1 /*
2 * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <lib/mmio.h>
8 #include <lib/utils_def.h>
9
10 #include "axi_registers.h"
11 #include "lifec_registers.h"
12 #include "micro_delay.h"
13
14 static void lifec_security_setting(void);
15 static void axi_security_setting(void);
16
17 static const struct {
18 uint32_t reg;
19 uint32_t val;
20 } lifec[] = {
21 /*
22 * LIFEC0 (SECURITY) settings
23 * Security attribute setting for master ports
24 * Bit 0: ARM realtime core (Cortex-R7) master port
25 * 0: Non-Secure
26 */
27 { SEC_SRC, 0x0000001EU },
28 /*
29 * Security attribute setting for slave ports 0 to 15
30 * {SEC_SEL0, 0xFFFFFFFFU},
31 * {SEC_SEL1, 0xFFFFFFFFU},
32 * {SEC_SEL2, 0xFFFFFFFFU},
33 * Bit19: AXI-Bus (Main Memory domain AXI) slave ports
34 * 0: registers accessed from secure resource only
35 * Bit 9: DBSC4 register access slave ports.
36 * 0: registers accessed from secure resource only.
37 */
38 #if (LIFEC_DBSC_PROTECT_ENABLE == 1)
39 { SEC_SEL3, 0xFFF7FDFFU },
40 #else /* LIFEC_DBSC_PROTECT_ENABLE == 1 */
41 { SEC_SEL3, 0xFFFFFFFFU },
42 #endif /* LIFEC_DBSC_PROTECT_ENABLE == 1 */
43 /*
44 * {SEC_SEL4, 0xFFFFFFFFU},
45 * Bit 6: Boot ROM slave ports.
46 * 0: registers accessed from secure resource only
47 */
48 { SEC_SEL5, 0xFFFFFFBFU },
49 /*
50 * Bit13: SCEG PKA (secure APB) slave ports
51 * 0: registers accessed from secure resource only
52 * 1: Reserved[R-Car E3/D3]
53 * Bit12: SCEG PKA (public APB) slave ports
54 * 0: registers accessed from secure resource only
55 * 1: Reserved[R-Car E3/D3]
56 * Bit10: SCEG Secure Core slave ports
57 * 0: registers accessed from secure resource only
58 */
59 #if (RCAR_LSI == RCAR_E3) || (RCAR_LSI == RCAR_D3)
60 { SEC_SEL6, 0xFFFFFBFFU },
61 #else /* (RCAR_LSI == RCAR_E3) || (RCAR_LSI == RCAR_D3) */
62 { SEC_SEL6, 0xFFFFCBFFU },
63 #endif /* (RCAR_LSI == RCAR_E3) || (RCAR_LSI == RCAR_D3) */
64 /*
65 * {SEC_SEL7, 0xFFFFFFFFU},
66 * {SEC_SEL8, 0xFFFFFFFFU},
67 * {SEC_SEL9, 0xFFFFFFFFU},
68 * {SEC_SEL10, 0xFFFFFFFFU},
69 * {SEC_SEL11, 0xFFFFFFFFU},
70 * {SEC_SEL12, 0xFFFFFFFFU},
71 * Bit22: RPC slave ports.
72 * 0: registers accessed from secure resource only.
73 */
74 #if (RCAR_RPC_HYPERFLASH_LOCKED == 1)
75 { SEC_SEL13, 0xFFBFFFFFU },
76 #endif /* (RCAR_RPC_HYPERFLASH_LOCKED == 1) */
77 /*
78 * Bit27: System Timer (SCMT) slave ports
79 * 0: registers accessed from secure resource only
80 * Bit26: System Watchdog Timer (SWDT) slave ports
81 * 0: registers accessed from secure resource only
82 */
83 { SEC_SEL14, 0xF3FFFFFFU },
84 /*
85 * Bit13: RST slave ports.
86 * 0: registers accessed from secure resource only
87 * Bit 7: Life Cycle 0 slave ports
88 * 0: registers accessed from secure resource only
89 */
90 { SEC_SEL15, 0xFFFFFF3FU },
91 /*
92 * Security group 0 attribute setting for master ports 0
93 * Security group 1 attribute setting for master ports 0
94 * {SEC_GRP0CR0, 0x00000000U},
95 * {SEC_GRP1CR0, 0x00000000U},
96 * Security group 0 attribute setting for master ports 1
97 * Security group 1 attribute setting for master ports 1
98 * {SEC_GRP0CR1, 0x00000000U},
99 * {SEC_GRP1CR1, 0x00000000U},
100 * Security group 0 attribute setting for master ports 2
101 * Security group 1 attribute setting for master ports 2
102 * Bit17: SCEG Secure Core master ports.
