1*6b477063SVikram Kanigiri /* 2*6b477063SVikram Kanigiri * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. 3*6b477063SVikram Kanigiri * 4*6b477063SVikram Kanigiri * Redistribution and use in source and binary forms, with or without 5*6b477063SVikram Kanigiri * modification, are permitted provided that the following conditions are met: 6*6b477063SVikram Kanigiri * 7*6b477063SVikram Kanigiri * Redistributions of source code must retain the above copyright notice, this 8*6b477063SVikram Kanigiri * list of conditions and the following disclaimer. 9*6b477063SVikram Kanigiri * 10*6b477063SVikram Kanigiri * Redistributions in binary form must reproduce the above copyright notice, 11*6b477063SVikram Kanigiri * this list of conditions and the following disclaimer in the documentation 12*6b477063SVikram Kanigiri * and/or other materials provided with the distribution. 13*6b477063SVikram Kanigiri * 14*6b477063SVikram Kanigiri * Neither the name of ARM nor the names of its contributors may be used 15*6b477063SVikram Kanigiri * to endorse or promote products derived from this software without specific 16*6b477063SVikram Kanigiri * prior written permission. 17*6b477063SVikram Kanigiri * 18*6b477063SVikram Kanigiri * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19*6b477063SVikram Kanigiri * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20*6b477063SVikram Kanigiri * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21*6b477063SVikram Kanigiri * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22*6b477063SVikram Kanigiri * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23*6b477063SVikram Kanigiri * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24*6b477063SVikram Kanigiri * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25*6b477063SVikram Kanigiri * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26*6b477063SVikram Kanigiri * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27*6b477063SVikram Kanigiri * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28*6b477063SVikram Kanigiri * POSSIBILITY OF SUCH DAMAGE. 29*6b477063SVikram Kanigiri */ 30*6b477063SVikram Kanigiri 31*6b477063SVikram Kanigiri #include <assert.h> 32*6b477063SVikram Kanigiri #include <debug.h> 33*6b477063SVikram Kanigiri #include <mmio.h> 34*6b477063SVikram Kanigiri #include <stddef.h> 35*6b477063SVikram Kanigiri #include <tzc400.h> 36*6b477063SVikram Kanigiri #include "tzc_common_private.c" 37*6b477063SVikram Kanigiri 38*6b477063SVikram Kanigiri /* 39*6b477063SVikram Kanigiri * Macros which will be used by common core functions. 40*6b477063SVikram Kanigiri */ 41*6b477063SVikram Kanigiri #define TZC_400_REGION_BASE_LOW_0_OFFSET 0x100 42*6b477063SVikram Kanigiri #define TZC_400_REGION_BASE_HIGH_0_OFFSET 0x104 43*6b477063SVikram Kanigiri #define TZC_400_REGION_TOP_LOW_0_OFFSET 0x108 44*6b477063SVikram Kanigiri #define TZC_400_REGION_TOP_HIGH_0_OFFSET 0x10c 45*6b477063SVikram Kanigiri #define TZC_400_REGION_ATTR_0_OFFSET 0x110 46*6b477063SVikram Kanigiri #define TZC_400_REGION_ID_ACCESS_0_OFFSET 0x114 47*6b477063SVikram Kanigiri 48*6b477063SVikram Kanigiri /* 49*6b477063SVikram Kanigiri * Implementation defined values used to validate inputs later. 