Patch set updated for coreboot: Exynos7: Add Trustzone initialization - coreboot-gerrit

3 Jun 2016

Stefan Reinauer (stefan.reinauer@coreboot.org) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/14912
-gerrit
commit 31fcd9648d60aa17151b2186552882c46415cf7a
Author: Akshay Saraswat akshay.s@samsung.com
Date:   Thu Aug 7 16:19:01 2014 +0530
Exynos7: Add Trustzone initialization
Adding initial Trustzone setup for Exynos7 in this patch.
Change-Id: Id8159a3a5b0707edcb908f56d4e2207cec104c1c
    Signed-off-by: Akshay Saraswat akshay.s@samsung.com
    Signed-off-by: Stefan Reinauer stefan.reinauer@coreboot.org
---
 src/soc/samsung/exynos7/Makefile.inc            |  1 +
 src/soc/samsung/exynos7/bootblock.c             |  4 ++
 src/soc/samsung/exynos7/include/soc/trustzone.h | 73 +++++++++++++++++++++++++
 src/soc/samsung/exynos7/trustzone.c             | 65 ++++++++++++++++++++++
 4 files changed, 143 insertions(+)

diff --git a/src/soc/samsung/exynos7/Makefile.inc b/src/soc/samsung/exynos7/Makefile.inc
index fdf4dda..93f21c2 100644
--- a/src/soc/samsung/exynos7/Makefile.inc
+++ b/src/soc/samsung/exynos7/Makefile.inc
@@ -29,6 +29,7 @@ bootblock-y += monotonic_timer.c
 bootblock-y += pinmux.c
 bootblock-y += power.c
 bootblock-y += timer.c
+bootblock-y += trustzone.c
 ifeq ($(CONFIG_CONSOLE_SERIAL_UART),y)
 bootblock-$(CONFIG_BOOTBLOCK_CONSOLE) += uart.c
 endif
diff --git a/src/soc/samsung/exynos7/bootblock.c b/src/soc/samsung/exynos7/bootblock.c
index 71650e0..fab66a1 100644
--- a/src/soc/samsung/exynos7/bootblock.c
+++ b/src/soc/samsung/exynos7/bootblock.c
@@ -24,6 +24,7 @@
 #include <soc/mct.h>
 #include <soc/pinmux.h>
 #include <soc/power.h>
+#include <soc/trustzone.h>
void bootblock_cpu_init(void)
 {
@@ -56,6 +57,9 @@ void bootblock_cpu_init(void)
    /* Initialize SDRAM */
    mem_ctrl_init_lpddr4(is_resume);
+	/* Initialize trustzone */
+	trustzone_init();
+
    /* Set GPIOs for UART */
    if (IS_ENABLED(CONFIG_CONSOLE_SERIAL_UART0))
    	exynos_pinmux_uart0();
diff --git a/src/soc/samsung/exynos7/include/soc/trustzone.h b/src/soc/samsung/exynos7/include/soc/trustzone.h
new file mode 100644
index 0000000..df1cc7f
--- /dev/null
+++ b/src/soc/samsung/exynos7/include/soc/trustzone.h
@@ -0,0 +1,73 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2014 Samsung Electronics
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef _CPU_SAMSUNG_EXYNOS7_TRUSTZONE_H_
+#define _CPU_SAMSUNG_EXYNOS7_TRUSTZONE_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* Distance between each Trust Zone PC register set */
+#define TZPC_MODULE_OFFSET		0x10000
+
+/* TZPC : Register Offsets */
+#define EXYNOS7_NR_TZPC_BANKS		15
+
+/*
+ * TZPC Register Value :
+ * R0_ALIVE_SIZE: 0x60 : Size of secure iRAM
+ * R0_AUDIO_SIZE: 0x0 : Size of non-secure iRAM
+ */
+#define R0_ALIVE_SIZE			0x60
