* [PATCH] ARM: i.MX: tzasc: configure region 1
@ 2025-06-26 15:01 Sascha Hauer
2025-06-26 22:42 ` Marco Felsch
0 siblings, 1 reply; 2+ messages in thread
From: Sascha Hauer @ 2025-06-26 15:01 UTC (permalink / raw)
To: Barebox List
Configuring TZASC region0 for non secure access has the effect that the
OP-TEE memory can be accessed via aliases in the SDRAM memory space,
see https://lore.kernel.org/20250626144527.416697-1-m.felsch@pengutronix.de.
This patch fixes the issue for i.MX6ul boards.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/boards/tqma6ulx/lowlevel.c | 5 +++--
arch/arm/boards/webasto-ccbv2/lowlevel.c | 5 +++--
arch/arm/mach-imx/tzasc.c | 12 ++++++++++++
include/mach/imx/tzasc.h | 2 ++
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/arch/arm/boards/tqma6ulx/lowlevel.c b/arch/arm/boards/tqma6ulx/lowlevel.c
index ce330c37af..14553fa1aa 100644
--- a/arch/arm/boards/tqma6ulx/lowlevel.c
+++ b/arch/arm/boards/tqma6ulx/lowlevel.c
@@ -16,6 +16,7 @@
#include <pbl/i2c.h>
#include <boards/tq/tq_eeprom.h>
#include <tee/optee.h>
+#include <mach/imx/tzasc.h>
#include "tqma6ulx.h"
@@ -82,8 +83,8 @@ static void noinline start_mba6ulx(u32 r2)
*/
if (IS_ENABLED(CONFIG_FIRMWARE_TQMA6UL_OPTEE) &&
!(r2 > MX6_MMDC_PORT0_BASE_ADDR && r2 < MX6_MMDC_PORT0_BASE_ADDR + SZ_256M)) {
- /* Enable normal/secure r/w for TZC380 region0 */
- writel(0xf0000000, 0x021D0108);
+
+ imx6ul_tzc380_early_ns_region1();
get_builtin_firmware(mba6ul_optee_bin, &tee, &tee_size);
diff --git a/arch/arm/boards/webasto-ccbv2/lowlevel.c b/arch/arm/boards/webasto-ccbv2/lowlevel.c
index 17264479c2..23d053863a 100644
--- a/arch/arm/boards/webasto-ccbv2/lowlevel.c
+++ b/arch/arm/boards/webasto-ccbv2/lowlevel.c
@@ -13,6 +13,7 @@
#include <mach/imx/iomux-mx6ul.h>
#include <asm/cache.h>
#include <tee/optee.h>
+#include <mach/imx/tzasc.h>
#include "ccbv2.h"
@@ -44,8 +45,8 @@ static void noinline start_ccbv2(u32 r2, unsigned long mem_size, char *fdt)
*/
if(IS_ENABLED(CONFIG_FIRMWARE_CCBV2_OPTEE) &&
!(r2 > MX6_MMDC_PORT0_BASE_ADDR && r2 < MX6_MMDC_PORT0_BASE_ADDR + mem_size)) {
- /* Enable normal/secure r/w for TZC380 region0 */
- writel(0xf0000000, 0x021D0108);
+ imx6ul_tzc380_early_ns_region1();
+
get_builtin_firmware(ccbv2_optee_bin, &tee, &tee_size);
memset((void *)OPTEE_OVERLAY_LOCATION, 0, 0x1000);
diff --git a/arch/arm/mach-imx/tzasc.c b/arch/arm/mach-imx/tzasc.c
index c2603c2b43..77601d8d14 100644
--- a/arch/arm/mach-imx/tzasc.c
+++ b/arch/arm/mach-imx/tzasc.c
@@ -296,6 +296,18 @@ void imx6q_tzc380_early_ns_region1(void)
TZC380_REGION_SP_NS_RW);
}
+void imx6ul_tzc380_early_ns_region1(void)
+{
+ resource_size_t ram_sz = imx6_get_mmdc_sdram_size();
+
+ imx_tzc380_init_and_setup(IOMEM(MX6_TZASC1_BASE), 1,
+ MX6_MMDC_PORT0_BASE_ADDR, ram_sz,
+ TZC380_REGION_SP_NS_RW);
+}
+
+void imx6sx_tzc380_early_ns_region1(void)
+ __alias(imx6ul_tzc380_early_ns_region1);
+
bool imx6q_tzc380_is_enabled(void)
{
u32 __iomem *gpr = IOMEM(MX6_IOMUXC_BASE_ADDR);
diff --git a/include/mach/imx/tzasc.h b/include/mach/imx/tzasc.h
index 59ec56a5ec..75bb7b1393 100644
--- a/include/mach/imx/tzasc.h
+++ b/include/mach/imx/tzasc.h
@@ -7,6 +7,8 @@
#include <asm/system.h>
void imx6q_tzc380_early_ns_region1(void);
+void imx6ul_tzc380_early_ns_region1(void);
+void imx6sx_tzc380_early_ns_region1(void);
bool imx6q_tzc380_is_enabled(void);
void imx8m_tzc380_init(void);
bool imx8m_tzc380_is_enabled(void);
--
2.39.5
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH] ARM: i.MX: tzasc: configure region 1
2025-06-26 15:01 [PATCH] ARM: i.MX: tzasc: configure region 1 Sascha Hauer
@ 2025-06-26 22:42 ` Marco Felsch
0 siblings, 0 replies; 2+ messages in thread
From: Marco Felsch @ 2025-06-26 22:42 UTC (permalink / raw)
To: Sascha Hauer; +Cc: Barebox List
Hi Sascha,
On 25-06-26, Sascha Hauer wrote:
> Configuring TZASC region0 for non secure access has the effect that the
> OP-TEE memory can be accessed via aliases in the SDRAM memory space,
> see https://lore.kernel.org/20250626144527.416697-1-m.felsch@pengutronix.de.
