Juno: Reserve some DDR-DRAM for secure use

This patch configures the TrustZone Controller in Juno to split
the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
regions:

- Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
  used by the SCP for DDR retraining
- Non-Secure DDR-DRAM: remaining DRAM starting at base address

Build option PLAT_TSP_LOCATION selects the location of the secure
payload (BL3-2):

- 'tsram' : Trusted SRAM (default option)
- 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
            controller)

The MMU memory map has been updated to give BL2 permission to load
BL3-2 into the DDR-DRAM secure region.

Fixes ARM-software/tf-issues#233

Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b

6 files changed, 107 insertions, 15 deletions

diff --git a/plat/juno/aarch64/juno_common.c b/plat/juno/aarch64/juno_common.c
index 401f5fec..59bc7ed6 100644
--- a/plat/juno/aarch64/juno_common.c
+++ b/plat/juno/aarch64/juno_common.c
@@ -60,9 +60,14 @@
 					DEVICE1_SIZE,			\
 					MT_DEVICE | MT_RW | MT_SECURE)
 
-#define MAP_DRAM	MAP_REGION_FLAT(DRAM_BASE,			\
-					DRAM_SIZE,			\
+#define MAP_NS_DRAM	MAP_REGION_FLAT(DRAM_NS_BASE,			\
+					DRAM_NS_SIZE,			\
 					MT_MEMORY | MT_RW | MT_NS)
+
+#define MAP_TSP_MEM	MAP_REGION_FLAT(TSP_SEC_MEM_BASE, 		\
+					TSP_SEC_MEM_SIZE,		\
+					MT_MEMORY | MT_RW | MT_SECURE)
+
 /*
  * Table of regions for different BL stages to map using the MMU.
  * This doesn't include Trusted RAM as the 'mem_layout' argument passed to
@@ -85,7 +90,8 @@ static const mmap_region_t juno_mmap[] = {
 	MAP_IOFPGA,
 	MAP_DEVICE0,
 	MAP_DEVICE1,
-	MAP_DRAM,
+	MAP_NS_DRAM,
+	MAP_TSP_MEM,
 	{0}
 };
 #endif
diff --git a/plat/juno/bl2_plat_setup.c b/plat/juno/bl2_plat_setup.c
index ba4c5be1..900a587f 100644
--- a/plat/juno/bl2_plat_setup.c
+++ b/plat/juno/bl2_plat_setup.c
@@ -312,8 +312,8 @@ void bl2_plat_get_bl32_meminfo(meminfo_t *bl32_meminfo)
  ******************************************************************************/
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
-	bl33_meminfo->total_base = DRAM_BASE;
-	bl33_meminfo->total_size = DRAM_SIZE;
-	bl33_meminfo->free_base = DRAM_BASE;
-	bl33_meminfo->free_size = DRAM_SIZE;
+	bl33_meminfo->total_base = DRAM_NS_BASE;
+	bl33_meminfo->total_size = DRAM_NS_SIZE;
+	bl33_meminfo->free_base = DRAM_NS_BASE;
+	bl33_meminfo->free_size = DRAM_NS_SIZE;
 }
diff --git a/plat/juno/include/platform_def.h b/plat/juno/include/platform_def.h
index 6d9d0fb0..e746d028 100644
--- a/plat/juno/include/platform_def.h
+++ b/plat/juno/include/platform_def.h
@@ -125,10 +125,20 @@
 /*******************************************************************************
  * BL3-2 specific defines.
  ******************************************************************************/
-#define TSP_SEC_MEM_BASE		TZRAM_BASE
-#define TSP_SEC_MEM_SIZE		TZRAM_SIZE
-#define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
-#define BL32_LIMIT			BL2_BASE
+#if (PLAT_TSP_LOCATION_ID == PLAT_TRUSTED_SRAM_ID)
+# define TSP_SEC_MEM_BASE		TZRAM_BASE
+# define TSP_SEC_MEM_SIZE		TZRAM_SIZE
+# define BL32_BASE			(TZRAM_BASE + TZRAM_SIZE - 0x1d000)
+# define BL32_LIMIT			BL2_BASE
+#elif (PLAT_TSP_LOCATION_ID == PLAT_DRAM_ID)
+# define TSP_SEC_MEM_BASE		DRAM_SEC_BASE
+# define TSP_SEC_MEM_SIZE		(DRAM_SEC_SIZE - DRAM_SCP_SIZE)
+# define BL32_BASE			DRAM_SEC_BASE
+# define BL32_LIMIT			(DRAM_SEC_BASE + DRAM_SEC_SIZE - \
+					DRAM_SCP_SIZE)
+#else
+# error "Unsupported PLAT_TSP_LOCATION_ID value"
+#endif
 
 /*******************************************************************************
  * Load address of BL3-3 in the Juno port
@@ -139,7 +149,15 @@
  * Platform specific page table and MMU setup constants
  ******************************************************************************/
 #define ADDR_SPACE_SIZE			(1ull << 32)
-#define MAX_XLAT_TABLES			2
+
+#if IMAGE_BL1 || IMAGE_BL31
+# define MAX_XLAT_TABLES		2
+#endif
+
+#if IMAGE_BL2 || IMAGE_BL32
+# define MAX_XLAT_TABLES		3
+#endif
+
 #define MAX_MMAP_REGIONS		16
 
