[coreboot-gerrit] Patch set updated for coreboot: 8a4a9c4 Cygnus: add TrustZone functions and set everything non-secure in bootblock
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Mon Apr 27 08:40:30 CEST 2015
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/9985
-gerrit
commit 8a4a9c45916aa692e0440540e2b7b1654cba6a1f
Author: Corneliu Doban <cdoban at broadcom.com>
Date: Fri Apr 10 15:51:55 2015 -0700
Cygnus: add TrustZone functions and set everything non-secure in bootblock
To allow an OS to run in non-secure mode:
- Set all peripherals and system components non-secure except SOTP and TZPC.
- Set all memory non-secure (ROM, SRAM, DDR, flash).
- Enable A9 access to entire M0 address space except M0 ROM.
BUG=chrome-os-partner:37533
BRANCH=broadcom-firmware
TEST=boot kernel from usb stick
Change-Id: I3bbd288863923011ff1413be353ac4b178ffdd07
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Commit-Id: 6de56bbe73ed8d87ad572da711a193985ee68e3a
Original-Signed-off-by: Corneliu Doban <cdoban at broadcom.com>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212735
Original-Reviewed-by: Daisuke Nojiri <dnojiri at google.com>
Original-Commit-Queue: Daisuke Nojiri <dnojiri at google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri at google.com>
Original-Change-Id: Ibac7de03a72a98fbd95659d0113833049b4871a5
Original-Reviewed-on: https://chromium-review.googlesource.com/266593
Original-Reviewed-by: Daisuke Nojiri <dnojiri at chromium.org>
Original-Tested-by: Daisuke Nojiri <dnojiri at chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri at chromium.org>
Original-Trybot-Ready: Daisuke Nojiri <dnojiri at chromium.org>
---
src/soc/broadcom/cygnus/Makefile.inc | 1 +
src/soc/broadcom/cygnus/hw_init.c | 228 +++++++++++++-----------
src/soc/broadcom/cygnus/include/soc/tz.h | 226 ++++++++++++++++++++++++
src/soc/broadcom/cygnus/tz.c | 287 +++++++++++++++++++++++++++++++
4 files changed, 643 insertions(+), 99 deletions(-)
diff --git a/src/soc/broadcom/cygnus/Makefile.inc b/src/soc/broadcom/cygnus/Makefile.inc
index edeb687..4e09bed 100644
--- a/src/soc/broadcom/cygnus/Makefile.inc
+++ b/src/soc/broadcom/cygnus/Makefile.inc
@@ -21,6 +21,7 @@ bootblock-y += bootblock.c
bootblock-y += cbmem.c
bootblock-y += i2c.c
bootblock-y += timer.c
+bootblock-y += tz.c
bootblock-y += hw_init.c
bootblock-$(CONFIG_SPI_FLASH) += spi.c
ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
diff --git a/src/soc/broadcom/cygnus/hw_init.c b/src/soc/broadcom/cygnus/hw_init.c
index 12adf66..610ec6c 100644
--- a/src/soc/broadcom/cygnus/hw_init.c
+++ b/src/soc/broadcom/cygnus/hw_init.c
@@ -18,75 +18,139 @@
#include <arch/io.h>
#include <delay.h>
#include <console/console.h>
+#include <soc/tz.h>
#include <soc/hw_init.h>
/*****************************************************************************
* TrustZone
*****************************************************************************/
-#define TZPC_TZPCDECPROT0SET 0x18034804
-#define TZPC_TZPCDECPROT0CLR 0x18034808
-#define TZPC_TZPCDECPROT1SET 0x18034810
-#define TZPC_TZPCDECPROT1CLR 0x18034814
-#define TZPC_TZPCDECPROT2SET 0x1803481c
-#define TZPC_TZPCDECPROT2CLR 0x18034820
-
-#define TZPCDECPROT0_MASK 0x000000FF
-#define TZPCDECPROT1_MASK 0x000000FF
-#define TZPCDECPROT2_MASK 0x000000FF
-
-#define TZ_STATE_SECURE 0
-#define TZ_STATE_NON_SECURE 1
-
-#define CYGNUS_M_PCIE0_M0 0x00000003
-#define CYGNUS_M_PCIE1_M0 0x0000000c
-#define CYGNUS_M_CMICD_M0 0x00000030
-#define CYGNUS_M_EXT_M0 0x000000c0
-
-#define CYGNUS_M_EXT_M1 (0x00000003 << 8)
-#define CYGNUS_M_SDIO_M0 (0x0000000c << 8)
-#define CYGNUS_M_SDIO_M1 (0x00000030 << 8)
-#define CYGNUS_M_AMAC_M0 (0x000000c0 << 8)
-
-#define CYGNUS_M_AMAC_M1 (0x00000003 << 16)
-#define CYGNUS_M_USB2H_M0 (0x0000000c << 16)
-#define CYGNUS_M_USB2D_M0 (0x00000030 << 16)
