Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 1 | /* |
Roberto Vargas | 2ca18d9 | 2018-02-12 12:36:17 +0000 | [diff] [blame] | 2 | * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 3 | * |
dp-arm | fa3cf0b | 2017-05-03 09:38:09 +0100 | [diff] [blame] | 4 | * SPDX-License-Identifier: BSD-3-Clause |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 5 | */ |
| 6 | |
| 7 | #include <arm_def.h> |
Antonio Nino Diaz | 7289f92 | 2017-11-09 11:34:09 +0000 | [diff] [blame] | 8 | #include <arm_spm_def.h> |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 9 | #include <debug.h> |
Roberto Vargas | 2ca18d9 | 2018-02-12 12:36:17 +0000 | [diff] [blame] | 10 | #include <plat_arm.h> |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 11 | #include <platform_def.h> |
| 12 | #include <tzc400.h> |
| 13 | |
| 14 | |
| 15 | /* Weak definitions may be overridden in specific ARM standard platform */ |
| 16 | #pragma weak plat_arm_security_setup |
| 17 | |
| 18 | |
| 19 | /******************************************************************************* |
| 20 | * Initialize the TrustZone Controller for ARM standard platforms. |
Sandrine Bailleux | 03897bb | 2015-11-26 16:31:34 +0000 | [diff] [blame] | 21 | * When booting an EL3 payload, this is simplified: we configure region 0 with |
| 22 | * secure access only and do not enable any other region. |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 23 | ******************************************************************************/ |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 24 | void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions) |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 25 | { |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 26 | #ifndef EL3_PAYLOAD_BASE |
| 27 | int region_index = 1; |
| 28 | const arm_tzc_regions_info_t *p; |
| 29 | const arm_tzc_regions_info_t init_tzc_regions[] = { |
| 30 | ARM_TZC_REGIONS_DEF, |
| 31 | {0} |
| 32 | }; |
| 33 | #endif |
| 34 | |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 35 | INFO("Configuring TrustZone Controller\n"); |
| 36 | |
Soby Mathew | 9c708b5 | 2016-02-26 14:23:19 +0000 | [diff] [blame] | 37 | tzc400_init(PLAT_ARM_TZC_BASE); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 38 | |
| 39 | /* Disable filters. */ |
Soby Mathew | 9c708b5 | 2016-02-26 14:23:19 +0000 | [diff] [blame] | 40 | tzc400_disable_filters(); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 41 | |
Sandrine Bailleux | 03897bb | 2015-11-26 16:31:34 +0000 | [diff] [blame] | 42 | #ifndef EL3_PAYLOAD_BASE |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 43 | if (tzc_regions == NULL) |
| 44 | p = init_tzc_regions; |
| 45 | else |
| 46 | p = tzc_regions; |
Soby Mathew | 7e4d665 | 2017-05-10 11:50:30 +0100 | [diff] [blame] | 47 | |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 48 | /* Region 0 set to no access by default */ |
Soby Mathew | 9c708b5 | 2016-02-26 14:23:19 +0000 | [diff] [blame] | 49 | tzc400_configure_region0(TZC_REGION_S_NONE, 0); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 50 | |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 51 | /* Rest Regions set according to tzc_regions array */ |
| 52 | for (; p->base != 0ULL; p++) { |
| 53 | tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index, |
| 54 | p->base, p->end, p->sec_attr, p->nsaid_permissions); |
| 55 | region_index++; |
| 56 | } |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 57 | |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 58 | INFO("Total %d regions set.\n", region_index); |
Antonio Nino Diaz | 7289f92 | 2017-11-09 11:34:09 +0000 | [diff] [blame] | 59 | |
| 60 | #else /* if defined(EL3_PAYLOAD_BASE) */ |
| 61 | |
Soby Mathew | 15b149e | 2017-11-13 08:29:45 +0000 | [diff] [blame] | 62 | /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ |
| 63 | tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); |
Antonio Nino Diaz | 7289f92 | 2017-11-09 11:34:09 +0000 | [diff] [blame] | 64 | |
Sandrine Bailleux | 03897bb | 2015-11-26 16:31:34 +0000 | [diff] [blame] | 65 | #endif /* EL3_PAYLOAD_BASE */ |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 66 | |
| 67 | /* |
| 68 | * Raise an exception if a NS device tries to access secure memory |
| 69 | * TODO: Add interrupt handling support. |
| 70 | */ |
Soby Mathew | 9c708b5 | 2016-02-26 14:23:19 +0000 | [diff] [blame] | 71 | tzc400_set_action(TZC_ACTION_ERR); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 72 | |
| 73 | /* Enable filters. */ |
Soby Mathew | 9c708b5 | 2016-02-26 14:23:19 +0000 | [diff] [blame] | 74 | tzc400_enable_filters(); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 75 | } |
| 76 | |
| 77 | void plat_arm_security_setup(void) |
| 78 | { |
Summer Qin | 5ce394c | 2018-03-12 11:28:26 +0800 | [diff] [blame] | 79 | arm_tzc400_setup(NULL); |
Dan Handley | 9df4804 | 2015-03-19 18:58:55 +0000 | [diff] [blame] | 80 | } |