[mirror_edk2.git] / ArmPlatformPkg / ArmVExpressPkg / Library / ArmVExpressSecLibCTA9x4 / CTA9x4Sec.c

/** @file\r
*\r
*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.\r
*  \r
*  This program and the accompanying materials                          \r
*  are licensed and made available under the terms and conditions of the BSD License         \r
*  which accompanies this distribution.  The full text of the license may be found at        \r
*  http://opensource.org/licenses/bsd-license.php                                            \r
*\r
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     \r
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             \r
*\r
**/\r
\r
#include <Library/ArmPlatformLib.h>\r
#include <Library/ArmPlatformSysConfigLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/IoLib.h>\r
#include <Library/PcdLib.h>\r
\r
#include <Drivers/ArmTrustzone.h>\r
#include <Drivers/PL310L2Cache.h>\r
\r
#include <ArmPlatform.h>\r
\r
/**\r
  Initialize the Secure peripherals and memory regions\r
\r
  If Trustzone is supported by your platform then this function makes the required initialization\r
  of the secure peripherals and memory regions.\r
\r
**/\r
VOID\r
ArmPlatformSecTrustzoneInit (\r
  IN  UINTN                     MpId\r
  )\r
{\r
  // Nothing to do\r
  if (!IS_PRIMARY_CORE(MpId)) {\r
    return;\r
  }\r
\r
  //\r
  // Setup TZ Protection Controller\r
  //\r
\r
  if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {\r
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);\r
  } else {\r
    ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);\r
  }\r
\r
  // Set Non Secure access for all devices\r
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);\r
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);\r
  TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);\r
\r
  // Remove Non secure access to secure devices\r
  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,\r
       ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);\r
\r
  TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,\r
       ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);\r
\r
  //\r
  // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)\r
  //\r
\r
  // NOR Flash 0 non secure (BootMon)\r
  TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,\r
      ARM_VE_SMB_NOR0_BASE,0,\r
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
\r
  // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)\r
  if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
    //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
    TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
        ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,\r
        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r
  } else {\r
    TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
        ARM_VE_SMB_NOR1_BASE,0,\r
        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
  }\r
\r
  // Base of SRAM. Only half of SRAM in Non Secure world\r
  // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM\r
  if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
    //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
    TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
        ARM_VE_SMB_SRAM_BASE,0,\r
        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);\r
  } else {\r
    TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
        ARM_VE_SMB_SRAM_BASE,0,\r
        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r
  }\r
\r
  // Memory Mapped Peripherals. All in non secure world\r
  TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,\r
      ARM_VE_SMB_PERIPH_BASE,0,\r
      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
\r
  // MotherBoard Peripherals and On-chip peripherals.\r
  TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,\r
      ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,\r
      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);\r
}\r
\r
/**\r
  Initialize controllers that must setup at the early stage\r
\r
  Some peripherals must be initialized in Secure World.\r
  For example, some L2x0 requires to be initialized in Secure World\r
\r
**/\r
RETURN_STATUS\r
ArmPlatformSecInitialize (\r
  IN  UINTN                     MpId\r
  )\r
{\r
  // If it is not the primary core then there is nothing to do\r
  if (!IS_PRIMARY_CORE(MpId)) {\r
    return RETURN_SUCCESS;\r
  }\r
\r
  // The L2x0 controller must be intialize in Secure World\r
  L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),\r
      PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
      PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
      0,~0, // Use default setting for the Auxiliary Control Register\r
      FALSE);\r
\r
  // Initialize the System Configuration\r
  ArmPlatformSysConfigInitialize ();\r
\r
  // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.\r
  // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM\r
  if ((FeaturePcdGet (PcdSystemMemoryInitializeInSec)) || (FeaturePcdGet (PcdStandalone) == FALSE)) {\r
    // If it is not a standalone build ensure the PcdSystemMemoryInitializeInSec has been set\r
    ASSERT(FeaturePcdGet (PcdSystemMemoryInitializeInSec) == TRUE);\r
\r
    // Initialize system memory (DRAM)\r
    ArmPlatformInitializeSystemMemory ();\r
  }\r
\r
  return RETURN_SUCCESS;\r
}\r
Commit	Line	Data
1e57a462	1	/** @file\r
	2	*\r
