1 /*
2  * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 
9 #include <arch_helpers.h>
10 #include <common/debug.h>
11 #include <drivers/delay_timer.h>
12 
13 #include <plat_private.h>
14 #include <secure.h>
15 #include <soc.h>
16 
sgrf_ddr_rgn_global_bypass(uint32_t bypass)17 static void sgrf_ddr_rgn_global_bypass(uint32_t bypass)
18 {
19 	if (bypass)
20 		/* set bypass (non-secure regions) for whole ddr regions */
21 		mmio_write_32(SGRF_BASE + SGRF_SOC_CON(21),
22 			      SGRF_DDR_RGN_BYPS);
23 	else
24 		/* cancel bypass for whole ddr regions */
25 		mmio_write_32(SGRF_BASE + SGRF_SOC_CON(21),
26 			      SGRF_DDR_RGN_NO_BYPS);
27 }
28 
29 /**
30  * There are 8 + 1 regions for DDR secure control:
31  * DDR_RGN_0 ~ DDR_RGN_7: Per DDR_RGNs grain size is 1MB
32  * DDR_RGN_X - the memories of exclude DDR_RGN_0 ~ DDR_RGN_7
33  *
34  * SGRF_SOC_CON6 - start address of RGN_0 + control
35  * SGRF_SOC_CON7 - end address of RGN_0
36  * ...
37  * SGRF_SOC_CON20 - start address of the RGN_7 + control
38  * SGRF_SOC_CON21 - end address of the RGN_7 + RGN_X control
39  *
40  * @rgn - the DDR regions 0 ~ 7 which are can be configured.
41  * @st - start address to set as secure
42  * @sz - length of area to set as secure
43  * The @st_mb and @ed_mb indicate the start and end addresses for which to set
44  * the security, and the unit is megabyte. When the st_mb == 0, ed_mb == 0, the
45  * address range 0x0 ~ 0xfffff is secure.
46  *
47  * For example, if we would like to set the range [0, 32MB) is security via
48  * DDR_RGN0, then rgn == 0, st_mb == 0, ed_mb == 31.
49  */
sgrf_ddr_rgn_config(uint32_t rgn,uintptr_t st,size_t sz)50 static void sgrf_ddr_rgn_config(uint32_t rgn, uintptr_t st, size_t sz)
51 {
52 	uintptr_t ed = st + sz;
53 	uintptr_t st_mb, ed_mb;
54 
55 	assert(rgn <= 7);
56 	assert(st < ed);
57 
58 	/* check aligned 1MB */
59 	assert(st % SIZE_M(1) == 0);
60 	assert(ed % SIZE_M(1) == 0);
61 
62 	st_mb = st / SIZE_M(1);
63 	ed_mb = ed / SIZE_M(1);
64 
65 	/* set ddr region addr start */
66 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(6 + (rgn * 2)),
67 		      BITS_WITH_WMASK(st_mb, SGRF_DDR_RGN_ADDR_WMSK, 0));
68 
69 	/* set ddr region addr end */
70 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(6 + (rgn * 2) + 1),
71 		      BITS_WITH_WMASK((ed_mb - 1), SGRF_DDR_RGN_ADDR_WMSK, 0));
72 
73 	/* select region security */
74 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(6 + (rgn * 2)),
75 		      SGRF_DDR_RGN_SECURE_SEL);
76 
77 	/* enable region security */
78 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(6 + (rgn * 2)),
79 		      SGRF_DDR_RGN_SECURE_EN);
80 }
81 
secure_watchdog_gate(void)82 void secure_watchdog_gate(void)
83 {
84 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(0), SGRF_PCLK_WDT_GATE);
