[PATCH] ARM: i.MX8M: add TrustZone Address Space Controller 380 init function
Ahmad Fatoum
a.fatoum at pengutronix.de
Sun Aug 14 23:43:25 PDT 2022
barebox running as BL2 with OP-TEE as BL32 is expected to enable TZASC,
so access to secure memory may be restricted. Add helper functions that
can be called from lowlevel code while barebox is in EL3.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
arch/arm/mach-imx/Makefile | 1 +
arch/arm/mach-imx/include/mach/imx8m-regs.h | 1 +
arch/arm/mach-imx/include/mach/tzasc.h | 16 +++++++
arch/arm/mach-imx/tzasc.c | 47 +++++++++++++++++++++
4 files changed, 65 insertions(+)
create mode 100644 arch/arm/mach-imx/include/mach/tzasc.h
create mode 100644 arch/arm/mach-imx/tzasc.c
diff --git a/arch/arm/mach-imx/Makefile b/arch/arm/mach-imx/Makefile
index fa5133a22958..390cdaf50218 100644
--- a/arch/arm/mach-imx/Makefile
+++ b/arch/arm/mach-imx/Makefile
@@ -19,6 +19,7 @@ obj-$(CONFIG_ARCH_IMX7) += imx7.o
obj-$(CONFIG_ARCH_VF610) += vf610.o
obj-pbl-$(CONFIG_ARCH_IMX8M) += imx8m.o
lwl-$(CONFIG_ARCH_IMX8M) += atf.o romapi.o
+obj-pbl-$(CONFIG_ARCH_IMX8M) += tzasc.o
obj-$(CONFIG_IMX_IIM) += iim.o
obj-$(CONFIG_NAND_IMX) += nand.o
lwl-$(CONFIG_ARCH_IMX_EXTERNAL_BOOT_NAND) += external-nand-boot.o
diff --git a/arch/arm/mach-imx/include/mach/imx8m-regs.h b/arch/arm/mach-imx/include/mach/imx8m-regs.h
index e1c83ee01ddc..a5017faf830e 100644
--- a/arch/arm/mach-imx/include/mach/imx8m-regs.h
+++ b/arch/arm/mach-imx/include/mach/imx8m-regs.h
@@ -30,6 +30,7 @@
#define MX8M_UART4_BASE_ADDR 0x30A60000
#define MX8M_USDHC1_BASE_ADDR 0x30B40000
#define MX8M_USDHC2_BASE_ADDR 0x30B50000
+#define MX8M_TZASC_BASE_ADDR 0x32f80000
#define MX8M_DDRC_PHY_BASE_ADDR 0x3c000000
#define MX8M_DDRC_DDR_SS_GPR0 (MX8M_DDRC_PHY_BASE_ADDR + 0x01000000)
#define MX8M_DDRC_IPS_BASE_ADDR(X) (0x3d400000 + ((X) * 0x2000000))
diff --git a/arch/arm/mach-imx/include/mach/tzasc.h b/arch/arm/mach-imx/include/mach/tzasc.h
new file mode 100644
index 000000000000..724ba50ead5f
--- /dev/null
+++ b/arch/arm/mach-imx/include/mach/tzasc.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#ifndef __IMX_TZASC_H__
+#define __IMX_TZASC_H__
+
+#include <linux/types.h>
+#include <asm/system.h>
+
+void imx8mq_tzc380_init(void);
+void imx8mm_tzc380_init(void);
+void imx8mn_tzc380_init(void);
+void imx8mp_tzc380_init(void);
+
+bool tzc380_is_enabled(void);
+
+#endif
diff --git a/arch/arm/mach-imx/tzasc.c b/arch/arm/mach-imx/tzasc.c
new file mode 100644
index 000000000000..9af0b7ef65e9
--- /dev/null
+++ b/arch/arm/mach-imx/tzasc.c
@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <mach/tzasc.h>
+#include <linux/bitops.h>
+#include <mach/imx8m-regs.h>
+#include <io.h>
+
+#define GPR_TZASC_EN BIT(0)
+#define GPR_TZASC_SWAP_ID BIT(1)
+#define GPR_TZASC_EN_LOCK BIT(16)
+
+static void enable_tzc380(bool bypass_id_swap)
+{
+ u32 __iomem *gpr = IOMEM(MX8M_IOMUXC_GPR_BASE_ADDR);
+
+ /* Enable TZASC and lock setting */
+ setbits_le32(&gpr[10], GPR_TZASC_EN);
+ setbits_le32(&gpr[10], GPR_TZASC_EN_LOCK);
+ if (bypass_id_swap)
+ setbits_le32(&gpr[10], BIT(1));
+ /*
+ * set Region 0 attribute to allow secure and non-secure
+ * read/write permission. Found some masters like usb dwc3
+ * controllers can't work with secure memory.
+ */
+ writel(0xf0000000, MX8M_TZASC_BASE_ADDR + 0x108);
+}
+
+void imx8mq_tzc380_init(void)
+{
+ enable_tzc380(false);
+}
+
+void imx8mn_tzc380_init(void) __alias(imx8mm_tzc380_init);
+void imx8mp_tzc380_init(void) __alias(imx8mm_tzc380_init);
+void imx8mm_tzc380_init(void)
+{
+ enable_tzc380(true);
+}
+
+bool tzc380_is_enabled(void)
+{
+ u32 __iomem *gpr = IOMEM(MX8M_IOMUXC_GPR_BASE_ADDR);
+
+ return (readl(&gpr[10]) & (GPR_TZASC_EN | GPR_TZASC_EN_LOCK))
+ == (GPR_TZASC_EN | GPR_TZASC_EN_LOCK);
+}
--
2.30.2
More information about the barebox
mailing list