refactor(plat/st): map DDR secure at boot

In BL2, the DDR can be mapped as secured in MMU, as no other SW has access to it during its execution. The TZC400 configuration is also updated to reflect this. When using OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE mapping. Else, SP_min will be in charge to reconfigure TZC400 to set DDR non-secure. Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103 Signed-off-by: Yann Gautier <yann.gautier@st.com>

refactor(plat/st): map DDR secure at boot
In BL2, the DDR can be mapped as secured in MMU, as no other SW has access to it during its execution. The TZC400 configuration is also updated to reflect this. When using OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE mapping. Else, SP_min will be in charge to reconfigure TZC400 to set DDR non-secure. Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103 Signed-off-by: Yann Gautier <yann.gautier@st.com>
c1ad41fb · Yann Gautier · Yann Gautier · b230b3f2 · c1ad41fb · c1ad41fb
Commit c1ad41fb authored Sep 04, 2020 by Yann Gautier Committed by Yann Gautier Jul 13, 2021
--- a/plat/st/common/stm32mp_common.c
+++ b/plat/st/common/stm32mp_common.c
@@ -105,7 +105,7 @@ int stm32mp_map_ddr_non_cacheable(void)
 {
 	return  mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
 					STM32MP_DDR_MAX_SIZE,
-					MT_NON_CACHEABLE | MT_RW | MT_NS);
+					MT_NON_CACHEABLE | MT_RW | MT_SECURE);
 }
 int stm32mp_unmap_ddr(void)

--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -132,7 +132,6 @@ void bl2_el3_early_platform_setup(u_register_t arg0,
 void bl2_platform_setup(void)
 {
 	int ret;
-	uint32_t ddr_ns_size;
 	if (dt_pmic_status() > 0) {
 		initialize_pmic();
@@ -144,24 +143,16 @@ void bl2_platform_setup(void)
 		panic();
 	}
-	ddr_ns_size = stm32mp_get_ddr_ns_size();
+	/* Map DDR for binary load, now with cacheable attribute */
-	assert(ddr_ns_size > 0U);
-	/* Map non secure DDR for BL33 load, now with cacheable attribute */
 	ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE,
-				      ddr_ns_size, MT_MEMORY | MT_RW | MT_NS);
+				      STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE);
-	assert(ret == 0);
+	if (ret < 0) {
+		ERROR("DDR mapping: error %d\n", ret);
+		panic();
+	}
 #ifdef AARCH32_SP_OPTEE
 	INFO("BL2 runs OP-TEE setup\n");
-	/* Map secure DDR for OP-TEE paged area */
-	ret = mmap_add_dynamic_region(STM32MP_DDR_BASE + ddr_ns_size,
-				      STM32MP_DDR_BASE + ddr_ns_size,
-				      STM32MP_DDR_S_SIZE,
-				      MT_MEMORY | MT_RW | MT_SECURE);
-	assert(ret == 0);
 	/* Initialize tzc400 after DDR initialization */
 	stm32mp1_security_setup();
 #else

--- a/plat/st/stm32mp1/stm32mp1_security.c
+++ b/plat/st/stm32mp1/stm32mp1_security.c
@@ -29,11 +29,14 @@
 static unsigned int region_nb;
-static void init_tzc400_begin(void)
+static void init_tzc400_begin(unsigned int region0_attr)
 {
 	tzc400_init(STM32MP1_TZC_BASE);
 	tzc400_disable_filters();
+	/* Region 0 set to cover all DRAM at 0xC000_0000 */
+	tzc400_configure_region0(region0_attr, 0);
 	region_nb = 1U;
 }
@@ -76,7 +79,7 @@ static void init_tzc400(void)
 	unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U);
 	unsigned long long ddr_top __unused;
-	init_tzc400_begin();
+	init_tzc400_begin(TZC_REGION_S_NONE);
 	/*
 	 * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the
@@ -118,16 +121,8 @@ static void early_init_tzc400(void)
 	stm32mp_clk_enable(TZC1);
 	stm32mp_clk_enable(TZC2);
-	init_tzc400_begin();
+	/* Region 0 set to cover all DRAM secure at 0xC000_0000 */
+	init_tzc400_begin(TZC_REGION_S_RDWR);
-	/* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
-	tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
-				STM32MP_DDR_BASE,
-				STM32MP_DDR_BASE +
-				(STM32MP_DDR_MAX_SIZE - 1U),
-				TZC_REGION_S_NONE,
-				TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
-				TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
 	/* Raise an exception if a NS device tries to access secure memory */
 	init_tzc400_end(TZC_ACTION_ERR);