16b477063SVikram Kanigiri /* 26b477063SVikram Kanigiri * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. 36b477063SVikram Kanigiri * 46b477063SVikram Kanigiri * Redistribution and use in source and binary forms, with or without 56b477063SVikram Kanigiri * modification, are permitted provided that the following conditions are met: 66b477063SVikram Kanigiri * 76b477063SVikram Kanigiri * Redistributions of source code must retain the above copyright notice, this 86b477063SVikram Kanigiri * list of conditions and the following disclaimer. 96b477063SVikram Kanigiri * 106b477063SVikram Kanigiri * Redistributions in binary form must reproduce the above copyright notice, 116b477063SVikram Kanigiri * this list of conditions and the following disclaimer in the documentation 126b477063SVikram Kanigiri * and/or other materials provided with the distribution. 136b477063SVikram Kanigiri * 146b477063SVikram Kanigiri * Neither the name of ARM nor the names of its contributors may be used 156b477063SVikram Kanigiri * to endorse or promote products derived from this software without specific 166b477063SVikram Kanigiri * prior written permission. 176b477063SVikram Kanigiri * 186b477063SVikram Kanigiri * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 196b477063SVikram Kanigiri * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 206b477063SVikram Kanigiri * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 216b477063SVikram Kanigiri * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 226b477063SVikram Kanigiri * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 236b477063SVikram Kanigiri * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 246b477063SVikram Kanigiri * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 256b477063SVikram Kanigiri * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 266b477063SVikram Kanigiri * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 276b477063SVikram Kanigiri * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 286b477063SVikram Kanigiri * POSSIBILITY OF SUCH DAMAGE. 296b477063SVikram Kanigiri */ 306b477063SVikram Kanigiri 316b477063SVikram Kanigiri #include <assert.h> 326b477063SVikram Kanigiri #include <debug.h> 336b477063SVikram Kanigiri #include <mmio.h> 346b477063SVikram Kanigiri #include <stddef.h> 356b477063SVikram Kanigiri #include <tzc400.h> 366b477063SVikram Kanigiri #include "tzc_common_private.c" 376b477063SVikram Kanigiri 386b477063SVikram Kanigiri /* 396b477063SVikram Kanigiri * Macros which will be used by common core functions. 406b477063SVikram Kanigiri */ 416b477063SVikram Kanigiri #define TZC_400_REGION_BASE_LOW_0_OFFSET 0x100 426b477063SVikram Kanigiri #define TZC_400_REGION_BASE_HIGH_0_OFFSET 0x104 436b477063SVikram Kanigiri #define TZC_400_REGION_TOP_LOW_0_OFFSET 0x108 446b477063SVikram Kanigiri #define TZC_400_REGION_TOP_HIGH_0_OFFSET 0x10c 456b477063SVikram Kanigiri #define TZC_400_REGION_ATTR_0_OFFSET 0x110 466b477063SVikram Kanigiri #define TZC_400_REGION_ID_ACCESS_0_OFFSET 0x114 476b477063SVikram Kanigiri 486b477063SVikram Kanigiri /* 496b477063SVikram Kanigiri * Implementation defined values used to validate inputs later. 