blob: 23c031734542f7653345f383a5ed85e9d8c45452 [file] [log] [blame]
Dan Handley9df48042015-03-19 18:58:55 +00001/*
Antonio Nino Diaz7289f922017-11-09 11:34:09 +00002 * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
Dan Handley9df48042015-03-19 18:58:55 +00003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Dan Handley9df48042015-03-19 18:58:55 +00005 */
6
7#include <arm_def.h>
Antonio Nino Diaz7289f922017-11-09 11:34:09 +00008#include <arm_spm_def.h>
Dan Handley9df48042015-03-19 18:58:55 +00009#include <debug.h>
10#include <platform_def.h>
11#include <tzc400.h>
12
13
14/* Weak definitions may be overridden in specific ARM standard platform */
15#pragma weak plat_arm_security_setup
16
17
18/*******************************************************************************
19 * Initialize the TrustZone Controller for ARM standard platforms.
Sandrine Bailleux03897bb2015-11-26 16:31:34 +000020 * Configure:
21 * - Region 0 with no access;
22 * - Region 1 with secure access only;
23 * - the remaining DRAM regions access from the given Non-Secure masters.
24 *
25 * When booting an EL3 payload, this is simplified: we configure region 0 with
26 * secure access only and do not enable any other region.
Dan Handley9df48042015-03-19 18:58:55 +000027 ******************************************************************************/
Soby Mathew9c708b52016-02-26 14:23:19 +000028void arm_tzc400_setup(void)
Dan Handley9df48042015-03-19 18:58:55 +000029{
30 INFO("Configuring TrustZone Controller\n");
31
Soby Mathew9c708b52016-02-26 14:23:19 +000032 tzc400_init(PLAT_ARM_TZC_BASE);
Dan Handley9df48042015-03-19 18:58:55 +000033
34 /* Disable filters. */
Soby Mathew9c708b52016-02-26 14:23:19 +000035 tzc400_disable_filters();
Dan Handley9df48042015-03-19 18:58:55 +000036
Sandrine Bailleux03897bb2015-11-26 16:31:34 +000037#ifndef EL3_PAYLOAD_BASE
Soby Mathew7e4d6652017-05-10 11:50:30 +010038
Dan Handley9df48042015-03-19 18:58:55 +000039 /* Region 0 set to no access by default */
Soby Mathew9c708b52016-02-26 14:23:19 +000040 tzc400_configure_region0(TZC_REGION_S_NONE, 0);
Dan Handley9df48042015-03-19 18:58:55 +000041
42 /* Region 1 set to cover Secure part of DRAM */
Soby Mathew9c708b52016-02-26 14:23:19 +000043 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
Soby Mathew3b5156e2017-10-05 12:27:33 +010044 ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
Dan Handley9df48042015-03-19 18:58:55 +000045 TZC_REGION_S_RDWR,
46 0);
47
48 /* Region 2 set to cover Non-Secure access to 1st DRAM address range.
49 * Apply the same configuration to given filters in the TZC. */
Soby Mathew9c708b52016-02-26 14:23:19 +000050 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
Dan Handley9df48042015-03-19 18:58:55 +000051 ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
Soby Mathew7e4d6652017-05-10 11:50:30 +010052 ARM_TZC_NS_DRAM_S_ACCESS,
Dan Handley9df48042015-03-19 18:58:55 +000053 PLAT_ARM_TZC_NS_DEV_ACCESS);
54
55 /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
Soby Mathew9c708b52016-02-26 14:23:19 +000056 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
Dan Handley9df48042015-03-19 18:58:55 +000057 ARM_DRAM2_BASE, ARM_DRAM2_END,
Soby Mathew7e4d6652017-05-10 11:50:30 +010058 ARM_TZC_NS_DRAM_S_ACCESS,
Dan Handley9df48042015-03-19 18:58:55 +000059 PLAT_ARM_TZC_NS_DEV_ACCESS);
Antonio Nino Diaz7289f922017-11-09 11:34:09 +000060
61#if ENABLE_SPM
62 /*
63 * Region 4 set to cover Non-Secure access to the communication buffer
64 * shared with the Secure world.
65 */
66 tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
67 4,
68 ARM_SP_IMAGE_NS_BUF_BASE,
69 (ARM_SP_IMAGE_NS_BUF_BASE +
70 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
71 TZC_REGION_S_NONE,
72 PLAT_ARM_TZC_NS_DEV_ACCESS);
73#endif
74
75#else /* if defined(EL3_PAYLOAD_BASE) */
76
Sandrine Bailleux03897bb2015-11-26 16:31:34 +000077 /* Allow secure access only to DRAM for EL3 payloads. */
Soby Mathew9c708b52016-02-26 14:23:19 +000078 tzc400_configure_region0(TZC_REGION_S_RDWR, 0);
Antonio Nino Diaz7289f922017-11-09 11:34:09 +000079
Sandrine Bailleux03897bb2015-11-26 16:31:34 +000080#endif /* EL3_PAYLOAD_BASE */
Dan Handley9df48042015-03-19 18:58:55 +000081
82 /*
83 * Raise an exception if a NS device tries to access secure memory
84 * TODO: Add interrupt handling support.
85 */
Soby Mathew9c708b52016-02-26 14:23:19 +000086 tzc400_set_action(TZC_ACTION_ERR);
Dan Handley9df48042015-03-19 18:58:55 +000087
88 /* Enable filters. */
Soby Mathew9c708b52016-02-26 14:23:19 +000089 tzc400_enable_filters();
Dan Handley9df48042015-03-19 18:58:55 +000090}
91
92void plat_arm_security_setup(void)
93{
Soby Mathew9c708b52016-02-26 14:23:19 +000094 arm_tzc400_setup();
Dan Handley9df48042015-03-19 18:58:55 +000095}