1 /* 2 * Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <common/debug.h> 8 #include <drivers/arm/nic_400.h> 9 #include <lib/mmio.h> 10 #include <platform_def.h> 11 #include <plat/arm/common/plat_arm.h> 12 #include <plat/arm/soc/common/soc_css.h> 13 #include <plat/common/platform.h> 14 15 #include "juno_tzmp1_def.h" 16 17 #ifdef JUNO_TZMP1 18 /* 19 * Protect buffer for VPU/GPU/DPU memory usage with hardware protection 20 * enabled. Propose 224MB video output, 96 MB video input and 32MB video 21 * private. 22 * 23 * Ind Memory Range Caption S_ATTR NS_ATTR 24 * 1 0x080000000 - 0x0E7FFFFFF ARM_NS_DRAM1 NONE RDWR | MEDIA_RW 25 * 2 0x0E8000000 - 0x0F5FFFFFF JUNO_MEDIA_TZC_PROT_DRAM1 NONE MEDIA_RW | AP_WR 26 * 3 0x0F6000000 - 0x0FBFFFFFF JUNO_VPU_TZC_PROT_DRAM1 RDWR VPU_PROT_RW 27 * 4 0x0FC000000 - 0x0FDFFFFFF JUNO_VPU_TZC_PRIV_DRAM1 RDWR VPU_PRIV_RW 28 * 5 0x0FE000000 - 0x0FEFFFFFF JUNO_AP_TZC_SHARE_DRAM1 NONE RDWR | MEDIA_RW 29 * 6 0x0FF000000 - 0x0FFFFFFFF ARM_AP_TZC_DRAM1 RDWR NONE 30 * 7 0x880000000 - 0x9FFFFFFFF ARM_DRAM2 NONE RDWR | MEDIA_RW 31 * 32 * Memory regions are neighbored to save limited TZC regions. Calculation 33 * started from ARM_TZC_SHARE_DRAM1 since it is known and fixed for both 34 * protected-enabled and protected-disabled settings. 35 * 36 * Video private buffer aheads of ARM_TZC_SHARE_DRAM1 37 */ 38 39 static const arm_tzc_regions_info_t juno_tzmp1_tzc_regions[] = { 40 {ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, TZC_REGION_S_RDWR, 0}, 41 {JUNO_NS_DRAM1_PT1_BASE, JUNO_NS_DRAM1_PT1_END, 42 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 43 {JUNO_MEDIA_TZC_PROT_DRAM1_BASE, JUNO_MEDIA_TZC_PROT_DRAM1_END, 44 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_PROT_ACCESS}, 45 {JUNO_VPU_TZC_PROT_DRAM1_BASE, JUNO_VPU_TZC_PROT_DRAM1_END, 46 TZC_REGION_S_RDWR, JUNO_VPU_TZC_PROT_ACCESS}, 47 {JUNO_VPU_TZC_PRIV_DRAM1_BASE, JUNO_VPU_TZC_PRIV_DRAM1_END, 48 TZC_REGION_S_RDWR, JUNO_VPU_TZC_PRIV_ACCESS}, 49 {JUNO_AP_TZC_SHARE_DRAM1_BASE, JUNO_AP_TZC_SHARE_DRAM1_END, 50 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 51 {ARM_DRAM2_BASE, ARM_DRAM2_END, 52 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 53 {}, 54 }; 55 56 /******************************************************************************* 57 * Program dp650 to configure NSAID value for protected mode. 58 ******************************************************************************/ 59 static void init_dp650(void) 60 { 61 mmio_write_32(DP650_BASE + DP650_PROT_NSAID_OFFSET, 62 DP650_PROT_NSAID_CONFIG); 63 } 64 65 /******************************************************************************* 66 * Program v550 to configure NSAID value for protected mode. 67 ******************************************************************************/ 68 static void init_v550(void) 69 { 70 /* 71 * bits[31:28] is for PRIVATE, 72 * bits[27:24] is for OUTBUF, 73 * bits[23:20] is for PROTECTED. 74 */ 75 mmio_write_32(V550_BASE + V550_PROTCTRL_OFFSET, V550_PROTCTRL_CONFIG); 76 } 77 78 #endif /* JUNO_TZMP1 */ 79 80 /******************************************************************************* 81 * Set up the MMU-401 SSD tables. The power-on configuration has all stream IDs 82 * assigned to Non-Secure except some for the DMA-330. Assign those back to the 83 * Non-Secure world as well, otherwise EL1 may end up erroneously generating 84 * (untranslated) Secure transactions if it turns the SMMU on. 85 ******************************************************************************/ 86 static void init_mmu401(void) 87 { 88 uint32_t reg = mmio_read_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET); 89 reg |= 0x1FF; 90 mmio_write_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET, reg); 91 } 92 93 /******************************************************************************* 94 * Program CSS-NIC400 to allow non-secure access to some CSS regions. 95 ******************************************************************************/ 96 static void css_init_nic400(void) 97 { 98 /* Note: This is the NIC-400 device on the CSS */ 99 mmio_write_32(PLAT_SOC_CSS_NIC400_BASE + 100 NIC400_ADDR_CTRL_SECURITY_REG(CSS_NIC400_SLAVE_BOOTSECURE), 101 ~0); 102 } 103 104 /******************************************************************************* 105 * Initialize debug configuration. 106 ******************************************************************************/ 107 static void init_debug_cfg(void) 108 { 109 #if !DEBUG 110 /* Set internal drive selection for SPIDEN. */ 111 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET, 112 1U << SPIDEN_SEL_SET_SHIFT); 113 114 /* Drive SPIDEN LOW to disable invasive debug of secure state. */ 115 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR, 116 1U << SPIDEN_INT_CLR_SHIFT); 117 #endif 118 } 119 120 /******************************************************************************* 121 * Initialize the secure environment. 122 ******************************************************************************/ 123 void plat_arm_security_setup(void) 124 { 125 /* Initialize debug configuration */ 126 init_debug_cfg(); 127 /* Initialize the TrustZone Controller */ 128 #ifdef JUNO_TZMP1 129 arm_tzc400_setup(juno_tzmp1_tzc_regions); 130 INFO("TZC protected shared memory base address for TZMP usecase: %p\n", 131 (void *)JUNO_AP_TZC_SHARE_DRAM1_BASE); 132 INFO("TZC protected shared memory end address for TZMP usecase: %p\n", 133 (void *)JUNO_AP_TZC_SHARE_DRAM1_END); 134 #else 135 arm_tzc400_setup(NULL); 136 #endif 137 /* Do ARM CSS internal NIC setup */ 138 css_init_nic400(); 139 /* Do ARM CSS SoC security setup */ 140 soc_css_security_setup(); 141 /* Initialize the SMMU SSD tables */ 142 init_mmu401(); 143 #ifdef JUNO_TZMP1 144 init_dp650(); 145 init_v550(); 146 #endif 147 } 148 149 #if TRUSTED_BOARD_BOOT 150 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) 151 { 152 return get_mbedtls_heap_helper(heap_addr, heap_size); 153 } 154 #endif 155