From 6b4770637593f79aa6cfd1f062c1e5d0b1d587bc Mon Sep 17 00:00:00 2001 From: Vikram Kanigiri Date: Thu, 28 Jan 2016 17:22:16 +0000 Subject: Refactor the ARM CoreLink TZC-400 driver TrustZone protection can be programmed by both memory and TrustZone address space controllers like DMC-500 and TZC-400. These peripherals share a similar programmer's view. Furthermore, it is possible to have multiple instances of each type of peripheral in a system resulting in multiple programmer's views. For example, on the TZC-400 each of the 4 filter units can be enabled or disabled for each region. There is a single set of registers to program the region attributes. On the DMC-500, each filter unit has its own programmer's view resulting in multiple sets of registers to program the region attributes. The layout of the registers is almost the same across all these variations. Hence the existing driver in `tzc400\tzc400.c` is refactored into the new driver in `tzc\tzc400.c`. The previous driver file is still maintained for compatibility and it is now deprecated. Change-Id: Ieabd0528e244582875bc7e65029a00517671216d --- include/drivers/arm/tzc400.h | 285 ++++++++++++++++++++------------------- include/drivers/arm/tzc_common.h | 119 ++++++++++++++++ 2 files changed, 262 insertions(+), 142 deletions(-) create mode 100644 include/drivers/arm/tzc_common.h (limited to 'include') diff --git a/include/drivers/arm/tzc400.h b/include/drivers/arm/tzc400.h index f8e1664e..30856889 100644 --- a/include/drivers/arm/tzc400.h +++ b/include/drivers/arm/tzc400.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2016, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -31,178 +31,179 @@ #ifndef __TZC400_H__ #define __TZC400_H__ +#include -#define BUILD_CONFIG_OFF 0x000 -#define ACTION_OFF 0x004 -#define GATE_KEEPER_OFF 0x008 -#define SPECULATION_CTRL_OFF 0x00c -#define INT_STATUS 0x010 -#define INT_CLEAR 0x014 - -#define FAIL_ADDRESS_LOW_OFF 0x020 -#define FAIL_ADDRESS_HIGH_OFF 0x024 -#define FAIL_CONTROL_OFF 0x028 -#define FAIL_ID 0x02c - -#define REGION_BASE_LOW_OFF 0x100 -#define REGION_BASE_HIGH_OFF 0x104 -#define REGION_TOP_LOW_OFF 0x108 -#define REGION_TOP_HIGH_OFF 0x10c -#define REGION_ATTRIBUTES_OFF 0x110 -#define REGION_ID_ACCESS_OFF 0x114 -#define REGION_NUM_OFF(region) (0x20 * region) - -/* ID Registers */ -#define PID0_OFF 0xfe0 -#define PID1_OFF 0xfe4 -#define PID2_OFF 0xfe8 -#define PID3_OFF 0xfec -#define PID4_OFF 0xfd0 -#define PID5_OFF 0xfd4 -#define PID6_OFF 0xfd8 -#define PID7_OFF 0xfdc -#define CID0_OFF 0xff0 -#define CID1_OFF 0xff4 -#define CID2_OFF 0xff8 -#define CID3_OFF 0xffc - -#define BUILD_CONFIG_NF_SHIFT 24 -#define BUILD_CONFIG_NF_MASK 0x3 -#define BUILD_CONFIG_AW_SHIFT 8 -#define BUILD_CONFIG_AW_MASK 0x3f -#define BUILD_CONFIG_NR_SHIFT 0 -#define BUILD_CONFIG_NR_MASK 0x1f - -/* Not describing the case where regions 1 to 8 overlap */ -#define ACTION_RV_SHIFT 0 -#define ACTION_RV_MASK 0x3 -#define ACTION_RV_LOWOK 0x0 -#define ACTION_RV_LOWERR 0x1 -#define ACTION_RV_HIGHOK 0x2 -#define ACTION_RV_HIGHERR 0x3 +#define BUILD_CONFIG_OFF 0x000 +#define GATE_KEEPER_OFF 0x008 +#define SPECULATION_CTRL_OFF 0x00c +#define INT_STATUS 