Juno: Reserve some DDR-DRAM for secure use

This patch configures the TrustZone Controller in Juno to split
the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
regions:

- Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
  used by the SCP for DDR retraining
- Non-Secure DDR-DRAM: remaining DRAM starting at base address

Build option PLAT_TSP_LOCATION selects the location of the secure
payload (BL3-2):

- 'tsram' : Trusted SRAM (default option)
- 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
            controller)

The MMU memory map has been updated to give BL2 permission to load
BL3-2 into the DDR-DRAM secure region.

Fixes ARM-software/tf-issues#233

Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b

docs/firmware-design.md

@@ -1306,6 +1306,8 @@ other boot loader images in Trusted SRAM.
 
 ####  Memory layout on Juno ARM development platform
 
+**TSP in Trusted SRAM (default option):**
+
                   Flash0
     0x0C000000 +----------+
                :          :
@@ -1329,6 +1331,40 @@ other boot loader images in Trusted SRAM.
                |   MHU    |
     0x04000000 +----------+
 
+**TSP in the secure region of DRAM:**
+
+                   DRAM
+    0xFFE00000 +----------+
+               |  BL3-2   |
+    0xFF000000 |----------|
+               |          |
+               :          :
+               |          |
+    0x80000000 +----------+
+
+                  Flash0
+    0x0C000000 +----------+
+               :          :
+    0x0BED0000 |----------|
+               | BL1 (ro) |
+    0x0BEC0000 |----------|
+               :          :
+               |  Bypass  |
+    0x08000000 +----------+
+
+               Trusted SRAM
+    0x04040000 +----------+
+               |   BL2    |                 BL3-1 is loaded
+    0x04033000 |----------|                 after BL3-0 has
+               |          |                 been sent to SCP
+    0x04023000 |----------|                 ------------------
+               |  BL3-0   |  <<<<<<<<<<<<<  |     BL3-1      |
+    0x04009000 |----------|                 ------------------
+               | BL1 (rw) |
+    0x04001000 |----------|
+               |   MHU    |
+    0x04000000 +----------+
+
 The Message Handling Unit (MHU) page contains the entrypoint mailboxes and a
 shared memory area. This shared memory is used as a communication channel
 between the AP and the SCP.

docs/user-guide.md

@@ -256,6 +256,12 @@ performed.
 For a better understanding of FVP options, the FVP memory map is explained in
 the [Firmware Design].
 
+#### Juno specific build options
+
+*   `PLAT_TSP_LOCATION`: location of the TSP binary. Options:
+    -   `tsram` : Trusted SRAM (default option)
+    -   `dram`  : Secure region in DRAM (set by the TrustZone controller)
+
 ### Creating a Firmware Image Package
 
 FIPs are automatically created as part of the build instructions described in

drivers/arm/tzc400/tzc400.c

@@ -243,7 +243,7 @@ void tzc_configure_region(uint32_t filters,
 
 	/* Assign the region to a filter and set secure attributes */
 	tzc_write_region_attributes(tzc.base, region,
-		(sec_attr << REGION_ATTRIBUTES_SEC_SHIFT) | filters);
+		(sec_attr << REG_ATTR_SEC_SHIFT) | filters);
 
 	/*
 	 * Specify which non-secure devices have permission to access this

include/drivers/arm/tzc400.h

@@ -126,9 +126,12 @@
 #define FAIL_ID_ID_SHIFT		0
 
 /* Used along with 'tzc_region_attributes_t' below */
-#define REGION_ATTRIBUTES_SEC_SHIFT	30
+#define REG_ATTR_SEC_SHIFT		30
-#define REGION_ATTRIBUTES_F_EN_SHIFT	0
+#define REG_ATTR_F_EN_SHIFT		0
-#define REGION_ATTRIBUTES_F_EN_MASK	0xf
+#define REG_ATTR_F_EN_MASK		0xf
+#define REG_ATTR_FILTER_BIT(x)		((1 << x) << REG_ATTR_F_EN_SHIFT)
+#define REG_ATTR_FILTER_BIT_ALL		(REG_ATTR_F_EN_MASK << \
+					REG_ATTR_F_EN_SHIFT)
 
