Juno: Disable SPIDEN in release builds
On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN. Disable secure privileged external debug in release builds by
programming the appropriate Juno SoC registers.
Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c
index 202342a..70637d6 100644
--- a/plat/arm/board/juno/juno_security.c
+++ b/plat/arm/board/juno/juno_security.c
@@ -60,16 +60,34 @@
}
/*******************************************************************************
+ * Initialize debug configuration.
+ ******************************************************************************/
+static void init_debug_cfg(void)
+{
+#if !DEBUG
+ /* Set internal drive selection for SPIDEN. */
+ mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET,
+ 1U << SPIDEN_SEL_SET_SHIFT);
+
+ /* Drive SPIDEN LOW to disable invasive debug of secure state. */
+ mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR,
+ 1U << SPIDEN_INT_CLR_SHIFT);
+#endif
+}
+
+/*******************************************************************************
* Initialize the secure environment.
******************************************************************************/
void plat_arm_security_setup(void)
{
+ /* Initialize debug configuration */
+ init_debug_cfg();
/* Initialize the TrustZone Controller */
arm_tzc400_setup();
/* Do ARM CSS internal NIC setup */
css_init_nic400();
/* Do ARM CSS SoC security setup */
soc_css_security_setup();
- /* Initialize the SMMU SSD tables*/
+ /* Initialize the SMMU SSD tables */
init_mmu401();
}