Juno: Disable SPIDEN in release builds

On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN.  Disable secure privileged external debug in release builds by
programming the appropriate Juno SoC registers.

Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index a2fe0d58b2771b37168c1d0571c0a60d93d74148..7cfaf59a5eab355224052081205d6094a5a9441d 100644 (file)
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -101,6 +101,13 @@
 #define SSC_VERSION_DESIGNER_ID_MASK           0xff
 #define SSC_VERSION_PART_NUM_MASK              0xfff
 
+/* SSC debug configuration registers */
+#define SSC_DBGCFG_SET         0x14
+#define SSC_DBGCFG_CLR         0x18
+
+#define SPIDEN_INT_CLR_SHIFT   6
+#define SPIDEN_SEL_SET_SHIFT   7
+
 #ifndef __ASSEMBLY__
 
 /* SSC_VERSION related accessors */

diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c
index 202342af70cf4eb9fe2af9351b0299a8de7789d3..70637d648ce3bc3d0c659c8792251c60ec387b2b 100644 (file)
--- a/plat/arm/board/juno/juno_security.c
+++ b/plat/arm/board/juno/juno_security.c
@@ -59,17 +59,35 @@ static void css_init_nic400(void)
                ~0);
 }
 
+/*******************************************************************************
+ * Initialize debug configuration.
+ ******************************************************************************/
+static void init_debug_cfg(void)
+{
+#if !DEBUG
+       /* Set internal drive selection for SPIDEN. */
+       mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET,
+               1U << SPIDEN_SEL_SET_SHIFT);
+
+       /* Drive SPIDEN LOW to disable invasive debug of secure state. */
+       mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR,
+               1U << SPIDEN_INT_CLR_SHIFT);
+#endif
+}
+
 /*******************************************************************************
  * Initialize the secure environment.
  ******************************************************************************/
 void plat_arm_security_setup(void)
 {
+       /* Initialize debug configuration */
+       init_debug_cfg();
        /* Initialize the TrustZone Controller */
        arm_tzc400_setup();
        /* Do ARM CSS internal NIC setup */
        css_init_nic400();
        /* Do ARM CSS SoC security setup */
        soc_css_security_setup();
-       /* Initialize the SMMU SSD tables*/
+       /* Initialize the SMMU SSD tables */
        init_mmu401();
 }