Commit 23411d2c authored by Summer Qin's avatar Summer Qin
Browse files

plat/arm: Allow override of default TZC regions



This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.

This override mechanism allows specifying special regions for TZMP1
usecase.
Signed-off-by: default avatarSummer Qin <summer.qin@arm.com>
parent f11916bf
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#include <cassert.h> #include <cassert.h>
#include <cpu_data.h> #include <cpu_data.h>
#include <stdint.h> #include <stdint.h>
#include <tzc_common.h>
#include <utils_def.h> #include <utils_def.h>
/******************************************************************************* /*******************************************************************************
...@@ -21,6 +22,43 @@ struct meminfo; ...@@ -21,6 +22,43 @@ struct meminfo;
struct image_info; struct image_info;
struct bl_params; struct bl_params;
typedef struct arm_tzc_regions_info {
unsigned long long base;
unsigned long long end;
tzc_region_attributes_t sec_attr;
unsigned int nsaid_permissions;
} arm_tzc_regions_info_t;
/*******************************************************************************
* Default mapping definition of the TrustZone Controller for ARM standard
* platforms.
* Configure:
* - Region 0 with no access;
* - Region 1 with secure access only;
* - the remaining DRAM regions access from the given Non-Secure masters.
******************************************************************************/
#if ENABLE_SPM
#define ARM_TZC_REGIONS_DEF \
{ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
TZC_REGION_S_RDWR, 0}, \
{ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
{ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
{ARM_SP_IMAGE_NS_BUF_BASE, (ARM_SP_IMAGE_NS_BUF_BASE + \
ARM_SP_IMAGE_NS_BUF_SIZE) - 1, TZC_REGION_S_NONE, \
PLAT_ARM_TZC_NS_DEV_ACCESS}
#else
#define ARM_TZC_REGIONS_DEF \
{ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
TZC_REGION_S_RDWR, 0}, \
{ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
{ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
PLAT_ARM_TZC_NS_DEV_ACCESS}
#endif
#define ARM_CASSERT_MMAP \ #define ARM_CASSERT_MMAP \
CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \ CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \
<= MAX_MMAP_REGIONS, \ <= MAX_MMAP_REGIONS, \
...@@ -110,9 +148,10 @@ void arm_setup_page_tables(uintptr_t total_base, ...@@ -110,9 +148,10 @@ void arm_setup_page_tables(uintptr_t total_base,
void arm_io_setup(void); void arm_io_setup(void);
/* Security utility functions */ /* Security utility functions */
void arm_tzc400_setup(void); void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions);
struct tzc_dmc500_driver_data; struct tzc_dmc500_driver_data;
void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data); void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data,
const arm_tzc_regions_info_t *tzc_regions);
/* Systimer utility function */ /* Systimer utility function */
void arm_configure_sys_timer(void); void arm_configure_sys_timer(void);
......
/* /*
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
...@@ -22,5 +22,5 @@ void plat_arm_security_setup(void) ...@@ -22,5 +22,5 @@ void plat_arm_security_setup(void)
*/ */
if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC) if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
arm_tzc400_setup(); arm_tzc400_setup(NULL);
} }
/* /*
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
...@@ -59,7 +59,7 @@ void plat_arm_security_setup(void) ...@@ -59,7 +59,7 @@ void plat_arm_security_setup(void)
/* Initialize debug configuration */ /* Initialize debug configuration */
init_debug_cfg(); init_debug_cfg();
/* Initialize the TrustZone Controller */ /* Initialize the TrustZone Controller */
arm_tzc400_setup(); arm_tzc400_setup(NULL);
/* Do ARM CSS internal NIC setup */ /* Do ARM CSS internal NIC setup */
css_init_nic400(); css_init_nic400();
/* Do ARM CSS SoC security setup */ /* Do ARM CSS SoC security setup */
......
...@@ -18,16 +18,20 @@ ...@@ -18,16 +18,20 @@
/******************************************************************************* /*******************************************************************************
* Initialize the TrustZone Controller for ARM standard platforms. * Initialize the TrustZone Controller for ARM standard platforms.
* Configure:
* - Region 0 with no access;
* - Region 1 with secure access only;
* - the remaining DRAM regions access from the given Non-Secure masters.
*
* When booting an EL3 payload, this is simplified: we configure region 0 with * When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region. * secure access only and do not enable any other region.
******************************************************************************/ ******************************************************************************/
void arm_tzc400_setup(void) void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions)
{ {
#ifndef EL3_PAYLOAD_BASE
int region_index = 1;
const arm_tzc_regions_info_t *p;