-#define CYGNUS_M_A9JTAG_M0 (0x000000c0 << 16)
-
-#define IPROC_M_PCIE (CYGNUS_M_PCIE0_M0 | CYGNUS_M_PCIE1_M0)
-#define IPROC_M_EXT (CYGNUS_M_EXT_M0 | CYGNUS_M_EXT_M1)
-#define IPROC_M_SDIO (CYGNUS_M_SDIO_M0 | CYGNUS_M_SDIO_M1)
-#define IPROC_M_AMAC (CYGNUS_M_AMAC_M0 | CYGNUS_M_AMAC_M1)
-#define IPROC_M_USB (CYGNUS_M_USB2H_M0 | CYGNUS_M_USB2D_M0)
-#define IPROC_M_CMICD (CYGNUS_M_CMICD_M0)
-
-static void tz_set_masters_security(uint32_t masters, uint32_t ns_bit)
+#define IHOST_SCU_SECURE_ACCESS 0x19020054
+
+#define SMAU_NIC_IDM_TZ_BASE 0x180150a0
+#define SMAU_DDR_TZ_BASE 0x18015200
+#define SMAU_FLASH0_TZ_BASE 0x18015300
+#define SMAU_FLASH1_TZ_BASE 0x18015308
+#define SMAU_FLASH2_TZ_BASE 0x18015310
+#define SMAU_FLASH3_TZ_BASE 0x18015318
+#define SMAU_TZ_BASE_ENABLE 0x00000001
+
+#define CRMU_IPROC_ADDR_RANGE0_LOW 0x03024c30
+#define CRMU_IPROC_ADDR_RANGE0_HIGH 0x03024c34
+#define CRMU_ADDR_MASK 0xffffff00
+#define CRMU_ADDR_VALID 0x00000001
+#define CRMU_ADDR_START 0x03010000
+#define CRMU_ADDR_END 0x03100000
+
+static void scu_ns_config(void)
{
- uint32_t val = 0;
-
- /* Check any TZPCDECPROT0 is set and then write to TZPCDECPROT0 */
- if (masters & TZPCDECPROT0_MASK) {
- val = masters & TZPCDECPROT0_MASK;
- if (ns_bit)
- write32((void *)TZPC_TZPCDECPROT0SET, val);
- else
- write32((void *)TZPC_TZPCDECPROT0CLR, val);
- }
- /* Check any TZPCDECPROT1 is set and then write to TZPCDECPROT1 */
- if ((masters >> 8) & TZPCDECPROT1_MASK) {
- val = (masters >> 8) & TZPCDECPROT1_MASK;
- if (ns_bit)
- write32((void *)TZPC_TZPCDECPROT1SET, val);
- else
- write32((void *)TZPC_TZPCDECPROT1CLR, val);
- }
- /* Check any TZPCDECPROT2 is set and then write to TZPCDECPROT2 */
- if ((masters >> 16) & TZPCDECPROT2_MASK) {
- val = (masters >> 16) & TZPCDECPROT2_MASK;
- if (ns_bit)
- write32((void *)TZPC_TZPCDECPROT2SET, val);
- else
- write32((void *)TZPC_TZPCDECPROT2CLR, val);
- }
+ /*
+ * Enable NS SCU access to ARM global timer, private timer, and
+ * components
+ */
+ write32((void *)IHOST_SCU_SECURE_ACCESS, 0xFFF);
+}
+
+static void smau_ns_config(void)
+{
+ unsigned int val;
+
+ /* Disable SMAU NIC IDM TZ */
+ val = read32((void *)SMAU_NIC_IDM_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_NIC_IDM_TZ_BASE, val);
+
+ /*
+ * Disable DDR TZ base
+ *
+ * This means the entire DDR is marked as NONSECURE (NS)
+ *
+ * NOTE: In the future, multiple regions of DDR may need to be marked
+ * as SECURE for secure OS and other TZ usages
+ */
+ val = read32((void *)SMAU_DDR_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_DDR_TZ_BASE, val);
+
+
+ /*
+ * Disable flash TZ support
+ *
+ * The entire flash is currently marked as NS
+ *
+ * NOTE: In the future, multiple regions of flash may need to be marked
+ * as SECURE for secure OS and other TZ firmware/data storage
+ */
+
+ /* Flash 0: ROM */
+ val = read32((void *)SMAU_FLASH0_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_FLASH0_TZ_BASE, val);
+
+ /* Flash 1: QSPI */
+ val = read32((void *)SMAU_FLASH1_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_FLASH1_TZ_BASE, val);
+
+ /* Flash 2: NAND */
+ val = read32((void *)SMAU_FLASH2_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_FLASH2_TZ_BASE, val);
+
+ /* Flash 3: PNOR */
+ val = read32((void *)SMAU_FLASH3_TZ_BASE);
+ val &= ~SMAU_TZ_BASE_ENABLE;
+ write32((void *)SMAU_FLASH3_TZ_BASE, val);
+}
+
+static void crmu_ns_config(void)
+{
+
+ /*
+ * Currently opens up the entire CRMU to allow iPROC NS access
+ *
+ * NOTE: In the future, we might want to protect particular CRMU
+ * sub-blocks to allow SECURE access only. That can be done by
+ * programing the CRMU IPROC address range registers. Up to 4 access
+ * windows can be created
+ */
+ write32((void *)CRMU_IPROC_ADDR_RANGE0_LOW,