0x010 +#define INT_CLEAR 0x014 + +#define FAIL_ADDRESS_LOW_OFF 0x020 +#define FAIL_ADDRESS_HIGH_OFF 0x024 +#define FAIL_CONTROL_OFF 0x028 +#define FAIL_ID 0x02c + +/* ID registers not common across different varieties of TZC */ +#define PID5 0xFD4 +#define PID6 0xFD8 +#define PID7 0xFDC + +#define BUILD_CONFIG_NF_SHIFT 24 +#define BUILD_CONFIG_NF_MASK 0x3 +#define BUILD_CONFIG_AW_SHIFT 8 +#define BUILD_CONFIG_AW_MASK 0x3f +#define BUILD_CONFIG_NR_SHIFT 0 +#define BUILD_CONFIG_NR_MASK 0x1f /* * Number of gate keepers is implementation defined. But we know the max for * this device is 4. Get implementation details from BUILD_CONFIG. */ -#define GATE_KEEPER_OS_SHIFT 16 -#define GATE_KEEPER_OS_MASK 0xf -#define GATE_KEEPER_OR_SHIFT 0 -#define GATE_KEEPER_OR_MASK 0xf -#define GATE_KEEPER_FILTER_MASK 0x1 +#define GATE_KEEPER_OS_SHIFT 16 +#define GATE_KEEPER_OS_MASK 0xf +#define GATE_KEEPER_OR_SHIFT 0 +#define GATE_KEEPER_OR_MASK 0xf +#define GATE_KEEPER_FILTER_MASK 0x1 /* Speculation is enabled by default. */ -#define SPECULATION_CTRL_WRITE_DISABLE (1 << 1) -#define SPECULATION_CTRL_READ_DISABLE (1 << 0) +#define SPECULATION_CTRL_WRITE_DISABLE (1 << 1) +#define SPECULATION_CTRL_READ_DISABLE (1 << 0) /* Max number of filters allowed is 4. */ -#define INT_STATUS_OVERLAP_SHIFT 16 -#define INT_STATUS_OVERLAP_MASK 0xf -#define INT_STATUS_OVERRUN_SHIFT 8 -#define INT_STATUS_OVERRUN_MASK 0xf -#define INT_STATUS_STATUS_SHIFT 0 -#define INT_STATUS_STATUS_MASK 0xf - -#define INT_CLEAR_CLEAR_SHIFT 0 -#define INT_CLEAR_CLEAR_MASK 0xf - -#define FAIL_CONTROL_DIR_SHIFT (1 << 24) -#define FAIL_CONTROL_DIR_READ 0x0 -#define FAIL_CONTROL_DIR_WRITE 0x1 -#define FAIL_CONTROL_NS_SHIFT (1 << 21) -#define FAIL_CONTROL_NS_SECURE 0x0 -#define FAIL_CONTROL_NS_NONSECURE 0x1 -#define FAIL_CONTROL_PRIV_SHIFT (1 << 20) -#define FAIL_CONTROL_PRIV_PRIV 0x0 -#define FAIL_CONTROL_PRIV_UNPRIV 0x1 +#define INT_STATUS_OVERLAP_SHIFT 16 +#define INT_STATUS_OVERLAP_MASK 0xf +#define INT_STATUS_OVERRUN_SHIFT 8 +#define INT_STATUS_OVERRUN_MASK 0xf +#define INT_STATUS_STATUS_SHIFT 0 +#define INT_STATUS_STATUS_MASK 0xf + +#define INT_CLEAR_CLEAR_SHIFT 0 +#define INT_CLEAR_CLEAR_MASK 0xf + +#define FAIL_CONTROL_DIR_SHIFT (1 << 24) +#define FAIL_CONTROL_DIR_READ 0x0 +#define FAIL_CONTROL_DIR_WRITE 0x1 +#define FAIL_CONTROL_NS_SHIFT (1 << 21) +#define FAIL_CONTROL_NS_SECURE 0x0 +#define FAIL_CONTROL_NS_NONSECURE 0x1 +#define FAIL_CONTROL_PRIV_SHIFT (1 << 20) +#define FAIL_CONTROL_PRIV_PRIV 0x0 +#define FAIL_CONTROL_PRIV_UNPRIV 0x1 /* * FAIL_ID_ID_MASK depends on AID_WIDTH which is platform specific. * Platform should provide the value on initialisation. */ -#define FAIL_ID_VNET_SHIFT 24 -#define FAIL_ID_VNET_MASK 0xf -#define FAIL_ID_ID_SHIFT 0 - -/* Used along with 'tzc_region_attributes_t' below */ -#define REG_ATTR_SEC_SHIFT 30 -#define REG_ATTR_F_EN_SHIFT 0 -#define REG_ATTR_F_EN_MASK 0xf -#define REG_ATTR_FILTER_BIT(x) ((1 << x) << REG_ATTR_F_EN_SHIFT) -#define REG_ATTR_FILTER_BIT_ALL (REG_ATTR_F_EN_MASK << \ - REG_ATTR_F_EN_SHIFT) +#define FAIL_ID_VNET_SHIFT 24 +#define FAIL_ID_VNET_MASK 0xf +#define FAIL_ID_ID_SHIFT 0 -#define REGION_ID_ACCESS_NSAID_WR_EN_SHIFT 