[U-Boot] [PATCH v1 01/24] fsl-ch3/lowlevel: TZPC and TZASC programming to configure non-secure accesses
York Sun
yorksun at freescale.com
Tue Jan 6 22:11:21 CET 2015
From: Bhupesh Sharma <bhupesh.sharma at freescale.com>
This patch ensures that the TZPC (BP147) and TZASC-400 programming
happens for LS2085A SoC only when the desired config flags are
enabled and ensures that the TZPC programming is done to allow Non-secure
(NS) + secure (S) transactions only for DCGF registers.
The TZASC component is not present on LS2085A-Rev1, so the TZASC-400
config flag is turned OFF for now.
Signed-off-by: Bhupesh Sharma <bhupesh.sharma at freescale.com>
---
arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S | 54 ++++++++++++++++++++++++++
arch/arm/include/asm/arch-fsl-lsch3/config.h | 28 +++++++++++++
doc/README.fsl-trustzone-components | 25 ++++++++++++
include/configs/ls2085a_common.h | 1 +
4 files changed, 108 insertions(+)
create mode 100644 doc/README.fsl-trustzone-components
diff --git a/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S b/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S
index 2a88aab..c283787 100644
--- a/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S
+++ b/arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S
@@ -42,6 +42,60 @@ ENTRY(lowlevel_init)
ldr x0, =secondary_boot_func
blr x0
2:
+
+#ifdef CONFIG_FSL_TZPC_BP147
+ /* Set Non Secure access for all devices protected via TZPC */
+ ldr x1, =TZPCDECPROT_0_SET_BASE /* Decode Protection-0 Set Reg */
+ orr w0, w0, #1 << 3 /* DCFG_RESET is accessible from NS world */
+ str w0, [x1]
+
+ isb
+ dsb sy
+#endif
+
+#ifdef CONFIG_FSL_TZASC_400
+ /* Set TZASC so that:
+ * a. We use only Region0 whose global secure write/read is EN
+ * b. We use only Region0 whose NSAID write/read is EN
+ *
+ * NOTE: As per the CCSR map doc, TZASC 3 and TZASC 4 are just
+ * placeholders.
+ */
+ ldr x1, =TZASC_GATE_KEEPER(0)
+ ldr x0, [x1] /* Filter 0 Gate Keeper Register */
+ orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */
+ str x0, [x1]
+
+ ldr x1, =TZASC_GATE_KEEPER(1)
+ ldr x0, [x1] /* Filter 0 Gate Keeper Register */
+ orr x0, x0, #1 << 0 /* Set open_request for Filter 0 */
+ str x0, [x1]
+
+ ldr x1, =TZASC_REGION_ATTRIBUTES_0(0)
+ ldr x0, [x1] /* Region-0 Attributes Register */
+ orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */
+ orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */
+ str x0, [x1]
+
+ ldr x1, =TZASC_REGION_ATTRIBUTES_0(1)
+ ldr x0, [x1] /* Region-1 Attributes Register */
+ orr x0, x0, #1 << 31 /* Set Sec global write en, Bit[31] */
+ orr x0, x0, #1 << 30 /* Set Sec global read en, Bit[30] */
+ str x0, [x1]
+
+ ldr x1, =TZASC_REGION_ID_ACCESS_0(0)
+ ldr w0, [x1] /* Region-0 Access Register */
+ mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */
+ str w0, [x1]
+
+ ldr x1, =TZASC_REGION_ID_ACCESS_0(1)
+ ldr w0, [x1] /* Region-1 Attributes Register */
+ mov w0, #0xFFFFFFFF /* Set nsaid_wr_en and nsaid_rd_en */
+ str w0, [x1]
+
+ isb
+ dsb sy
+#endif
mov lr, x29 /* Restore LR */
ret
ENDPROC(lowlevel_init)
diff --git a/arch/arm/include/asm/arch-fsl-lsch3/config.h b/arch/arm/include/asm/arch-fsl-lsch3/config.h
index da551e8..d4f688b 100644
--- a/arch/arm/include/asm/arch-fsl-lsch3/config.h
+++ b/arch/arm/include/asm/arch-fsl-lsch3/config.h
@@ -35,6 +35,34 @@
#define I2C3_BASE_ADDR (CONFIG_SYS_IMMR + 0x01020000)
#define I2C4_BASE_ADDR (CONFIG_SYS_IMMR + 0x01030000)
+/* TZ Protection Controller Definitions */
+#define TZPC_BASE 0x02200000
+#define TZPCR0SIZE_BASE (TZPC_BASE)
