xref: /rk3399_ARM-atf/drivers/arm/tzc/tzc_dmc500.c (revision 1a29aba3673b753664e97fcfed1e3d38f138b3b7) 
1 /*
2  * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 #include <debug.h>
9 #include <mmio.h>
10 #include <tzc_dmc500.h>
11 #include "tzc_common.h"
12 #include "tzc_common_private.h"
13 
14 /*
15  * Macros which will be used by common core functions.
16  */
17 #define TZC_DMC500_REGION_BASE_LOW_0_OFFSET		0x054
18 #define TZC_DMC500_REGION_BASE_HIGH_0_OFFSET		0x058
19 #define TZC_DMC500_REGION_TOP_LOW_0_OFFSET		0x05C
20 #define TZC_DMC500_REGION_TOP_HIGH_0_OFFSET		0x060
21 #define TZC_DMC500_REGION_ATTR_0_OFFSET			0x064
22 #define TZC_DMC500_REGION_ID_ACCESS_0_OFFSET		0x068
23 
24 #define TZC_DMC500_ACTION_OFF				0x50
25 
26 /* Pointer to the tzc_dmc500_driver_data structure populated by the platform */
27 static const tzc_dmc500_driver_data_t *g_driver_data;
28 static unsigned int g_sys_if_count;
29 
30 #define verify_region_attr(region, attr)	\
31 		((g_conf_regions[(region)].sec_attr ==			\
32 			((attr) >> TZC_REGION_ATTR_SEC_SHIFT))		\
33 		&& ((attr) & (0x1 << TZC_REGION_ATTR_F_EN_SHIFT)))
34 
35 /*
36  * Structure for configured regions attributes in DMC500.
37  */
38 typedef struct tzc_dmc500_regions {
39 	unsigned int sec_attr;
40 	int is_enabled;
41 } tzc_dmc500_regions_t;
42 
43 /*
44  * Array storing the attributes of the configured regions. This array
45  * will be used by the `tzc_dmc500_verify_complete` to verify the flush
46  * completion.
47  */
48 static tzc_dmc500_regions_t g_conf_regions[MAX_REGION_VAL + 1];
49 
50 /* Helper Macros for making the code readable */
51 #define DMC_INST_BASE_ADDR(instance) (g_driver_data->dmc_base[instance])
52 #define DMC_INST_SI_BASE(instance, interface) \
53 		(DMC_INST_BASE_ADDR(instance) + IFACE_OFFSET(interface))
54 
55 DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500, DMC500)
56 DEFINE_TZC_COMMON_WRITE_REGION_BASE(_dmc500, DMC500)
57 DEFINE_TZC_COMMON_WRITE_REGION_TOP(_dmc500, DMC500)
58 DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(_dmc500, DMC500)
59 DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(_dmc500, DMC500)
60 
61 DEFINE_TZC_COMMON_CONFIGURE_REGION0(_dmc500)
62 DEFINE_TZC_COMMON_CONFIGURE_REGION(_dmc500)
63 
64 static inline unsigned int _tzc_dmc500_read_region_attr_0(
65 					uintptr_t dmc_si_base,
66 					unsigned int region_no)
67 {
68 	return mmio_read_32(dmc_si_base +
69 			TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) +
70 			TZC_DMC500_REGION_ATTR_0_OFFSET);
71 }
72 
73 static inline void _tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)
74 {
75 	mmio_write_32(dmc_si_base + SI_FLUSH_CTRL_OFFSET, 1);
76 }
77 
78 /*
79  * Sets the Flush controls for all the DMC Instances and System Interfaces.
80  * This initiates the flush of configuration settings from the shadow
81  * registers to the actual configuration register. The caller should poll
82  * changed register to confirm update.
83  */
84 void tzc_dmc500_config_complete(void)
85 {
86 	int dmc_inst, sys_if;
87 
88 	assert(g_driver_data);
89 
90 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
91 		assert(DMC_INST_BASE_ADDR(dmc_inst));
92 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
93 			_tzc_dmc500_write_flush_control(
94 					DMC_INST_SI_BASE(dmc_inst, sys_if));
95 	}
96 }
97 
98 /*
99  * This function reads back the secure attributes from the configuration
100  * register for each DMC Instance and System Interface and compares it with
101  * the configured value. The successful verification of the region attributes
102  * confirms that the flush operation has completed.
103  * If the verification fails, the caller is expected to invoke this API again
104  * till it succeeds.
105  * Returns 0 on success and 1 on failure.
106  */
107 int tzc_dmc500_verify_complete(void)
108 {
109 	int dmc_inst, sys_if, region_no;
110 	unsigned int attr;
111 
112 	assert(g_driver_data);
113 	/* Region 0 must be configured */
114 	assert(g_conf_regions[0].is_enabled);
115 
116 	/* Iterate over all configured regions */
117 	for (region_no = 0; region_no <= MAX_REGION_VAL; region_no++) {
118 		if (!g_conf_regions[region_no].is_enabled)
119 			continue;
120 		for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count;
121 								dmc_inst++) {
122 			assert(DMC_INST_BASE_ADDR(dmc_inst));
123 			for (sys_if = 0; sys_if < g_sys_if_count;
124 							sys_if++) {
125 				attr = _tzc_dmc500_read_region_attr_0(
126 					DMC_INST_SI_BASE(dmc_inst, sys_if),
127 					region_no);
128 				VERBOSE("Verifying DMC500 region:%d"
129 					" dmc_inst:%d sys_if:%d attr:%x\n",
130 					region_no, dmc_inst, sys_if, attr);
131 				if (!verify_region_attr(region_no, attr))
132 					return 1;
133 			}
134 		}
135 	}
136 
137 	return 0;
138 }
139 
140 /*
141  * `tzc_dmc500_configure_region0` is used to program region 0 in both the
142  * system interfaces of all the DMC-500 instances. Region 0 covers the whole
143  * address space that is not mapped to any other region for a system interface,
144  * and is always enabled; this cannot be changed. This function only changes
145  * the access permissions.