103 * SecurityGroup3
104 */
105 { SEC_GRP0CR2, 0x00020000U },
106 { SEC_GRP1CR2, 0x00020000U },
107 /*
108 * Security group 0 attribute setting for master ports 3
109 * Security group 1 attribute setting for master ports 3
110 */
111 { SEC_GRP0CR3, 0x00003780U },
112 { SEC_GRP1CR3, 0x00003780U },
113 /*
114 * Security group 0 attribute setting for slave ports 0
115 * Security group 1 attribute setting for slave ports 0
116 * {SEC_GRP0COND0, 0x00000000U},
117 * {SEC_GRP1COND0, 0x00000000U},
118 * Security group 0 attribute setting for slave ports 1
119 * Security group 1 attribute setting for slave ports 1
120 * {SEC_GRP0COND1, 0x00000000U},
121 * {SEC_GRP1COND1, 0x00000000U},
122 * Security group 0 attribute setting for slave ports 2
123 * Security group 1 attribute setting for slave ports 2
124 * {SEC_GRP0COND2, 0x00000000U},
125 * {SEC_GRP1COND2, 0x00000000U},
126 * Security group 0 attribute setting for slave ports 3
127 * Security group 1 attribute setting for slave ports 3
128 * Bit19: AXI-Bus (Main Memory domain AXI) slave ports.
129 * SecurityGroup3
130 * Bit 9: DBSC4 register access slave ports.
131 * SecurityGroup3
132 */
133 #if (LIFEC_DBSC_PROTECT_ENABLE == 1)
134 { SEC_GRP0COND3, 0x00080200U },
135 { SEC_GRP1COND3, 0x00080200U },
136 #else /* (LIFEC_DBSC_PROTECT_ENABLE == 1) */
137 { SEC_GRP0COND3, 0x00000000U },
138 { SEC_GRP1COND3, 0x00000000U },
139 #endif /* (LIFEC_DBSC_PROTECT_ENABLE == 1) */
140 /*
141 * Security group 0 attribute setting for slave ports 4
142 * Security group 1 attribute setting for slave ports 4
143 * {SEC_GRP0COND4, 0x00000000U},
144 * {SEC_GRP1COND4, 0x00000000U},
145 * Security group 0 attribute setting for slave ports 5
146 * Security group 1 attribute setting for slave ports 5
147 * Bit 6: Boot ROM slave ports
148 * SecurityGroup3
149 */
150 { SEC_GRP0COND5, 0x00000040U },
151 { SEC_GRP1COND5, 0x00000040U },
152 /*
153 * Security group 0 attribute setting for slave ports 6
154 * Security group 1 attribute setting for slave ports 6
155 * Bit13: SCEG PKA (secure APB) slave ports
156 * SecurityGroup3
157 * Reserved[R-Car E3/D3]
158 * Bit12: SCEG PKA (public APB) slave ports
159 * SecurityGroup3
160 * Reserved[R-Car E3/D3]
161 * Bit10: SCEG Secure Core slave ports
162 * SecurityGroup3
163 */
164 #if RCAR_LSI == RCAR_E3 || RCAR_LSI == RCAR_D3
165 { SEC_GRP0COND6, 0x00000400U },
166 { SEC_GRP1COND6, 0x00000400U },
167 #else /* RCAR_LSI == RCAR_E3 */
168 { SEC_GRP0COND6, 0x00003400U },
169 { SEC_GRP1COND6, 0x00003400U },
170 #endif /* RCAR_LSI == RCAR_E3 */
171 /*
172 * Security group 0 attribute setting for slave ports 7
173 * Security group 1 attribute setting for slave ports 7
174 * {SEC_GRP0COND7, 0x00000000U},
175 * {SEC_GRP1COND7, 0x00000000U},
176 * Security group 0 attribute setting for slave ports 8
177 * Security group 1 attribute setting for slave ports 8
178 * {SEC_GRP0COND8, 0x00000000U},
179 * {SEC_GRP1COND8, 0x00000000U},
180 * Security group 0 attribute setting for slave ports 9
181 * Security group 1 attribute setting for slave ports 9
182 * {SEC_GRP0COND9, 0x00000000U},
183 * {SEC_GRP1COND9, 0x00000000U},
184 * Security group 0 attribute setting for slave ports 10
185 * Security group 1 attribute setting for slave ports 10
186 * {SEC_GRP0COND10, 0x00000000U},
187 * {SEC_GRP1COND10, 0x00000000U},
188 * Security group 0 attribute setting for slave ports 11
189 * Security group 1 attribute setting for slave ports 11
190 * {SEC_GRP0COND11, 0x00000000U},
191 * {SEC_GRP1COND11, 0x00000000U},
192 * Security group 0 attribute setting for slave ports 12
193 * Security group 1 attribute setting for slave ports 12
194 * {SEC_GRP0COND12, 0x00000000U},
195 * {SEC_GRP1COND12, 0x00000000U},
196 * Security group 0 attribute setting for slave ports 13
197 * Security group 1 attribute setting for slave ports 13
198 * Bit22: RPC slave ports.