+ (CRMU_ADDR_START & CRMU_ADDR_MASK) | CRMU_ADDR_VALID);
+ write32((void *)CRMU_IPROC_ADDR_RANGE0_HIGH,
+ (CRMU_ADDR_END & CRMU_ADDR_MASK) | CRMU_ADDR_VALID);
+}
+
+static void tz_init(void)
+{
+ /* Configure the Cygnus for non-secure access */
+ /* ARM Cortex A9 SCU NS access configuration */
+ scu_ns_config();
+
+ /* SMAU NS related configurations */
+ smau_ns_config();
+
+ /* CRMU NS related configurations */
+ crmu_ns_config();
+
+ /*
+ * Configure multiple masters and slaves to run in NS
+ */
+ tz_set_non_virtual_slaves_security(0xFFFFFFFF, TZ_STATE_NON_SECURE);
+ tz_set_periph_security(0xFFFFFFFF, TZ_STATE_NON_SECURE);
+ tz_set_masters_security(0xFFFFFFFF, TZ_STATE_NON_SECURE);
+ tz_set_wrapper_security(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ TZ_STATE_NON_SECURE);
+ tz_set_cfg_slaves_security(0xFFFFFFFF, TZ_STATE_NON_SECURE);
+
+ tz_set_ext_slaves_security(0xFFFFFFFF, TZ_STATE_NON_SECURE);
+
+ /* configure sec peripherals to be accessed from non-secure world */
+ tz_set_sec_periphs_security(0xFFFFFFFF &
+ ~(CYGNUS_sec_periph_APBz_sotp |
+ CYGNUS_sec_periph_APBz_tzpc),
+ TZ_STATE_NON_SECURE);
+
+ /* default sram to non-secure */
+ tz_set_sram_sec_region(0);
}
/*****************************************************************************
@@ -350,10 +414,6 @@ static void ccu_init(void)
/*****************************************************************************
* LCD
*****************************************************************************/
-#define ASIU_TOP_LCD_AXI_SB_CTRL 0x180aa02c
-#define ASIU_TOP_LCD_AXI_SB_CTRL_LCD_ARPROT_MASK 0x03800000
-#define ASIU_TOP_LCD_AXI_SB_CTRL_LCD_HPROT_NON_SECURE 0x40000000
-
#define ASIU_TOP_CLK_GATING_CTRL 0x180aa024
#define ASIU_TOP_CLK_GATING_CTRL_LCD_CLK_GATE_EN 0x00000010
#define ASIU_TOP_CLK_GATING_CTRL_MIPI_DSI_CLK_GATE_EN 0x00000008
@@ -364,12 +424,6 @@ static void lcd_init(void)
{
unsigned int val;
- val = read32((void *)ASIU_TOP_LCD_AXI_SB_CTRL);
- /* set LCD_ARPROT and LCD_HPROT_NON_SECURE to 0 */
- val &= ~(ASIU_TOP_LCD_AXI_SB_CTRL_LCD_ARPROT_MASK |
- ASIU_TOP_LCD_AXI_SB_CTRL_LCD_HPROT_NON_SECURE);
- write32((void *)ASIU_TOP_LCD_AXI_SB_CTRL, val);
-
/* make sure the LCD clock is ungated */
val = read32((void *)ASIU_TOP_CLK_GATING_CTRL);
val |= ASIU_TOP_CLK_GATING_CTRL_LCD_CLK_GATE_EN;
@@ -423,22 +477,10 @@ static void lcd_qos_init(unsigned int qos)
/*****************************************************************************
* V3D
*****************************************************************************/
-#define ASIU_TOP_GFX_AXI_SB_CTRL 0x180aa034
-#define ASIU_TOP_GFX_AXI_SB_CTRL_GFX_ARPROT_MASK 0x03800000
-#define ASIU_TOP_GFX_AXI_SB_CTRL_GFX_AWPROT_MASK 0x00700000
-
static void v3d_init(void)
{
unsigned int val;
- val = read32((void *)ASIU_TOP_GFX_AXI_SB_CTRL);
- /*
- * set both GFX_ARPROT and GFX_AWPROT to 0
- */
- val &= ~(ASIU_TOP_GFX_AXI_SB_CTRL_GFX_ARPROT_MASK |
- ASIU_TOP_GFX_AXI_SB_CTRL_GFX_AWPROT_MASK);
- write32((void *)ASIU_TOP_GFX_AXI_SB_CTRL, val);
-
/* make sure the V3D clock is ungated */
val = read32((void *)ASIU_TOP_CLK_GATING_CTRL);
val |= ASIU_TOP_CLK_GATING_CTRL_MIPI_DSI_CLK_GATE_EN |
@@ -455,10 +497,6 @@ static void v3d_init(void)
#define CRMU_PLL_AON_CTRL_ASIU_AUDIO_GENPLL_PWRON_LDO 0x00000200
#define CRMU_PLL_AON_CTRL_ASIU_AUDIO_GENPLL_ISO_IN 0x00000100
-#define ASIU_TOP_AUD_AXI_SB_CTRL 0x180aa028
-#define ASIU_TOP_AUD_AXI_SB_CTRL_AUD_ARPROT_MASK 0x03800000
-#define ASIU_TOP_AUD_AXI_SB_CTRL_AUD_AWPROT_MASK 0x00700000
-
static void audio_init(void)
{
unsigned int val;
@@ -475,12 +513,6 @@ static void audio_init(void)
val |= CRMU_PLL_AON_CTRL_ASIU_AUDIO_GENPLL_PWRON_PLL;
val &= ~CRMU_PLL_AON_CTRL_ASIU_AUDIO_GENPLL_ISO_IN;
write32((void *)CRMU_PLL_AON_CTRL, val);
-
- /* Clear AWPROT and ARPROT signals to audio block. */
- val = read32((void *)ASIU_TOP_AUD_AXI_SB_CTRL);
