[mirror_edk2.git] / ArmPlatformPkg / ArmVExpressPkg / Library / ArmVExpressLibCTA9x4 / CTA9x4Sec.c

/** @file
*
*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.
*  
*  This program and the accompanying materials                          
*  are licensed and made available under the terms and conditions of the BSD License         
*  which accompanies this distribution.  The full text of the license may be found at        
*  http://opensource.org/licenses/bsd-license.php                                            
*
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
*
**/

#include <Library/ArmPlatformLib.h>
#include <Library/ArmPlatformSysConfigLib.h>
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>

#include <Drivers/ArmTrustzone.h>
#include <Drivers/PL310L2Cache.h>

#include <ArmPlatform.h>

/**
  Initialize the Secure peripherals and memory regions

  If Trustzone is supported by your platform then this function makes the required initialization
  of the secure peripherals and memory regions.

**/
VOID
ArmPlatformTrustzoneInit (
  IN  UINTN                     MpId
  )
{
  // Nothing to do
  if (!IS_PRIMARY_CORE(MpId)) {
    return;
  }

  //
  // Setup TZ Protection Controller
  //

  if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
  } else {
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
  }

  // Set Non Secure access for all devices
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);

  // Remove Non secure access to secure devices
  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
       ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);

  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
       ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);

  //
  // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
  //

  // NOR Flash 0 non secure (BootMon)
  TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
      ARM_VE_SMB_NOR0_BASE,0,
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

  // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
  if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
    //Note: Your OS Kernel must be aware of the secure regions before to enable this region
    TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
        ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
  } else {
    TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
        ARM_VE_SMB_NOR1_BASE,0,
        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
  }

  // Base of SRAM. Only half of SRAM in Non Secure world
  // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
  if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
    //Note: Your OS Kernel must be aware of the secure regions before to enable this region
    TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
        ARM_VE_SMB_SRAM_BASE,0,
        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
  } else {
    TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
        ARM_VE_SMB_SRAM_BASE,0,
        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
  }

  // Memory Mapped Peripherals. All in non secure world
  TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
      ARM_VE_SMB_PERIPH_BASE,0,
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

  // MotherBoard Peripherals and On-chip peripherals.
  TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
      ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
}

/**
  Initialize controllers that must setup at the early stage

  Some peripherals must be initialized in Secure World.
  For example, some L2x0 requires to be initialized in Secure World

**/
VOID
ArmPlatformSecInitialize (
  VOID
  ) {
  // The L2x0 controller must be intialize in Secure World
  L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
      PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
      PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
      0,~0, // Use default setting for the Auxiliary Control Register
      FALSE);

  // Initialize the System Configuration
  ArmPlatformSysConfigInitialize ();
}
Commit	Line	Data
bf276b45	1	/** @file
bf276b45	2	*
65acd8e7	3	* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
bf276b45	4	*
	5	* This program and the accompanying materials
	6	* are licensed and made available under the terms and conditions of the BSD License
	7	* which accompanies this distribution. The full text of the license may be found at
	8	* http://opensource.org/licenses/bsd-license.php
	9	*
	10	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	11	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
	12	*
	13	**/
	14
	15	#include <Library/ArmPlatformLib.h>
bf276b45	16	#include <Library/ArmPlatformSysConfigLib.h>
	17	#include <Library/DebugLib.h>
	18	#include <Library/IoLib.h>
	19	#include <Library/PcdLib.h>
	20
65acd8e7	21	#include <Drivers/ArmTrustzone.h>
bf276b45	22	#include <Drivers/PL310L2Cache.h>
bf276b45	23
5cc45b70	24	#include <ArmPlatform.h>
5cc45b70	25
bf276b45	26	/**
	27	Initialize the Secure peripherals and memory regions
	28
	29	If Trustzone is supported by your platform then this function makes the required initialization
	30	of the secure peripherals and memory regions.
	31
	32	**/
	33	VOID
	34	ArmPlatformTrustzoneInit (
5e773144	35	IN UINTN MpId
bf276b45	36	)
bf276b45	37	{
5e773144	38	// Nothing to do
	39	if (!IS_PRIMARY_CORE(MpId)) {
	40	return;
	41	}
	42
bf276b45	43	//
	44	// Setup TZ Protection Controller
	45	//
	46
12c5ae23	47	if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
	48	ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
	49	} else {
	50	ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
	51	}
	52
bf276b45	53	// Set Non Secure access for all devices
	54	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
	55	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
	56	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);
	57
	58	// Remove Non secure access to secure devices
	59	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
	60	ARM_VE_DECPROT_BIT_TZPC \| ARM_VE_DECPROT_BIT_DMC_TZASC \| ARM_VE_DECPROT_BIT_NMC_TZASC \| ARM_VE_DECPROT_BIT_SMC_TZASC);
	61
	62	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
	63	ARM_VE_DECPROT_BIT_EXT_MAST_TZ \| ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);
	64
	65	//
	66	// Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
	67	//
	68
	69	// NOR Flash 0 non secure (BootMon)
	70	TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
	71	ARM_VE_SMB_NOR0_BASE,0,
	72	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	73
	74	// NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
d4bec9f9	75	if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
	76	//Note: Your OS Kernel must be aware of the secure regions before to enable this region
	77	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
	78	ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
	79	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
	80	} else {
	81	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
	82	ARM_VE_SMB_NOR1_BASE,0,
	83	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	84	}
bf276b45	85
	86	// Base of SRAM. Only half of SRAM in Non Secure world
	87	// First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
d4bec9f9	88	if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
	89	//Note: Your OS Kernel must be aware of the secure regions before to enable this region
	90	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
	91	ARM_VE_SMB_SRAM_BASE,0,
	92	TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
	93	} else {
	94	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
	95	ARM_VE_SMB_SRAM_BASE,0,
	96	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
	97	}
bf276b45	98
	99	// Memory Mapped Peripherals. All in non secure world
	100	TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
	101	ARM_VE_SMB_PERIPH_BASE,0,
	102	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
	103
	104	// MotherBoard Peripherals and On-chip peripherals.
	105	TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
	106	ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
	107	TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
	108	}
	109
	110	/**
	111	Initialize controllers that must setup at the early stage
	112
	113	Some peripherals must be initialized in Secure World.
	114	For example, some L2x0 requires to be initialized in Secure World
	115
	116	**/
	117	VOID
	118	ArmPlatformSecInitialize (
	119	VOID
	120	) {
	121	// The L2x0 controller must be intialize in Secure World
	122	L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
	123	PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
	124	PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
	125	0,~0, // Use default setting for the Auxiliary Control Register
	126	FALSE);
	127
	128	// Initialize the System Configuration
	129	ArmPlatformSysConfigInitialize ();
	130	}