1 /* 2 * Copyright (c) 2014-2025, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 #include <assert.h> 7 8 #include <common/debug.h> 9 #include <drivers/arm/nic_400.h> 10 #include <lib/mmio.h> 11 #include <platform_def.h> 12 #include <plat/arm/common/plat_arm.h> 13 #include <plat/arm/soc/common/soc_css.h> 14 #include <plat/common/platform.h> 15 16 #include "juno_ethosn_tzmp1_def.h" 17 #include "juno_tzmp1_def.h" 18 19 #ifdef JUNO_TZMP1 20 /* 21 * Protect buffer for VPU/GPU/DPU memory usage with hardware protection 22 * enabled. Propose 224MB video output, 96 MB video input and 32MB video 23 * private. 24 * 25 * Ind Memory Range Caption S_ATTR NS_ATTR 26 * 1 0x080000000 - 0x0E7FFFFFF ARM_NS_DRAM1 NONE RDWR | MEDIA_RW 27 * 2 0x0E8000000 - 0x0F5FFFFFF JUNO_MEDIA_TZC_PROT_DRAM1 NONE MEDIA_RW | AP_WR 28 * 3 0x0F6000000 - 0x0FBFFFFFF JUNO_VPU_TZC_PROT_DRAM1 RDWR VPU_PROT_RW 29 * 4 0x0FC000000 - 0x0FDFFFFFF JUNO_VPU_TZC_PRIV_DRAM1 RDWR VPU_PRIV_RW 30 * 5 0x0FE000000 - 0x0FEFFFFFF JUNO_AP_TZC_SHARE_DRAM1 NONE RDWR | MEDIA_RW 31 * 6 0x0FF000000 - 0x0FFFFFFFF ARM_AP_TZC_DRAM1 RDWR NONE 32 * 7 0x880000000 - 0x9FFFFFFFF ARM_DRAM2 NONE RDWR | MEDIA_RW 33 * 34 * Memory regions are neighbored to save limited TZC regions. Calculation 35 * started from ARM_TZC_SHARE_DRAM1 since it is known and fixed for both 36 * protected-enabled and protected-disabled settings. 37 * 38 * Video private buffer aheads of ARM_TZC_SHARE_DRAM1 39 */ 40 41 static const arm_tzc_regions_info_t juno_tzmp1_tzc_regions[] = { 42 {ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, TZC_REGION_S_RDWR, 0}, 43 {JUNO_NS_DRAM1_PT1_BASE, JUNO_NS_DRAM1_PT1_END, 44 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 45 {JUNO_MEDIA_TZC_PROT_DRAM1_BASE, JUNO_MEDIA_TZC_PROT_DRAM1_END, 46 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_PROT_ACCESS}, 47 {JUNO_VPU_TZC_PROT_DRAM1_BASE, JUNO_VPU_TZC_PROT_DRAM1_END, 48 TZC_REGION_S_RDWR, JUNO_VPU_TZC_PROT_ACCESS}, 49 {JUNO_VPU_TZC_PRIV_DRAM1_BASE, JUNO_VPU_TZC_PRIV_DRAM1_END, 50 TZC_REGION_S_RDWR, JUNO_VPU_TZC_PRIV_ACCESS}, 51 {JUNO_AP_TZC_SHARE_DRAM1_BASE, JUNO_AP_TZC_SHARE_DRAM1_END, 52 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 53 {ARM_DRAM2_BASE, ARM_DRAM2_END, 54 TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS}, 55 {}, 56 }; 57 58 /******************************************************************************* 59 * Program dp650 to configure NSAID value for protected mode. 60 ******************************************************************************/ 61 static void init_dp650(void) 62 { 63 mmio_write_32(DP650_BASE + DP650_PROT_NSAID_OFFSET, 64 DP650_PROT_NSAID_CONFIG); 65 } 66 67 /******************************************************************************* 68 * Program v550 to configure NSAID value for protected mode. 69 ******************************************************************************/ 70 static void init_v550(void) 71 { 72 /* 73 * bits[31:28] is for PRIVATE, 74 * bits[27:24] is for OUTBUF, 75 * bits[23:20] is for PROTECTED. 76 */ 77 mmio_write_32(V550_BASE + V550_PROTCTRL_OFFSET, V550_PROTCTRL_CONFIG); 78 } 79 80 #endif /* JUNO_TZMP1 */ 81 82 #ifdef JUNO_ETHOSN_TZMP1 83 84 static const arm_tzc_regions_info_t juno_ethosn_tzmp1_tzc_regions[] = { 85 JUNO_ETHOSN_TZMP_REGIONS_DEF, 86 {}, 87 }; 88 89 #endif /* JUNO_ETHOSN_TZMP1 */ 90 91 #if SPMC_AT_EL3 92 93 // Use last 2MB as secure storage only. 94 #define V2M_FLASH0_SECURE_START (V2M_FLASH0_BASE + V2M_FLASH0_SIZE - 0x200000) 95 #define V2M_FLASH0_SECURE_END (V2M_FLASH0_BASE + V2M_FLASH0_SIZE - 1) 96 97 static const arm_tzc_regions_info_t juno_stmm_tzc_regions[] = { 98 ARM_TZC_REGIONS_DEF, 99 { V2M_FLASH0_SECURE_START, V2M_FLASH0_SECURE_END, TZC_REGION_S_RDWR, 0 }, 100 {}, 101 }; 102 103 #endif /* SPMC_AT_EL3 */ 104 105 /******************************************************************************* 106 * Set up the MMU-401 SSD tables. The