| Harry Liebel | cef9339 | 2014-04-01 19:27:38 +0100 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions are met: |
| 6 | * |
| 7 | * Redistributions of source code must retain the above copyright notice, this |
| 8 | * list of conditions and the following disclaimer. |
| 9 | * |
| 10 | * Redistributions in binary form must reproduce the above copyright notice, |
| 11 | * this list of conditions and the following disclaimer in the documentation |
| 12 | * and/or other materials provided with the distribution. |
| 13 | * |
| 14 | * Neither the name of ARM nor the names of its contributors may be used |
| 15 | * to endorse or promote products derived from this software without specific |
| 16 | * prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
| 19 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 20 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 21 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
| 22 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 23 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 24 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 25 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 26 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 27 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 28 | * POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | |
| 31 | #include <assert.h> |
| 32 | #include "platform.h" |
| 33 | #include "tzc400.h" |
| 34 | #include "debug.h" |
| 35 | |
| 36 | /* Used to improve readability for configuring regions. */ |
| 37 | #define FILTER_SHIFT(filter) (1 << filter) |
| 38 | |
| 39 | /* |
| 40 | * For the moment we assume that all security programming is done by the |
| 41 | * primary core. |
| 42 | * TODO: |
| 43 | * Might want to enable interrupt on violations when supported? |
| 44 | */ |
| 45 | void plat_security_setup(void) |
| 46 | { |
| 47 | struct tzc_instance controller; |
| 48 | |
| 49 | /* |
| 50 | * The Base FVP has a TrustZone address space controller, the Foundation |
| 51 | * FVP does not. Trying to program the device on the foundation FVP will |
| 52 | * cause an abort. |
| 53 | * |
| 54 | * If the platform had additional peripheral specific security |
| 55 | * configurations, those would be configured here. |
| 56 | */ |
| 57 | |
| 58 | if (!platform_get_cfgvar(CONFIG_HAS_TZC)) |
| 59 | return; |
| 60 | |
| 61 | /* |
| 62 | * The TrustZone controller controls access to main DRAM. Give |
| 63 | * full NS access for the moment to use with OS. |
| 64 | */ |
| 65 | INFO("Configuring TrustZone Controller\n"); |
| 66 | |
| 67 | /* |
| 68 | * The driver does some error checking and will assert. |
| 69 | * - Provide base address of device on platform. |
| 70 | * - Provide width of ACE-Lite IDs on platform. |
| 71 | */ |
| 72 | controller.base = TZC400_BASE; |
| 73 | controller.aid_width = FVP_AID_WIDTH; |
| 74 | tzc_init(&controller); |
| 75 | |
| 76 | /* |
| 77 | * Currently only filters 0 and 2 are connected on Base FVP. |
| 78 | * Filter 0 : CPU clusters (no access to DRAM by default) |
| 79 | * Filter 1 : not connected |
| 80 | * Filter 2 : LCDs (access to VRAM allowed by default) |
| 81 | * Filter 3 : not connected |
| 82 | * Programming unconnected filters will have no effect at the |
| 83 | * moment. These filter could, however, be connected in future. |
| 84 | * So care should be taken not to configure the unused filters. |
| 85 | */ |
| 86 | |
| 87 | /* Disable all filters before programming. */ |
| 88 | tzc_disable_filters(&controller); |
| 89 | |
| 90 | /* |
| 91 | * Allow full access to all DRAM to supported devices for the |
| 92 | * moment. Give access to the CPUs and Virtio. Some devices |
| 93 | * would normally use the default ID so allow that too. We use |
| 94 | * three different regions to cover the three separate blocks of |
| 95 | * memory in the FVPs. We allow secure access to DRAM to load NS |
| 96 | * software. |
| 97 | * FIXME: In current models Virtio uses a reserved ID. This is |
| 98 | * not correct and will be fixed. |
| 99 | */ |
| 100 | |
| 101 | /* Set to cover 2GB block of DRAM */ |
| 102 | tzc_configure_region(&controller, FILTER_SHIFT(0), 1, |
| 103 | DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_RDWR, |
| 104 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | |
| 105 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | |
| 106 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); |
| 107 | |
| 108 | /* Set to cover the 30GB block */ |
| 109 | tzc_configure_region(&controller, FILTER_SHIFT(0), 2, |
| 110 | 0x880000000, 0xFFFFFFFFF, TZC_REGION_S_RDWR, |
| 111 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | |
| 112 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | |
| 113 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); |
| 114 | |
| 115 | /* Set to cover 480GB block */ |
| 116 | tzc_configure_region(&controller, FILTER_SHIFT(0), 3, |
| 117 | 0x8800000000, 0xFFFFFFFFFF, TZC_REGION_S_RDWR, |
| 118 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | |
| 119 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | |
| 120 | TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); |
| 121 | |
| 122 | /* |
| 123 | * TODO: Interrupts are not currently supported. The only |
| 124 | * options we have are for access errors to occur quietly or to |
| 125 | * cause an exception. We choose to cause an exception. |
| 126 | */ |
| 127 | tzc_set_action(&controller, TZC_ACTION_ERR); |
| 128 | |
| 129 | /* Enable filters. */ |
| 130 | tzc_enable_filters(&controller); |
| 131 | } |