The commit d76f012ea8 ("refactor(imx8m): replace magic number with
enum type") also hardcodes the domain permissions configuration for the
UARTs, causing a regression for any board using a boot console different
from UART2. Indeed, previously, the RDC_PDAP_UARTn registers were set to
the reset value (0xff), meaning all domains were enabled for read and
write access.
This patch fixes this regression by ensuring that the console always has
read/write access enabled for domain 0.
Tested on a i.MX8MN BSH SMM S2 PRO board.
Fixes: d76f012ea8 ("refactor(imx8m): replace magic number with enum type")
Change-Id: I2670bf485372f32ef45cebb72a7694a9a800f417
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if arg0 can safely be accessed as a pointer and actually
contains a bl_params_t structure. If not, the hardcoded parameter
values are used as before.
Change-Id: I44537ba2baa7543e459e5691b69df14b0bd6e942
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
Always map the BL32 memory can interfere with the BL33 mapping if the
BL33 is not aware of the mapping, e.g. different memory tagging
secure/non-secure. Therefore map the memory only if BL32 (opteed,
trusty) is enabled and BL33 is aware of this memory mapping.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9c2bf78aa6e88c93e749a9248724186fee9df864
Allow non-privileged access to all SNVS registers in case of no TEE is
available.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I44686a3639a68c72c7eacc80691c294d5c32c9ae
Switch from IMX_BOOT_UART_BASE=0 to IMX_BOOT_UART_BASE=auto to make it
more obvious that the detection is based on the runtime autodetection.
In addition this moves the evaluation of IMX_BOOT_UART_BASE into the
makefile which removes the ugly conditional compilation as well.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I92c13607bf81c6267f4b6aee829d74902b7f72d2
Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'simple' use-cases with a single UART enabled. If multiple UARTs are
enabled the first enabled is returned.
The auto-detection is enabled by setting IMX_BOOT_UART_BASE=0 to keep
the backward compatibility. For more advanced use-cases (multiple UARTs
are enabled) the user still has to provide the correct base address.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I300a167e1a10f9aa991c8d1c3efe2c6b23f56c47
Enable PIE support so the BL31 firmware can be loaded from anywhere
within the OCRAM (SRAM). How important this is shows the back and forth
of the BL31_BASE address starting with TF-A v2.5. Since then the
BL31_BASE address wasn't stable and choosing the correct combination of
SPL version loadaddress and TF-A version loadaddr was tricky.
For the PIE support we only need to replace the BL31_BASE by the
BL31_START which is a relocatable symbol and to enable it by setting
ENABLE_PIE := 1.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I4214db1f27120f9f9cd1413ccd7a5a7d095ff45d
No functional change.
Introduce BLx_SIZE defines and calculate the limits based on the
BLx_BASE and the BLx_SIZE define. Also make use of SZ_128K to make it
easier to read. This is required for later BL31 PIE support since it
drops the calculation based on the BL31_LIMIT and BL31_BASE.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: Idae34c1dfcedd35238fe083149080a199d50eed0
No functional change. Use the setup_page_tables() helper function which
does the three calls for us. Also the function has some logging support
which will be nice during debugging.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I350965414939865220f745ef5b24d2cdc3095e7b
Introduce the bl_regions array to gather all regions and make use of the
MAP_REGION_FLAT() macro. The array is than passed to mmap_add() to map
all regions. While on it introduce some defines so the addr, size and
flags can be read more easily. No functional change done.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I7f637beea61138a86d691cd78fba2dd17e4dc925
In order for HAB to perform operations, memory regions has to be mapped
in TF-A, which HAB ROM code would use internally.
Include those memory blocks for i.MX8M+ SoC. Of a special note, the DRAM
block is mapped with complete size available on the platform and uses
MT_RW attributes, this is required to minimize the size of translation
tables and provide a possibility to exchange the execution results
between EL3 and EL1&2, see details in [1].
Link: [1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16880
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: I986cdce434d1ec9ea8b3c0d5599edde55b9b30f8
CAAM provides serial output during initialization, but the serial init
occurs after CAAM. This leads to serial output produced by CAAM init
function to be omitted and not displayed.
Change the order of initialization and call CAAM init after Serial. This
has no impact as Serial does not require CAAM to be initialized upfront.
Fixes: 2502709f60 ("plat: imx8m: Add caam module init on imx8m")
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Cc: Jacky Bai <ping.bai@nxp.com>
Change-Id: I09c0a5474a1babfb0b53c4455891689ec08b5bdb
Allow OP-TEE to generate a device-tree overlay binary
that will be applied by u-boot on the regular dtb.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Idfd268cdd8b7ba321f8e1b9b85c2bba7ffdeddf0
Enable the OCRAM_S TZ for secure protection by default on
i.MX8MN/i.MX8MP. And lock the ocram secure access configure
on i.MX8MM/i.MX8MP.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2e24f4b823ee5f804415218d5c2e371f4e4c6fe1
Enable the CSU init on i.MX8M SoC family. The 'csu_cfg' array
is just a placeholder for now as example with limited config listed.
In real use case,user can add the CSU config as needed based on system design.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1f7999efa346f18f6625ed8c478d088ed75f7833
Replace those RDC config related magic numbers with enum type
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6245ccfa74d079179dc0f205980c2daf5c7af786
The i.MX 8MP Media Applications Processor is part of the growing
i.MX8M family targeting the consumer and industrial market. It brings
an effective Machine Learning and AI accelerator that enables a new
class of applications. It is built in 14LPP to achieve both high
performance and low power consumption and relies on a powerful fully
coherent core complex based on a quad core Arm Cortex-A53 cluster and
Cortex-M7 low-power coprocessor, audio digital signal processor, machine
learning and graphics accelerators.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I98311ebc32bee20af05031492e9fc24d06e55f4a
