Merge pull request #215 from jcastillo-arm/jc/juno_mem_6

Jc/juno mem 6

bl2/bl2_main.c

@@ -199,9 +199,6 @@ void bl2_main(void)
 	/* Perform remaining generic architectural setup in S-EL1 */
 	bl2_arch_setup();
 
-	/* Perform platform setup in BL2 */
-	bl2_platform_setup();
-
 	/*
 	 * Load the subsequent bootloader images
 	 */
@@ -211,6 +208,9 @@ void bl2_main(void)
 		panic();
 	}
 
+	/* Perform platform setup in BL2 after loading BL3-0 */
+	bl2_platform_setup();
+
 	/*
 	 * Get a pointer to the memory the platform has set aside to pass
 	 * information to BL3-1.

docs/firmware-design.md

@@ -1306,6 +1306,8 @@ other boot loader images in Trusted SRAM.
 
 ####  Memory layout on Juno ARM development platform
 
+**TSP in Trusted SRAM (default option):**
+
                   Flash0
     0x0C000000 +----------+
                :          :
@@ -1329,6 +1331,40 @@ other boot loader images in Trusted SRAM.
                |   MHU    |
     0x04000000 +----------+
 
+**TSP in the secure region of DRAM:**
+
+                   DRAM
+    0xFFE00000 +----------+
+               |  BL3-2   |
+    0xFF000000 |----------|
+               |          |
+               :          :
+               |          |
+    0x80000000 +----------+
+
+                  Flash0
+    0x0C000000 +----------+
+               :          :
+    0x0BED0000 |----------|
+               | BL1 (ro) |
+    0x0BEC0000 |----------|
+               :          :
+               |  Bypass  |
+    0x08000000 +----------+
+
+               Trusted SRAM
+    0x04040000 +----------+
+               |   BL2    |                 BL3-1 is loaded
+    0x04033000 |----------|                 after BL3-0 has
+               |          |                 been sent to SCP
+    0x04023000 |----------|                 ------------------
+               |  BL3-0   |  <<<<<<<<<<<<<  |     BL3-1      |
+    0x04009000 |----------|                 ------------------
+               | BL1 (rw) |
+    0x04001000 |----------|
+               |   MHU    |
+    0x04000000 +----------+
+
 The Message Handling Unit (MHU) page contains the entrypoint mailboxes and a
 shared memory area. This shared memory is used as a communication channel
 between the AP and the SCP.

docs/user-guide.md

@@ -256,6 +256,12 @@ performed.
 For a better understanding of FVP options, the FVP memory map is explained in
 the [Firmware Design].
 
+#### Juno specific build options
+
+*   `PLAT_TSP_LOCATION`: location of the TSP binary. Options:
+    -   `tsram` : Trusted SRAM (default option)
+    -   `dram`  : Secure region in DRAM (set by the TrustZone controller)
+
 ### Creating a Firmware Image Package
 
 FIPs are automatically created as part of the build instructions described in

drivers/arm/tzc400/tzc400.c

@@ -243,7 +243,7 @@ void tzc_configure_region(uint32_t filters,
 
 	/* Assign the region to a filter and set secure attributes */
 	tzc_write_region_attributes(tzc.base, region,
-		(sec_attr << REGION_ATTRIBUTES_SEC_SHIFT) | filters);
+		(sec_attr << REG_ATTR_SEC_SHIFT) | filters);
 
 	/*
 	 * Specify which non-secure devices have permission to access this

include/drivers/arm/tzc400.h

@@ -126,9 +126,12 @@
 #define FAIL_ID_ID_SHIFT		0
 
 /* Used along with 'tzc_region_attributes_t' below */
-#define REGION_ATTRIBUTES_SEC_SHIFT	30
-#define REGION_ATTRIBUTES_F_EN_SHIFT	0
-#define REGION_ATTRIBUTES_F_EN_MASK	0xf
+#define REG_ATTR_SEC_SHIFT		30
+#define REG_ATTR_F_EN_SHIFT		0
+#define REG_ATTR_F_EN_MASK		0xf
+#define REG_ATTR_FILTER_BIT(x)		((1 << x) << REG_ATTR_F_EN_SHIFT)
+#define REG_ATTR_FILTER_BIT_ALL		(REG_ATTR_F_EN_MASK << \
+					REG_ATTR_F_EN_SHIFT)
 
 #define REGION_ID_ACCESS_NSAID_WR_EN_SHIFT	16
 #define REGION_ID_ACCESS_NSAID_RD_EN_SHIFT	0

plat/juno/aarch64/juno_common.c

@@ -60,9 +60,14 @@
 					DEVICE1_SIZE,			\
 					MT_DEVICE | MT_RW | MT_SECURE)
 
-#define MAP_DRAM	MAP_REGION_FLAT(DRAM_BASE,			\
-					DRAM_SIZE,			\
+#define MAP_NS_DRAM	MAP_REGION_FLAT(DRAM_NS_BASE,			\
+					DRAM_NS_SIZE,			\
 					MT_MEMORY | MT_RW | MT_NS)
+
+#define MAP_TSP_MEM	MAP_REGION_FLAT(TSP_SEC_MEM_BASE, 		\
+					TSP_SEC_MEM_SIZE,		\
+					MT_MEMORY | MT_RW | MT_SECURE)
+
 /*
  * Table of regions for different BL stages to map using the MMU.
  * This doesn't include Trusted RAM as the 'mem_layout' argument passed to
@@ -85,7 +90,8 @@ static const mmap_region_t juno_mmap[] = {
 	MAP_IOFPGA,
 	MAP_DEVICE0,
 	MAP_DEVICE1,
-	MAP_DRAM,
+	MAP_NS_DRAM,
+	MAP_TSP_MEM,
 	{0}
 };
 #endif

plat/juno/bl1_plat_setup.c

@@ -37,7 +37,6 @@
 #include <mmio.h>
 #include <platform.h>
 #include <platform_def.h>
-#include <tzc400.h>
 #include "../../bl1/bl1_private.h"
 #include "juno_def.h"
 #include "juno_private.h"
@@ -150,36 +149,6 @@ static void init_nic400(void)
 }
 
 
-static void init_tzc400(void)
-{
-	/* Enable all filter units available */
-	mmio_write_32(TZC400_BASE + GATE_KEEPER_OFF, 0x0000000f);
-
-	/*
-	 * Secure read and write are enabled for region 0, and the background
-	 * region (region 0) is enabled for all four filter units
-	 */
-	mmio_write_32(TZC400_BASE + REGION_ATTRIBUTES_OFF, 0xc0000000);
-
-	/*
-	 * Enable Non-secure read/write accesses for the Soc Devices from the
-	 * Non-Secure World
-	 */
-	mmio_write_32(TZC400_BASE + REGION_ID_ACCESS_OFF,
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
-		TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT)
-		);
-}
-
 #define PCIE_SECURE_REG		0x3000
 #define PCIE_SEC_ACCESS_MASK	((1 << 0) | (1 << 1)) /* REG and MEM access bits */
 
@@ -200,7 +169,6 @@ static void init_pcie(void)
 void bl1_platform_setup(void)
 {
 	init_nic400();
-	init_tzc400();
 	init_pcie();
 
 	/* Initialise the IO layer and register platform IO devices */

plat/juno/bl2_plat_setup.c

@@ -162,6 +162,9 @@ void bl2_early_platform_setup(meminfo_t *mem_layout)
 
 	/* Setup the BL2 memory layout */
 	bl2_tzram_layout = *mem_layout;
+
+	/* Initialise the IO layer and register platform IO devices */
+	io_setup();
 }
 
 /*******************************************************************************
@@ -171,8 +174,8 @@ void bl2_early_platform_setup(meminfo_t *mem_layout)
  ******************************************************************************/
 void bl2_platform_setup(void)
 {
-	/* Initialise the IO layer and register platform IO devices */
-	io_setup();
+	/* Initialize the secure environment */
+	plat_security_setup();
 }
 
 /* Flush the TF params and the TF plat params */
@@ -309,8 +312,8 @@ void bl2_plat_get_bl32_meminfo(meminfo_t *bl32_meminfo)
  ******************************************************************************/
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
-	bl33_meminfo->total_base = DRAM_BASE;
-	bl33_meminfo->total_size = DRAM_SIZE;
-	bl33_meminfo->free_base = DRAM_BASE;
-	bl33_meminfo->free_size = DRAM_SIZE;
+	bl33_meminfo->total_base = DRAM_NS_BASE;
+	bl33_meminfo->total_size = DRAM_NS_SIZE;
+	bl33_meminfo->free_base = DRAM_NS_BASE;
+	bl33_meminfo->free_size = DRAM_NS_SIZE;
 }

plat/juno/include/platform_def.h

@@ -125,10 +125,20 @@
 /*******************************************************************************
  * BL3-2 specific defines.
  ******************************************************************************/
-#define TSP_SEC_MEM_BASE		TZRAM_BASE
-#define TSP_SEC_MEM_SIZE		TZRAM_SIZE
-#define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
-#define BL32_LIMIT			BL2_BASE
+#if (PLAT_TSP_LOCATION_ID == PLAT_TRUSTED_SRAM_ID)
+# define TSP_SEC_MEM_BASE		TZRAM_BASE
+# define TSP_SEC_MEM_SIZE		TZRAM_SIZE
+# define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
+# define BL32_LIMIT			BL2_BASE
+#elif (PLAT_TSP_LOCATION_ID == PLAT_DRAM_ID)
+# define TSP_SEC_MEM_BASE		DRAM_SEC_BASE
+# define TSP_SEC_MEM_SIZE		(DRAM_SEC_SIZE - DRAM_SCP_SIZE)
+# define BL32_BASE			DRAM_SEC_BASE
+# define BL32_LIMIT			(DRAM_SEC_BASE + DRAM_SEC_SIZE - \
+					DRAM_SCP_SIZE)
+#else
+# error "Unsupported PLAT_TSP_LOCATION_ID value"
+#endif
 
 /*******************************************************************************
  * Load address of BL3-3 in the Juno port
@@ -139,7 +149,15 @@
  * Platform specific page table and MMU setup constants
  ******************************************************************************/
 #define ADDR_SPACE_SIZE			(1ull << 32)
-#define MAX_XLAT_TABLES			2
+
+#if IMAGE_BL1 || IMAGE_BL31
+# define MAX_XLAT_TABLES		2
+#endif
+
+#if IMAGE_BL2 || IMAGE_BL32
+# define MAX_XLAT_TABLES		3
+#endif
+
 #define MAX_MMAP_REGIONS		16
 
 /*******************************************************************************

plat/juno/juno_def.h

@@ -37,6 +37,9 @@
 /*******************************************************************************
  * Juno memory map related constants
  ******************************************************************************/
+#define PLAT_TRUSTED_SRAM_ID	0
+#define PLAT_DRAM_ID		1
+
 #define MHU_SECURE_BASE		0x04000000
 #define MHU_SECURE_SIZE		0x00001000
 
@@ -73,6 +76,26 @@
 #define DRAM_BASE		0x80000000
 #define DRAM_SIZE		0x80000000
 
+/*
+ * DRAM at 0x8000_0000 is divided in two regions:
+ *   - Secure DRAM (default is the top 16MB except for the last 2MB, which are
+ *     used by the SCP for DDR retraining)
+ *   - Non-Secure DRAM (remaining DRAM starting at DRAM_BASE)
+ */
+
+#define DRAM_SCP_SIZE		0x00200000
+#define DRAM_SCP_BASE		(DRAM_BASE + DRAM_SIZE - DRAM_SCP_SIZE)
+
+#define DRAM_SEC_SIZE		0x00E00000
+#define DRAM_SEC_BASE		(DRAM_SCP_BASE - DRAM_SEC_SIZE)
+
+#define DRAM_NS_BASE		DRAM_BASE
+#define DRAM_NS_SIZE		(DRAM_SIZE - DRAM_SCP_SIZE - DRAM_SEC_SIZE)
+
+/* Second region of DRAM */
+#define DRAM2_BASE		0x880000000
+#define DRAM2_SIZE		0x180000000
+
 /* Memory mapped Generic timer interfaces  */
 #define SYS_CNTCTL_BASE		0x2a430000
 #define SYS_CNTREAD_BASE	0x2a800000

plat/juno/juno_private.h

@@ -108,6 +108,9 @@ int plat_get_image_source(const char *image_name,
 			  uintptr_t *dev_handle,
 			  uintptr_t *image_spec);
 