- val &= ~(ASIU_TOP_AUD_AXI_SB_CTRL_AUD_AWPROT_MASK |
- ASIU_TOP_AUD_AXI_SB_CTRL_AUD_ARPROT_MASK);
- write32((void *)ASIU_TOP_AUD_AXI_SB_CTRL, val);
}
/*****************************************************************************
@@ -707,12 +739,10 @@ static void sdio_init(void)
void hw_init(void)
{
- tz_set_masters_security(IPROC_M_PCIE | IPROC_M_EXT | IPROC_M_SDIO |
- IPROC_M_AMAC | IPROC_M_USB | IPROC_M_CMICD,
- TZ_STATE_SECURE);
+ tz_init();
printk(BIOS_INFO, "trustzone initialized\n");
dmac_init();
- printk(BIOS_INFO, "PL022 DMAC initialized\n");
+ printk(BIOS_INFO, "PL330 DMAC initialized\n");
lcd_init();
lcd_qos_init(15);
printk(BIOS_INFO, "LCD initialized\n");
diff --git a/src/soc/broadcom/cygnus/include/soc/tz.h b/src/soc/broadcom/cygnus/include/soc/tz.h
new file mode 100644
index 0000000..cb9ae63
--- /dev/null
+++ b/src/soc/broadcom/cygnus/include/soc/tz.h
@@ -0,0 +1,226 @@
+/*
+ * Copyright (C) 2015 Broadcom Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __SOC_BROADCOM_CYGNUS_TZ_H__
+#define __SOC_BROADCOM_CYGNUS_TZ_H__
+
+#define TZ_STATE_SECURE 0
+#define TZ_STATE_NON_SECURE 1
+
+/*
+ * Masters (for parameter masters in "tz_set_masters_security")
+ */
+#define CYGNUS_M_Pcie0_m0 0x00000003
+#define CYGNUS_M_Pcie1_m0 0x0000000c
+#define CYGNUS_M_cmicd_m0 0x00000030
+#define CYGNUS_M_ext_m0 0x000000c0
+
+#define CYGNUS_M_ext_m1 (0x00000003 << 8)
+#define CYGNUS_M_sdio_m0 (0x0000000c << 8)
+#define CYGNUS_M_sdio_m1 (0x00000030 << 8)
+#define CYGNUS_M_amac_m0 (0x000000c0 << 8)
+
+#define CYGNUS_M_amac_m1 (0x00000003 << 16)
+#define CYGNUS_M_usb2h_m0 (0x0000000c << 16)
+#define CYGNUS_M_usb2d_m0 (0x00000030 << 16)
+#define CYGNUS_M_a9jtag_m0 (0x000000c0 << 16)
+
+/*
+ * Non virtual slaves (for parameter slave_vector in "tz_set_non_virtual_slaves_security")
+ * Note: the order has to match the order in non_virtual_slave_regs[] array from tz.c
+ */
+#define CYGNUS_S_Ihost_acp (0x1 << 0)
+#define CYGNUS_S_PCIe0_s0 (0x1 << 1)
+#define CYGNUS_S_PCIe1_s0 (0x1 << 2)
+#define CYGNUS_S_ihost_s0 (0x1 << 3)
+#define CYGNUS_S_A9jtag_s0 (0x1 << 4)
+#define CYGNUS_S_CMICd_s0 (0x1 << 5)
+#define CYGNUS_S_mhost0_s0 (0x1 << 6)
+#define CYGNUS_S_mhost1_s0 (0x1 << 7)
+#define CYGNUS_S_Crypto_s0 (0x1 << 8)
+#define CYGNUS_S_DMU_s0 (0x1 << 9)
+
+/*
+ * Peripherals (for parameter slave_vector in "tz_set_periph_security")
+ */
+#define CYGNUS_periph_APBx_DMU 0x00008000
+#define CYGNUS_periph_APBx_cru 0x00004000
+#define CYGNUS_periph_APBx_ccg_smbus1 0x00000800
+#define CYGNUS_periph_APBx_ccg_gpio 0x00000400
+#define CYGNUS_periph_APBx_ccg_watchdog 0x00000200
+#define CYGNUS_periph_APBx_ccg_smbus0 0x00000100
+#define CYGNUS_periph_APBx_ccg_srab 0x00000080
+#define CYGNUS_periph_APBx_ccg_timer3 0x00000040
+#define CYGNUS_periph_APBx_ccg_timer2 0x00000020
+#define CYGNUS_periph_APBx_ccg_timer1 0x00000010
+#define CYGNUS_periph_APBx_ccg_timer0 0x00000008
+#define CYGNUS_periph_APBx_ccg_mdio 0x00000004
+#define CYGNUS_periph_APBx_ccg_pwm 0x00000002
+#define CYGNUS_periph_APBx_icfg 0x00000001
+
+#define CYGNUS_periph_APBy_ccg_spi5 (0x00002000 << 16)
+#define CYGNUS_periph_APBy_ccg_spi4 (0x00001000 << 16)
+#define CYGNUS_periph_APBy_ccg_spi3 (0x00000800 << 16)
+#define CYGNUS_periph_APBy_ccg_spi2 (0x00000400 << 16)
+#define CYGNUS_periph_APBy_ccg_spi1 (0x00000200 << 16)
+#define CYGNUS_periph_APBy_ccg_spi0 (0x00000100 << 16)
+#define CYGNUS_periph_APBy_ccg_uart4 (0x00000010 << 16)
+#define CYGNUS_periph_APBy_ccg_uart3 (0x00000008 << 16)
+#define CYGNUS_periph_APBy_ccg_uart2 (0x00000004 << 16)
+#define CYGNUS_periph_APBy_ccg_uart1 (0x00000002 << 16)
+#define CYGNUS_periph_APBy_ccg_uart0 (0x00000001 << 16)
+
+/*
+ * Sececure Peripherals (for parameter slave_vector in "tz_set_sec_periphs_security")
+ */
