From bf276b45b8613a7b84d8ad7a68182863364cca0a Mon Sep 17 00:00:00 2001 From: oliviermartin Date: Sat, 11 Jun 2011 12:12:49 +0000 Subject: ArmPlatformPkg/ArmVExpressLib: Move Secure code into a separate file The code specific to the secure intialization has been moved into a separate file that is not linked with the Normal world version of the library. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11810 6f19259b-4bc3-4df7-8a09-765794883524 --- .../ArmRealViewEbLibRTSM/ArmRealViewEbLib.inf | 2 + .../ArmVExpressLibCTA9x4/ArmVExpressLib.inf | 2 + .../ArmVExpressLibCTA9x4/ArmVExpressSecLib.inf | 11 +- .../Library/ArmVExpressLibCTA9x4/CTA9x4.c | 89 ---------------- .../Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c | 117 +++++++++++++++++++++ 5 files changed, 128 insertions(+), 93 deletions(-) create mode 100644 ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c (limited to 'ArmPlatformPkg') diff --git a/ArmPlatformPkg/ArmRealViewEbPkg/Library/ArmRealViewEbLibRTSM/ArmRealViewEbLib.inf b/ArmPlatformPkg/ArmRealViewEbPkg/Library/ArmRealViewEbLibRTSM/ArmRealViewEbLib.inf index 185c0ae406..c3308b4a0b 100644 --- a/ArmPlatformPkg/ArmRealViewEbPkg/Library/ArmRealViewEbLibRTSM/ArmRealViewEbLib.inf +++ b/ArmPlatformPkg/ArmRealViewEbPkg/Library/ArmRealViewEbLibRTSM/ArmRealViewEbLib.inf @@ -34,6 +34,8 @@ [Sources.common] ArmRealViewEb.c ArmRealViewEbMem.c + ArmRealViewEbHelper.asm | RVCT + ArmRealViewEbHelper.S | GCC [Protocols] diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressLib.inf b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressLib.inf index 4c8f6c0260..e59a994747 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressLib.inf +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressLib.inf @@ -31,9 +31,11 @@ ArmLib ArmTrustZoneLib MemoryAllocationLib + PL354SmcLib PL341DmcLib PL301AxiLib L2X0CacheLib + SerialPortLib [Sources.common] CTA9x4.c diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressSecLib.inf b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressSecLib.inf index cf4e68ebc0..45332256ed 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressSecLib.inf +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/ArmVExpressSecLib.inf @@ -27,15 +27,18 @@ ArmPlatformPkg/ArmPlatformPkg.dec [LibraryClasses] - IoLib ArmLib ArmTrustZoneLib - PL354SmcLib - PL341DmcLib - PL301AxiLib + ArmPlatformSysConfigLib + IoLib L2X0CacheLib + PL301AxiLib + PL341DmcLib + PL354SmcLib + SerialPortLib [Sources.common] + CTA9x4Sec.c CTA9x4.c CTA9x4Helper.asm | RVCT CTA9x4Helper.S | GCC diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4.c index 8f6c2b0f4f..8415842fb5 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4.c +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4.c @@ -21,7 +21,6 @@ #include #include -#include #include #define SerialPrint(txt) SerialPortWrite (txt, AsciiStrLen(txt)+1); @@ -80,76 +79,6 @@ ArmPlatformTrustzoneSupported ( return (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK); } -/** - Initialize the Secure peripherals and memory regions - - If Trustzone is supported by your platform then this function makes the required initialization - of the secure peripherals and memory regions. - -**/ -VOID ArmPlatformTrustzoneInit(VOID) { - // - // Setup TZ Protection Controller - // - - // Set Non Secure access for all devices - TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF); - TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF); - TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF); - - // Remove Non secure access to secure devices - TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, - ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC); - - TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, - ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK); - - - // - // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions) - // - - // NOR Flash 0 non secure (BootMon) - TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, - ARM_VE_SMB_NOR0_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); - - // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) -#if EDK2_ARMVE_SECURE_SYSTEM - //Note: Your OS Kernel must be aware of the secure regions before to enable this region - TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, - ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); -#else - TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, - ARM_VE_SMB_NOR1_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); -#endif - - // Base of SRAM. Only half of SRAM in Non Secure world - // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM -#if EDK2_ARMVE_SECURE_SYSTEM - //Note: Your OS Kernel must be aware of the secure regions before to enable this region - TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, - ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); -#else - TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, - ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); -#endif - - // Memory Mapped Peripherals. All in non secure world - TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, - ARM_VE_SMB_PERIPH_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); - - // MotherBoard Peripherals and On-chip peripherals. - TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, - ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); -} - /** Return the current Boot Mode @@ -187,24 +116,6 @@ ArmPlatformBootRemapping ( // Remap the DRAM to 0x0 MmioWrite32(ARM_VE_SYS_CFGRW1_REG, (Value & 0x0FFFFFFF) | ARM_VE_CFGRW1_REMAP_DRAM); } - -/** - Initialize controllers that must setup at the early stage - - Some peripherals must be initialized in Secure World. - For example, some L2x0 requires to be initialized in Secure World - -**/ -VOID -ArmPlatformSecInitialize ( - VOID - ) { - // The L2x0 controller must be intialize in Secure World - L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase), - PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), - PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), - 0,~0, // Use default setting for the Auxiliary Control Register - FALSE); } /** diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c new file mode 100644 index 0000000000..2ac64a0160 --- /dev/null +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibCTA9x4/CTA9x4Sec.c @@ -0,0 +1,117 @@ +/** @file +* +* Copyright (c) 2011, ARM Limited. All rights reserved. +* +* This program and the accompanying materials +* are licensed and made available under the terms and conditions of the BSD License +* which accompanies this distribution. The full text of the license may be found at +* http://opensource.org/licenses/bsd-license.php +* +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +* +**/ + +#include +#include +#include +#include +#include +#include + +#include + +/** + Initialize the Secure peripherals and memory regions + + If Trustzone is supported by your platform then this function makes the required initialization + of the secure peripherals and memory regions. + +**/ +VOID +ArmPlatformTrustzoneInit ( + VOID + ) +{ + // + // Setup TZ Protection Controller + // + + // Set Non Secure access for all devices + TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF); + TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF); + TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, 0xFFFFFFFF); + + // Remove Non secure access to secure devices + TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, + ARM_VE_DECPROT_BIT_TZPC | ARM_VE_DECPROT_BIT_DMC_TZASC | ARM_VE_DECPROT_BIT_NMC_TZASC | ARM_VE_DECPROT_BIT_SMC_TZASC); + + TZPCClearDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_2, + ARM_VE_DECPROT_BIT_EXT_MAST_TZ | ARM_VE_DECPROT_BIT_DMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_NMC_TZASC_LOCK | ARM_VE_DECPROT_BIT_SMC_TZASC_LOCK); + + // + // Setup TZ Address Space Controller for the SMC. Create 5 Non Secure regions (NOR0, NOR1, SRAM, SMC Peripheral regions) + // + + // NOR Flash 0 non secure (BootMon) + TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, + ARM_VE_SMB_NOR0_BASE,0, + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + + // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) +#if EDK2_ARMVE_SECURE_SYSTEM + //Note: Your OS Kernel must be aware of the secure regions before to enable this region + TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, + ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); +#else + TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, + ARM_VE_SMB_NOR1_BASE,0, + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); +#endif + + // Base of SRAM. Only half of SRAM in Non Secure world + // First half non secure (16MB) + Second Half secure (16MB) = 32MB of SRAM +#if EDK2_ARMVE_SECURE_SYSTEM + //Note: Your OS Kernel must be aware of the secure regions before to enable this region + TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, + ARM_VE_SMB_SRAM_BASE,0, + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); +#else + TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, + ARM_VE_SMB_SRAM_BASE,0, + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); +#endif + + // Memory Mapped Peripherals. All in non secure world + TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, + ARM_VE_SMB_PERIPH_BASE,0, + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + + // MotherBoard Peripherals and On-chip peripherals. + TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, + ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); +} + +/** + Initialize controllers that must setup at the early stage + + Some peripherals must be initialized in Secure World. + For example, some L2x0 requires to be initialized in Secure World + +**/ +VOID +ArmPlatformSecInitialize ( + VOID + ) { + // The L2x0 controller must be intialize in Secure World + L2x0CacheInit(PcdGet32(PcdL2x0ControllerBase), + PL310_TAG_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), + PL310_DATA_LATENCIES(L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES,L2x0_LATENCY_8_CYCLES), + 0,~0, // Use default setting for the Auxiliary Control Register + FALSE); + + // Initialize the System Configuration + ArmPlatformSysConfigInitialize (); +} -- cgit v1.2.3