1a9cc84d7SVikram Kanigiri /* 2*1af540efSRoberto Vargas * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. 3a9cc84d7SVikram Kanigiri * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 5a9cc84d7SVikram Kanigiri */ 6a9cc84d7SVikram Kanigiri 7a9cc84d7SVikram Kanigiri #include <arm_def.h> 8e29efeb1SAntonio Nino Diaz #include <arm_spm_def.h> 9a9cc84d7SVikram Kanigiri #include <debug.h> 10*1af540efSRoberto Vargas #include <plat_arm.h> 11a9cc84d7SVikram Kanigiri #include <platform_def.h> 12a9cc84d7SVikram Kanigiri #include <tzc400.h> 13a9cc84d7SVikram Kanigiri 14a9cc84d7SVikram Kanigiri 15a9cc84d7SVikram Kanigiri /* Weak definitions may be overridden in specific ARM standard platform */ 16a9cc84d7SVikram Kanigiri #pragma weak plat_arm_security_setup 17a9cc84d7SVikram Kanigiri 18a9cc84d7SVikram Kanigiri 19a9cc84d7SVikram Kanigiri /******************************************************************************* 20a9cc84d7SVikram Kanigiri * Initialize the TrustZone Controller for ARM standard platforms. 21a9cc84d7SVikram Kanigiri * Configure: 22a9cc84d7SVikram Kanigiri * - Region 0 with no access; 23a9cc84d7SVikram Kanigiri * - Region 1 with secure access only; 24a9cc84d7SVikram Kanigiri * - the remaining DRAM regions access from the given Non-Secure masters. 25a9cc84d7SVikram Kanigiri * 26a9cc84d7SVikram Kanigiri * When booting an EL3 payload, this is simplified: we configure region 0 with 27a9cc84d7SVikram Kanigiri * secure access only and do not enable any other region. 28a9cc84d7SVikram Kanigiri ******************************************************************************/ 2957f78201SSoby Mathew void arm_tzc400_setup(void) 30a9cc84d7SVikram Kanigiri { 31a9cc84d7SVikram Kanigiri INFO("Configuring TrustZone Controller\n"); 32a9cc84d7SVikram Kanigiri 3357f78201SSoby Mathew tzc400_init(PLAT_ARM_TZC_BASE); 34a9cc84d7SVikram Kanigiri 35a9cc84d7SVikram Kanigiri /* Disable filters. */ 3657f78201SSoby Mathew tzc400_disable_filters(); 37a9cc84d7SVikram Kanigiri 38a9cc84d7SVikram Kanigiri #ifndef EL3_PAYLOAD_BASE 39e60f2af9SSoby Mathew 40a9cc84d7SVikram Kanigiri /* Region 0 set to no access by default */ 4157f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_NONE, 0); 42a9cc84d7SVikram Kanigiri 43a9cc84d7SVikram Kanigiri /* Region 1 set to cover Secure part of DRAM */ 4457f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1, 45a22dffc6SSoby Mathew ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, 46a9cc84d7SVikram Kanigiri TZC_REGION_S_RDWR, 47a9cc84d7SVikram Kanigiri 0); 48a9cc84d7SVikram Kanigiri 49a9cc84d7SVikram Kanigiri /* Region 2 set to cover Non-Secure access to 1st DRAM address range. 50a9cc84d7SVikram Kanigiri * Apply the same configuration to given filters in the TZC. */ 5157f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2, 52a9cc84d7SVikram Kanigiri ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, 53e60f2af9SSoby Mathew ARM_TZC_NS_DRAM_S_ACCESS, 54a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 55a9cc84d7SVikram Kanigiri 56a9cc84d7SVikram Kanigiri /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */ 5757f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3, 58a9cc84d7SVikram Kanigiri ARM_DRAM2_BASE, ARM_DRAM2_END, 59e60f2af9SSoby Mathew ARM_TZC_NS_DRAM_S_ACCESS, 60a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 61e29efeb1SAntonio Nino Diaz 62e29efeb1SAntonio Nino Diaz #if ENABLE_SPM 63e29efeb1SAntonio Nino Diaz /* 64e29efeb1SAntonio Nino Diaz * Region 4 set to cover Non-Secure access to the communication buffer 65e29efeb1SAntonio Nino Diaz * shared with the Secure world. 66e29efeb1SAntonio Nino Diaz */ 67e29efeb1SAntonio Nino Diaz tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 68e29efeb1SAntonio Nino Diaz 4, 69e29efeb1SAntonio Nino Diaz ARM_SP_IMAGE_NS_BUF_BASE, 70e29efeb1SAntonio Nino Diaz (ARM_SP_IMAGE_NS_BUF_BASE + 71e29efeb1SAntonio Nino Diaz ARM_SP_IMAGE_NS_BUF_SIZE) - 1, 72e29efeb1SAntonio Nino Diaz TZC_REGION_S_NONE, 73e29efeb1SAntonio Nino Diaz PLAT_ARM_TZC_NS_DEV_ACCESS); 74e29efeb1SAntonio Nino Diaz #endif 75e29efeb1SAntonio Nino Diaz 76e29efeb1SAntonio Nino Diaz #else /* if defined(EL3_PAYLOAD_BASE) */ 77e29efeb1SAntonio Nino Diaz 78fb48b970SSoby Mathew /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ 79fb48b970SSoby Mathew tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); 80e29efeb1SAntonio Nino Diaz 81a9cc84d7SVikram Kanigiri #endif /* EL3_PAYLOAD_BASE */ 82a9cc84d7SVikram Kanigiri 83a9cc84d7SVikram Kanigiri /* 84a9cc84d7SVikram Kanigiri * Raise an exception if a NS device tries to access secure memory 85a9cc84d7SVikram Kanigiri * TODO: Add interrupt handling support. 86a9cc84d7SVikram Kanigiri */ 8757f78201SSoby Mathew tzc400_set_action(TZC_ACTION_ERR); 88a9cc84d7SVikram Kanigiri 89a9cc84d7SVikram Kanigiri /* Enable filters. */ 9057f78201SSoby Mathew tzc400_enable_filters(); 91a9cc84d7SVikram Kanigiri } 92a9cc84d7SVikram Kanigiri 93a9cc84d7SVikram Kanigiri void plat_arm_security_setup(void) 94a9cc84d7SVikram Kanigiri { 9557f78201SSoby Mathew arm_tzc400_setup(); 96a9cc84d7SVikram Kanigiri } 97