16 -#define REGION_ID_ACCESS_NSAID_RD_EN_SHIFT 0 -#define REGION_ID_ACCESS_NSAID_ID_MASK 0xf +#define TZC_400_PERIPHERAL_ID 0x460 +/* Filter enable bits in a TZC */ +#define TZC_400_REGION_ATTR_F_EN_MASK 0xf +#define TZC_400_REGION_ATTR_FILTER_BIT(x) ((1 << x) \ + << TZC_REGION_ATTR_F_EN_SHIFT) +#define TZC_400_REGION_ATTR_FILTER_BIT_ALL \ + (TZC_400_REGION_ATTR_F_EN_MASK << \ + TZC_REGION_ATTR_F_EN_SHIFT) -/* Macros for setting Region ID access permissions based on NSAID */ -#define TZC_REGION_ACCESS_RD(id) \ - ((1 << (id & REGION_ID_ACCESS_NSAID_ID_MASK)) << \ - REGION_ID_ACCESS_NSAID_RD_EN_SHIFT) -#define TZC_REGION_ACCESS_WR(id) \ - ((1 << (id & REGION_ID_ACCESS_NSAID_ID_MASK)) << \ - REGION_ID_ACCESS_NSAID_WR_EN_SHIFT) -#define TZC_REGION_ACCESS_RDWR(id) \ - (TZC_REGION_ACCESS_RD(id) | TZC_REGION_ACCESS_WR(id)) - -/* Consist of part_number_1 and part_number_0 */ -#define TZC400_PERIPHERAL_ID 0x0460 - +/* + * Define some macros for backward compatibility with existing tzc400 clients. + */ +#if !ERROR_DEPRECATED +#define REG_ATTR_FILTER_BIT(x) ((1 << x) \ + << TZC_REGION_ATTR_F_EN_SHIFT) +#define REG_ATTR_FILTER_BIT_ALL (TZC_400_REGION_ATTR_F_EN_MASK << \ + TZC_REGION_ATTR_F_EN_SHIFT) +#endif /* __ERROR_DEPRECATED__ */ +/* + * All TZC region configuration registers are placed one after another. It + * depicts size of block of registers for programming each region. + */ +#define TZC_400_REGION_SIZE 0x20 +#define TZC_400_ACTION_OFF 0x4 #ifndef __ASSEMBLY__ +#include #include /******************************************************************************* * Function & variable prototypes ******************************************************************************/ +void tzc400_init(uintptr_t base); +void tzc400_configure_region0(tzc_region_attributes_t sec_attr, + unsigned int ns_device_access); +void tzc400_configure_region(unsigned int filters, + int region, + uintptr_t region_base, + uintptr_t region_top, + tzc_region_attributes_t sec_attr, + unsigned int ns_device_access); +void tzc400_set_action(tzc_action_t action); +void tzc400_enable_filters(void); +void tzc400_disable_filters(void); /* - * What type of action is expected when an access violation occurs. - * The memory requested is zeroed. But we can also raise and event to - * let the system know it happened. - * We can raise an interrupt(INT) and/or cause an exception(ERR). - * TZC_ACTION_NONE - No interrupt, no Exception - * TZC_ACTION_ERR - No interrupt, raise exception -> sync external - * data abort - * TZC_ACTION_INT - Raise interrupt, no exception - * TZC_ACTION_ERR_INT - Raise interrupt, raise exception -> sync - * external data abort + * Deprecated APIs */ -typedef enum { - TZC_ACTION_NONE = 0, - TZC_ACTION_ERR = 1, - TZC_ACTION_INT = 2, - TZC_ACTION_ERR_INT = (TZC_ACTION_ERR | TZC_ACTION_INT) -} tzc_action_t; - -/* - * Controls secure access to a region. If not enabled secure access is not - * allowed to region. - */ -typedef enum { - TZC_REGION_S_NONE = 0, - TZC_REGION_S_RD = 1, - TZC_REGION_S_WR = 2, - TZC_REGION_S_RDWR = (TZC_REGION_S_RD | TZC_REGION_S_WR) -} tzc_region_attributes_t; - - -void tzc_init(uintptr_t base); -void