const arm_tzc_regions_info_t init_tzc_regions[] = {
ARM_TZC_REGIONS_DEF,
{0}
};
#endif
INFO("Configuring TrustZone Controller\n"); INFO("Configuring TrustZone Controller\n");
tzc400_init(PLAT_ARM_TZC_BASE); tzc400_init(PLAT_ARM_TZC_BASE);
...@@ -36,42 +40,22 @@ void arm_tzc400_setup(void) ...@@ -36,42 +40,22 @@ void arm_tzc400_setup(void)
tzc400_disable_filters(); tzc400_disable_filters();
#ifndef EL3_PAYLOAD_BASE #ifndef EL3_PAYLOAD_BASE
if (tzc_regions == NULL)
p = init_tzc_regions;
else
p = tzc_regions;
/* Region 0 set to no access by default */ /* Region 0 set to no access by default */
tzc400_configure_region0(TZC_REGION_S_NONE, 0); tzc400_configure_region0(TZC_REGION_S_NONE, 0);
/* Region 1 set to cover Secure part of DRAM */ /* Rest Regions set according to tzc_regions array */
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1, for (; p->base != 0ULL; p++) {
ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
TZC_REGION_S_RDWR, p->base, p->end, p->sec_attr, p->nsaid_permissions);
0); region_index++;
}
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
* Apply the same configuration to given filters in the TZC. */ INFO("Total %d regions set.\n", region_index);
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
ARM_TZC_NS_DRAM_S_ACCESS,
PLAT_ARM_TZC_NS_DEV_ACCESS);
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
ARM_DRAM2_BASE, ARM_DRAM2_END,
ARM_TZC_NS_DRAM_S_ACCESS,
PLAT_ARM_TZC_NS_DEV_ACCESS);
#if ENABLE_SPM
/*
* Region 4 set to cover Non-Secure access to the communication buffer
* shared with the Secure world.
*/
tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
4,
ARM_SP_IMAGE_NS_BUF_BASE,
(ARM_SP_IMAGE_NS_BUF_BASE +
ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
TZC_REGION_S_NONE,
PLAT_ARM_TZC_NS_DEV_ACCESS);
#endif
#else /* if defined(EL3_PAYLOAD_BASE) */ #else /* if defined(EL3_PAYLOAD_BASE) */
...@@ -92,5 +76,5 @@ void arm_tzc400_setup(void) ...@@ -92,5 +76,5 @@ void arm_tzc400_setup(void)
void plat_arm_security_setup(void) void plat_arm_security_setup(void)
{ {
arm_tzc400_setup(); arm_tzc400_setup(NULL);
} }
/* /*
* Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
...@@ -12,15 +12,21 @@ ...@@ -12,15 +12,21 @@
/******************************************************************************* /*******************************************************************************
* Initialize the DMC500-TrustZone Controller for ARM standard platforms. * Initialize the DMC500-TrustZone Controller for ARM standard platforms.
* Configure both the interfaces on Region 0 with no access, Region 1 with
* secure access only, and the remaining DRAM regions access from the
* given Non-Secure masters.
*
* When booting an EL3 payload, this is simplified: we configure region 0 with * When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region. * secure access only and do not enable any other region.
******************************************************************************/ ******************************************************************************/
void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data) void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data,
const arm_tzc_regions_info_t *tzc_regions)
{ {
#ifndef EL3_PAYLOAD_BASE
int region_index = 1;
const arm_tzc_regions_info_t *p;
const arm_tzc_regions_info_t init_tzc_regions[] = {
ARM_TZC_REGIONS_DEF,
{0}
};
#endif
assert(plat_driver_data); assert(plat_driver_data);
INFO("Configuring DMC-500 TZ Settings\n"); INFO("Configuring DMC-500 TZ Settings\n");
...@@ -28,28 +34,23 @@ void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data) ...@@ -28,28 +34,23 @@ void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
tzc_dmc500_driver_init(plat_driver_data); tzc_dmc500_driver_init(plat_driver_data);
#ifndef EL3_PAYLOAD_BASE #ifndef EL3_PAYLOAD_BASE
if (tzc_regions == NULL)
p = init_tzc_regions;
else
p = tzc_regions;
/* Region 0 set to no access by default */ /* Region 0 set to no access by default */
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0); tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
/* Region 1 set to cover Secure part of DRAM */ /* Rest Regions set according to tzc_regions array */
tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE, for (; p->base != 0ULL; p++) {
ARM_EL3_TZC_DRAM1_END, tzc_dmc500_configure_region(region_index, p->base, p->end,
TZC_REGION_S_RDWR, p->sec_attr, p->nsaid_permissions);
0); region_index++;
}
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/ INFO("Total %d regions set.\n", region_index);
tzc_dmc500_configure_region(2,
ARM_NS_DRAM1_BASE,
ARM_NS_DRAM1_END,
ARM_TZC_NS_DRAM_S_ACCESS,
PLAT_ARM_TZC_NS_DEV_ACCESS);
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
tzc_dmc500_configure_region(3,
ARM_DRAM2_BASE,
ARM_DRAM2_END,
ARM_TZC_NS_DRAM_S_ACCESS,
PLAT_ARM_TZC_NS_DEV_ACCESS);
#else #else
/* Allow secure access only to DRAM for EL3 payloads */ /* Allow secure access only to DRAM for EL3 payloads */
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0); tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment