Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / a403c3a9a3e28f06bfd6882ee06e19eca65e9278 / . / plat / arm / common / arm_tzc400.c
blob: 6b706be92c2b0c663039bd6a26b284c7c8667c4f [file] [log] [blame]
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]1/*
Roberto Vargas2ca18d92018-02-12 12:36:17 +0000[diff] [blame]2 * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]5 */
6
7#include <arm_def.h>
Antonio Nino Diaz7289f922017-11-09 11:34:09 +0000[diff] [blame]8#include <arm_spm_def.h>
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]9#include <debug.h>
Roberto Vargas2ca18d92018-02-12 12:36:17 +0000[diff] [blame]10#include <plat_arm.h>
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]11#include <platform_def.h>
12#include <tzc400.h>
13
14
15/* Weak definitions may be overridden in specific ARM standard platform */
16#pragma weak plat_arm_security_setup
17
18
19/*******************************************************************************
20 * Initialize the TrustZone Controller for ARM standard platforms.
Sandrine Bailleux03897bb2015-11-26 16:31:34 +0000[diff] [blame]21 * Configure:
22 * - Region 0 with no access;
23 * - Region 1 with secure access only;
24 * - the remaining DRAM regions access from the given Non-Secure masters.
25 *
26 * When booting an EL3 payload, this is simplified: we configure region 0 with
27 * secure access only and do not enable any other region.
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]28 ******************************************************************************/
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]29void arm_tzc400_setup(void)
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]30{
31 INFO("Configuring TrustZone Controller\n");
32
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]33 tzc400_init(PLAT_ARM_TZC_BASE);
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]34
35 /* Disable filters. */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]36 tzc400_disable_filters();
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]37
Sandrine Bailleux03897bb2015-11-26 16:31:34 +0000[diff] [blame]38#ifndef EL3_PAYLOAD_BASE
Soby Mathew7e4d6652017-05-10 11:50:30 +0100[diff] [blame]39
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]40 /* Region 0 set to no access by default */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]41 tzc400_configure_region0(TZC_REGION_S_NONE, 0);
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]42
43 /* Region 1 set to cover Secure part of DRAM */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]44 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
Soby Mathew3b5156e2017-10-05 12:27:33 +0100[diff] [blame]45 ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]46 TZC_REGION_S_RDWR,
47 0);
48
49 /* Region 2 set to cover Non-Secure access to 1st DRAM address range.
50 * Apply the same configuration to given filters in the TZC. */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]51 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]52 ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
Soby Mathew7e4d6652017-05-10 11:50:30 +0100[diff] [blame]53 ARM_TZC_NS_DRAM_S_ACCESS,
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]54 PLAT_ARM_TZC_NS_DEV_ACCESS);
55
56 /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]57 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]58 ARM_DRAM2_BASE, ARM_DRAM2_END,
Soby Mathew7e4d6652017-05-10 11:50:30 +0100[diff] [blame]59 ARM_TZC_NS_DRAM_S_ACCESS,
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]60 PLAT_ARM_TZC_NS_DEV_ACCESS);
Antonio Nino Diaz7289f922017-11-09 11:34:09 +0000[diff] [blame]61
62#if ENABLE_SPM
63 /*
64 * Region 4 set to cover Non-Secure access to the communication buffer
65 * shared with the Secure world.
66 */
67 tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
68 4,
69 ARM_SP_IMAGE_NS_BUF_BASE,
70 (ARM_SP_IMAGE_NS_BUF_BASE +
71 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
72 TZC_REGION_S_NONE,
73 PLAT_ARM_TZC_NS_DEV_ACCESS);
74#endif
75
76#else /* if defined(EL3_PAYLOAD_BASE) */
77
Soby Mathew15b149e2017-11-13 08:29:45 +0000[diff] [blame]78 /* Allow Secure and Non-secure access to DRAM for EL3 payloads */
79 tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);
Antonio Nino Diaz7289f922017-11-09 11:34:09 +0000[diff] [blame]80
Sandrine Bailleux03897bb2015-11-26 16:31:34 +0000[diff] [blame]81#endif /* EL3_PAYLOAD_BASE */
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]82
83 /*
84 * Raise an exception if a NS device tries to access secure memory
85 * TODO: Add interrupt handling support.
86 */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]87 tzc400_set_action(TZC_ACTION_ERR);
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]88
89 /* Enable filters. */
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]90 tzc400_enable_filters();
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]91}
92
93void plat_arm_security_setup(void)
94{
Soby Mathew9c708b52016-02-26 14:23:19 +0000[diff] [blame]95 arm_tzc400_setup();
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]96}