From 23411d2c4adcec412befb4ffbbfbf81c743a59c6 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Mon, 12 Mar 2018 11:28:26 +0800
Subject: [PATCH] plat/arm: Allow override of default TZC regions
This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.
This override mechanism allows specifying special regions for TZMP1
usecase.
Signed-off-by: Summer Qin <summer.qin@arm.com>
---
include/plat/arm/common/plat_arm.h | 43 +++++++++++++++++++-
plat/arm/board/fvp/fvp_security.c | 4 +-
plat/arm/board/juno/juno_security.c | 4 +-
plat/arm/common/arm_tzc400.c | 62 +++++++++++------------------
plat/arm/common/arm_tzc_dmc500.c | 47 +++++++++++-----------
5 files changed, 92 insertions(+), 68 deletions(-)
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index b0db8f08f..f79450ce9 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -11,6 +11,7 @@
#include <cassert.h>
#include <cpu_data.h>
#include <stdint.h>
+#include <tzc_common.h>
#include <utils_def.h>
/*******************************************************************************
@@ -21,6 +22,43 @@ struct meminfo;
struct image_info;
struct bl_params;
+typedef struct arm_tzc_regions_info {
+ unsigned long long base;
+ unsigned long long end;
+ tzc_region_attributes_t sec_attr;
+ unsigned int nsaid_permissions;
+} arm_tzc_regions_info_t;
+
+/*******************************************************************************
+ * Default mapping definition of the TrustZone Controller for ARM standard
+ * platforms.
+ * Configure:
+ * - Region 0 with no access;
+ * - Region 1 with secure access only;
+ * - the remaining DRAM regions access from the given Non-Secure masters.
+ ******************************************************************************/
+#if ENABLE_SPM
+#define ARM_TZC_REGIONS_DEF \
+ {ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
+ TZC_REGION_S_RDWR, 0}, \
+ {ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_SP_IMAGE_NS_BUF_BASE, (ARM_SP_IMAGE_NS_BUF_BASE + \
+ ARM_SP_IMAGE_NS_BUF_SIZE) - 1, TZC_REGION_S_NONE, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}
+
+#else
+#define ARM_TZC_REGIONS_DEF \
+ {ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
+ TZC_REGION_S_RDWR, 0}, \
+ {ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}
+#endif
+
#define ARM_CASSERT_MMAP \
CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \
<= MAX_MMAP_REGIONS, \
@@ -110,9 +148,10 @@ void arm_setup_page_tables(uintptr_t total_base,
void arm_io_setup(void);
/* Security utility functions */
-void arm_tzc400_setup(void);
+void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions);
struct tzc_dmc500_driver_data;
-void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data);
+void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data,
+ const arm_tzc_regions_info_t *tzc_regions);
/* Systimer utility function */
void arm_configure_sys_timer(void);
diff --git a/plat/arm/board/fvp/fvp_security.c b/plat/arm/board/fvp/fvp_security.c
index 4559865b3..a6c92278f 100644
--- a/plat/arm/board/fvp/fvp_security.c
+++ b/plat/arm/board/fvp/fvp_security.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -22,5 +22,5 @@ void plat_arm_security_setup(void)
*/
if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
}
diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c
index ce4239bf6..9f28901d2 100644
--- a/plat/arm/board/juno/juno_security.c
+++ b/plat/arm/board/juno/juno_security.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -59,7 +59,7 @@ void plat_arm_security_setup(void)
/* Initialize debug configuration */
init_debug_cfg();
/* Initialize the TrustZone Controller */
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
/* Do ARM CSS internal NIC setup */
css_init_nic400();
/* Do ARM CSS SoC security setup */
diff --git a/plat/arm/common/arm_tzc400.c b/plat/arm/common/arm_tzc400.c
index 6b706be92..a32736c3a 100644
--- a/plat/arm/common/arm_tzc400.c
+++ b/plat/arm/common/arm_tzc400.c
@@ -18,16 +18,20 @@
/*******************************************************************************
* Initialize the TrustZone Controller for ARM standard platforms.
- * Configure:
- * - Region 0 with no access;
- * - Region 1 with secure access only;
- * - the remaining DRAM regions access from the given Non-Secure masters.
- *
* When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region.
