]>
Commit | Line | Data |
---|---|---|
bf276b45 | 1 | /** @file |
2 | * | |
3 | * Copyright (c) 2011, ARM Limited. All rights reserved. | |
4 | * | |
5 | * This program and the accompanying materials | |
6 | * are licensed and made available under the terms and conditions of the BSD License | |
7 | * which accompanies this distribution. The full text of the license may be found at | |
8 | * http://opensource.org/licenses/bsd-license.php | |
9 | * | |
10 | * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
11 | * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
12 | * | |
13 | **/ | |
14 | ||
15 | #include <Library/ArmPlatformLib.h> | |
16 | #include <Library/ArmTrustZoneLib.h> | |
17 | #include <Library/ArmPlatformSysConfigLib.h> | |
18 | #include <Library/DebugLib.h> | |
19 | #include <Library/IoLib.h> | |
20 | #include <Library/PcdLib.h> | |
21 | ||
22 | #include <Drivers/PL310L2Cache.h> | |
23 | ||
5cc45b70 | 24 | #include <ArmPlatform.h> |
25 | ||
bf276b45 | 26 | /** |
27 | Initialize the Secure peripherals and memory regions | |
28 | ||
29 | If Trustzone is supported by your platform then this function makes the required initialization | |
30 | of the secure peripherals and memory regions. | |
31 | ||
32 | **/ | |
33 | VOID | |
34 | ArmPlatformTrustzoneInit ( | |
35 | VOID | |
36 | ) | |
37 | { | |
38 | // | |
39 | // Setup TZ Protection Controller | |
40 | // | |
41 | ||
12c5ae23 | 42 | if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) { |
43 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE); | |
44 | } else { | |
45 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE); | |
46 | } | |
47 | ||
bf276b45 | 48 | // Set Non Secure access for all devices |
49 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF); | |
50 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF); | |
51 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF); | |
52 | ||
53 | // Remove Non secure access to secure devices | |
54 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, | |
55 | ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC); | |
56 | ||
57 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, | |
58 | ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK); | |
59 | ||
60 | // | |
61 | // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions) | |
62 | // | |
63 | ||
64 | // NOR Flash 0 non secure (BootMon) | |
65 | TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, | |
66 | ARM_VE_SMB_NOR0_BASE,0, | |
67 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
68 | ||
69 | // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) | |
70 | #if EDK2_ARMVE_SECURE_SYSTEM | |
71 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region | |
72 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, | |
73 | ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, | |
74 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); | |
75 | #else | |
76 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, | |
77 | ARM_VE_SMB_NOR1_BASE,0, | |
78 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
79 | #endif | |
80 | ||
81 | // Base of SRAM. Only half of SRAM in Non Secure world | |
82 | // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM | |
83 | #if EDK2_ARMVE_SECURE_SYSTEM | |
84 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region | |
85 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, | |
86 | ARM_VE_SMB_SRAM_BASE,0, | |
87 | TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); | |
88 | #else | |
89 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, | |
90 | ARM_VE_SMB_SRAM_BASE,0, | |
91 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); | |
92 | #endif | |
93 | ||
94 | // Memory Mapped Peripherals. All in non secure world | |
95 | TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, | |
96 | ARM_VE_SMB_PERIPH_BASE,0, | |
97 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
98 | ||
99 | // MotherBoard Peripherals and On-chip peripherals. | |
100 | TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, | |
101 | ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, | |
102 | TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); | |
103 | } | |
104 | ||
105 | /** | |
106 | Initialize controllers that must setup at the early stage | |
107 | ||
108 | Some peripherals must be initialized in Secure World. | |
109 | For example, some L2x0 requires to be initialized in Secure World | |
110 | ||
111 | **/ | |
112 | VOID | |
113 | ArmPlatformSecInitialize ( | |
114 | VOID | |
115 | ) { | |
116 | // The L2x0 controller must be intialize in Secure World | |
117 | L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase), | |
118 | PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), | |
119 | PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), | |
120 | 0,~0, // Use default setting for the Auxiliary Control Register | |
121 | FALSE); | |
122 | ||
123 | // Initialize the System Configuration | |
124 | ArmPlatformSysConfigInitialize (); | |
125 | } |