tegra132: move page tables to trustzone region

In order to access secure device register space the cpu
needs to have the page tables marked as secure memory. In
addition the page tables need to live within secure memory
otherwise the accesses default to non-secure.

Therefore move the page tables to the trustzone region. Remove
the TTB_* config options as well as removing the TTB reservations
from coreboot's resource list.

BUG=chrome-os-partner:31355
BUG=chrome-os-partner:31356
BRANCH=None
CQ-DEPEND=CL:213140
TEST=Built and booted into kernel.

Change-Id: I1fc8dda932c36935f8523792bc1147f6b0743d11
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 1522a83bb57e33749843d5b3ea5545ded97a3953
Original-Change-Id: Ia4b9d07ef35500726ec5b289e059208b9f46d025
Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/213141
Reviewed-on: http://review.coreboot.org/8994
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>

3 files changed, 16 insertions, 17 deletions

diff --git a/src/soc/nvidia/tegra132/Kconfig b/src/soc/nvidia/tegra132/Kconfig
index a4651c6408..891a6da32a 100644
--- a/src/soc/nvidia/tegra132/Kconfig
+++ b/src/soc/nvidia/tegra132/Kconfig
@@ -77,14 +77,6 @@ config RAMSTAGE_STACK_BOTTOM
 	hex
 	default 0x8001c000
 
-config TTB_BUFFER
-	hex
-	default 0x80020000
-
-config TTB_SIZE
-	hex
-	default 0x110000
-
 config CBFS_CACHE_ADDRESS
 	hex "memory address to put CBFS cache data"
 	default 0x40006000
diff --git a/src/soc/nvidia/tegra132/mmu_operations.c b/src/soc/nvidia/tegra132/mmu_operations.c
index 2c54d7ff01..5e02e07f10 100644
--- a/src/soc/nvidia/tegra132/mmu_operations.c
+++ b/src/soc/nvidia/tegra132/mmu_operations.c
@@ -47,8 +47,11 @@ static void print_memranges(struct memranges *mmap_ranges)
 static void tegra132_memrange_init(struct memranges *map)
 {
 	uint64_t start,end;
-	const unsigned long devmem = MA_DEV | MA_NS | MA_RW;
+	const unsigned long devmem = MA_DEV | MA_S | MA_RW;
 	const unsigned long cachedmem = MA_MEM | MA_NS | MA_RW;
+	const unsigned long secure_mem = MA_MEM | MA_S | MA_RW;
+	uintptr_t tz_base_mib;
+	size_t tz_size_mib;
 
 	memranges_init_empty(map);
 
@@ -66,6 +69,10 @@ static void tegra132_memrange_init(struct memranges *map)
 
 	/* SRAM */
 	memranges_insert(map, TEGRA_SRAM_BASE, TEGRA_SRAM_SIZE, cachedmem);
+
+	/* Add TZ carveout. */
+	carveout_range(CARVEOUT_TZ, &tz_base_mib, &tz_size_mib);
+	memranges_insert(map, tz_base_mib * MiB, tz_size_mib * MiB, secure_mem);
 }
 
 void __attribute__((weak)) mainboard_add_memory_ranges(struct memranges *map)
@@ -75,13 +82,17 @@ void __attribute__((weak)) mainboard_add_memory_ranges(struct memranges *map)
 
 void tegra132_mmu_init(void)
 {
-	uint64_t *ttb_buffer = (uint64_t*)CONFIG_TTB_BUFFER;
-	uint64_t ttb_size = (uint64_t)CONFIG_TTB_SIZE;
+	uintptr_t tz_base_mib;
+	size_t tz_size_mib;
 	struct memranges *map = &t132_mmap_ranges;
 
 	tegra132_memrange_init(map);
 	mainboard_add_memory_ranges(map);
 	print_memranges(map);
-	mmu_init(map,ttb_buffer,ttb_size);
-	mmu_enable((uint64_t)ttb_buffer);
+	/* Place page tables at the base of the trust zone region. */
+	carveout_range(CARVEOUT_TZ, &tz_base_mib, &tz_size_mib);
+	tz_base_mib *= MiB;
+	tz_size_mib *= MiB;
+	mmu_init(map, (void *)tz_base_mib, tz_size_mib);
+	mmu_enable(tz_base_mib);
 }
diff --git a/src/soc/nvidia/tegra132/soc.c b/src/soc/nvidia/tegra132/soc.c
index 519ba37684..276ea7b784 100644
--- a/src/soc/nvidia/tegra132/soc.c
+++ b/src/soc/nvidia/tegra132/soc.c
@@ -40,10 +40,6 @@ static void soc_read_resources(device_t dev)
 		reserved_ram_resource(dev, index++, begin * KiB, size * KiB);
 	}
 
-	reserved_ram_resource(dev, index++, CONFIG_TTB_BUFFER / KiB,
-			      CONFIG_TTB_SIZE / KiB);
-
-
 	/*
 	 * TODO: Frame buffer needs to handled as a carveout from the below_4G
 	 * uintptr_t framebuffer_begin = framebuffer_attributes(&framebuffer_size);