50*6b477063SVikram Kanigiri * Filters : max of 4 ; 0 to 3 51*6b477063SVikram Kanigiri * Regions : max of 9 ; 0 to 8 52*6b477063SVikram Kanigiri * Address width : Values between 32 to 64 53*6b477063SVikram Kanigiri */ 54*6b477063SVikram Kanigiri typedef struct tzc400_instance { 55*6b477063SVikram Kanigiri uintptr_t base; 56*6b477063SVikram Kanigiri uint8_t addr_width; 57*6b477063SVikram Kanigiri uint8_t num_filters; 58*6b477063SVikram Kanigiri uint8_t num_regions; 59*6b477063SVikram Kanigiri } tzc400_instance_t; 60*6b477063SVikram Kanigiri 61*6b477063SVikram Kanigiri tzc400_instance_t tzc400; 62*6b477063SVikram Kanigiri 63*6b477063SVikram Kanigiri static inline unsigned int _tzc400_read_build_config(uintptr_t base) 64*6b477063SVikram Kanigiri { 65*6b477063SVikram Kanigiri return mmio_read_32(base + BUILD_CONFIG_OFF); 66*6b477063SVikram Kanigiri } 67*6b477063SVikram Kanigiri 68*6b477063SVikram Kanigiri static inline unsigned int _tzc400_read_gate_keeper(uintptr_t base) 69*6b477063SVikram Kanigiri { 70*6b477063SVikram Kanigiri return mmio_read_32(base + GATE_KEEPER_OFF); 71*6b477063SVikram Kanigiri } 72*6b477063SVikram Kanigiri 73*6b477063SVikram Kanigiri static inline void _tzc400_write_gate_keeper(uintptr_t base, unsigned int val) 74*6b477063SVikram Kanigiri { 75*6b477063SVikram Kanigiri mmio_write_32(base + GATE_KEEPER_OFF, val); 76*6b477063SVikram Kanigiri } 77*6b477063SVikram Kanigiri 78*6b477063SVikram Kanigiri /* 79*6b477063SVikram Kanigiri * Get the open status information for all filter units. 80*6b477063SVikram Kanigiri */ 81*6b477063SVikram Kanigiri #define get_gate_keeper_os(base) ((_tzc400_read_gate_keeper(base) >> \ 82*6b477063SVikram Kanigiri GATE_KEEPER_OS_SHIFT) & \ 83*6b477063SVikram Kanigiri GATE_KEEPER_OS_MASK) 84*6b477063SVikram Kanigiri 85*6b477063SVikram Kanigiri 86*6b477063SVikram Kanigiri /* Define common core functions used across different TZC peripherals. */ 87*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_ACTION(400, 400) 88*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_BASE(400, 400) 89*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_TOP(400, 400) 90*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(400, 400) 91*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(400, 400) 92*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION0(400) 93*6b477063SVikram Kanigiri DEFINE_TZC_COMMON_CONFIGURE_REGION(400) 94*6b477063SVikram Kanigiri 95*6b477063SVikram Kanigiri static unsigned int _tzc400_get_gate_keeper(uintptr_t base, 96*6b477063SVikram Kanigiri unsigned int filter) 97*6b477063SVikram Kanigiri { 98*6b477063SVikram Kanigiri unsigned int open_status; 99*6b477063SVikram Kanigiri 100*6b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 101*6b477063SVikram Kanigiri 102*6b477063SVikram Kanigiri return (open_status >> filter) & GATE_KEEPER_FILTER_MASK; 103*6b477063SVikram Kanigiri } 104*6b477063SVikram Kanigiri 105*6b477063SVikram Kanigiri /* This function is not MP safe. */ 106*6b477063SVikram Kanigiri static void _tzc400_set_gate_keeper(uintptr_t base, 107*6b477063SVikram Kanigiri unsigned int filter, 108*6b477063SVikram Kanigiri int val) 109*6b477063SVikram Kanigiri { 110*6b477063SVikram Kanigiri unsigned int open_status; 111*6b477063SVikram Kanigiri 112*6b477063SVikram Kanigiri /* Upper half is current state. Lower half is requested state. */ 113*6b477063SVikram Kanigiri open_status = get_gate_keeper_os(base); 114*6b477063SVikram Kanigiri 115*6b477063SVikram Kanigiri if (val) 116*6b477063SVikram Kanigiri open_status |= (1 << filter); 117*6b477063SVikram Kanigiri else 118*6b477063SVikram Kanigiri open_status &= ~(1 << filter); 119*6b477063SVikram Kanigiri 120*6b477063SVikram Kanigiri _tzc400_write_gate_keeper(base, (open_status & GATE_KEEPER_OR_MASK) << 121*6b477063SVikram Kanigiri GATE_KEEPER_OR_SHIFT); 122*6b477063SVikram Kanigiri 123*6b477063SVikram Kanigiri /* Wait here until we see the change reflected in the TZC status. */ 124*6b477063SVikram Kanigiri while ((get_gate_keeper_os(base)) != open_status) 125*6b477063SVikram Kanigiri ; 126*6b477063SVikram Kanigiri } 127*6b477063SVikram Kanigiri 128*6b477063SVikram Kanigiri void tzc400_set_action(tzc_action_t action) 129*6b477063SVikram Kanigiri { 130*6b477063SVikram Kanigiri assert(tzc400.base); 131*6b477063SVikram Kanigiri assert(action <= TZC_ACTION_ERR_INT); 132*6b477063SVikram Kanigiri 133*6b477063SVikram Kanigiri /* 134*6b477063SVikram Kanigiri * - Currently no handler is provided to trap an error via interrupt 135*6b477063SVikram Kanigiri * or exception. 