Juno: Use TZC-400 driver calls

This patch replaces direct accesses to the TZC-400 registers by the appropiate calls to the generic driver available in the Trusted Firmware in order to initialize the TrustZone Controller. Functions related to the initialization of the secure memory, like the TZC-400 configuration, have been moved to a new file 'plat_security.c'. This reorganization makes easier to set up the secure memory from any BL stage. TZC-400 initialization has been moved from BL1 to BL2 because BL1 does not access the non-secure memory. It is BL2's responsibility to enable and configure the TZC-400 before loading the next BL images. In Juno, BL3-0 initializes some of the platform peripherals, like the DDR controller. Thus, BL3-0 must be loaded before configuring the TrustZone Controller. As a consequence, the IO layer initialization has been moved to early platform initialization. Fixes ARM-software/tf-issues#234 Change-Id: I83dde778f937ac8d2996f7377e871a2e77d9490e
author: Juan Castillo <juan.castillo@arm.com> 2014-09-04 14:43:09 +0100
committer: Juan Castillo <juan.castillo@arm.com> 2014-10-09 17:15:24 +0100
commit: ef538c6f1b097d0a115e89aa89fb040d98e6594e (patch)
tree: 9a5d8406c5ffbccbab224b8c083d6da43989aa12
parent: 7e998c42ce1ffa16101cc712a3b914c311e29788 (diff)
6 files changed, 90 insertions, 38 deletions
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 51c55e01..a73946ed 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -199,9 +199,6 @@ void bl2_main(void)
 	/* Perform remaining generic architectural setup in S-EL1 */
 	bl2_arch_setup();
 
-	/* Perform platform setup in BL2 */
-	bl2_platform_setup();
-
 	/*
 	 * Load the subsequent bootloader images
 	 */
@@ -211,6 +208,9 @@ void bl2_main(void)
 		panic();
 	}
 
+	/* Perform platform setup in BL2 after loading BL3-0 */
+	bl2_platform_setup();
+
 	/*
 	 * Get a pointer to the memory the platform has set aside to pass
 	 * information to BL3-1.
diff --git a/plat/juno/bl1_plat_setup.c b/plat/juno/bl1_plat_setup.c
index 5804682c..e27e3948 100644
--- a/plat/juno/bl1_plat_setup.c
+++ b/plat/juno/bl1_plat_setup.c
@@ -37,7 +37,6 @@
 #include <mmio.h>
 #include <platform.h>
 #include <platform_def.h>
-#include <tzc400.h>
 #include "../../bl1/bl1_private.h"
 #include "juno_def.h"
 #include "juno_private.h"
@@ -150,36 +149,6 @@ static void init_nic400(void)
 }
 
 
-static void init_tzc400(void)
-{
-	/* Enable all filter units available */
-	mmio_write_32(TZC400_BASE + GATE_KEEPER_OFF, 0x0000000f);
-
-	/*
-	 * Secure read and write are enabled for region 0, and the background
-	 * region (region 0) is enabled for all four filter units
-	 */
-	mmio_write_32(TZC400_BASE + REGION_ATTRIBUTES_OFF, 0xc0000000);
-
-	/*
-	 * Enable Non-secure read/write accesses for the Soc Devices from the
-	 * Non-Secure World
-	 */
-	mmio_write_32(TZC400_BASE + REGION_ID_ACCESS_OFF,
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT)
-		);
-}
-
 #define PCIE_SECURE_REG		0x3000
 #define PCIE_SEC_ACCESS_MASK	((1 << 0) | (1 << 1)) /* REG and MEM access bits */
 
@@ -200,7 +169,6 @@ static void init_pcie(void)
 void bl1_platform_setup(void)
 {
 	init_nic400();
-	init_tzc400();
 	init_pcie();
 
 	/* Initialise the IO layer and register platform IO devices */
diff --git a/plat/juno/bl2_plat_setup.c b/plat/juno/bl2_plat_setup.c
index 717cfbb2..ba4c5be1 100644
--- a/plat/juno/bl2_plat_setup.c
+++ b/plat/juno/bl2_plat_setup.c
@@ -162,6 +162,9 @@ void bl2_early_platform_setup(meminfo_t *mem_layout)
 