tzc_configure_region0(tzc_region_attributes_t sec_attr, - uint32_t ns_device_access); -void tzc_configure_region(uint32_t filters, - uint8_t region, - uint64_t region_base, - uint64_t region_top, +static inline void tzc_init(uintptr_t base) __deprecated; +static inline void tzc_configure_region0( + tzc_region_attributes_t sec_attr, + unsigned int ns_device_access) __deprecated; +static inline void tzc_configure_region( + unsigned int filters, + int region, + uintptr_t region_base, + uintptr_t region_top, + tzc_region_attributes_t sec_attr, + unsigned int ns_device_access) __deprecated; +static inline void tzc_set_action(tzc_action_t action) __deprecated; +static inline void tzc_enable_filters(void) __deprecated; +static inline void tzc_disable_filters(void) __deprecated; + +static inline void tzc_init(uintptr_t base) +{ + tzc400_init(base); +} + +static inline void tzc_configure_region0( tzc_region_attributes_t sec_attr, - uint32_t ns_device_access); -void tzc_enable_filters(void); -void tzc_disable_filters(void); -void tzc_set_action(tzc_action_t action); + unsigned int ns_device_access) +{ + tzc400_configure_region0(sec_attr, ns_device_access); +} + +static inline void tzc_configure_region( + unsigned int filters, + int region, + uintptr_t region_base, + uintptr_t region_top, + tzc_region_attributes_t sec_attr, + unsigned int ns_device_access) +{ + tzc400_configure_region(filters, region, region_base, + region_top, sec_attr, ns_device_access); +} + +static inline void tzc_set_action(tzc_action_t action) +{ + tzc400_set_action(action); +} + + +static inline void tzc_enable_filters(void) +{ + tzc400_enable_filters(); +} + +static inline void tzc_disable_filters(void) +{ + tzc400_disable_filters(); +} #endif /* __ASSEMBLY__ */ diff --git a/include/drivers/arm/tzc_common.h b/include/drivers/arm/tzc_common.h new file mode 100644 index 00000000..9b73c3f8 --- /dev/null +++ b/include/drivers/arm/tzc_common.h @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TZC_COMMON_H__ +#define __TZC_COMMON_H__ + +/* + * Offset of core registers from the start of the base of configuration + * registers for each region. + */ + +/* ID Registers */ +#define PID0_OFF 0xfe0 +#define PID1_OFF 0xfe4 +#define PID2_OFF 0xfe8 +#define PID3_OFF 0xfec +#define PID4_OFF 0xfd0 +#define CID0_OFF 0xff0 +#define CID1_OFF 0xff4 +#define CID2_OFF 0xff8 +#define CID3_OFF 0xffc + +/* Bit positions of TZC_ACTION registers */ +#define TZC_ACTION_RV_SHIFT 0 +#define TZC_ACTION_RV_MASK 0x3 +#define TZC_ACTION_RV_LOWOK 0x0 +#define TZC_ACTION_RV_LOWERR 0x1 +#define TZC_ACTION_RV_HIGHOK 0x2 +#define TZC_ACTION_RV_HIGHERR 0x3 + +/* Used along with 'tzc_region_attributes_t' below */ +#define TZC_REGION_ATTR_S_RD_SHIFT 30 +#define TZC_REGION_ATTR_S_WR_SHIFT 31 +#define TZC_REGION_ATTR_F_EN_SHIFT 0 +#define TZC_REGION_ATTR_SEC_SHIFT 30 +#define TZC_REGION_ATTR_S_RD_MASK 0x1 +#define TZC_REGION_ATTR_S_WR_MASK 0x1 +#define TZC_REGION_ATTR_SEC_MASK 0x3 + +#define TZC_REGION_ACCESS_WR_EN_SHIFT 16 +#define TZC_REGION_ACCESS_RD_EN_SHIFT 0 +#define TZC_REGION_ACCESS_ID_MASK 0xf + +/* Macros for allowing Non-Secure access to a region based on NSAID */ +#define TZC_REGION_ACCESS_RD(nsaid) \ + ((1 << (nsaid & TZC_REGION_ACCESS_ID_MASK)) << \ + TZC_REGION_ACCESS_RD_EN_SHIFT) +#define TZC_REGION_ACCESS_WR(nsaid) \ + ((1 << (nsaid & TZC_REGION_ACCESS_ID_MASK)) << \ + TZC_REGION_ACCESS_WR_EN_SHIFT) +#define TZC_REGION_ACCESS_RDWR(nsaid) \ + (TZC_REGION_ACCESS_RD(nsaid) | \ + TZC_REGION_ACCESS_WR(nsaid)) + +#ifndef __ASSEMBLY__ + +/* Returns offset of registers to program for a given region no */ +#define TZC_REGION_OFFSET(region_size, region_no) \ + ((region_size) * (region_no)) + +/* + * What type of action is expected when an access violation occurs. + * The memory requested is returned as zero. But we can also raise an event to + * let the system know it happened. + * We can raise an interrupt(INT) and/or cause an exception(ERR). + * TZC_ACTION_NONE - No interrupt, no Exception + * TZC_ACTION_ERR - No interrupt, raise exception -> sync external + * data abort + * TZC_ACTION_INT - Raise interrupt, no exception + * TZC_ACTION_ERR_INT - Raise interrupt, raise exception -> sync + * external data abort + */ +typedef enum { + TZC_ACTION_NONE = 0, + TZC_ACTION_ERR = 1, + TZC_ACTION_INT = 2, + TZC_ACTION_ERR_INT = (TZC_ACTION_ERR | TZC_ACTION_INT) +} tzc_action_t; + +/* + * Controls secure access to a region. If not enabled secure access is not + * allowed to region. + */ +typedef enum { + TZC_REGION_S_NONE = 0, + TZC_REGION_S_RD = 1, + TZC_REGION_S_WR = 2, + TZC_REGION_S_RDWR = (TZC_REGION_S_RD | TZC_REGION_S_WR) +} tzc_region_attributes_t; + +#endif /* __ASSEMBLY__ */ +#endif /* __TZC_COMMON_H__ */ -- cgit From 57f782019a0007670625414517cb94c4ab2aaa58 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Fri, 26 Feb 2016 14:23:19 +0000 Subject: Migrate ARM standard platforms to the refactored TZC driver This patch migrates ARM Standard platforms to the refactored TZC driver. Change-Id: I2a2f60b645f73e14d8f416740c4551cec87cb1fb --- include/plat/arm/common/plat_arm.h | 2 +- include/plat/arm/css/common/css_def.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index e9eebaa0..45b50771 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -130,7 +130,7 @@ void arm_configure_mmu_el3(unsigned long total_base, void arm_io_setup(void); /* Security utility functions */ -void arm_tzc_setup(void); +void arm_tzc400_setup(void); /* Systimer utility function */ void arm_configure_sys_timer(void); diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h index f92126ba..636daf29 100644 --- a/include/plat/arm/css/common/css_def.h +++ b/include/plat/arm/css/common/css_def.h @@ -143,7 +143,7 @@ #define PLAT_ARM_NS_IMAGE_OFFSET 0xE0000000 /* TZC related constants */ -#define PLAT_ARM_TZC_FILTERS REG_ATTR_FILTER_BIT_ALL +#define PLAT_ARM_TZC_FILTERS TZC_400_REGION_ATTR_FILTER_BIT_ALL /* Trusted mailbox base address common to all CSS */ #define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE -- cgit From f568604b067cfd450e6fb39121b1c510dd3c1fd1 Mon Sep 17 00:00:00 2001 From: Vikram Kanigiri Date: Fri, 29 Jan 2016 11:37:04 +0000 Subject: Add ARM CoreLink DMC-500 driver to program TrustZone protection The ARM CoreLink DMC-500 Dynamic Memory Controller provides the programmable address region control of a TrustZone Address