136*6b477063SVikram Kanigiri * - The interrupt action has not been tested. 137*6b477063SVikram Kanigiri */ 138*6b477063SVikram Kanigiri _tzc400_write_action(tzc400.base, action); 139*6b477063SVikram Kanigiri } 140*6b477063SVikram Kanigiri 141*6b477063SVikram Kanigiri void tzc400_init(uintptr_t base) 142*6b477063SVikram Kanigiri { 143*6b477063SVikram Kanigiri #if DEBUG 144*6b477063SVikram Kanigiri unsigned int tzc400_id; 145*6b477063SVikram Kanigiri #endif 146*6b477063SVikram Kanigiri unsigned int tzc400_build; 147*6b477063SVikram Kanigiri 148*6b477063SVikram Kanigiri assert(base); 149*6b477063SVikram Kanigiri tzc400.base = base; 150*6b477063SVikram Kanigiri 151*6b477063SVikram Kanigiri #if DEBUG 152*6b477063SVikram Kanigiri tzc400_id = _tzc_read_peripheral_id(base); 153*6b477063SVikram Kanigiri if (tzc400_id != TZC_400_PERIPHERAL_ID) { 154*6b477063SVikram Kanigiri ERROR("TZC-400 : Wrong device ID (0x%x).\n", tzc400_id); 155*6b477063SVikram Kanigiri panic(); 156*6b477063SVikram Kanigiri } 157*6b477063SVikram Kanigiri #endif 158*6b477063SVikram Kanigiri 159*6b477063SVikram Kanigiri /* Save values we will use later. */ 160*6b477063SVikram Kanigiri tzc400_build = _tzc400_read_build_config(tzc400.base); 161*6b477063SVikram Kanigiri tzc400.num_filters = ((tzc400_build >> BUILD_CONFIG_NF_SHIFT) & 162*6b477063SVikram Kanigiri BUILD_CONFIG_NF_MASK) + 1; 163*6b477063SVikram Kanigiri tzc400.addr_width = ((tzc400_build >> BUILD_CONFIG_AW_SHIFT) & 164*6b477063SVikram Kanigiri BUILD_CONFIG_AW_MASK) + 1; 165*6b477063SVikram Kanigiri tzc400.num_regions = ((tzc400_build >> BUILD_CONFIG_NR_SHIFT) & 166*6b477063SVikram Kanigiri BUILD_CONFIG_NR_MASK) + 1; 167*6b477063SVikram Kanigiri } 168*6b477063SVikram Kanigiri 169*6b477063SVikram Kanigiri /* 170*6b477063SVikram Kanigiri * `tzc400_configure_region0` is used to program region 0 into the TrustZone 171*6b477063SVikram Kanigiri * controller. Region 0 covers the whole address space that is not mapped 172*6b477063SVikram Kanigiri * to any other region, and is enabled on all filters; this cannot be 173*6b477063SVikram Kanigiri * changed. This function only changes the access permissions. 174*6b477063SVikram Kanigiri */ 175*6b477063SVikram Kanigiri void tzc400_configure_region0(tzc_region_attributes_t sec_attr, 176*6b477063SVikram Kanigiri unsigned int ns_device_access) 177*6b477063SVikram Kanigiri { 178*6b477063SVikram Kanigiri assert(tzc400.base); 179*6b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 180*6b477063SVikram Kanigiri 181*6b477063SVikram Kanigiri _tzc400_configure_region0(tzc400.base, sec_attr, ns_device_access); 182*6b477063SVikram Kanigiri } 183*6b477063SVikram Kanigiri 184*6b477063SVikram Kanigiri /* 185*6b477063SVikram Kanigiri * `tzc400_configure_region` is used to program regions into the TrustZone 186*6b477063SVikram Kanigiri * controller. A region can be associated with more than one filter. The 187*6b477063SVikram Kanigiri * associated filters are passed in as a bitmap (bit0 = filter0). 188*6b477063SVikram Kanigiri * NOTE: 189*6b477063SVikram Kanigiri * Region 0 is special; it is preferable to use tzc400_configure_region0 190*6b477063SVikram Kanigiri * for this region (see comment for that function). 