1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
/*
* Copyright (C) 2015 Broadcom Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <arch/io.h>
#include <soc/tz.h>
#define TZPC_TZPCR0SIZE 0x18034000
#define TZPC_TZPCR0SIZE_MASK 0x000003ff
#define TZPC_TZPCDECPROT0SET 0x18034804
#define TZPC_TZPCDECPROT0CLR 0x18034808
#define TZPC_TZPCDECPROT1SET 0x18034810
#define TZPC_TZPCDECPROT1CLR 0x18034814
#define TZPC_TZPCDECPROT2SET 0x1803481c
#define TZPC_TZPCDECPROT2CLR 0x18034820
#define TZPCDECPROT0_MASK 0x000000FF
#define TZPCDECPROT1_MASK 0x000000FF
#define TZPCDECPROT2_MASK 0x000000FF
#define AXIIC_Ihost_acp_security 0x1a000008
#define AXIIC_PCIe0_s0_security 0x1a000010
#define AXIIC_PCIe1_s0_security 0x1a000014
#define AXIIC_APBY_s0_security 0x1a00002c
#define AXIIC_APBZ_s0_security 0x1a000030
#define AXIIC_APBX_s0_security 0x1a000034
#define AXIIC_ihost_s0_security 0x1a000038
#define AXIIC_A9jtag_s0_security 0x1a00003c
#define AXIIC_APB_W1_security 0x1a000040
#define AXIIC_APB_W2_security 0x1a000044
#define AXIIC_APB_W3_security 0x1a000048
#define AXIIC_APB_W4_security 0x1a00004c
#define AXIIC_APBR_s0_security 0x1a00006c
#define AXIIC_APBS_s0_security 0x1a000070
#define AXIIC_CMICd_s0_security 0x1a000074
#define AXIIC_mhost0_s0_security 0x1a000078
#define AXIIC_mhost1_s0_security 0x1a00007c
#define AXIIC_Crypto_s0_security 0x1a000080
#define AXIIC_DMU_s0_security 0x1a000084
#define AXIIC_ext_s0_security 0x1a000088
#define AXIIC_ext_s1_security 0x1a00008c
#define AXIIC_APBY_s0_security_MASK 0x00003f1f
#define AXIIC_APBZ_s0_security_MASK 0x0000003f
#define AXIIC_APBX_s0_security_MASK 0x0000cfff
#define AXIIC_ext_s0_security_MASK 0xffffffff
#define AXIIC_ext_s1_security_MASK 0xffffffff
#define AXIIC_APBR_s0_security_MASK 0x0000436d
#define AXIIC_APBS_s0_security_MASK 0x000057ee
#define AXIIC_APB_W1_security_MASK 0x0000ffff
#define AXIIC_APB_W2_security_MASK 0x0000000f
#define AXIIC_APB_W3_security_MASK 0x00003fff
#define AXIIC_APB_W4_security_MASK 0x0000007f
/*
* Note: the order need to match corresponding definitions for
* non virtual slave slave_vector in tz.h
*/
static uint32_t non_virtual_slave_regs[] = {
AXIIC_Ihost_acp_security,
AXIIC_PCIe0_s0_security,
AXIIC_PCIe1_s0_security,
AXIIC_ihost_s0_security,
AXIIC_A9jtag_s0_security,
AXIIC_CMICd_s0_security,
AXIIC_mhost0_s0_security,
AXIIC_mhost1_s0_security,
AXIIC_Crypto_s0_security,
AXIIC_DMU_s0_security
};
/*
* Set master security.
* Use defines in tz.h for both parameters.
*/
void tz_set_masters_security(uint32_t masters, uint32_t ns_bit)
{
uint32_t val;
/* Check any TZPCDECPROT0 is set and then write to TZPCDECPROT0 */
if (masters & TZPCDECPROT0_MASK) {
val = masters & TZPCDECPROT0_MASK;
if (ns_bit)
write32((void *)TZPC_TZPCDECPROT0SET, val);
else
write32((void *)TZPC_TZPCDECPROT0CLR, val);
}
/* Check any TZPCDECPROT1 is set and then write to TZPCDECPROT1 */
if ((masters >> 8) & TZPCDECPROT1_MASK) {
val = (masters >> 8) & TZPCDECPROT1_MASK;
if (ns_bit)
write32((void *)TZPC_TZPCDECPROT1SET, val);
else
write32((void *)TZPC_TZPCDECPROT1CLR, val);
}
/* Check any TZPCDECPROT2 is set and then write to TZPCDECPROT2 */
if ((masters >> 16) & TZPCDECPROT2_MASK) {
val = (masters >> 16) & TZPCDECPROT2_MASK;
if (ns_bit)
write32((void *)TZPC_TZPCDECPROT2SET, val);
else
write32((void *)TZPC_TZPCDECPROT2CLR, val);
}
}
/*
* Set non virtual slave security.
* Use defines in tz.h for both parameters.
*/
void tz_set_non_virtual_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
{
uint32_t i;
uint32_t total = sizeof(non_virtual_slave_regs) /
sizeof(non_virtual_slave_regs[0]);
uint32_t mask = ~(0xffffffff << total);
ns_bit &= 0x1;
slave_vector = slave_vector & mask;
for (i = 0; i < total; i++) {
if (slave_vector & (0x1 << i))
write32((void *)(non_virtual_slave_regs[i]), ns_bit);
}
}
/*
* Set peripheral security.
* Use defines in tz.h for both parameters.