199 * SecurityGroup3
200 */
201 #if (RCAR_RPC_HYPERFLASH_LOCKED == 1)
202 { SEC_GRP0COND13, 0x00400000U },
203 { SEC_GRP1COND13, 0x00400000U },
204 #endif /* (RCAR_RPC_HYPERFLASH_LOCKED == 1) */
205 /*
206 * Security group 0 attribute setting for slave ports 14
207 * Security group 1 attribute setting for slave ports 14
208 * Bit26: System Timer (SCMT) slave ports
209 * SecurityGroup3
210 * Bit27: System Watchdog Timer (SWDT) slave ports
211 * SecurityGroup3
212 */
213 { SEC_GRP0COND14, 0x0C000000U },
214 { SEC_GRP1COND14, 0x0C000000U },
215 /*
216 * Security group 0 attribute setting for slave ports 15
217 * Security group 1 attribute setting for slave ports 15
218 * Bit13: RST slave ports
219 * SecurityGroup3
220 * Bit 7: Life Cycle 0 slave ports
221 * SecurityGroup3
222 * Bit 6: TDBG slave ports
223 * SecurityGroup3
224 */
225 { SEC_GRP0COND15, 0x000000C0U },
226 { SEC_GRP1COND15, 0x000000C0U },
227 /*
228 * Security write protection attribute setting slave ports 0
229 * {SEC_READONLY0, 0x00000000U},
230 * Security write protection attribute setting slave ports 1
231 * {SEC_READONLY1, 0x00000000U},
232 * Security write protection attribute setting slave ports 2
233 * {SEC_READONLY2, 0x00000000U},
234 * Security write protection attribute setting slave ports 3
235 * {SEC_READONLY3, 0x00000000U},
236 * Security write protection attribute setting slave ports 4
237 * {SEC_READONLY4, 0x00000000U},
238 * Security write protection attribute setting slave ports 5
239 * {SEC_READONLY5, 0x00000000U},
240 * Security write protection attribute setting slave ports 6
241 * {SEC_READONLY6, 0x00000000U},
242 * Security write protection attribute setting slave ports 7
243 * {SEC_READONLY7, 0x00000000U},
244 * Security write protection attribute setting slave ports 8
245 * {SEC_READONLY8, 0x00000000U},
246 * Security write protection attribute setting slave ports 9
247 * {SEC_READONLY9, 0x00000000U},
248 * Security write protection attribute setting slave ports 10
249 * {SEC_READONLY10, 0x00000000U},
250 * Security write protection attribute setting slave ports 11
251 * {SEC_READONLY11, 0x00000000U},
252 * Security write protection attribute setting slave ports 12
253 * {SEC_READONLY12, 0x00000000U},
254 * Security write protection attribute setting slave ports 13
255 * {SEC_READONLY13, 0x00000000U},
256 * Security write protection attribute setting slave ports 14
257 * {SEC_READONLY14, 0x00000000U},
258 * Security write protection attribute setting slave ports 15
259 * {SEC_READONLY15, 0x00000000U}
260 */
261 };
262
263 /* AXI settings */
264 struct axi_t {
265 uint32_t reg;
266 uint32_t val;
267 };
268
269 static const struct axi_t axi[] = {
270 /*
271 * SRAM ptotection
272 * AXI sram protected area division
273 */
274 {AXI_SPTDIVCR0, 0x0E0E6304U},
275 {AXI_SPTDIVCR1, 0x0E0E6360U},
276 {AXI_SPTDIVCR2, 0x0E0E6360U},
277 {AXI_SPTDIVCR3, 0x0E0E6360U},
278 {AXI_SPTDIVCR4, 0x0E0E6360U},
279 {AXI_SPTDIVCR5, 0x0E0E6360U},