+#define CYGNUS_sec_periph_APBz_sotp 0x00000020
+#define CYGNUS_sec_periph_APBz_tzpc 0x00000010
+#define CYGNUS_sec_periph_APBz_ccg_wdog 0x00000008
+#define CYGNUS_sec_periph_APBz_ccs_rng 0x00000004
+#define CYGNUS_sec_periph_APBz_ccs_pka 0x00000002
+#define CYGNUS_sec_periph_APBz_ccs_gpio 0x00000001
+
+/*
+ * Cfg Slaves (for parameter slave_vector in "tz_set_cfg_slaves_security")
+ */
+#define CYGNUS_cfg_slv_APBr_mhost0 0x00004000
+#define CYGNUS_cfg_slv_APBr_dma_s1 0x00000200
+#define CYGNUS_cfg_slv_APBr_dma_s0 0x00000100
+#define CYGNUS_cfg_slv_APBr_acpal 0x00000040
+#define CYGNUS_cfg_slv_APBr_smau 0x00000020
+#define CYGNUS_cfg_slv_APBr_pcie1 0x00000008
+#define CYGNUS_cfg_slv_APBr_pcie0 0x00000004
+#define CYGNUS_cfg_slv_APBr_ddr 0x00000001
+
+#define CYGNUS_cfg_slv_APBs_sram (0x00004000 << 16)
+#define CYGNUS_cfg_slv_APBs_usb2d (0x00001000 << 16)
+#define CYGNUS_cfg_slv_APBs_amac1 (0x00000400 << 16)
+#define CYGNUS_cfg_slv_APBs_usb2h_apb2 (0x00000200 << 16)
+#define CYGNUS_cfg_slv_APBs_usb2h_apb1 (0x00000100 << 16)
+#define CYGNUS_cfg_slv_APBs_qspi (0x00000080 << 16)
+#define CYGNUS_cfg_slv_APBs_nand (0x00000040 << 16)
+#define CYGNUS_cfg_slv_APBs_nor (0x00000020 << 16)
+#define CYGNUS_cfg_slv_APBs_sdio1 (0x00000008 << 16)
+#define CYGNUS_cfg_slv_APBs_amac0 (0x00000004 << 16)
+#define CYGNUS_cfg_slv_APBs_sdio0 (0x00000002 << 16)
+
+/*
+ * Wrapper1 (for parameter wrapper1 in "tz_set_wrapper_security")
+ */
+#define CYGNUS_APB_W1_wrp_master_ihost_m0 0x00000001
+#define CYGNUS_APB_W1_wrp_master_pcie0_m0 0x00000002
+#define CYGNUS_APB_W1_wrp_master_pcie1_m0 0x00000004
+#define CYGNUS_APB_W1_wrp_master_cmicd_m0 0x00000008
+#define CYGNUS_APB_W1_wrp_master_mhost0_m0 0x00000010
+#define CYGNUS_APB_W1_wrp_master_mhost1_m0 0x00000020
+#define CYGNUS_APB_W1_wrp_slave_ihost_acp 0x00000040
+#define CYGNUS_APB_W1_wrp_slave_ihost_s0 0x00000080
+#define CYGNUS_APB_W1_wrp_slave_pcie0_s0 0x00000100
+#define CYGNUS_APB_W1_wrp_slave_pcie1_s0 0x00000200
+#define CYGNUS_APB_W1_wrp_slave_cmicd_s0 0x00000400
+#define CYGNUS_APB_W1_wrp_slave_smau_s0 0x00000800
+#define CYGNUS_APB_W1_wrp_slave_mhost0_s0 0x00001000
+#define CYGNUS_APB_W1_wrp_slave_mhost1_s0 0x00002000
+#define CYGNUS_APB_W1_wrp_slave_apbr 0x00004000
+#define CYGNUS_APB_W1_wrp_master_dma_m0 0x00008000
+
+/*
+ * Wrapper2 (for parameter wrapper2 in "tz_set_wrapper_security")
+ */
+#define CYGNUS_APB_W2_wrp_ds_ds_2 0x00000008
+#define CYGNUS_APB_W2_sdrom 0x00000004
+#define CYGNUS_APB_W2_wrp_ds_ds_1 0x00000002
+#define CYGNUS_APB_W2_wrp_ds_ds_0 0x00000001
+
+/*
+ * Wrapper3 (for parameter wrapper3 in "tz_set_wrapper_security")
+ */
+#define CYGNUS_APB_W3_wrp_master_amac_m1 0x00002000
+#define CYGNUS_APB_W3_wrp_ds_ds_3 0x00001000
+#define CYGNUS_APB_W3_wrp_slave_apbs 0x00000800
+#define CYGNUS_APB_W3_wrp_slave_sram_s0 0x00000400
+#define CYGNUS_APB_W3_wrp_master_sdio_m1 0x00000200
+#define CYGNUS_APB_W3_wrp_slave_a9jtag_s0 0x00000100
+#define CYGNUS_APB_W3_wrp_slave_crypto_s0 0x00000080
+#define CYGNUS_APB_W3_wrp_master_usb2h_m0 0x00000040
+#define CYGNUS_APB_W3_wrp_master_a9jtag_m0 0x00000020
+#define CYGNUS_APB_W3_wrp_master_ext_m1 0x00000010
+#define CYGNUS_APB_W3_wrp_master_sdio_m0 0x00000008
+#define CYGNUS_APB_W3_wrp_master_ext_m0 0x00000004
+#define CYGNUS_APB_W3_wrp_master_usb2d_m0 0x00000002
+#define CYGNUS_APB_W3_wrp_master_amac_m0 0x00000001
+
+/*
+ * Wrapper4 (for parameter wrapper4 in "tz_set_wrapper_security")
+ */
+#define CYGNUS_APB_W4_wrp_slave_ext_s1 0x00000040
+#define CYGNUS_APB_W4_wrp_slave_dmu_s0 0x00000020
+#define CYGNUS_APB_W4_wrp_slave_ext_s0 0x00000010
+#define CYGNUS_APB_W4_wrp_master_dmu_m0 0x00000008
+#define CYGNUS_APB_W4_wrp_slave_apbz 0x00000004
+#define CYGNUS_APB_W4_wrp_slave_apby 0x00000002
+#define CYGNUS_APB_W4_wrp_slave_apbx 0x00000001
+
+/*