> This patch fixes the issue for i.MX6ul boards.
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> arch/arm/boards/tqma6ulx/lowlevel.c | 5 +++--
> arch/arm/boards/webasto-ccbv2/lowlevel.c | 5 +++--
> arch/arm/mach-imx/tzasc.c | 12 ++++++++++++
> include/mach/imx/tzasc.h | 2 ++
> 4 files changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm/boards/tqma6ulx/lowlevel.c b/arch/arm/boards/tqma6ulx/lowlevel.c
> index ce330c37af..14553fa1aa 100644
> --- a/arch/arm/boards/tqma6ulx/lowlevel.c
> +++ b/arch/arm/boards/tqma6ulx/lowlevel.c
> @@ -16,6 +16,7 @@
> #include <pbl/i2c.h>
> #include <boards/tq/tq_eeprom.h>
> #include <tee/optee.h>
> +#include <mach/imx/tzasc.h>
>
> #include "tqma6ulx.h"
>
> @@ -82,8 +83,8 @@ static void noinline start_mba6ulx(u32 r2)
> */
> if (IS_ENABLED(CONFIG_FIRMWARE_TQMA6UL_OPTEE) &&
> !(r2 > MX6_MMDC_PORT0_BASE_ADDR && r2 < MX6_MMDC_PORT0_BASE_ADDR + SZ_256M)) {
> - /* Enable normal/secure r/w for TZC380 region0 */
> - writel(0xf0000000, 0x021D0108);
> +
> + imx6ul_tzc380_early_ns_region1();
We could have used the mx6_start_optee_early() which also checks that
the TZASC is enabled before starting OP-TEE. But this could also be done
by an additional cleanup patch.
Reviewed-by: Marco Felsch <m.felsch@pengutronix.de>
Regards,
Marco
>
> get_builtin_firmware(mba6ul_optee_bin, &tee, &tee_size);
>
> diff --git a/arch/arm/boards/webasto-ccbv2/lowlevel.c b/arch/arm/boards/webasto-ccbv2/lowlevel.c
> index 17264479c2..23d053863a 100644
> --- a/arch/arm/boards/webasto-ccbv2/lowlevel.c
> +++ b/arch/arm/boards/webasto-ccbv2/lowlevel.c
> @@ -13,6 +13,7 @@
> #include <mach/imx/iomux-mx6ul.h>
> #include <asm/cache.h>
> #include <tee/optee.h>
> +#include <mach/imx/tzasc.h>
>
> #include "ccbv2.h"
>
> @@ -44,8 +45,8 @@ static void noinline start_ccbv2(u32 r2, unsigned long mem_size, char *fdt)
> */
> if(IS_ENABLED(CONFIG_FIRMWARE_CCBV2_OPTEE) &&
> !(r2 > MX6_MMDC_PORT0_BASE_ADDR && r2 < MX6_MMDC_PORT0_BASE_ADDR + mem_size)) {
> - /* Enable normal/secure r/w for TZC380 region0 */
> - writel(0xf0000000, 0x021D0108);
> + imx6ul_tzc380_early_ns_region1();
> +
> get_builtin_firmware(ccbv2_optee_bin, &tee, &tee_size);
>
> memset((void *)OPTEE_OVERLAY_LOCATION, 0, 0x1000);
> diff --git a/arch/arm/mach-imx/tzasc.c b/arch/arm/mach-imx/tzasc.c
> index c2603c2b43..77601d8d14 100644
> --- a/arch/arm/mach-imx/tzasc.c
> +++ b/arch/arm/mach-imx/tzasc.c
> @@ -296,6 +296,18 @@ void imx6q_tzc380_early_ns_region1(void)
> TZC380_REGION_SP_NS_RW);
> }
>
> +void imx6ul_tzc380_early_ns_region1(void)
> +{
> + resource_size_t ram_sz = imx6_get_mmdc_sdram_size();
> +
> + imx_tzc380_init_and_setup(IOMEM(MX6_TZASC1_BASE), 1,
> + MX6_MMDC_PORT0_BASE_ADDR, ram_sz,
> + TZC380_REGION_SP_NS_RW);
> +}
> +
> +void imx6sx_tzc380_early_ns_region1(void)
> + __alias(imx6ul_tzc380_early_ns_region1);
> +
> bool imx6q_tzc380_is_enabled(void)
> {
> u32 __iomem *gpr = IOMEM(MX6_IOMUXC_BASE_ADDR);
> diff --git a/include/mach/imx/tzasc.h b/include/mach/imx/tzasc.h
> index 59ec56a5ec..75bb7b1393 100644
> --- a/include/mach/imx/tzasc.h
> +++ b/include/mach/imx/tzasc.h
> @@ -7,6 +7,8 @@
> #include <asm/system.h>
>
> void imx6q_tzc380_early_ns_region1(void);
> +void imx6ul_tzc380_early_ns_region1(void);
> +void imx6sx_tzc380_early_ns_region1(void);
> bool imx6q_tzc380_is_enabled(void);
> void imx8m_tzc380_init(void);
> bool imx8m_tzc380_is_enabled(void);
> --
> 2.39.5
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-27 0:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-26 15:01 [PATCH] ARM: i.MX: tzasc: configure region 1 Sascha Hauer
2025-06-26 22:42 ` Marco Felsch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox