From ef538c6f1b097d0a115e89aa89fb040d98e6594e Mon Sep 17 00:00:00 2001 From: Juan Castillo Date: Thu, 4 Sep 2014 14:43:09 +0100 Subject: [PATCH] Juno: Use TZC-400 driver calls This patch replaces direct accesses to the TZC-400 registers by the appropiate calls to the generic driver available in the Trusted Firmware in order to initialize the TrustZone Controller. Functions related to the initialization of the secure memory, like the TZC-400 configuration, have been moved to a new file 'plat_security.c'. This reorganization makes easier to set up the secure memory from any BL stage. TZC-400 initialization has been moved from BL1 to BL2 because BL1 does not access the non-secure memory. It is BL2's responsibility to enable and configure the TZC-400 before loading the next BL images. In Juno, BL3-0 initializes some of the platform peripherals, like the DDR controller. Thus, BL3-0 must be loaded before configuring the TrustZone Controller. As a consequence, the IO layer initialization has been moved to early platform initialization. Fixes ARM-software/tf-issues#234 Change-Id: I83dde778f937ac8d2996f7377e871a2e77d9490e --- bl2/bl2_main.c | 6 +-- plat/juno/bl1_plat_setup.c | 32 ---------------- plat/juno/bl2_plat_setup.c | 7 +++- plat/juno/juno_private.h | 3 ++ plat/juno/plat_security.c | 76 ++++++++++++++++++++++++++++++++++++++ plat/juno/platform.mk | 4 +- 6 files changed, 90 insertions(+), 38 deletions(-) create mode 100644 plat/juno/plat_security.c diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index 51c55e01c..a73946ed9 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c @@ -199,9 +199,6 @@ void bl2_main(void) /* Perform remaining generic architectural setup in S-EL1 */ bl2_arch_setup(); - /* Perform platform setup in BL2 */ - bl2_platform_setup(); - /* * Load the subsequent bootloader images */ @@ -211,6 +208,9 @@ void bl2_main(void) panic(); } + /* Perform platform setup in BL2 after loading BL3-0 */ + bl2_platform_setup(); + /* * Get a pointer to the memory the platform has set aside to pass * information to BL3-1. diff --git a/plat/juno/bl1_plat_setup.c b/plat/juno/bl1_plat_setup.c index 5804682c4..e27e39489 100644 --- a/plat/juno/bl1_plat_setup.c +++ b/plat/juno/bl1_plat_setup.c @@ -37,7 +37,6 @@ #include #include #include -#include #include "../../bl1/bl1_private.h" #include "juno_def.h" #include "juno_private.h" @@ -150,36 +149,6 @@ static void init_nic400(void) } -static void init_tzc400(void) -{ - /* Enable all filter units available */ - mmio_write_32(TZC400_BASE + GATE_KEEPER_OFF, 0x0000000f); - - /* - * Secure read and write are enabled for region 0, and the background - * region (region 0) is enabled for all four filter units - */ - mmio_write_32(TZC400_BASE + REGION_ATTRIBUTES_OFF, 0xc0000000); - - /* - * Enable Non-secure read/write accesses for the Soc Devices from the - * Non-Secure World - */ - mmio_write_32(TZC400_BASE + REGION_ID_ACCESS_OFF, - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP) | - TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT) - ); -} - #define PCIE_SECURE_REG 0x3000 #define PCIE_SEC_ACCESS_MASK ((1 << 0) | (1 << 1)) /* REG and MEM access bits */ @@ -200,7 +169,6 @@ static void init_pcie(void) void bl1_platform_setup(void) { init_nic400(); - init_tzc400(); init_pcie(); /* Initialise the IO layer and register platform IO devices */ diff --git a/plat/juno/bl2_plat_setup.c b/plat/juno/bl2_plat_setup.c index 717cfbb2f..ba4c5be1e 100644 --- a/plat/juno/bl2_plat_setup.c +++ b/plat/juno/bl2_plat_setup.c @@ -162,6 +162,9 @@ void bl2_early_platform_setup(meminfo_t *mem_layout) /* Setup the BL2 memory layout */ bl2_tzram_layout = *mem_layout; + + /* Initialise the IO layer and register platform IO devices */ + io_setup(); } /******************************************************************************* @@ -171,8 +174,8 @@ void bl2_early_platform_setup(meminfo_t *mem_layout) ******************************************************************************/ void bl2_platform_setup(void) { - /* Initialise the IO layer and register platform IO devices */ - io_setup(); + /* Initialize the secure environment */ + plat_security_setup(); } /* Flush the TF params and the TF plat params */ diff --git a/plat/juno/juno_private.h b/plat/juno/juno_private.h index 0dac03a9d..bb2548f17 100644 --- a/plat/juno/juno_private.h +++ b/plat/juno/juno_private.h @@ -108,6 +108,9 @@ int plat_get_image_source(const char *image_name, uintptr_t *dev_handle, uintptr_t *image_spec); +/* Declarations for security.c */ +void plat_security_setup(void); + /* * Before calling this function BL2 is loaded in memory and its entrypoint * is set by load_image. This is a placeholder for the platform to change diff --git a/plat/juno/plat_security.c b/plat/juno/plat_security.c new file mode 100644 index 000000000..851a39e8e --- /dev/null +++ b/plat/juno/plat_security.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include "juno_def.h" + +/******************************************************************************* + * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access + * and allow Non-Secure masters full access + ******************************************************************************/ +static void init_tzc400(void) +{ + tzc_init(TZC400_BASE); + + /* Disable filters. */ + tzc_disable_filters(); + + /* Configure region 0. Juno TZC-400 handles 40-bit addresses. */ + tzc_configure_region(0xf, 0, 0x0ull, 0xffffffffffull, + TZC_REGION_S_RDWR, + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP) | + TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT)); + + /* Raise an exception if a NS device tries to access secure memory */ + tzc_set_action(TZC_ACTION_ERR); + + /* Enable filters. */ + tzc_enable_filters(); +} + +/******************************************************************************* + * Initialize the secure environment. At this moment only the TrustZone + * Controller is initialized. + ******************************************************************************/ +void plat_security_setup(void) +{ + /* Initialize the TrustZone Controller */ + init_tzc400(); +} diff --git a/plat/juno/platform.mk b/plat/juno/platform.mk index 47465360d..2ac756eed 100644 --- a/plat/juno/platform.mk +++ b/plat/juno/platform.mk @@ -47,10 +47,12 @@ BL1_SOURCES += drivers/arm/cci400/cci400.c \ plat/juno/aarch64/plat_helpers.S \ plat/juno/aarch64/juno_common.c -BL2_SOURCES += lib/locks/bakery/bakery_lock.c \ +BL2_SOURCES += drivers/arm/tzc400/tzc400.c \ + lib/locks/bakery/bakery_lock.c \ plat/common/aarch64/platform_up_stack.S \ plat/juno/bl2_plat_setup.c \ plat/juno/mhu.c \ + plat/juno/plat_security.c \ plat/juno/aarch64/plat_helpers.S \ plat/juno/aarch64/juno_common.c \ plat/juno/scp_bootloader.c \