From bc3019cbd2081370ca0c556e10f923f0da6784d9 Mon Sep 17 00:00:00 2001 From: Aaron Durbin Date: Tue, 15 Jul 2014 10:53:29 -0500 Subject: [PATCH] t132: handle optional Trust Zone region correctly Provide a default Trust Zone region size of 1MiB, and correctly account for it in the AVP and the arm64 cores. The different path between the arm64 cores and the AVP is because the AVP cannot access the Trust Zone region registers. Therefore the AVP needs to account for the Trust Zone region. BUG=chrome-os-partner:30572 BRANCH=None TEST=Built and ran. Noted Trust Zone region being accounted for. Original-Change-Id: Ie0f117ec7a5ff8519c39778d3cdf88c3eee57ea5 Original-Signed-off-by: Aaron Durbin Original-Reviewed-on: https://chromium-review.googlesource.com/208062 Original-Reviewed-by: Tom Warren Original-Reviewed-by: Furquan Shaikh Original-Commit-Queue: Furquan Shaikh (cherry picked from commit 22f2fa05c009c58f53b99b9ebe1b6d01fdac5ba7) Signed-off-by: Marc Jones Change-Id: I28506b4401145d366b56126b2eddc4c3d3db7b44 Reviewed-on: http://review.coreboot.org/8639 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel Reviewed-by: Patrick Georgi --- src/soc/nvidia/tegra132/Kconfig | 6 ++++ src/soc/nvidia/tegra132/Makefile.inc | 1 + src/soc/nvidia/tegra132/addressmap.c | 8 +++++ src/soc/nvidia/tegra132/ramstage.c | 47 ++++++++++++++++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 src/soc/nvidia/tegra132/ramstage.c diff --git a/src/soc/nvidia/tegra132/Kconfig b/src/soc/nvidia/tegra132/Kconfig index 3396cc89a7..8a5d087a7f 100644 --- a/src/soc/nvidia/tegra132/Kconfig +++ b/src/soc/nvidia/tegra132/Kconfig @@ -93,4 +93,10 @@ config MTS_DIRECTORY help Path to directory where MTS microcode files are located. +config TRUSTZONE_CARVEOUT_SIZE_MB + hex "Size of Trust Zone region" + default 0x1 + help + Size of Trust Zone area in MiB to reserve in memory map. + endif diff --git a/src/soc/nvidia/tegra132/Makefile.inc b/src/soc/nvidia/tegra132/Makefile.inc index 88ba51c398..0ab95d40de 100644 --- a/src/soc/nvidia/tegra132/Makefile.inc +++ b/src/soc/nvidia/tegra132/Makefile.inc @@ -48,6 +48,7 @@ ramstage-y += monotonic_timer.c ramstage-y += ../tegra/gpio.c ramstage-y += ../tegra/i2c.c ramstage-y += ../tegra/pinmux.c +ramstage-y += ramstage.c ramstage-$(CONFIG_DRIVERS_UART) += uart.c CPPFLAGS_common += -Isrc/soc/nvidia/tegra132/include/ diff --git a/src/soc/nvidia/tegra132/addressmap.c b/src/soc/nvidia/tegra132/addressmap.c index bb35a878e6..7f6d7c3d72 100644 --- a/src/soc/nvidia/tegra132/addressmap.c +++ b/src/soc/nvidia/tegra132/addressmap.c @@ -147,6 +147,14 @@ uintptr_t framebuffer_attributes(size_t *size_mib) /* Place the framebuffer just below the 32-bit addressable limit. */ memory_range_by_bits(ADDRESS_SPACE_32_BIT, &begin, &end); + /* + * Need to take into account that the Trust Zone region is not able to + * be read by the AVP. The Trust Zone region will live just below the + * rest of the carveout regions. + */ + if (context_avp()) + end -= CONFIG_TRUSTZONE_CARVEOUT_SIZE_MB; + *size_mib = FB_SIZE_MB; end -= *size_mib; diff --git a/src/soc/nvidia/tegra132/ramstage.c b/src/soc/nvidia/tegra132/ramstage.c new file mode 100644 index 0000000000..7b2f4e8c31 --- /dev/null +++ b/src/soc/nvidia/tegra132/ramstage.c @@ -0,0 +1,47 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2014 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include +#include +#include "mc.h" + +void arm64_soc_init(void) +{ + struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE; + const size_t tz_size_mib = CONFIG_TRUSTZONE_CARVEOUT_SIZE_MB; + uintptr_t base; + uintptr_t end; + + if (!tz_size_mib) + return; + + /* + * Ramstage is when the arm64 first gets running. It also is the + * only entity that the capabilities to program the Trust Zone region. + * Therefore configure the region early. Also, the TZ region can only + * live in 32-bit space. + */ + memory_range_by_bits(ADDRESS_SPACE_32_BIT, &base, &end); + + /* Place the TZ area just below current carveout regions. */ + end -= tz_size_mib; + write32(end << 20, &mc->security_cfg0); + write32(tz_size_mib, &mc->security_cfg1); +}