-/** @file\r
-*\r
-* Copyright (c) 2011-2013, ARM Limited. All rights reserved.\r
-*\r
-* This program and the accompanying materials\r
-* are licensed and made available under the terms and conditions of the BSD License\r
-* which accompanies this distribution. The full text of the license may be found at\r
-* http://opensource.org/licenses/bsd-license.php\r
-*\r
-* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-*\r
-**/\r
-\r
-#include <Library/ArmPlatformLib.h>\r
-#include <Library/ArmPlatformSysConfigLib.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/IoLib.h>\r
-#include <Library/PcdLib.h>\r
-#include <Library/SerialPortLib.h>\r
-\r
-#include <Drivers/ArmTrustzone.h>\r
-#include <Drivers/PL310L2Cache.h>\r
-\r
-#include <ArmPlatform.h>\r
-\r
-#define SerialPrint(txt) SerialPortWrite ((UINT8*)(txt), AsciiStrLen(txt)+1)\r
-\r
-/**\r
- Initialize the Secure peripherals and memory regions\r
-\r
- If Trustzone is supported by your platform then this function makes the required initialization\r
- of the secure peripherals and memory regions.\r
-\r
-**/\r
-VOID\r
-ArmPlatformSecTrustzoneInit (\r
- IN UINTN MpId\r
- )\r
-{\r
- // Nothing to do\r
- if (!ArmPlatformIsPrimaryCore (MpId)) {\r
- return;\r
- }\r
-\r
- //\r
- // Setup TZ Protection Controller\r
- //\r
-\r
- if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {\r
- ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);\r
- } else {\r
- ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);\r
- }\r
-\r
- // Set Non Secure access for all devices\r
- TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);\r
- TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);\r
- TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF);\r
-\r
- // Remove Non secure access to secure devices\r
- TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0,\r
- ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC);\r
-\r
- TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2,\r
- ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK);\r
-\r
- //\r
- // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions)\r
- //\r
-\r
- // NOR Flash 0 non secure (BootMon)\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_NOR0_BASE,0,\r
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);\r
-\r
- // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)\r
- if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
- //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,\r
- TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);\r
- } else {\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_NOR1_BASE,0,\r
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);\r
- }\r
-\r
- // Base of SRAM. Only half of SRAM in Non Secure world\r
- // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM\r
- if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {\r
- //Note: Your OS Kernel must be aware of the secure regions before to enable this region\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_SRAM_BASE,0,\r
- TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);\r
- } else {\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_SRAM_BASE,0,\r
- TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);\r
- }\r
-\r
- // Memory Mapped Peripherals. All in non secure world\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_PERIPH_BASE,0,\r
- TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);\r
-\r
- // MotherBoard Peripherals and On-chip peripherals.\r
- TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,\r
- ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,\r
- TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);\r
-}\r
-\r
-/**\r
- Initialize controllers that must setup at the early stage\r
-\r
- Some peripherals must be initialized in Secure World.\r
- For example, some L2x0 requires to be initialized in Secure World\r
-\r
-**/\r
-RETURN_STATUS\r
-ArmPlatformSecInitialize (\r
- IN UINTN MpId\r
- )\r
-{\r
- UINT32 Value;\r
-\r
- // If the DRAM is remapped at 0x0 then we need to wake up the secondary cores from wfe\r
- // (waiting for the memory to be initialized) as the instruction is still in the remapped\r
- // flash region at 0x0 to jump in the C-code which lives in the NOR1 at 0x44000000 before\r
- // the region 0x0 is remapped as DRAM.\r
- if (!FeaturePcdGet (PcdNorFlashRemapping)) {\r
- if (!ArmPlatformIsPrimaryCore (MpId)) {\r
- // Replaced ArmCallWFE () in ArmPlatformPkg/Sec/SecEntryPoint.(S|asm)\r
- ArmCallWFE ();\r
- } else {\r
- // Wake up the secondary core from ArmCallWFE () in ArmPlatformPkg/Sec/SecEntryPoint.(S|asm)\r
- ArmCallSEV ();\r
- }\r
- }\r
-\r
- // If it is not the primary core then there is nothing to do\r
- if (!ArmPlatformIsPrimaryCore (MpId)) {\r
- return RETURN_SUCCESS;\r
- }\r
-\r
- // The L2x0 controller must be intialize in Secure World\r
- L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase),\r
- PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
- PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES),\r
- 0,~0, // Use default setting for the Auxiliary Control Register\r
- FALSE);\r
-\r
- // Initialize the System Configuration\r
- ArmPlatformSysConfigInitialize ();\r
-\r
- // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.\r
- // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM\r
- if ((FeaturePcdGet (PcdSystemMemoryInitializeInSec)) || (FeaturePcdGet (PcdStandalone) == FALSE)) {\r
- // If it is not a standalone build ensure the PcdSystemMemoryInitializeInSec has been set\r
- ASSERT(FeaturePcdGet (PcdSystemMemoryInitializeInSec) == TRUE);\r
-\r
- // Initialize system memory (DRAM)\r
- ArmPlatformInitializeSystemMemory ();\r
- }\r
-\r
- // Memory Map remapping\r
- if (FeaturePcdGet (PcdNorFlashRemapping)) {\r
- SerialPrint ("Secure ROM at 0x0\n\r");\r
- } else {\r
- Value = MmioRead32 (ARM_VE_SYS_CFGRW1_REG); //Scc - CFGRW1\r
- // Remap the DRAM to 0x0\r
- MmioWrite32 (ARM_VE_SYS_CFGRW1_REG, (Value & 0x0FFFFFFF) | ARM_VE_CFGRW1_REMAP_DRAM);\r
- }\r
-\r
- return RETURN_SUCCESS;\r
-}\r