imx8mq: Add HAB support

Since the HAB only works in secure mode. The BL33 runs at EL2 non-secure can't
intialize the HAB successfully. So add the SIP call for these HAB interfaces,
BL33 will trap to ATF to run the HAB.

The HAB codes locates in ROM, and need to access OCRAM, CAAM RAM and DDR to
authenticate image. Add these relevant memory region to MMU. Also extend the
stack size of each core to avoid stack overflow by HAB.

Signed-off-by: Ye Li <ye.li@nxp.com>

6 files changed, 131 insertions, 4 deletions

diff --git a/plat/imx/common/include/fsl_sip.h b/plat/imx/common/include/fsl_sip.h
index db4dae61..9103bcc3 100644
--- a/plat/imx/common/include/fsl_sip.h
+++ b/plat/imx/common/include/fsl_sip.h
@@ -38,4 +38,11 @@
 
 #define FSL_SIP_GET_SOC_INFO            0xc2000006
 
+#define FSL_SIP_HAB            0xc2000007
+#define FSL_SIP_HAB_AUTHENTICATE	0x00
+#define FSL_SIP_HAB_ENTRY			0x01
+#define FSL_SIP_HAB_EXIT			0x02
+#define FSL_SIP_HAB_REPORT_EVENT	0x03
+#define FSL_SIP_HAB_REPORT_STATUS	0x04
+
 #endif
diff --git a/plat/imx/common/sip_svc.c b/plat/imx/common/sip_svc.c
index 1885261d..7ac1ecdc 100644
--- a/plat/imx/common/sip_svc.c
+++ b/plat/imx/common/sip_svc.c
@@ -46,6 +46,7 @@ extern int imx_srtc_handler(uint32_t smc_fid, void *handle, u_register_t x1,
 extern int lpddr4_dvfs_handler(uint32_t  smc_fid, u_register_t x1, u_register_t x2, u_register_t x3);
 extern int imx_src_handler(uint32_t  smc_fid, u_register_t x1, u_register_t x2, u_register_t x3);
 extern int imx_soc_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2, u_register_t x3);
+extern int imx_hab_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2, u_register_t x3, u_register_t x4);
 
