From 986c4e991ace5cb40bed35145184e66863c47152 Mon Sep 17 00:00:00 2001
From: Mikael Olsson <mikael.olsson@arm.com>
Date: Tue, 14 Mar 2023 18:29:06 +0100
Subject: [PATCH] feat(ethos-n): add separate RO and RW NSAIDs

To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and protected memory have been added to the Juno
platform's TZMP1 TZC configuration for the NPU.

The platform definition has been updated accordingly and the NPU driver
will now only give read/write access to the streams that require it.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I5a173500fc1943a5cd406a3b379e1f1f554eeda6
---
 docs/getting_started/porting-guide.rst      | 21 +++++++++++++++---
 drivers/arm/ethosn/ethosn_smc.c             | 24 ++++++++++++++-------
 plat/arm/board/juno/include/platform_def.h  | 11 +++++++---
 plat/arm/board/juno/juno_ethosn_tzmp1_def.h | 19 +++++++++++-----
 4 files changed, 56 insertions(+), 19 deletions(-)

diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 5b88fcb38..1a4b107b6 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -582,10 +582,25 @@ enabled, the following constants must also be defined.
   Defines the Non-secure Access IDentity (NSAID) that the NPU shall use to
   access the protected memory that contains the NPU's firmware.
 
-- **ARM_ETHOSN_NPU_PROT_DATA_NSAID**
+- **ARM_ETHOSN_NPU_PROT_DATA_RW_NSAID**
 
-  Defines the Non-secure Access IDentity (NSAID) that the NPU shall use to
-  access the protected memory that contains inference data.
+  Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for
+  read/write access to the protected memory that contains inference data.
+
+- **ARM_ETHOSN_NPU_PROT_DATA_RO_NSAID**
+
+  Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for
+  read-only access to the protected memory that contains inference data.
+
+- **ARM_ETHOSN_NPU_NS_RW_DATA_NSAID**
+
+  Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for
+  read/write access to the non-protected memory.
+
+- **ARM_ETHOSN_NPU_NS_RO_DATA_NSAID**
+
+  Defines the Non-secure Access IDentity (NSAID) that the NPU shall use for
+  read-only access to the non-protected memory.
 
 - **ARM_ETHOSN_NPU_FW_IMAGE_BASE** and **ARM_ETHOSN_NPU_FW_IMAGE_LIMIT**
 
diff --git a/drivers/arm/ethosn/ethosn_smc.c b/drivers/arm/ethosn/ethosn_smc.c
index 655856696..85a12c55c 100644
--- a/drivers/arm/ethosn/ethosn_smc.c
+++ b/drivers/arm/ethosn/ethosn_smc.c
@@ -94,11 +94,12 @@
 #define SEC_NPU_ID_REG			U(0xF000)
 #define SEC_NPU_ID_ARCH_VER_SHIFT	U(0X10)
 
-#define FIRMWARE_STREAM_INDEX           U(0x0)
+#define FIRMWARE_STREAM_INDEX		U(0x0)
+#define WORKING_STREAM_INDEX		U(0x1)
 #define PLE_STREAM_INDEX		U(0x4)
-#define INPUT_STREAM_INDEX              U(0x6)
-#define INTERMEDIATE_STREAM_INDEX       U(0x7)
-#define OUTPUT_STREAM_INDEX             U(0x8)
+#define INPUT_STREAM_INDEX		U(0x6)
+#define INTERMEDIATE_STREAM_INDEX	U(0x7)
+#define OUTPUT_STREAM_INDEX		U(0x8)
 
 #define TO_EXTEND_ADDR(addr) \
 	((addr >> SEC_ADDR_EXT_SHIFT) & SEC_ADDR_EXT_MASK)
@@ -154,16 +155,23 @@ static void ethosn_configure_stream_nsaid(const struct ethosn_core_t *core,
 					  bool is_protected)
 {
 	size_t i;
-	uint32_t streams[9] = {0, 0, 0, 0, 0, 0, 0, 0, 0};
+	uint32_t streams[9] = {[0 ... 8] = ARM_ETHOSN_NPU_NS_RO_DATA_NSAID};
 
 	streams[FIRMWARE_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_FW_NSAID;
 	streams[PLE_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_FW_NSAID;
 
+	streams[WORKING_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RW_DATA_NSAID;
+
 	if (is_protected) {
-		streams[INPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_DATA_NSAID;
+		streams[INPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_RO_DATA_NSAID;
+		streams[INTERMEDIATE_STREAM_INDEX] =
+			ARM_ETHOSN_NPU_PROT_RW_DATA_NSAID;
+		streams[OUTPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_RW_DATA_NSAID;
+	} else {
+		streams[INPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RO_DATA_NSAID;
 		streams[INTERMEDIATE_STREAM_INDEX] =
-			ARM_ETHOSN_NPU_PROT_DATA_NSAID;
-		streams[OUTPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_PROT_DATA_NSAID;
+			ARM_ETHOSN_NPU_NS_RW_DATA_NSAID;
+		streams[OUTPUT_STREAM_INDEX] = ARM_ETHOSN_NPU_NS_RW_DATA_NSAID;
 	}
 
 	for (i = 0U; i < ARRAY_SIZE(streams); ++i) {
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 5eaec698d..47258cb23 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -327,9 +327,14 @@
 
