feat(imx8mp): set and lock almost all peripherals as non-secure

This sets and locks all peripheral type-1 masters, except CAAM, access as non-secure, so that they can't access secure world resources from the normal world. The CAAM itself is TrustZone aware and handles memory access between the normal world and the secure world on its own. Pinning it as non-secure access results in bus aborts if the secure memory region is protected by the TZASC380. Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
2025-04-25 22:35:42 +00:00 · 2024-03-04 11:54:37 +01:00 · 2024-03-04 11:54:37 +01:00 · cba7daa105
commit cba7daa105
parent 1156c76361
1 changed files with 30 additions and 0 deletions
--- a/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mp/imx8mp_bl31_setup.c
@ -69,6 +69,36 @@ static const struct imx_csu_cfg csu_cfg[] = {
 	/* master HP0~1 */

 	/* SA setting */
+	CSU_SA(CSU_SA_M7, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_SDMA1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_PCIE_CTRL1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_USB1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_USB2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_APB_HDMA, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_ENET1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_USDHC1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_USDHC2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_USDHC3, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_HUGO, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_DAP, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_SDMA2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_SDMA3, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_LCDIF1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_ISI, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_NPU, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_LCDIF2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_HDMI_TX, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_ENET2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_GPU3D, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_GPU2D, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_VPU_G1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_VPU_G2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_VPU_VC8000E, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_AUDIO_EDMA, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_ISP1, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_ISP2, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_DEWARP, NON_SEC_ACCESS, LOCKED),
+	CSU_SA(CSU_SA_GIC500, NON_SEC_ACCESS, LOCKED),

 	/* HP control setting */