85 }
86 
secure_watchdog_ungate(void)87 void secure_watchdog_ungate(void)
88 {
89 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(0), SGRF_PCLK_WDT_UNGATE);
90 }
91 
sram_secure_timer_init(void)92 __pmusramfunc void sram_secure_timer_init(void)
93 {
94 	mmio_write_32(STIMER1_BASE + TIMER_CONTROL_REG, 0);
95 
96 	mmio_write_32(STIMER1_BASE + TIMER_LOAD_COUNT0, 0xffffffff);
97 	mmio_write_32(STIMER1_BASE + TIMER_LOAD_COUNT1, 0xffffffff);
98 
99 	/* auto reload & enable the timer */
100 	mmio_write_32(STIMER1_BASE + TIMER_CONTROL_REG, TIMER_EN);
101 }
102 
secure_gic_init(void)103 void secure_gic_init(void)
104 {
105 	/* (re-)enable non-secure access to the gic*/
106 	mmio_write_32(CORE_AXI_BUS_BASE + CORE_AXI_SECURITY0,
107 		      AXI_SECURITY0_GIC);
108 }
109 
secure_timer_init(void)110 void secure_timer_init(void)
111 {
112 	mmio_write_32(STIMER1_BASE + TIMER_CONTROL_REG, 0);
113 
114 	mmio_write_32(STIMER1_BASE + TIMER_LOAD_COUNT0, 0xffffffff);
115 	mmio_write_32(STIMER1_BASE + TIMER_LOAD_COUNT1, 0xffffffff);
116 
117 	/* auto reload & enable the timer */
118 	mmio_write_32(STIMER1_BASE + TIMER_CONTROL_REG, TIMER_EN);
119 }
120 
secure_sgrf_init(void)121 void secure_sgrf_init(void)
122 {
123 	/*
124 	 * We use the first sram part to talk to the bootrom,
125 	 * so make it secure.
126 	 */
127 	mmio_write_32(TZPC_BASE + TZPC_R0SIZE, TZPC_SRAM_SECURE_4K(1));
128 
129 	secure_gic_init();
130 
131 	/* set all master ip to non-secure */
132 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(2), SGRF_SOC_CON2_MST_NS);
133 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(3), SGRF_SOC_CON3_MST_NS);
134 
135 	/* setting all configurable ip into non-secure */
136 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(4),
137 		      SGRF_SOC_CON4_SECURE_WMSK /*TODO:|SGRF_STIMER_SECURE*/);
138 	mmio_write_32(SGRF_BASE + SGRF_SOC_CON(5), SGRF_SOC_CON5_SECURE_WMSK);
139 
140 	/* secure dma to non-secure */
141 	mmio_write_32(TZPC_BASE + TZPC_DECPROT1SET, 0xff);
142 	mmio_write_32(TZPC_BASE + TZPC_DECPROT2SET, 0xff);
143 	mmio_write_32(SGRF_BASE + SGRF_BUSDMAC_CON(1), 0x3800);
144 	dsb();
145 
146 	/* rst dma1 */
147 	mmio_write_32(CRU_BASE + CRU_SOFTRSTS_CON(1),
148 		      RST_DMA1_MSK | (RST_DMA1_MSK << 16));
149 	/* rst dma2 */
150 	mmio_write_32(CRU_BASE + CRU_SOFTRSTS_CON(4),
151 		      RST_DMA2_MSK | (RST_DMA2_MSK << 16));
152 
153 	dsb();
154 
155 	/* release dma1 rst*/
156 	mmio_write_32(CRU_BASE + CRU_SOFTRSTS_CON(1), (RST_DMA1_MSK << 16));
157 	/* release dma2 rst*/
158 	mmio_write_32(CRU_BASE + CRU_SOFTRSTS_CON(4), (RST_DMA2_MSK << 16));
159 }
160 
secure_sgrf_ddr_rgn_init(void)161 void secure_sgrf_ddr_rgn_init(void)
162 {
163 	sgrf_ddr_rgn_config(0, TZRAM_BASE, TZRAM_SIZE);
164 	sgrf_ddr_rgn_global_bypass(0);
165 }
166