 /* Protected NSAIDs and memory regions for the Arm(R) Ethos(TM)-N NPU driver */
 #ifdef JUNO_ETHOSN_TZMP1
-#define ARM_ETHOSN_NPU_PROT_FW_NSAID	JUNO_ETHOSN_TZC400_NSAID_FW_PROT
-#define ARM_ETHOSN_NPU_PROT_DATA_NSAID	JUNO_ETHOSN_TZC400_NSAID_DATA_PROT
-#define ARM_ETHOSN_NPU_FW_IMAGE_BASE	JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE
+#define ARM_ETHOSN_NPU_PROT_FW_NSAID		JUNO_ETHOSN_TZC400_NSAID_FW_PROT
+#define ARM_ETHOSN_NPU_PROT_RW_DATA_NSAID	JUNO_ETHOSN_TZC400_NSAID_DATA_RW_PROT
+#define ARM_ETHOSN_NPU_PROT_RO_DATA_NSAID	JUNO_ETHOSN_TZC400_NSAID_DATA_RO_PROT
+
+#define ARM_ETHOSN_NPU_NS_RW_DATA_NSAID		JUNO_ETHOSN_TZC400_NSAID_DATA_RW_NS
+#define ARM_ETHOSN_NPU_NS_RO_DATA_NSAID		JUNO_ETHOSN_TZC400_NSAID_DATA_RO_NS
+
+#define ARM_ETHOSN_NPU_FW_IMAGE_BASE		JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE
 #define ARM_ETHOSN_NPU_FW_IMAGE_LIMIT \
 	(JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE + JUNO_ETHOSN_FW_TZC_PROT_DRAM2_SIZE)
 #endif
diff --git a/plat/arm/board/juno/juno_ethosn_tzmp1_def.h b/plat/arm/board/juno/juno_ethosn_tzmp1_def.h
index 131adcd7c..c3e816adc 100644
--- a/plat/arm/board/juno/juno_ethosn_tzmp1_def.h
+++ b/plat/arm/board/juno/juno_ethosn_tzmp1_def.h
@@ -7,8 +7,13 @@
 #ifndef JUNO_ETHOSN_TZMP1_DEF_H
 #define JUNO_ETHOSN_TZMP1_DEF_H
 
-#define JUNO_ETHOSN_TZC400_NSAID_FW_PROT        7
-#define JUNO_ETHOSN_TZC400_NSAID_DATA_PROT      8
+#define JUNO_ETHOSN_TZC400_NSAID_FW_PROT	7
+#define JUNO_ETHOSN_TZC400_NSAID_DATA_RW_PROT	8
+#define JUNO_ETHOSN_TZC400_NSAID_DATA_RO_PROT	13
+
+/* 0 is the default NSAID and is included in PLAT_ARM_TZC_NS_DEV_ACCESS */
+#define JUNO_ETHOSN_TZC400_NSAID_DATA_RW_NS	0
+#define JUNO_ETHOSN_TZC400_NSAID_DATA_RO_NS	14
 
 #define JUNO_ETHOSN_FW_TZC_PROT_DRAM2_SIZE      UL(0x000400000) /* 4 MB */
 #define JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE      (ARM_DRAM2_BASE)
@@ -32,13 +37,17 @@
 #define JUNO_FW_TZC_PROT_ACCESS	\
 	(TZC_REGION_ACCESS_RDWR(JUNO_ETHOSN_TZC400_NSAID_FW_PROT))
 #define JUNO_DATA_TZC_PROT_ACCESS \
-	(TZC_REGION_ACCESS_RDWR(JUNO_ETHOSN_TZC400_NSAID_DATA_PROT))
+	(TZC_REGION_ACCESS_RDWR(JUNO_ETHOSN_TZC400_NSAID_DATA_RW_PROT) | \
+	 TZC_REGION_ACCESS_RD(JUNO_ETHOSN_TZC400_NSAID_DATA_RO_PROT))
+#define JUNO_DATA_TZC_NS_ACCESS \
+	(PLAT_ARM_TZC_NS_DEV_ACCESS | \
+	 TZC_REGION_ACCESS_RD(JUNO_ETHOSN_TZC400_NSAID_DATA_RO_NS))
 
 #define JUNO_ETHOSN_TZMP_REGIONS_DEF					  \
 	{ ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END + ARM_L1_GPT_SIZE, \
 	  TZC_REGION_S_RDWR, 0 },					  \
 	{ ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,				  \
-	  ARM_TZC_NS_DRAM_S_ACCESS, PLAT_ARM_TZC_NS_DEV_ACCESS },	  \
+	  ARM_TZC_NS_DRAM_S_ACCESS, JUNO_DATA_TZC_NS_ACCESS},		  \
 	{ JUNO_ETHOSN_FW_TZC_PROT_DRAM2_BASE,				  \
 	  JUNO_ETHOSN_FW_TZC_PROT_DRAM2_END,				  \
 	  TZC_REGION_S_RDWR, JUNO_FW_TZC_PROT_ACCESS },			  \
@@ -46,6 +55,6 @@
 	  JUNO_ETHOSN_DATA_TZC_PROT_DRAM2_END,				  \
 	  TZC_REGION_S_NONE, JUNO_DATA_TZC_PROT_ACCESS },		  \
 	{ JUNO_ETHOSN_NS_DRAM2_BASE, JUNO_ETHOSN_NS_DRAM2_END,		  \
-	  ARM_TZC_NS_DRAM_S_ACCESS, PLAT_ARM_TZC_NS_DEV_ACCESS }
+	  ARM_TZC_NS_DRAM_S_ACCESS, JUNO_DATA_TZC_NS_ACCESS}
 
 #endif /* JUNO_ETHOSN_TZMP1_DEF_H */
-- 
2.39.5