146  */
147 void tzc_dmc500_configure_region0(unsigned int sec_attr,
148 				  unsigned int nsaid_permissions)
149 {
150 	int dmc_inst, sys_if;
151 
152 	/* Assert if DMC-500 is not initialized */
153 	assert(g_driver_data);
154 
155 	/* Configure region_0 in all DMC instances */
156 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
157 		assert(DMC_INST_BASE_ADDR(dmc_inst));
158 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
159 			_tzc_dmc500_configure_region0(
160 					DMC_INST_SI_BASE(dmc_inst, sys_if),
161 					sec_attr, nsaid_permissions);
162 	}
163 
164 	g_conf_regions[0].sec_attr = sec_attr;
165 	g_conf_regions[0].is_enabled = 1;
166 }
167 
168 /*
169  * `tzc_dmc500_configure_region` is used to program a region into all system
170  * interfaces of all the DMC instances.
171  * NOTE:
172  * Region 0 is special; it is preferable to use tzc_dmc500_configure_region0
173  * for this region (see comment for that function).
174  */
175 void tzc_dmc500_configure_region(unsigned int region_no,
176 			unsigned long long region_base,
177 			unsigned long long region_top,
178 			unsigned int sec_attr,
179 			unsigned int nsaid_permissions)
180 {
181 	int dmc_inst, sys_if;
182 
183 	assert(g_driver_data);
184 	/* Do range checks on regions. */
185 	assert((region_no >= 0U) && (region_no <= MAX_REGION_VAL));
186 
187 	/*
188 	 * Do address range check based on DMC-TZ configuration. A 43bit address
189 	 * is the max and expected case.
190 	 */
191 	assert(((region_top <= _tzc_get_max_top_addr(43)) &&
192 		(region_base < region_top)));
193 
194 	/* region_base and (region_top + 1) must be 4KB aligned */
195 	assert(((region_base | (region_top + 1U)) & (4096U - 1U)) == 0U);
196 
197 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
198 		assert(DMC_INST_BASE_ADDR(dmc_inst));
199 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
200 			_tzc_dmc500_configure_region(
201 					DMC_INST_SI_BASE(dmc_inst, sys_if),
202 					TZC_DMC500_REGION_ATTR_F_EN_MASK,
203 					region_no, region_base, region_top,
204 					sec_attr, nsaid_permissions);
205 	}
206 
207 	g_conf_regions[region_no].sec_attr = sec_attr;
208 	g_conf_regions[region_no].is_enabled = 1;
209 }
210 
211 /* Sets the action value for all the DMC instances */
212 void tzc_dmc500_set_action(unsigned int action)
213 {
214 	int dmc_inst;
215 
216 	assert(g_driver_data);
217 
218 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
219 		assert(DMC_INST_BASE_ADDR(dmc_inst));
220 		/*
221 		 * - Currently no handler is provided to trap an error via
222 		 *   interrupt or exception.
223 		 * - The interrupt action has not been tested.
224 		 */
225 		_tzc_dmc500_write_action(DMC_INST_BASE_ADDR(dmc_inst), action);
226 	}
227 }
228 
229 /*
230  * A DMC-500 instance must be present at each base address provided by the
231  * platform. It also expects platform to pass at least one instance of
232  * DMC-500.
233  */
234 static void validate_plat_driver_data(
235 			const tzc_dmc500_driver_data_t *plat_driver_data)
236 {
237 #if ENABLE_ASSERTIONS
238 	int i;
239 	unsigned int dmc_id;
240 	uintptr_t dmc_base;
241 
242 	assert(plat_driver_data);
243 	assert(plat_driver_data->dmc_count > 0 &&
244 		(plat_driver_data->dmc_count <= MAX_DMC_COUNT));
245 
246 	for (i = 0; i < plat_driver_data->dmc_count; i++) {
247 		dmc_base = plat_driver_data->dmc_base[i];
248 		assert(dmc_base);
249 
250 		dmc_id = _tzc_read_peripheral_id(dmc_base);
251 		assert(dmc_id == DMC500_PERIPHERAL_ID);
252 	}
253 #endif /* ENABLE_ASSERTIONS */
254 }
255 
256 
257 /*
258  * Initializes the base address and count of DMC instances.
259  *
260  * Note : Only pointer to plat_driver_data is saved, so it is caller's
261  * responsibility to keep it valid until the driver is used.
262  */
263 void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data)
264 {
265 	/* Check valid pointer is passed */
266 	assert(plat_driver_data);
267 
268 	/*
269 	 * NOTE: This driver expects the DMC-500 controller is already in
270 	 * READY state. Hence, it uses the reconfiguration method for
271 	 * programming TrustZone regions
272 	 */
273 	/* Validates the information passed by platform */
274 	validate_plat_driver_data(plat_driver_data);
275 	g_driver_data = plat_driver_data;
276 
277 	/* Check valid system interface count */
278 	assert(g_driver_data->sys_if_count <= MAX_SYS_IF_COUNT);
279 
280 	g_sys_if_count = g_driver_data->sys_if_count;
281 
282 	/* If interface count is not present then assume max */
283 	if (g_sys_if_count == 0U)
284 		g_sys_if_count = MAX_SYS_IF_COUNT;
285 }
286