summaryrefslogtreecommitdiff
path: root/arch/arm/cpu/armv7
diff options
context:
space:
mode:
Diffstat (limited to 'arch/arm/cpu/armv7')
-rw-r--r--arch/arm/cpu/armv7/am33xx/Kconfig87
-rw-r--r--arch/arm/cpu/armv7/am33xx/config.mk24
-rw-r--r--arch/arm/cpu/armv7/omap-common/Kconfig2
-rw-r--r--arch/arm/cpu/armv7/omap-common/emif-common.c15
-rw-r--r--arch/arm/cpu/armv7/omap5/Kconfig26
-rw-r--r--arch/arm/cpu/armv7/omap5/Makefile1
-rw-r--r--arch/arm/cpu/armv7/omap5/fdt.c64
-rw-r--r--arch/arm/cpu/armv7/omap5/sec-fxns.c126
8 files changed, 338 insertions, 7 deletions
diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig b/arch/arm/cpu/armv7/am33xx/Kconfig
index 2d7d1fc4f1..8fd32c2a46 100644
--- a/arch/arm/cpu/armv7/am33xx/Kconfig
+++ b/arch/arm/cpu/armv7/am33xx/Kconfig
@@ -1,3 +1,88 @@
+if AM33XX
+
+choice
+ prompt "AM33xx board select"
+ optional
+
+config TARGET_AM335X_EVM
+ bool "Support am335x_evm"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+ select TI_I2C_BOARD_DETECT
+ help
+ This option specifies support for the AM335x
+ GP and HS EVM development platforms. The AM335x
+ GP EVM is a standalone test, development, and
+ evaluation module system that enables developers
+ to write software and develop hardware around
+ an AM335x processor subsystem.
+
+config TARGET_AM335X_BALTOS
+ bool "Support am335x_baltos"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_AM335X_IGEP0033
+ bool "Support am335x_igep0033"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_AM335X_SHC
+ bool "Support am335x based shc board from bosch"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_AM335X_SL50
+ bool "Support am335x_sl50"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_BAV335X
+ bool "Support bav335x"
+ select DM
+ select DM_SERIAL
+ help
+ The BAV335x OEM Network Processor integrates all the functions of an
+ embedded network computer in a small, easy to use SODIMM module which
+ incorporates the popular Texas Instruments Sitara 32bit ARM Coretex-A8
+ processor, with fast DDR3 512MB SDRAM, 4GB of embedded MMC and a Gigabit
+ ethernet with simple connection to external connectors.
+
+ For more information, visit: http://birdland.com/oem
+
+config TARGET_CM_T335
+ bool "Support cm_t335"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_PCM051
+ bool "Support pcm051"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_PENGWYN
+ bool "Support pengwyn"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+config TARGET_PEPPER
+ bool "Support pepper"
+ select DM
+ select DM_SERIAL
+ select DM_GPIO
+
+endchoice
+
+endif
+
if AM43XX
config SPL_EXT_SUPPORT
@@ -19,7 +104,9 @@ config TARGET_AM43XX_EVM
evaluation module system that enables developers
to write software and develop hardware around
an AM43xx processor subsystem.