Space Controller. The access permissions can be defined for eight separate address regions plus a background or default region. This patch adds a DMC-500 driver to define address regions and program their access permissions as per ARM 100131_0000_02_en (r0p0) document. Change-Id: I9d33120f9480d742bcf7937e4b876f9d40c727e6 --- include/drivers/arm/tzc_dmc500.h | 174 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 include/drivers/arm/tzc_dmc500.h (limited to 'include') diff --git a/include/drivers/arm/tzc_dmc500.h b/include/drivers/arm/tzc_dmc500.h new file mode 100644 index 00000000..70f8ad2d --- /dev/null +++ b/include/drivers/arm/tzc_dmc500.h @@ -0,0 +1,174 @@ +/* + * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TZC_DMC500_H__ +#define __TZC_DMC500_H__ + +#include + +#define SI_STATUS_OFFSET 0x000 +#define SI_STATE_CTRL_OFFSET 0x030 +#define SI_FLUSH_CTRL_OFFSET 0x034 +#define SI_INT_CONTROL_OFFSET 0x048 + +#define SI_INT_STATUS_OFFSET 0x004 +#define SI_TZ_FAIL_ADDRESS_LOW_OFFSET 0x008 +#define SI_TZ_FAIL_ADDRESS_HIGH_OFFSET 0x00c +#define SI_FAIL_CONTROL_OFFSET 0x010 +#define SI_FAIL_ID_OFFSET 0x014 +#define SI_INT_CLR_OFFSET 0x04c + +/* + * DMC-500 has 2 system interfaces each having a similar set of regs + * to configure each interface. + */ +#define SI0_BASE 0x0000 +#define SI1_BASE 0x0200 + +/* Bit positions of SIx_SI_STATUS */ +#define SI_EMPTY_SHIFT 0x01 +#define SI_STALL_ACK_SHIFT 0x00 +#define SI_EMPTY_MASK 0x01 +#define SI_STALL_ACK_MASK 0x01 + +/* Bit positions of SIx_SI_INT_STATUS */ +#define PMU_REQ_INT_OVERFLOW_STATUS_SHIFT 18 +#define FAILED_ACCESS_INT_OVERFLOW_STATUS_SHIFT 16 +#define PMU_REQ_INT_STATUS_SHIFT 2 +#define FAILED_ACCESS_INT_INFO_TZ_OVERLAP_STATUS_SHIFT 1 +#define FAILED_ACCESS_INT_STATUS_SHIFT 0 +#define PMU_REQ_INT_OVERFLOW_STATUS_MASK 0x1 +#define FAILED_ACCESS_INT_OVERFLOW_STATUS_MASK 0x1 +#define PMU_REQ_INT_STATUS_MASK 0x1 +#define FAILED_ACCESS_INT_INFO_TZ_OVERLAP_STATUS_MASK 0x1 +#define FAILED_ACCESS_INT_STATUS_MASK 0x1 + +/* Bit positions of SIx_TZ_FAIL_CONTROL */ +#define DIRECTION_SHIFT 24 +#define NON_SECURE_SHIFT 21 +#define PRIVILEGED_SHIFT 20 +#define FAILED_ACCESS_INT_INFO_RANK_MASKED_SHIFT 3 +#define FAILED_ACCESS_INT_INFO_UNMAPPED_SHIFT 2 +#define FAILED_ACCESS_INT_TZ_FAIL_SHIFT 0x1 +#define FAILED_ACCESS_INT_INFO_OUTSIDE_DEFAULT_SHIFT 0 +#define DIRECTION_MASK 0x1 +#define NON_SECURE_MASK 0x1 +#define PRIVILEGED_MASK 0x1 +#define FAILED_ACCESS_INT_INFO_RANK_MASKED_MASK 0x1 +#define FAILED_ACCESS_INT_INFO_UNMAPPED_MASK 0x1 +#define FAILED_ACCESS_INT_TZ_FAIL_MASK 1 +#define FAILED_ACCESS_INT_INFO_OUTSIDE_DEFAULT_MASK 0x1 + +/* Bit positions of SIx_FAIL_STATUS */ +#define FAIL_ID_VNET_SHIFT 24 +#define FAIL_ID_ID_SHIFT 0 +#define FAIL_ID_VNET_MASK 0xf +#define FAIL_ID_ID_MASK 0xffffff + +/* Bit positions of SIx_SI_STATE_CONTRL */ +#define SI_STALL_REQ_GO 0x0 +#define SI_STALL_REQ_STALL 0x1 + +/* Bit positions of SIx_SI_FLUSH_CONTROL */ +#define SI_FLUSH_REQ_INACTIVE 0x0 +#define SI_FLUSH_REQ_ACTIVE 0x1 +#define SI_FLUSH_REQ_MASK 0x1 + +/* Bit positions of SIx_SI_INT_CONTROL */ +#define PMU_REQ_INT_EN_SHIFT 2 +#define OVERLAP_DETECT_INT_EN_SHIFT 1 +#define