fsl-ch3/lowlevel: TZPC and TZASC programming to configure non-secure accesses

This patch ensures that the TZPC (BP147) and TZASC-400 programming
happens for LS2085A SoC only when the desired config flags are
enabled and ensures that the TZPC programming is done to allow Non-secure
(NS) + secure (S) transactions only for DCGF registers.

The TZASC component is not present on LS2085A-Rev1, so the TZASC-400
config flag is turned OFF for now.

Signed-off-by: Bhupesh Sharma <bhupesh.sharma@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

arch/arm/cpu/armv8/fsl-lsch3/lowlevel.S

@@ -42,6 +42,60 @@ ENTRY(lowlevel_init)
 	ldr	x0, =secondary_boot_func
 	blr	x0
 2:
+
+#ifdef CONFIG_FSL_TZPC_BP147
+	/* Set Non Secure access for all devices protected via TZPC */
+	ldr	x1, =TZPCDECPROT_0_SET_BASE /* Decode Protection-0 Set Reg */
+	orr	w0, w0, #1 << 3 /* DCFG_RESET is accessible from NS world */
+	str	w0, [x1]
+
+	isb
+	dsb	sy
+#endif
+
+#ifdef CONFIG_FSL_TZASC_400
+	/* Set TZASC so that:
+	 * a. We use only Region0 whose global secure write/read is EN
+	 * b. We use only Region0 whose NSAID write/read is EN
+	 *
+	 * NOTE: As per the CCSR map doc, TZASC 3 and TZASC 4 are just
+	 * 	 placeholders.
+	 */
+	ldr	x1, =TZASC_GATE_KEEPER(0)
+	ldr	x0, [x1]		/* Filter 0 Gate Keeper Register */
+	orr	x0, x0, #1 << 0		/* Set open_request for Filter 0 */
+	str	x0, [x1]
+
+	ldr	x1, =TZASC_GATE_KEEPER(1)
+	ldr	x0, [x1]		/* Filter 0 Gate Keeper Register */
+	orr	x0, x0, #1 << 0		/* Set open_request for Filter 0 */
+	str	x0, [x1]
+
+	ldr	x1, =TZASC_REGION_ATTRIBUTES_0(0)
+	ldr	x0, [x1]		/* Region-0 Attributes Register */
+	orr	x0, x0, #1 << 31	/* Set Sec global write en, Bit[31] */
+	orr	x0, x0, #1 << 30	/* Set Sec global read en, Bit[30] */
+	str	x0, [x1]
+
+	ldr	x1, =TZASC_REGION_ATTRIBUTES_0(1)
+	ldr	x0, [x1]		/* Region-1 Attributes Register */
+	orr	x0, x0, #1 << 31	/* Set Sec global write en, Bit[31] */
+	orr	x0, x0, #1 << 30	/* Set Sec global read en, Bit[30] */
+	str	x0, [x1]
+
+	ldr	x1, =TZASC_REGION_ID_ACCESS_0(0)
+	ldr	w0, [x1]		/* Region-0 Access Register */
+	mov	w0, #0xFFFFFFFF		/* Set nsaid_wr_en and nsaid_rd_en */
+	str	w0, [x1]
+
+	ldr	x1, =TZASC_REGION_ID_ACCESS_0(1)
+	ldr	w0, [x1]		/* Region-1 Attributes Register */
+	mov	w0, #0xFFFFFFFF		/* Set nsaid_wr_en and nsaid_rd_en */
+	str	w0, [x1]
+
+	isb
+	dsb	sy
+#endif
 	mov	lr, x29			/* Restore LR */
 	ret
 ENDPROC(lowlevel_init)

arch/arm/include/asm/arch-fsl-lsch3/config.h

@@ -35,6 +35,34 @@
 #define I2C3_BASE_ADDR				(CONFIG_SYS_IMMR + 0x01020000)
 #define I2C4_BASE_ADDR				(CONFIG_SYS_IMMR + 0x01030000)
 
