xref: /rk3399_ARM-atf/drivers/arm/tzc/tzc_dmc500.c (revision 3dbbbca29e3c42a6f9976878f27e1f1fd75b5c8e) 
1 /*
2  * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 
9 #include <common/debug.h>
10 #include <drivers/arm/tzc_dmc500.h>
11 #include <drivers/arm/tzc_common.h>
12 #include <lib/mmio.h>
13 
14 #include "tzc_common_private.h"
15 
16 /*
17  * Macros which will be used by common core functions.
18  */
19 #define TZC_DMC500_REGION_BASE_LOW_0_OFFSET		0x054
20 #define TZC_DMC500_REGION_BASE_HIGH_0_OFFSET		0x058
21 #define TZC_DMC500_REGION_TOP_LOW_0_OFFSET		0x05C
22 #define TZC_DMC500_REGION_TOP_HIGH_0_OFFSET		0x060
23 #define TZC_DMC500_REGION_ATTR_0_OFFSET			0x064
24 #define TZC_DMC500_REGION_ID_ACCESS_0_OFFSET		0x068
25 
26 #define TZC_DMC500_ACTION_OFF				0x50
27 
28 /* Pointer to the tzc_dmc500_driver_data structure populated by the platform */
29 static const tzc_dmc500_driver_data_t *g_driver_data;
30 static unsigned int g_sys_if_count;
31 
32 #define verify_region_attr(region, attr)	\
33 		((g_conf_regions[(region)].sec_attr ==			\
34 			((attr) >> TZC_REGION_ATTR_SEC_SHIFT))		\
35 		&& ((attr) & (0x1 << TZC_REGION_ATTR_F_EN_SHIFT)))
36 
37 /*
38  * Structure for configured regions attributes in DMC500.
39  */
40 typedef struct tzc_dmc500_regions {
41 	unsigned int sec_attr;
42 	int is_enabled;
43 } tzc_dmc500_regions_t;
44 
45 /*
46  * Array storing the attributes of the configured regions. This array
47  * will be used by the `tzc_dmc500_verify_complete` to verify the flush
48  * completion.
49  */
50 static tzc_dmc500_regions_t g_conf_regions[MAX_REGION_VAL + 1];
51 
52 /* Helper Macros for making the code readable */
53 #define DMC_INST_BASE_ADDR(instance) (g_driver_data->dmc_base[instance])
54 #define DMC_INST_SI_BASE(instance, interface) \
55 		(DMC_INST_BASE_ADDR(instance) + IFACE_OFFSET(interface))
56 
57 DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500, DMC500)
58 DEFINE_TZC_COMMON_WRITE_REGION_BASE(_dmc500, DMC500)
59 DEFINE_TZC_COMMON_WRITE_REGION_TOP(_dmc500, DMC500)
60 DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(_dmc500, DMC500)
61 DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(_dmc500, DMC500)
62 
63 DEFINE_TZC_COMMON_CONFIGURE_REGION0(_dmc500)
64 DEFINE_TZC_COMMON_CONFIGURE_REGION(_dmc500)
65 
66 static inline unsigned int _tzc_dmc500_read_region_attr_0(
67 					uintptr_t dmc_si_base,
68 					unsigned int region_no)
69 {
70 	return mmio_read_32(dmc_si_base +
71 			TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) +
72 			TZC_DMC500_REGION_ATTR_0_OFFSET);
73 }
74 
75 static inline void _tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)
76 {
77 	mmio_write_32(dmc_si_base + SI_FLUSH_CTRL_OFFSET, 1);
78 }
79 
80 /*
81  * Sets the Flush controls for all the DMC Instances and System Interfaces.
82  * This initiates the flush of configuration settings from the shadow
83  * registers to the actual configuration register. The caller should poll
84  * changed register to confirm update.
85  */
86 void tzc_dmc500_config_complete(void)
87 {
88 	int dmc_inst, sys_if;
89 
90 	assert(g_driver_data);
91 
92 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
93 		assert(DMC_INST_BASE_ADDR(dmc_inst));
94 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
95 			_tzc_dmc500_write_flush_control(
96 					DMC_INST_SI_BASE(dmc_inst, sys_if));
97 	}
98 }
99 
100 /*
101  * This function reads back the secure attributes from the configuration
102  * register for each DMC Instance and System Interface and compares it with
103  * the configured value. The successful verification of the region attributes
104  * confirms that the flush operation has completed.
105  * If the verification fails, the caller is expected to invoke this API again
106  * till it succeeds.
107  * Returns 0 on success and 1 on failure.
108  */
109 int tzc_dmc500_verify_complete(void)
110 {
111 	int dmc_inst, sys_if, region_no;
112 	unsigned int attr;
113 
114 	assert(g_driver_data);
115 	/* Region 0 must be configured */
116 	assert(g_conf_regions[0].is_enabled);
117 
118 	/* Iterate over all configured regions */
119 	for (region_no = 0; region_no <= MAX_REGION_VAL; region_no++) {
120 		if (!g_conf_regions[region_no].is_enabled)
121 			continue;
122 		for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count;
123 								dmc_inst++) {
124 			assert(DMC_INST_BASE_ADDR(dmc_inst));
125 			for (sys_if = 0; sys_if < g_sys_if_count;
126 							sys_if++) {
127 				attr = _tzc_dmc500_read_region_attr_0(
128 					DMC_INST_SI_BASE(dmc_inst, sys_if),
129 					region_no);
130 				VERBOSE("Verifying DMC500 region:%d"
131 					" dmc_inst:%d sys_if:%d attr:%x\n",
132 					region_no, dmc_inst, sys_if, attr);
133 				if (!verify_region_attr(region_no, attr))
134 					return 1;
135 			}
136 		}
137 	}
138 
139 	return 0;
140 }
141 
142 /*
143  * `tzc_dmc500_configure_region0` is used to program region 0 in both the
144  * system interfaces of all the DMC-500 instances. Region 0 covers the whole
145  * address space that is not mapped to any other region for a system interface,
146  * and is always enabled; this cannot be changed. This function only changes
147  * the access permissions.
