[mirror_edk2.git] / ArmPlatformPkg / ArmVExpressPkg / Library / ArmVExpressLibCTA9x4 / CTA9x4Sec.c

/** @file
*
*  Copyright (c) 2011, ARM Limited. All rights reserved.
*  
*  This program and the accompanying materials                          
*  are licensed and made available under the terms and conditions of the BSD License         
*  which accompanies this distribution.  The full text of the license may be found at        
*  http://opensource.org/licenses/bsd-license.php                                            
*
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
*
**/

#include <Library/ArmPlatformLib.h>
#include <Library/ArmTrustZoneLib.h>
#include <Library/ArmPlatformSysConfigLib.h>
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>

#include <Drivers/PL310L2Cache.h>

#include <ArmPlatform.h>

/**
  Initialize the Secure peripherals and memory regions

  If Trustzone is supported by your platform then this function makes the required initialization
  of the secure peripherals and memory regions.

**/
VOID
ArmPlatformTrustzoneInit (
  VOID
  )
{
  //
  // Setup TZ Protection Controller
  //

  if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
  } else {
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
  }

  // Set Non Secure access for all devices
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);

  // Remove Non secure access to secure devices
  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
       ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);

  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
       ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);

  //
  // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
  //

  // NOR Flash 0 non secure (BootMon)
  TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
      ARM_VE_SMB_NOR0_BASE,0,
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

  // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
#if EDK2_ARMVE_SECURE_SYSTEM
  //Note: Your OS Kernel must be aware of the secure regions before to enable this region
  TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
      ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
      TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
#else
  TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
      ARM_VE_SMB_NOR1_BASE,0,
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
#endif

  // Base of SRAM. Only half of SRAM in Non Secure world
  // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
#if EDK2_ARMVE_SECURE_SYSTEM
  //Note: Your OS Kernel must be aware of the secure regions before to enable this region
  TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
      ARM_VE_SMB_SRAM_BASE,0,
      TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
#else
  TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
      ARM_VE_SMB_SRAM_BASE,0,
      TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
#endif

  // Memory Mapped Peripherals. All in non secure world
  TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
      ARM_VE_SMB_PERIPH_BASE,0,
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

  // MotherBoard Peripherals and On-chip peripherals.
  TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
      ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
}

/**
  Initialize controllers that must setup at the early stage

  Some peripherals must be initialized in Secure World.
  For example, some L2x0 requires to be initialized in Secure World

**/
VOID
ArmPlatformSecInitialize (
  VOID
  ) {
  // The L2x0 controller must be intialize in Secure World
  L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
      PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
      PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
      0,~0, // Use default setting for the Auxiliary Control Register
      FALSE);

  // Initialize the System Configuration
  ArmPlatformSysConfigInitialize ();
}
Commit	Line	Data
bf276b45	1	/** @file
	2	*
	3	* Copyright (c) 2011, ARM Limited. All rights reserved.
	4	*
	5	* This program and the accompanying materials
	6	* are licensed and made available under the terms and conditions of the BSD License
	7	* which accompanies this distribution. The full text of the license may be found at
	8	* http://opensource.org/licenses/bsd-license.php
	9	*
	10	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	11	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
	12	*
	13	**/
	14
	15	#include <Library/ArmPlatformLib.h>
	16	#include <Library/ArmTrustZoneLib.h>
	17	#include <Library/ArmPlatformSysConfigLib.h>
	18	#include <Library/DebugLib.h>
	19	#include <Library/IoLib.h>
	20	#include <Library/PcdLib.h>
	21
	22	#include <Drivers/PL310L2Cache.h>
	23
5cc45b70	24	#include <ArmPlatform.h>
5cc45b70	25
bf276b45	26	/**
	27	Initialize the Secure peripherals and memory regions
	28
	29	If Trustzone is supported by your platform then this function makes the required initialization
	30	of the secure peripherals and memory regions.
	31
	32	**/
	33	VOID
	34	ArmPlatformTrustzoneInit (
	35	VOID
	36	)
	37	{
	38	//
	39	// Setup TZ Protection Controller
	40	//
	41
12c5ae23	42	if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
	43	ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
	44	} else {
	45	ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
	46	}
	47
bf276b45	48	// Set Non Secure access for all devices
	49	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
	50	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
	51	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);
	52
	53	// Remove Non secure access to secure devices
	54	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
	55	ARM_VE_DECPROT_BIT_TZPC \| ARM_VE_DECPROT_BIT_DMC_TZASC \| ARM_VE_DECPROT_BIT_NMC_TZASC \| ARM_VE_DECPROT_BIT_SMC_TZASC);
	56
	57	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
	58	ARM_VE_DECPROT_BIT_EXT_MAST_TZ \| ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);
	59
	60	//
	61	// Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
	62	//
	63
	64	// NOR Flash 0 non secure (BootMon)
	65	TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
	66	ARM_VE_SMB_NOR0_BASE,0,
	67	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	68
	69	// NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
	70	#if EDK2_ARMVE_SECURE_SYSTEM
	71	//Note: Your OS Kernel must be aware of the secure regions before to enable this region
	72	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
	73	ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
	74	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
	75	#else
	76	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
	77	ARM_VE_SMB_NOR1_BASE,0,
	78	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	79	#endif
	80
	81	// Base of SRAM. Only half of SRAM in Non Secure world
	82	// First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
	83	#if EDK2_ARMVE_SECURE_SYSTEM
	84	//Note: Your OS Kernel must be aware of the secure regions before to enable this region
	85	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
	86	ARM_VE_SMB_SRAM_BASE,0,
	87	TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
	88	#else
	89	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
	90	ARM_VE_SMB_SRAM_BASE,0,
	91	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
	92	#endif
	93
	94	// Memory Mapped Peripherals. All in non secure world
	95	TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
	96	ARM_VE_SMB_PERIPH_BASE,0,
	97	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	98
	99	// MotherBoard Peripherals and On-chip peripherals.
	100	TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
	101	ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
	102	TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
	103	}
	104
	105	/**
	106	Initialize controllers that must setup at the early stage
	107
	108	Some peripherals must be initialized in Secure World.
	109	For example, some L2x0 requires to be initialized in Secure World
	110
	111	**/
112	VOID
113	ArmPlatformSecInitialize (
114	VOID
115	) {
116	// The L2x0 controller must be intialize in Secure World
117	L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
118	PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
119	PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
120	0,~0, // Use default setting for the Auxiliary Control Register
121	FALSE);
122
123	// Initialize the System Configuration
124	ArmPlatformSysConfigInitialize ();
125	}