506b477063SVikram Kanigiri * Filters : max of 4 ; 0 to 3 516b477063SVikram Kanigiri * Regions : max of 9 ; 0 to 8 526b477063SVikram Kanigiri * Address width : Values between 32 to 64 536b477063SVikram Kanigiri */ 546b477063SVikram Kanigiri typedef struct tzc400_instance { 556b477063SVikram Kanigiri uintptr_t base; 566b477063SVikram Kanigiri uint8_t addr_width; 576b477063SVikram Kanigiri uint8_t num_filters; 586b477063SVikram Kanigiri uint8_t num_regions; 596b477063SVikram Kanigiri } tzc400_instance_t; 606b477063SVikram Kanigiri 616b477063SVikram Kanigiri tzc400_instance_t tzc400; 626b477063SVikram Kanigiri 636b477063SVikram Kanigiri static inline unsigned int _tzc400_read_build_config(uintptr_t base) 646b477063SVikram Kanigiri { 656b477063SVikram Kanigiri return mmio_read_32(base + BUILD_CONFIG_OFF); 666b477063SVikram Kanigiri } 676b477063SVikram Kanigiri 686b477063SVikram Kanigiri static inline unsigned int _tzc400_read_gate_keeper(uintptr_t base) 696b477063SVikram Kanigiri { 706b477063SVikram Kanigiri return mmio_read_32(base + GATE_KEEPER_OFF); 716b477063SVikram Kanigiri } 726b477063SVikram Kanigiri 736b477063SVikram Kanigiri static inline void _tzc400_write_gate_keeper(uintptr_t base, unsigned int val) 746b477063SVikram Kanigiri { 756b477063SVikram Kanigiri mmio_write_32(base + GATE_KEEPER_OFF, val); 766b477063SVikram Kanigiri } 776b477063SVikram Kanigiri 786b477063SVikram Kanigiri /* 796b477063SVikram Kanigiri * Get the open status information for all filter units. 806b477063SVikram Kanigiri */ 816b477063SVikram Kanigiri #define get_gate_keeper_os(base) ((_tzc400_read_gate_keeper(base) >> \ 826b477063SVikram Kanigiri GATE_KEEPER_OS_SHIFT) & \ 836b477063SVikram Kanigiri GATE_KEEPER_OS_MASK) 846b477063SVikram Kanigiri 856b477063SVikram Kanigiri 866b477063SVikram Kanigiri /* Define common core functions used across different TZC peripherals. */ 876b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_ACTION(400, 400) 886b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_BASE(400, 400) 896b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_TOP(400, 400) 906b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(400, 400) 916b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(400, 400) 926b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION0(400) 936b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION(400) 946b477063SVikram Kanigiri 956b477063SVikram Kanigiri static unsigned int _tzc400_get_gate_keeper(uintptr_t base, 966b477063SVikram Kanigiri unsigned int filter) 976b477063SVikram Kanigiri { 986b477063SVikram Kanigiri unsigned int open_status; 996b477063SVikram Kanigiri 1006b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 1016b477063SVikram Kanigiri 1026b477063SVikram Kanigiri return (open_status >> filter) & GATE_KEEPER_FILTER_MASK; 1036b477063SVikram Kanigiri } 1046b477063SVikram Kanigiri 1056b477063SVikram Kanigiri /* This function is not MP safe. */ 1066b477063SVikram Kanigiri static void _tzc400_set_gate_keeper(uintptr_t base, 1076b477063SVikram Kanigiri unsigned int filter, 1086b477063SVikram Kanigiri int val) 1096b477063SVikram Kanigiri { 1106b477063SVikram Kanigiri unsigned int open_status; 1116b477063SVikram Kanigiri 1126b477063SVikram Kanigiri /* Upper half is current state. Lower half is requested state. */ 1136b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 1146b477063SVikram Kanigiri 1156b477063SVikram Kanigiri if (val) 1166b477063SVikram Kanigiri open_status |= (1 << filter); 1176b477063SVikram Kanigiri else 1186b477063SVikram Kanigiri open_status &= ~(1 << filter); 1196b477063SVikram Kanigiri 1206b477063SVikram Kanigiri _tzc400_write_gate_keeper(base, (open_status & GATE_KEEPER_OR_MASK) << 1216b477063SVikram Kanigiri GATE_KEEPER_OR_SHIFT); 1226b477063SVikram Kanigiri 1236b477063SVikram Kanigiri /* Wait here until we see the change reflected in the TZC status. */ 1246b477063SVikram Kanigiri while ((get_gate_keeper_os(base)) != open_status) 1256b477063SVikram Kanigiri ; 1266b477063SVikram Kanigiri } 1276b477063SVikram Kanigiri 1286b477063SVikram Kanigiri void tzc400_set_action(tzc_action_t action) 1296b477063SVikram Kanigiri { 1306b477063SVikram Kanigiri assert(tzc400.base); 1316b477063SVikram Kanigiri assert(action <= TZC_ACTION_ERR_INT); 1326b477063SVikram Kanigiri 1336b477063SVikram Kanigiri /* 1346b477063SVikram Kanigiri * - Currently no handler is provided to trap an error via interrupt 1356b477063SVikram Kanigiri * or exception. 