From b230b3f2dd8afaef042a4d42992373aadddb2cd4 Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Thu, 20 Aug 2020 16:36:07 +0200 Subject: [PATCH] refactor(plat/st): rework TZC400 configuration Add new static functions to factorize code in stm32mp1_security.c. Change-Id: Ifa5a1aaf7c56c25dba9a0ab8e985496d7cb06990 Signed-off-by: Yann Gautier --- plat/st/stm32mp1/stm32mp1_security.c | 84 ++++++++++++++++++---------- 1 file changed, 54 insertions(+), 30 deletions(-) diff --git a/plat/st/stm32mp1/stm32mp1_security.c b/plat/st/stm32mp1/stm32mp1_security.c index 195b3a550..6dbf6f8c4 100644 --- a/plat/st/stm32mp1/stm32mp1_security.c +++ b/plat/st/stm32mp1/stm32mp1_security.c @@ -27,6 +27,42 @@ TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_ETH_ID) | \ TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_DAP_ID) +static unsigned int region_nb; + +static void init_tzc400_begin(void) +{ + tzc400_init(STM32MP1_TZC_BASE); + tzc400_disable_filters(); + + region_nb = 1U; +} + +static void init_tzc400_end(unsigned int action) +{ + tzc400_set_action(action); + tzc400_enable_filters(); +} + +static void tzc400_add_region(unsigned long long region_base, + unsigned long long region_top, bool sec) +{ + unsigned int sec_attr; + unsigned int nsaid_permissions; + + if (sec) { + sec_attr = TZC_REGION_S_RDWR; + nsaid_permissions = 0; + } else { + sec_attr = TZC_REGION_S_NONE; + nsaid_permissions = TZC_REGION_NSEC_ALL_ACCESS_RDWR; + } + + tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, region_nb, region_base, + region_top, sec_attr, nsaid_permissions); + + region_nb++; +} + /******************************************************************************* * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access * and allow Non-Secure masters full access. @@ -38,10 +74,9 @@ static void init_tzc400(void) unsigned long long ddr_ns_size = (unsigned long long)stm32mp_get_ddr_ns_size(); unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U); + unsigned long long ddr_top __unused; - tzc400_init(STM32MP1_TZC_BASE); - - tzc400_disable_filters(); + init_tzc400_begin(); /* * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the @@ -49,35 +84,28 @@ static void init_tzc400(void) */ region_base = ddr_base; region_top = ddr_ns_top; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, - region_base, - region_top, - TZC_REGION_S_NONE, - TZC_REGION_NSEC_ALL_ACCESS_RDWR); + tzc400_add_region(region_base, region_top, false); #ifdef AARCH32_SP_OPTEE /* Region 2 set to cover all secure DRAM. */ region_base = region_top + 1U; region_top += STM32MP_DDR_S_SIZE; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 2, - region_base, - region_top, - TZC_REGION_S_RDWR, - 0); + tzc400_add_region(region_base, region_top, true); - /* Region 3 set to cover non-secure shared memory DRAM. */ - region_base = region_top + 1U; - region_top += STM32MP_DDR_SHMEM_SIZE; - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 3, - region_base, - region_top, - TZC_REGION_S_NONE, - TZC_REGION_NSEC_ALL_ACCESS_RDWR); + ddr_top = STM32MP_DDR_BASE + dt_get_ddr_size() - 1U; + if (region_top < ddr_top) { + /* Region 3 set to cover non-secure memory DRAM after BL32. */ + region_base = region_top + 1U; + region_top = ddr_top; + tzc400_add_region(region_base, region_top, false); + } #endif - tzc400_set_action(TZC_ACTION_INT); - - tzc400_enable_filters(); + /* + * Raise an interrupt (secure FIQ) if a NS device tries to access + * secure memory + */ + init_tzc400_end(TZC_ACTION_INT); } /******************************************************************************* @@ -90,9 +118,7 @@ static void early_init_tzc400(void) stm32mp_clk_enable(TZC1); stm32mp_clk_enable(TZC2); - tzc400_init(STM32MP1_TZC_BASE); - - tzc400_disable_filters(); + init_tzc400_begin(); /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */ tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, @@ -104,9 +130,7 @@ static void early_init_tzc400(void) TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID)); /* Raise an exception if a NS device tries to access secure memory */ - tzc400_set_action(TZC_ACTION_ERR); - - tzc400_enable_filters(); + init_tzc400_end(TZC_ACTION_ERR); } /*******************************************************************************