1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright 2021 NXP 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu * 6*91f16700Schasinglulu */ 7*91f16700Schasinglulu 8*91f16700Schasinglulu #include <common/debug.h> 9*91f16700Schasinglulu 10*91f16700Schasinglulu #include <plat_tzc400.h> 11*91f16700Schasinglulu 12*91f16700Schasinglulu #pragma weak populate_tzc400_reg_list 13*91f16700Schasinglulu 14*91f16700Schasinglulu #ifdef DEFAULT_TZASC_CONFIG 15*91f16700Schasinglulu /* 16*91f16700Schasinglulu * Typical Memory map of DRAM0 17*91f16700Schasinglulu * |-----------NXP_NS_DRAM_ADDR ( = NXP_DRAM0_ADDR)----------| 18*91f16700Schasinglulu * | | 19*91f16700Schasinglulu * | | 20*91f16700Schasinglulu * | Non-SECURE REGION | 21*91f16700Schasinglulu * | | 22*91f16700Schasinglulu * | | 23*91f16700Schasinglulu * | | 24*91f16700Schasinglulu * |------- (NXP_NS_DRAM_ADDR + NXP_NS_DRAM_SIZE - 1) -------| 25*91f16700Schasinglulu * |-----------------NXP_SECURE_DRAM_ADDR--------------------| 26*91f16700Schasinglulu * | | 27*91f16700Schasinglulu * | | 28*91f16700Schasinglulu * | | 29*91f16700Schasinglulu * | SECURE REGION (= 64MB) | 30*91f16700Schasinglulu * | | 31*91f16700Schasinglulu * | | 32*91f16700Schasinglulu * | | 33*91f16700Schasinglulu * |--- (NXP_SECURE_DRAM_ADDR + NXP_SECURE_DRAM_SIZE - 1)----| 34*91f16700Schasinglulu * |-----------------NXP_SP_SHRD_DRAM_ADDR-------------------| 35*91f16700Schasinglulu * | | 36*91f16700Schasinglulu * | Secure EL1 Payload SHARED REGION (= 2MB) | 37*91f16700Schasinglulu * | | 38*91f16700Schasinglulu * |-----------(NXP_DRAM0_ADDR + NXP_DRAM0_SIZE - 1)---------| 39*91f16700Schasinglulu * 40*91f16700Schasinglulu * 41*91f16700Schasinglulu * 42*91f16700Schasinglulu * Typical Memory map of DRAM1 43*91f16700Schasinglulu * |---------------------NXP_DRAM1_ADDR----------------------| 44*91f16700Schasinglulu * | | 45*91f16700Schasinglulu * | | 46*91f16700Schasinglulu * | Non-SECURE REGION | 47*91f16700Schasinglulu * | | 48*91f16700Schasinglulu * | | 49*91f16700Schasinglulu * |---(NXP_DRAM1_ADDR + Dynamically calculated Size - 1) ---| 50*91f16700Schasinglulu * 51*91f16700Schasinglulu * 52*91f16700Schasinglulu * Typical Memory map of DRAM2 53*91f16700Schasinglulu * |---------------------NXP_DRAM2_ADDR----------------------| 54*91f16700Schasinglulu * | | 55*91f16700Schasinglulu * | | 56*91f16700Schasinglulu * | Non-SECURE REGION | 57*91f16700Schasinglulu * | | 58*91f16700Schasinglulu * | | 59*91f16700Schasinglulu * |---(NXP_DRAM2_ADDR + Dynamically calculated Size - 1) ---| 60*91f16700Schasinglulu */ 61*91f16700Schasinglulu 62*91f16700Schasinglulu /***************************************************************************** 63*91f16700Schasinglulu * This function sets up access permissions on memory regions 64*91f16700Schasinglulu * 65*91f16700Schasinglulu * Input: 66*91f16700Schasinglulu * tzc400_reg_list : TZC400 Region List 67*91f16700Schasinglulu * dram_idx : DRAM index 68*91f16700Schasinglulu * list_idx : TZC400 Region List Index 69*91f16700Schasinglulu * dram_start_addr : Start address of DRAM at dram_idx. 70*91f16700Schasinglulu * dram_size : Size of DRAM at dram_idx. 71*91f16700Schasinglulu * secure_dram_sz : Secure DRAM Size 