 /* Setup i.MX platform specific services Services */
 static int32_t plat_svc_setup(void)
@@ -124,6 +125,9 @@ uintptr_t imx_svc_smc_handler(uint32_t smc_fid,
 	case FSL_SIP_GET_SOC_INFO:
 		SMC_RET1(handle, imx_soc_handler(smc_fid, x1, x2, x3));
 		break;
+	case FSL_SIP_HAB:
+		SMC_RET1(handle, imx_hab_handler(smc_fid, x1, x2, x3, x4));
+		break;
 #endif
 #if (defined(PLAT_IMX8QM) || defined(PLAT_IMX8QXP))
 	case  FSL_SIP_CPUFREQ:
diff --git a/plat/imx/imx8mq/hab.c b/plat/imx/imx8mq/hab.c
new file mode 100644
index 00000000..be5f81f8
--- /dev/null
+++ b/plat/imx/imx8mq/hab.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2017 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <debug.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <smcc_helpers.h>
+#include <std_svc.h>
+#include <types.h>
+#include <mmio.h>
+#include <platform_def.h>
+#include <fsl_sip.h>
+#include <soc.h>
+#include <arch_helpers.h>
+
+
+/* Status definitions */
+enum hab_status {
+	HAB_STS_ANY = 0x00,
+	HAB_FAILURE = 0x33,
+	HAB_WARNING = 0x69,
+	HAB_SUCCESS = 0xf0
+};
+
+/* Security Configuration definitions */
+enum hab_config {
+	HAB_CFG_RETURN = 0x33,	/* < Field Return IC */
+	HAB_CFG_OPEN = 0xf0,	/* < Non-secure IC */
+	HAB_CFG_CLOSED = 0xcc	/* < Secure IC */
+};
+
+/* State definitions */
+enum hab_state {
+	HAB_STATE_INITIAL = 0x33,	/* Initialising state (transitory) */
+	HAB_STATE_CHECK = 0x55,		/* Check state (non-secure) */
+	HAB_STATE_NONSECURE = 0x66,	/* Non-secure state */
+	HAB_STATE_TRUSTED = 0x99,	/* Trusted state */
+	HAB_STATE_SECURE = 0xaa,	/* Secure state */
+	HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
+	HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
+	HAB_STATE_NONE = 0xf0,		/* No security state machine */
+	HAB_STATE_MAX
+};
+
+typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
+		uint8_t* , size_t*);
+typedef enum hab_status hab_rvt_report_status_t(enum hab_config *,
+		enum hab_state *);
+typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*);
+typedef enum hab_status hab_rvt_entry_t(void);
+typedef enum hab_status hab_rvt_exit_t(void);
+typedef void *hab_rvt_authenticate_image_t(uint8_t, long,
+		void **, size_t *, hab_loader_callback_f_t);
+
+#define HAB_RVT_BASE			0x00000880 /* HAB_RVT for i.MX8MQ */
+
+#define HAB_RVT_ENTRY_ARM64			((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x08))
+#define HAB_RVT_EXIT_ARM64			((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x10))
+#define HAB_RVT_AUTHENTICATE_IMAGE_ARM64	((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x20))
+#define HAB_RVT_REPORT_EVENT_ARM64		((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x40))
+#define HAB_RVT_REPORT_STATUS_ARM64		((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x48))
+
+#define hab_rvt_authenticate_image_p ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_ARM64)
+#define hab_rvt_entry_p ((hab_rvt_entry_t *)HAB_RVT_ENTRY_ARM64)
+#define hab_rvt_exit_p ((hab_rvt_exit_t *)HAB_RVT_EXIT_ARM64)
+#define hab_rvt_report_event_p ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_ARM64)
+#define hab_rvt_report_status_p ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_ARM64)
+
+#define HAB_CID_ATF 2 /**< ATF Caller ID*/
+
+int imx_hab_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2,
+		    u_register_t x3, u_register_t x4)
+{
+	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
+	hab_rvt_entry_t *hab_rvt_entry;
+	hab_rvt_exit_t *hab_rvt_exit;
+	hab_rvt_report_event_t *hab_rvt_report_event;
+	hab_rvt_report_status_t *hab_rvt_report_status;
+
+	switch(x1) {
+	case FSL_SIP_HAB_AUTHENTICATE:
+		hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
+		return (unsigned long)hab_rvt_authenticate_image(HAB_CID_ATF, x2, (void **)x3, (size_t *)x4, NULL);
+	case FSL_SIP_HAB_ENTRY:
+		hab_rvt_entry = hab_rvt_entry_p;
+		return hab_rvt_entry();
+	case FSL_SIP_HAB_EXIT:
+		hab_rvt_exit = hab_rvt_exit_p;
+		return hab_rvt_exit();
+	case FSL_SIP_HAB_REPORT_EVENT:
+		hab_rvt_report_event = hab_rvt_report_event_p;
+		return hab_rvt_report_event(HAB_FAILURE, (uint32_t)x2, (uint8_t *)x3, (size_t *)x4);
+	case FSL_SIP_HAB_REPORT_STATUS:
+		hab_rvt_report_status = hab_rvt_report_status_p;
+		return hab_rvt_report_status((enum hab_config *)x2, (enum hab_state *)x3);
+	default:
+		return SMC_UNK;
+
+	};
+
+	return 0;
+}
+
diff --git a/plat/imx/imx8mq/imx8m_bl31_setup.c b/plat/imx/imx8mq/imx8m_bl31_setup.c
index 3f33eaef..ccf93d00 100644
--- a/plat/imx/imx8mq/imx8m_bl31_setup.c
+++ b/plat/imx/imx8mq/imx8m_bl31_setup.c
@@ -202,16 +202,23 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
 void bl31_plat_arch_setup(void)
 {
 	/* add the mmap */
-	mmap_add_region(BL31_BASE, BL31_BASE, 0x10000,
+	mmap_add_region(0x900000, 0x900000, 0x20000,
 			MT_MEMORY | MT_RW);
+	mmap_add_region(0x100000, 0x100000, 0x10000,
+			MT_MEMORY | MT_RW);
+
+	mmap_add_region(0x40000000, 0x40000000, 0xc0000000,
+			MT_MEMORY | MT_RW | MT_NS);
+
 	mmap_add_region(BL31_BASE, BL31_BASE, BL31_RO_LIMIT - BL31_RO_BASE,
 			MT_MEMORY | MT_RO);
 	mmap_add_region(IMX_BOOT_UART_BASE, IMX_BOOT_UART_BASE,
 			0x1000,	MT_DEVICE | MT_RW);
 	mmap_add_region(IMX_ROM_BASE, IMX_ROM_BASE,
-			0x1000,	MT_DEVICE | MT_RW);
+			0x20000, MT_MEMORY | MT_RO);
 	/* map the AIPS1 */
 	mmap_add_region(IMX_AIPS1_BASE, IMX_AIPS1_BASE, 0x200000, MT_DEVICE | MT_RW);
+	mmap_add_region(IMX_AIPS3_ARB_BASE, IMX_AIPS3_ARB_BASE, 0x400000, MT_DEVICE | MT_RW);
 	mmap_add_region(PLAT_GICD_BASE, PLAT_GICD_BASE, 0x80000,
 			MT_DEVICE | MT_RW);
 	mmap_add_region(PLAT_GICR_BASE, PLAT_GICR_BASE, 0x80000,
diff --git a/plat/imx/imx8mq/include/platform_def.h b/plat/imx/imx8mq/include/platform_def.h
index 45632deb..5b5f1ef5 100644
--- a/plat/imx/imx8mq/include/platform_def.h
+++ b/plat/imx/imx8mq/include/platform_def.h
@@ -1,7 +1,7 @@
 #define PLATFORM_LINKER_FORMAT		"elf64-littleaarch64"
 #define PLATFORM_LINKER_ARCH		aarch64
 