148  */
149 void tzc_dmc500_configure_region0(unsigned int sec_attr,
150 				  unsigned int nsaid_permissions)
151 {
152 	int dmc_inst, sys_if;
153 
154 	/* Assert if DMC-500 is not initialized */
155 	assert(g_driver_data);
156 
157 	/* Configure region_0 in all DMC instances */
158 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
159 		assert(DMC_INST_BASE_ADDR(dmc_inst));
160 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
161 			_tzc_dmc500_configure_region0(
162 					DMC_INST_SI_BASE(dmc_inst, sys_if),
163 					sec_attr, nsaid_permissions);
164 	}
165 
166 	g_conf_regions[0].sec_attr = sec_attr;
167 	g_conf_regions[0].is_enabled = 1;
168 }
169 
170 /*
171  * `tzc_dmc500_configure_region` is used to program a region into all system
172  * interfaces of all the DMC instances.
173  * NOTE:
174  * Region 0 is special; it is preferable to use tzc_dmc500_configure_region0
175  * for this region (see comment for that function).
176  */
177 void tzc_dmc500_configure_region(unsigned int region_no,
178 			unsigned long long region_base,
179 			unsigned long long region_top,
180 			unsigned int sec_attr,
181 			unsigned int nsaid_permissions)
182 {
183 	int dmc_inst, sys_if;
184 
185 	assert(g_driver_data);
186 	/* Do range checks on regions. */
187 	assert((region_no >= 0U) && (region_no <= MAX_REGION_VAL));
188 
189 	/*
190 	 * Do address range check based on DMC-TZ configuration. A 43bit address
191 	 * is the max and expected case.
192 	 */
193 	assert(((region_top <= (UINT64_MAX >> (64U - 43U))) &&
194 		(region_base < region_top)));
195 
196 	/* region_base and (region_top + 1) must be 4KB aligned */
197 	assert(((region_base | (region_top + 1U)) & (4096U - 1U)) == 0U);
198 
199 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
200 		assert(DMC_INST_BASE_ADDR(dmc_inst));
201 		for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
202 			_tzc_dmc500_configure_region(
203 					DMC_INST_SI_BASE(dmc_inst, sys_if),
204 					TZC_DMC500_REGION_ATTR_F_EN_MASK,
205 					region_no, region_base, region_top,
206 					sec_attr, nsaid_permissions);
207 	}
208 
209 	g_conf_regions[region_no].sec_attr = sec_attr;
210 	g_conf_regions[region_no].is_enabled = 1;
211 }
212 
213 /* Sets the action value for all the DMC instances */
214 void tzc_dmc500_set_action(unsigned int action)
215 {
216 	int dmc_inst;
217 
218 	assert(g_driver_data);
219 
220 	for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
221 		assert(DMC_INST_BASE_ADDR(dmc_inst));
222 		/*
223 		 * - Currently no handler is provided to trap an error via
224 		 *   interrupt or exception.
225 		 * - The interrupt action has not been tested.
226 		 */
227 		_tzc_dmc500_write_action(DMC_INST_BASE_ADDR(dmc_inst), action);
228 	}
229 }
230 
231 /*
232  * A DMC-500 instance must be present at each base address provided by the
233  * platform. It also expects platform to pass at least one instance of
234  * DMC-500.
235  */
236 static void validate_plat_driver_data(
237 			const tzc_dmc500_driver_data_t *plat_driver_data)
238 {
239 #if ENABLE_ASSERTIONS
240 	int i;
241 	unsigned int dmc_id;
242 	uintptr_t dmc_base;
243 
244 	assert(plat_driver_data);
245 	assert(plat_driver_data->dmc_count > 0 &&
246 		(plat_driver_data->dmc_count <= MAX_DMC_COUNT));
247 
248 	for (i = 0; i < plat_driver_data->dmc_count; i++) {
249 		dmc_base = plat_driver_data->dmc_base[i];
250 		assert(dmc_base);
251 
252 		dmc_id = _tzc_read_peripheral_id(dmc_base);
253 		assert(dmc_id == DMC500_PERIPHERAL_ID);
254 	}
255 #endif /* ENABLE_ASSERTIONS */
256 }
257 
258 
259 /*
260  * Initializes the base address and count of DMC instances.
261  *
262  * Note : Only pointer to plat_driver_data is saved, so it is caller's
263  * responsibility to keep it valid until the driver is used.
264  */
265 void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data)
266 {
267 	/* Check valid pointer is passed */
268 	assert(plat_driver_data);
269 
270 	/*
271 	 * NOTE: This driver expects the DMC-500 controller is already in
272 	 * READY state. Hence, it uses the reconfiguration method for
273 	 * programming TrustZone regions
274 	 */
275 	/* Validates the information passed by platform */
276 	validate_plat_driver_data(plat_driver_data);
277 	g_driver_data = plat_driver_data;
278 
279 	/* Check valid system interface count */
280 	assert(g_driver_data->sys_if_count <= MAX_SYS_IF_COUNT);
281 
282 	g_sys_if_count = g_driver_data->sys_if_count;
283 
284 	/* If interface count is not present then assume max */
285 	if (g_sys_if_count == 0U)
286 		g_sys_if_count = MAX_SYS_IF_COUNT;
287 }
288