Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
stm32mp1_security.c 4.4 KB
Newer Older
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
1 
/*
Yann Gautier's avatar
stm32mp1: update platform files    
Yann Gautier committed
2 
 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
3
4
5
6
7 
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#include <stdint.h>
Antonio Nino Diaz's avatar
Sanitise includes across codebase    
Antonio Nino Diaz committed
8
9
10
11
12
13
14
15
16 

#include <platform_def.h>

#include <common/debug.h>
#include <drivers/arm/tzc400.h>
#include <drivers/st/stm32mp1_clk.h>
#include <dt-bindings/clock/stm32mp1-clks.h>
#include <lib/mmio.h>
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
17
18
19
20
21
22
23
24
25
26
27
28
29 
#define TZC_REGION_NSEC_ALL_ACCESS_RDWR \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_M4_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
	TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
30
31
32
33
34
35
36 
/*******************************************************************************
 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
 * and allow Non-Secure masters full access.
 ******************************************************************************/
static void init_tzc400(void)
{
	unsigned long long region_base, region_top;
Yann Gautier's avatar
stm32mp1: make functions and macros more common    
Yann Gautier committed
37 
	unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
38 
	unsigned long long ddr_size = (unsigned long long)dt_get_ddr_size();
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
39 
	unsigned long long ddr_top = ddr_base + (ddr_size - 1U);
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
40
41
42
43
44 

	tzc400_init(STM32MP1_TZC_BASE);

	tzc400_disable_filters();
Yann Gautier's avatar
stm32mp1: add OP-TEE support    
Yann Gautier committed
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75 
#ifdef AARCH32_SP_OPTEE
	/*
	 * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
	 * same configuration to all filters in the TZC.
	 */
	region_base = ddr_base;
	region_top = ddr_top - STM32MP_DDR_S_SIZE - STM32MP_DDR_SHMEM_SIZE;
	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
				region_base,
				region_top,
				TZC_REGION_S_NONE,
				TZC_REGION_NSEC_ALL_ACCESS_RDWR);

	/* Region 2 set to cover all secure DRAM. */
	region_base = region_top + 1U;
	region_top = ddr_top - STM32MP_DDR_SHMEM_SIZE;
	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 2,
				region_base,
				region_top,
				TZC_REGION_S_RDWR,
				0);

	/* Region 3 set to cover non-secure shared memory DRAM. */
	region_base = region_top + 1U;
	region_top = ddr_top;
	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 3,
				region_base,
				region_top,
				TZC_REGION_S_NONE,
				TZC_REGION_NSEC_ALL_ACCESS_RDWR);
#else
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
76
77 
	/*
	 * Region 1 set to cover all DRAM at 0xC000_0000. Apply the
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
78
79
80 
	 * same configuration to all filters in the TZC.
	 */
	region_base = ddr_base;
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
81 
	region_top = ddr_top;
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
82 
	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
83
84
85
86 
				region_base,
				region_top,
				TZC_REGION_S_NONE,
				TZC_REGION_NSEC_ALL_ACCESS_RDWR);
Yann Gautier's avatar
stm32mp1: add OP-TEE support    
Yann Gautier committed
87 
#endif
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
88
89
90
91
92
93
94 

	/* Raise an exception if a NS device tries to access secure memory */
	tzc400_set_action(TZC_ACTION_ERR);

	tzc400_enable_filters();
}
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
95
96
97
98
99
100
101 
/*******************************************************************************
 * Initialize the TrustZone Controller.
 * Early initialization create only one region with full access to secure.
 * This setting is used before and during DDR initialization.
 ******************************************************************************/
static void early_init_tzc400(void)
{
Yann Gautier's avatar
stm32mp1: update clock driver    
Yann Gautier committed
102
103 
	stm32mp_clk_enable(TZC1);
	stm32mp_clk_enable(TZC2);
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
104
105
106
107
108 

	tzc400_init(STM32MP1_TZC_BASE);

	tzc400_disable_filters();
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
109 
	/* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
110 
	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautier's avatar
stm32mp1: make functions and macros more common    
Yann Gautier committed
111
112
113 
				STM32MP_DDR_BASE,
				STM32MP_DDR_BASE +
				(STM32MP_DDR_MAX_SIZE - 1U),
Yann Gautier's avatar
stm32mp1: fix TZC400 configuration against non-secure DDR    
Yann Gautier committed
114 
				TZC_REGION_S_NONE,
Yann Gautier's avatar
stm32mp1: update platform files    
Yann Gautier committed
115 
				TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
Yann Gautier's avatar
stm32mp1: Add DDR support and its security with TZC400    
Yann Gautier committed
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131 
				TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));

	/* Raise an exception if a NS device tries to access secure memory */
	tzc400_set_action(TZC_ACTION_ERR);

	tzc400_enable_filters();
}

/*******************************************************************************
 * Initialize the secure environment. At this moment only the TrustZone
 * Controller is initialized.
 ******************************************************************************/
void stm32mp1_arch_security_setup(void)
{
	early_init_tzc400();
}
Yann Gautier's avatar
stm32mp1: Add BL32 SP_min secure monitor    
Yann Gautier committed
132
133
134
135
136
137
138
139
140 

/*******************************************************************************
 * Initialize the secure environment. At this moment only the TrustZone
 * Controller is initialized.
 ******************************************************************************/
void stm32mp1_security_setup(void)
{
	init_tzc400();
}