secure.c 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. /*
  2. * Copyright (c) 2024, Rockchip, Inc. All rights reserved.
  3. *
  4. * SPDX-License-Identifier: BSD-3-Clause
  5. */
  6. #include <assert.h>
  7. #include <lib/mmio.h>
  8. #include <platform_def.h>
  9. #include <secure.h>
  10. #include <soc.h>
  11. static void secure_fw_master_init(void)
  12. {
  13. uint32_t i;
  14. /* ddr_mcu can access all ddr-regions */
  15. mmio_write_32(FIREWALL_DDR_BASE + FIREWALL_DDR_MST(1), 0x0000ffff);
  16. /* dcf/crypto_s can access all ddr-regions */
  17. mmio_write_32(FIREWALL_DDR_BASE + FIREWALL_DDR_MST(14), 0x00000000);
  18. /* dsu_mp_sec can access all ddr-regions.
  19. * DSU access memory [f000_0000~ff00_0000] through MP in firewall_ddr.
  20. */
  21. mmio_write_32(FIREWALL_DDR_BASE + FIREWALL_DDR_MST(36), 0xffff0000);
  22. /* all other ns-master can't access all ddr-regions */
  23. for (i = 0; i < FIREWALL_DDR_MST_CNT; i++) {
  24. if (i == 1 || i == 14 || i == 36)
  25. continue;
  26. mmio_write_32(FIREWALL_DDR_BASE + FIREWALL_DDR_MST(i), 0xffffffff);
  27. }
  28. /* mcu_pmu can access all sram-regions */
  29. mmio_write_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_MST(19), 0x000000ff);
  30. /* dsu mp-sec can access all sram-regions */
  31. mmio_write_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_MST(38), 0x000000ff);
  32. /* nsp_dsu2main_sec can access all sram-regions */
  33. mmio_write_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_MST(41), 0x00000000);
  34. /* all ns-master can't access all sram-regions */
  35. for (i = 0; i < FIREWALL_SYSMEM_MST_CNT; i++) {
  36. if (i == 19 || i == 38 || i == 41)
  37. continue;
  38. mmio_write_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_MST(i),
  39. 0x00ff00ff);
  40. }
  41. /* dsu-ns can't access all ddr-regions, dsu-s can access all ddr-regions */
  42. mmio_write_32(FIREWALL_DSU_BASE + FIREWALL_DSU_MST(0), 0xffffffff);
  43. mmio_write_32(FIREWALL_DSU_BASE + FIREWALL_DSU_MST(1), 0x00000000);
  44. dsb();
  45. isb();
  46. }
  47. /* unit: Mb */
  48. static void dsu_fw_rgn_config(uint64_t base_mb, uint64_t top_mb, int rgn_id)
  49. {
  50. int i;
  51. if (rgn_id >= FIREWALL_DSU_RGN_CNT || rgn_id < 0) {
  52. ERROR("%s regions-id:%d is invalid!\n", __func__, rgn_id);
  53. panic();
  54. }
  55. mmio_write_32(FIREWALL_DSU_BASE + FIREWALL_DSU_RGN(rgn_id),
  56. RG_MAP_SECURE(top_mb, base_mb));
  57. for (i = 0; i < DDR_CHN_CNT; i++)
  58. mmio_setbits_32(FIREWALL_DSU_BASE + FIREWALL_DSU_CON(i),
  59. BIT(rgn_id));
  60. }
  61. /* unit: Mb */
  62. static void ddr_fw_rgn_config(uint64_t base_mb, uint64_t top_mb, int rgn_id)
  63. {
  64. if (rgn_id >= FIREWALL_DDR_RGN_CNT || rgn_id < 0) {
  65. ERROR("%s regions-id:%d is invalid!\n", __func__, rgn_id);
  66. panic();
  67. }
  68. mmio_write_32(FIREWALL_DDR_BASE + FIREWALL_DDR_RGN(rgn_id),
  69. RG_MAP_SECURE(top_mb, base_mb));
  70. /* enable region */
  71. mmio_setbits_32(FIREWALL_DDR_BASE + FIREWALL_DDR_CON,
  72. BIT(rgn_id));
  73. }
  74. /* Unit: Kb */
  75. static void sram_fw_rgn_config(uint64_t base_kb, uint64_t top_kb, int rgn_id)
  76. {
  77. if (rgn_id >= FIREWALL_SYSMEM_RGN_CNT || rgn_id < 0) {
  78. ERROR("%s regions-id:%d is invalid!\n", __func__, rgn_id);
  79. panic();
  80. }
  81. mmio_write_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_RGN(rgn_id),
  82. RG_MAP_SRAM_SECURE(top_kb, base_kb));
  83. /* enable region */
  84. mmio_setbits_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_CON, BIT(rgn_id));
  85. }
  86. static void secure_region_init(void)
  87. {
  88. uint32_t i;
  89. /* disable all region first except region0 */
  90. mmio_clrbits_32(FIREWALL_DDR_BASE + FIREWALL_DDR_CON, 0xfffe);
  91. for (i = 0; i < FIREWALL_DSU_CON_CNT; i++)
  92. mmio_clrbits_32(FIREWALL_DSU_BASE + FIREWALL_DSU_CON(i), 0xfffe);
  93. mmio_clrbits_32(FIREWALL_SYSMEM_BASE + FIREWALL_SYSMEM_CON, 0xfe);
  94. secure_fw_master_init();
  95. /* Use FW_DDR_RGN0_REG to config 0~1M space to secure */
  96. dsu_fw_rgn_config(0, 1, 0);
  97. ddr_fw_rgn_config(0, 1, 0);
  98. /* Use FIREWALL_SYSMEM_RGN0 to config SRAM_ENTRY code(0~4k of sram) to secure */
  99. sram_fw_rgn_config(0, 4, 0);
  100. /* For 0xffff0000~0xffffffff, use FIREWALL_SYSMEM_RGN7 to config
  101. * 960~1024k of sram to secure.