191*6b477063SVikram Kanigiri */ 192*6b477063SVikram Kanigiri void tzc400_configure_region(unsigned int filters, 193*6b477063SVikram Kanigiri int region, 194*6b477063SVikram Kanigiri uintptr_t region_base, 195*6b477063SVikram Kanigiri uintptr_t region_top, 196*6b477063SVikram Kanigiri tzc_region_attributes_t sec_attr, 197*6b477063SVikram Kanigiri unsigned int nsaid_permissions) 198*6b477063SVikram Kanigiri { 199*6b477063SVikram Kanigiri assert(tzc400.base); 200*6b477063SVikram Kanigiri 201*6b477063SVikram Kanigiri /* Do range checks on filters and regions. */ 202*6b477063SVikram Kanigiri assert(((filters >> tzc400.num_filters) == 0) && 203*6b477063SVikram Kanigiri (region >= 0) && (region < tzc400.num_regions)); 204*6b477063SVikram Kanigiri 205*6b477063SVikram Kanigiri /* 206*6b477063SVikram Kanigiri * Do address range check based on TZC configuration. A 64bit address is 207*6b477063SVikram Kanigiri * the max and expected case. 208*6b477063SVikram Kanigiri */ 209*6b477063SVikram Kanigiri assert(((region_top <= (UINT64_MAX >> (64 - tzc400.addr_width))) && 210*6b477063SVikram Kanigiri (region_base < region_top))); 211*6b477063SVikram Kanigiri 212*6b477063SVikram Kanigiri /* region_base and (region_top + 1) must be 4KB aligned */ 213*6b477063SVikram Kanigiri assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0); 214*6b477063SVikram Kanigiri 215*6b477063SVikram Kanigiri assert(sec_attr <= TZC_REGION_S_RDWR); 216*6b477063SVikram Kanigiri 217*6b477063SVikram Kanigiri _tzc400_configure_region(tzc400.base, filters, region, region_base, 218*6b477063SVikram Kanigiri region_top, 219*6b477063SVikram Kanigiri sec_attr, nsaid_permissions); 220*6b477063SVikram Kanigiri } 221*6b477063SVikram Kanigiri 222*6b477063SVikram Kanigiri void tzc400_enable_filters(void) 223*6b477063SVikram Kanigiri { 224*6b477063SVikram Kanigiri unsigned int state; 225*6b477063SVikram Kanigiri unsigned int filter; 226*6b477063SVikram Kanigiri 227*6b477063SVikram Kanigiri assert(tzc400.base); 228*6b477063SVikram Kanigiri 229*6b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) { 230*6b477063SVikram Kanigiri state = _tzc400_get_gate_keeper(tzc400.base, filter); 231*6b477063SVikram Kanigiri if (state) { 232*6b477063SVikram Kanigiri /* The TZC filter is already configured. Changing the 233*6b477063SVikram Kanigiri * programmer's view in an active system can cause 234*6b477063SVikram Kanigiri * unpredictable behavior therefore panic for now rather 235*6b477063SVikram Kanigiri * than try to determine whether this is safe in this 236*6b477063SVikram Kanigiri * instance. See: 237*6b477063SVikram Kanigiri * http://infocenter.arm.com/help/index.jsp?\ 238*6b477063SVikram Kanigiri * topic=/com.arm.doc.ddi0504c/CJHHECBF.html */ 239*6b477063SVikram Kanigiri ERROR("TZC-400 : Filter %d Gatekeeper already" 240*6b477063SVikram Kanigiri " enabled.\n", filter); 241*6b477063SVikram Kanigiri panic(); 242*6b477063SVikram Kanigiri } 243*6b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 1); 244*6b477063SVikram Kanigiri } 245*6b477063SVikram Kanigiri } 246*6b477063SVikram Kanigiri 247*6b477063SVikram Kanigiri void tzc400_disable_filters(void) 248*6b477063SVikram Kanigiri { 249*6b477063SVikram Kanigiri unsigned int filter; 250*6b477063SVikram Kanigiri 251*6b477063SVikram Kanigiri assert(tzc400.base); 252*6b477063SVikram Kanigiri 253*6b477063SVikram Kanigiri /* 254*6b477063SVikram Kanigiri * We don't do the same state check as above as the Gatekeepers are 255*6b477063SVikram Kanigiri * disabled after reset. 256*6b477063SVikram Kanigiri */ 257*6b477063SVikram Kanigiri for (filter = 0; filter < tzc400.num_filters; filter++) 258*6b477063SVikram Kanigiri _tzc400_set_gate_keeper(tzc400.base, filter, 0); 259*6b477063SVikram Kanigiri } 260