEN_INT_CLR_SHIFT);
128 
129 	/* Set internal drive selection for SPNIDEN. */
130 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET,
131 		1U << SPNIDEN_SEL_SET_SHIFT);
132 
133 	/* Drive SPNIDEN LOW to disable non-invasive debug of secure state. */
134 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR,
135 		1U << SPNIDEN_INT_CLR_SHIFT);
136 #endif
137 }
138 
139 /*******************************************************************************
140  * Initialize the secure environment.
141  ******************************************************************************/
142 void plat_arm_security_setup(void)
143 {
144 	/* Initialize debug configuration */
145 	init_debug_cfg();
146 	/* Initialize the TrustZone Controller */
147 #ifdef JUNO_TZMP1
148 	arm_tzc400_setup(PLAT_ARM_TZC_BASE, juno_tzmp1_tzc_regions);
149 	INFO("TZC protected shared memory base address for TZMP usecase: %p\n",
150 	     (void *)JUNO_AP_TZC_SHARE_DRAM1_BASE);
151 	INFO("TZC protected shared memory end address for TZMP usecase: %p\n",
152 	     (void *)JUNO_AP_TZC_SHARE_DRAM1_END);
153 #elif defined(JUNO_ETHOSN_TZMP1)
154 	arm_tzc400_setup(PLAT_ARM_TZC_BASE, juno_ethosn_tzmp1_tzc_regions);
155 	INFO("TZC protected shared memory range for NPU TZMP usecase: %p - %p\n",
156 	     (void *)JUNO_ETHOSN_NS_DRAM2_BASE,
157 	     (void *)JUNO_ETHOSN_NS_DRAM2_END);
158 	INFO("TZC protected Data memory range for NPU TZMP usecase: %p - %p\n",
159 	     (void *)JUNO_ETHOSN_DATA_TZC_PROT_DRAM2_BASE,
160 	     (void *)JUNO_ETHOSN_DATA_TZC_PROT_DRAM2_END);
161 	INFO("TZC protected FW memory range for NPU TZMP usecase: %p - %p\n",
162 	     (void *)JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE,
163 	     (void *)JUNO_ETHOSN_FW_TZC_PROT_DRAM2_END);
164 #else
165 	arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL);
166 #endif
167 	/* Do ARM CSS internal NIC setup */
168 	css_init_nic400();
169 	/* Do ARM CSS SoC security setup */
170 	soc_css_security_setup();
171 	/* Initialize the SMMU SSD tables */
172 	init_mmu401();
173 #ifdef JUNO_TZMP1
174 	init_dp650();
175 	init_v550();
176 #endif
177 }
178 
179 #if TRUSTED_BOARD_BOOT
180 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
181 {
182 	assert(heap_addr != NULL);
183 	assert(heap_size != NULL);
184 
185 	return arm_get_mbedtls_heap(heap_addr, heap_size);
186 }
187 #endif
188