summaryrefslogtreecommitdiff
path: root/arch/arm/mach-socfpga/firewall.c
blob: 69229dc651e4ffe2e7913c66b3da22ade38ca9de (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (C) 2016-2019 Intel Corporation <www.intel.com>
 *
 */

#include <asm/io.h>
#include <common.h>
#include <asm/arch/firewall.h>
#include <asm/arch/system_manager.h>

static void firewall_l4_per_disable(void)
{
	const struct socfpga_firwall_l4_per *firwall_l4_per_base =
		(struct socfpga_firwall_l4_per *)SOCFPGA_FIREWALL_L4_PER;
	u32 i;
	const u32 *addr[] = {
			&firwall_l4_per_base->nand,
			&firwall_l4_per_base->nand_data,
			&firwall_l4_per_base->usb0,
			&firwall_l4_per_base->usb1,
			&firwall_l4_per_base->spim0,
			&firwall_l4_per_base->spim1,
			&firwall_l4_per_base->emac0,
			&firwall_l4_per_base->emac1,
			&firwall_l4_per_base->emac2,
			&firwall_l4_per_base->sdmmc,
			&firwall_l4_per_base->gpio0,
			&firwall_l4_per_base->gpio1,
			&firwall_l4_per_base->i2c0,
			&firwall_l4_per_base->i2c1,
			&firwall_l4_per_base->i2c2,
			&firwall_l4_per_base->i2c3,
			&firwall_l4_per_base->i2c4,
			&firwall_l4_per_base->timer0,
			&firwall_l4_per_base->timer1,
			&firwall_l4_per_base->uart0,
			&firwall_l4_per_base->uart1
			};

	/*
	 * The following lines of code will enable non-secure access
	 * to nand, usb, spi, emac, sdmmc, gpio, i2c, timers and uart. This
	 * is needed as most OS run in non-secure mode. Thus we need to
	 * enable non-secure access to these peripherals in order for the
	 * OS to use these peripherals.
	 */
	for (i = 0; i < ARRAY_SIZE(addr); i++)
		writel(FIREWALL_L4_DISABLE_ALL, addr[i]);
}

static void firewall_l4_sys_disable(void)
{
	const struct socfpga_firwall_l4_sys *firwall_l4_sys_base =
		(struct socfpga_firwall_l4_sys *)SOCFPGA_FIREWALL_L4_SYS;
	u32 i;
	const u32 *addr[] = {
			&firwall_l4_sys_base->dma_ecc,
			&firwall_l4_sys_base->emac0rx_ecc,
			&firwall_l4_sys_base->emac0tx_ecc,
			&firwall_l4_sys_base->emac1rx_ecc,
			&firwall_l4_sys_base->emac1tx_ecc,
			&firwall_l4_sys_base->emac2rx_ecc,
			&firwall_l4_sys_base->emac2tx_ecc,
			&firwall_l4_sys_base->nand_ecc,
			&firwall_l4_sys_base->nand_read_ecc,
			&firwall_l4_sys_base->nand_write_ecc,
			&firwall_l4_sys_base->ocram_ecc,
			&firwall_l4_sys_base->sdmmc_ecc,
			&firwall_l4_sys_base->usb0_ecc,
			&firwall_l4_sys_base->usb1_ecc,
			&firwall_l4_sys_base->clock_manager,
			&firwall_l4_sys_base->io_manager,
			&firwall_l4_sys_base->reset_manager,
			&firwall_l4_sys_base->system_manager,
			&firwall_l4_sys_base->watchdog0,
			&firwall_l4_sys_base->watchdog1,
			&firwall_l4_sys_base->watchdog2,
			&firwall_l4_sys_base->watchdog3
		};

	for (i = 0; i < ARRAY_SIZE(addr); i++)
		writel(FIREWALL_L4_DISABLE_ALL, addr[i]);
}

static void firewall_bridge_disable(void)
{
	/* disable lwsocf2fpga and soc2fpga bridge security */
	writel(FIREWALL_BRIDGE_DISABLE_ALL, SOCFPGA_FIREWALL_SOC2FPGA);
	writel(FIREWALL_BRIDGE_DISABLE_ALL, SOCFPGA_FIREWALL_LWSOC2FPGA);
}

void firewall_setup(void)
{
	firewall_l4_per_disable();
	firewall_l4_sys_disable();
	firewall_bridge_disable();

	/* disable SMMU security */
	writel(FIREWALL_L4_DISABLE_ALL, SOCFPGA_FIREWALL_TCU);

	/* enable non-secure interface to DMA330 DMA and peripherals */
	writel(SYSMGR_DMA_IRQ_NS | SYSMGR_DMA_MGR_NS,
	       socfpga_get_sysmgr_addr() + SYSMGR_SOC64_DMA);
	writel(SYSMGR_DMAPERIPH_ALL_NS,
	       socfpga_get_sysmgr_addr() + SYSMGR_SOC64_DMA_PERIPH);
}