 #define REGION_ID_ACCESS_NSAID_WR_EN_SHIFT	16
 #define REGION_ID_ACCESS_NSAID_RD_EN_SHIFT	0

plat/juno/aarch64/juno_common.c

@@ -60,9 +60,14 @@
 					DEVICE1_SIZE,			\
 					MT_DEVICE | MT_RW | MT_SECURE)
 
-#define MAP_DRAM	MAP_REGION_FLAT(DRAM_BASE,			\
+#define MAP_NS_DRAM	MAP_REGION_FLAT(DRAM_NS_BASE,			\
-					DRAM_SIZE,			\
+					DRAM_NS_SIZE,			\
 					MT_MEMORY | MT_RW | MT_NS)
+
+#define MAP_TSP_MEM	MAP_REGION_FLAT(TSP_SEC_MEM_BASE, 		\
+					TSP_SEC_MEM_SIZE,		\
+					MT_MEMORY | MT_RW | MT_SECURE)
+
 /*
  * Table of regions for different BL stages to map using the MMU.
  * This doesn't include Trusted RAM as the 'mem_layout' argument passed to
@@ -85,7 +90,8 @@ static const mmap_region_t juno_mmap[] = {
 	MAP_IOFPGA,
 	MAP_DEVICE0,
 	MAP_DEVICE1,
-	MAP_DRAM,
+	MAP_NS_DRAM,
+	MAP_TSP_MEM,
 	{0}
 };
 #endif

plat/juno/bl2_plat_setup.c

@@ -312,8 +312,8 @@ void bl2_plat_get_bl32_meminfo(meminfo_t *bl32_meminfo)
  ******************************************************************************/
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
-	bl33_meminfo->total_base = DRAM_BASE;
+	bl33_meminfo->total_base = DRAM_NS_BASE;
-	bl33_meminfo->total_size = DRAM_SIZE;
+	bl33_meminfo->total_size = DRAM_NS_SIZE;
-	bl33_meminfo->free_base = DRAM_BASE;
+	bl33_meminfo->free_base = DRAM_NS_BASE;
-	bl33_meminfo->free_size = DRAM_SIZE;
+	bl33_meminfo->free_size = DRAM_NS_SIZE;
 }

plat/juno/include/platform_def.h

@@ -125,10 +125,20 @@
 /*******************************************************************************
  * BL3-2 specific defines.
  ******************************************************************************/
-#define TSP_SEC_MEM_BASE		TZRAM_BASE
+#if (PLAT_TSP_LOCATION_ID == PLAT_TRUSTED_SRAM_ID)
-#define TSP_SEC_MEM_SIZE		TZRAM_SIZE
+# define TSP_SEC_MEM_BASE		TZRAM_BASE
-#define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
+# define TSP_SEC_MEM_SIZE		TZRAM_SIZE
-#define BL32_LIMIT			BL2_BASE
+# define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
+# define BL32_LIMIT			BL2_BASE
+#elif (PLAT_TSP_LOCATION_ID == PLAT_DRAM_ID)
+# define TSP_SEC_MEM_BASE		DRAM_SEC_BASE
+# define TSP_SEC_MEM_SIZE		(DRAM_SEC_SIZE - DRAM_SCP_SIZE)
+# define BL32_BASE			DRAM_SEC_BASE
+# define BL32_LIMIT			(DRAM_SEC_BASE + DRAM_SEC_SIZE - \
+					DRAM_SCP_SIZE)
+#else
+# error "Unsupported PLAT_TSP_LOCATION_ID value"
+#endif
 
 /*******************************************************************************
  * Load address of BL3-3 in the Juno port
@@ -139,7 +149,15 @@
  * Platform specific page table and MMU setup constants
  ******************************************************************************/
 #define ADDR_SPACE_SIZE			(1ull << 32)
-#define MAX_XLAT_TABLES			2
+
+#if IMAGE_BL1 || IMAGE_BL31
+# define MAX_XLAT_TABLES		2
+#endif
+
+#if IMAGE_BL2 || IMAGE_BL32
+# define MAX_XLAT_TABLES		3
+#endif
+
 #define MAX_MMAP_REGIONS		16
 