power-on configuration has all stream IDs 107 * assigned to Non-Secure except some for the DMA-330. Assign those back to the 108 * Non-Secure world as well, otherwise EL1 may end up erroneously generating 109 * (untranslated) Secure transactions if it turns the SMMU on. 110 ******************************************************************************/ 111 static void init_mmu401(void) 112 { 113 uint32_t reg = mmio_read_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET); 114 reg |= 0x1FF; 115 mmio_write_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET, reg); 116 } 117 118 /******************************************************************************* 119 * Program CSS-NIC400 to allow non-secure access to some CSS regions. 120 ******************************************************************************/ 121 static void css_init_nic400(void) 122 { 123 /* Note: This is the NIC-400 device on the CSS */ 124 mmio_write_32(PLAT_SOC_CSS_NIC400_BASE + 125 NIC400_ADDR_CTRL_SECURITY_REG(CSS_NIC400_SLAVE_BOOTSECURE), 126 ~0); 127 } 128 129 /******************************************************************************* 130 * Initialize debug configuration. 131 ******************************************************************************/ 132 static void init_debug_cfg(void) 133 { 134 #if !DEBUG 135 /* Set internal drive selection for SPIDEN. */ 136 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET, 137 1U << SPIDEN_SEL_SET_SHIFT); 138 139 /* Drive SPIDEN LOW to disable invasive debug of secure state. */ 140 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR, 141 1U << SPIDEN_INT_CLR_SHIFT); 142 143 /* Set internal drive selection for SPNIDEN. */ 144 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET, 145 1U << SPNIDEN_SEL_SET_SHIFT); 146 147 /* Drive SPNIDEN LOW to disable non-invasive debug of secure state. */ 148 mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR, 149 1U << SPNIDEN_INT_CLR_SHIFT); 150 #endif 151 } 152 153 /******************************************************************************* 154 * Initialize the secure environment. 155 ******************************************************************************/ 156 void plat_arm_security_setup(void) 157 { 158 /* Initialize debug configuration */ 159 init_debug_cfg(); 160 /* Initialize the TrustZone Controller */ 161 #ifdef JUNO_TZMP1 162 arm_tzc400_setup(PLAT_ARM_TZC_BASE, juno_tzmp1_tzc_regions); 163 INFO("TZC protected shared memory base address for TZMP usecase: %p\n", 164 (void *)JUNO_AP_TZC_SHARE_DRAM1_BASE); 165 INFO("TZC protected shared memory end address for TZMP usecase: %p\n", 166 (void *)JUNO_AP_TZC_SHARE_DRAM1_END); 167 #elif defined(JUNO_ETHOSN_TZMP1) 168 arm_tzc400_setup(PLAT_ARM_TZC_BASE, juno_ethosn_tzmp1_tzc_regions); 169 INFO("TZC protected shared memory range for NPU TZMP usecase: %p - %p\n", 170 (void *)JUNO_ETHOSN_NS_DRAM2_BASE, 171 (void *)JUNO_ETHOSN_NS_DRAM2_END); 172 INFO("TZC protected Data memory range for NPU TZMP usecase: %p - %p\n", 173 (void *)JUNO_ETHOSN_DATA_TZC_PROT_DRAM2_BASE, 174 (void *)JUNO_ETHOSN_DATA_TZC_PROT_DRAM2_END); 175 INFO("TZC protected FW memory range for NPU TZMP usecase: %p - %p\n", 176 (void *)JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE, 177 (void *)JUNO_ETHOSN_FW_TZC_PROT_DRAM2_END); 178 #elif SPMC_AT_EL3 179 INFO("TZC protected some of Nor flash memory range for StandaloneMm: %p - %p\n", 180 (void *)V2M_FLASH0_SECURE_START, 181 (void *)V2M_FLASH0_SECURE_END); 182 arm_tzc400_setup(PLAT_ARM_TZC_BASE, juno_stmm_tzc_regions); 183 #else 184 arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL); 185 #endif 186 /* Do ARM CSS internal NIC setup */ 187 css_init_nic400(); 188 /* Do ARM CSS SoC security setup */ 189 soc_css_security_setup(); 190 /* Initialize the SMMU SSD tables */ 191 init_mmu401(); 192 #ifdef JUNO_TZMP1 193 init_dp650(); 194 init_v550(); 195 #endif 196 } 197