 	/* Setup the BL2 memory layout */
 	bl2_tzram_layout = *mem_layout;
+
+	/* Initialise the IO layer and register platform IO devices */
+	io_setup();
 }
 
 /*******************************************************************************
@@ -171,8 +174,8 @@ void bl2_early_platform_setup(meminfo_t *mem_layout)
  ******************************************************************************/
 void bl2_platform_setup(void)
 {
-	/* Initialise the IO layer and register platform IO devices */
-	io_setup();
+	/* Initialize the secure environment */
+	plat_security_setup();
 }
 
 /* Flush the TF params and the TF plat params */
diff --git a/plat/juno/juno_private.h b/plat/juno/juno_private.h
index 0dac03a9..bb2548f1 100644
--- a/plat/juno/juno_private.h
+++ b/plat/juno/juno_private.h
@@ -108,6 +108,9 @@ int plat_get_image_source(const char *image_name,
 			  uintptr_t *dev_handle,
 			  uintptr_t *image_spec);
 
+/* Declarations for security.c */
+void plat_security_setup(void);
+
 /*
  * Before calling this function BL2 is loaded in memory and its entrypoint
  * is set by load_image. This is a placeholder for the platform to change
diff --git a/plat/juno/plat_security.c b/plat/juno/plat_security.c
new file mode 100644
index 00000000..851a39e8
--- /dev/null
+++ b/plat/juno/plat_security.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <debug.h>
+#include <tzc400.h>
+#include "juno_def.h"
+
+/*******************************************************************************
+ * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
+ * and allow Non-Secure masters full access
+ ******************************************************************************/
+static void init_tzc400(void)
+{
+	tzc_init(TZC400_BASE);
+
+	/* Disable filters. */
+	tzc_disable_filters();
+
+	/* Configure region 0. Juno TZC-400 handles 40-bit addresses. */
+	tzc_configure_region(0xf, 0, 0x0ull, 0xffffffffffull,
+			TZC_REGION_S_RDWR,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Raise an exception if a NS device tries to access secure memory */
+	tzc_set_action(TZC_ACTION_ERR);
+
+	/* Enable filters. */
+	tzc_enable_filters();
+}
+
+/*******************************************************************************
+ * Initialize the secure environment. At this moment only the TrustZone
+ * Controller is initialized.
+ ******************************************************************************/
+void plat_security_setup(void)
+{
+	/* Initialize the TrustZone Controller */
+	init_tzc400();
+}
diff --git a/plat/juno/platform.mk b/plat/juno/platform.mk
index 47465360..2ac756ee 100644
--- a/plat/juno/platform.mk
+++ b/plat/juno/platform.mk
@@ -47,10 +47,12 @@ BL1_SOURCES		+=	drivers/arm/cci400/cci400.c		\
 				plat/juno/aarch64/plat_helpers.S	\
 				plat/juno/aarch64/juno_common.c
 
-BL2_SOURCES		+=	lib/locks/bakery/bakery_lock.c		\
+BL2_SOURCES		+=	drivers/arm/tzc400/tzc400.c		\
+				lib/locks/bakery/bakery_lock.c		\
 				plat/common/aarch64/platform_up_stack.S	\
 				plat/juno/bl2_plat_setup.c		\
 				plat/juno/mhu.c				\
+				plat/juno/plat_security.c		\
 				plat/juno/aarch64/plat_helpers.S	\
 				plat/juno/aarch64/juno_common.c		\
 				plat/juno/scp_bootloader.c		\
author	Juan Castillo <juan.castillo@arm.com>	2014-09-04 14:43:09 +0100
committer	Juan Castillo <juan.castillo@arm.com>	2014-10-09 17:15:24 +0100
commit	ef538c6f1b097d0a115e89aa89fb040d98e6594e (patch)
tree	9a5d8406c5ffbccbab224b8c083d6da43989aa12
parent	7e998c42ce1ffa16101cc712a3b914c311e29788 (diff)