From efd1c6d4861e6276d336f8cefbecefb903a1280a Mon Sep 17 00:00:00 2001
From: Daniil Klimuk <daniil.klimuk@3mdeb.com>
Date: Fri, 19 Jul 2024 10:03:40 +0200
Subject: [PATCH] WIP: add self-compiled OPTEE OS support for rk3566

Signed-off-by: Daniil Klimuk <daniil.klimuk@3mdeb.com>
---
 recipes-bsp/u-boot/files/enable-optee.cfg     |  23 +++
 recipes-bsp/u-boot/u-boot_%.bbappend          |   7 +
 ...arm-plat-rockchip-add-rk3566-support.patch | 169 ++++++++++++++++++
 recipes-security/optee/optee-os-rk3566.inc    |   9 +
 recipes-security/optee/optee-os_%.bbappend    |   3 +
 5 files changed, 211 insertions(+)
 create mode 100644 recipes-bsp/u-boot/files/enable-optee.cfg
 create mode 100644 recipes-security/optee/files/0001-core-arch-arm-plat-rockchip-add-rk3566-support.patch
 create mode 100644 recipes-security/optee/optee-os-rk3566.inc
 create mode 100644 recipes-security/optee/optee-os_%.bbappend

diff --git a/recipes-bsp/u-boot/files/enable-optee.cfg b/recipes-bsp/u-boot/files/enable-optee.cfg
new file mode 100644
index 0000000..a1bc0e2
--- /dev/null
+++ b/recipes-bsp/u-boot/files/enable-optee.cfg
@@ -0,0 +1,23 @@
+# Compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110
+CONFIG_GCC_VERSION=100201
+# CONFIG_SCP03 is not set
+# CONFIG_SPL_OPTEE_IMAGE=y
+# CONFIG_CMD_OPTEE_RPMB is not set
+CONFIG_TEE=y
+
+#
+# TEE drivers
+#
+CONFIG_OPTEE=y
+
+#
+# OP-TEE options
+#
+CONFIG_OPTEE_TA_AVB=y
+CONFIG_OPTEE_TA_SCP03=y
+CONFIG_OPTEE_SERVICE_DISCOVERY=y
+CONFIG_CHIMP_OPTEE=y
+# CONFIG_EFI_MM_COMM_TEE is not set
+CONFIG_OPTEE_LIB=y
+CONFIG_OPTEE_IMAGE=y
+CONFIG_OPTEE_TZDRAM_SIZE=0x2000000
diff --git a/recipes-bsp/u-boot/u-boot_%.bbappend b/recipes-bsp/u-boot/u-boot_%.bbappend
index dbebbe0..b049bad 100644
--- a/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -1,8 +1,15 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI += " \
+        file://enable-optee.cfg \
+        "
+
 # Link ATF compiled for rk3568 to U-Boot image fot rk3566 because the SoC's are
 # identical from ATF point of view:
 EXTRA_OEMAKE:append:rk3566 = " \
         BL31=${DEPLOY_DIR_IMAGE}/bl31-rk3568.elf \
         ROCKCHIP_TPL=${DEPLOY_DIR_IMAGE}/ddr-rk3566.bin \
+        TEE=${DEPLOY_DIR_IMAGE}/tee-rk3566.bin \
 "
 INIT_FIRMWARE_DEPENDS:rk3566 = " rockchip-rkbin:do_deploy"
 do_compile[depends] += "${INIT_FIRMWARE_DEPENDS}"
diff --git a/recipes-security/optee/files/0001-core-arch-arm-plat-rockchip-add-rk3566-support.patch b/recipes-security/optee/files/0001-core-arch-arm-plat-rockchip-add-rk3566-support.patch
new file mode 100644
index 0000000..cf5cbdb
--- /dev/null
+++ b/recipes-security/optee/files/0001-core-arch-arm-plat-rockchip-add-rk3566-support.patch
@@ -0,0 +1,169 @@
+From 14cbc70d9983ed5e869884f1f7a22a754fb5b05b Mon Sep 17 00:00:00 2001
+From: Daniil Klimuk <daniil.klimuk@3mdeb.com>
+Date: Thu, 18 Jul 2024 15:50:56 +0200
+Subject: [PATCH] core: arch: arm: plat-rockchip: add rk3566 support
+
+Signed-off-by: Daniil Klimuk <daniil.klimuk@3mdeb.com>
+---
