16b477063SVikram Kanigiri /* 2fb1198b1SAntonio Nino Diaz * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. 36b477063SVikram Kanigiri * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 56b477063SVikram Kanigiri */ 66b477063SVikram Kanigiri 76b477063SVikram Kanigiri #include <assert.h> 86b477063SVikram Kanigiri #include <debug.h> 96b477063SVikram Kanigiri #include <mmio.h> 106b477063SVikram Kanigiri #include <stddef.h> 116b477063SVikram Kanigiri #include <tzc400.h> 12239b085cSAntonio Nino Diaz #include "tzc_common_private.h" 136b477063SVikram Kanigiri 146b477063SVikram Kanigiri /* 156b477063SVikram Kanigiri * Macros which will be used by common core functions. 166b477063SVikram Kanigiri */ 176b477063SVikram Kanigiri #define TZC_400_REGION_BASE_LOW_0_OFFSET 0x100 186b477063SVikram Kanigiri #define TZC_400_REGION_BASE_HIGH_0_OFFSET 0x104 196b477063SVikram Kanigiri #define TZC_400_REGION_TOP_LOW_0_OFFSET 0x108 206b477063SVikram Kanigiri #define TZC_400_REGION_TOP_HIGH_0_OFFSET 0x10c 216b477063SVikram Kanigiri #define TZC_400_REGION_ATTR_0_OFFSET 0x110 226b477063SVikram Kanigiri #define TZC_400_REGION_ID_ACCESS_0_OFFSET 0x114 236b477063SVikram Kanigiri 246b477063SVikram Kanigiri /* 256b477063SVikram Kanigiri * Implementation defined values used to validate inputs later. 266b477063SVikram Kanigiri * Filters : max of 4 ; 0 to 3 276b477063SVikram Kanigiri * Regions : max of 9 ; 0 to 8 286b477063SVikram Kanigiri * Address width : Values between 32 to 64 296b477063SVikram Kanigiri */ 306b477063SVikram Kanigiri typedef struct tzc400_instance { 316b477063SVikram Kanigiri uintptr_t base; 326b477063SVikram Kanigiri uint8_t addr_width; 336b477063SVikram Kanigiri uint8_t num_filters; 346b477063SVikram Kanigiri uint8_t num_regions; 356b477063SVikram Kanigiri } tzc400_instance_t; 366b477063SVikram Kanigiri 37*1af540efSRoberto Vargas static tzc400_instance_t tzc400; 386b477063SVikram Kanigiri 396b477063SVikram Kanigiri static inline unsigned int _tzc400_read_build_config(uintptr_t base) 406b477063SVikram Kanigiri { 416b477063SVikram Kanigiri return mmio_read_32(base + BUILD_CONFIG_OFF); 426b477063SVikram Kanigiri } 436b477063SVikram Kanigiri 446b477063SVikram Kanigiri static inline unsigned int _tzc400_read_gate_keeper(uintptr_t base) 456b477063SVikram Kanigiri { 466b477063SVikram Kanigiri return mmio_read_32(base + GATE_KEEPER_OFF); 476b477063SVikram Kanigiri } 486b477063SVikram Kanigiri 496b477063SVikram Kanigiri static inline void _tzc400_write_gate_keeper(uintptr_t base, unsigned int val) 506b477063SVikram Kanigiri { 516b477063SVikram Kanigiri mmio_write_32(base + GATE_KEEPER_OFF, val); 526b477063SVikram Kanigiri } 536b477063SVikram Kanigiri 546b477063SVikram Kanigiri /* 556b477063SVikram Kanigiri * Get the open status information for all filter units. 566b477063SVikram Kanigiri */ 576b477063SVikram Kanigiri #define get_gate_keeper_os(base) ((_tzc400_read_gate_keeper(base) >> \ 586b477063SVikram Kanigiri GATE_KEEPER_OS_SHIFT) & \ 596b477063SVikram Kanigiri GATE_KEEPER_OS_MASK) 606b477063SVikram Kanigiri 616b477063SVikram Kanigiri 626b477063SVikram Kanigiri /* Define common core functions used across different TZC peripherals. */ 636b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_ACTION(400, 400) 646b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_BASE(400, 400) 656b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_TOP(400, 400) 666b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(400, 400) 676b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(400, 400) 686b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION0(400) 696b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION(400) 706b477063SVikram Kanigiri 716b477063SVikram Kanigiri static unsigned int _tzc400_get_gate_keeper(uintptr_t base, 726b477063SVikram Kanigiri unsigned int filter) 736b477063SVikram Kanigiri { 746b477063SVikram Kanigiri unsigned int open_status; 756b477063SVikram Kanigiri 766b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 776b477063SVikram Kanigiri 786b477063SVikram Kanigiri return (open_status >> filter) & GATE_KEEPER_FILTER_MASK; 796b477063SVikram Kanigiri } 806b477063SVikram Kanigiri 816b477063SVikram Kanigiri /* This function is not MP