+#define TZPCDECPROT_0_STAT_BASE (TZPC_BASE + 0x800)
+#define TZPCDECPROT_0_SET_BASE (TZPC_BASE + 0x804)
+#define TZPCDECPROT_0_CLR_BASE (TZPC_BASE + 0x808)
+#define TZPCDECPROT_1_STAT_BASE (TZPC_BASE + 0x80C)
+#define TZPCDECPROT_1_SET_BASE (TZPC_BASE + 0x810)
+#define TZPCDECPROT_1_CLR_BASE (TZPC_BASE + 0x814)
+#define TZPCDECPROT_2_STAT_BASE (TZPC_BASE + 0x818)
+#define TZPCDECPROT_2_SET_BASE (TZPC_BASE + 0x81C)
+#define TZPCDECPROT_2_CLR_BASE (TZPC_BASE + 0x820)
+
+/* TZ Address Space Controller Definitions */
+#define TZASC1_BASE 0x01100000 /* as per CCSR map. */
+#define TZASC2_BASE 0x01110000 /* as per CCSR map. */
+#define TZASC3_BASE 0x01120000 /* as per CCSR map. */
+#define TZASC4_BASE 0x01130000 /* as per CCSR map. */
+#define TZASC_BUILD_CONFIG_REG(x) ((TZASC1_BASE + (x * 0x10000)))
+#define TZASC_ACTION_REG(x) ((TZASC1_BASE + (x * 0x10000)) + 0x004)
+#define TZASC_GATE_KEEPER(x) ((TZASC1_BASE + (x * 0x10000)) + 0x008)
+#define TZASC_REGION_BASE_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x100)
+#define TZASC_REGION_BASE_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x104)
+#define TZASC_REGION_TOP_LOW_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x108)
+#define TZASC_REGION_TOP_HIGH_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x10C)
+#define TZASC_REGION_ATTRIBUTES_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x110)
+#define TZASC_REGION_ID_ACCESS_0(x) ((TZASC1_BASE + (x * 0x10000)) + 0x114)
+
/* Generic Interrupt Controller Definitions */
#define GICD_BASE 0x06000000
#define GICR_BASE 0x06100000
diff --git a/doc/README.fsl-trustzone-components b/doc/README.fsl-trustzone-components
new file mode 100644
index 0000000..a3afd1f
--- /dev/null
+++ b/doc/README.fsl-trustzone-components
@@ -0,0 +1,25 @@
+Freescale ARM64 SoCs like LS2085A have ARM TrustZone components like
+TZPC-BP147 (TrustZone Protection Controller) and TZASC-400 (TrustZone
+Address Space Controller).
+
+While most of the configuration related programming of these peripherals
+is left to a root-of-trust security software layer (running in EL3
+privilege mode), but still some configurations of these peripherals
+might be required while the bootloader is executing in EL3 privilege
+mode. The following sections define how to turn on these features for
+LS2085A like SoCs.
+
+TZPC-BP147 (TrustZone Protection Controller)
+============================================
+- Depends on CONFIG_FSL_TZPC_BP147 configuration flag.
+- Separates Secure World and Normal World on-chip RAM (OCRAM) spaces.
+- Provides a programming model to set access control policy via the TZPC
+ TZDECPROT Registers.
+
+TZASC-400 (TrustZone Address Space Controller)
+==============================================
+- Depends on CONFIG_FSL_TZASC_400 configuration flag.
+- Separates Secure World and Normal World external memory spaces for bus masters
+ such as processors and DMA-equipped peripherals.
+- Supports 8 fully programmable address regions, initially inactive at reset,
+ and one base region, always active, that covers the remaining address space.
diff --git a/include/configs/ls2085a_common.h b/include/configs/ls2085a_common.h
index 6fe032c..3898443 100644
--- a/include/configs/ls2085a_common.h
+++ b/include/configs/ls2085a_common.h
@@ -13,6 +13,7 @@
#define CONFIG_FSL_LSCH3
#define CONFIG_LS2085A
#define CONFIG_GICV3
+#define CONFIG_FSL_TZPC_BP147
/* Link Definitions */
#define CONFIG_SYS_TEXT_BASE 0x30001000
--
1.7.9.5
More information about the U-Boot
mailing list