72*91f16700Schasinglulu * shrd_dram_sz : Shared DRAM Size 73*91f16700Schasinglulu * 74*91f16700Schasinglulu * Out: 75*91f16700Schasinglulu * list_idx : last populated index + 1 76*91f16700Schasinglulu * 77*91f16700Schasinglulu ****************************************************************************/ 78*91f16700Schasinglulu int populate_tzc400_reg_list(struct tzc400_reg *tzc400_reg_list, 79*91f16700Schasinglulu int dram_idx, int list_idx, 80*91f16700Schasinglulu uint64_t dram_start_addr, 81*91f16700Schasinglulu uint64_t dram_size, 82*91f16700Schasinglulu uint32_t secure_dram_sz, 83*91f16700Schasinglulu uint32_t shrd_dram_sz) 84*91f16700Schasinglulu { 85*91f16700Schasinglulu if (list_idx == 0) { 86*91f16700Schasinglulu /* No need to configure TZC Region 0 in this list. 87*91f16700Schasinglulu */ 88*91f16700Schasinglulu list_idx++; 89*91f16700Schasinglulu } 90*91f16700Schasinglulu /* Continue with list entries for index > 0 */ 91*91f16700Schasinglulu if (dram_idx == 0) { 92*91f16700Schasinglulu /* TZC Region 1 on DRAM0 for Secure Memory*/ 93*91f16700Schasinglulu tzc400_reg_list[list_idx].reg_filter_en = 1; 94*91f16700Schasinglulu tzc400_reg_list[list_idx].start_addr = dram_start_addr + dram_size; 95*91f16700Schasinglulu tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size 96*91f16700Schasinglulu + secure_dram_sz - 1; 97*91f16700Schasinglulu tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR; 98*91f16700Schasinglulu tzc400_reg_list[list_idx].nsaid_permissions = TZC_REGION_NS_NONE; 99*91f16700Schasinglulu list_idx++; 100*91f16700Schasinglulu 101*91f16700Schasinglulu /* TZC Region 2 on DRAM0 for Shared Memory*/ 102*91f16700Schasinglulu tzc400_reg_list[list_idx].reg_filter_en = 1; 103*91f16700Schasinglulu tzc400_reg_list[list_idx].start_addr = dram_start_addr + dram_size 104*91f16700Schasinglulu + secure_dram_sz; 105*91f16700Schasinglulu tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size 106*91f16700Schasinglulu + secure_dram_sz 107*91f16700Schasinglulu + shrd_dram_sz 108*91f16700Schasinglulu - 1; 109*91f16700Schasinglulu tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR; 110*91f16700Schasinglulu tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID; 111*91f16700Schasinglulu list_idx++; 112*91f16700Schasinglulu 113*91f16700Schasinglulu /* TZC Region 3 on DRAM0 for Non-Secure Memory*/ 114*91f16700Schasinglulu tzc400_reg_list[list_idx].reg_filter_en = 1; 115*91f16700Schasinglulu tzc400_reg_list[list_idx].start_addr = dram_start_addr; 116*91f16700Schasinglulu tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size 117*91f16700Schasinglulu - 1; 118*91f16700Schasinglulu tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR; 119*91f16700Schasinglulu tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID; 120*91f16700Schasinglulu list_idx++; 121*91f16700Schasinglulu } else { 122*91f16700Schasinglulu /* TZC Region 3+i on DRAM(> 0) for Non-Secure Memory*/ 123*91f16700Schasinglulu tzc400_reg_list[list_idx].reg_filter_en = 1; 124*91f16700Schasinglulu tzc400_reg_list[list_idx].start_addr = dram_start_addr; 125*91f16700Schasinglulu tzc400_reg_list[list_idx].end_addr = dram_start_addr + dram_size 126*91f16700Schasinglulu - 1; 