Corneliu Doban | 189bec5 | 2015-04-10 15:51:55 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2015 Broadcom Corporation |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by |
| 6 | * the Free Software Foundation; version 2 of the License. |
| 7 | * |
| 8 | * This program is distributed in the hope that it will be useful, |
| 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | * GNU General Public License for more details. |
Corneliu Doban | 189bec5 | 2015-04-10 15:51:55 -0700 | [diff] [blame] | 12 | */ |
| 13 | |
| 14 | #include <arch/io.h> |
| 15 | #include <soc/tz.h> |
| 16 | |
| 17 | #define TZPC_TZPCR0SIZE 0x18034000 |
| 18 | #define TZPC_TZPCR0SIZE_MASK 0x000003ff |
| 19 | |
| 20 | #define TZPC_TZPCDECPROT0SET 0x18034804 |
| 21 | #define TZPC_TZPCDECPROT0CLR 0x18034808 |
| 22 | #define TZPC_TZPCDECPROT1SET 0x18034810 |
| 23 | #define TZPC_TZPCDECPROT1CLR 0x18034814 |
| 24 | #define TZPC_TZPCDECPROT2SET 0x1803481c |
| 25 | #define TZPC_TZPCDECPROT2CLR 0x18034820 |
| 26 | |
| 27 | #define TZPCDECPROT0_MASK 0x000000FF |
| 28 | #define TZPCDECPROT1_MASK 0x000000FF |
| 29 | #define TZPCDECPROT2_MASK 0x000000FF |
| 30 | |
| 31 | #define AXIIC_Ihost_acp_security 0x1a000008 |
| 32 | #define AXIIC_PCIe0_s0_security 0x1a000010 |
| 33 | #define AXIIC_PCIe1_s0_security 0x1a000014 |
| 34 | #define AXIIC_APBY_s0_security 0x1a00002c |
| 35 | #define AXIIC_APBZ_s0_security 0x1a000030 |
| 36 | #define AXIIC_APBX_s0_security 0x1a000034 |
| 37 | #define AXIIC_ihost_s0_security 0x1a000038 |
| 38 | #define AXIIC_A9jtag_s0_security 0x1a00003c |
| 39 | #define AXIIC_APB_W1_security 0x1a000040 |
| 40 | #define AXIIC_APB_W2_security 0x1a000044 |
| 41 | #define AXIIC_APB_W3_security 0x1a000048 |
| 42 | #define AXIIC_APB_W4_security 0x1a00004c |
| 43 | #define AXIIC_APBR_s0_security 0x1a00006c |
| 44 | #define AXIIC_APBS_s0_security 0x1a000070 |
| 45 | #define AXIIC_CMICd_s0_security 0x1a000074 |
| 46 | #define AXIIC_mhost0_s0_security 0x1a000078 |
| 47 | #define AXIIC_mhost1_s0_security 0x1a00007c |
| 48 | #define AXIIC_Crypto_s0_security 0x1a000080 |
| 49 | #define AXIIC_DMU_s0_security 0x1a000084 |
| 50 | #define AXIIC_ext_s0_security 0x1a000088 |
| 51 | #define AXIIC_ext_s1_security 0x1a00008c |
| 52 | |
| 53 | #define AXIIC_APBY_s0_security_MASK 0x00003f1f |
| 54 | #define AXIIC_APBZ_s0_security_MASK 0x0000003f |
| 55 | #define AXIIC_APBX_s0_security_MASK 0x0000cfff |
| 56 | #define AXIIC_ext_s0_security_MASK 0xffffffff |
| 57 | #define AXIIC_ext_s1_security_MASK 0xffffffff |
| 58 | #define AXIIC_APBR_s0_security_MASK 0x0000436d |
| 59 | #define AXIIC_APBS_s0_security_MASK 0x000057ee |
| 60 | #define AXIIC_APB_W1_security_MASK 0x0000ffff |
| 61 | #define AXIIC_APB_W2_security_MASK 0x0000000f |
| 62 | #define AXIIC_APB_W3_security_MASK 0x00003fff |
