From c13016bac6a6960acbbfb3e0176e1894a7e9fa3a Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Wed, 28 Feb 2024 16:38:04 +0100 Subject: [PATCH 1/8] fix(imx8m): fix CSU_SA_REG to work with all sa registers The csu found in the imx8mp has 3 csu_sa registers, before the fix not all of them could be addressed. The defines itself was imported from NXP's downstream version of the trusted-firmware-a version 2.8[1]. [1]: https://github.com/nxp-imx/imx-atf/commit/0c52279fc4 Change-Id: Ia3653118bba82df9244c819a5c5f37bdc4e89c49 Signed-off-by: Ji Luo Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/include/imx8m_csu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx8m/include/imx8m_csu.h b/plat/imx/imx8m/include/imx8m_csu.h index dc634ed91..19d86fd42 100644 --- a/plat/imx/imx8m/include/imx8m_csu.h +++ b/plat/imx/imx8m/include/imx8m_csu.h @@ -31,7 +31,7 @@ #define CSU_HP_LOCK(x) ((0x1 << (((x) % 16) * 2 + 1))) #define CSU_HP_CFG(x, n) ((x) << (((n) % 16) * 2)) -#define CSU_SA_REG(x) (IMX_CSU_BASE + 0x218) +#define CSU_SA_REG(x) (IMX_CSU_BASE + (((x) / 16) * 4) + 0x218) #define CSU_SA_LOCK(x) ((0x1 << (((x) % 16) * 2 + 1))) #define CSU_SA_CFG(x, n) ((x) << (((n) % 16) * 2)) From 2ac4909a5ec0a50a75cab9bb587fb1b8e592794d Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Wed, 28 Feb 2024 16:36:42 +0100 Subject: [PATCH 2/8] feat(imx8m): add imx csu_sa enum type defines for imx8m This ports the missing enum defines for the central security unit found in NXPs i.MX8M socs. The defines itself where imported from NXP's downstream version of the trusted-firmware-a version 2.8[1]. [1]: https://github.com/nxp-imx/imx-atf/commit/0c52279fc4 Change-Id: Iad0c5d3733e9d29ead86334ba4bc5ce915018142 Signed-off-by: Ji Luo Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/imx8mm/include/imx_sec_def.h | 22 +++++++++++++ plat/imx/imx8m/imx8mn/include/imx_sec_def.h | 19 +++++++++++ plat/imx/imx8m/imx8mp/include/imx_sec_def.h | 35 +++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/plat/imx/imx8m/imx8mm/include/imx_sec_def.h b/plat/imx/imx8m/imx8mm/include/imx_sec_def.h index 62159837d..d53c922d3 100644 --- a/plat/imx/imx8m/imx8mm/include/imx_sec_def.h +++ b/plat/imx/imx8m/imx8mm/include/imx_sec_def.h @@ -213,4 +213,26 @@ enum csu_csl_idx { CSU_CSL_CAAM = 114, }; +enum csu_sa_idx { + CSU_SA_M4 = 1, + CSU_SA_SDMA1 = 2, + CSU_SA_PCIE_CTRL1 = 3, + CSU_SA_USB1 = 4, + CSU_SA_USB2 = 5, + CSU_SA_VPU = 6, + CSU_SA_GPU = 7, + CSU_SA_APBHDMA = 8, + CSU_SA_ENET = 9, + CSU_SA_USDHC1 = 10, + CSU_SA_USDHC2 = 11, + CSU_SA_USDHC3 = 12, + CSU_SA_HUGO = 13, + CSU_SA_DAP = 14, + CSU_SA_SDMA2 = 15, + CSU_SA_CAAM = 16, + CSU_SA_SDMA3 = 17, + CSU_SA_LCDIF = 18, + CSU_SA_CSI = 19, +}; + #endif /* IMX_SEC_DEF_H */ diff --git a/plat/imx/imx8m/imx8mn/include/imx_sec_def.h b/plat/imx/imx8m/imx8mn/include/imx_sec_def.h index 0ef14a90b..83c5fa951 100644 --- a/plat/imx/imx8m/imx8mn/include/imx_sec_def.h +++ b/plat/imx/imx8m/imx8mn/include/imx_sec_def.h @@ -207,4 +207,23 @@ enum csu_csl_idx { CSU_CSL_OCRAM_S = 119, }; +enum csu_sa_idx { + CSU_SA_M7 = 1, + CSU_SA_SDMA1 = 2, + CSU_SA_USB1 = 4, + CSU_SA_GPU = 7, + CSU_SA_APBHDMA = 8, + CSU_SA_ENET1 = 9, + CSU_SA_USDHC1 = 10, + CSU_SA_USDHC2 = 11, + CSU_SA_USDHC3 = 12, + CSU_SA_HUGO = 13, + CSU_SA_DAP = 14, + CSU_SA_SDMA2 = 15, + CSU_SA_CAAM = 16, + CSU_SA_SDMA3 = 17, + CSU_SA_LCDIF = 18, + CSU_SA_ISI = 19, +}; + #endif /* IMX_SEC_DEF_H */ diff --git a/plat/imx/imx8m/imx8mp/include/imx_sec_def.h b/plat/imx/imx8m/imx8mp/include/imx_sec_def.h index ba248b592..1ba30339c 100644 --- a/plat/imx/imx8m/imx8mp/include/imx_sec_def.h +++ b/plat/imx/imx8m/imx8mp/include/imx_sec_def.h @@ -269,6 +269,41 @@ enum csu_csl_idx { CSU_CSL_OCRAM_A = 113, CSU_CSL_OCRAM = 118, CSU_CSL_OCRAM_S = 119, + CSU_CSL_VPU = 120, +}; + +enum csu_sa_idx { + CSU_SA_M7 = 1, + CSU_SA_SDMA1 = 2, + CSU_SA_PCIE_CTRL1 = 3, + CSU_SA_USB1 = 4, + CSU_SA_USB2 = 6, + CSU_SA_APB_HDMA = 8, + CSU_SA_ENET1 = 9, + CSU_SA_USDHC1 = 10, + CSU_SA_USDHC2 = 11, + CSU_SA_USDHC3 = 12, + CSU_SA_HUGO = 13, + CSU_SA_DAP = 14, + CSU_SA_SDMA2 = 15, + CSU_SA_CAAM = 16, + CSU_SA_SDMA3 = 17, + CSU_SA_LCDIF1 = 18, + CSU_SA_ISI = 19, + CSU_SA_NPU = 20, + CSU_SA_LCDIF2 = 21, + CSU_SA_HDMI_TX = 22, + CSU_SA_ENET2 = 23, + CSU_SA_GPU3D = 24, + CSU_SA_GPU2D = 25, + CSU_SA_VPU_G1 = 26, + CSU_SA_VPU_G2 = 27, + CSU_SA_VPU_VC8000E = 28, + CSU_SA_AUDIO_EDMA = 29, + CSU_SA_ISP1 = 30, + CSU_SA_ISP2 = 31, + CSU_SA_DEWARP = 32, + CSU_SA_GIC500 = 33, }; #endif /* IMX_SEC_DEF_H */ From 81de50372c9192098118fc8bddaf086a620add87 Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Wed, 28 Feb 2024 15:23:49 +0100 Subject: [PATCH 3/8] feat(imx8m): add defines for csu_sa access security This enables the usage of speaking defines instead of magic numbers: CSU_SA(CSU_SA_SDMA1, 1, LOCKED) becomes: CSU_SA(CSU_SA_SDMA1, NON_SEC_ACCESS, LOCKED) Change-Id: Idcabcda677bf7840084a2ea66d321b50aa0b2b20 Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/include/imx8m_csu.