mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-09-11 00:31:05 +02:00
e60f2af949
This patch makes the necessary changes to enable ARM platform to successfully integrate CryptoCell during Trusted Board Boot. The changes are as follows: * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select the CryptoCell crypto driver for Trusted Board boot. * The TrustZone filter settings for Non Secure DRAM is modified to allow CryptoCell to read this memory. This is required to authenticate BL33 which is loaded into the Non Secure DDR. * The CSS platforms are modified to use coherent stacks in BL1 and BL2 when CryptoCell crypto is selected. This is because CryptoCell makes use of DMA to transfer data and the CryptoCell SBROM library allocates buffers on the stack during signature/hash verification. Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
77 lines
2.2 KiB
C
77 lines
2.2 KiB
C
/*
|
|
* Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <arm_def.h>
|
|
#include <assert.h>
|
|
#include <debug.h>
|
|
#include <platform_def.h>
|
|
#include <tzc_dmc500.h>
|
|
|
|
/*******************************************************************************
|
|
* Initialize the DMC500-TrustZone Controller for ARM standard platforms.
|
|
* Configure both the interfaces on Region 0 with no access, Region 1 with
|
|
* secure access only, and the remaining DRAM regions access from the
|
|
* given Non-Secure masters.
|
|
*
|
|
* When booting an EL3 payload, this is simplified: we configure region 0 with
|
|
* secure access only and do not enable any other region.
|
|
******************************************************************************/
|
|
void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
|
|
{
|
|
assert(plat_driver_data);
|
|
|
|
INFO("Configuring DMC-500 TZ Settings\n");
|
|
|
|
tzc_dmc500_driver_init(plat_driver_data);
|
|
|
|
#ifndef EL3_PAYLOAD_BASE
|
|
/* Region 0 set to no access by default */
|
|
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
|
|
|
|
/* Region 1 set to cover Secure part of DRAM */
|
|
tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE,
|
|
ARM_AP_TZC_DRAM1_END,
|
|
TZC_REGION_S_RDWR,
|
|
0);
|
|
|
|
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/
|
|
tzc_dmc500_configure_region(2,
|
|
ARM_NS_DRAM1_BASE,
|
|
ARM_NS_DRAM1_END,
|
|
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
|
|
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
|
|
tzc_dmc500_configure_region(3,
|
|
ARM_DRAM2_BASE,
|
|
ARM_DRAM2_END,
|
|
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
#else
|
|
/* Allow secure access only to DRAM for EL3 payloads */
|
|
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
|
|
#endif
|
|
/*
|
|
* Raise an exception if a NS device tries to access secure memory
|
|
* TODO: Add interrupt handling support.
|
|
*/
|
|
tzc_dmc500_set_action(TZC_ACTION_RV_LOWERR);
|
|
|
|
/*
|
|
* Flush the configuration settings to have an affect. Validate
|
|
* flush by checking FILTER_EN is set on region 1 attributes
|
|
* register.
|
|
*/
|
|
tzc_dmc500_config_complete();
|
|
|
|
/*
|
|
* Wait for the flush to complete.
|
|
* TODO: Have a timeout for this loop
|
|
*/
|
|
while (tzc_dmc500_verify_complete())
|
|
;
|
|
}
|