From: Alif Zakuan Yuslaimi Date: Mon, 4 Aug 2025 01:24:38 +0000 (-0700) Subject: ddr: altera: soc64: Add secure region support for ATF flow X-Git-Tag: v2025.10-rc2~3^2~23 X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=362c355dd7346166986de280226750fb328b69d3;p=pandora-u-boot.git ddr: altera: soc64: Add secure region support for ATF flow Setting up firewall regions based on SDRAM memory banks configuration (up to CONFIG_NR_DRAM_BANKS banks) instead of using whole address space. First 1 MiB (0 to 0xfffff) of SDRAM is configured as secure region, other address spaces are non-secure regions. The ARM Trusted Firmware (ATF) image is located in this first 1 MiB memory region. So, this can prevent software executing at non-secure state EL0-EL2 and non-secure masters access to secure region. Add common function for firewall setup and reuse for all SoC64 devices. Signed-off-by: Alif Zakuan Yuslaimi Reviewed-by: Tien Fong Chee --- diff --git a/drivers/ddr/altera/sdram_agilex.c b/drivers/ddr/altera/sdram_agilex.c index 7f2cccb6af2..8aeb4320702 100644 --- a/drivers/ddr/altera/sdram_agilex.c +++ b/drivers/ddr/altera/sdram_agilex.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* * Copyright (C) 2019 Intel Corporation + * Copyright (C) 2025 Altera Corporation * */ @@ -114,20 +115,6 @@ int sdram_mmr_init_full(struct udevice *dev) printf("DDR: %lld MiB\n", gd->ram_size >> 20); - /* This enables nonsecure access to DDR */ - /* mpuregion0addr_limit */ - FW_MPU_DDR_SCR_WRITEL(gd->ram_size - 1, - FW_MPU_DDR_SCR_MPUREGION0ADDR_LIMIT); - FW_MPU_DDR_SCR_WRITEL(0x1F, FW_MPU_DDR_SCR_MPUREGION0ADDR_LIMITEXT); - - /* nonmpuregion0addr_limit */ - FW_MPU_DDR_SCR_WRITEL(gd->ram_size - 1, - FW_MPU_DDR_SCR_NONMPUREGION0ADDR_LIMIT); - - /* Enable mpuregion0enable and nonmpuregion0enable */ - FW_MPU_DDR_SCR_WRITEL(MPUREGION0_ENABLE | NONMPUREGION0_ENABLE, - FW_MPU_DDR_SCR_EN_SET); - u32 ctrlcfg1 = hmc_readl(plat, CTRLCFG1); /* Enable or disable the DDR ECC */ @@ -162,6 +149,8 @@ int sdram_mmr_init_full(struct udevice *dev) sdram_size_check(&bd); + sdram_set_firewall(&bd); + priv->info.base = bd.bi_dram[0].start; priv->info.size = gd->ram_size;