imx8mq: Add HAB support

Since the HAB only works in secure mode. The BL33 runs at EL2 non-secure can't
intialize the HAB successfully. So add the SIP call for these HAB interfaces,
BL33 will trap to ATF to run the HAB.

The HAB codes locates in ROM, and need to access OCRAM, CAAM RAM and DDR to
authenticate image. Add these relevant memory region to MMU. Also extend the
stack size of each core to avoid stack overflow by HAB.

Signed-off-by: Ye Li <ye.li@nxp.com>

4 files changed, 120 insertions, 4 deletions

diff --git a/plat/imx/imx8mq/hab.c b/plat/imx/imx8mq/hab.c
new file mode 100644
index 00000000..be5f81f8
--- /dev/null
+++ b/plat/imx/imx8mq/hab.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2017 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <debug.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <smcc_helpers.h>
+#include <std_svc.h>
+#include <types.h>
+#include <mmio.h>
+#include <platform_def.h>
+#include <fsl_sip.h>
+#include <soc.h>
+#include <arch_helpers.h>
+
+
+/* Status definitions */
+enum hab_status {
+	HAB_STS_ANY = 0x00,
+	HAB_FAILURE = 0x33,
+	HAB_WARNING = 0x69,
+	HAB_SUCCESS = 0xf0
+};
+
+/* Security Configuration definitions */
+enum hab_config {
+	HAB_CFG_RETURN = 0x33,	/* < Field Return IC */
+	HAB_CFG_OPEN = 0xf0,	/* < Non-secure IC */
+	HAB_CFG_CLOSED = 0xcc	/* < Secure IC */
+};
+
+/* State definitions */
+enum hab_state {
+	HAB_STATE_INITIAL = 0x33,	/* Initialising state (transitory) */
+	HAB_STATE_CHECK = 0x55,		/* Check state (non-secure) */
+	HAB_STATE_NONSECURE = 0x66,	/* Non-secure state */
+	HAB_STATE_TRUSTED = 0x99,	/* Trusted state */
+	HAB_STATE_SECURE = 0xaa,	/* Secure state */
+	HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */
+	HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */
+	HAB_STATE_NONE = 0xf0,		/* No security state machine */
+	HAB_STATE_MAX
+};
+
+typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t,
+		uint8_t* , size_t*);
+typedef enum hab_status hab_rvt_report_status_t(enum hab_config *,
+		enum hab_state *);
+typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*);
+typedef enum hab_status hab_rvt_entry_t(void);
+typedef enum hab_status hab_rvt_exit_t(void);
+typedef void *hab_rvt_authenticate_image_t(uint8_t, long,
+		void **, size_t *, hab_loader_callback_f_t);
+
+#define HAB_RVT_BASE			0x00000880 /* HAB_RVT for i.MX8MQ */
+
+#define HAB_RVT_ENTRY_ARM64			((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x08))
+#define HAB_RVT_EXIT_ARM64			((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x10))
+#define HAB_RVT_AUTHENTICATE_IMAGE_ARM64	((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x20))
+#define HAB_RVT_REPORT_EVENT_ARM64		((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x40))
+#define HAB_RVT_REPORT_STATUS_ARM64		((unsigned long)*(uint32_t *)(HAB_RVT_BASE + 0x48))
+
+#define hab_rvt_authenticate_image_p ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_ARM64)
+#define hab_rvt_entry_p ((hab_rvt_entry_t *)HAB_RVT_ENTRY_ARM64)
+#define hab_rvt_exit_p ((hab_rvt_exit_t *)HAB_RVT_EXIT_ARM64)
+#define hab_rvt_report_event_p ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_ARM64)
+#define hab_rvt_report_status_p ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_ARM64)
+
+#define HAB_CID_ATF 2 /**< ATF Caller ID*/
+
+int imx_hab_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2,
+		    u_register_t x3, u_register_t x4)
+{
+	hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
+	hab_rvt_entry_t *hab_rvt_entry;
+	hab_rvt_exit_t *hab_rvt_exit;
+	hab_rvt_report_event_t *hab_rvt_report_event;
+	hab_rvt_report_status_t *hab_rvt_report_status;
+
+	switch(x1) {
+	case FSL_SIP_HAB_AUTHENTICATE:
+		hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
+		return (unsigned long)hab_rvt_authenticate_image(HAB_CID_ATF, x2, (void **)x3, (size_t *)x4, NULL);
+	case FSL_SIP_HAB_ENTRY:
+		hab_rvt_entry = hab_rvt_entry_p;
+		return hab_rvt_entry();
+	case FSL_SIP_HAB_EXIT:
+		hab_rvt_exit = hab_rvt_exit_p;
+		return hab_rvt_exit();
+	case FSL_SIP_HAB_REPORT_EVENT:
+		hab_rvt_report_event = hab_rvt_report_event_p;
+		return hab_rvt_report_event(HAB_FAILURE, (uint32_t)x2, (uint8_t *)x3, (size_t *)x4);
+	case FSL_SIP_HAB_REPORT_STATUS:
+		hab_rvt_report_status = hab_rvt_report_status_p;
+		return hab_rvt_report_status((enum hab_config *)x2, (enum hab_state *)x3);
+	default:
+		return SMC_UNK;
+
+	};
+
+	return 0;
+}
+
diff --git a/plat/imx/imx8mq/imx8m_bl31_setup.c b/plat/imx/imx8mq/imx8m_bl31_setup.c
index 3f33eaef..ccf93d00 100644
--- a/plat/imx/imx8mq/imx8m_bl31_setup.c
+++ b/plat/imx/imx8mq/imx8m_bl31_setup.c
@@ -202,16 +202,23 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
 void bl31_plat_arch_setup(void)
 {
 	/* add the mmap */
-	mmap_add_region(BL31_BASE, BL31_BASE, 0x10000,
+	mmap_add_region(0x900000, 0x900000, 0x20000,
 			MT_MEMORY | MT_RW);
+	mmap_add_region(0x100000, 0x100000, 0x10000,
+			MT_MEMORY | MT_RW);
+
+	mmap_add_region(0x40000000, 0x40000000, 0xc0000000,
+			MT_MEMORY | MT_RW | MT_NS);
+
 	mmap_add_region(BL31_BASE, BL31_BASE, BL31_RO_LIMIT - BL31_RO_BASE,
 			MT_MEMORY | MT_RO);
 	mmap_add_region(IMX_BOOT_UART_BASE, IMX_BOOT_UART_BASE,
 			0x1000,	MT_DEVICE | MT_RW);
 	mmap_add_region(IMX_ROM_BASE, IMX_ROM_BASE,
-			0x1000,	MT_DEVICE | MT_RW);
+			0x20000, MT_MEMORY | MT_RO);
 	/* map the AIPS1 */
 	mmap_add_region(IMX_AIPS1_BASE, IMX_AIPS1_BASE, 0x200000, MT_DEVICE | MT_RW);
+	mmap_add_region(IMX_AIPS3_ARB_BASE, IMX_AIPS3_ARB_BASE, 0x400000, MT_DEVICE | MT_RW);
 	mmap_add_region(PLAT_GICD_BASE, PLAT_GICD_BASE, 0x80000,
 			MT_DEVICE | MT_RW);
 	mmap_add_region(PLAT_GICR_BASE, PLAT_GICR_BASE, 0x80000,
diff --git a/plat/imx/imx8mq/include/platform_def.h b/plat/imx/imx8mq/include/platform_def.h
index 45632deb..5b5f1ef5 100644
--- a/plat/imx/imx8mq/include/platform_def.h
+++ b/plat/imx/imx8mq/include/platform_def.h
@@ -1,7 +1,7 @@
 #define PLATFORM_LINKER_FORMAT		"elf64-littleaarch64"
 #define PLATFORM_LINKER_ARCH		aarch64
 