******************************************************************************/
-void arm_tzc400_setup(void)
+void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions)
{
+#ifndef EL3_PAYLOAD_BASE
+ int region_index = 1;
+ const arm_tzc_regions_info_t *p;
+ const arm_tzc_regions_info_t init_tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {0}
+ };
+#endif
+
INFO("Configuring TrustZone Controller\n");
tzc400_init(PLAT_ARM_TZC_BASE);
@@ -36,42 +40,22 @@ void arm_tzc400_setup(void)
tzc400_disable_filters();
#ifndef EL3_PAYLOAD_BASE
+ if (tzc_regions == NULL)
+ p = init_tzc_regions;
+ else
+ p = tzc_regions;
/* Region 0 set to no access by default */
tzc400_configure_region0(TZC_REGION_S_NONE, 0);
- /* Region 1 set to cover Secure part of DRAM */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
- ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
- TZC_REGION_S_RDWR,
- 0);
-
- /* Region 2 set to cover Non-Secure access to 1st DRAM address range.
- * Apply the same configuration to given filters in the TZC. */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
- ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-
- /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
- ARM_DRAM2_BASE, ARM_DRAM2_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-
-#if ENABLE_SPM
- /*
- * Region 4 set to cover Non-Secure access to the communication buffer
- * shared with the Secure world.
- */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
- 4,
- ARM_SP_IMAGE_NS_BUF_BASE,
- (ARM_SP_IMAGE_NS_BUF_BASE +
- ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
- TZC_REGION_S_NONE,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-#endif
+ /* Rest Regions set according to tzc_regions array */
+ for (; p->base != 0ULL; p++) {
+ tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
+ p->base, p->end, p->sec_attr, p->nsaid_permissions);
+ region_index++;
+ }
+
+ INFO("Total %d regions set.\n", region_index);
#else /* if defined(EL3_PAYLOAD_BASE) */
@@ -92,5 +76,5 @@ void arm_tzc400_setup(void)
void plat_arm_security_setup(void)
{
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
}
diff --git a/plat/arm/common/arm_tzc_dmc500.c b/plat/arm/common/arm_tzc_dmc500.c
index 8e41391f5..89c502cce 100644
--- a/plat/arm/common/arm_tzc_dmc500.c
+++ b/plat/arm/common/arm_tzc_dmc500.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -12,15 +12,21 @@
/*******************************************************************************
* Initialize the DMC500-TrustZone Controller for ARM standard platforms.
- * Configure both the interfaces on Region 0 with no access, Region 1 with
- * secure access only, and the remaining DRAM regions access from the
- * given Non-Secure masters.
- *
* When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region.
******************************************************************************/
-void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
+void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data,
+ const arm_tzc_regions_info_t *tzc_regions)
{
+#ifndef EL3_PAYLOAD_BASE
+ int region_index = 1;
+ const arm_tzc_regions_info_t *p;
+ const arm_tzc_regions_info_t init_tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {0}
+ };
+#endif
+
assert(plat_driver_data);
INFO("Configuring DMC-500 TZ Settings\n");
@@ -28,28 +34,23 @@ void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
tzc_dmc500_driver_init(plat_driver_data);
#ifndef EL3_PAYLOAD_BASE
+ if (tzc_regions == NULL)
+ p = init_tzc_regions;
+ else
+ p = tzc_regions;
+
/* Region 0 set to no access by default */
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
- /* Region 1 set to cover Secure part of DRAM */
- tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE,
- ARM_EL3_TZC_DRAM1_END,
- TZC_REGION_S_RDWR,
- 0);
+ /* Rest Regions set according to tzc_regions array */
+ for (; p->base != 0ULL; p++) {
+ tzc_dmc500_configure_region(region_index, p->base, p->end,
+ p->sec_attr, p->nsaid_permissions);
+ region_index++;
+ }
- /* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/
- tzc_dmc500_configure_region(2,
- ARM_NS_DRAM1_BASE,
- ARM_NS_DRAM1_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
+ INFO("Total %d regions set.\n", region_index);
- /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
- tzc_dmc500_configure_region(3,
- ARM_DRAM2_BASE,
- ARM_DRAM2_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
#else
/* Allow secure access only to DRAM for EL3 payloads */
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
--
GitLab