| /* |
| * Copyright (C) 2015 Broadcom Corporation |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; version 2 of the License. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| */ |
| |
| #include <arch/io.h> |
| #include <soc/tz.h> |
| |
| #define TZPC_TZPCR0SIZE 0x18034000 |
| #define TZPC_TZPCR0SIZE_MASK 0x000003ff |
| |
| #define TZPC_TZPCDECPROT0SET 0x18034804 |
| #define TZPC_TZPCDECPROT0CLR 0x18034808 |
| #define TZPC_TZPCDECPROT1SET 0x18034810 |
| #define TZPC_TZPCDECPROT1CLR 0x18034814 |
| #define TZPC_TZPCDECPROT2SET 0x1803481c |
| #define TZPC_TZPCDECPROT2CLR 0x18034820 |
| |
| #define TZPCDECPROT0_MASK 0x000000FF |
| #define TZPCDECPROT1_MASK 0x000000FF |
| #define TZPCDECPROT2_MASK 0x000000FF |
| |
| #define AXIIC_Ihost_acp_security 0x1a000008 |
| #define AXIIC_PCIe0_s0_security 0x1a000010 |
| #define AXIIC_PCIe1_s0_security 0x1a000014 |
| #define AXIIC_APBY_s0_security 0x1a00002c |
| #define AXIIC_APBZ_s0_security 0x1a000030 |
| #define AXIIC_APBX_s0_security 0x1a000034 |
| #define AXIIC_ihost_s0_security 0x1a000038 |
| #define AXIIC_A9jtag_s0_security 0x1a00003c |
| #define AXIIC_APB_W1_security 0x1a000040 |
| #define AXIIC_APB_W2_security 0x1a000044 |
| #define AXIIC_APB_W3_security 0x1a000048 |
| #define AXIIC_APB_W4_security 0x1a00004c |
| #define AXIIC_APBR_s0_security 0x1a00006c |
| #define AXIIC_APBS_s0_security 0x1a000070 |
| #define AXIIC_CMICd_s0_security 0x1a000074 |
| #define AXIIC_mhost0_s0_security 0x1a000078 |
| #define AXIIC_mhost1_s0_security 0x1a00007c |
| #define AXIIC_Crypto_s0_security 0x1a000080 |
| #define AXIIC_DMU_s0_security 0x1a000084 |
| #define AXIIC_ext_s0_security 0x1a000088 |
| #define AXIIC_ext_s1_security 0x1a00008c |
| |
| #define AXIIC_APBY_s0_security_MASK 0x00003f1f |
| #define AXIIC_APBZ_s0_security_MASK 0x0000003f |
| #define AXIIC_APBX_s0_security_MASK 0x0000cfff |
| #define AXIIC_ext_s0_security_MASK 0xffffffff |
| #define AXIIC_ext_s1_security_MASK 0xffffffff |
| #define AXIIC_APBR_s0_security_MASK 0x0000436d |
| #define AXIIC_APBS_s0_security_MASK 0x000057ee |
| #define AXIIC_APB_W1_security_MASK 0x0000ffff |
| #define AXIIC_APB_W2_security_MASK 0x0000000f |
| #define AXIIC_APB_W3_security_MASK 0x00003fff |
| #define AXIIC_APB_W4_security_MASK 0x0000007f |
| |
| /* |
| * Note: the order need to match corresponding definitions for |
| * non virtual slave slave_vector in tz.h |
| */ |
| static uint32_t non_virtual_slave_regs[] = { |
| AXIIC_Ihost_acp_security, |
| AXIIC_PCIe0_s0_security, |
| AXIIC_PCIe1_s0_security, |
| AXIIC_ihost_s0_security, |
| AXIIC_A9jtag_s0_security, |
| AXIIC_CMICd_s0_security, |
| AXIIC_mhost0_s0_security, |
| AXIIC_mhost1_s0_security, |
| AXIIC_Crypto_s0_security, |
| AXIIC_DMU_s0_security |
| }; |
| |
| /* |
| * Set master security. |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_masters_security(uint32_t masters, uint32_t ns_bit) |
| { |
| uint32_t val; |
| |
| /* Check any TZPCDECPROT0 is set and then write to TZPCDECPROT0 */ |
| if (masters & TZPCDECPROT0_MASK) { |
| val = masters & TZPCDECPROT0_MASK; |
| if (ns_bit) |
| write32((void *)TZPC_TZPCDECPROT0SET, val); |
| else |
| write32((void *)TZPC_TZPCDECPROT0CLR, val); |
| } |
| /* Check any TZPCDECPROT1 is set and then write to TZPCDECPROT1 */ |
| if ((masters >> 8) & TZPCDECPROT1_MASK) { |
| val = (masters >> 8) & TZPCDECPROT1_MASK; |
| if (ns_bit) |
| write32((void *)TZPC_TZPCDECPROT1SET, val); |
| else |
| write32((void *)TZPC_TZPCDECPROT1CLR, val); |
| } |
| /* Check any TZPCDECPROT2 is set and then write to TZPCDECPROT2 */ |
| if ((masters >> 16) & TZPCDECPROT2_MASK) { |
| val = (masters >> 16) & TZPCDECPROT2_MASK; |
| if (ns_bit) |
| write32((void *)TZPC_TZPCDECPROT2SET, val); |
| else |
| write32((void *)TZPC_TZPCDECPROT2CLR, val); |
| } |
| } |
| |
| /* |
| * Set non virtual slave security. |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_non_virtual_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| { |
| uint32_t i; |
| uint32_t total = sizeof(non_virtual_slave_regs) / |
| sizeof(non_virtual_slave_regs[0]); |
| uint32_t mask = ~(0xffffffff << total); |
| |
| ns_bit &= 0x1; |
| slave_vector = slave_vector & mask; |
| for (i = 0; i < total; i++) { |
| if (slave_vector & (0x1 << i)) |
| write32((void *)(non_virtual_slave_regs[i]), ns_bit); |
| } |
| } |
| |
| /* |
| * Set peripheral security. |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_periph_security(uint32_t slave_vector, uint32_t ns_bit) |
| { |
| uint32_t val; |
| uint32_t mask_x = AXIIC_APBX_s0_security_MASK; |
| uint32_t mask_y = AXIIC_APBY_s0_security_MASK; |
| uint32_t tz_periphs_sec_status = |
| (mask_x & read32((void *)AXIIC_APBX_s0_security)) | |
| ((mask_y & read32((void *)AXIIC_APBY_s0_security)) << 16); |
| |
| if (ns_bit == TZ_STATE_SECURE) |
| tz_periphs_sec_status &= ~slave_vector; |
| else |
| tz_periphs_sec_status |= slave_vector; |
| |
| val = tz_periphs_sec_status & mask_x; |
| write32((void *)AXIIC_APBX_s0_security, val); |
| |
| val = (tz_periphs_sec_status >> 16) & mask_y; |
| write32((void *)AXIIC_APBY_s0_security, val); |
| } |
| |
| /* |
| * Set sec peripheral security. |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_sec_periphs_security(uint32_t slave_vector, uint32_t ns_bit) |
| { |
| uint32_t val; |
| uint32_t mask = AXIIC_APBZ_s0_security_MASK; |
| uint32_t tz_sec_periphs_sec_status = |
| read32((void *)AXIIC_APBZ_s0_security); |
| |
| if (ns_bit == TZ_STATE_SECURE) |
| tz_sec_periphs_sec_status &= ~slave_vector; |
| else |
| tz_sec_periphs_sec_status |= slave_vector; |
| |
| val = tz_sec_periphs_sec_status & mask; |
| write32((void *)AXIIC_APBZ_s0_security, val); |
| } |
| |
| /* |
| * Set external slave security. |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_ext_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| { |
| uint32_t val; |
| uint32_t mask_s0 = AXIIC_ext_s0_security_MASK; |
| uint32_t mask_s1 = AXIIC_ext_s1_security_MASK; |
| uint32_t tz_ext_slaves_sec_status = |
| (mask_s0 & read32((void *)AXIIC_ext_s0_security)) | |
| ((mask_s1 & read32((void *)AXIIC_ext_s0_security)) << 16); |
| |
| if (ns_bit == TZ_STATE_SECURE) |