+endif
+if AM43XX || AM33XX
config ISW_ENTRY_ADDR
hex "Address in memory or XIP flash of bootloader entry point"
help
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk
index d4eb21ca14..87b76d96a8 100644
--- a/arch/arm/cpu/armv7/am33xx/config.mk
+++ b/arch/arm/cpu/armv7/am33xx/config.mk
@@ -12,16 +12,32 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
# For booting from SPI use
# u-boot-spl_HS_SPI_X-LOADER to program flash
#
-# For booting spl from all other media
-# use u-boot-spl_HS_ISSW
+# On AM43XX:
+#
+# For booting spl from all other media use
+# u-boot-spl_HS_ISSW
+#
+# On AM33XX:
+#
+# For booting spl from NAND flash use
+# u-boot-spl_HS_X-LOADER
+#
+# For booting spl from SD/MMC/eMMC media use
+# u-boot-spl_HS_MLO
+#
+# For booting spl over UART, USB, or Ethernet use
+# u-boot-spl_HS_2ND
#
# Refer to README.ti-secure for more info
#
ALL-y += u-boot-spl_HS_ISSW
-ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER
+ALL-y += u-boot-spl_HS_SPI_X-LOADER
+ALL-y += u-boot-spl_HS_X-LOADER
+ALL-y += u-boot-spl_HS_MLO
+ALL-y += u-boot-spl_HS_2ND
else
ALL-y += MLO
-ALL-$(CONFIG_SPL_SPI_SUPPORT) += MLO.byteswap
+ALL-y += MLO.byteswap
endif
else
ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig
index 7b39506ae8..4daccd93ff 100644
--- a/arch/arm/cpu/armv7/omap-common/Kconfig
+++ b/arch/arm/cpu/armv7/omap-common/Kconfig
@@ -1,6 +1,6 @@
config TI_SECURE_DEVICE
bool "HS Device Type Support"
- depends on OMAP54XX || AM43XX
+ depends on OMAP54XX || AM43XX || AM33XX
help
If a high secure (HS) device type is being used, this config
must be set. This option impacts various aspects of the
diff --git a/arch/arm/cpu/armv7/omap-common/emif-common.c b/arch/arm/cpu/armv7/omap-common/emif-common.c
index 2b790105b0..b26984e26c 100644
--- a/arch/arm/cpu/armv7/omap-common/emif-common.c
+++ b/arch/arm/cpu/armv7/omap-common/emif-common.c
@@ -14,6 +14,7 @@
#include <asm/arch/clock.h>
#include <asm/arch/sys_proto.h>
#include <asm/omap_common.h>
+#include <asm/omap_sec_common.h>
#include <asm/utils.h>
#include <linux/compiler.h>
@@ -1477,6 +1478,20 @@ void sdram_init(void)
debug("get_ram_size() successful");
}
+#if defined(CONFIG_TI_SECURE_DEVICE)
+ /*
+ * On HS devices, do static EMIF firewall configuration
+ * but only do it if not already running in SDRAM
+ */
+ if (!in_sdram)
+ if (0 != secure_emif_reserve())
+ hang();
+
+ /* On HS devices, ensure static EMIF firewall APIs are locked */
+ if (0 != secure_emif_firewall_lock())
+ hang();
+#endif
+
if (sdram_type == EMIF_SDRAM_TYPE_DDR3 &&
(!in_sdram && !warm_reset()) && (!is_dra7xx())) {
if (emif1_enabled)
diff --git a/arch/arm/cpu/armv7/omap5/Kconfig b/arch/arm/cpu/armv7/omap5/Kconfig
index ef68c535df..a947ba4d98 100644
--- a/arch/arm/cpu/armv7/omap5/Kconfig
+++ b/arch/arm/cpu/armv7/omap5/Kconfig
@@ -57,6 +57,32 @@ endchoice
config SYS_SOC
default "omap5"
+config TI_SECURE_EMIF_REGION_START
+ hex "Reserved EMIF region start address"
+ depends on TI_SECURE_DEVICE
+ default 0x0
+ help
+ Reserved EMIF region start address. Set to "0" to auto-select
+ to be at the end of the external memory region.
+
+config TI_SECURE_EMIF_TOTAL_REGION_SIZE
+ hex "Reserved EMIF region size"
+ depends on TI_SECURE_DEVICE
+ default 0x0
+ help
+ Total reserved EMIF region size. Default is 0, which means no reserved EMIF
+ region on secure devices.
+
+config TI_SECURE_EMIF_PROTECTED_REGION_SIZE
+ hex "Size of protected region within reserved EMIF region"
+ depends on TI_SECURE_DEVICE
+ default 0x0
+ help
+ This config option is used to specify the size of the portion of the total
+ reserved EMIF region set aside for secure OS needs that will be protected
+ using hardware memory firewalls. This value must be smaller than the
+ TI_SECURE_EMIF_TOTAL_REGION_SIZE value.