  102. */
  103. sram_fw_rgn_config(960, 1024, 7);
  104. }
  105. void secure_timer_init(void)
  106. {
  107. /* gpu's cntvalue comes from stimer1 channel_5 */
  108. mmio_write_32(STIMER1_CHN_BASE(5) + TIMER_CONTROL_REG,
  109. TIMER_DIS);
  110. mmio_write_32(STIMER1_CHN_BASE(5) + TIMER_LOAD_COUNT0, 0xffffffff);
  111. mmio_write_32(STIMER1_CHN_BASE(5) + TIMER_LOAD_COUNT1, 0xffffffff);
  112. /* auto reload & enable the timer */
  113. mmio_write_32(STIMER1_CHN_BASE(5) + TIMER_CONTROL_REG,
  114. TIMER_EN | TIMER_FMODE);
  115. }
  116. void sgrf_init(void)
  117. {
  118. uint32_t i;
  119. secure_region_init();
  120. /* config master ddr_mcu_prot|dcf_wr|dcf_rd as secure */
  121. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(14), 0x001f0011);
  122. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(15), 0xffffffff);
  123. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(16), 0x03ff03ff);
  124. /* config slave mailbox_mcu_ddr as secure */
  125. mmio_write_32(BUSSGRF_BASE + SGRF_FIREWALL_CON(4), 0xffff2000);
  126. /* config slave int256mux4_mcu_ddr|int256mux4_mcu_pmu as secure */
  127. mmio_write_32(BUSSGRF_BASE + SGRF_FIREWALL_CON(5), 0xffff0060);
  128. /* config slave ddrgrf*|dma2ddr|ddrphy*_cru|umctl* as secure */
  129. mmio_write_32(BUSSGRF_BASE + SGRF_FIREWALL_CON(24), 0xffff0fbf);
  130. /* config slave ddrphy*|ddr_stanby*|ddr_mcu_timer|ddr_mcu_wdt as secure */
  131. mmio_write_32(BUSSGRF_BASE + SGRF_FIREWALL_CON(25), 0xffff03ff);
  132. /* config all other slave as ns */
  133. for (i = 0; i < SGRF_FIREWALL_CON_CNT; i++) {
  134. if (i == 4 || i == 5 || i == 24 || i == 25)
  135. continue;
  136. mmio_write_32(BUSSGRF_BASE + SGRF_FIREWALL_CON(i), 0xffff0000);
  137. }
  138. /* config vad_hprot non-secure, pmu_mcu_hprot as secure */
  139. mmio_write_32(PMU1SGRF_BASE + PMU1SGRF_SOC_CON(0), 0x00180010);
  140. /* config pmu1, pmu0, pmu_sram as secure */
  141. mmio_write_32(PMU1SGRF_BASE + PMU1SGRF_SOC_CON(1), 0xefbe6020);
  142. /* config remap_pmu_mem, h_pmu_mem as secure */
  143. mmio_write_32(PMU1SGRF_BASE + PMU1SGRF_SOC_CON(2), 0x01f900c0);
  144. /* disable dp encryption */
  145. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(13), 0x00180018);
  146. /* select grf config for pcie ats */
  147. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(17), 0x11111111);
  148. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(18), 0x11111111);
  149. mmio_write_32(BUSSGRF_BASE + SGRF_SOC_CON(19), 0x00110011);
  150. }