1a9cc84d7SVikram Kanigiri /* 21af540efSRoberto Vargas * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. 3a9cc84d7SVikram Kanigiri * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 5a9cc84d7SVikram Kanigiri */ 6a9cc84d7SVikram Kanigiri 7a9cc84d7SVikram Kanigiri #include <arm_def.h> 8e29efeb1SAntonio Nino Diaz #include <arm_spm_def.h> 9a9cc84d7SVikram Kanigiri #include <debug.h> 101af540efSRoberto Vargas #include <plat_arm.h> 11a9cc84d7SVikram Kanigiri #include <platform_def.h> 12a9cc84d7SVikram Kanigiri #include <tzc400.h> 13a9cc84d7SVikram Kanigiri 14a9cc84d7SVikram Kanigiri 15a9cc84d7SVikram Kanigiri /* Weak definitions may be overridden in specific ARM standard platform */ 16a9cc84d7SVikram Kanigiri #pragma weak plat_arm_security_setup 17a9cc84d7SVikram Kanigiri 18a9cc84d7SVikram Kanigiri 19a9cc84d7SVikram Kanigiri /******************************************************************************* 20a9cc84d7SVikram Kanigiri * Initialize the TrustZone Controller for ARM standard platforms. 21a9cc84d7SVikram Kanigiri * When booting an EL3 payload, this is simplified: we configure region 0 with 22a9cc84d7SVikram Kanigiri * secure access only and do not enable any other region. 23a9cc84d7SVikram Kanigiri ******************************************************************************/ 24*23411d2cSSummer Qin void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions) 25a9cc84d7SVikram Kanigiri { 26*23411d2cSSummer Qin #ifndef EL3_PAYLOAD_BASE 27*23411d2cSSummer Qin int region_index = 1; 28*23411d2cSSummer Qin const arm_tzc_regions_info_t *p; 29*23411d2cSSummer Qin const arm_tzc_regions_info_t init_tzc_regions[] = { 30*23411d2cSSummer Qin ARM_TZC_REGIONS_DEF, 31*23411d2cSSummer Qin {0} 32*23411d2cSSummer Qin }; 33*23411d2cSSummer Qin #endif 34*23411d2cSSummer Qin 35a9cc84d7SVikram Kanigiri INFO("Configuring TrustZone Controller\n"); 36a9cc84d7SVikram Kanigiri 3757f78201SSoby Mathew tzc400_init(PLAT_ARM_TZC_BASE); 38a9cc84d7SVikram Kanigiri 39a9cc84d7SVikram Kanigiri /* Disable filters. */ 4057f78201SSoby Mathew tzc400_disable_filters(); 41a9cc84d7SVikram Kanigiri 42a9cc84d7SVikram Kanigiri #ifndef EL3_PAYLOAD_BASE 43*23411d2cSSummer Qin if (tzc_regions == NULL) 44*23411d2cSSummer Qin p = init_tzc_regions; 45*23411d2cSSummer Qin else 46*23411d2cSSummer Qin p = tzc_regions; 47e60f2af9SSoby Mathew 48a9cc84d7SVikram Kanigiri /* Region 0 set to no access by default */ 4957f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_NONE, 0); 50a9cc84d7SVikram Kanigiri 51*23411d2cSSummer Qin /* Rest Regions set according to tzc_regions array */ 52*23411d2cSSummer Qin for (; p->base != 0ULL; p++) { 53*23411d2cSSummer Qin tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index, 54*23411d2cSSummer Qin p->base, p->end, p->sec_attr, p->nsaid_permissions); 55*23411d2cSSummer Qin region_index++; 56*23411d2cSSummer Qin } 57a9cc84d7SVikram Kanigiri 58*23411d2cSSummer Qin INFO("Total %d regions set.\n", region_index); 59e29efeb1SAntonio Nino Diaz 60e29efeb1SAntonio Nino Diaz #else /* if defined(EL3_PAYLOAD_BASE) */ 61e29efeb1SAntonio Nino Diaz 62fb48b970SSoby Mathew /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ 63fb48b970SSoby Mathew tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); 64e29efeb1SAntonio Nino Diaz 65a9cc84d7SVikram Kanigiri #endif /* EL3_PAYLOAD_BASE */ 66a9cc84d7SVikram Kanigiri 67a9cc84d7SVikram Kanigiri /* 68a9cc84d7SVikram Kanigiri * Raise an exception if a NS device tries to access secure memory 69a9cc84d7SVikram Kanigiri * TODO: Add interrupt handling support. 70a9cc84d7SVikram Kanigiri */ 7157f78201SSoby Mathew tzc400_set_action(TZC_ACTION_ERR); 72a9cc84d7SVikram Kanigiri 73a9cc84d7SVikram Kanigiri /* Enable filters. */ 7457f78201SSoby Mathew tzc400_enable_filters(); 75a9cc84d7SVikram Kanigiri } 76a9cc84d7SVikram Kanigiri 77a9cc84d7SVikram Kanigiri void plat_arm_security_setup(void) 78a9cc84d7SVikram Kanigiri { 79*23411d2cSSummer Qin arm_tzc400_setup(NULL); 80a9cc84d7SVikram Kanigiri } 81