+
source "board/compulab/cm_t54/Kconfig"
source "board/ti/omap5_uevm/Kconfig"
source "board/ti/dra7xx/Kconfig"
diff --git a/arch/arm/cpu/armv7/omap5/Makefile b/arch/arm/cpu/armv7/omap5/Makefile
index 3caba86791..0212df73c1 100644
--- a/arch/arm/cpu/armv7/omap5/Makefile
+++ b/arch/arm/cpu/armv7/omap5/Makefile
@@ -14,3 +14,4 @@ obj-y += hw_data.o
obj-y += abb.o
obj-y += fdt.o
obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o
+obj-$(CONFIG_TI_SECURE_DEVICE) += sec-fxns.o
diff --git a/arch/arm/cpu/armv7/omap5/fdt.c b/arch/arm/cpu/armv7/omap5/fdt.c
index 0493cd1eab..da8d59bb59 100644
--- a/arch/arm/cpu/armv7/omap5/fdt.c
+++ b/arch/arm/cpu/armv7/omap5/fdt.c
@@ -153,13 +153,73 @@ static int ft_hs_fixup_sram(void *fdt, bd_t *bd)
static int ft_hs_fixup_sram(void *fdt, bd_t *bd) { return 0; }
#endif
+#if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE != 0)
+static int ft_hs_fixup_dram(void *fdt, bd_t *bd)
+{
+ const char *path, *subpath;
+ int offs;
+ u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
+ u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
+ fdt64_t temp[2];
+
+ /* If start address is zero, place at end of DRAM */
+ if (0 == sec_mem_start)
+ sec_mem_start =
+ (CONFIG_SYS_SDRAM_BASE +
+ (omap_sdram_size() - sec_mem_size));
+
+ /* Delete any original secure_reserved node */
+ path = "/reserved-memory/secure_reserved";
+ offs = fdt_path_offset(fdt, path);
+ if (offs >= 0)
+ fdt_del_node(fdt, offs);
+
+ /* Add new secure_reserved node */
+ path = "/reserved-memory";
+ offs = fdt_path_offset(fdt, path);
+ if (offs < 0) {
+ debug("Node %s not found\n", path);
+ path = "/";
+ subpath = "reserved-memory";
+ fdt_path_offset(fdt, path);
+ offs = fdt_add_subnode(fdt, offs, subpath);
+ if (offs < 0) {
+ printf("Could not create %s%s node.\n", path, subpath);
+ return 1;
+ }
+ path = "/reserved-memory";
+ offs = fdt_path_offset(fdt, path);
+ }
+
+ subpath = "secure_reserved";
+ offs = fdt_add_subnode(fdt, offs, subpath);
+ if (offs < 0) {
+ printf("Could not create %s%s node.\n", path, subpath);
+ return 1;
+ }
+
+ temp[0] = cpu_to_fdt64(((u64)sec_mem_start));
+ temp[1] = cpu_to_fdt64(((u64)sec_mem_size));
+ fdt_setprop_string(fdt, offs, "compatible",
+ "ti,dra7-secure-memory");
+ fdt_setprop_string(fdt, offs, "status", "okay");
+ fdt_setprop(fdt, offs, "no-map", NULL, 0);
+ fdt_setprop(fdt, offs, "reg", temp, sizeof(temp));
+
+ return 0;
+}
+#else
+static int ft_hs_fixup_dram(void *fdt, bd_t *bd) { return 0; }
+#endif
+
static void ft_hs_fixups(void *fdt, bd_t *bd)
{
/* Check we are running on an HS/EMU device type */
if (GP_DEVICE != get_device_type()) {
if ((ft_hs_fixup_crossbar(fdt, bd) == 0) &&
(ft_hs_disable_rng(fdt, bd) == 0) &&
- (ft_hs_fixup_sram(fdt, bd) == 0))
+ (ft_hs_fixup_sram(fdt, bd) == 0) &&
+ (ft_hs_fixup_dram(fdt, bd) == 0))
return;
} else {
printf("ERROR: Incorrect device type (GP) detected!");
@@ -171,7 +231,7 @@ static void ft_hs_fixups(void *fdt, bd_t *bd)
static void ft_hs_fixups(void *fdt, bd_t *bd)
{
}
-#endif
+#endif /* #ifdef CONFIG_TI_SECURE_DEVICE */
/*
* Place for general cpu/SoC FDT fixups. Board specific
diff --git a/arch/arm/cpu/armv7/omap5/sec-fxns.c b/arch/arm/cpu/armv7/omap5/sec-fxns.c
new file mode 100644
index 0000000000..33d4ea4eac
--- /dev/null
+++ b/arch/arm/cpu/armv7/omap5/sec-fxns.c
@@ -0,0 +1,126 @@
+/*
+ *
+ * Security related functions for OMAP5 class devices
+ *
+ * (C) Copyright 2016
