1a9cc84d7SVikram Kanigiri /* 2a9cc84d7SVikram Kanigiri * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. 3a9cc84d7SVikram Kanigiri * 4a9cc84d7SVikram Kanigiri * Redistribution and use in source and binary forms, with or without 5a9cc84d7SVikram Kanigiri * modification, are permitted provided that the following conditions are met: 6a9cc84d7SVikram Kanigiri * 7a9cc84d7SVikram Kanigiri * Redistributions of source code must retain the above copyright notice, this 8a9cc84d7SVikram Kanigiri * list of conditions and the following disclaimer. 9a9cc84d7SVikram Kanigiri * 10a9cc84d7SVikram Kanigiri * Redistributions in binary form must reproduce the above copyright notice, 11a9cc84d7SVikram Kanigiri * this list of conditions and the following disclaimer in the documentation 12a9cc84d7SVikram Kanigiri * and/or other materials provided with the distribution. 13a9cc84d7SVikram Kanigiri * 14a9cc84d7SVikram Kanigiri * Neither the name of ARM nor the names of its contributors may be used 15a9cc84d7SVikram Kanigiri * to endorse or promote products derived from this software without specific 16a9cc84d7SVikram Kanigiri * prior written permission. 17a9cc84d7SVikram Kanigiri * 18a9cc84d7SVikram Kanigiri * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19a9cc84d7SVikram Kanigiri * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20a9cc84d7SVikram Kanigiri * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21a9cc84d7SVikram Kanigiri * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22a9cc84d7SVikram Kanigiri * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23a9cc84d7SVikram Kanigiri * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24a9cc84d7SVikram Kanigiri * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25a9cc84d7SVikram Kanigiri * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26a9cc84d7SVikram Kanigiri * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27a9cc84d7SVikram Kanigiri * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28a9cc84d7SVikram Kanigiri * POSSIBILITY OF SUCH DAMAGE. 29a9cc84d7SVikram Kanigiri */ 30a9cc84d7SVikram Kanigiri 31a9cc84d7SVikram Kanigiri #include <arm_def.h> 32a9cc84d7SVikram Kanigiri #include <debug.h> 33a9cc84d7SVikram Kanigiri #include <platform_def.h> 34a9cc84d7SVikram Kanigiri #include <tzc400.h> 35a9cc84d7SVikram Kanigiri 36a9cc84d7SVikram Kanigiri 37a9cc84d7SVikram Kanigiri /* Weak definitions may be overridden in specific ARM standard platform */ 38a9cc84d7SVikram Kanigiri #pragma weak plat_arm_security_setup 39a9cc84d7SVikram Kanigiri 40a9cc84d7SVikram Kanigiri 41a9cc84d7SVikram Kanigiri /******************************************************************************* 42a9cc84d7SVikram Kanigiri * Initialize the TrustZone Controller for ARM standard platforms. 43a9cc84d7SVikram Kanigiri * Configure: 44a9cc84d7SVikram Kanigiri * - Region 0 with no access; 45a9cc84d7SVikram Kanigiri * - Region 1 with secure access only; 46a9cc84d7SVikram Kanigiri * - the remaining DRAM regions access from the given Non-Secure masters. 47a9cc84d7SVikram Kanigiri * 48a9cc84d7SVikram Kanigiri * When booting an EL3 payload, this is simplified: we configure region 0 with 49a9cc84d7SVikram Kanigiri * secure access only and do not enable any other region. 50a9cc84d7SVikram Kanigiri ******************************************************************************/ 51*57f78201SSoby Mathew void arm_tzc400_setup(void) 52a9cc84d7SVikram Kanigiri { 53a9cc84d7SVikram Kanigiri INFO("Configuring TrustZone Controller\n"); 54a9cc84d7SVikram Kanigiri 55*57f78201SSoby Mathew tzc400_init(PLAT_ARM_TZC_BASE); 56a9cc84d7SVikram Kanigiri 57a9cc84d7SVikram Kanigiri /* Disable filters. */ 58*57f78201SSoby Mathew tzc400_disable_filters(); 59a9cc84d7SVikram Kanigiri 60a9cc84d7SVikram Kanigiri #ifndef EL3_PAYLOAD_BASE 61a9cc84d7SVikram Kanigiri /* Region 0 set to no access by default */ 62*57f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_NONE, 0); 63a9cc84d7SVikram Kanigiri 64a9cc84d7SVikram Kanigiri /* Region 1 set to cover Secure part of DRAM */ 65*57f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1, 66a9cc84d7SVikram Kanigiri ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, 67a9cc84d7SVikram Kanigiri TZC_REGION_S_RDWR, 68a9cc84d7SVikram Kanigiri 0); 69a9cc84d7SVikram Kanigiri 70a9cc84d7SVikram Kanigiri /* Region 2 set to cover Non-Secure access to 1st DRAM address range. 71a9cc84d7SVikram Kanigiri * Apply the same configuration to given filters in the TZC. */ 72*57f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2, 73a9cc84d7SVikram Kanigiri ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, 74a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 75a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 76a9cc84d7SVikram Kanigiri 77a9cc84d7SVikram Kanigiri /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */ 78*57f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3, 79a9cc84d7SVikram Kanigiri ARM_DRAM2_BASE, ARM_DRAM2_END, 80a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 81a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 82a9cc84d7SVikram Kanigiri #else 83a9cc84d7SVikram Kanigiri /* Allow secure access only to DRAM for EL3 payloads. */ 84*57f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_RDWR, 0); 85a9cc84d7SVikram Kanigiri #endif /* EL3_PAYLOAD_BASE */ 86a9cc84d7SVikram Kanigiri 87a9cc84d7SVikram Kanigiri /* 88a9cc84d7SVikram Kanigiri * Raise an exception if a NS device tries to access secure memory 89a9cc84d7SVikram Kanigiri * TODO: Add interrupt handling support. 90a9cc84d7SVikram Kanigiri */ 91*57f78201SSoby Mathew tzc400_set_action(TZC_ACTION_ERR); 92a9cc84d7SVikram Kanigiri 93a9cc84d7SVikram Kanigiri /* Enable filters. */ 94*57f78201SSoby Mathew tzc400_enable_filters(); 95a9cc84d7SVikram Kanigiri } 96a9cc84d7SVikram Kanigiri 97a9cc84d7SVikram Kanigiri void plat_arm_security_setup(void) 98a9cc84d7SVikram Kanigiri { 99*57f78201SSoby Mathew arm_tzc400_setup(); 100a9cc84d7SVikram Kanigiri } 101