-#define PLATFORM_STACK_SIZE		0x800
+#define PLATFORM_STACK_SIZE		0xB00
 #define CACHE_WRITEBACK_GRANULE		64
 
 #define PLAT_PRIMARY_CPU		0x0
@@ -38,7 +38,7 @@
 #define PLAT_PHY_ADDR_SPACE_SIZE	(1ull << 32)
 
 #define MAX_XLAT_TABLES			4
-#define MAX_MMAP_REGIONS		12
+#define MAX_MMAP_REGIONS		13
 
 #define IMX_BOOT_UART_BASE		0x30860000
 #define IMX_BOOT_UART_CLK_IN_HZ		25000000 /* Select 25Mhz oscillator */
@@ -47,6 +47,7 @@
 #define IMX_CONSOLE_BAUDRATE		115200
 
 #define IMX_AIPS1_BASE			0x30200000
+#define IMX_AIPS3_ARB_BASE		0x30800000
 #define IMX_ANAMIX_BASE			0x30360000
 #define IMX_SRC_BASE			0x30390000
 #define IMX_GPC_BASE			0x303a0000
diff --git a/plat/imx/imx8mq/platform.mk b/plat/imx/imx8mq/platform.mk
index 0361161a..5cb8b98a 100644
--- a/plat/imx/imx8mq/platform.mk
+++ b/plat/imx/imx8mq/platform.mk
@@ -12,6 +12,7 @@ BL31_SOURCES		+=	plat/imx/common/imx8_helpers.S		\
 				plat/imx/common/sip_svc.c		\
 				plat/imx/imx8mq/imx8m_bl31_setup.c	\
 				plat/imx/imx8mq/src.c			\
+				plat/imx/imx8mq/hab.c			\
 				plat/imx/imx8mq/gpc.c			\
 				plat/imx/imx8mq/ddrc.c			\
 				plat/imx/imx8mq/imx8m_psci.c		\