ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c

   1 /** @file
   2 *
   3 *  Copyright (c) 2011, ARM Limited. All rights reserved.
   4 *
   5 *  This program and the accompanying materials
   6 *  are licensed and made available under the terms and conditions of the BSD License
   7 *  which accompanies this distribution.  The full text of the license may be found at
   8 *  http://opensource.org/licenses/bsd-license.php
   9 *
  10 *  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  11 *  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  12 *
  13 **/
  14
  15 #include <Library/ArmPlatformLib.h>
  16 #include <Library/ArmTrustZoneLib.h>
  17 #include <Library/ArmPlatformSysConfigLib.h>
  18 #include <Library/DebugLib.h>
  19 #include <Library/IoLib.h>
  20 #include <Library/PcdLib.h>
  21
  22 #include <Drivers/PL310L2Cache.h>
  23
  24 /**
  25   Initialize the Secure peripherals and memory regions
  26
  27   If Trustzone is supported by your platform then this function makes the required initialization
  28   of the secure peripherals and memory regions.
  29
  30 **/
  31 VOID
  32 ArmPlatformTrustzoneInit (
  33   VOID
  34   )
  35 {
  36   //
  37   // Setup TZ Protection Controller
  38   //
  39
  40   // Set Non Secure access for all devices
  41   TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
  42   TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);
  43   TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);
  44
  45   // Remove Non secure access to secure devices
  46   TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,
  47        ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);
  48
  49   TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,
  50        ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);
  51
  52   //
  53   // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)
  54   //
  55
  56   // NOR Flash 0 non secure (BootMon)
  57   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
  58       ARM_VE_SMB_NOR0_BASE,0,
  59       TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
  60
  61   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
  62 #if EDK2_ARMVE_SECURE_SYSTEM
  63   //Note: Your OS Kernel must be aware of the secure regions before to enable this region
  64   TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
  65       ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
  66       TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
  67 #else
  68   TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
  69       ARM_VE_SMB_NOR1_BASE,0,
  70       TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
  71 #endif
  72
  73   // Base of SRAM. Only half of SRAM in Non Secure world
  74   // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM
  75 #if EDK2_ARMVE_SECURE_SYSTEM
  76   //Note: Your OS Kernel must be aware of the secure regions before to enable this region
  77   TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
  78       ARM_VE_SMB_SRAM_BASE,0,
  79       TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
  80 #else
  81   TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
  82       ARM_VE_SMB_SRAM_BASE,0,
  83       TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
  84 #endif
  85
  86   // Memory Mapped Peripherals. All in non secure world
  87   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
  88       ARM_VE_SMB_PERIPH_BASE,0,
  89       TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
  90
  91   // MotherBoard Peripherals and On-chip peripherals.
  92   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
  93       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
  94       TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
  95 }
  96
  97 /**
  98   Initialize controllers that must setup at the early stage
  99
 100   Some peripherals must be initialized in Secure World.
 101   For example, some L2x0 requires to be initialized in Secure World
 102
 103 **/
 104 VOID
 105 ArmPlatformSecInitialize (
 106   VOID
 107   ) {
 108   // The L2x0 controller must be intialize in Secure World
 109   L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),
 110       PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
 111       PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),
 112       0,~0, // Use default setting for the Auxiliary Control Register
 113       FALSE);
 114
 115   // Initialize the System Configuration
 116   ArmPlatformSysConfigInitialize ();
 117 }