| 63 | #define AXIIC_APB_W4_security_MASK 0x0000007f |
| 64 | |
| 65 | /* |
| 66 | * Note: the order need to match corresponding definitions for |
| 67 | * non virtual slave slave_vector in tz.h |
| 68 | */ |
| 69 | static uint32_t non_virtual_slave_regs[] = { |
| 70 | AXIIC_Ihost_acp_security, |
| 71 | AXIIC_PCIe0_s0_security, |
| 72 | AXIIC_PCIe1_s0_security, |
| 73 | AXIIC_ihost_s0_security, |
| 74 | AXIIC_A9jtag_s0_security, |
| 75 | AXIIC_CMICd_s0_security, |
| 76 | AXIIC_mhost0_s0_security, |
| 77 | AXIIC_mhost1_s0_security, |
| 78 | AXIIC_Crypto_s0_security, |
| 79 | AXIIC_DMU_s0_security |
| 80 | }; |
| 81 | |
| 82 | /* |
| 83 | * Set master security. |
| 84 | * Use defines in tz.h for both parameters. |
| 85 | */ |
| 86 | void tz_set_masters_security(uint32_t masters, uint32_t ns_bit) |
| 87 | { |
| 88 | uint32_t val; |
| 89 | |
| 90 | /* Check any TZPCDECPROT0 is set and then write to TZPCDECPROT0 */ |
| 91 | if (masters & TZPCDECPROT0_MASK) { |
| 92 | val = masters & TZPCDECPROT0_MASK; |
| 93 | if (ns_bit) |
| 94 | write32((void *)TZPC_TZPCDECPROT0SET, val); |
| 95 | else |
| 96 | write32((void *)TZPC_TZPCDECPROT0CLR, val); |
| 97 | } |
| 98 | /* Check any TZPCDECPROT1 is set and then write to TZPCDECPROT1 */ |
| 99 | if ((masters >> 8) & TZPCDECPROT1_MASK) { |
| 100 | val = (masters >> 8) & TZPCDECPROT1_MASK; |
| 101 | if (ns_bit) |
| 102 | write32((void *)TZPC_TZPCDECPROT1SET, val); |
| 103 | else |
| 104 | write32((void *)TZPC_TZPCDECPROT1CLR, val); |
| 105 | } |
| 106 | /* Check any TZPCDECPROT2 is set and then write to TZPCDECPROT2 */ |
| 107 | if ((masters >> 16) & TZPCDECPROT2_MASK) { |
| 108 | val = (masters >> 16) & TZPCDECPROT2_MASK; |
| 109 | if (ns_bit) |
| 110 | write32((void *)TZPC_TZPCDECPROT2SET, val); |
| 111 | else |
| 112 | write32((void *)TZPC_TZPCDECPROT2CLR, val); |
| 113 | } |
| 114 | } |
| 115 | |
| 116 | /* |
| 117 | * Set non virtual slave security. |
| 118 | * Use defines in tz.h for both parameters. |
| 119 | */ |
| 120 | void tz_set_non_virtual_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| 121 | { |
| 122 | uint32_t i; |
| 123 | uint32_t total = sizeof(non_virtual_slave_regs) / |
| 124 | sizeof(non_virtual_slave_regs[0]); |
| 125 | uint32_t mask = ~(0xffffffff << total); |
| 126 | |
| 127 | ns_bit &= 0x1; |
| 128 | slave_vector = slave_vector & mask; |
| 129 | for (i = 0; i < total; i++) { |
| 130 | if (slave_vector & (0x1 << i)) |
| 131 | write32((void *)(non_virtual_slave_regs[i]), ns_bit); |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | /* |
| 136 | * Set peripheral security. |
| 137 | * Use defines in tz.h for both parameters. |
| 138 | */ |
| 139 | void tz_set_periph_security(uint32_t slave_vector, uint32_t ns_bit) |
| 140 | { |
| 141 | uint32_t val; |
| 142 | uint32_t mask_x = AXIIC_APBX_s0_security_MASK; |