1366b477063SVikram Kanigiri * - The interrupt action has not been tested. 1376b477063SVikram Kanigiri */ 1386b477063SVikram Kanigiri _tzc400_write_action(tzc400.base, action); 1396b477063SVikram Kanigiri } 1406b477063SVikram Kanigiri 1416b477063SVikram Kanigiri void tzc400_init(uintptr_t base) 1426b477063SVikram Kanigiri { 1436b477063SVikram Kanigiri #if DEBUG 1446b477063SVikram Kanigiri unsigned int tzc400_id; 1456b477063SVikram Kanigiri #endif 1466b477063SVikram Kanigiri unsigned int tzc400_build; 1476b477063SVikram Kanigiri 1486b477063SVikram Kanigiri assert(base); 1496b477063SVikram Kanigiri tzc400.base = base; 1506b477063SVikram Kanigiri 1516b477063SVikram Kanigiri #if DEBUG 1526b477063SVikram Kanigiri tzc400_id = _tzc_read_peripheral_id(base); 1536b477063SVikram Kanigiri if (tzc400_id != TZC_400_PERIPHERAL_ID) { 1546b477063SVikram Kanigiri ERROR("TZC-400 : Wrong device ID (0x%x).\n", tzc400_id); 1556b477063SVikram Kanigiri panic(); 1566b477063SVikram Kanigiri } 1576b477063SVikram Kanigiri #endif 1586b477063SVikram Kanigiri 1596b477063SVikram Kanigiri /* Save values we will use later. */ 1606b477063SVikram Kanigiri tzc400_build = _tzc400_read_build_config(tzc400.base); 1616b477063SVikram Kanigiri tzc400.num_filters = ((tzc400_build >> BUILD_CONFIG_NF_SHIFT) & 1626b477063SVikram Kanigiri BUILD_CONFIG_NF_MASK) + 1; 1636b477063SVikram Kanigiri tzc400.addr_width = ((tzc400_build >> BUILD_CONFIG_AW_SHIFT) & 1646b477063SVikram Kanigiri BUILD_CONFIG_AW_MASK) + 1; 1656b477063SVikram Kanigiri tzc400.num_regions = ((tzc400_build >> BUILD_CONFIG_NR_SHIFT) & 1666b477063SVikram Kanigiri BUILD_CONFIG_NR_MASK) + 1; 1676b477063SVikram Kanigiri } 1686b477063SVikram Kanigiri 1696b477063SVikram Kanigiri /* 1706b477063SVikram Kanigiri * `tzc400_configure_region0` is used to program region 0 into the TrustZone 1716b477063SVikram Kanigiri * controller. Region 0 covers the whole address space that is not mapped 1726b477063SVikram Kanigiri * to any other region, and is enabled on all filters; this cannot be 1736b477063SVikram Kanigiri * changed. This function only changes the access permissions. 1746b477063SVikram Kanigiri */ 1756b477063SVikram Kanigiri void tzc400_configure_region0(tzc_region_attributes_t sec_attr, 1766b477063SVikram Kanigiri unsigned int ns_device_access) 1776b477063SVikram Kanigiri { 1786b477063SVikram Kanigiri assert(tzc400.base); 1796b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 1806b477063SVikram Kanigiri 1816b477063SVikram Kanigiri _tzc400_configure_region0(tzc400.base, sec_attr, ns_device_access); 1826b477063SVikram Kanigiri } 1836b477063SVikram Kanigiri 1846b477063SVikram Kanigiri /* 1856b477063SVikram Kanigiri * `tzc400_configure_region` is used to program regions into the TrustZone 1866b477063SVikram Kanigiri * controller. A region can be associated with more than one filter. The 1876b477063SVikram Kanigiri * associated filters are passed in as a bitmap (bit0 = filter0). 1886b477063SVikram Kanigiri * NOTE: 1896b477063SVikram Kanigiri * Region 0 is special; it is preferable to use tzc400_configure_region0 1906b477063SVikram Kanigiri * for this region (see comment for that function). 