stingray/src/tz_sec.c

*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Copyright (c) 2016 - 2020, Broadcom
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli * SPDX-License-Identifier: BSD-3-Clause
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli#include <common/debug.h>
*9a40c0fbSSheetal Tigadoli#include <drivers/arm/tzc400.h>
*9a40c0fbSSheetal Tigadoli#include <lib/mmio.h>
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli#include <cmn_sec.h>
*9a40c0fbSSheetal Tigadoli#include <platform_def.h>
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Trust Zone controllers
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadoli#define TZC400_FS_SRAM_ROOT	0x66d84000
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * TZPC Master configure registers
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/* TZPC_TZPCDECPROT0set */
*9a40c0fbSSheetal Tigadoli#define TZPC0_MASTER_NS_BASE		0x68b40804
*9a40c0fbSSheetal Tigadoli#define TZPC0_SATA3_BIT			5
*9a40c0fbSSheetal Tigadoli#define TZPC0_SATA2_BIT			4
*9a40c0fbSSheetal Tigadoli#define TZPC0_SATA1_BIT			3
*9a40c0fbSSheetal Tigadoli#define TZPC0_SATA0_BIT			2
*9a40c0fbSSheetal Tigadoli#define TZPC0_USB3H1_BIT		1
*9a40c0fbSSheetal Tigadoli#define TZPC0_USB3H0_BIT		0
*9a40c0fbSSheetal Tigadoli#define TZPC0_MASTER_SEC_DEFAULT	0
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/* TZPC_TZPCDECPROT1set */
*9a40c0fbSSheetal Tigadoli#define TZPC1_MASTER_NS_BASE		0x68b40810
*9a40c0fbSSheetal Tigadoli#define TZPC1_SDIO1_BIT			6
*9a40c0fbSSheetal Tigadoli#define TZPC1_SDIO0_BIT			5
*9a40c0fbSSheetal Tigadoli#define TZPC1_AUDIO0_BIT		4
*9a40c0fbSSheetal Tigadoli#define TZPC1_USB2D_BIT			3
*9a40c0fbSSheetal Tigadoli#define TZPC1_USB2H1_BIT		2
*9a40c0fbSSheetal Tigadoli#define TZPC1_USB2H0_BIT		1
*9a40c0fbSSheetal Tigadoli#define TZPC1_AMAC0_BIT			0
*9a40c0fbSSheetal Tigadoli#define TZPC1_MASTER_SEC_DEFAULT	0
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadolistruct tz_sec_desc {
*9a40c0fbSSheetal Tigadoli	uintptr_t addr;
*9a40c0fbSSheetal Tigadoli	uint32_t val;
*9a40c0fbSSheetal Tigadoli};
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadolistatic const struct tz_sec_desc tz_master_defaults[] = {
*9a40c0fbSSheetal Tigadoli{ TZPC0_MASTER_NS_BASE, TZPC0_MASTER_SEC_DEFAULT },
*9a40c0fbSSheetal Tigadoli{ TZPC1_MASTER_NS_BASE, TZPC1_MASTER_SEC_DEFAULT }
*9a40c0fbSSheetal Tigadoli};
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Initialize the TrustZone Controller for SRAM partitioning.
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadolistatic void bcm_tzc_setup(void)
*9a40c0fbSSheetal Tigadoli{
*9a40c0fbSSheetal Tigadoli	VERBOSE("Configuring SRAM TrustZone Controller\n");
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/* Init the TZASC controller */
*9a40c0fbSSheetal Tigadoli	tzc400_init(TZC400_FS_SRAM_ROOT);
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/*
*9a40c0fbSSheetal Tigadoli	 * Close the entire SRAM space
*9a40c0fbSSheetal Tigadoli	 * Region 0 covers the entire SRAM space
*9a40c0fbSSheetal Tigadoli	 * None of the NS device can access it.
*9a40c0fbSSheetal Tigadoli	 */
*9a40c0fbSSheetal Tigadoli	tzc400_configure_region0(TZC_REGION_S_RDWR, 0);
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/* Do raise an exception if a NS device tries to access secure memory */
*9a40c0fbSSheetal Tigadoli	tzc400_set_action(TZC_ACTION_ERR);
*9a40c0fbSSheetal Tigadoli}
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Configure TZ Master as NS_MASTER or SECURE_MASTER
*9a40c0fbSSheetal Tigadoli * To set a Master to non-secure, use *_SET registers
*9a40c0fbSSheetal Tigadoli * To set a Master to secure, use *_CLR registers (set + 0x4 address)
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadolistatic void tz_master_set(uint32_t base, uint32_t value, uint32_t ns)
*9a40c0fbSSheetal Tigadoli{
*9a40c0fbSSheetal Tigadoli	if (ns == SECURE_MASTER) {
*9a40c0fbSSheetal Tigadoli		mmio_write_32(base + 4, value);
*9a40c0fbSSheetal Tigadoli	} else {
*9a40c0fbSSheetal Tigadoli		mmio_write_32(base, value);
*9a40c0fbSSheetal Tigadoli	}
*9a40c0fbSSheetal Tigadoli}
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Initialize the secure environment for sdio.