280 {AXI_SPTDIVCR6, 0x0E0E6360U},
281 {AXI_SPTDIVCR7, 0x0E0E6360U},
282 {AXI_SPTDIVCR8, 0x0E0E6360U},
283 {AXI_SPTDIVCR9, 0x0E0E6360U},
284 {AXI_SPTDIVCR10, 0x0E0E6360U},
285 {AXI_SPTDIVCR11, 0x0E0E6360U},
286 {AXI_SPTDIVCR12, 0x0E0E6360U},
287 {AXI_SPTDIVCR13, 0x0E0E6360U},
288 {AXI_SPTDIVCR14, 0x0E0E6360U},
289 /* AXI sram protected area setting */
290 {AXI_SPTCR0, 0x0E000E0EU},
291 {AXI_SPTCR1, 0x0E000000U},
292 {AXI_SPTCR2, 0x0E000000U},
293 {AXI_SPTCR3, 0x0E000000U},
294 {AXI_SPTCR4, 0x0E000000U},
295 {AXI_SPTCR5, 0x0E000000U},
296 {AXI_SPTCR6, 0x0E000000U},
297 {AXI_SPTCR7, 0x0E000000U},
298 {AXI_SPTCR8, 0x0E000000U},
299 {AXI_SPTCR9, 0x0E000000U},
300 {AXI_SPTCR10, 0x0E000000U},
301 {AXI_SPTCR11, 0x0E000000U},
302 {AXI_SPTCR12, 0x0E000000U},
303 {AXI_SPTCR13, 0x0E000000U},
304 {AXI_SPTCR14, 0x0E000000U},
305 {AXI_SPTCR15, 0x0E000000U}
306 };
307
308 static const struct axi_t axi_dram[] = {
309 /*
310 * DRAM protection
311 * AXI dram protected area division
312 */
313 {AXI_DPTDIVCR0, 0x0E0403F0U},
314 {AXI_DPTDIVCR1, 0x0E0407E0U},
315 {AXI_DPTDIVCR2, 0x0E080000U},
316 {AXI_DPTDIVCR3, 0x0E080000U},
317 {AXI_DPTDIVCR4, 0x0E080000U},
318 {AXI_DPTDIVCR5, 0x0E080000U},
319 {AXI_DPTDIVCR6, 0x0E080000U},
320 {AXI_DPTDIVCR7, 0x0E080000U},
321 {AXI_DPTDIVCR8, 0x0E080000U},
322 {AXI_DPTDIVCR9, 0x0E080000U},
323 {AXI_DPTDIVCR10, 0x0E080000U},
324 {AXI_DPTDIVCR11, 0x0E080000U},
325 {AXI_DPTDIVCR12, 0x0E080000U},
326 {AXI_DPTDIVCR13, 0x0E080000U},
327 {AXI_DPTDIVCR14, 0x0E080000U},
328 /* AXI dram protected area setting */
329 {AXI_DPTCR0, 0x0E000000U},
330 {AXI_DPTCR1, 0x0E000E0EU},
331 {AXI_DPTCR2, 0x0E000000U},
332 {AXI_DPTCR3, 0x0E000000U},
333 {AXI_DPTCR4, 0x0E000000U},
334 {AXI_DPTCR5, 0x0E000000U},
335 {AXI_DPTCR6, 0x0E000000U},
336 {AXI_DPTCR7, 0x0E000000U},
337 {AXI_DPTCR8, 0x0E000000U},
338 {AXI_DPTCR9, 0x0E000000U},
339 {AXI_DPTCR10, 0x0E000000U},
340 {AXI_DPTCR11, 0x0E000000U},
341 {AXI_DPTCR12, 0x0E000000U},
342 {AXI_DPTCR13, 0x0E000000U},
343 {AXI_DPTCR14, 0x0E000000U},
344 {AXI_DPTCR15, 0x0E000000U},
345 /* AXI sram protected area setting */
346 {AXI_SPTCR15, 0x0E000000U}
347 };
348
lifec_security_setting(void)349 static void lifec_security_setting(void)
350 {
351 uint32_t i;
352
353 for (i = 0; i < ARRAY_SIZE(lifec); i++)
354 mmio_write_32(lifec[i].reg, lifec[i].val);
355 }
356
357 /* SRAM protection setting */
axi_security_setting(void)358 static void axi_security_setting(void)
359 {
360 uint32_t i;
361
362 for (i = 0; i < ARRAY_SIZE(axi); i++)
363 mmio_write_32(axi[i].reg, axi[i].val);
364 }
365
366 /* DRAM protection setting */
bl2_ram_security_setting_finish(void)367 void bl2_ram_security_setting_finish(void)
368 {
369 uint32_t i;
370
371 for (i = 0; i < ARRAY_SIZE(axi_dram); i++)
372 mmio_write_32(axi_dram[i].reg, axi_dram[i].val);
373 }
374
bl2_secure_setting(void)375 void bl2_secure_setting(void)
376 {
377 lifec_security_setting();
378 axi_security_setting();
379 rcar_micro_delay(10U);
380 }
381