FAILED_ACCESS_INT_EN_SHIFT 0 +#define PMU_REQ_INT_EN_MASK 0x1 +#define OVERLAP_DETECT_INT_EN_MASK 0x1 +#define FAILED_ACCESS_INT_EN_MASK 0x1 +#define PMU_REQ_INT_EN 0x1 +#define OVERLAP_DETECT_INT_EN 0x1 +#define FAILED_ACCESS_INT_EN 0x1 + +/* Bit positions of SIx_SI_INT_CLR */ +#define PMU_REQ_OFLOW_CLR_SHIFT 18 +#define FAILED_ACCESS_OFLOW_CLR_SHIFT 16 +#define PMU_REQ_INT_CLR_SHIFT 2 +#define FAILED_ACCESS_INT_CLR_SHIFT 0 +#define PMU_REQ_OFLOW_CLR_MASK 0x1 +#define FAILED_ACCESS_OFLOW_CLR_MASK 0x1 +#define PMU_REQ_INT_CLR_MASK 0x1 +#define FAILED_ACCESS_INT_CLR_MASK 0x1 +#define PMU_REQ_OFLOW_CLR 0x1 +#define FAILED_ACCESS_OFLOW_CLR 0x1 +#define PMU_REQ_INT_CLR 0x1 +#define FAILED_ACCESS_INT_CLR 0x1 + +/* Macro to get the correct base register for a system interface */ +#define IFACE_OFFSET(sys_if) ((sys_if) ? SI1_BASE : SI0_BASE) + +#define MAX_SYS_IF_COUNT 2 +#define MAX_REGION_VAL 8 + +/* DMC-500 supports striping across a max of 4 DMC instances */ +#define MAX_DMC_COUNT 4 + +/* Consist of part_number_1 and part_number_0 */ +#define DMC500_PERIPHERAL_ID 0x0450 + +/* Filter enable bits in a TZC */ +#define TZC_DMC500_REGION_ATTR_F_EN_MASK 0x1 + +/* Length of registers for configuring each region */ +#define TZC_DMC500_REGION_SIZE 0x018 + +#ifndef __ASSEMBLY__ + +#include + +/* + * Contains the base addresses of all the DMC instances. + */ +typedef struct tzc_dmc500_driver_data { + uintptr_t dmc_base[MAX_DMC_COUNT]; + int dmc_count; +} tzc_dmc500_driver_data_t; + +void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data); +void tzc_dmc500_configure_region0(tzc_region_attributes_t sec_attr, + unsigned int nsaid_permissions); +void tzc_dmc500_configure_region(int region_no, + uintptr_t region_base, + uintptr_t region_top, + tzc_region_attributes_t sec_attr, + unsigned int nsaid_permissions); +void tzc_dmc500_set_action(tzc_action_t action); +void tzc_dmc500_config_complete(void); +int tzc_dmc500_verify_complete(void); + + +#endif /* __ASSEMBLY__ */ +#endif /* __TZC_DMC500_H__ */ + -- cgit From 618f0feeed78db24974b1d761dd161f63d03fa11 Mon Sep 17 00:00:00 2001 From: Vikram Kanigiri Date: Fri, 29 Jan 2016 12:32:58 +0000 Subject: Add support to program a DMC-500 TZC on ARM platforms This patch adds support to program TrustZone protection on ARM platforms that implement a DMC-500. arm_dmc_500.c has been added which implements the arm_dmc_tzc_setup() function. This function relies on constants related to TZC programming that are exported by each platform to program TrustZone protection using the DMC-500 TrustZone controller driver. This function should be called from plat_arm_security_setup() which is implemented by each platform. Change-Id: I5400bdee9e4b29155fd11296a40693d512312f29 --- include/plat/arm/common/plat_arm.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 45b50771..2fe0a690 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -131,6 +131,8 @@ void arm_io_setup(void); /* Security utility functions */ void arm_tzc400_setup(void); +struct tzc_dmc500_driver_data; +void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data); /* Systimer utility function */ void arm_configure_sys_timer(void); -- cgit