fsl-ch3/lowlevel: TZPC and TZASC programming to configure non-secure accesses

This patch ensures that the TZPC (BP147) and TZASC-400 programming
happens for LS2085A SoC only when the desired config flags are
enabled and ensures that the TZPC programming is done to allow Non-secure
(NS) + secure (S) transactions only for DCGF registers.

The TZASC component is not present on LS2085A-Rev1, so the TZASC-400
config flag is turned OFF for now.

Signed-off-by: Bhupesh Sharma <bhupesh.sharma@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
This commit is contained in:
Bhupesh Sharma 2015-01-06 13:11:21 -08:00 committed by York Sun
parent 38dac81b3d
commit 9c66ce662c
4 changed files with 108 additions and 0 deletions

View File

@ -42,6 +42,60 @@ ENTRY(lowlevel_init)
ldr x0, =secondary_boot_func
blr x0
2:
#ifdef CONFIG_FSL_TZPC_BP147
/* Set Non Secure access for all devices protected via TZPC */
ldr x1, =TZPCDECPROT_0_SET_BASE /* Decode Protection-0 Set Reg */
orr w0, w0, #1 << 3 /* DCFG_RESET is accessible from NS world */
str w0, [x1]
isb
dsb sy
#endif
#ifdef CONFIG_FSL_TZASC_400
/* Set TZASC so that:
* a. We use only Region0 whose global secure write/read is EN
* b. We use only Region0 whose NSAID write/read is EN
*
* NOTE: As per the CCSR map doc, TZASC 3 and TZASC 4 are just
* placeholders.
*/
ldr x1, =TZASC_GATE_KEEPER(0)
ldr x0, [x1] /* Filter 0 Gate Keeper Register */
orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */
str x0, [x1]
ldr x1, =TZASC_GATE_KEEPER(1)
ldr x0, [x1] /* Filter 0 Gate Keeper Register */
orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */
str x0, [x1]
ldr x1, =TZASC_REGION_ATTRIBUTES_0(0)
ldr x0, [x1] /* Region-0 Attributes Register */
orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */
orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */
str x0, [x1]
ldr x1, =TZASC_REGION_ATTRIBUTES_0(1)
ldr x0, [x1] /* Region-1 Attributes Register */
orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */
orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */
str x0, [x1]
ldr x1, =TZASC_REGION_ID_ACCESS_0(0)
ldr w0, [x1] /* Region-0 Access Register */
mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */
str w0, [x1]
ldr x1, =TZASC_REGION_ID_ACCESS_0(1)
ldr w0, [x1] /* Region-1 Attributes Register */
mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */
str w0, [x1]
isb
dsb sy
#endif
mov lr, x29 /* Restore LR */
ret
ENDPROC(lowlevel_init)

View File

@ -35,6 +35,34 @@
#define I2C3_BASE_ADDR (CONFIG_SYS_IMMR + 0x01020000)
#define I2C4_BASE_ADDR (CONFIG_SYS_IMMR + 0x01030000)
/* TZ Protection Controller Definitions */
#define TZPC_BASE 0x02200000
#define TZPCR0SIZE_BASE (TZPC_BASE)
#define TZPCDECPROT_0_STAT_BASE (TZPC_BASE + 0x800)
#define TZPCDECPROT_0_SET_BASE (TZPC_BASE + 0x804)
#define TZPCDECPROT_0_CLR_BASE (TZPC_BASE + 0x808)
#define TZPCDECPROT_1_STAT_BASE (TZPC_BASE + 0x80C)
#define TZPCDECPROT_1_SET_BASE (TZPC_BASE + 0x810)
#define TZPCDECPROT_1_CLR_BASE (TZPC_BASE + 0x814)
#define TZPCDECPROT_2_STAT_BASE (TZPC_BASE + 0x818)
#define TZPCDECPROT_2_SET_BASE (TZPC_BASE + 0x81C)
#define TZPCDECPROT_2_CLR_BASE (TZPC_BASE + 0x820)
/* TZ Address Space Controller Definitions */
#define TZASC1_BASE 0x01100000 /* as per CCSR map. */
#define TZASC2_BASE 0x01110000 /* as per CCSR map. */
#define TZASC3_BASE 0x01120000 /* as per CCSR map. */
#define TZASC4_BASE 0x01130000 /* as per CCSR map. */
#define TZASC_BUILD_CONFIG_REG(x) ((TZASC1_BASE + (x * 0x10000)))
#define TZASC_ACTION_REG(x) ((TZASC1_BASE + (x * 0x10000)) + 0x004)
#define TZASC_GATE_KEEPER(x) ((TZASC1_BASE + (x * 0x10000)) + 0x008)
#define TZASC_REGION_BASE_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x100)
#define TZASC_REGION_BASE_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x104)
#define TZASC_REGION_TOP_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x108)
#define TZASC_REGION_TOP_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x10C)
#define TZASC_REGION_ATTRIBUTES_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x110)
#define TZASC_REGION_ID_ACCESS_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x114)
/* Generic Interrupt Controller Definitions */
#define GICD_BASE 0x06000000
#define GICR_BASE 0x06100000

View File

@ -0,0 +1,25 @@
Freescale ARM64 SoCs like LS2085A have ARM TrustZone components like
TZPC-BP147 (TrustZone Protection Controller) and TZASC-400 (TrustZone
Address Space Controller).
While most of the configuration related programming of these peripherals
is left to a root-of-trust security software layer (running in EL3
privilege mode), but still some configurations of these peripherals
might be required while the bootloader is executing in EL3 privilege
mode. The following sections define how to turn on these features for
LS2085A like SoCs.
TZPC-BP147 (TrustZone Protection Controller)
============================================
- Depends on CONFIG_FSL_TZPC_BP147 configuration flag.
- Separates Secure World and Normal World on-chip RAM (OCRAM) spaces.
- Provides a programming model to set access control policy via the TZPC
TZDECPROT Registers.
TZASC-400 (TrustZone Address Space Controller)
==============================================
- Depends on CONFIG_FSL_TZASC_400 configuration flag.
- Separates Secure World and Normal World external memory spaces for bus masters
such as processors and DMA-equipped peripherals.
- Supports 8 fully programmable address regions, initially inactive at reset,
and one base region, always active, that covers the remaining address space.

View File

@ -13,6 +13,7 @@
#define CONFIG_FSL_LSCH3
#define CONFIG_LS2085A
#define CONFIG_GICV3
#define CONFIG_FSL_TZPC_BP147
/* Link Definitions */
#define CONFIG_SYS_TEXT_BASE 0x30001000