| 143 | uint32_t mask_y = AXIIC_APBY_s0_security_MASK; |
| 144 | uint32_t tz_periphs_sec_status = |
| 145 | (mask_x & read32((void *)AXIIC_APBX_s0_security)) | |
| 146 | ((mask_y & read32((void *)AXIIC_APBY_s0_security)) << 16); |
| 147 | |
| 148 | if (ns_bit == TZ_STATE_SECURE) |
| 149 | tz_periphs_sec_status &= ~slave_vector; |
| 150 | else |
| 151 | tz_periphs_sec_status |= slave_vector; |
| 152 | |
| 153 | val = tz_periphs_sec_status & mask_x; |
| 154 | write32((void *)AXIIC_APBX_s0_security, val); |
| 155 | |
| 156 | val = (tz_periphs_sec_status >> 16) & mask_y; |
| 157 | write32((void *)AXIIC_APBY_s0_security, val); |
| 158 | } |
| 159 | |
| 160 | /* |
| 161 | * Set sec peripheral security. |
| 162 | * Use defines in tz.h for both parameters. |
| 163 | */ |
| 164 | void tz_set_sec_periphs_security(uint32_t slave_vector, uint32_t ns_bit) |
| 165 | { |
| 166 | uint32_t val; |
| 167 | uint32_t mask = AXIIC_APBZ_s0_security_MASK; |
| 168 | uint32_t tz_sec_periphs_sec_status = |
| 169 | read32((void *)AXIIC_APBZ_s0_security); |
| 170 | |
| 171 | if (ns_bit == TZ_STATE_SECURE) |
| 172 | tz_sec_periphs_sec_status &= ~slave_vector; |
| 173 | else |
| 174 | tz_sec_periphs_sec_status |= slave_vector; |
| 175 | |
| 176 | val = tz_sec_periphs_sec_status & mask; |
| 177 | write32((void *)AXIIC_APBZ_s0_security, val); |
| 178 | } |
| 179 | |
| 180 | /* |
| 181 | * Set external slave security. |
| 182 | * Use defines in tz.h for both parameters. |
| 183 | */ |
| 184 | void tz_set_ext_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| 185 | { |
| 186 | uint32_t val; |
| 187 | uint32_t mask_s0 = AXIIC_ext_s0_security_MASK; |
| 188 | uint32_t mask_s1 = AXIIC_ext_s1_security_MASK; |
| 189 | uint32_t tz_ext_slaves_sec_status = |
| 190 | (mask_s0 & read32((void *)AXIIC_ext_s0_security)) | |
| 191 | ((mask_s1 & read32((void *)AXIIC_ext_s0_security)) << 16); |
| 192 | |
| 193 | if (ns_bit == TZ_STATE_SECURE) |
| 194 | tz_ext_slaves_sec_status &= ~slave_vector; |
| 195 | else |
| 196 | tz_ext_slaves_sec_status |= slave_vector; |
| 197 | |
| 198 | val = tz_ext_slaves_sec_status & mask_s0; |
| 199 | write32((void *)AXIIC_ext_s0_security, val); |
| 200 | |
| 201 | val = (tz_ext_slaves_sec_status >> 16) & mask_s1; |
| 202 | write32((void *)AXIIC_ext_s1_security, val); |
| 203 | } |
| 204 | |
| 205 | /* |
| 206 | * Set cfg slave security |
| 207 | * Use defines in tz.h for both parameters. |
| 208 | */ |
| 209 | void tz_set_cfg_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| 210 | { |
| 211 | uint32_t val; |
| 212 | uint32_t mask_r = AXIIC_APBR_s0_security_MASK; |
| 213 | uint32_t mask_s = AXIIC_APBS_s0_security_MASK; |
| 214 | uint32_t tz_cfg_slaves_sec_status = |
| 215 | (mask_r & read32((void *)AXIIC_APBR_s0_security)) | |