safe. */ 826b477063SVikram Kanigiri static void _tzc400_set_gate_keeper(uintptr_t base, 836b477063SVikram Kanigiri unsigned int filter, 846b477063SVikram Kanigiri int val) 856b477063SVikram Kanigiri { 866b477063SVikram Kanigiri unsigned int open_status; 876b477063SVikram Kanigiri 886b477063SVikram Kanigiri /* Upper half is current state. Lower half is requested state. */ 896b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 906b477063SVikram Kanigiri 916b477063SVikram Kanigiri if (val) 926b477063SVikram Kanigiri open_status |= (1 << filter); 936b477063SVikram Kanigiri else 946b477063SVikram Kanigiri open_status &= ~(1 << filter); 956b477063SVikram Kanigiri 966b477063SVikram Kanigiri _tzc400_write_gate_keeper(base, (open_status & GATE_KEEPER_OR_MASK) << 976b477063SVikram Kanigiri GATE_KEEPER_OR_SHIFT); 986b477063SVikram Kanigiri 996b477063SVikram Kanigiri /* Wait here until we see the change reflected in the TZC status. */ 1006b477063SVikram Kanigiri while ((get_gate_keeper_os(base)) != open_status) 1016b477063SVikram Kanigiri ; 1026b477063SVikram Kanigiri } 1036b477063SVikram Kanigiri 1046b477063SVikram Kanigiri void tzc400_set_action(tzc_action_t action) 1056b477063SVikram Kanigiri { 1066b477063SVikram Kanigiri assert(tzc400.base); 1076b477063SVikram Kanigiri assert(action <= TZC_ACTION_ERR_INT); 1086b477063SVikram Kanigiri 1096b477063SVikram Kanigiri /* 1106b477063SVikram Kanigiri * - Currently no handler is provided to trap an error via interrupt 1116b477063SVikram Kanigiri * or exception. 1126b477063SVikram Kanigiri * - The interrupt action has not been tested. 1136b477063SVikram Kanigiri */ 1146b477063SVikram Kanigiri _tzc400_write_action(tzc400.base, action); 1156b477063SVikram Kanigiri } 1166b477063SVikram Kanigiri 1176b477063SVikram Kanigiri void tzc400_init(uintptr_t base) 1186b477063SVikram Kanigiri { 1196b477063SVikram Kanigiri #if DEBUG 1206b477063SVikram Kanigiri unsigned int tzc400_id; 1216b477063SVikram Kanigiri #endif 1226b477063SVikram Kanigiri unsigned int tzc400_build; 1236b477063SVikram Kanigiri 1246b477063SVikram Kanigiri assert(base); 1256b477063SVikram Kanigiri tzc400.base = base; 1266b477063SVikram Kanigiri 1276b477063SVikram Kanigiri #if DEBUG 1286b477063SVikram Kanigiri tzc400_id = _tzc_read_peripheral_id(base); 1296b477063SVikram Kanigiri if (tzc400_id != TZC_400_PERIPHERAL_ID) { 1306b477063SVikram Kanigiri ERROR("TZC-400 : Wrong device ID (0x%x).\n", tzc400_id); 1316b477063SVikram Kanigiri panic(); 1326b477063SVikram Kanigiri } 1336b477063SVikram Kanigiri #endif 1346b477063SVikram Kanigiri 1356b477063SVikram Kanigiri /* Save values we will use later. */ 1366b477063SVikram Kanigiri tzc400_build = _tzc400_read_build_config(tzc400.base); 1376b477063SVikram Kanigiri tzc400.num_filters = ((tzc400_build >> BUILD_CONFIG_NF_SHIFT) & 1386b477063SVikram Kanigiri BUILD_CONFIG_NF_MASK) + 1; 1396b477063SVikram Kanigiri tzc400.addr_width = ((tzc400_build >> BUILD_CONFIG_AW_SHIFT) & 1406b477063SVikram Kanigiri BUILD_CONFIG_AW_MASK) + 1; 1416b477063SVikram Kanigiri tzc400.num_regions = ((tzc400_build >> BUILD_CONFIG_NR_SHIFT) & 1426b477063SVikram Kanigiri BUILD_CONFIG_NR_MASK) + 1; 1436b477063SVikram Kanigiri } 1446b477063SVikram Kanigiri 1456b477063SVikram Kanigiri /* 1466b477063SVikram Kanigiri * `tzc400_configure_region0` is used to program region 0 into the TrustZone 1476b477063SVikram Kanigiri * controller. Region 0 covers the whole address space that is not mapped 1486b477063SVikram Kanigiri * to any other region, and is enabled on all filters; this cannot be 1496b477063SVikram Kanigiri * changed. This function only changes the access permissions. 1506b477063SVikram Kanigiri */ 1516b477063SVikram Kanigiri void tzc400_configure_region0(tzc_region_attributes_t sec_attr, 1526b477063SVikram Kanigiri unsigned int ns_device_access) 1536b477063SVikram Kanigiri { 1546b477063SVikram Kanigiri assert(tzc400.base); 1556b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 1566b477063SVikram Kanigiri 1576b477063SVikram Kanigiri _tzc400_configure_region0(tzc400.base, sec_attr, ns_device_access); 1586b477063SVikram Kanigiri } 1596b477063SVikram Kanigiri 1606b477063SVikram Kanigiri /* 1616b477063SVikram Kanigiri * `tzc400_configure_region` is used to program regions into the TrustZone 1626b477063SVikram Kanigiri * controller. A region can be associated with more than one filter. The 1636b477063SVikram Kanigiri * associated filters are passed in as a bitmap (bit0 = filter0). 