From 26423f20202bc31533126203a9bad870652f135c Mon Sep 17 00:00:00 2001 From: Derek Snell Date: Tue, 29 Apr 2025 09:53:18 -0400 Subject: [PATCH] soc: nxp: mcxn: configure CPU1 TrustZone access level Configures AHBSC MASTER_SEC_LEVEL register for the cpu1 before cpu1 is enabled. By default, this gives CPU1 secure and privileged access to the rest of the SOC, same as CPU0. Signed-off-by: Derek Snell --- soc/nxp/mcx/mcxn/Kconfig | 9 +++++++++ soc/nxp/mcx/mcxn/soc.c | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/soc/nxp/mcx/mcxn/Kconfig b/soc/nxp/mcx/mcxn/Kconfig index b82262980cf..572ea4910ed 100644 --- a/soc/nxp/mcx/mcxn/Kconfig +++ b/soc/nxp/mcx/mcxn/Kconfig @@ -53,6 +53,15 @@ config MCUX_CORE_SUFFIX default "_cm33_core1" if SOC_MCXN947_CPU1 endif +if SECOND_CORE_MCUX +config SECOND_CORE_MCUX_ACCESS_LEVEL + int "default TrustZone access level for secondary core" + default 3 + help + Configures AHBSC MASTER_SEC_LEVEL register for the cpu1 before cpu1 is + enabled. +endif + rsource "../../common/Kconfig.flexspi_xip" endif # SOC_SERIES_MCXN diff --git a/soc/nxp/mcx/mcxn/soc.c b/soc/nxp/mcx/mcxn/soc.c index ce7ae364909..1662284fab5 100644 --- a/soc/nxp/mcx/mcxn/soc.c +++ b/soc/nxp/mcx/mcxn/soc.c @@ -44,6 +44,13 @@ DT_FOREACH_STATUS_OKAY(nxp_lpspi, FLEXCOMM_CHECK) /* This function is also called at deep sleep resume. */ static int second_core_boot(void) { + /* Configure CPU1 TrustZone access level before CPU1 is enabled */ + AHBSC->MASTER_SEC_LEVEL |= + AHBSC_MASTER_SEC_LEVEL_CPU1(CONFIG_SECOND_CORE_MCUX_ACCESS_LEVEL); + AHBSC->MASTER_SEC_ANTI_POL_REG = (~AHBSC->MASTER_SEC_LEVEL & + ~AHBSC_MASTER_SEC_ANTI_POL_REG_MASTER_SEC_LEVEL_ANTIPOL_LOCK_MASK) | + AHBSC_MASTER_SEC_ANTI_POL_REG_MASTER_SEC_LEVEL_ANTIPOL_LOCK(2); + /* Boot source for Core 1 from flash */ SYSCON->CPBOOT = ((uint32_t)(char *)DT_REG_ADDR(DT_CHOSEN(zephyr_code_cpu1_partition)) & SYSCON_CPBOOT_CPBOOT_MASK);