+/* TZ Protection Controller Definitions */
+#define TZPC_BASE				0x02200000
+#define TZPCR0SIZE_BASE				(TZPC_BASE)
+#define TZPCDECPROT_0_STAT_BASE			(TZPC_BASE + 0x800)
+#define TZPCDECPROT_0_SET_BASE			(TZPC_BASE + 0x804)
+#define TZPCDECPROT_0_CLR_BASE			(TZPC_BASE + 0x808)
+#define TZPCDECPROT_1_STAT_BASE			(TZPC_BASE + 0x80C)
+#define TZPCDECPROT_1_SET_BASE			(TZPC_BASE + 0x810)
+#define TZPCDECPROT_1_CLR_BASE			(TZPC_BASE + 0x814)
+#define TZPCDECPROT_2_STAT_BASE			(TZPC_BASE + 0x818)
+#define TZPCDECPROT_2_SET_BASE			(TZPC_BASE + 0x81C)
+#define TZPCDECPROT_2_CLR_BASE			(TZPC_BASE + 0x820)
+
+/* TZ Address Space Controller Definitions */
+#define TZASC1_BASE			0x01100000	/* as per CCSR map. */
+#define TZASC2_BASE			0x01110000	/* as per CCSR map. */
+#define TZASC3_BASE			0x01120000	/* as per CCSR map. */
+#define TZASC4_BASE			0x01130000	/* as per CCSR map. */
+#define TZASC_BUILD_CONFIG_REG(x)	((TZASC1_BASE + (x * 0x10000)))
+#define TZASC_ACTION_REG(x)		((TZASC1_BASE + (x * 0x10000)) + 0x004)
+#define TZASC_GATE_KEEPER(x)		((TZASC1_BASE + (x * 0x10000)) + 0x008)
+#define TZASC_REGION_BASE_LOW_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x100)
+#define TZASC_REGION_BASE_HIGH_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x104)
+#define TZASC_REGION_TOP_LOW_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x108)
+#define TZASC_REGION_TOP_HIGH_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x10C)
+#define TZASC_REGION_ATTRIBUTES_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x110)
+#define TZASC_REGION_ID_ACCESS_0(x)	((TZASC1_BASE + (x * 0x10000)) + 0x114)
+
 /* Generic Interrupt Controller Definitions */
 #define GICD_BASE		0x06000000
 #define GICR_BASE		0x06100000

doc/README.fsl-trustzone-components

+Freescale ARM64 SoCs like LS2085A have ARM TrustZone components like
+TZPC-BP147 (TrustZone Protection Controller) and TZASC-400 (TrustZone
+Address Space Controller).
+
+While most of the configuration related programming of these peripherals
+is left to a root-of-trust security software layer (running in EL3
+privilege mode), but still some configurations of these peripherals
+might be required while the bootloader is executing in EL3 privilege
+mode. The following sections define how to turn on these features for
+LS2085A like SoCs.
+
+TZPC-BP147 (TrustZone Protection Controller)
+============================================
+- Depends on CONFIG_FSL_TZPC_BP147 configuration flag.
+- Separates Secure World and Normal World on-chip RAM (OCRAM) spaces.
+- Provides a programming model to set access control policy via the TZPC
+  TZDECPROT Registers.
+
+TZASC-400 (TrustZone Address Space Controller)
+==============================================
+- Depends on CONFIG_FSL_TZASC_400 configuration flag.
+- Separates Secure World and Normal World external memory spaces for bus masters
+  such as processors and DMA-equipped peripherals.
+- Supports 8 fully programmable address regions, initially inactive at reset,
+  and one base region, always active, that covers the remaining address space.

include/configs/ls2085a_common.h

@@ -13,6 +13,7 @@
 #define CONFIG_FSL_LSCH3
 #define CONFIG_LS2085A
 #define CONFIG_GICV3
+#define CONFIG_FSL_TZPC_BP147
 
 /* Link Definitions */
 #define CONFIG_SYS_TEXT_BASE		0x30001000