]>
Commit | Line | Data |
---|---|---|
1e57a462 | 1 | /** @file\r |
2 | *\r | |
3 | * Copyright (c) 2011-2012, ARM Limited. All rights reserved.\r | |
4 | * \r | |
5 | * This program and the accompanying materials \r | |
6 | * are licensed and made available under the terms and conditions of the BSD License \r | |
7 | * which accompanies this distribution. The full text of the license may be found at \r | |
8 | * http://opensource.org/licenses/bsd-license.php \r | |
9 | *\r | |
10 | * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
11 | * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r | |
12 | *\r | |
13 | **/\r | |
14 | \r | |
15 | #include <Library/ArmPlatformLib.h>\r | |
16 | #include <Library/ArmPlatformSysConfigLib.h>\r | |
17 | #include <Library/DebugLib.h>\r | |
18 | #include <Library/IoLib.h>\r | |
19 | #include <Library/PcdLib.h>\r | |
20 | \r | |
21 | #include <Drivers/ArmTrustzone.h>\r | |
22 | #include <Drivers/PL310L2Cache.h>\r | |
23 | \r | |
24 | #include <ArmPlatform.h>\r | |
25 | \r | |
26 | /**\r | |
27 | Initialize the Secure peripherals and memory regions\r | |
28 | \r | |
29 | If Trustzone is supported by your platform then this function makes the required initialization\r | |
30 | of the secure peripherals and memory regions.\r | |
31 | \r | |
32 | **/\r | |
33 | VOID\r | |
34 | ArmPlatformSecTrustzoneInit (\r | |
35 | IN UINTN MpId\r | |
36 | )\r | |
37 | {\r | |
38 | // Nothing to do\r | |
39 | if (!IS_PRIMARY_CORE(MpId)) {\r | |
40 | return;\r | |
41 | }\r | |
42 | \r | |
43 | //\r | |
44 | // Setup TZ Protection Controller\r | |
45 | //\r | |
46 | \r | |
47 | if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {\r | |
48 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);\r | |
49 | } else {\r | |
50 | ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);\r | |
51 | }\r | |
52 | \r | |
53 | // Set Non Secure access for all devices\r | |
54 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);\r | |
55 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);\r | |
56 | TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);\r | |
57 | \r | |
58 | // Remove Non secure access to secure devices\r | |
59 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,\r | |
60 | ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);\r | |
61 | \r | |
62 | TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,\r | |
63 | ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);\r | |
64 | \r | |
65 | //\r | |
66 | // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)\r | |
67 | //\r | |
68 | \r | |
69 | // NOR Flash 0 non secure (BootMon)\r | |
70 | TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,\r | |
71 | ARM_VE_SMB_NOR0_BASE,0,\r | |
72 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r | |
73 | \r | |
74 | // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)\r | |
75 | if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r | |
76 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r | |
77 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r | |
78 | ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,\r | |
79 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r | |
80 | } else {\r | |
81 | TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r | |
82 | ARM_VE_SMB_NOR1_BASE,0,\r | |
83 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r | |
84 | }\r | |
85 | \r | |
86 | // Base of SRAM. Only half of SRAM in Non Secure world\r | |
87 | // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM\r | |
88 | if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r | |
89 | //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r | |
90 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r | |
91 | ARM_VE_SMB_SRAM_BASE,0,\r | |
92 | TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);\r | |
93 | } else {\r | |
94 | TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r | |
95 | ARM_VE_SMB_SRAM_BASE,0,\r | |
96 | TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r | |
97 | }\r | |
98 | \r | |
99 | // Memory Mapped Peripherals. All in non secure world\r | |
100 | TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,\r | |
101 | ARM_VE_SMB_PERIPH_BASE,0,\r | |
102 | TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r | |
103 | \r | |
104 | // MotherBoard Peripherals and On-chip peripherals.\r | |
105 | TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,\r | |
106 | ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,\r | |
107 | TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);\r | |
108 | }\r | |
109 | \r | |
110 | /**\r | |
111 | Initialize controllers that must setup at the early stage\r | |
112 | \r | |
113 | Some peripherals must be initialized in Secure World.\r | |
114 | For example, some L2x0 requires to be initialized in Secure World\r | |
115 | \r | |
116 | **/\r | |
117 | RETURN_STATUS\r | |
118 | ArmPlatformSecInitialize (\r | |
119 | IN UINTN MpId\r | |
120 | )\r | |
121 | {\r | |
122 | // If it is not the primary core then there is nothing to do\r | |
123 | if (!IS_PRIMARY_CORE(MpId)) {\r | |
124 | return RETURN_SUCCESS;\r | |
125 | }\r | |
126 | \r | |
127 | // The L2x0 controller must be intialize in Secure World\r | |
128 | L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),\r | |
129 | PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r | |
130 | PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r | |
131 | 0,~0, // Use default setting for the Auxiliary Control Register\r | |
132 | FALSE);\r | |
133 | \r | |
134 | // Initialize the System Configuration\r | |
135 | ArmPlatformSysConfigInitialize ();\r | |
136 | \r | |
137 | // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.\r | |
138 | // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM\r | |
139 | if ((FeaturePcdGet (PcdSystemMemoryInitializeInSec)) || (FeaturePcdGet (PcdStandalone) == FALSE)) {\r | |
140 | // If it is not a standalone build ensure the PcdSystemMemoryInitializeInSec has been set\r | |
141 | ASSERT(FeaturePcdGet (PcdSystemMemoryInitializeInSec) == TRUE);\r | |
142 | \r | |
143 | // Initialize system memory (DRAM)\r | |
144 | ArmPlatformInitializeSystemMemory ();\r | |
145 | }\r | |
146 | \r | |
147 | return RETURN_SUCCESS;\r | |
148 | }\r |