+#define R0_AUDIO_SIZE			0x0
+
+/*
+ * TZPC Decode Protection Register Value :
+ * DECPROTXSET: 0xFF : Set Decode region to non-secure
+ */
+#define DECPROTXSET		0xFF
+
+#define SHIFT_4KB		12
+
+struct exynos_tzpc {
+	u32 r0size;
+	u8 res1[0x7FC];
+	u32 decprot0stat;
+	u32 decprot0set;
+	u32 decprot0clr;
+	u32 decprot1stat;
+	u32 decprot1set;
+	u32 decprot1clr;
+	u32 decprot2stat;
+	u32 decprot2set;
+	u32 decprot2clr;
+	u32 decprot3stat;
+	u32 decprot3set;
+	u32 decprot3clr;
+	u8 res2[0x7B0];
+	u32 periphid0;
+	u32 periphid1;
+	u32 periphid2;
+	u32 periphid3;
+	u32 pcellid0;
+	u32 pcellid1;
+	u32 pcellid2;
+	u32 pcellid3;
+};
+check_member(exynos_tzpc, pcellid3, 0xffc);
+
+void trustzone_init(void);
+
+#endif	/* _CPU_SAMSUNG_EXYNOS7_TRUSTZONE_H_ */
diff --git a/src/soc/samsung/exynos7/trustzone.c b/src/soc/samsung/exynos7/trustzone.c
new file mode 100644
index 0000000..f701438
--- /dev/null
+++ b/src/soc/samsung/exynos7/trustzone.c
@@ -0,0 +1,65 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2014 Samsung Electronics
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <arch/io.h>
+#include <soc/cpu.h>
+#include <soc/trustzone.h>
+
+/* Setting TZPC[TrustZone Protection Controller]
+ * We pretty much disable it all, as the kernel
+ * expects it that way -- and that's not the default.
+ */
+void trustzone_init(void)
+{
+	struct exynos_tzpc *tzpc;
+	uint64_t tzpc_hole1, tzpc_hole2, start = 0, end = 0;
+
+	/* Calculate trustzone SFR end address.
+	 * We have 16 modules which need to be initialized out of which
+	 * only 10 are sequentially following the base address.
+	 */
+	end = EXYNOS7_TZPC_BASE + ((EXYNOS7_NR_TZPC_BANKS - 6) * TZPC_MODULE_OFFSET);
+
+	/* Calculate trustzone SFR start address.
+	 * We have 6 modules above the base address + we have two SFR holes
+	 * between them.
+	 */
+	start = EXYNOS7_TZPC_BASE - (8 * TZPC_MODULE_OFFSET);
+
+	/* Calculate the addresses of SFR holes */
+	tzpc_hole1 = EXYNOS7_TZPC_BASE - (5 * TZPC_MODULE_OFFSET);
+	tzpc_hole2 = EXYNOS7_TZPC_BASE - (4 * TZPC_MODULE_OFFSET);
+
+	for ( ; start <= end; start += TZPC_MODULE_OFFSET) {
+		if (start == tzpc_hole1 || start == tzpc_hole2)
+			continue;
+		tzpc = (struct exynos_tzpc *)start;
+
+		/* Set the size of secure region */
+		if (start == EXYNOS7_TZPC_BASE)
+			write32(&tzpc->r0size,
+				((CONFIG_ROMSTAGE_BASE - PHY_IRAM_BASE) >> SHIFT_4KB));
+		else if (start == (EXYNOS7_TZPC_BASE + TZPC_MODULE_OFFSET))
+			write32(&tzpc->r0size, R0_ALIVE_SIZE);
+		else if (start == (EXYNOS7_TZPC_BASE + (2 * TZPC_MODULE_OFFSET)))
+			write32(&tzpc->r0size, R0_AUDIO_SIZE);
+
+		/* Set Decode region to non-secure */
+		write32(&tzpc->decprot0set, DECPROTXSET);
+		write32(&tzpc->decprot1set, DECPROTXSET);
+		write32(&tzpc->decprot2set, DECPROTXSET);
+		write32(&tzpc->decprot3set, DECPROTXSET);
+	}
+}

    