-#define PLATFORM_STACK_SIZE		0x800
+#define PLATFORM_STACK_SIZE		0xB00
 #define CACHE_WRITEBACK_GRANULE		64
 
 #define PLAT_PRIMARY_CPU		0x0
@@ -38,7 +38,7 @@
 #define PLAT_PHY_ADDR_SPACE_SIZE	(1ull << 32)
 
 #define MAX_XLAT_TABLES			4
-#define MAX_MMAP_REGIONS		12
+#define MAX_MMAP_REGIONS		13
 
 #define IMX_BOOT_UART_BASE		0x30860000
 #define IMX_BOOT_UART_CLK_IN_HZ		25000000 /* Select 25Mhz oscillator */
@@ -47,6 +47,7 @@
 #define IMX_CONSOLE_BAUDRATE		115200
 
 #define IMX_AIPS1_BASE			0x30200000
+#define IMX_AIPS3_ARB_BASE		0x30800000
 #define IMX_ANAMIX_BASE			0x30360000
 #define IMX_SRC_BASE			0x30390000
 #define IMX_GPC_BASE			0x303a0000
diff --git a/plat/imx/imx8mq/platform.mk b/plat/imx/imx8mq/platform.mk
index 0361161a..5cb8b98a 100644
--- a/plat/imx/imx8mq/platform.mk
+++ b/plat/imx/imx8mq/platform.mk
@@ -12,6 +12,7 @@ BL31_SOURCES		+=	plat/imx/common/imx8_helpers.S		\
 				plat/imx/common/sip_svc.c		\
 				plat/imx/imx8mq/imx8m_bl31_setup.c	\
 				plat/imx/imx8mq/src.c			\
+				plat/imx/imx8mq/hab.c			\
 				plat/imx/imx8mq/gpc.c			\
 				plat/imx/imx8mq/ddrc.c			\
 				plat/imx/imx8mq/imx8m_psci.c		\