1 /* SPDX-License-Identifier: (BSD-2-Clause AND BSD-3-Clause) */ 2 /* 3 * Copyright (c) 2015, Linaro Limited 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright notice, 13 * this list of conditions and the following disclaimer in the documentation 14 * and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 /* 29 * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. 30 * 31 * Redistribution and use in source and binary forms, with or without 32 * modification, are permitted provided that the following conditions are met: 33 * 34 * Redistributions of source code must retain the above copyright notice, this 35 * list of conditions and the following disclaimer. 36 * 37 * Redistributions in binary form must reproduce the above copyright notice, 38 * this list of conditions and the following disclaimer in the documentation 39 * and/or other materials provided with the distribution. 40 * 41 * Neither the name of ARM nor the names of its contributors may be used 42 * to endorse or promote products derived from this software without specific 43 * prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 46 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 49 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 50 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 51 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 52 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 53 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 55 * POSSIBILITY OF SUCH DAMAGE. 56 */ 57 58 #ifndef __DRIVERS_TZC400_H 59 #define __DRIVERS_TZC400_H 60 61 #include <stdint.h> 62 #include <types_ext.h> 63 #include <trace_levels.h> 64 #include <tee_api_types.h> 65 #include <util.h> 66 67 #define TZC400_REG_SIZE U(0x1000) 68 69 #define BUILD_CONFIG_OFF U(0x000) 70 #define ACTION_OFF U(0x004) 71 #define GATE_KEEPER_OFF U(0x008) 72 #define SPECULATION_CTRL_OFF U(0x00c) 73 #define INT_STATUS U(0x010) 74 #define INT_CLEAR U(0x014) 75 76 #define FAIL_ADDRESS_LOW_OFF U(0x020) 77 #define FAIL_ADDRESS_HIGH_OFF U(0x024) 78 #define FAIL_CONTROL_OFF U(0x028) 79 #define FAIL_ID_OFF U(0x02c) 80 #define FAIL_FILTER_OFF(idx) (U(0x10) * (idx)) 81 82 #define FAIL_ADDRESS_LOW(idx) (FAIL_ADDRESS_LOW_OFF + FAIL_FILTER_OFF(idx)) 83 #define FAIL_ADDRESS_HIGH(idx) (FAIL_ADDRESS_HIGH_OFF + FAIL_FILTER_OFF(idx)) 84 #define FAIL_CONTROL(idx) (FAIL_CONTROL_OFF + FAIL_FILTER_OFF(idx)) 85 #define FAIL_ID(idx) (FAIL_ID_OFF + FAIL_FILTER_OFF(idx)) 86 87 #define REGION_BASE_LOW_OFF U(0x100) 88 #define REGION_BASE_HIGH_OFF U(0x104) 89 #define REGION_TOP_LOW_OFF U(0x108) 90 #define REGION_TOP_HIGH_OFF U(0x10c) 91 #define REGION_ATTRIBUTES_OFF U(0x110) 92 #define REGION_ID_ACCESS_OFF U(0x114) 93 #define REGION_NUM_OFF(region) (U(0x20) * (region)) 94 95 /* ID Registers */ 96 #define PID0_OFF U(0xfe0) 97 #define PID1_OFF U(0xfe4) 98 #define PID2_OFF U(0xfe8) 99 #define PID3_OFF U(0xfec) 100 #define PID4_OFF U(0xfd0) 101 #define PID5_OFF U(0xfd4) 102 #define PID6_OFF U(0xfd8) 103 #define PID7_OFF U(0xfdc) 104 #define CID0_OFF U(0xff0) 105 #define CID1_OFF U(0xff4) 106 #define CID2_OFF U(0xff8) 107 #define CID3_OFF U(0xffc) 108 109 #define BUILD_CONFIG_NF_SHIFT U(24) 110 #define BUILD_CONFIG_NF_MASK U(0x3) 111 #define BUILD_CONFIG_AW_SHIFT U(8) 112 #define BUILD_CONFIG_AW_MASK U(0x3f) 113 #define BUILD_CONFIG_NR_SHIFT U(0) 114 #define BUILD_CONFIG_NR_MASK U(0x1f) 115 116 /* Not describing the case where regions 1 to 8 overlap */ 117 #define ACTION_RV_SHIFT U(0) 118 #define ACTION_RV_MASK U(0x3) 119 #define ACTION_RV_LOWOK U(0x0) 120 #define ACTION_RV_LOWERR U(0x1) 121 #define ACTION_RV_HIGHOK U(0x2) 122 #define ACTION_RV_HIGHERR U(0x3) 123 124 /* 125 * Number of gate keepers is implementation defined. But we know the max for 126 * this device is 4. Get implementation details from BUILD_CONFIG. 127 */ 128 #define GATE_KEEPER_OS_SHIFT U(16) 129 #define GATE_KEEPER_OS_MASK U(0xf) 130 #define GATE_KEEPER_OR_SHIFT U(0) 131 #define GATE_KEEPER_OR_MASK U(0xf) 132 #define GATE_KEEPER_FILTER_MASK U(0x1) 133 134 /* Speculation is enabled by default. */ 135 #define SPECULATION_CTRL_WRITE_DISABLE BIT(1) 136 #define SPECULATION_CTRL_READ_DISABLE BIT(0) 137 138 /* Max number of filters allowed is 4. */ 139 #define INT_STATUS_OVERLAP_SHIFT U(16) 140 #define INT_STATUS_OVERLAP_MASK U(0xf) 141 #define INT_STATUS_OVERRUN_SHIFT U(8) 142 #define INT_STATUS_OVERRUN_MASK U(0xf) 143 #define INT_STATUS_STATUS_SHIFT U(0) 144 #define INT_STATUS_STATUS_MASK U(0xf) 145 146 #define INT_CLEAR_CLEAR_SHIFT U(0) 147 #define INT_CLEAR_CLEAR_MASK U(0xf) 148 149 /* If set write access, else read access */ 150 #define FAIL_CONTROL_DIRECTION_WRITE BIT(24) 151 /* If set non-secure access, else secure access */ 152 #define FAIL_CONTROL_NONSECURE BIT(21) 153 /* If set privileged access, else unprivileged access */ 154 #define FAIL_CONTROL_PRIVILEGED BIT(20) 155 156 /* 157 * FAIL_ID_ID_MASK depends on AID_WIDTH which is platform specific. 158 * Platform should provide the value on initialisation. 159 */ 160 #define FAIL_ID_VNET_SHIFT U(24) 161 #define FAIL_ID_VNET_MASK U(0xf) 162 #define FAIL_ID_ID_SHIFT U(0) 163 164 /* Used along with 'enum tzc_region_attributes' below */ 165 #define REG_ATTR_SEC_SHIFT U(30) 166 #define REG_ATTR_F_EN_SHIFT U(0) 167 #define REG_ATTR_F_EN_MASK U(0xf) 168 #define REG_ATTR_FILTER_BIT(x) SHIFT_U32(BIT(x), REG_ATTR_F_EN_SHIFT) 169 #define REG_ATTR_FILTER_BIT_ALL SHIFT_U32(REG_ATTR_F_EN_MASK, \ 170 REG_ATTR_F_EN_SHIFT) 171 172 #define REGION_ID_ACCESS_NSAID_WR_EN_SHIFT U(16) 173 #define REGION_ID_ACCESS_NSAID_RD_EN_SHIFT U(0) 174 #define REGION_ID_ACCESS_NSAID_ID_MASK U(0xf) 175 176 177 /* Macros for setting Region ID access permissions based on NSAID */ 178 #define TZC_REGION_ACCESS_RD(id) \ 179 SHIFT_U32(BIT(id & REGION_ID_ACCESS_NSAID_ID_MASK), \ 180 REGION_ID_ACCESS_NSAID_RD_EN_SHIFT) 181 #define TZC_REGION_ACCESS_WR(id) \ 182 SHIFT_U32(BIT(id & REGION_ID_ACCESS_NSAID_ID_MASK), \ 183 REGION_ID_ACCESS_NSAID_WR_EN_SHIFT) 184 #define TZC_REGION_ACCESS_RDWR(id) \ 185 (TZC_REGION_ACCESS_RD(id) | TZC_REGION_ACCESS_WR(id)) 186 187 /* Filters are bit mapped 0 to 3. */ 188 #define TZC400_COMPONENT_ID U(0xb105f00d) 189 190 /******************************************************************************* 191 * Function & variable prototypes 192 ******************************************************************************/ 193 194 /* 195 * What type of action is expected when an access violation occurs. 196 * The memory requested is zeroed. But we can also raise and event to 197 * let the system know it happened. 198 * We can raise an interrupt(INT) and/or cause an exception(ERR). 199 * TZC_ACTION_NONE - No interrupt, no Exception 200 * TZC_ACTION_ERR - No interrupt, raise exception -> sync external 201 * data abort 202 * TZC_ACTION_INT - Raise interrupt, no exception 203 * TZC_ACTION_ERR_INT - Raise interrupt, raise exception -> sync 204 * external data abort 205 */ 206 enum tzc_action { 207 TZC_ACTION_NONE = 0, 208 TZC_ACTION_ERR = 1, 209 TZC_ACTION_INT = 2, 210 TZC_ACTION_ERR_INT = (TZC_ACTION_ERR | TZC_ACTION_INT) 211 }; 212 213 /* 214 * Controls secure access to a region. If not enabled secure access is not 215 * allowed to region. 216 */ 217 enum tzc_region_attributes { 218 TZC_REGION_S_NONE = 0, 219 TZC_REGION_S_RD = 1, 220 TZC_REGION_S_WR = 2, 221 TZC_REGION_S_RDWR = (TZC_REGION_S_RD | TZC_REGION_S_WR) 222 }; 223 224 struct tzc_region_config { 225 uint32_t filters; 226 vaddr_t base; 227 vaddr_t top; 228 enum tzc_region_attributes sec_attr; 229 uint32_t ns_device_access; 230 }; 231 232 void tzc_init(vaddr_t base); 233 void tzc_configure_region(uint8_t region, const struct tzc_region_config *cfg); 234 TEE_Result tzc_get_region_config(uint8_t region, struct tzc_region_config *cfg); 235 void tzc_enable_filters(void); 236 void tzc_disable_filters(void); 237 void tzc_set_action(enum tzc_action action); 238 239 void tzc_fail_dump(void); 240 void tzc_int_clear(void); 241 242 #if TRACE_LEVEL >= TRACE_DEBUG 243 void tzc_dump_state(void); 244 #else 245 static inline void tzc_dump_state(void) 246 { 247 } 248 #endif 249 250 #endif /* __DRIVERS_TZC400_H */ 251