*/
void tz_set_periph_security(uint32_t slave_vector, uint32_t ns_bit)
{
uint32_t val;
uint32_t mask_x = AXIIC_APBX_s0_security_MASK;
uint32_t mask_y = AXIIC_APBY_s0_security_MASK;
uint32_t tz_periphs_sec_status =
(mask_x & read32((void *)AXIIC_APBX_s0_security)) |
((mask_y & read32((void *)AXIIC_APBY_s0_security)) << 16);
if (ns_bit == TZ_STATE_SECURE)
tz_periphs_sec_status &= ~slave_vector;
else
tz_periphs_sec_status |= slave_vector;
val = tz_periphs_sec_status & mask_x;
write32((void *)AXIIC_APBX_s0_security, val);
val = (tz_periphs_sec_status >> 16) & mask_y;
write32((void *)AXIIC_APBY_s0_security, val);
}
/*
* Set sec peripheral security.
* Use defines in tz.h for both parameters.
*/
void tz_set_sec_periphs_security(uint32_t slave_vector, uint32_t ns_bit)
{
uint32_t val;
uint32_t mask = AXIIC_APBZ_s0_security_MASK;
uint32_t tz_sec_periphs_sec_status =
read32((void *)AXIIC_APBZ_s0_security);
if (ns_bit == TZ_STATE_SECURE)
tz_sec_periphs_sec_status &= ~slave_vector;
else
tz_sec_periphs_sec_status |= slave_vector;
val = tz_sec_periphs_sec_status & mask;
write32((void *)AXIIC_APBZ_s0_security, val);
}
/*
* Set external slave security.
* Use defines in tz.h for both parameters.
*/
void tz_set_ext_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
{
uint32_t val;
uint32_t mask_s0 = AXIIC_ext_s0_security_MASK;
uint32_t mask_s1 = AXIIC_ext_s1_security_MASK;
uint32_t tz_ext_slaves_sec_status =
(mask_s0 & read32((void *)AXIIC_ext_s0_security)) |
((mask_s1 & read32((void *)AXIIC_ext_s0_security)) << 16);
if (ns_bit == TZ_STATE_SECURE)
tz_ext_slaves_sec_status &= ~slave_vector;
else
tz_ext_slaves_sec_status |= slave_vector;
val = tz_ext_slaves_sec_status & mask_s0;
write32((void *)AXIIC_ext_s0_security, val);
val = (tz_ext_slaves_sec_status >> 16) & mask_s1;
write32((void *)AXIIC_ext_s1_security, val);
}
/*
* Set cfg slave security
* Use defines in tz.h for both parameters.
*/
void tz_set_cfg_slaves_security(uint32_t slave_vector, uint32_t ns_bit)
{
uint32_t val;
uint32_t mask_r = AXIIC_APBR_s0_security_MASK;
uint32_t mask_s = AXIIC_APBS_s0_security_MASK;
uint32_t tz_cfg_slaves_sec_status =
(mask_r & read32((void *)AXIIC_APBR_s0_security)) |
((mask_s & read32((void *)AXIIC_APBS_s0_security)) << 16);
if (ns_bit == TZ_STATE_SECURE)
tz_cfg_slaves_sec_status &= ~slave_vector;
else
tz_cfg_slaves_sec_status |= slave_vector;
val = tz_cfg_slaves_sec_status & mask_r;
write32((void *)AXIIC_APBR_s0_security, val);
val = (tz_cfg_slaves_sec_status >> 16) & mask_s;
write32((void *)AXIIC_APBS_s0_security, val);
}
/*
* Set SRAM secure region
* parameter 'r0size' specify the secure RAM region in 4KB steps:
* 0x00000000 = no secure region
* 0x00000001 = 4KB secure region
* 0x00000002 = 8KB secure region
* .......
* 0x000001FF = 2044KB secure region.
* 0x00000200 or above sets the entire SRAM to secure regardless of size
*/
void tz_set_sram_sec_region(uint32_t r0size)
{
uint32_t mask = TZPC_TZPCR0SIZE_MASK;
write32((void *)TZPC_TZPCR0SIZE, r0size & mask);
}
/*
* Set wrapper security
* Use defines in tz.h for all parameters.
*/
void tz_set_wrapper_security(uint32_t wrapper1, uint32_t wrapper2,
uint32_t wrapper3, uint32_t wrapper4,
uint32_t ns_bit)
{
uint32_t mask_w4 = AXIIC_APB_W4_security_MASK;
uint32_t mask_w3 = AXIIC_APB_W3_security_MASK;
uint32_t mask_w2 = AXIIC_APB_W2_security_MASK;
uint32_t mask_w1 = AXIIC_APB_W1_security_MASK;
uint32_t tz_wrapper1_sec_status = read32((void *)AXIIC_APB_W1_security);
uint32_t tz_wrapper2_sec_status = read32((void *)AXIIC_APB_W2_security);
uint32_t tz_wrapper3_sec_status = read32((void *)AXIIC_APB_W3_security);
uint32_t tz_wrapper4_sec_status = read32((void *)AXIIC_APB_W4_security);
if (ns_bit == TZ_STATE_SECURE) {
tz_wrapper1_sec_status &= ~wrapper1;
tz_wrapper2_sec_status &= ~wrapper2;
tz_wrapper3_sec_status &= ~wrapper3;
tz_wrapper4_sec_status &= ~wrapper4;
} else {
tz_wrapper1_sec_status |= wrapper1;
tz_wrapper2_sec_status |= wrapper2;
tz_wrapper3_sec_status |= wrapper3;
tz_wrapper4_sec_status |= wrapper4;
}
write32((void *)AXIIC_APB_W1_security,
tz_wrapper1_sec_status & mask_w1);
write32((void *)AXIIC_APB_W2_security,
tz_wrapper2_sec_status & mask_w2);
write32((void *)AXIIC_APB_W3_security,
tz_wrapper3_sec_status & mask_w3);
write32((void *)AXIIC_APB_W4_security,
tz_wrapper4_sec_status & mask_w4);
}
|