1646b477063SVikram Kanigiri * NOTE: 1656b477063SVikram Kanigiri * Region 0 is special; it is preferable to use tzc400_configure_region0 1666b477063SVikram Kanigiri * for this region (see comment for that function). 1676b477063SVikram Kanigiri */ 1686b477063SVikram Kanigiri void tzc400_configure_region(unsigned int filters, 1696b477063SVikram Kanigiri int region, 1709fbdb802SYatharth Kochar unsigned long long region_base, 1719fbdb802SYatharth Kochar unsigned long long region_top, 1726b477063SVikram Kanigiri tzc_region_attributes_t sec_attr, 1736b477063SVikram Kanigiri unsigned int nsaid_permissions) 1746b477063SVikram Kanigiri { 1756b477063SVikram Kanigiri assert(tzc400.base); 1766b477063SVikram Kanigiri 1776b477063SVikram Kanigiri /* Do range checks on filters and regions. */ 1786b477063SVikram Kanigiri assert(((filters >> tzc400.num_filters) == 0) && 1796b477063SVikram Kanigiri (region >= 0) && (region < tzc400.num_regions)); 1806b477063SVikram Kanigiri 1816b477063SVikram Kanigiri /* 1826b477063SVikram Kanigiri * Do address range check based on TZC configuration. A 64bit address is 1836b477063SVikram Kanigiri * the max and expected case. 1846b477063SVikram Kanigiri */ 185367d0ffbSSoby Mathew assert(((region_top <= _tzc_get_max_top_addr(tzc400.addr_width)) && 1866b477063SVikram Kanigiri (region_base < region_top))); 1876b477063SVikram Kanigiri 1886b477063SVikram Kanigiri /* region_base and (region_top + 1) must be 4KB aligned */ 1896b477063SVikram Kanigiri assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0); 1906b477063SVikram Kanigiri 1916b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 1926b477063SVikram Kanigiri 1936b477063SVikram Kanigiri _tzc400_configure_region(tzc400.base, filters, region, region_base, 1946b477063SVikram Kanigiri region_top, 1956b477063SVikram Kanigiri sec_attr, nsaid_permissions); 1966b477063SVikram Kanigiri } 1976b477063SVikram Kanigiri 1986b477063SVikram Kanigiri void tzc400_enable_filters(void) 1996b477063SVikram Kanigiri { 2006b477063SVikram Kanigiri unsigned int state; 2016b477063SVikram Kanigiri unsigned int filter; 2026b477063SVikram Kanigiri 2036b477063SVikram Kanigiri assert(tzc400.base); 2046b477063SVikram Kanigiri 2056b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) { 2066b477063SVikram Kanigiri state = _tzc400_get_gate_keeper(tzc400.base, filter); 2076b477063SVikram Kanigiri if (state) { 208fb1198b1SAntonio Nino Diaz /* 209fb1198b1SAntonio Nino Diaz * The TZC filter is already configured. Changing the 2106b477063SVikram Kanigiri * programmer's view in an active system can cause 2116b477063SVikram Kanigiri * unpredictable behavior therefore panic for now rather 2126b477063SVikram Kanigiri * than try to determine whether this is safe in this 213fb1198b1SAntonio Nino Diaz * instance. 214fb1198b1SAntonio Nino Diaz * 215fb1198b1SAntonio Nino Diaz * See the 'ARM (R) CoreLink TM TZC-400 TrustZone (R) 216fb1198b1SAntonio Nino Diaz * Address Space Controller' Technical Reference Manual. 217fb1198b1SAntonio Nino Diaz */ 2186b477063SVikram Kanigiri ERROR("TZC-400 : Filter %d Gatekeeper already" 2196b477063SVikram Kanigiri " enabled.\n", filter); 2206b477063SVikram Kanigiri panic(); 2216b477063SVikram Kanigiri } 2226b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 1); 2236b477063SVikram Kanigiri } 2246b477063SVikram Kanigiri } 2256b477063SVikram Kanigiri 2266b477063SVikram Kanigiri void tzc400_disable_filters(void) 2276b477063SVikram Kanigiri { 2286b477063SVikram Kanigiri unsigned int filter; 2296b477063SVikram Kanigiri 2306b477063SVikram Kanigiri assert(tzc400.base); 2316b477063SVikram Kanigiri 2326b477063SVikram Kanigiri /* 2336b477063SVikram Kanigiri * We don't do the same state check as above as the Gatekeepers are 2346b477063SVikram Kanigiri * disabled after reset. 2356b477063SVikram Kanigiri */ 2366b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) 2376b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 0); 2386b477063SVikram Kanigiri } 239