Commit b230b3f2 authored by Yann Gautier's avatar Yann Gautier Committed by Yann Gautier
Browse files

refactor(plat/st): rework TZC400 configuration



Add new static functions to factorize code in stm32mp1_security.c.

Change-Id: Ifa5a1aaf7c56c25dba9a0ab8e985496d7cb06990
Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
parent 6f466062
...@@ -27,6 +27,42 @@ ...@@ -27,6 +27,42 @@
TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \ TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID) TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
static unsigned int region_nb;
static void init_tzc400_begin(void)
{
tzc400_init(STM32MP1_TZC_BASE);
tzc400_disable_filters();
region_nb = 1U;
}
static void init_tzc400_end(unsigned int action)
{
tzc400_set_action(action);
tzc400_enable_filters();
}
static void tzc400_add_region(unsigned long long region_base,
unsigned long long region_top, bool sec)
{
unsigned int sec_attr;
unsigned int nsaid_permissions;
if (sec) {
sec_attr = TZC_REGION_S_RDWR;
nsaid_permissions = 0;
} else {
sec_attr = TZC_REGION_S_NONE;
nsaid_permissions = TZC_REGION_NSEC_ALL_ACCESS_RDWR;
}
tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, region_nb, region_base,
region_top, sec_attr, nsaid_permissions);
region_nb++;
}
/******************************************************************************* /*******************************************************************************
* Initialize the TrustZone Controller. Configure Region 0 with Secure RW access * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
* and allow Non-Secure masters full access. * and allow Non-Secure masters full access.
...@@ -38,10 +74,9 @@ static void init_tzc400(void) ...@@ -38,10 +74,9 @@ static void init_tzc400(void)
unsigned long long ddr_ns_size = unsigned long long ddr_ns_size =
(unsigned long long)stm32mp_get_ddr_ns_size(); (unsigned long long)stm32mp_get_ddr_ns_size();
unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U); unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
unsigned long long ddr_top __unused;
tzc400_init(STM32MP1_TZC_BASE); init_tzc400_begin();
tzc400_disable_filters();
/* /*
* Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
...@@ -49,35 +84,28 @@ static void init_tzc400(void) ...@@ -49,35 +84,28 @@ static void init_tzc400(void)
*/ */
region_base = ddr_base; region_base = ddr_base;
region_top = ddr_ns_top; region_top = ddr_ns_top;
tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, tzc400_add_region(region_base, region_top, false);
region_base,
region_top,
TZC_REGION_S_NONE,
TZC_REGION_NSEC_ALL_ACCESS_RDWR);
#ifdef AARCH32_SP_OPTEE #ifdef AARCH32_SP_OPTEE
/* Region 2 set to cover all secure DRAM. */ /* Region 2 set to cover all secure DRAM. */
region_base = region_top + 1U; region_base = region_top + 1U;
region_top += STM32MP_DDR_S_SIZE; region_top += STM32MP_DDR_S_SIZE;
tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 2, tzc400_add_region(region_base, region_top, true);
region_base,
region_top,
TZC_REGION_S_RDWR,
0);
/* Region 3 set to cover non-secure shared memory DRAM. */ ddr_top = STM32MP_DDR_BASE + dt_get_ddr_size() - 1U;
if (region_top < ddr_top) {
/* Region 3 set to cover non-secure memory DRAM after BL32. */
region_base = region_top + 1U; region_base = region_top + 1U;
region_top += STM32MP_DDR_SHMEM_SIZE; region_top = ddr_top;
tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 3, tzc400_add_region(region_base, region_top, false);
region_base, }
region_top,
TZC_REGION_S_NONE,
TZC_REGION_NSEC_ALL_ACCESS_RDWR);
#endif #endif
tzc400_set_action(TZC_ACTION_INT); /*
* Raise an interrupt (secure FIQ) if a NS device tries to access
tzc400_enable_filters(); * secure memory
*/
init_tzc400_end(TZC_ACTION_INT);
} }
/******************************************************************************* /*******************************************************************************
...@@ -90,9 +118,7 @@ static void early_init_tzc400(void) ...@@ -90,9 +118,7 @@ static void early_init_tzc400(void)
stm32mp_clk_enable(TZC1); stm32mp_clk_enable(TZC1);
stm32mp_clk_enable(TZC2); stm32mp_clk_enable(TZC2);
tzc400_init(STM32MP1_TZC_BASE); init_tzc400_begin();
tzc400_disable_filters();
/* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */ /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
...@@ -104,9 +130,7 @@ static void early_init_tzc400(void) ...@@ -104,9 +130,7 @@ static void early_init_tzc400(void)
TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID)); TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
/* Raise an exception if a NS device tries to access secure memory */ /* Raise an exception if a NS device tries to access secure memory */
tzc400_set_action(TZC_ACTION_ERR); init_tzc400_end(TZC_ACTION_ERR);
tzc400_enable_filters();
} }
/******************************************************************************* /*******************************************************************************
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment