Tegra: memctrl_v2: secure the on-chip TZSRAM memory

This patch programs the Memory controller's control registers
to disable non-secure accesses to the TZRAM. In case these
registers are already programmed by the BL2/BL30, then the
driver just bails out.

Change-Id: Ia1416988050e3d067296373060c717a260499122
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

plat/nvidia/tegra/common/drivers/memctrl/memctrl_v2.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -283,6 +283,49 @@ void tegra_memctrl_tzdram_setup(uint64_t phys_base, uint32_t size_in_bytes)
 	mce_update_gsc_tzdram();
 }
 
+/*
+ * Secure the BL31 TZRAM aperture.
+ *
+ * phys_base = physical base of TZRAM aperture
+ * size_in_bytes = size of aperture in bytes
+ */
+void tegra_memctrl_tzram_setup(uint64_t phys_base, uint32_t size_in_bytes)
+{
+	uint64_t tzram_end = phys_base + size_in_bytes - 1;
+	uint32_t val;
+
+	/*
+	 * Check if the TZRAM is locked already.
+	 */
+	if (tegra_mc_read_32(MC_TZRAM_REG_CTRL) == DISABLE_TZRAM_ACCESS)
+		return;
+
+	/*
+	 * Setup the Memory controller to allow only secure accesses to
+	 * the TZRAM carveout
+	 */
+	INFO("Configuring TrustZone RAM (SysRAM) Memory Carveout\n");
+
+	/* Program the base and end values */
+	tegra_mc_write_32(MC_TZRAM_BASE, (uint32_t)phys_base);
+	tegra_mc_write_32(MC_TZRAM_END, (uint32_t)tzram_end);
+
+	/* Extract the high address bits from the base/end values */
+	val = (uint32_t)(phys_base >> 32) & TZRAM_ADDR_HI_BITS_MASK;
+	val |= (((uint32_t)(tzram_end >> 32) << TZRAM_END_HI_BITS_SHIFT) &
+		TZRAM_ADDR_HI_BITS_MASK);
+	tegra_mc_write_32(MC_TZRAM_HI_ADDR_BITS, val);
+
+	/* Disable further writes to the TZRAM setup registers */
+	tegra_mc_write_32(MC_TZRAM_REG_CTRL, DISABLE_TZRAM_ACCESS);
+
+	/*
+	 * MCE propogates the security configuration values across the
+	 * CCPLEX.
+	 */
+	mce_update_gsc_tzram();
+}
+
 /*
  * Program the Video Memory carveout region
  *

plat/nvidia/tegra/include/drivers/memctrl_v2.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -264,6 +264,17 @@ typedef struct mc_streamid_security_cfg {
 #define MC_VIDEO_PROTECT_BASE_LO		0x648
 #define MC_VIDEO_PROTECT_SIZE_MB		0x64c
 
+/*******************************************************************************
+ * TZRAM carveout configuration registers
+ ******************************************************************************/
+#define MC_TZRAM_BASE				0x1850
+#define MC_TZRAM_END				0x1854
+#define MC_TZRAM_HI_ADDR_BITS			0x1588
+ #define TZRAM_ADDR_HI_BITS_MASK		0x3
+ #define TZRAM_END_HI_BITS_SHIFT		8
+#define MC_TZRAM_REG_CTRL			0x185c
+ #define DISABLE_TZRAM_ACCESS			1
+
 static inline uint32_t tegra_mc_read_32(uint32_t off)
 {
 	return mmio_read_32(TEGRA_MC_BASE + off);

plat/nvidia/tegra/include/t186/tegra_def.h

@@ -111,4 +111,10 @@
  ******************************************************************************/
 #define TEGRA_SMMU_BASE			0x12000000
 
+/*******************************************************************************
+ * Tegra TZRAM constants
+ ******************************************************************************/
+#define TEGRA_TZRAM_BASE		0x30000000
+#define TEGRA_TZRAM_SIZE		0x50000
+
 #endif /* __TEGRA_DEF_H__ */