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plat/imx/imx8m/include/imx8m_csu.h b/plat/imx/imx8m/include/imx8m_csu.h index 19d86fd42..572b02995 100644 --- a/plat/imx/imx8m/include/imx8m_csu.h +++ b/plat/imx/imx8m/include/imx8m_csu.h @@ -20,6 +20,9 @@ #define CSU_SEC_LEVEL_6 0x03 #define CSU_SEC_LEVEL_7 0x0 +#define SEC_ACCESS 0x0 +#define NON_SEC_ACCESS 0x1 + #define LOCKED 0x1 #define UNLOCKED 0x0 From f4b11e59b81af3e485e6992b10b50b362902eee1 Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Mon, 4 Mar 2024 12:00:24 +0100 Subject: [PATCH 4/8] feat(imx8mm): set and lock almost all peripherals as non-secure This sets and locks all peripheral type-1 masters, except CAAM, access as non-secure, so that they can't access secure world resources from the normal world. The CAAM itself is TrustZone aware and handles memory access between the normal world and the secure world on its own. Pinning it as non-secure access results in bus aborts if the secure memory region is protected by the TZASC380. Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4 Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c index dc9dd5949..f57928141 100644 --- a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c +++ b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c @@ -82,6 +82,24 @@ static const struct imx_csu_cfg csu_cfg[] = { /* master HP0~1 */ /* SA setting */ + CSU_SA(CSU_SA_M4, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_PCIE_CTRL1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USB1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USB2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_VPU, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_GPU, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_APBHDMA, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ENET, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC3, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_HUGO, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_DAP, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA3, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_LCDIF, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_CSI, NON_SEC_ACCESS, LOCKED), /* HP control setting */ From 1156c76361c170c83c6b9a9dd7c22aa401a4ce2e Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Mon, 4 Mar 2024 12:00:57 +0100 Subject: [PATCH 5/8] feat(imx8mm): restrict peripheral access to secure world This restricts and locks all security relevant peripherals to only be changeable by the secure world. Otherwise the normal world can simply change the access settings and defeat all security measures put in place. Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266 Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c index f57928141..bff8fb4e8 100644 --- a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c +++ b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c @@ -77,7 +77,9 @@ static const struct imx_rdc_cfg rdc[] = { static const struct imx_csu_cfg csu_cfg[] = { /* peripherals csl setting */ - CSU_CSLx(0x1, CSU_SEC_LEVEL_0, UNLOCKED), + CSU_CSLx(CSU_CSL_RDC, CSU_SEC_LEVEL_3, LOCKED), + CSU_CSLx(CSU_CSL_TZASC, CSU_SEC_LEVEL_5, LOCKED), + CSU_CSLx(CSU_CSL_CSU, CSU_SEC_LEVEL_5, LOCKED), /* master HP0~1 */ From cba7daa10576684670e06d05ff02888a5b4f16bf Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Mon, 4 Mar 2024 11:54:37 +0100 Subject: [PATCH 6/8] feat(imx8mp): set and lock almost all peripherals as non-secure This sets and locks all peripheral type-1 masters, except CAAM, access as non-secure, so that they can't access secure world resources from the normal world. The CAAM itself is TrustZone aware and handles memory access between the normal world and the secure world on its own. Pinning it as non-secure access results in bus aborts if the secure memory region is protected by the TZASC380. Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c b/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c index 43fa06463..28a6bf58a 100644 --- a/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c +++ b/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c @@ -69,6 +69,36 @@ static const struct imx_csu_cfg csu_cfg[] = { /* master HP0~1 */ /* SA setting */ + CSU_SA(CSU_SA_M7, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_PCIE_CTRL1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USB1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USB2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_APB_HDMA, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ENET1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_USDHC3, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_HUGO, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_DAP, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_SDMA3, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_LCDIF1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ISI, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_NPU, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_LCDIF2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_HDMI_TX, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ENET2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_GPU3D, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_GPU2D, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_VPU_G1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_VPU_G2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_VPU_VC8000E, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_AUDIO_EDMA, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ISP1, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_ISP2, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_DEWARP, NON_SEC_ACCESS, LOCKED), + CSU_SA(CSU_SA_GIC500, NON_SEC_ACCESS, LOCKED), /* HP control setting */ From 0324081af0105af536992c8ced2caa5a1928010f Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Mon, 4 Mar 2024 11:58:35 +0100 Subject: [PATCH 7/8] feat(imx8mp): restrict peripheral access to secure world This restricts and locks all security relevant peripherals to only be changeable by the secure world. Otherwise the normal world can simply change the access settings and defeat all security measures put in place. Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540 Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c b/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c index 28a6bf58a..8e352198e 100644 --- a/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c +++ b/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c @@ -63,8 +63,11 @@ static const struct imx_rdc_cfg rdc[] = { static const struct imx_csu_cfg csu_cfg[] = { /* peripherals csl setting */ - CSU_CSLx(CSU_CSL_OCRAM, CSU_SEC_LEVEL_2, UNLOCKED), - CSU_CSLx(CSU_CSL_OCRAM_S, CSU_SEC_LEVEL_2, UNLOCKED), + CSU_CSLx(CSU_CSL_OCRAM, CSU_SEC_LEVEL_2, LOCKED), + CSU_CSLx(CSU_CSL_OCRAM_S, CSU_SEC_LEVEL_2, LOCKED), + CSU_CSLx(CSU_CSL_RDC, CSU_SEC_LEVEL_3, LOCKED), + CSU_CSLx(CSU_CSL_TZASC, CSU_SEC_LEVEL_5, LOCKED), + CSU_CSLx(CSU_CSL_CSU, CSU_SEC_LEVEL_5, LOCKED), /* master HP0~1 */ From 566d39447e9a52ed885bb66048fecb9031f24abf Mon Sep 17 00:00:00 2001 From: Stefan Kerkmann Date: Tue, 5 Mar 2024 10:00:33 +0100 Subject: [PATCH 8/8] style(imx8m): add parenthesis to CSU_HP_REG To be inline with CSU_SA_REG and CSU_HPCONTROL_REG. Change-Id: Ia7332096312df41a8cf994d58fad76a99493dd02 Signed-off-by: Stefan Kerkmann --- plat/imx/imx8m/include/imx8m_csu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx8m/include/imx8m_csu.h b/plat/imx/imx8m/include/imx8m_csu.h index 572b02995..3851e9135 100644 --- a/plat/imx/imx8m/include/imx8m_csu.h +++ b/plat/imx/imx8m/include/imx8m_csu.h @@ -30,7 +30,7 @@ #define CSLx_LOCK(x) ((0x1 << (((x) % 2) * 16 + 8))) #define CSLx_CFG(x, n) ((x) << (((n) % 2) * 16)) -#define CSU_HP_REG(x) (IMX_CSU_BASE + ((x) / 16) * 4 + 0x200) +#define CSU_HP_REG(x) (IMX_CSU_BASE + (((x) / 16) * 4) + 0x200) #define CSU_HP_LOCK(x) ((0x1 << (((x) % 16) * 2 + 1))) #define CSU_HP_CFG(x, n) ((x) << (((n) % 16) * 2))