	3	* Copyright (c) 2011-2012, ARM Limited. All rights reserved.\r
	4	* \r
	5	* This program and the accompanying materials \r
	6	* are licensed and made available under the terms and conditions of the BSD License \r
	7	* which accompanies this distribution. The full text of the license may be found at \r
	8	* http://opensource.org/licenses/bsd-license.php \r
	9	*\r
	10	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
	12	*\r
	13	**/\r
	14	\r
	15	#include <Library/ArmPlatformLib.h>\r
	16	#include <Library/ArmPlatformSysConfigLib.h>\r
	17	#include <Library/DebugLib.h>\r
	18	#include <Library/IoLib.h>\r
	19	#include <Library/PcdLib.h>\r
	20	\r
	21	#include <Drivers/ArmTrustzone.h>\r
	22	#include <Drivers/PL310L2Cache.h>\r
	23	\r
	24	#include <ArmPlatform.h>\r
	25	\r
	26	/**\r
	27	Initialize the Secure peripherals and memory regions\r
	28	\r
	29	If Trustzone is supported by your platform then this function makes the required initialization\r
	30	of the secure peripherals and memory regions.\r
	31	\r
	32	**/\r
	33	VOID\r
	34	ArmPlatformSecTrustzoneInit (\r
	35	IN UINTN MpId\r
	36	)\r
	37	{\r
	38	// Nothing to do\r
	39	if (!IS_PRIMARY_CORE(MpId)) {\r
	40	return;\r
	41	}\r
	42	\r
	43	//\r
	44	// Setup TZ Protection Controller\r
	45	//\r
	46	\r
	47	if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {\r
	48	ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);\r
	49	} else {\r
	50	ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);\r
	51	}\r
	52	\r
	53	// Set Non Secure access for all devices\r
	54	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);\r
	55	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);\r
	56	TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);\r
	57	\r
	58	// Remove Non secure access to secure devices\r
	59	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,\r
	60	ARM_VE_DECPROT_BIT_TZPC \| ARM_VE_DECPROT_BIT_DMC_TZASC \| ARM_VE_DECPROT_BIT_NMC_TZASC \| ARM_VE_DECPROT_BIT_SMC_TZASC);\r
	61	\r
	62	TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,\r
	63	ARM_VE_DECPROT_BIT_EXT_MAST_TZ \| ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK \| ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);\r
	64	\r
65	//\r
66	// Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)\r
67	//\r
68	\r
69	// NOR Flash 0 non secure (BootMon)\r
70	TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,\r
71	ARM_VE_SMB_NOR0_BASE,0,\r
72	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
73	\r
74	// NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)\r
75	if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
76	//Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
77	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
78	ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,\r
79	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r
80	} else {\r
81	TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
82	ARM_VE_SMB_NOR1_BASE,0,\r
83	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
84	}\r
85	\r
86	// Base of SRAM. Only half of SRAM in Non Secure world\r
87	// First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM\r
88	if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
89	//Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
90	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
91	ARM_VE_SMB_SRAM_BASE,0,\r
92	TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);\r
93	} else {\r
94	TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
95	ARM_VE_SMB_SRAM_BASE,0,\r
96	TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);\r
97	}\r
98	\r
99	// Memory Mapped Peripherals. All in non secure world\r
100	TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,\r
101	ARM_VE_SMB_PERIPH_BASE,0,\r
102	TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);\r
103	\r
104	// MotherBoard Peripherals and On-chip peripherals.\r
105	TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,\r
106	ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,\r
107	TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);\r
108	}\r
109	\r
110	/**\r
111	Initialize controllers that must setup at the early stage\r
112	\r
113	Some peripherals must be initialized in Secure World.\r
114	For example, some L2x0 requires to be initialized in Secure World\r
115	\r
116	**/\r
117	RETURN_STATUS\r
118	ArmPlatformSecInitialize (\r
119	IN UINTN MpId\r
120	)\r
121	{\r
122	// If it is not the primary core then there is nothing to do\r
123	if (!IS_PRIMARY_CORE(MpId)) {\r
124	return RETURN_SUCCESS;\r
125	}\r
126	\r
127	// The L2x0 controller must be intialize in Secure World\r
128	L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),\r
129	PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
130	PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
131	0,~0, // Use default setting for the Auxiliary Control Register\r
132	FALSE);\r
133	\r
134	// Initialize the System Configuration\r
135	ArmPlatformSysConfigInitialize ();\r
136	\r
137	// If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.\r
138	// If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM\r
139	if ((FeaturePcdGet (PcdSystemMemoryInitializeInSec)) \|\| (FeaturePcdGet (PcdStandalone) == FALSE)) {\r
140	// If it is not a standalone build ensure the PcdSystemMemoryInitializeInSec has been set\r
141	ASSERT(FeaturePcdGet (PcdSystemMemoryInitializeInSec) == TRUE);\r
142	\r
143	// Initialize system memory (DRAM)\r
144	ArmPlatformInitializeSystemMemory ();\r
145	}\r
146	\r
147	return RETURN_SUCCESS;\r
148	}\r