diff options
author | Manish Pandey <manish.pandey2@arm.com> | 2021-08-13 00:22:55 +0200 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2021-08-13 00:22:55 +0200 |
commit | e528bc22ebb7cf66fa79250514bdac519b2b1c61 (patch) | |
tree | cf58b1b50e10037d481b7172152cf21e0ae2b46c /plat | |
parent | 5360449b61ccfe8c2e70c4d533e01b62d0199154 (diff) | |
parent | 9a9ea82948fd2f1459b6351cb0641f3f77b4e6de (diff) | |
download | arm-trusted-firmware-e528bc22ebb7cf66fa79250514bdac519b2b1c61.tar.gz |
Merge changes from topic "st_fip_fconf" into integration
* changes:
feat(io_mtd): offset management for FIP usage
feat(nand): count bad blocks before a given offset
feat(plat/st): add helper to save boot interface
fix(plat/st): improve DDR get size function
refactor(plat/st): map DDR secure at boot
refactor(plat/st): rework TZC400 configuration
Diffstat (limited to 'plat')
-rw-r--r-- | plat/st/common/include/stm32mp_common.h | 1 | ||||
-rw-r--r-- | plat/st/common/stm32mp_common.c | 11 | ||||
-rw-r--r-- | plat/st/common/stm32mp_dt.c | 11 | ||||
-rw-r--r-- | plat/st/stm32mp1/bl2_plat_setup.c | 21 | ||||
-rw-r--r-- | plat/st/stm32mp1/stm32mp1_security.c | 99 |
5 files changed, 86 insertions, 57 deletions
diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h index 42d348702..edced71aa 100644 --- a/plat/st/common/include/stm32mp_common.h +++ b/plat/st/common/include/stm32mp_common.h @@ -17,6 +17,7 @@ /* Functions to save and get boot context address given by ROM code */ void stm32mp_save_boot_ctx_address(uintptr_t address); uintptr_t stm32mp_get_boot_ctx_address(void); +uint16_t stm32mp_get_boot_itf_selected(void); bool stm32mp_is_single_core(void); bool stm32mp_is_closed_device(void); diff --git a/plat/st/common/stm32mp_common.c b/plat/st/common/stm32mp_common.c index d3de1e14f..5e5958baa 100644 --- a/plat/st/common/stm32mp_common.c +++ b/plat/st/common/stm32mp_common.c @@ -28,10 +28,14 @@ unsigned int plat_get_syscnt_freq2(void) } static uintptr_t boot_ctx_address; +static uint16_t boot_itf_selected; void stm32mp_save_boot_ctx_address(uintptr_t address) { + boot_api_context_t *boot_context = (boot_api_context_t *)address; + boot_ctx_address = address; + boot_itf_selected = boot_context->boot_interface_selected; } uintptr_t stm32mp_get_boot_ctx_address(void) @@ -39,6 +43,11 @@ uintptr_t stm32mp_get_boot_ctx_address(void) return boot_ctx_address; } +uint16_t stm32mp_get_boot_itf_selected(void) +{ + return boot_itf_selected; +} + uintptr_t stm32mp_ddrctrl_base(void) { return DDRCTRL_BASE; @@ -105,7 +114,7 @@ int stm32mp_map_ddr_non_cacheable(void) { return mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE, STM32MP_DDR_MAX_SIZE, - MT_NON_CACHEABLE | MT_RW | MT_NS); + MT_NON_CACHEABLE | MT_RW | MT_SECURE); } int stm32mp_unmap_ddr(void) diff --git a/plat/st/common/stm32mp_dt.c b/plat/st/common/stm32mp_dt.c index 6465c10e8..0b3564692 100644 --- a/plat/st/common/stm32mp_dt.c +++ b/plat/st/common/stm32mp_dt.c @@ -209,15 +209,24 @@ int dt_get_stdout_uart_info(struct dt_node_info *info) ******************************************************************************/ uint32_t dt_get_ddr_size(void) { + static uint32_t size; int node; + if (size != 0U) { + return size; + } + node = fdt_node_offset_by_compatible(fdt, -1, DT_DDR_COMPAT); if (node < 0) { INFO("%s: Cannot read DDR node in DT\n", __func__); return 0; } - return fdt_read_uint32_default(fdt, node, "st,mem-size", 0); + size = fdt_read_uint32_default(fdt, node, "st,mem-size", 0U); + + flush_dcache_range((uintptr_t)&size, sizeof(uint32_t)); + + return size; } /******************************************************************************* diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index 91073b89d..3e179fbbf 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -132,7 +132,6 @@ void bl2_el3_early_platform_setup(u_register_t arg0, void bl2_platform_setup(void) { int ret; - uint32_t ddr_ns_size; if (dt_pmic_status() > 0) { initialize_pmic(); @@ -144,24 +143,16 @@ void bl2_platform_setup(void) panic(); } - ddr_ns_size = stm32mp_get_ddr_ns_size(); - assert(ddr_ns_size > 0U); - - /* Map non secure DDR for BL33 load, now with cacheable attribute */ + /* Map DDR for binary load, now with cacheable attribute */ ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE, - ddr_ns_size, MT_MEMORY | MT_RW | MT_NS); - assert(ret == 0); + STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE); + if (ret < 0) { + ERROR("DDR mapping: error %d\n", ret); + panic(); + } #ifdef AARCH32_SP_OPTEE INFO("BL2 runs OP-TEE setup\n"); - - /* Map secure DDR for OP-TEE paged area */ - ret = mmap_add_dynamic_region(STM32MP_DDR_BASE + ddr_ns_size, - STM32MP_DDR_BASE + ddr_ns_size, - STM32MP_DDR_S_SIZE, - MT_MEMORY | MT_RW | MT_SECURE); - assert(ret == 0); - /* Initialize tzc400 after DDR initialization */ stm32mp1_security_setup(); #else diff --git a/plat/st/stm32mp1/stm32mp1_security.c b/plat/st/stm32mp1/stm32mp1_security.c index 195b3a550..2ee5f4a85 100644 --- a/plat/st/stm32mp1/stm32mp1_security.c +++ b/plat/st/stm32mp1/stm32mp1_security.c @@ -27,6 +27,45 @@ TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \ TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID) +static unsigned int region_nb; + +static void init_tzc400_begin(unsigned int region0_attr) +{ + tzc400_init(STM32MP1_TZC_BASE); + tzc400_disable_filters(); + + /* Region 0 set to cover all DRAM at 0xC000_0000 */ + tzc400_configure_region0(region0_attr, 0); + + region_nb = 1U; +} + +static void init_tzc400_end(unsigned int action) +{ + tzc400_set_action(action); + tzc400_enable_filters(); +} + +static void tzc400_add_region(unsigned long long region_base, + unsigned long long region_top, bool sec) +{ + unsigned int sec_attr; + unsigned int nsaid_permissions; + + if (sec) { + sec_attr = TZC_REGION_S_RDWR; + nsaid_permissions = 0; + } else { + sec_attr = TZC_REGION_S_NONE; + nsaid_permissions = TZC_REGION_NSEC_ALL_ACCESS_RDWR; + } + + tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, region_nb, region_base, + region_top, sec_attr, nsaid_permissions); + + region_nb++; +} + /******************************************************************************* * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access * and allow Non-Secure masters full access. @@ -38,10 +77,9 @@ static void init_tzc400(void) unsigned long long ddr_ns_size = (unsigned long long)stm32mp_get_ddr_ns_size(); unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U); + unsigned long long ddr_top __unused; - tzc400_init(STM32MP1_TZC_BASE); - - tzc400_disable_filters(); + init_tzc400_begin(TZC_REGION_S_NONE); /* * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the @@ -49,35 +87,28 @@ static void init_tzc400(void) */ region_base = ddr_base; region_top = ddr_ns_top; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, - region_base, - region_top, - TZC_REGION_S_NONE, - TZC_REGION_NSEC_ALL_ACCESS_RDWR); + tzc400_add_region(region_base, region_top, false); #ifdef AARCH32_SP_OPTEE /* Region 2 set to cover all secure DRAM. */ region_base = region_top + 1U; region_top += STM32MP_DDR_S_SIZE; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 2, - region_base, - region_top, - TZC_REGION_S_RDWR, - 0); - - /* Region 3 set to cover non-secure shared memory DRAM. */ - region_base = region_top + 1U; - region_top += STM32MP_DDR_SHMEM_SIZE; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 3, - region_base, - region_top, - TZC_REGION_S_NONE, - TZC_REGION_NSEC_ALL_ACCESS_RDWR); + tzc400_add_region(region_base, region_top, true); + + ddr_top = STM32MP_DDR_BASE + dt_get_ddr_size() - 1U; + if (region_top < ddr_top) { + /* Region 3 set to cover non-secure memory DRAM after BL32. */ + region_base = region_top + 1U; + region_top = ddr_top; + tzc400_add_region(region_base, region_top, false); + } #endif - tzc400_set_action(TZC_ACTION_INT); - - tzc400_enable_filters(); + /* + * Raise an interrupt (secure FIQ) if a NS device tries to access + * secure memory + */ + init_tzc400_end(TZC_ACTION_INT); } /******************************************************************************* @@ -90,23 +121,11 @@ static void early_init_tzc400(void) stm32mp_clk_enable(TZC1); stm32mp_clk_enable(TZC2); - tzc400_init(STM32MP1_TZC_BASE); - - tzc400_disable_filters(); - - /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */ - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, - STM32MP_DDR_BASE, - STM32MP_DDR_BASE + - (STM32MP_DDR_MAX_SIZE - 1U), - TZC_REGION_S_NONE, - TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | - TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID)); + /* Region 0 set to cover all DRAM secure at 0xC000_0000 */ + init_tzc400_begin(TZC_REGION_S_RDWR); /* Raise an exception if a NS device tries to access secure memory */ - tzc400_set_action(TZC_ACTION_ERR); - - tzc400_enable_filters(); + init_tzc400_end(TZC_ACTION_ERR); } /******************************************************************************* |