+/* Declarations for security.c */
+void plat_security_setup(void);
+
 /*
  * Before calling this function BL2 is loaded in memory and its entrypoint
  * is set by load_image. This is a placeholder for the platform to change

plat/juno/plat_security.c

@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <debug.h>
+#include <tzc400.h>
+#include "juno_def.h"
+
+/*******************************************************************************
+ * Initialize the TrustZone Controller. Configure Region 0 with Secure RW access
+ * and allow Non-Secure masters full access
+ ******************************************************************************/
+static void init_tzc400(void)
+{
+	tzc_init(TZC400_BASE);
+
+	/* Disable filters. */
+	tzc_disable_filters();
+
+	/* Region 1 set to cover Non-Secure DRAM at 0x8000_0000. Apply the
+	 * same configuration to all filters in the TZC. */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 1,
+			DRAM_NS_BASE, DRAM_NS_BASE + DRAM_NS_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Region 2 set to cover Secure DRAM */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 2,
+			DRAM_SEC_BASE, DRAM_SEC_BASE + DRAM_SEC_SIZE - 1,
+			TZC_REGION_S_RDWR,
+			0);
+
+	/* Region 3 set to cover DRAM used by SCP for DDR retraining */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 3,
+			DRAM_SCP_BASE, DRAM_SCP_BASE + DRAM_SCP_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP));
+
+	/* Region 4 set to cover Non-Secure DRAM at 0x8_8000_0000 */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 4,
+			DRAM2_BASE, DRAM2_BASE + DRAM2_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Raise an exception if a NS device tries to access secure memory */
+	tzc_set_action(TZC_ACTION_ERR);
+
+	/* Enable filters. */
+	tzc_enable_filters();
+}
+
+/*******************************************************************************
+ * Initialize the secure environment. At this moment only the TrustZone
+ * Controller is initialized.
+ ******************************************************************************/
+void plat_security_setup(void)
+{
+	/* Initialize the TrustZone Controller */
+	init_tzc400();
+}

plat/juno/platform.mk

@@ -28,6 +28,23 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
+# On Juno, the Secure Payload can be loaded either in Trusted SRAM (default) or
+# Secure DRAM allocated by the TrustZone Controller.
+
+PLAT_TSP_LOCATION	:=	tsram
+
+ifeq (${PLAT_TSP_LOCATION}, tsram)
+  PLAT_TSP_LOCATION_ID := PLAT_TRUSTED_SRAM_ID
+else ifeq (${PLAT_TSP_LOCATION}, dram)
+  PLAT_TSP_LOCATION_ID := PLAT_DRAM_ID
+else
+  $(error "Unsupported PLAT_TSP_LOCATION value")
+endif
+
+# Process flags
+$(eval $(call add_define,PLAT_TSP_LOCATION_ID))
+
+
 PLAT_INCLUDES		:=	-Iplat/juno/include/
 
 PLAT_BL_COMMON_SOURCES	:=	drivers/arm/pl011/pl011_console.S	\
@@ -47,10 +64,12 @@ BL1_SOURCES		+=	drivers/arm/cci400/cci400.c		\
 				plat/juno/aarch64/plat_helpers.S	\
 				plat/juno/aarch64/juno_common.c
 
-BL2_SOURCES		+=	lib/locks/bakery/bakery_lock.c		\
+BL2_SOURCES		+=	drivers/arm/tzc400/tzc400.c		\
+				lib/locks/bakery/bakery_lock.c		\
 				plat/common/aarch64/platform_up_stack.S	\
 				plat/juno/bl2_plat_setup.c		\
 				plat/juno/mhu.c				\
+				plat/juno/plat_security.c		\
 				plat/juno/aarch64/plat_helpers.S	\
 				plat/juno/aarch64/juno_common.c		\
 				plat/juno/scp_bootloader.c		\