From 0bdb88b106ec65e3d1296d61545e09ecdab0794f Mon Sep 17 00:00:00 2001 From: Tom Warren Date: Mon, 3 Aug 2015 14:58:11 -0700 Subject: Smaug: Add NVDEC and TSEC carveouts The NV security team requested that coreboot allocate the NVDEC and TSEC carveouts. Added code to set up NVDEC (1 region, 1MB) and TSEC (2 regions, splitting 2MB), and set their lock bits. Kernel/trusted code should be able to use the regions now. Note that this change sets the UNLOCKED bit in Carveout1Cfg0 and Carveout4Cfg0/5Cfg0 (bit 1) to 0 in the BCT .inc files (both 3GB and 4GB BCTs) so that the BOMs can be written. Any future revisions to these BCT files should take this into account. BUG=None BRANCH=None TEST=Built and booted on my P5 A44. Saw the carveout regions in the boot spew, and CBMEM living just below the last region (TSEC). Dumped the MC GeneralizedCarveoutX registers and verified their values (same as BCT, with only BOM/CFG0 changed). Signed-off-by: Patrick Georgi Original-Commit-Id: a34b0772cd721193640b322768ce5fcbb4624f23 Original-Change-Id: I2abc872fa1cc4ea669409ffc9f2e66dbbc4efcd0 Original-Signed-off-by: Tom Warren Original-Reviewed-on: https://chromium-review.googlesource.com/290452 Original-Reviewed-by: Furquan Shaikh Original-(cherry picked from commit f3bbf25397db4d17044e9cfd135ecf73df0ffa60) Original-Reviewed-on: https://chromium-review.googlesource.com/291081 Original-Commit-Queue: Furquan Shaikh Original-Trybot-Ready: Furquan Shaikh Original-Tested-by: Furquan Shaikh Change-Id: I924dfdae7b7c9b877cb1c93fd94f0ef98b728ac5 Reviewed-on: http://review.coreboot.org/11381 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer --- src/soc/nvidia/tegra210/addressmap.c | 68 +++++++++++++++++++++++- src/soc/nvidia/tegra210/include/soc/addressmap.h | 8 ++- src/soc/nvidia/tegra210/romstage.c | 3 ++ 3 files changed, 77 insertions(+), 2 deletions(-) (limited to 'src/soc') diff --git a/src/soc/nvidia/tegra210/addressmap.c b/src/soc/nvidia/tegra210/addressmap.c index 6e14d4a121..ddf3f991ef 100644 --- a/src/soc/nvidia/tegra210/addressmap.c +++ b/src/soc/nvidia/tegra210/addressmap.c @@ -106,6 +106,31 @@ void carveout_range(int id, uintptr_t *base_mib, size_t *size_mib) read32(&mc->security_carveout2_bom_hi), region_size_mb); break; + case CARVEOUT_NVDEC: + /* These carveout regs use 128KB granularity - convert to MB */ + region_size_mb = DIV_ROUND_UP(read32(&mc->security_carveout1_size_128kb), 8); + + /* BOM address set in nvdec_region_init, below */ + carveout_from_regs(base_mib, size_mib, + read32(&mc->security_carveout1_bom), + read32(&mc->security_carveout1_bom_hi), + region_size_mb); + break; + case CARVEOUT_TSEC: + /* These carveout regs use 128KB granularity - convert to MB */ + region_size_mb = DIV_ROUND_UP(read32(&mc->security_carveout4_size_128kb), 8); + + /* BOM address set in tsec_region_init, below. + * Since the TSEC region consumes 2 carveouts, and is + * expected to be split evenly between the two, size_mib + * is doubled here. + */ + region_size_mb *= 2; + carveout_from_regs(base_mib, size_mib, + read32(&mc->security_carveout4_bom), + read32(&mc->security_carveout4_bom_hi), + region_size_mb); + break; default: break; } @@ -182,7 +207,6 @@ static void memory_in_range(uintptr_t *base_mib, uintptr_t *end_mib, continue; carveout_range(i, &carveout_base, &carveout_size); - if (carveout_size == 0) continue; @@ -281,3 +305,45 @@ void gpu_region_init(void) /* Set the locked bit. This will lock out any other writes! */ setbits_le32(&mc->security_carveout3_cfg0, MC_SECURITY_CARVEOUT_LOCKED); } + +void nvdec_region_init(void) +{ + struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE; + uintptr_t nvdec_base_mib = 0, end = 4096; + size_t nvdec_size_mib = NVDEC_CARVEOUT_SIZE_MB; + + /* Get memory layout below 4GiB */ + memory_in_range(&nvdec_base_mib, &end, CARVEOUT_NVDEC); + nvdec_base_mib = end - nvdec_size_mib; + + /* Set the carveout1 base address. Everything else has been set in the BCT cfg/inc */ + write32(&mc->security_carveout1_bom, nvdec_base_mib << 20); + write32(&mc->security_carveout1_bom_hi, 0); + + /* Set the locked bit. This will lock out any other writes! */ + setbits_le32(&mc->security_carveout1_cfg0, MC_SECURITY_CARVEOUT_LOCKED); +} + +void tsec_region_init(void) +{ + struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE; + uintptr_t tsec_base_mib = 0, end = 4096; + size_t tsec_size_mib = TSEC_CARVEOUT_SIZE_MB; + + /* Get memory layout below 4GiB */ + memory_in_range(&tsec_base_mib, &end, CARVEOUT_TSEC); + tsec_base_mib = end - tsec_size_mib; + + /* + * Set the carveout4/5 base address. Everything else has been set in the BCT cfg/inc + * Note that the TSEC range is split evenly between the 2 carveouts (i.e. 1MB each) + */ + write32(&mc->security_carveout4_bom, tsec_base_mib << 20); + write32(&mc->security_carveout4_bom_hi, 0); + write32(&mc->security_carveout5_bom, (tsec_base_mib + (TSEC_CARVEOUT_SIZE_MB / 2)) << 20); + write32(&mc->security_carveout5_bom_hi, 0); + + /* Set the locked bit. This will lock out any other writes! */ + setbits_le32(&mc->security_carveout4_cfg0, MC_SECURITY_CARVEOUT_LOCKED); + setbits_le32(&mc->security_carveout5_cfg0, MC_SECURITY_CARVEOUT_LOCKED); +} diff --git a/src/soc/nvidia/tegra210/include/soc/addressmap.h b/src/soc/nvidia/tegra210/include/soc/addressmap.h index c3af00c0b2..b9bec18a12 100644 --- a/src/soc/nvidia/tegra210/include/soc/addressmap.h +++ b/src/soc/nvidia/tegra210/include/soc/addressmap.h @@ -104,7 +104,9 @@ enum { TEGRA_I2C_BASE_COUNT = 6, }; -#define GPU_CARVEOUT_SIZE_MB 1 +#define GPU_CARVEOUT_SIZE_MB 1 +#define NVDEC_CARVEOUT_SIZE_MB 1 +#define TSEC_CARVEOUT_SIZE_MB 2 /* Return total size of DRAM memory configured on the platform. */ int sdram_size_mb(void); @@ -119,6 +121,8 @@ enum { CARVEOUT_MTS, CARVEOUT_VPR, CARVEOUT_GPU, + CARVEOUT_NVDEC, + CARVEOUT_TSEC, CARVEOUT_NUM, }; @@ -142,5 +146,7 @@ void mainboard_add_memory_ranges(struct memranges *map); */ void trustzone_region_init(void); void gpu_region_init(void); +void nvdec_region_init(void); +void tsec_region_init(void); #endif /* __SOC_NVIDIA_TEGRA210_INCLUDE_SOC_ADDRESS_MAP_H__ */ diff --git a/src/soc/nvidia/tegra210/romstage.c b/src/soc/nvidia/tegra210/romstage.c index c029e937b3..d8d191bbd1 100644 --- a/src/soc/nvidia/tegra210/romstage.c +++ b/src/soc/nvidia/tegra210/romstage.c @@ -67,7 +67,10 @@ void romstage(void) */ trustzone_region_init(); + /* Now do various other carveouts */ gpu_region_init(); + nvdec_region_init(); + tsec_region_init(); /* * When romstage is running it's always on the reboot path -- never a -- cgit v1.2.3