]>
Commit | Line | Data |
---|---|---|
bf276b45 | 1 | /** @file |
2 | * | |
65acd8e7 | 3 | * Copyright (c) 2011-2012, ARM Limited. All rights reserved. |
bf276b45 | 4 | * |
5 | * This program and the accompanying materials | |
6 | * are licensed and made available under the terms and conditions of the BSD License | |
7 | * which accompanies this distribution. The full text of the license may be found at | |
8 | * http://opensource.org/licenses/bsd-license.php | |
9 | * | |
10 | * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
11 | * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
12 | * | |
13 | **/ | |
14 | ||
15 | #include <Library/ArmPlatformLib.h> | |
bf276b45 | 16 | #include <Library/ArmPlatformSysConfigLib.h> |
17 | #include <Library/DebugLib.h> | |
18 | #include <Library/IoLib.h> | |
19 | #include <Library/PcdLib.h> | |
20 | ||
65acd8e7 | 21 | #include <Drivers/ArmTrustzone.h> |
bf276b45 | 22 | #include <Drivers/PL310L2Cache.h> |
23 | ||
5cc45b70 | 24 | #include <ArmPlatform.h> |
25 | ||
bf276b45 | 26 | /** |
27 | Initialize the Secure peripherals and memory regions | |
28 | ||
29 | If Trustzone is supported by your platform then this function makes the required initialization | |
30 | of the secure peripherals and memory regions. | |
31 | ||
32 | **/ | |
33 | VOID | |
34 | ArmPlatformTrustzoneInit ( | |
5e773144 | 35 | IN UINTN MpId |
bf276b45 | 36 | ) |
37 | { | |
5e773144 | 38 | // Nothing to do |
39 | if (!IS_PRIMARY_CORE(MpId)) { | |
40 | return; | |
41 | } | |
42 | ||
bf276b45 | 43 | // |
44 | // Setup TZ Protection Controller | |
45 | // | |
46 | ||
12c5ae23 | 47 | if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) { |
48 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE); | |
49 | } else { | |
50 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE); | |
51 | } | |
52 | ||
bf276b45 | 53 | // Set Non Secure access for all devices |
54 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF); | |
55 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF); | |
56 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF); | |
57 | ||
58 | // Remove Non secure access to secure devices | |
59 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, | |
60 | ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC); | |
61 | ||
62 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, | |
63 | ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK); | |
64 | ||
65 | // | |
66 | // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions) | |
67 | // | |
68 | ||
69 | // NOR Flash 0 non secure (BootMon) | |
70 | TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, | |
71 | ARM_VE_SMB_NOR0_BASE,0, | |
72 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
73 | ||
74 | // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) | |
d4bec9f9 | 75 | if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { |
76 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region | |
77 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, | |
78 | ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, | |
79 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); | |
80 | } else { | |
81 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, | |
82 | ARM_VE_SMB_NOR1_BASE,0, | |
83 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
84 | } | |
bf276b45 | 85 | |
86 | // Base of SRAM. Only half of SRAM in Non Secure world | |
87 | // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM | |
d4bec9f9 | 88 | if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { |
89 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region | |
90 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, | |
91 | ARM_VE_SMB_SRAM_BASE,0, | |
92 | TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); | |
93 | } else { | |
94 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, | |
95 | ARM_VE_SMB_SRAM_BASE,0, | |
96 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); | |
97 | } | |
bf276b45 | 98 | |
99 | // Memory Mapped Peripherals. All in non secure world | |
100 | TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, | |
101 | ARM_VE_SMB_PERIPH_BASE,0, | |
102 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); | |
103 | ||
104 | // MotherBoard Peripherals and On-chip peripherals. | |
105 | TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, | |
106 | ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, | |
107 | TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); | |
108 | } | |
109 | ||
110 | /** | |
111 | Initialize controllers that must setup at the early stage | |
112 | ||
113 | Some peripherals must be initialized in Secure World. | |
114 | For example, some L2x0 requires to be initialized in Secure World | |
115 | ||
116 | **/ | |
117 | VOID | |
118 | ArmPlatformSecInitialize ( | |
119 | VOID | |
120 | ) { | |
121 | // The L2x0 controller must be intialize in Secure World | |
122 | L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase), | |
123 | PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), | |
124 | PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), | |
125 | 0,~0, // Use default setting for the Auxiliary Control Register | |
126 | FALSE); | |
127 | ||
128 | // Initialize the System Configuration | |
129 | ArmPlatformSysConfigInitialize (); | |
130 | } |