TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / eb4519ef653f9dc2fced5dc3e087db22485c3a7d / . / plat / st / stm32mp1 / stm32mp1_security.c
blob: 1cd56c60f57e5fa1c93bd1e1d4e4d1843c6fdd7b [file] [log] [blame]
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]1/*
Yann Gautier59a1cdf2019-01-17 14:41:46 +0100[diff] [blame]2 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]7#include <stdint.h>
Antonio Nino Diaz09d40e02018-12-14 00:18:21 +0000[diff] [blame]8
9#include <platform_def.h>
10
11#include <common/debug.h>
12#include <drivers/arm/tzc400.h>
13#include <drivers/st/stm32mp1_clk.h>
Antonio Nino Diaz09d40e02018-12-14 00:18:21 +0000[diff] [blame]14#include <dt-bindings/clock/stm32mp1-clks.h>
15#include <lib/mmio.h>
16
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]17#define TZC_REGION_NSEC_ALL_ACCESS_RDWR \
18 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | \
19 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_GPU_ID) | \
20 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_LCD_ID) | \
21 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_MDMA_ID) | \
22 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_M4_ID) | \
23 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DMA_ID) | \
24 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_HOST_ID) | \
25 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_USB_OTG_ID) | \
26 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID) | \
27 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \
28 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID)
29
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]30/*******************************************************************************
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]31 * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
32 * and allow Non-Secure masters full access.
33 ******************************************************************************/
34static void init_tzc400(void)
35{
36 unsigned long long region_base, region_top;
Yann Gautier3f9c9782019-02-14 11:13:39 +0100[diff] [blame]37 unsigned long long ddr_base = STM32MP_DDR_BASE;
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]38 unsigned long long ddr_size = (unsigned long long)dt_get_ddr_size();
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]39 unsigned long long ddr_top = ddr_base + (ddr_size - 1U);
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]40
41 tzc400_init(STM32MP1_TZC_BASE);
42
43 tzc400_disable_filters();
44
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]45 /*
46 * Region 1 set to cover all DRAM at 0xC000_0000. Apply the
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]47 * same configuration to all filters in the TZC.
48 */
49 region_base = ddr_base;
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]50 region_top = ddr_top;
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]51 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]52 region_base,
53 region_top,
54 TZC_REGION_S_NONE,
55 TZC_REGION_NSEC_ALL_ACCESS_RDWR);
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]56
57 /* Raise an exception if a NS device tries to access secure memory */
58 tzc400_set_action(TZC_ACTION_ERR);
59
60 tzc400_enable_filters();
61}
62
63/*******************************************************************************
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]64 * Initialize the TrustZone Controller.
65 * Early initialization create only one region with full access to secure.
66 * This setting is used before and during DDR initialization.
67 ******************************************************************************/
68static void early_init_tzc400(void)
69{
Yann Gautier0d216802019-02-14 10:53:33 +0100[diff] [blame]70 stm32mp_clk_enable(TZC1);
71 stm32mp_clk_enable(TZC2);
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]72
73 tzc400_init(STM32MP1_TZC_BASE);
74
75 tzc400_disable_filters();
76
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]77 /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]78 tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1,
Yann Gautier3f9c9782019-02-14 11:13:39 +0100[diff] [blame]79 STM32MP_DDR_BASE,
80 STM32MP_DDR_BASE +
81 (STM32MP_DDR_MAX_SIZE - 1U),
Yann Gautiereb4519e2019-04-18 15:32:10 +0200[diff] [blame^]82 TZC_REGION_S_NONE,
Yann Gautier59a1cdf2019-01-17 14:41:46 +0100[diff] [blame]83 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) |
Yann Gautier10a511c2018-07-24 17:18:19 +0200[diff] [blame]84 TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID));
85
86 /* Raise an exception if a NS device tries to access secure memory */
87 tzc400_set_action(TZC_ACTION_ERR);
88
89 tzc400_enable_filters();
90}
91
92/*******************************************************************************
93 * Initialize the secure environment. At this moment only the TrustZone
94 * Controller is initialized.
95 ******************************************************************************/
96void stm32mp1_arch_security_setup(void)
97{
98 early_init_tzc400();
99}
Yann Gautier964dfee2018-07-16 19:36:06 +0200[diff] [blame]100
101/*******************************************************************************
102 * Initialize the secure environment. At this moment only the TrustZone
103 * Controller is initialized.
104 ******************************************************************************/
105void stm32mp1_security_setup(void)
106{
107 init_tzc400();
108}