+ core/arch/arm/plat-rockchip/conf.mk           | 23 ++++++++++
+ core/arch/arm/plat-rockchip/main.c            |  4 ++
+ core/arch/arm/plat-rockchip/platform_config.h | 28 ++++++++++++
+ core/arch/arm/plat-rockchip/platform_rk3566.c | 44 +++++++++++++++++++
+ core/arch/arm/plat-rockchip/sub.mk            |  1 +
+ 5 files changed, 100 insertions(+)
+ create mode 100644 core/arch/arm/plat-rockchip/platform_rk3566.c
+
+diff --git a/core/arch/arm/plat-rockchip/conf.mk b/core/arch/arm/plat-rockchip/conf.mk
+index e8e9f4c66f0d..c968bcd11ac0 100644
+--- a/core/arch/arm/plat-rockchip/conf.mk
++++ b/core/arch/arm/plat-rockchip/conf.mk
+@@ -56,6 +56,29 @@ CFG_SHMEM_SIZE   ?= 0x00400000
+ CFG_EARLY_CONSOLE ?= n
+ endif
+ 
++ifeq ($(PLATFORM_FLAVOR),rk3566)
++include core/arch/arm/cpu/cortex-armv8-0.mk
++arm32-platform-cpuarch  := cortex-a55
++
++$(call force,CFG_TEE_CORE_NB_CORE,4)
++# cortex-a55 sopports GICv3 or GICv4. There is no support for GICv4 in OP-TEE,
++# so use GICv3:
++$(call force,CFG_ARM_GICV3,y)
++
++CFG_TZDRAM_START ?= 0x08400000
++CFG_TZDRAM_SIZE  ?= 0x02000000
++CFG_SHMEM_START  ?= 0x0A400000
++CFG_SHMEM_SIZE   ?= 0x00400000
++
++CFG_EARLY_CONSOLE ?= y
++CFG_EARLY_CONSOLE_BASE ?= UART2_BASE
++CFG_EARLY_CONSOLE_SIZE ?= UART2_SIZE
++CFG_EARLY_CONSOLE_BAUDRATE ?= 1500000
++CFG_EARLY_CONSOLE_CLK_IN_HZ ?= 24000000
++
++CFG_WITH_ARM_TRUSTED_FW ?= y
++endif
++
+ ifeq ($(platform-flavor-armv8),1)
+ $(call force,CFG_ARM64_core,y)
+ $(call force,CFG_WITH_ARM_TRUSTED_FW,y)
+diff --git a/core/arch/arm/plat-rockchip/main.c b/core/arch/arm/plat-rockchip/main.c
+index a85900fa3143..1d50a6d48f1f 100644
+--- a/core/arch/arm/plat-rockchip/main.c
++++ b/core/arch/arm/plat-rockchip/main.c
+@@ -24,7 +24,11 @@ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GIC_BASE, GIC_SIZE);
+ 
+ void boot_primary_init_intc(void)
+ {
++	#ifdef PLATFORM_FLAVOR_rk3566
++	gic_init_v3(0, GICD_BASE, GICR_BASE);
++	#else
+ 	gic_init(GICC_BASE, GICD_BASE);
++	#endif
+ }
+ 
+ void boot_secondary_init_intc(void)
+diff --git a/core/arch/arm/plat-rockchip/platform_config.h b/core/arch/arm/plat-rockchip/platform_config.h
+index 31439e29b068..474f9579df74 100644
+--- a/core/arch/arm/plat-rockchip/platform_config.h
++++ b/core/arch/arm/plat-rockchip/platform_config.h
+@@ -66,6 +66,34 @@
+ #define SGRF_BASE		(MMIO_BASE + 0x07330000)
+ #define SGRF_SIZE		SIZE_K(64)
+ 
++#elif defined(PLATFORM_FLAVOR_rk3566)
++
++/* This information is from Technical Reference Manual for RK3568, which is said
++ * to be very close in configuration to RK3566. RTM for RK3566 has net been
++ * found. */
++
++#define MMIO_BASE		0xF0000000
++
++#define UART0_BASE		(MMIO_BASE + 0x0DD50000)
++#define UART0_SIZE		SIZE_K(64)
++
++#define UART1_BASE		(MMIO_BASE + 0x0E650000)
++#define UART1_SIZE		SIZE_K(64)
++
++#define UART2_BASE		(MMIO_BASE + 0x0E660000)
++#define UART2_SIZE		SIZE_K(64)
++
++#define UART3_BASE		(MMIO_BASE + 0x0E670000)
++#define UART3_SIZE		SIZE_K(64)
++
++#define SGRF_BASE		(MMIO_BASE + 0x0DC60000)
