Commit ac252f95 authored by Dilan Lee's avatar Dilan Lee Committed by Varun Wadekar
Browse files

Tegra194: mce: enable strict checking



"Strict checking" is a mode where secure world can access
secure-only areas unlike legacy mode where secure world could
access non-secure spaces as well. Secure-only areas are defined
as the TZ-DRAM carveout and any GSC with the CPU_SECURE bit set.
This mode not only helps prevent issues with IO-Coherency but aids
with security as well.

This patch implements the programming sequence required to enable
strict checking mode for Tegra194 SoCs.

Change-Id: Ic2e594f79ec7c5bc1339b509e67c4c62efb9d0c0
Signed-off-by: default avatarDilan Lee <dilee@nvidia.com>
parent 1b0f027d
...@@ -36,6 +36,12 @@ ...@@ -36,6 +36,12 @@
******************************************************************************/ ******************************************************************************/
#define MCE_STAT_ID_SHIFT 16U #define MCE_STAT_ID_SHIFT 16U
/*******************************************************************************
* Security config macros
******************************************************************************/
#define STRICT_CHECKING_ENABLED_SET (1UL << 0)
#define STRICT_CHECKING_LOCKED_SET (1UL << 1)
/* declarations for NVG handler functions */ /* declarations for NVG handler functions */
uint64_t nvg_get_version(void); uint64_t nvg_get_version(void);
int32_t nvg_enable_power_perf_mode(void); int32_t nvg_enable_power_perf_mode(void);
...@@ -54,12 +60,16 @@ int32_t nvg_roc_clean_cache(void); ...@@ -54,12 +60,16 @@ int32_t nvg_roc_clean_cache(void);
int32_t nvg_roc_flush_cache(void); int32_t nvg_roc_flush_cache(void);
int32_t nvg_roc_clean_cache_trbits(void); int32_t nvg_roc_clean_cache_trbits(void);
int32_t nvg_enter_cstate(uint32_t state, uint32_t wake_time); int32_t nvg_enter_cstate(uint32_t state, uint32_t wake_time);
void nvg_set_request_data(uint64_t req, uint64_t data); void nvg_set_request_data(uint64_t req, uint64_t data);
void nvg_set_request(uint64_t req); void nvg_set_request(uint64_t req);
uint64_t nvg_get_result(void); uint64_t nvg_get_result(void);
uint64_t nvg_cache_clean(void); uint64_t nvg_cache_clean(void);
uint64_t nvg_cache_clean_inval(void); uint64_t nvg_cache_clean_inval(void);
uint64_t nvg_cache_inval_all(void); uint64_t nvg_cache_inval_all(void);
int32_t nvg_roc_clean_cache_trbits(void);
void nvg_enable_strict_checking_mode(void);
/* MCE helper functions */
void mce_enable_strict_checking(void);
#endif /* __MCE_PRIVATE_H__ */ #endif /* __MCE_PRIVATE_H__ */
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include <t194_nvg.h> #include <t194_nvg.h>
#include <tegra_def.h> #include <tegra_def.h>
#include <tegra_platform.h> #include <tegra_platform.h>
#include <tegra_private.h>
/* Handler to check if MCE firmware is supported */ /* Handler to check if MCE firmware is supported */
static bool mce_firmware_not_supported(void) static bool mce_firmware_not_supported(void)
...@@ -184,3 +185,53 @@ void mce_verify_firmware_version(void) ...@@ -184,3 +185,53 @@ void mce_verify_firmware_version(void)
panic(); panic();
} }
} }
/*******************************************************************************
* Handler to enable the strict checking mode
******************************************************************************/
void mce_enable_strict_checking(void)
{
uint64_t sctlr = read_sctlr_el3();
int32_t ret = 0;
if (tegra_platform_is_silicon() || tegra_platform_is_fpga()) {
/*
* Step1: TZ-DRAM and TZRAM should be setup before the MMU is
* enabled.
*
* The common code makes sure that TZDRAM/TZRAM are already
* enabled before calling into this handler. If this is not the
* case, the following sequence must be executed before moving
* on to step 2.
*
* tlbialle1is();
* tlbialle3is();
* dsbsy();
* isb();
*
*/
if ((sctlr & (uint64_t)SCTLR_M_BIT) == (uint64_t)SCTLR_M_BIT) {
tlbialle1is();
tlbialle3is();
dsbsy();
isb();
}
/*
* Step2: SCF flush - Clean and invalidate caches and clear the
* TR-bits
*/
ret = nvg_roc_clean_cache_trbits();
if (ret < 0) {
ERROR("%s: flush cache_trbits failed(%d)\n", __func__,
ret);
return;
}
/*
* Step3: Issue the SECURITY_CONFIG request to MCE to enable
* strict checking mode.
*/
nvg_enable_strict_checking_mode();
}
}
...@@ -284,3 +284,16 @@ int32_t nvg_enter_cstate(uint32_t state, uint32_t wake_time) ...@@ -284,3 +284,16 @@ int32_t nvg_enter_cstate(uint32_t state, uint32_t wake_time)
return ret; return ret;
} }
/*
* Enable strict checking mode
*
* NVGDATA[3] strict_check ON + lock
*/
void nvg_enable_strict_checking_mode(void)
{
uint64_t params = (uint64_t)(STRICT_CHECKING_ENABLED_SET |
STRICT_CHECKING_LOCKED_SET);
nvg_set_request_data(TEGRA_NVG_CHANNEL_SECURITY_CONFIG, params);
}
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#include <lib/el3_runtime/context_mgmt.h> #include <lib/el3_runtime/context_mgmt.h>
#include <lib/psci/psci.h> #include <lib/psci/psci.h>
#include <mce.h> #include <mce.h>
#include <mce_private.h>
#include <plat/common/platform.h> #include <plat/common/platform.h>
#include <se.h> #include <se.h>
#include <smmu.h> #include <smmu.h>
...@@ -356,6 +357,13 @@ int32_t tegra_soc_pwr_domain_on_finish(const psci_power_state_t *target_state) ...@@ -356,6 +357,13 @@ int32_t tegra_soc_pwr_domain_on_finish(const psci_power_state_t *target_state)
* context if we are. * context if we are.
*/ */
if (stateid_afflvl2 == PSTATE_ID_SOC_POWERDN) { if (stateid_afflvl2 == PSTATE_ID_SOC_POWERDN) {
/*
* Enable strict checking after programming the GSC for
* enabling TZSRAM and TZDRAM
*/
mce_enable_strict_checking();
/* Init SMMU */ /* Init SMMU */
tegra_smmu_init(); tegra_smmu_init();
......
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
#include <drivers/arm/gicv2.h> #include <drivers/arm/gicv2.h>
#include <bl31/interrupt_mgmt.h> #include <bl31/interrupt_mgmt.h>
#include <mce.h> #include <mce.h>
#include <mce_private.h>
#include <plat/common/platform.h> #include <plat/common/platform.h>
#include <tegra_def.h> #include <tegra_def.h>
#include <tegra_mc_def.h> #include <tegra_mc_def.h>
...@@ -257,3 +258,12 @@ plat_params_from_bl2_t *plat_get_bl31_plat_params(void) ...@@ -257,3 +258,12 @@ plat_params_from_bl2_t *plat_get_bl31_plat_params(void)
return (plat_params_from_bl2_t *)(uintptr_t)val; return (plat_params_from_bl2_t *)(uintptr_t)val;
} }
void plat_late_platform_setup(void)
{
/*
* Enable strict checking after programming the GSC for
* enabling TZSRAM and TZDRAM
*/
mce_enable_strict_checking();
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment