1 /*
2  * Copyright 2021 NXP
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <common/debug.h>
9 
10 #include <plat_tzc400.h>
11 
12 #pragma weak populate_tzc400_reg_list
13 
14 #ifdef DEFAULT_TZASC_CONFIG
15 /*
16  * Typical Memory map of DRAM0
17  *    |-----------NXP_NS_DRAM_ADDR ( = NXP_DRAM0_ADDR)----------|
18  *    |								|
19  *    |								|
20  *    |			Non-SECURE REGION			|
21  *    |								|
22  *    |								|
23  *    |								|
24  *    |------- (NXP_NS_DRAM_ADDR + NXP_NS_DRAM_SIZE - 1) -------|
25  *    |-----------------NXP_SECURE_DRAM_ADDR--------------------|
26  *    |								|
27  *    |								|
28  *    |								|
29  *    |			SECURE REGION (= 64MB)			|
30  *    |								|
31  *    |								|
32  *    |								|
33  *    |--- (NXP_SECURE_DRAM_ADDR + NXP_SECURE_DRAM_SIZE - 1)----|
34  *    |-----------------NXP_SP_SHRD_DRAM_ADDR-------------------|
35  *    |								|
36  *    |	       Secure EL1 Payload SHARED REGION (= 2MB)         |
37  *    |								|
38  *    |-----------(NXP_DRAM0_ADDR + NXP_DRAM0_SIZE - 1)---------|
39  *
40  *
41  *
42  * Typical Memory map of DRAM1
43  *    |---------------------NXP_DRAM1_ADDR----------------------|
44  *    |								|
45  *    |								|
46  *    |			Non-SECURE REGION			|
47  *    |								|
48  *    |								|
49  *    |---(NXP_DRAM1_ADDR + Dynamically calculated Size - 1) ---|
50  *
51  *
52  * Typical Memory map of DRAM2
53  *    |---------------------NXP_DRAM2_ADDR----------------------|
54  *    |								|
55  *    |								|
56  *    |			Non-SECURE REGION			|
57  *    |								|
58  *    |								|
59  *    |---(NXP_DRAM2_ADDR + Dynamically calculated Size - 1) ---|
60  */
61 
62 /*****************************************************************************
63  * This function sets up access permissions on memory regions
64  *
65  * Input:
66  *	tzc400_reg_list	: TZC400 Region List
67  *	dram_idx	: DRAM index
68  *	list_idx	: TZC400 Region List Index
69  *	dram_start_addr	: Start address of DRAM at dram_idx.
70  *	dram_size	: Size of DRAM at dram_idx.
71  *	secure_dram_sz	: Secure DRAM Size
72  *	shrd_dram_sz	: Shared DRAM Size
73  *
74  * Out:
75  *	list_idx	: last populated index + 1
76  *
77  ****************************************************************************/
populate_tzc400_reg_list(struct tzc400_reg * tzc400_reg_list,int dram_idx,int list_idx,uint64_t dram_start_addr,uint64_t dram_size,uint32_t secure_dram_sz,uint32_t shrd_dram_sz)78 int populate_tzc400_reg_list(struct tzc400_reg *tzc400_reg_list,
79 			     int dram_idx, int list_idx,
80 			     uint64_t dram_start_addr,
81 			     uint64_t dram_size,
82 			     uint32_t secure_dram_sz,
83 			     uint32_t shrd_dram_sz)
84 {
85 	if (list_idx == 0) {
86 		/* No need to configure TZC Region 0 in this list.
87 		 */
88 		list_idx++;
89 	}
90 	/* Continue with list entries for index > 0 */
91 	if (dram_idx == 0) {
92 		/* TZC Region 1 on DRAM0 for Secure Memory*/
93 		tzc400_reg_list[list_idx].reg_filter_en = 1;
94 		tzc400_reg_list[list_idx].start_addr = dram_start_addr + dram_size;
95 		tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size
96 						+ secure_dram_sz - 1;
97 		tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR;
98 		tzc400_reg_list[list_idx].nsaid_permissions = TZC_REGION_NS_NONE;
99 		list_idx++;
100 
101 		/* TZC Region 2 on DRAM0 for Shared Memory*/
102 		tzc400_reg_list[list_idx].reg_filter_en = 1;
103 		tzc400_reg_list[list_idx].start_addr = dram_start_addr + dram_size
104 							+ secure_dram_sz;
105 		tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size
106 							+ secure_dram_sz
107 							+ shrd_dram_sz
108 							- 1;
109 		tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR;
110 		tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID;
111 		list_idx++;
112 
113 		/* TZC Region 3 on DRAM0 for Non-Secure Memory*/
114 		tzc400_reg_list[list_idx].reg_filter_en = 1;
115 		tzc400_reg_list[list_idx].start_addr = dram_start_addr;
116 		tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size
117 							- 1;
118 		tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR;
119 		tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID;
120 		list_idx++;
121 	} else {
122 		/* TZC Region 3+i on DRAM(> 0) for Non-Secure Memory*/
123 		tzc400_reg_list[list_idx].reg_filter_en = 1;
124 		tzc400_reg_list[list_idx].start_addr = dram_start_addr;
125 		tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size
126 							- 1;
127 		tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR;
128 		tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID;
129 		list_idx++;
130 	}
131 
132 	return list_idx;
133 }
134 #else
populate_tzc400_reg_list(struct tzc400_reg * tzc400_reg_list,int dram_idx,int list_idx,uint64_t dram_start_addr,uint64_t dram_size,uint32_t secure_dram_sz,uint32_t shrd_dram_sz)135 int populate_tzc400_reg_list(struct tzc400_reg *tzc400_reg_list,
136 			     int dram_idx, int list_idx,
137 			     uint64_t dram_start_addr,
138 			     uint64_t dram_size,
139 			     uint32_t secure_dram_sz,
140 			     uint32_t shrd_dram_sz)
141 {
142 	ERROR("tzc400_reg_list used is not a default list\n");
143 	ERROR("%s needs to be over-written.\n", __func__);
144 	return 0;
145 }
146 #endif	/* DEFAULT_TZASC_CONFIG */
147 
148 /*******************************************************************************
149  * Configure memory access permissions
150  *   - Region 0 with no access;
151  *   - Region 1 to 4 as per the tzc400_reg_list populated by
152  *     function populate_tzc400_reg_list() with default for all the SoC.
153  ******************************************************************************/
mem_access_setup(uintptr_t base,uint32_t total_regions,struct tzc400_reg * tzc400_reg_list)154 void mem_access_setup(uintptr_t base, uint32_t total_regions,
155 		      struct tzc400_reg *tzc400_reg_list)
156 {
157 	uint32_t list_indx = 0U;
158 
159 	INFO("Configuring TrustZone Controller\n");
160 
161 	tzc400_init(base);
162 
163 	/* Disable filters. */
164 	tzc400_disable_filters();
165 
166 	/* Region 0 set to no access by default */
167 	tzc400_configure_region0(TZC_REGION_S_NONE, 0U);
168 
169 	for (list_indx = 1U; list_indx < total_regions; list_indx++) {
170 		tzc400_configure_region(
171 			tzc400_reg_list[list_indx].reg_filter_en,
172 			list_indx,
173 			tzc400_reg_list[list_indx].start_addr,
174 			tzc400_reg_list[list_indx].end_addr,
175 			tzc400_reg_list[list_indx].sec_attr,
176 			tzc400_reg_list[list_indx].nsaid_permissions);
177 	}
178 
179 	/*
180 	 * Raise an exception if a NS device tries to access secure memory
181 	 * TODO: Add interrupt handling support.
182 	 */
183 	tzc400_set_action(TZC_ACTION_ERR);
184 
185 	/* Enable filters. */
186 	tzc400_enable_filters();
187 }
188