| tz_ext_slaves_sec_status &= ~slave_vector; |
| else |
| tz_ext_slaves_sec_status |= slave_vector; |
| |
| val = tz_ext_slaves_sec_status & mask_s0; |
| write32((void *)AXIIC_ext_s0_security, val); |
| |
| val = (tz_ext_slaves_sec_status >> 16) & mask_s1; |
| write32((void *)AXIIC_ext_s1_security, val); |
| } |
| |
| /* |
| * Set cfg slave security |
| * Use defines in tz.h for both parameters. |
| */ |
| void tz_set_cfg_slaves_security(uint32_t slave_vector, uint32_t ns_bit) |
| { |
| uint32_t val; |
| uint32_t mask_r = AXIIC_APBR_s0_security_MASK; |
| uint32_t mask_s = AXIIC_APBS_s0_security_MASK; |
| uint32_t tz_cfg_slaves_sec_status = |
| (mask_r & read32((void *)AXIIC_APBR_s0_security)) | |
| ((mask_s & read32((void *)AXIIC_APBS_s0_security)) << 16); |
| |
| if (ns_bit == TZ_STATE_SECURE) |
| tz_cfg_slaves_sec_status &= ~slave_vector; |
| else |
| tz_cfg_slaves_sec_status |= slave_vector; |
| |
| val = tz_cfg_slaves_sec_status & mask_r; |
| write32((void *)AXIIC_APBR_s0_security, val); |
| |
| val = (tz_cfg_slaves_sec_status >> 16) & mask_s; |
| write32((void *)AXIIC_APBS_s0_security, val); |
| } |
| |
| /* |
| * Set SRAM secure region |
| * parameter 'r0size' specify the secure RAM region in 4KB steps: |
| * 0x00000000 = no secure region |
| * 0x00000001 = 4KB secure region |
| * 0x00000002 = 8KB secure region |
| * ....... |
| * 0x000001FF = 2044KB secure region. |
| * 0x00000200 or above sets the entire SRAM to secure regardless of size |
| */ |
| void tz_set_sram_sec_region(uint32_t r0size) |
| { |
| uint32_t mask = TZPC_TZPCR0SIZE_MASK; |
| |
| write32((void *)TZPC_TZPCR0SIZE, r0size & mask); |
| } |
| |
| /* |
| * Set wrapper security |
| * Use defines in tz.h for all parameters. |
| */ |
| void tz_set_wrapper_security(uint32_t wrapper1, uint32_t wrapper2, |
| uint32_t wrapper3, uint32_t wrapper4, |
| uint32_t ns_bit) |
| { |
| uint32_t mask_w4 = AXIIC_APB_W4_security_MASK; |
| uint32_t mask_w3 = AXIIC_APB_W3_security_MASK; |
| uint32_t mask_w2 = AXIIC_APB_W2_security_MASK; |
| uint32_t mask_w1 = AXIIC_APB_W1_security_MASK; |
| uint32_t tz_wrapper1_sec_status = read32((void *)AXIIC_APB_W1_security); |
| uint32_t tz_wrapper2_sec_status = read32((void *)AXIIC_APB_W2_security); |
| uint32_t tz_wrapper3_sec_status = read32((void *)AXIIC_APB_W3_security); |
| uint32_t tz_wrapper4_sec_status = read32((void *)AXIIC_APB_W4_security); |
| |
| if (ns_bit == TZ_STATE_SECURE) { |
| tz_wrapper1_sec_status &= ~wrapper1; |
| tz_wrapper2_sec_status &= ~wrapper2; |
| tz_wrapper3_sec_status &= ~wrapper3; |
| tz_wrapper4_sec_status &= ~wrapper4; |
| } else { |
| tz_wrapper1_sec_status |= wrapper1; |
| tz_wrapper2_sec_status |= wrapper2; |
| tz_wrapper3_sec_status |= wrapper3; |
| tz_wrapper4_sec_status |= wrapper4; |
| } |
| write32((void *)AXIIC_APB_W1_security, |
| tz_wrapper1_sec_status & mask_w1); |
| write32((void *)AXIIC_APB_W2_security, |
| tz_wrapper2_sec_status & mask_w2); |
| write32((void *)AXIIC_APB_W3_security, |
| tz_wrapper3_sec_status & mask_w3); |
| write32((void *)AXIIC_APB_W4_security, |
| tz_wrapper4_sec_status & mask_w4); |
| } |