127*91f16700Schasinglulu tzc400_reg_list[list_idx].sec_attr = TZC_REGION_S_RDWR; 128*91f16700Schasinglulu tzc400_reg_list[list_idx].nsaid_permissions = TZC_NS_ACCESS_ID; 129*91f16700Schasinglulu list_idx++; 130*91f16700Schasinglulu } 131*91f16700Schasinglulu 132*91f16700Schasinglulu return list_idx; 133*91f16700Schasinglulu } 134*91f16700Schasinglulu #else 135*91f16700Schasinglulu int populate_tzc400_reg_list(struct tzc400_reg *tzc400_reg_list, 136*91f16700Schasinglulu int dram_idx, int list_idx, 137*91f16700Schasinglulu uint64_t dram_start_addr, 138*91f16700Schasinglulu uint64_t dram_size, 139*91f16700Schasinglulu uint32_t secure_dram_sz, 140*91f16700Schasinglulu uint32_t shrd_dram_sz) 141*91f16700Schasinglulu { 142*91f16700Schasinglulu ERROR("tzc400_reg_list used is not a default list\n"); 143*91f16700Schasinglulu ERROR("%s needs to be over-written.\n", __func__); 144*91f16700Schasinglulu return 0; 145*91f16700Schasinglulu } 146*91f16700Schasinglulu #endif /* DEFAULT_TZASC_CONFIG */ 147*91f16700Schasinglulu 148*91f16700Schasinglulu /******************************************************************************* 149*91f16700Schasinglulu * Configure memory access permissions 150*91f16700Schasinglulu * - Region 0 with no access; 151*91f16700Schasinglulu * - Region 1 to 4 as per the tzc400_reg_list populated by 152*91f16700Schasinglulu * function populate_tzc400_reg_list() with default for all the SoC. 153*91f16700Schasinglulu ******************************************************************************/ 154*91f16700Schasinglulu void mem_access_setup(uintptr_t base, uint32_t total_regions, 155*91f16700Schasinglulu struct tzc400_reg *tzc400_reg_list) 156*91f16700Schasinglulu { 157*91f16700Schasinglulu uint32_t list_indx = 0U; 158*91f16700Schasinglulu 159*91f16700Schasinglulu INFO("Configuring TrustZone Controller\n"); 160*91f16700Schasinglulu 161*91f16700Schasinglulu tzc400_init(base); 162*91f16700Schasinglulu 163*91f16700Schasinglulu /* Disable filters. */ 164*91f16700Schasinglulu tzc400_disable_filters(); 165*91f16700Schasinglulu 166*91f16700Schasinglulu /* Region 0 set to no access by default */ 167*91f16700Schasinglulu tzc400_configure_region0(TZC_REGION_S_NONE, 0U); 168*91f16700Schasinglulu 169*91f16700Schasinglulu for (list_indx = 1U; list_indx < total_regions; list_indx++) { 170*91f16700Schasinglulu tzc400_configure_region( 171*91f16700Schasinglulu tzc400_reg_list[list_indx].reg_filter_en, 172*91f16700Schasinglulu list_indx, 173*91f16700Schasinglulu tzc400_reg_list[list_indx].start_addr, 174*91f16700Schasinglulu tzc400_reg_list[list_indx].end_addr, 175*91f16700Schasinglulu tzc400_reg_list[list_indx].sec_attr, 176*91f16700Schasinglulu tzc400_reg_list[list_indx].nsaid_permissions); 177*91f16700Schasinglulu } 178*91f16700Schasinglulu 179*91f16700Schasinglulu /* 180*91f16700Schasinglulu * Raise an exception if a NS device tries to access secure memory 181*91f16700Schasinglulu * TODO: Add interrupt handling support. 182*91f16700Schasinglulu */ 183*91f16700Schasinglulu tzc400_set_action(TZC_ACTION_ERR); 184*91f16700Schasinglulu 185*91f16700Schasinglulu /* Enable filters. */ 186*91f16700Schasinglulu tzc400_enable_filters(); 187*91f16700Schasinglulu } 188