1916b477063SVikram Kanigiri */ 1926b477063SVikram Kanigiri void tzc400_configure_region(unsigned int filters, 1936b477063SVikram Kanigiri int region, 1949fbdb802SYatharth Kochar unsigned long long region_base, 1959fbdb802SYatharth Kochar unsigned long long region_top, 1966b477063SVikram Kanigiri tzc_region_attributes_t sec_attr, 1976b477063SVikram Kanigiri unsigned int nsaid_permissions) 1986b477063SVikram Kanigiri { 1996b477063SVikram Kanigiri assert(tzc400.base); 2006b477063SVikram Kanigiri 2016b477063SVikram Kanigiri /* Do range checks on filters and regions. */ 2026b477063SVikram Kanigiri assert(((filters >> tzc400.num_filters) == 0) && 2036b477063SVikram Kanigiri (region >= 0) && (region < tzc400.num_regions)); 2046b477063SVikram Kanigiri 2056b477063SVikram Kanigiri /* 2066b477063SVikram Kanigiri * Do address range check based on TZC configuration. A 64bit address is 2076b477063SVikram Kanigiri * the max and expected case. 2086b477063SVikram Kanigiri */ 209*367d0ffbSSoby Mathew assert(((region_top <= _tzc_get_max_top_addr(tzc400.addr_width)) && 2106b477063SVikram Kanigiri (region_base < region_top))); 2116b477063SVikram Kanigiri 2126b477063SVikram Kanigiri /* region_base and (region_top + 1) must be 4KB aligned */ 2136b477063SVikram Kanigiri assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0); 2146b477063SVikram Kanigiri 2156b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 2166b477063SVikram Kanigiri 2176b477063SVikram Kanigiri _tzc400_configure_region(tzc400.base, filters, region, region_base, 2186b477063SVikram Kanigiri region_top, 2196b477063SVikram Kanigiri sec_attr, nsaid_permissions); 2206b477063SVikram Kanigiri } 2216b477063SVikram Kanigiri 2226b477063SVikram Kanigiri void tzc400_enable_filters(void) 2236b477063SVikram Kanigiri { 2246b477063SVikram Kanigiri unsigned int state; 2256b477063SVikram Kanigiri unsigned int filter; 2266b477063SVikram Kanigiri 2276b477063SVikram Kanigiri assert(tzc400.base); 2286b477063SVikram Kanigiri 2296b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) { 2306b477063SVikram Kanigiri state = _tzc400_get_gate_keeper(tzc400.base, filter); 2316b477063SVikram Kanigiri if (state) { 2326b477063SVikram Kanigiri /* The TZC filter is already configured. Changing the 2336b477063SVikram Kanigiri * programmer's view in an active system can cause 2346b477063SVikram Kanigiri * unpredictable behavior therefore panic for now rather 2356b477063SVikram Kanigiri * than try to determine whether this is safe in this 2366b477063SVikram Kanigiri * instance. See: 2376b477063SVikram Kanigiri * http://infocenter.arm.com/help/index.jsp?\ 2386b477063SVikram Kanigiri * topic=/com.arm.doc.ddi0504c/CJHHECBF.html */ 2396b477063SVikram Kanigiri ERROR("TZC-400 : Filter %d Gatekeeper already" 2406b477063SVikram Kanigiri " enabled.\n", filter); 2416b477063SVikram Kanigiri panic(); 2426b477063SVikram Kanigiri } 2436b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 1); 2446b477063SVikram Kanigiri } 2456b477063SVikram Kanigiri } 2466b477063SVikram Kanigiri 2476b477063SVikram Kanigiri void tzc400_disable_filters(void) 2486b477063SVikram Kanigiri { 2496b477063SVikram Kanigiri unsigned int filter; 2506b477063SVikram Kanigiri 2516b477063SVikram Kanigiri assert(tzc400.base); 2526b477063SVikram Kanigiri 2536b477063SVikram Kanigiri /* 2546b477063SVikram Kanigiri * We don't do the same state check as above as the Gatekeepers are 2556b477063SVikram Kanigiri * disabled after reset. 2566b477063SVikram Kanigiri */ 2576b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) 2586b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 0); 2596b477063SVikram Kanigiri } 260