Add necessary resources to secure partition for i.MX8QXP

Add necessary resources to secure partition for protection.
Also add in functionality to allow for register access
of some secure-owned peripherals.

These peripherals will still be protected from power or
clk changes.

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Signed-off-by: Teo Hall <teo.hall@nxp.com>

2 files changed, 69 insertions, 1 deletions

diff --git a/plat/imx/imx8qxp/imx8qxp_bl31_setup.c b/plat/imx/imx8qxp/imx8qxp_bl31_setup.c
index e82e0124..6293d7c2 100644
--- a/plat/imx/imx8qxp/imx8qxp_bl31_setup.c
+++ b/plat/imx/imx8qxp/imx8qxp_bl31_setup.c
@@ -44,6 +44,7 @@
 #include <sci/sci.h>
 #include <xlat_tables.h>
 #include <lpuart.h>
+#include <sec_rsrc.h>
 
 /* linker defined symbols */
 #if USE_COHERENT_MEM
@@ -175,6 +176,49 @@ static int lpuart32_serial_init(unsigned int base)
 }
 #endif
 
+void imx8_partition_resources(void)
+{
+	sc_err_t err;
+	sc_rm_pt_t secure_part, os_part;
+	int i;
+
+	err = sc_rm_get_partition(ipc_handle, &secure_part);
+
+	err = sc_rm_partition_alloc(ipc_handle, &os_part, false, false,
+		false, false, false);
+
+	err = sc_rm_set_parent(ipc_handle, os_part, secure_part);
+
+	/* set secure resources to NOT-movable */
+	for(i = 0; i<(sizeof(secure_rsrcs)/sizeof(sc_rsrc_t)); i++){
+		err = sc_rm_set_resource_movable(ipc_handle,
+			 secure_rsrcs[i], secure_rsrcs[i], false);
+	}
+
+	/* move all movable resources and pins to non-secure partition */
+	err = sc_rm_move_all(ipc_handle, secure_part, os_part, true, true);
+
+	/* iterate through peripherals to give NS OS part access */
+	for(i = 0; i<(sizeof(ns_access_allowed)/sizeof(sc_rsrc_t)); i++){
+		err = sc_rm_set_peripheral_permissions(ipc_handle,
+			 ns_access_allowed[i], os_part, SC_RM_PERM_FULL);
+	}
+
+	/*
+	 * sc_rm_set_peripheral_permissions
+	 *
+	 * sc_rm_set_memreg_permissions
+	 *
+	 * sc_rm_set_pin_movable
+	 *
+	 */
+
+	if (err)
+		NOTICE("Partitioning Failed\n");
+	else
+		NOTICE("Non-secure Partitioning Succeeded\n");
+}
+
 void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
                u_register_t arg2, u_register_t arg3)
 {
@@ -217,6 +261,12 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
 		     IMX_CONSOLE_BAUDRATE);
 #endif
 
+	/* create new partition for non-secure OS/Hypervisor
+	 *
+	 * uses global structs defined in sec_rsrc.h
+	 */
+	imx8_partition_resources();
+
 	/*
 	 * tell BL3-1 where the non-secure software image is located
 	 * and the entry state information.
@@ -239,7 +289,7 @@ void bl31_plat_arch_setup(void)
 			MT_MEMORY | MT_RO);
 	mmap_add_region(IMX_BOOT_UART_BASE, IMX_BOOT_UART_BASE,
 			0x1000,	MT_DEVICE | MT_RW);
-	mmap_add_region(0x5d1b0000, 0x5d1b0000, 0x10000,
+	mmap_add_region(SC_IPC_CH, SC_IPC_CH, 0x10000,
 			MT_DEVICE | MT_RW);
 	mmap_add_region(PLAT_GICD_BASE, PLAT_GICD_BASE, 0x10000,
 			MT_DEVICE | MT_RW);
diff --git a/plat/imx/imx8qxp/include/sec_rsrc.h b/plat/imx/imx8qxp/include/sec_rsrc.h
new file mode 100644
index 00000000..46585881
--- /dev/null
+++ b/plat/imx/imx8qxp/include/sec_rsrc.h
@@ -0,0 +1,18 @@
+/* Copyright 2017 NXP */
+/* Include file detailing the resource partitioning for ATF */
+
+/* resources that are going to stay in secure partition */
+sc_rsrc_t secure_rsrcs[] = {
+	SC_R_MU_1A,
+	SC_R_A35,
+	SC_R_A35_0,
+	SC_R_A35_1,
+	SC_R_A35_2,
+	SC_R_A35_3,
+	SC_R_GIC,
+};
+
+/* resources that have register access for non-secure domain */
+sc_rsrc_t ns_access_allowed[] = {
+	SC_R_GIC,
+};