+ * Ext Slaves (for parameter slave_vector in "tz_set_ext_slaves_security")
+ */
+#define CYGNUS_AXIIC_ext_s0_slave_0 0x00000001 /* LCD */
+#define CYGNUS_AXIIC_ext_s0_slave_1 0x00000002 /* Camera */
+#define CYGNUS_AXIIC_ext_s0_slave_2 0x00000004
+#define CYGNUS_AXIIC_ext_s0_slave_3 0x00000008 /* Smartcard */
+#define CYGNUS_AXIIC_ext_s0_slave_4 0x00000010 /* S-GPIO */
+#define CYGNUS_AXIIC_ext_s0_slave_5 0x00000020 /* GPIO */
+#define CYGNUS_AXIIC_ext_s0_slave_6 0x00000040 /* ADC_APB */
+#define CYGNUS_AXIIC_ext_s0_slave_7 0x00000080
+#define CYGNUS_AXIIC_ext_s0_slave_8 0x00000100 /* GFX_S0 */
+#define CYGNUS_AXIIC_ext_s0_slave_9 0x00000200 /* MIPI */
+#define CYGNUS_AXIIC_ext_s0_slave_10 0x00000400 /* ASIU_TOP */
+#define CYGNUS_AXIIC_ext_s0_slave_11 0x00000800 /* D1W */
+#define CYGNUS_AXIIC_ext_s0_slave_12 0x00001000 /* Keypad */
+#define CYGNUS_AXIIC_ext_s0_slave_13 0x00002000 /* Keypad */
+#define CYGNUS_AXIIC_ext_s0_slave_14 0x00004000 /* Audio */
+#define CYGNUS_AXIIC_ext_s0_slave_15 0x00008000
+
+#define CYGNUS_AXIIC_ext_s1_slave_0 (0x00000001 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_1 (0x00000002 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_2 (0x00000004 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_3 (0x00000008 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_4 (0x00000010 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_5 (0x00000020 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_6 (0x00000040 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_7 (0x00000080 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_8 (0x00000100 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_9 (0x00000200 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_10 (0x00000400 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_11 (0x00000800 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_12 (0x00001000 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_13 (0x00002000 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_14 (0x00004000 << 16)
+#define CYGNUS_AXIIC_ext_s1_slave_15 (0x00008000 << 16)
+
+void tz_set_masters_security(uint32_t masters, uint32_t ns_bit);
+void tz_set_wrapper_security(uint32_t wrapper1, uint32_t wrapper2,
+ uint32_t wrapper3, uint32_t wrapper4,
+ uint32_t ns_bit);
+void tz_set_cfg_slaves_security(uint32_t slave_vector, uint32_t ns_bit);
+void tz_set_sec_periphs_security(uint32_t slave_vector, uint32_t ns_bit);
+void tz_set_periph_security(uint32_t slave_vector, uint32_t ns_bit);
+void tz_set_non_virtual_slaves_security(uint32_t slave_vector, uint32_t ns_bit);
+void tz_set_sram_sec_region(uint32_t r0size);
+void tz_set_ext_slaves_security(uint32_t slave_vector, uint32_t ns_bit);
+
+#endif
diff --git a/src/soc/broadcom/cygnus/tz.c b/src/soc/broadcom/cygnus/tz.c
new file mode 100644
index 0000000..e35669b
--- /dev/null
+++ b/src/soc/broadcom/cygnus/tz.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright (C) 2015 Broadcom Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <arch/io.h>
+#include <soc/tz.h>
+
+#define TZPC_TZPCR0SIZE 0x18034000
+#define TZPC_TZPCR0SIZE_MASK 0x000003ff
+
+#define TZPC_TZPCDECPROT0SET 0x18034804
+#define TZPC_TZPCDECPROT0CLR 0x18034808
+#define TZPC_TZPCDECPROT1SET 0x18034810
+#define TZPC_TZPCDECPROT1CLR 0x18034814
+#define TZPC_TZPCDECPROT2SET 0x1803481c
+#define TZPC_TZPCDECPROT2CLR 0x18034820
+
+#define TZPCDECPROT0_MASK 0x000000FF
+#define TZPCDECPROT1_MASK 0x000000FF
+#define TZPCDECPROT2_MASK 0x000000FF
+
+#define AXIIC_Ihost_acp_security 0x1a000008
+#define AXIIC_PCIe0_s0_security 0x1a000010
+#define AXIIC_PCIe1_s0_security 0x1a000014
+#define AXIIC_APBY_s0_security 0x1a00002c
+#define AXIIC_APBZ_s0_security 0x1a000030
+#define AXIIC_APBX_s0_security 0x1a000034
+#define AXIIC_ihost_s0_security 0x1a000038
