diff options
author | Mourad Goumrhar <Mourad.Goumrhar@se.com> | 2019-11-19 14:35:59 +0100 |
---|---|---|
committer | Ryan Harkin <ryan.harkin@linaro.org> | 2020-07-24 18:02:33 +0100 |
commit | 9c76e9c8e0784816dce10f589cb9f4762cc35c41 (patch) | |
tree | a780b9fd8179a20c6cda5eadc606764f6c780b26 | |
parent | 193a1d7381585280dd00ee8db504186f58ade6f3 (diff) |
RZN1: NoC firewall
Set the TrustZone configuration for NoC ports to
assign groups with critical ressources to the Secure world.
Signed-off-by: Mourad Goumrhar <Mourad.Goumrhar@se.com>
Change-Id: I3d4f1e387f4038356fece060750ab8bdd57fe114
-rw-r--r-- | core/arch/arm/kernel/generic_entry_a32.S | 2 | ||||
-rw-r--r-- | core/arch/arm/plat-rzn1/main.c | 62 | ||||
-rw-r--r-- | core/arch/arm/plat-rzn1/platform_config.h | 3 | ||||
-rw-r--r-- | core/arch/arm/plat-rzn1/rzn1_tz.h | 43 |
4 files changed, 103 insertions, 7 deletions
diff --git a/core/arch/arm/kernel/generic_entry_a32.S b/core/arch/arm/kernel/generic_entry_a32.S index 6fac6768..a8281e97 100644 --- a/core/arch/arm/kernel/generic_entry_a32.S +++ b/core/arch/arm/kernel/generic_entry_a32.S @@ -527,6 +527,8 @@ shadow_stack_access_ok: mov r2, r6 /* DT address */ bl generic_boot_init_primary + bl rzn1_init + /* * In case we've touched memory that secondary CPUs will use before * they have turned on their D-cache, clean and invalidate the diff --git a/core/arch/arm/plat-rzn1/main.c b/core/arch/arm/plat-rzn1/main.c index 2a9902c4..cbe8c389 100644 --- a/core/arch/arm/plat-rzn1/main.c +++ b/core/arch/arm/plat-rzn1/main.c @@ -48,6 +48,8 @@ #include <keep.h> #include <trace.h> +#include <rzn1_tz.h> + #define SYSCTRL_BASE 0x4000C000 #define SYSCTRL_REG_RSTEN (SYSCTRL_BASE + 0x120) #define SYSCTRL_REG_RSTCTRL (SYSCTRL_BASE + 0x198) @@ -58,6 +60,8 @@ #define SYSCTRL_REG_RSTCTRL_SWRST_REQ 6 static void main_fiq(void); +void rzn1_init(void); +static void rzn1_tz_init(void); static struct rzn1_ns16550_data console_data; static struct gic_data gic_data; @@ -74,9 +78,9 @@ static const struct thread_handlers handlers = { .system_reset = pm_panic, }; - -register_phys_mem(MEM_AREA_IO_NSEC, CONSOLE_UART_BASE, CORE_MMU_DEVICE_SIZE); -register_phys_mem(MEM_AREA_IO_SEC, SYSCTRL_BASE, CORE_MMU_DEVICE_SIZE); +register_phys_mem(MEM_AREA_IO_SEC, NOCFIREWALL_BASE, 0x1000); +register_phys_mem(MEM_AREA_IO_NSEC, PERIPH_REG_BASE, CORE_MMU_DEVICE_SIZE); +register_phys_mem(MEM_AREA_IO_SEC, SYSCTRL_BASE, 0x1000); register_phys_mem(MEM_AREA_IO_SEC, GIC_BASE, CORE_MMU_DEVICE_SIZE); static void main_fiq(void) @@ -89,10 +93,34 @@ const struct thread_handlers *generic_boot_get_handlers(void) return &handlers; } -#if 0 // NoC security violation +#if 0 +// NoC security violation static enum itr_return nocfw_itr_cb(struct itr_handler *h __unused) { - DMSG("Noc FW interrupt"); + vaddr_t preg; + volatile unsigned long val; + unsigned char errcode; + unsigned char errval; + + /* Confirm there was an actual violation */ + preg = core_mmu_get_va(NOCFIREWALL_ERRVLD, MEM_AREA_IO_SEC); + val = read32(preg); + if ( val & 1 ) + { + preg = core_mmu_get_va(NOCFIREWALL_ERRLOG0, MEM_AREA_IO_SEC); + val = read32(preg); + errcode = (val >> 8) & 0x7; + + preg = core_mmu_get_va(NOCFIREWALL_ERRLOG1, MEM_AREA_IO_SEC); + val = read32(preg); + errval = (val >> 9) & 0x3F; + + IMSG("Noc