+ * Texas Instruments, <www.ti.com>
+ *
+ * Daniel Allred <d-allred@ti.com>
+ * Harinarayan Bhatta <harinarayan@ti.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <stdarg.h>
+
+#include <asm/arch/sys_proto.h>
+#include <asm/omap_common.h>
+#include <asm/omap_sec_common.h>
+#include <asm/spl.h>
+#include <spl.h>
+
+/* Index for signature PPA-based TI HAL APIs */
+#define PPA_HAL_SERVICES_START_INDEX (0x200)
+#define PPA_SERV_HAL_SETUP_SEC_RESVD_REGION (PPA_HAL_SERVICES_START_INDEX + 25)
+#define PPA_SERV_HAL_SETUP_EMIF_FW_REGION (PPA_HAL_SERVICES_START_INDEX + 26)
+#define PPA_SERV_HAL_LOCK_EMIF_FW (PPA_HAL_SERVICES_START_INDEX + 27)
+
+static u32 get_sec_mem_start(void)
+{
+ u32 sec_mem_start = CONFIG_TI_SECURE_EMIF_REGION_START;
+ u32 sec_mem_size = CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE;
+ /*
+ * Total reserved region is all contiguous with protected
+ * region coming first, followed by the non-secure region.
+ * If 0x0 start address is given, we simply put the reserved
+ * region at the end of the external DRAM.
+ */
+ if (sec_mem_start == 0)
+ sec_mem_start =
+ (CONFIG_SYS_SDRAM_BASE +
+ (omap_sdram_size() - sec_mem_size));
+ return sec_mem_start;
+}
+
+int secure_emif_firewall_setup(uint8_t region_num, uint32_t start_addr,
+ uint32_t size, uint32_t access_perm,
+ uint32_t initiator_perm)
+{
+ int result = 1;
+
+ /*
+ * Call PPA HAL API to do any other general firewall
+ * configuration for regions 1-6 of the EMIF firewall.
+ */
+ debug("%s: regionNum = %x, startAddr = %x, size = %x", __func__,
+ region_num, start_addr, size);
+
+ result = secure_rom_call(
+ PPA_SERV_HAL_SETUP_EMIF_FW_REGION, 0, 0, 4,
+ (start_addr & 0xFFFFFFF0) | (region_num & 0x0F),
+ size, access_perm, initiator_perm);
+
+ if (result != 0) {
+ puts("Secure EMIF Firewall Setup failed!\n");
+ debug("Return Value = %x\n", result);
+ }
+
+ return result;
+}
+
+#if (CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE < \
+ CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE)
+#error "TI Secure EMIF: Protected size cannot be larger than total size."
+#endif
+int secure_emif_reserve(void)
+{
+ int result = 1;
+ u32 sec_mem_start = get_sec_mem_start();
+ u32 sec_prot_size = CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE;
+
+ /* If there is no protected region, there is no reservation to make */
+ if (sec_prot_size == 0)
+ return 0;
+
+ /*
+ * Call PPA HAL API to reserve a chunk of EMIF SDRAM
+ * for secure world use. This region should be carved out
+ * from use by any public code. EMIF firewall region 7
+ * will be used to protect this block of memory.
+ */
+ result = secure_rom_call(
+ PPA_SERV_HAL_SETUP_SEC_RESVD_REGION,
+ 0, 0, 2, sec_mem_start, sec_prot_size);
+
+ if (result != 0) {
+ puts("SDRAM Firewall: Secure memory reservation failed!\n");
+ debug("Return Value = %x\n", result);
+ }
+
+ return result;
+}
+
+int secure_emif_firewall_lock(void)
+{
+ int result = 1;
+
+ /*
+ * Call PPA HAL API to lock the EMIF firewall configurations.
+ * After this API is called, none of the PPA HAL APIs for
+ * configuring the EMIF firewalls will be usable again (that
+ * is, calls to those APIs will return failure and have no
+ * effect).
+ */
+
+ result = secure_rom_call(
+ PPA_SERV_HAL_LOCK_EMIF_FW,
+ 0, 0, 0);
+
+ if (result != 0) {
+ puts("Secure EMIF Firewall Lock failed!\n");
+ debug("Return Value = %x\n", result);
+ }
+
+ return result;
+}