i.MX53: fix incorrect DMA protection settings

Within the central security unit of the i.MX53 SoC, one can set protection
level of various DMA bus master requests, distinguishing them between normal,
and secure access. Although, the access level was meant to be set correctly,
the enumeration values that denoted the kind of access were incorrect. Thereby,
until now every DMA requests was set as being secure. This commit corrects
the enumeration values, and sets all DMA operations as being unsecure, accept
from the graphical subsystem which is controlled by the secure world only.

Thanks to Andrea Barisani and Andrej Rosano from Inverse Path for discovering
this bug, as well as the hardware limitation!

base-hw/src/core/imx53/trustzone/csu.h

@@ -41,8 +41,8 @@ namespace Genode
 			{
 				enum {
 					SECURE_UNLOCKED,
-					SECURE_LOCKED,
 					UNSECURE_UNLOCKED,
+					SECURE_LOCKED,
 					UNSECURE_LOCKED
 				};
 
@@ -123,10 +123,10 @@ namespace Genode
 				write<Csl19::Slave_a>(Csl00::UNSECURE);
 
 				/* GPIO */
-				//write<Csl00::Slave_b>(Csl00::UNSECURE);
-				//write<Csl01::Slave_a>(Csl00::UNSECURE);
-				//write<Csl01::Slave_b>(Csl00::UNSECURE);
-				//write<Csl02::Slave_a>(Csl00::UNSECURE);
+				write<Csl00::Slave_b>(Csl00::SECURE);
+				write<Csl01::Slave_a>(Csl00::SECURE);
+				write<Csl01::Slave_b>(Csl00::SECURE);
+				write<Csl02::Slave_a>(Csl00::SECURE);
 
 				/* IOMUXC TODO */
 				write<Csl05::Slave_a>(Csl00::UNSECURE);
@@ -138,15 +138,15 @@ namespace Genode
 				write<Csl00::Slave_a>(Csl00::UNSECURE);
 
 				/* TVE */
-				//write<Csl22::Slave_b>(Csl00::UNSECURE);
+				write<Csl22::Slave_b>(Csl00::SECURE);
 
 				/* I2C */
-				//write<Csl18::Slave_a>(Csl00::UNSECURE);
-				//write<Csl17::Slave_b>(Csl00::UNSECURE);
-				//write<Csl31::Slave_a>(Csl00::UNSECURE);
+				write<Csl18::Slave_a>(Csl00::SECURE);
+				write<Csl17::Slave_b>(Csl00::SECURE);
+				write<Csl31::Slave_a>(Csl00::SECURE);
 
 				/* IPU */
-				//write<Csl24::Slave_a>(Csl00::UNSECURE);
+				write<Csl24::Slave_a>(Csl00::SECURE);
 
 				/* Audio */
 				write<Csl18::Slave_b>(Csl00::UNSECURE);
@@ -167,10 +167,10 @@ namespace Genode
 				write<Csl29::Slave_a>(Csl00::UNSECURE);
 
 				/* GPU 2D */
-				write<Csl24::Slave_b>(Csl00::UNSECURE);
+				write<Csl24::Slave_b>(Csl00::SECURE);
 
 				/* GPU 3D */
-				write<Csl27::Slave_b>(Csl00::UNSECURE);
+				write<Csl27::Slave_b>(Csl00::SECURE);
 
 				write<Csl02::Slave_b>(Csl00::UNSECURE);
 				write<Csl03::Slave_a>(Csl00::UNSECURE);
@@ -196,7 +196,7 @@ namespace Genode
 				write<Csl20::Slave_b>(Csl00::UNSECURE);
 				write<Csl21::Slave_a>(Csl00::UNSECURE);
 				write<Csl21::Slave_b>(Csl00::UNSECURE);
-				//write<Csl23::Slave_a>(Csl00::UNSECURE); //VPU
+				write<Csl23::Slave_a>(Csl00::SECURE); //VPU
 				write<Csl23::Slave_b>(Csl00::UNSECURE);
 				write<Csl26::Slave_b>(Csl00::UNSECURE);
 				write<Csl27::Slave_a>(Csl00::UNSECURE);
@@ -204,16 +204,19 @@ namespace Genode
 				write<Csl30::Slave_a>(Csl00::UNSECURE);
 				write<Csl31::Slave_b>(Csl00::UNSECURE);
 
+				/* DMA from graphical subsystem is considered to be secure */
+				write<Master::Gpu>(Master::SECURE_UNLOCKED);
+
+				/* all other DMA operations are insecure */
 				write<Master::Sdma>(Master::UNSECURE_UNLOCKED);
-				write<Master::Esdhc3>(Master::UNSECURE_UNLOCKED);
-				write<Master::Gpu>(Master::UNSECURE_UNLOCKED);
 				write<Master::Usb>(Master::UNSECURE_UNLOCKED);
 				write<Master::Pata>(Master::UNSECURE_UNLOCKED);
-				write<Master::Esdhc4>(Master::UNSECURE_UNLOCKED);
 				write<Master::Fec>(Master::UNSECURE_UNLOCKED);
 				write<Master::Dap>(Master::UNSECURE_UNLOCKED);
 				write<Master::Esdhc1>(Master::UNSECURE_UNLOCKED);
 				write<Master::Esdhc2>(Master::UNSECURE_UNLOCKED);
+				write<Master::Esdhc3>(Master::UNSECURE_UNLOCKED);
+				write<Master::Esdhc4>(Master::UNSECURE_UNLOCKED);
 			}
 	};