 /*******************************************************************************

plat/juno/juno_def.h

@@ -37,6 +37,9 @@
 /*******************************************************************************
  * Juno memory map related constants
  ******************************************************************************/
+#define PLAT_TRUSTED_SRAM_ID	0
+#define PLAT_DRAM_ID		1
+
 #define MHU_SECURE_BASE		0x04000000
 #define MHU_SECURE_SIZE		0x00001000
 
@@ -73,6 +76,26 @@
 #define DRAM_BASE		0x80000000
 #define DRAM_SIZE		0x80000000
 
+/*
+ * DRAM at 0x8000_0000 is divided in two regions:
+ *   - Secure DRAM (default is the top 16MB except for the last 2MB, which are
+ *     used by the SCP for DDR retraining)
+ *   - Non-Secure DRAM (remaining DRAM starting at DRAM_BASE)
+ */
+
+#define DRAM_SCP_SIZE		0x00200000
+#define DRAM_SCP_BASE		(DRAM_BASE + DRAM_SIZE - DRAM_SCP_SIZE)
+
+#define DRAM_SEC_SIZE		0x00E00000
+#define DRAM_SEC_BASE		(DRAM_SCP_BASE - DRAM_SEC_SIZE)
+
+#define DRAM_NS_BASE		DRAM_BASE
+#define DRAM_NS_SIZE		(DRAM_SIZE - DRAM_SCP_SIZE - DRAM_SEC_SIZE)
+
+/* Second region of DRAM */
+#define DRAM2_BASE		0x880000000
+#define DRAM2_SIZE		0x180000000
+
 /* Memory mapped Generic timer interfaces  */
 #define SYS_CNTCTL_BASE		0x2a430000
 #define SYS_CNTREAD_BASE	0x2a800000

plat/juno/plat_security.c

@@ -43,9 +43,38 @@ static void init_tzc400(void)
 	/* Disable filters. */
 	tzc_disable_filters();
 
-	/* Configure region 0. Juno TZC-400 handles 40-bit addresses. */
+	/* Region 1 set to cover Non-Secure DRAM at 0x8000_0000. Apply the
-	tzc_configure_region(0xf, 0, 0x0ull, 0xffffffffffull,
+	 * same configuration to all filters in the TZC. */
-			TZC_REGION_S_RDWR,
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 1,
+			DRAM_NS_BASE, DRAM_NS_BASE + DRAM_NS_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Region 2 set to cover Secure DRAM */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 2,
+			DRAM_SEC_BASE, DRAM_SEC_BASE + DRAM_SEC_SIZE - 1,
+			TZC_REGION_S_RDWR,
+			0);
+
+	/* Region 3 set to cover DRAM used by SCP for DDR retraining */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 3,
+			DRAM_SCP_BASE, DRAM_SCP_BASE + DRAM_SCP_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP));
+
+	/* Region 4 set to cover Non-Secure DRAM at 0x8_8000_0000 */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 4,
+			DRAM2_BASE, DRAM2_BASE + DRAM2_SIZE - 1,
+			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
@@ -55,7 +84,6 @@ static void init_tzc400(void)
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
-			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
 
 	/* Raise an exception if a NS device tries to access secure memory */

plat/juno/platform.mk

@@ -28,6 +28,23 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
+# On Juno, the Secure Payload can be loaded either in Trusted SRAM (default) or
+# Secure DRAM allocated by the TrustZone Controller.
+
+PLAT_TSP_LOCATION	:=	tsram
+
+ifeq (${PLAT_TSP_LOCATION}, tsram)
+  PLAT_TSP_LOCATION_ID := PLAT_TRUSTED_SRAM_ID
+else ifeq (${PLAT_TSP_LOCATION}, dram)
+  PLAT_TSP_LOCATION_ID := PLAT_DRAM_ID
+else
+  $(error "Unsupported PLAT_TSP_LOCATION value")
+endif
+
+# Process flags
+$(eval $(call add_define,PLAT_TSP_LOCATION_ID))
+
+
 PLAT_INCLUDES		:=	-Iplat/juno/include/
 
 PLAT_BL_COMMON_SOURCES	:=	drivers/arm/pl011/pl011_console.S	\