+#define AXIIC_A9jtag_s0_security 0x1a00003c
+#define AXIIC_APB_W1_security 0x1a000040
+#define AXIIC_APB_W2_security 0x1a000044
+#define AXIIC_APB_W3_security 0x1a000048
+#define AXIIC_APB_W4_security 0x1a00004c
+#define AXIIC_APBR_s0_security 0x1a00006c
+#define AXIIC_APBS_s0_security 0x1a000070
+#define AXIIC_CMICd_s0_security 0x1a000074
+#define AXIIC_mhost0_s0_security 0x1a000078
+#define AXIIC_mhost1_s0_security 0x1a00007c
+#define AXIIC_Crypto_s0_security 0x1a000080
+#define AXIIC_DMU_s0_security 0x1a000084
+#define AXIIC_ext_s0_security 0x1a000088
+#define AXIIC_ext_s1_security 0x1a00008c
+
+#define AXIIC_APBY_s0_security_MASK 0x00003f1f
+#define AXIIC_APBZ_s0_security_MASK 0x0000003f
+#define AXIIC_APBX_s0_security_MASK 0x0000cfff
+#define AXIIC_ext_s0_security_MASK 0xffffffff
+#define AXIIC_ext_s1_security_MASK 0xffffffff
+#define AXIIC_APBR_s0_security_MASK 0x0000436d
+#define AXIIC_APBS_s0_security_MASK 0x000057ee
+#define AXIIC_APB_W1_security_MASK 0x0000ffff
+#define AXIIC_APB_W2_security_MASK 0x0000000f
+#define AXIIC_APB_W3_security_MASK 0x00003fff
+#define AXIIC_APB_W4_security_MASK 0x0000007f
+
+/*
+ * Note: the order need to match corresponding definitions for
+ * non virtual slave slave_vector in tz.h
+ */
+static uint32_t non_virtual_slave_regs[] = {
+ AXIIC_Ihost_acp_security,
+ AXIIC_PCIe0_s0_security,
+ AXIIC_PCIe1_s0_security,
+ AXIIC_ihost_s0_security,
+ AXIIC_A9jtag_s0_security,
+ AXIIC_CMICd_s0_security,
+ AXIIC_mhost0_s0_security,
+ AXIIC_mhost1_s0_security,
+ AXIIC_Crypto_s0_security,
+ AXIIC_DMU_s0_security
+};
+
+/*
+ * Set master security.
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_masters_security(uint32_t masters, uint32_t ns_bit)
+{
+ uint32_t val;
+
+ /* Check any TZPCDECPROT0 is set and then write to TZPCDECPROT0 */
+ if (masters & TZPCDECPROT0_MASK) {
+ val = masters & TZPCDECPROT0_MASK;
+ if (ns_bit)
+ write32((void *)TZPC_TZPCDECPROT0SET, val);
+ else
+ write32((void *)TZPC_TZPCDECPROT0CLR, val);
+ }
+ /* Check any TZPCDECPROT1 is set and then write to TZPCDECPROT1 */
+ if ((masters >> 8) & TZPCDECPROT1_MASK) {
+ val = (masters >> 8) & TZPCDECPROT1_MASK;
+ if (ns_bit)
+ write32((void *)TZPC_TZPCDECPROT1SET, val);
+ else
+ write32((void *)TZPC_TZPCDECPROT1CLR, val);
+ }
+ /* Check any TZPCDECPROT2 is set and then write to TZPCDECPROT2 */
+ if ((masters >> 16) & TZPCDECPROT2_MASK) {
+ val = (masters >> 16) & TZPCDECPROT2_MASK;
+ if (ns_bit)
+ write32((void *)TZPC_TZPCDECPROT2SET, val);
+ else
+ write32((void *)TZPC_TZPCDECPROT2CLR, val);
+ }
+}
+
+/*
+ * Set non virtual slave security.
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_non_virtual_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
+{
+ uint32_t i;
+ uint32_t total = sizeof(non_virtual_slave_regs) /
+ sizeof(non_virtual_slave_regs[0]);
+ uint32_t mask = ~(0xffffffff << total);
+
+ ns_bit &= 0x1;
+ slave_vector = slave_vector & mask;
+ for (i = 0; i < total; i++) {
+ if (slave_vector & (0x1 << i))
+ write32((void *)(non_virtual_slave_regs[i]), ns_bit);
+ }
+}
+
+/*
+ * Set peripheral security.
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_periph_security(uint32_t slave_vector, uint32_t ns_bit)
+{
+ uint32_t val;
+ uint32_t mask_x = AXIIC_APBX_s0_security_MASK;
+ uint32_t mask_y = AXIIC_APBY_s0_security_MASK;
+ uint32_t tz_periphs_sec_status =
+ (mask_x & read32((void *)AXIIC_APBX_s0_security)) |
+ ((mask_y & read32((void *)AXIIC_APBY_s0_security)) << 16);
+
+ if (ns_bit == TZ_STATE_SECURE)
+ tz_periphs_sec_status &= ~slave_vector;
+ else
+ tz_periphs_sec_status |= slave_vector;
+
+ val = tz_periphs_sec_status & mask_x;
+ write32((void *)AXIIC_APBX_s0_security, val);
+
+ val = (tz_periphs_sec_status >> 16) & mask_y;
+ write32((void *)AXIIC_APBY_s0_security, val);
+}
+
+/*
+ * Set sec peripheral security.
