1a9cc84d7SVikram Kanigiri /* 2a9cc84d7SVikram Kanigiri * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. 3a9cc84d7SVikram Kanigiri * 4*82cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 5a9cc84d7SVikram Kanigiri */ 6a9cc84d7SVikram Kanigiri 7a9cc84d7SVikram Kanigiri #include <arm_def.h> 8a9cc84d7SVikram Kanigiri #include <debug.h> 9a9cc84d7SVikram Kanigiri #include <platform_def.h> 10a9cc84d7SVikram Kanigiri #include <tzc400.h> 11a9cc84d7SVikram Kanigiri 12a9cc84d7SVikram Kanigiri 13a9cc84d7SVikram Kanigiri /* Weak definitions may be overridden in specific ARM standard platform */ 14a9cc84d7SVikram Kanigiri #pragma weak plat_arm_security_setup 15a9cc84d7SVikram Kanigiri 16a9cc84d7SVikram Kanigiri 17a9cc84d7SVikram Kanigiri /******************************************************************************* 18a9cc84d7SVikram Kanigiri * Initialize the TrustZone Controller for ARM standard platforms. 19a9cc84d7SVikram Kanigiri * Configure: 20a9cc84d7SVikram Kanigiri * - Region 0 with no access; 21a9cc84d7SVikram Kanigiri * - Region 1 with secure access only; 22a9cc84d7SVikram Kanigiri * - the remaining DRAM regions access from the given Non-Secure masters. 23a9cc84d7SVikram Kanigiri * 24a9cc84d7SVikram Kanigiri * When booting an EL3 payload, this is simplified: we configure region 0 with 25a9cc84d7SVikram Kanigiri * secure access only and do not enable any other region. 26a9cc84d7SVikram Kanigiri ******************************************************************************/ 2757f78201SSoby Mathew void arm_tzc400_setup(void) 28a9cc84d7SVikram Kanigiri { 29a9cc84d7SVikram Kanigiri INFO("Configuring TrustZone Controller\n"); 30a9cc84d7SVikram Kanigiri 3157f78201SSoby Mathew tzc400_init(PLAT_ARM_TZC_BASE); 32a9cc84d7SVikram Kanigiri 33a9cc84d7SVikram Kanigiri /* Disable filters. */ 3457f78201SSoby Mathew tzc400_disable_filters(); 35a9cc84d7SVikram Kanigiri 36a9cc84d7SVikram Kanigiri #ifndef EL3_PAYLOAD_BASE 37a9cc84d7SVikram Kanigiri /* Region 0 set to no access by default */ 3857f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_NONE, 0); 39a9cc84d7SVikram Kanigiri 40a9cc84d7SVikram Kanigiri /* Region 1 set to cover Secure part of DRAM */ 4157f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1, 42a9cc84d7SVikram Kanigiri ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, 43a9cc84d7SVikram Kanigiri TZC_REGION_S_RDWR, 44a9cc84d7SVikram Kanigiri 0); 45a9cc84d7SVikram Kanigiri 46a9cc84d7SVikram Kanigiri /* Region 2 set to cover Non-Secure access to 1st DRAM address range. 47a9cc84d7SVikram Kanigiri * Apply the same configuration to given filters in the TZC. */ 4857f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2, 49a9cc84d7SVikram Kanigiri ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, 50a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 51a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 52a9cc84d7SVikram Kanigiri 53a9cc84d7SVikram Kanigiri /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */ 5457f78201SSoby Mathew tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3, 55a9cc84d7SVikram Kanigiri ARM_DRAM2_BASE, ARM_DRAM2_END, 56a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 57a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 58a9cc84d7SVikram Kanigiri #else 59a9cc84d7SVikram Kanigiri /* Allow secure access only to DRAM for EL3 payloads. */ 6057f78201SSoby Mathew tzc400_configure_region0(TZC_REGION_S_RDWR, 0); 61a9cc84d7SVikram Kanigiri #endif /* EL3_PAYLOAD_BASE */ 62a9cc84d7SVikram Kanigiri 63a9cc84d7SVikram Kanigiri /* 64a9cc84d7SVikram Kanigiri * Raise an exception if a NS device tries to access secure memory 65a9cc84d7SVikram Kanigiri * TODO: Add interrupt handling support. 66a9cc84d7SVikram Kanigiri */ 6757f78201SSoby Mathew tzc400_set_action(TZC_ACTION_ERR); 68a9cc84d7SVikram Kanigiri 69a9cc84d7SVikram Kanigiri /* Enable filters. */ 7057f78201SSoby Mathew tzc400_enable_filters(); 71a9cc84d7SVikram Kanigiri } 72a9cc84d7SVikram Kanigiri 73a9cc84d7SVikram Kanigiri void plat_arm_security_setup(void) 74a9cc84d7SVikram Kanigiri { 7557f78201SSoby Mathew arm_tzc400_setup(); 76a9cc84d7SVikram Kanigiri } 77