FW interrupt: code=%x, val=%x", errcode, errval); + + /* Clear error */ + preg = core_mmu_get_va(NOCFIREWALL_ERRCLR, MEM_AREA_IO_SEC); + write32(0x1UL, preg); + } return ITRR_HANDLED; } @@ -194,8 +222,6 @@ int psci_cpu_on(uint32_t cpu_id, uint32_t entry, uint32_t context_id) } #endif -#include <stdio.h> -#include <trace.h> void psci_system_reset(void) { vaddr_t en_reg; @@ -224,3 +250,25 @@ void psci_system_off(void) psci_system_reset(); } +static void rzn1_tz_init(void) +{ + /* TZ initiator ports */ + write32(TZ_INIT_CSA_SEC | + TZ_INIT_YS_SEC | + TZ_INIT_YC_SEC | + TZ_INIT_YD_SEC, + core_mmu_get_va(CFG_FW_STATIC_TZA_INIT, MEM_AREA_IO_SEC)); + + /* TZ target ports */ + write32(TZ_TARG_PC_SEC | + TZ_TARG_QB_SEC | + TZ_TARG_QA_SEC | + TZ_TARG_UB_SEC | + TZ_TARG_UA_SEC, + core_mmu_get_va(CFG_FW_STATIC_TZA_TARG, MEM_AREA_IO_SEC)); +} + +void rzn1_init(void) +{ + rzn1_tz_init(); +} diff --git a/core/arch/arm/plat-rzn1/platform_config.h b/core/arch/arm/plat-rzn1/platform_config.h index 9bbbbe9e..a8ceda10 100644 --- a/core/arch/arm/plat-rzn1/platform_config.h +++ b/core/arch/arm/plat-rzn1/platform_config.h @@ -41,6 +41,9 @@ #define CONSOLE_UART_BASE 0x40060000 #define CONSOLE_UART_IRQ (GIC_PPI + 6) +/* TZ config registers */ +#define CFG_FW_STATIC_TZA_INIT 0x4000C0D0 +#define CFG_FW_STATIC_TZA_TARG 0x4000C0D4 // The LCES memory map is designed as if there are two DRAM banks // DRAM0 is always 128 MB diff --git a/core/arch/arm/plat-rzn1/rzn1_tz.h b/core/arch/arm/plat-rzn1/rzn1_tz.h new file mode 100644 index 00000000..b511eda7 --- /dev/null +++ b/core/arch/arm/plat-rzn1/rzn1_tz.h @@ -0,0 +1,43 @@ +#ifndef _RZN1_TZ_H +#define _RZN1_TZ_H + +/* TZ initiatior ports */ +#define TZ_INIT_CSB_SEC (1<<7) /* CoreSight AHB */ +#define TZ_INIT_CSA_SEC (1<<6) /* CoreSight AXI */ +#define TZ_INIT_YS_SEC (1<<5) /* Cortex-M3 System Bus interface */ +#define TZ_INIT_YC_SEC (1<<4) /* Cortex-M3 ICode interface */ +#define TZ_INIT_YD_SEC (1<<3) /* Cortex-M3 DCode interface */ +#define TZ_INIT_Z_SEC (1<<2) /* Packet Engine */ +#define TZ_INIT_I_SEC (1<<1) /* Peripheral Group */ +#define TZ_INIT_F_SEC (1) /* Peripheral Group */ + +/* TZ target ports */ +#define TZ_TARG_W_SEC (1<<14) /* RTC */ +#define TZ_TARG_PC_SEC (1<<9) /* DDR2/3 Controller */ +#define TZ_TARG_RA_SEC (1<<8) /* CoreSight */ +#define TZ_TARG_QB_SEC (1<<7) /* System Control */ +#define TZ_TARG_QA_SEC (1<<6) /* PG0 */ +#define TZ_TARG_NB_SEC (1<<5) /* Packet Engine */ +#define TZ_TARG_NA_SEC (1<<4) /* Public Key Processor */ +#define TZ_TARG_K_SEC (1<<3) /* Peripheral Group */ +#define TZ_TARG_J_SEC (1<<2) /* Peripheral Group */ +#define TZ_TARG_UB_SEC (1<<1) /* 2MB SRAM */ +#define TZ_TARG_UA_SEC (1) /* 2MB SRAM */ + +/* Peripheral memory map */ +#define PERIPH_REG_BASE 0x40000000 +#define MEM_GROUP_BASE 0x40100000 /* SDIO, NAND and DMA */ +#define ETH_PERIPH_BASE 0x44000000 +#define PERIPH_GROUP1_BASE 0x50000000 +#define PERIPH_GROUP2_BASE 0x51000000 +#define PERIPH_GROUP3_BASE 0x52104000 +#define PERIPH_GROUP4_BASE 0x53000000 + +/* NoC Firewall */ +#define NOCFIREWALL_BASE 0x00010000 +#define NOCFIREWALL_ERRVLD 0x0001000C +#define NOCFIREWALL_ERRCLR 0x00010010 +#define NOCFIREWALL_ERRLOG0 0x00010014 +#define NOCFIREWALL_ERRLOG1 0x00010018 + +#endif /* _RZN1_TZ_H */ |