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_sec_periphs_security(uint32_t slave_vector, uint32_t ns_bit)
+{
+ uint32_t val;
+ uint32_t mask = AXIIC_APBZ_s0_security_MASK;
+ uint32_t tz_sec_periphs_sec_status =
+ read32((void *)AXIIC_APBZ_s0_security);
+
+ if (ns_bit == TZ_STATE_SECURE)
+ tz_sec_periphs_sec_status &= ~slave_vector;
+ else
+ tz_sec_periphs_sec_status |= slave_vector;
+
+ val = tz_sec_periphs_sec_status & mask;
+ write32((void *)AXIIC_APBZ_s0_security, val);
+}
+
+/*
+ * Set external slave security.
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_ext_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
+{
+ uint32_t val;
+ uint32_t mask_s0 = AXIIC_ext_s0_security_MASK;
+ uint32_t mask_s1 = AXIIC_ext_s1_security_MASK;
+ uint32_t tz_ext_slaves_sec_status =
+ (mask_s0 & read32((void *)AXIIC_ext_s0_security)) |
+ ((mask_s1 & read32((void *)AXIIC_ext_s0_security)) << 16);
+
+ if (ns_bit == TZ_STATE_SECURE)
+ tz_ext_slaves_sec_status &= ~slave_vector;
+ else
+ tz_ext_slaves_sec_status |= slave_vector;
+
+ val = tz_ext_slaves_sec_status & mask_s0;
+ write32((void *)AXIIC_ext_s0_security, val);
+
+ val = (tz_ext_slaves_sec_status >> 16) & mask_s1;
+ write32((void *)AXIIC_ext_s1_security, val);
+}
+
+/*
+ * Set cfg slave security
+ * Use defines in tz.h for both parameters.
+ */
+void tz_set_cfg_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
+{
+ uint32_t val;
+ uint32_t mask_r = AXIIC_APBR_s0_security_MASK;
+ uint32_t mask_s = AXIIC_APBS_s0_security_MASK;
+ uint32_t tz_cfg_slaves_sec_status =
+ (mask_r & read32((void *)AXIIC_APBR_s0_security)) |
+ ((mask_s & read32((void *)AXIIC_APBS_s0_security)) << 16);
+
+ if (ns_bit == TZ_STATE_SECURE)
+ tz_cfg_slaves_sec_status &= ~slave_vector;
+ else
+ tz_cfg_slaves_sec_status |= slave_vector;
+
+ val = tz_cfg_slaves_sec_status & mask_r;
+ write32((void *)AXIIC_APBR_s0_security, val);
+
+ val = (tz_cfg_slaves_sec_status >> 16) & mask_s;
+ write32((void *)AXIIC_APBS_s0_security, val);
+}
+
+/*
+ * Set SRAM secure region
+ * parameter 'r0size' specify the secure RAM region in 4KB steps:
+ * 0x00000000 = no secure region
+ * 0x00000001 = 4KB secure region
+ * 0x00000002 = 8KB secure region
+ * .......
+ * 0x000001FF = 2044KB secure region.
+ * 0x00000200 or above sets the entire SRAM to secure regardless of size
+ */
+void tz_set_sram_sec_region(uint32_t r0size)
+{
+ uint32_t mask = TZPC_TZPCR0SIZE_MASK;
+
+ write32((void *)TZPC_TZPCR0SIZE, r0size & mask);
+}
+
+/*
+ * Set wrapper security
+ * Use defines in tz.h for all parameters.
+ */
+void tz_set_wrapper_security(uint32_t wrapper1, uint32_t wrapper2,
+ uint32_t wrapper3, uint32_t wrapper4,
+ uint32_t ns_bit)
+{
+ uint32_t mask_w4 = AXIIC_APB_W4_security_MASK;
+ uint32_t mask_w3 = AXIIC_APB_W3_security_MASK;
+ uint32_t mask_w2 = AXIIC_APB_W2_security_MASK;
+ uint32_t mask_w1 = AXIIC_APB_W1_security_MASK;
+ uint32_t tz_wrapper1_sec_status = read32((void *)AXIIC_APB_W1_security);
+ uint32_t tz_wrapper2_sec_status = read32((void *)AXIIC_APB_W2_security);
+ uint32_t tz_wrapper3_sec_status = read32((void *)AXIIC_APB_W3_security);
+ uint32_t tz_wrapper4_sec_status = read32((void *)AXIIC_APB_W4_security);
+
+ if (ns_bit == TZ_STATE_SECURE) {
+ tz_wrapper1_sec_status &= ~wrapper1;
+ tz_wrapper2_sec_status &= ~wrapper2;
+ tz_wrapper3_sec_status &= ~wrapper3;
+ tz_wrapper4_sec_status &= ~wrapper4;
+ } else {
+ tz_wrapper1_sec_status |= wrapper1;
+ tz_wrapper2_sec_status |= wrapper2;
+ tz_wrapper3_sec_status |= wrapper3;
+ tz_wrapper4_sec_status |= wrapper4;
+ }
+ write32((void *)AXIIC_APB_W1_security,
+ tz_wrapper1_sec_status & mask_w1);
+ write32((void *)AXIIC_APB_W2_security,
+ tz_wrapper2_sec_status & mask_w2);
+ write32((void *)AXIIC_APB_W3_security,
+ tz_wrapper3_sec_status & mask_w3);
+ write32((void *)AXIIC_APB_W4_security,
+ tz_wrapper4_sec_status & mask_w4);
+}
More information about the coreboot-gerrit
mailing list