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadolivoid plat_tz_sdio_ns_master_set(uint32_t ns)
*9a40c0fbSSheetal Tigadoli{
*9a40c0fbSSheetal Tigadoli	tz_master_set(TZPC1_MASTER_NS_BASE,
*9a40c0fbSSheetal Tigadoli			1 << TZPC1_SDIO0_BIT,
*9a40c0fbSSheetal Tigadoli			ns);
*9a40c0fbSSheetal Tigadoli}
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Initialize the secure environment for usb.
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadolivoid plat_tz_usb_ns_master_set(uint32_t ns)
*9a40c0fbSSheetal Tigadoli{
*9a40c0fbSSheetal Tigadoli	tz_master_set(TZPC1_MASTER_NS_BASE,
*9a40c0fbSSheetal Tigadoli			1 << TZPC1_USB2H0_BIT,
*9a40c0fbSSheetal Tigadoli			ns);
*9a40c0fbSSheetal Tigadoli}
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli/*
*9a40c0fbSSheetal Tigadoli * Set masters to default configuration.
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli * DMA security settings are programmed into the PL-330 controller and
*9a40c0fbSSheetal Tigadoli * are not set by iProc TZPC registers.
*9a40c0fbSSheetal Tigadoli * DMA always comes up as secure master (*NS bit is 0).
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli * Because the default reset values of TZPC are 0 (== Secure),
*9a40c0fbSSheetal Tigadoli * ARM Verilog code makes all masters, including PCIe, come up as
*9a40c0fbSSheetal Tigadoli * secure.
*9a40c0fbSSheetal Tigadoli * However, SOTP has a bit called SOTP_ALLMASTER_NS that overrides
*9a40c0fbSSheetal Tigadoli * TZPC and makes all masters non-secure for AB devices.
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli * Hence we first set all the TZPC bits to program all masters,
*9a40c0fbSSheetal Tigadoli * including PCIe, as non-secure, then set the CLEAR_ALLMASTER_NS bit
*9a40c0fbSSheetal Tigadoli * so that the SOTP_ALLMASTER_NS cannot override TZPC.
*9a40c0fbSSheetal Tigadoli * now security settings for each masters come from TZPC
*9a40c0fbSSheetal Tigadoli * (which makes all masters other than DMA as non-secure).
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli * During the boot, all masters other than DMA Ctrlr + list
*9a40c0fbSSheetal Tigadoli * are non-secure in an AB Prod/AB Dev/AB Pending device.
*9a40c0fbSSheetal Tigadoli *
*9a40c0fbSSheetal Tigadoli */
*9a40c0fbSSheetal Tigadolivoid plat_tz_master_default_cfg(void)
*9a40c0fbSSheetal Tigadoli{
*9a40c0fbSSheetal Tigadoli	int i;
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/* Configure default secure and non-secure TZ Masters */
*9a40c0fbSSheetal Tigadoli	for (i = 0; i < ARRAY_SIZE(tz_master_defaults); i++) {
*9a40c0fbSSheetal Tigadoli		tz_master_set(tz_master_defaults[i].addr,
*9a40c0fbSSheetal Tigadoli			      tz_master_defaults[i].val,
*9a40c0fbSSheetal Tigadoli			      SECURE_MASTER);
*9a40c0fbSSheetal Tigadoli		tz_master_set(tz_master_defaults[i].addr,
*9a40c0fbSSheetal Tigadoli			      ~tz_master_defaults[i].val,
*9a40c0fbSSheetal Tigadoli			      NS_MASTER);
*9a40c0fbSSheetal Tigadoli	}
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/* Clear all master NS */
*9a40c0fbSSheetal Tigadoli	mmio_setbits_32(SOTP_CHIP_CTRL,
*9a40c0fbSSheetal Tigadoli			1 << SOTP_CLEAR_SYSCTRL_ALL_MASTER_NS);
*9a40c0fbSSheetal Tigadoli
*9a40c0fbSSheetal Tigadoli	/* Initialize TZ controller and Set SRAM to secure */
*9a40c0fbSSheetal Tigadoli	bcm_tzc_setup();
*9a40c0fbSSheetal Tigadoli}