| 216 | ((mask_s & read32((void *)AXIIC_APBS_s0_security)) << 16); |
| 217 | |
| 218 | if (ns_bit == TZ_STATE_SECURE) |
| 219 | tz_cfg_slaves_sec_status &= ~slave_vector; |
| 220 | else |
| 221 | tz_cfg_slaves_sec_status |= slave_vector; |
| 222 | |
| 223 | val = tz_cfg_slaves_sec_status & mask_r; |
| 224 | write32((void *)AXIIC_APBR_s0_security, val); |
| 225 | |
| 226 | val = (tz_cfg_slaves_sec_status >> 16) & mask_s; |
| 227 | write32((void *)AXIIC_APBS_s0_security, val); |
| 228 | } |
| 229 | |
| 230 | /* |
| 231 | * Set SRAM secure region |
| 232 | * parameter 'r0size' specify the secure RAM region in 4KB steps: |
| 233 | * 0x00000000 = no secure region |
| 234 | * 0x00000001 = 4KB secure region |
| 235 | * 0x00000002 = 8KB secure region |
| 236 | * ....... |
| 237 | * 0x000001FF = 2044KB secure region. |
| 238 | * 0x00000200 or above sets the entire SRAM to secure regardless of size |
| 239 | */ |
| 240 | void tz_set_sram_sec_region(uint32_t r0size) |
| 241 | { |
| 242 | uint32_t mask = TZPC_TZPCR0SIZE_MASK; |
| 243 | |
| 244 | write32((void *)TZPC_TZPCR0SIZE, r0size & mask); |
| 245 | } |
| 246 | |
| 247 | /* |
| 248 | * Set wrapper security |
| 249 | * Use defines in tz.h for all parameters. |
| 250 | */ |
| 251 | void tz_set_wrapper_security(uint32_t wrapper1, uint32_t wrapper2, |
| 252 | uint32_t wrapper3, uint32_t wrapper4, |
| 253 | uint32_t ns_bit) |
| 254 | { |
| 255 | uint32_t mask_w4 = AXIIC_APB_W4_security_MASK; |
| 256 | uint32_t mask_w3 = AXIIC_APB_W3_security_MASK; |
| 257 | uint32_t mask_w2 = AXIIC_APB_W2_security_MASK; |
| 258 | uint32_t mask_w1 = AXIIC_APB_W1_security_MASK; |
| 259 | uint32_t tz_wrapper1_sec_status = read32((void *)AXIIC_APB_W1_security); |
| 260 | uint32_t tz_wrapper2_sec_status = read32((void *)AXIIC_APB_W2_security); |
| 261 | uint32_t tz_wrapper3_sec_status = read32((void *)AXIIC_APB_W3_security); |
| 262 | uint32_t tz_wrapper4_sec_status = read32((void *)AXIIC_APB_W4_security); |
| 263 | |
| 264 | if (ns_bit == TZ_STATE_SECURE) { |
| 265 | tz_wrapper1_sec_status &= ~wrapper1; |
| 266 | tz_wrapper2_sec_status &= ~wrapper2; |
| 267 | tz_wrapper3_sec_status &= ~wrapper3; |
| 268 | tz_wrapper4_sec_status &= ~wrapper4; |
| 269 | } else { |
| 270 | tz_wrapper1_sec_status |= wrapper1; |
| 271 | tz_wrapper2_sec_status |= wrapper2; |
| 272 | tz_wrapper3_sec_status |= wrapper3; |
| 273 | tz_wrapper4_sec_status |= wrapper4; |
| 274 | } |
| 275 | write32((void *)AXIIC_APB_W1_security, |
| 276 | tz_wrapper1_sec_status & mask_w1); |
| 277 | write32((void *)AXIIC_APB_W2_security, |
| 278 | tz_wrapper2_sec_status & mask_w2); |
| 279 | write32((void *)AXIIC_APB_W3_security, |
| 280 | tz_wrapper3_sec_status & mask_w3); |
| 281 | write32((void *)AXIIC_APB_W4_security, |
| 282 | tz_wrapper4_sec_status & mask_w4); |
| 283 | } |