Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 2ae20435700726471f3ccd046aab58ed607ef307 / . / plat / fvp / fvp_security.c
blob: 06ab5754d782d41cc525ff53c9cc093c098f947d [file] [log] [blame]
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]1/*
2 * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include <assert.h>
Dan Handley714a0d22014-04-09 13:13:04 +0100[diff] [blame]32#include <debug.h>
Dan Handley1c54d972014-06-20 12:02:01 +0100[diff] [blame]33#include <plat_config.h>
Dan Handleyed6ff952014-05-14 17:44:19 +0100[diff] [blame]34#include <tzc400.h>
35#include "fvp_def.h"
36#include "fvp_private.h"
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]37
38/* Used to improve readability for configuring regions. */
39#define FILTER_SHIFT(filter) (1 << filter)
40
41/*
42 * For the moment we assume that all security programming is done by the
43 * primary core.
44 * TODO:
45 * Might want to enable interrupt on violations when supported?
46 */
Dan Handleyea451572014-05-15 14:53:30 +0100[diff] [blame]47void fvp_security_setup(void)
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]48{
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]49 /*
50 * The Base FVP has a TrustZone address space controller, the Foundation
51 * FVP does not. Trying to program the device on the foundation FVP will
52 * cause an abort.
53 *
54 * If the platform had additional peripheral specific security
55 * configurations, those would be configured here.
56 */
57
Dan Handley1c54d972014-06-20 12:02:01 +0100[diff] [blame]58 if (!(get_plat_config()->flags & CONFIG_HAS_TZC))
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]59 return;
60
61 /*
62 * The TrustZone controller controls access to main DRAM. Give
63 * full NS access for the moment to use with OS.
64 */
65 INFO("Configuring TrustZone Controller\n");
66
67 /*
68 * The driver does some error checking and will assert.
69 * - Provide base address of device on platform.
70 * - Provide width of ACE-Lite IDs on platform.
71 */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]72 tzc_init(TZC400_BASE);
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]73
74 /*
75 * Currently only filters 0 and 2 are connected on Base FVP.
76 * Filter 0 : CPU clusters (no access to DRAM by default)
77 * Filter 1 : not connected
78 * Filter 2 : LCDs (access to VRAM allowed by default)
79 * Filter 3 : not connected
80 * Programming unconnected filters will have no effect at the
81 * moment. These filter could, however, be connected in future.
82 * So care should be taken not to configure the unused filters.
83 */
84
85 /* Disable all filters before programming. */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]86 tzc_disable_filters();
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]87
88 /*
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]89 * Allow only non-secure access to all DRAM to supported devices.
90 * Give access to the CPUs and Virtio. Some devices
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]91 * would normally use the default ID so allow that too. We use
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]92 * two regions to cover the blocks of physical memory in the FVPs.
93 *
94 * Software executing in the secure state, such as a secure
95 * boot-loader, can access the DRAM by using the NS attributes in
96 * the MMU translation tables and descriptors.
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]97 */
98
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]99 /* Set to cover the first block of DRAM */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]100 tzc_configure_region(FILTER_SHIFT(0), 1,
Juan Castillo7055ca42014-05-16 15:33:15 +0100[diff] [blame]101 DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
102 TZC_REGION_S_NONE,
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]103 TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]104 TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
105 TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
106 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
107 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]108
Juan Castillo7055ca42014-05-16 15:33:15 +0100[diff] [blame]109 /* Set to cover the secure reserved region */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]110 tzc_configure_region(FILTER_SHIFT(0), 3,
Juan Castillo7055ca42014-05-16 15:33:15 +0100[diff] [blame]111 (DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
112 TZC_REGION_S_RDWR,
113 0x0);
114
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]115 /* Set to cover the second block of DRAM */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]116 tzc_configure_region(FILTER_SHIFT(0), 2,
Juan Castillo7055ca42014-05-16 15:33:15 +0100[diff] [blame]117 DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]118 TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]119 TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]120 TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
Andrew Thoelkefe3374b2014-05-09 15:36:13 +0100[diff] [blame]121 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
122 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]123
124 /*
125 * TODO: Interrupts are not currently supported. The only
126 * options we have are for access errors to occur quietly or to
127 * cause an exception. We choose to cause an exception.
128 */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]129 tzc_set_action(TZC_ACTION_ERR);
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]130
131 /* Enable filters. */
Dan Handley53c843a2014-08-04 19:53:05 +0100[diff] [blame]132 tzc_enable_filters();
Harry Liebelcef93392014-04-01 19:27:38 +0100[diff] [blame]133}