xref: /rk3399_ARM-atf/plat/arm/board/juno/juno_security.c (revision c948f77136c42a92d0bb660543a3600c36dcf7f1) 
1 /*
2  * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <common/debug.h>
8 #include <drivers/arm/nic_400.h>
9 #include <lib/mmio.h>
10 #include <platform_def.h>
11 
12 #include <plat_arm.h>
13 #include <soc_css.h>
14 #include "juno_tzmp1_def.h"
15 
16 #ifdef JUNO_TZMP1
17 /*
18  * Protect buffer for VPU/GPU/DPU memory usage with hardware protection
19  * enabled. Propose 224MB video output, 96 MB video input and 32MB video
20  * private.
21  *
22  * Ind	Memory Range			Caption			  S_ATTR  NS_ATTR
23  * 1	0x080000000 - 0x0E7FFFFFF	ARM_NS_DRAM1		  NONE	  RDWR | MEDIA_RW
24  * 2	0x0E8000000 - 0x0F5FFFFFF	JUNO_MEDIA_TZC_PROT_DRAM1 NONE	  MEDIA_RW | AP_WR
25  * 3	0x0F6000000 - 0x0FBFFFFFF	JUNO_VPU_TZC_PROT_DRAM1	  RDWR	  VPU_PROT_RW
26  * 4	0x0FC000000 - 0x0FDFFFFFF	JUNO_VPU_TZC_PRIV_DRAM1	  RDWR	  VPU_PRIV_RW
27  * 5	0x0FE000000 - 0x0FEFFFFFF	JUNO_AP_TZC_SHARE_DRAM1	  NONE	  RDWR | MEDIA_RW
28  * 6	0x0FF000000 - 0x0FFFFFFFF	ARM_AP_TZC_DRAM1	  RDWR	  NONE
29  * 7	0x880000000 - 0x9FFFFFFFF	ARM_DRAM2		  NONE	  RDWR | MEDIA_RW
30  *
31  * Memory regions are neighbored to save limited TZC regions. Calculation
32  * started from ARM_TZC_SHARE_DRAM1 since it is known and fixed for both
33  * protected-enabled and protected-disabled settings.
34  *
35  * Video private buffer aheads of ARM_TZC_SHARE_DRAM1
36  */
37 
38 static const arm_tzc_regions_info_t juno_tzmp1_tzc_regions[] = {
39 	{ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, TZC_REGION_S_RDWR, 0},
40 	{JUNO_NS_DRAM1_PT1_BASE, JUNO_NS_DRAM1_PT1_END,
41 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
42 	{JUNO_MEDIA_TZC_PROT_DRAM1_BASE, JUNO_MEDIA_TZC_PROT_DRAM1_END,
43 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_PROT_ACCESS},
44 	{JUNO_VPU_TZC_PROT_DRAM1_BASE, JUNO_VPU_TZC_PROT_DRAM1_END,
45 			TZC_REGION_S_RDWR, JUNO_VPU_TZC_PROT_ACCESS},
46 	{JUNO_VPU_TZC_PRIV_DRAM1_BASE, JUNO_VPU_TZC_PRIV_DRAM1_END,
47 			TZC_REGION_S_RDWR, JUNO_VPU_TZC_PRIV_ACCESS},
48 	{JUNO_AP_TZC_SHARE_DRAM1_BASE, JUNO_AP_TZC_SHARE_DRAM1_END,
49 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
50 	{ARM_DRAM2_BASE, ARM_DRAM2_END,
51 			TZC_REGION_S_NONE, JUNO_MEDIA_TZC_NS_DEV_ACCESS},
52 	{},
53 };
54 
55 /*******************************************************************************
56  * Program dp650 to configure NSAID value for protected mode.
57  ******************************************************************************/
58 static void init_dp650(void)
59 {
60 	mmio_write_32(DP650_BASE + DP650_PROT_NSAID_OFFSET,
61 		      DP650_PROT_NSAID_CONFIG);
62 }
63 
64 /*******************************************************************************
65  * Program v550 to configure NSAID value for protected mode.
66  ******************************************************************************/
67 static void init_v550(void)
68 {
69 	/*
70 	 * bits[31:28] is for PRIVATE,
71 	 * bits[27:24] is for OUTBUF,
72 	 * bits[23:20] is for PROTECTED.
73 	 */
74 	mmio_write_32(V550_BASE + V550_PROTCTRL_OFFSET, V550_PROTCTRL_CONFIG);
75 }
76 
77 #endif /* JUNO_TZMP1 */
78 
79 /*******************************************************************************
80  * Set up the MMU-401 SSD tables. The power-on configuration has all stream IDs
81  * assigned to Non-Secure except some for the DMA-330. Assign those back to the
82  * Non-Secure world as well, otherwise EL1 may end up erroneously generating
83  * (untranslated) Secure transactions if it turns the SMMU on.
84  ******************************************************************************/
85 static void init_mmu401(void)
86 {
87 	uint32_t reg = mmio_read_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET);
88 	reg |= 0x1FF;
89 	mmio_write_32(MMU401_DMA330_BASE + MMU401_SSD_OFFSET, reg);
90 }
91 
92 /*******************************************************************************
93  * Program CSS-NIC400 to allow non-secure access to some CSS regions.
94  ******************************************************************************/
95 static void css_init_nic400(void)
96 {
97 	/* Note: This is the NIC-400 device on the CSS */
98 	mmio_write_32(PLAT_SOC_CSS_NIC400_BASE +
99 		NIC400_ADDR_CTRL_SECURITY_REG(CSS_NIC400_SLAVE_BOOTSECURE),
100 		~0);
101 }
102 
103 /*******************************************************************************
104  * Initialize debug configuration.
105  ******************************************************************************/
106 static void init_debug_cfg(void)
107 {
108 #if !DEBUG
109 	/* Set internal drive selection for SPIDEN. */
110 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET,
111 		1U << SPIDEN_SEL_SET_SHIFT);
112 
113 	/* Drive SPIDEN LOW to disable invasive debug of secure state. */
114 	mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR,
115 		1U << SPIDEN_INT_CLR_SHIFT);
116 #endif
117 }
118 
119 /*******************************************************************************
120  * Initialize the secure environment.
121  ******************************************************************************/
122 void plat_arm_security_setup(void)
123 {
124 	/* Initialize debug configuration */
125 	init_debug_cfg();
126 	/* Initialize the TrustZone Controller */
127 #ifdef JUNO_TZMP1
128 	arm_tzc400_setup(juno_tzmp1_tzc_regions);
129 	INFO("TZC protected shared memory base address for TZMP usecase: %p\n",
130 	     (void *)JUNO_AP_TZC_SHARE_DRAM1_BASE);
131 	INFO("TZC protected shared memory end address for TZMP usecase: %p\n",
132 	     (void *)JUNO_AP_TZC_SHARE_DRAM1_END);
133 #else
134 	arm_tzc400_setup(NULL);
135 #endif
136 	/* Do ARM CSS internal NIC setup */
137 	css_init_nic400();
138 	/* Do ARM CSS SoC security setup */
139 	soc_css_security_setup();
140 	/* Initialize the SMMU SSD tables */
141 	init_mmu401();
142 #ifdef JUNO_TZMP1
143 	init_dp650();
144 	init_v550();
145 #endif
146 }
147