 /*******************************************************************************
diff --git a/plat/juno/juno_def.h b/plat/juno/juno_def.h
index 15296ed8..88e35b0d 100644
--- a/plat/juno/juno_def.h
+++ b/plat/juno/juno_def.h
@@ -37,6 +37,9 @@
 /*******************************************************************************
  * Juno memory map related constants
  ******************************************************************************/
+#define PLAT_TRUSTED_SRAM_ID	0
+#define PLAT_DRAM_ID		1
+
 #define MHU_SECURE_BASE		0x04000000
 #define MHU_SECURE_SIZE		0x00001000
 
@@ -73,6 +76,26 @@
 #define DRAM_BASE		0x80000000
 #define DRAM_SIZE		0x80000000
 
+/*
+ * DRAM at 0x8000_0000 is divided in two regions:
+ *   - Secure DRAM (default is the top 16MB except for the last 2MB, which are
+ *     used by the SCP for DDR retraining)
+ *   - Non-Secure DRAM (remaining DRAM starting at DRAM_BASE)
+ */
+
+#define DRAM_SCP_SIZE		0x00200000
+#define DRAM_SCP_BASE		(DRAM_BASE + DRAM_SIZE - DRAM_SCP_SIZE)
+
+#define DRAM_SEC_SIZE		0x00E00000
+#define DRAM_SEC_BASE		(DRAM_SCP_BASE - DRAM_SEC_SIZE)
+
+#define DRAM_NS_BASE		DRAM_BASE
+#define DRAM_NS_SIZE		(DRAM_SIZE - DRAM_SCP_SIZE - DRAM_SEC_SIZE)
+
+/* Second region of DRAM */
+#define DRAM2_BASE		0x880000000
+#define DRAM2_SIZE		0x180000000
+
 /* Memory mapped Generic timer interfaces  */
 #define SYS_CNTCTL_BASE		0x2a430000
 #define SYS_CNTREAD_BASE	0x2a800000
diff --git a/plat/juno/plat_security.c b/plat/juno/plat_security.c
index 851a39e8..64e493f6 100644
--- a/plat/juno/plat_security.c
+++ b/plat/juno/plat_security.c
@@ -43,9 +43,38 @@ static void init_tzc400(void)
 	/* Disable filters. */
 	tzc_disable_filters();
 
-	/* Configure region 0. Juno TZC-400 handles 40-bit addresses. */
-	tzc_configure_region(0xf, 0, 0x0ull, 0xffffffffffull,
+	/* Region 1 set to cover Non-Secure DRAM at 0x8000_0000. Apply the
+	 * same configuration to all filters in the TZC. */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 1,
+			DRAM_NS_BASE, DRAM_NS_BASE + DRAM_NS_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
+
+	/* Region 2 set to cover Secure DRAM */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 2,
+			DRAM_SEC_BASE, DRAM_SEC_BASE + DRAM_SEC_SIZE - 1,
 			TZC_REGION_S_RDWR,
+			0);
+
+	/* Region 3 set to cover DRAM used by SCP for DDR retraining */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 3,
+			DRAM_SCP_BASE, DRAM_SCP_BASE + DRAM_SCP_SIZE - 1,
+			TZC_REGION_S_NONE,
+			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP));
+
+	/* Region 4 set to cover Non-Secure DRAM at 0x8_8000_0000 */
+	tzc_configure_region(REG_ATTR_FILTER_BIT_ALL, 4,
+			DRAM2_BASE, DRAM2_BASE + DRAM2_SIZE - 1,
+			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)	|
@@ -55,7 +84,6 @@ static void init_tzc400(void)
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)		|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)	|
-			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP)	|
 			TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
 
 	/* Raise an exception if a NS device tries to access secure memory */
diff --git a/plat/juno/platform.mk b/plat/juno/platform.mk
index 2ac756ee..0637ef3d 100644
--- a/plat/juno/platform.mk
+++ b/plat/juno/platform.mk
@@ -28,6 +28,23 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
 
+# On Juno, the Secure Payload can be loaded either in Trusted SRAM (default) or
+# Secure DRAM allocated by the TrustZone Controller.
+
+PLAT_TSP_LOCATION	:=	tsram
+
+ifeq (${PLAT_TSP_LOCATION}, tsram)
+  PLAT_TSP_LOCATION_ID := PLAT_TRUSTED_SRAM_ID
+else ifeq (${PLAT_TSP_LOCATION}, dram)
+  PLAT_TSP_LOCATION_ID := PLAT_DRAM_ID
+else
+  $(error "Unsupported PLAT_TSP_LOCATION value")
+endif
+
+# Process flags
+$(eval $(call add_define,PLAT_TSP_LOCATION_ID))
+
+
 PLAT_INCLUDES		:=	-Iplat/juno/include/
 
 PLAT_BL_COMMON_SOURCES	:=	drivers/arm/pl011/pl011_console.S	\