++#define SGRF_SIZE		SIZE_K(64)
++
++#define GIC_BASE		(MMIO_BASE + 0x0d400000)
++#define GIC_SIZE		SIZE_M(4)
++#define GICD_BASE		(GIC_BASE)
++#define GICR_BASE		(GIC_BASE + 0x60000)
++
+ #elif defined(PLATFORM_FLAVOR_px30)
+ 
+ #define GIC_BASE		0xff130000
+diff --git a/core/arch/arm/plat-rockchip/platform_rk3566.c b/core/arch/arm/plat-rockchip/platform_rk3566.c
+new file mode 100644
+index 000000000000..d403ec7db018
+--- /dev/null
++++ b/core/arch/arm/plat-rockchip/platform_rk3566.c
+@@ -0,0 +1,44 @@
++#include <common.h>
++#include <io.h>
++#include <kernel/panic.h>
++#include <mm/core_memprot.h>
++#include <platform.h>
++#include <platform_config.h>
++
++#define SGRF_DDRRGN_CON0_16(n)		((n) * 4)
++#define SGRF_DDR_RGN_0_16_WMSK		GENMASK_32(11, 0)
++
++register_phys_mem_pgdir(MEM_AREA_IO_SEC, SGRF_BASE, SGRF_SIZE);
++
++int platform_secure_ddr_region(int rgn, paddr_t st, size_t sz)
++{
++	vaddr_t sgrf_base = (vaddr_t)phys_to_virt_io(SGRF_BASE, SGRF_SIZE);
++	paddr_t ed = st + sz;
++	uint32_t st_mb = st / SIZE_M(1);
++	uint32_t ed_mb = ed / SIZE_M(1);
++
++	if (!sgrf_base)
++		panic();
++
++	assert(rgn <= 7);
++	assert(st < ed);
++
++	/* Check aligned 1MB */
++	assert(st % SIZE_M(1) == 0);
++	assert(ed % SIZE_M(1) == 0);
++
++	DMSG("protecting region %d: 0x%lx-0x%lx", rgn, st, ed);
++
++	/* Set ddr region addr start */
++	io_write32(sgrf_base + SGRF_DDRRGN_CON0_16(rgn),
++		   BITS_WITH_WMASK(st_mb, SGRF_DDR_RGN_0_16_WMSK, 0));
++
++	/* Set ddr region addr end */
++	io_write32(sgrf_base + SGRF_DDRRGN_CON0_16(rgn + 8),
++		   BITS_WITH_WMASK((ed_mb - 1), SGRF_DDR_RGN_0_16_WMSK, 0));
++
++	io_write32(sgrf_base + SGRF_DDRRGN_CON0_16(16),
++		   BIT_WITH_WMSK(rgn));
++
++	return 0;
++}
+diff --git a/core/arch/arm/plat-rockchip/sub.mk b/core/arch/arm/plat-rockchip/sub.mk
+index 74f8cf5a920c..ac46347976dd 100644
+--- a/core/arch/arm/plat-rockchip/sub.mk
++++ b/core/arch/arm/plat-rockchip/sub.mk
+@@ -4,6 +4,7 @@ srcs-y += platform.c
+ srcs-$(PLATFORM_FLAVOR_px30) += platform_px30.c
+ srcs-$(PLATFORM_FLAVOR_rk322x) += platform_rk322x.c
+ srcs-$(PLATFORM_FLAVOR_rk3399) += platform_rk3399.c
++srcs-$(PLATFORM_FLAVOR_rk3566) += platform_rk3566.c
+ 
+ ifeq ($(PLATFORM_FLAVOR),rk322x)
+ srcs-y += plat_init.S
+-- 
+2.45.2
+
diff --git a/recipes-security/optee/optee-os-rk3566.inc b/recipes-security/optee/optee-os-rk3566.inc
new file mode 100644
index 0000000..2e19a29
--- /dev/null
+++ b/recipes-security/optee/optee-os-rk3566.inc
@@ -0,0 +1,9 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+COMPATIBLE_MACHINE = "rk3566"
+OPTEEMACHINE = "rockchip"
+EXTRA_OEMAKE += " PLATFORM_FLAVOR=rk3566"
+
+SRC_URI:append =" \
+    file://0001-core-arch-arm-plat-rockchip-add-rk3566-support.patch \
+"
diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend
new file mode 100644
index 0000000..a4cf3b5
--- /dev/null
+++ b/recipes-security/optee/optee-os_%.bbappend
@@ -0,0 +1,3 @@
+MACHINE_OPTEE_OS_REQUIRE:rk3566 = "optee-os-rk3566.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}