1*a9cc84d7SVikram Kanigiri /* 2*a9cc84d7SVikram Kanigiri * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved. 3*a9cc84d7SVikram Kanigiri * 4*a9cc84d7SVikram Kanigiri * Redistribution and use in source and binary forms, with or without 5*a9cc84d7SVikram Kanigiri * modification, are permitted provided that the following conditions are met: 6*a9cc84d7SVikram Kanigiri * 7*a9cc84d7SVikram Kanigiri * Redistributions of source code must retain the above copyright notice, this 8*a9cc84d7SVikram Kanigiri * list of conditions and the following disclaimer. 9*a9cc84d7SVikram Kanigiri * 10*a9cc84d7SVikram Kanigiri * Redistributions in binary form must reproduce the above copyright notice, 11*a9cc84d7SVikram Kanigiri * this list of conditions and the following disclaimer in the documentation 12*a9cc84d7SVikram Kanigiri * and/or other materials provided with the distribution. 13*a9cc84d7SVikram Kanigiri * 14*a9cc84d7SVikram Kanigiri * Neither the name of ARM nor the names of its contributors may be used 15*a9cc84d7SVikram Kanigiri * to endorse or promote products derived from this software without specific 16*a9cc84d7SVikram Kanigiri * prior written permission. 17*a9cc84d7SVikram Kanigiri * 18*a9cc84d7SVikram Kanigiri * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19*a9cc84d7SVikram Kanigiri * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20*a9cc84d7SVikram Kanigiri * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21*a9cc84d7SVikram Kanigiri * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22*a9cc84d7SVikram Kanigiri * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23*a9cc84d7SVikram Kanigiri * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24*a9cc84d7SVikram Kanigiri * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25*a9cc84d7SVikram Kanigiri * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26*a9cc84d7SVikram Kanigiri * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27*a9cc84d7SVikram Kanigiri * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28*a9cc84d7SVikram Kanigiri * POSSIBILITY OF SUCH DAMAGE. 29*a9cc84d7SVikram Kanigiri */ 30*a9cc84d7SVikram Kanigiri 31*a9cc84d7SVikram Kanigiri #include <arm_def.h> 32*a9cc84d7SVikram Kanigiri #include <debug.h> 33*a9cc84d7SVikram Kanigiri #include <platform_def.h> 34*a9cc84d7SVikram Kanigiri #include <tzc400.h> 35*a9cc84d7SVikram Kanigiri 36*a9cc84d7SVikram Kanigiri 37*a9cc84d7SVikram Kanigiri /* Weak definitions may be overridden in specific ARM standard platform */ 38*a9cc84d7SVikram Kanigiri #pragma weak plat_arm_security_setup 39*a9cc84d7SVikram Kanigiri 40*a9cc84d7SVikram Kanigiri 41*a9cc84d7SVikram Kanigiri /******************************************************************************* 42*a9cc84d7SVikram Kanigiri * Initialize the TrustZone Controller for ARM standard platforms. 43*a9cc84d7SVikram Kanigiri * Configure: 44*a9cc84d7SVikram Kanigiri * - Region 0 with no access; 45*a9cc84d7SVikram Kanigiri * - Region 1 with secure access only; 46*a9cc84d7SVikram Kanigiri * - the remaining DRAM regions access from the given Non-Secure masters. 47*a9cc84d7SVikram Kanigiri * 48*a9cc84d7SVikram Kanigiri * When booting an EL3 payload, this is simplified: we configure region 0 with 49*a9cc84d7SVikram Kanigiri * secure access only and do not enable any other region. 50*a9cc84d7SVikram Kanigiri ******************************************************************************/ 51*a9cc84d7SVikram Kanigiri void arm_tzc_setup(void) 52*a9cc84d7SVikram Kanigiri { 53*a9cc84d7SVikram Kanigiri INFO("Configuring TrustZone Controller\n"); 54*a9cc84d7SVikram Kanigiri 55*a9cc84d7SVikram Kanigiri tzc_init(PLAT_ARM_TZC_BASE); 56*a9cc84d7SVikram Kanigiri 57*a9cc84d7SVikram Kanigiri /* Disable filters. */ 58*a9cc84d7SVikram Kanigiri tzc_disable_filters(); 59*a9cc84d7SVikram Kanigiri 60*a9cc84d7SVikram Kanigiri #ifndef EL3_PAYLOAD_BASE 61*a9cc84d7SVikram Kanigiri /* Region 0 set to no access by default */ 62*a9cc84d7SVikram Kanigiri tzc_configure_region0(TZC_REGION_S_NONE, 0); 63*a9cc84d7SVikram Kanigiri 64*a9cc84d7SVikram Kanigiri /* Region 1 set to cover Secure part of DRAM */ 65*a9cc84d7SVikram Kanigiri tzc_configure_region(PLAT_ARM_TZC_FILTERS, 1, 66*a9cc84d7SVikram Kanigiri ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END, 67*a9cc84d7SVikram Kanigiri TZC_REGION_S_RDWR, 68*a9cc84d7SVikram Kanigiri 0); 69*a9cc84d7SVikram Kanigiri 70*a9cc84d7SVikram Kanigiri /* Region 2 set to cover Non-Secure access to 1st DRAM address range. 71*a9cc84d7SVikram Kanigiri * Apply the same configuration to given filters in the TZC. */ 72*a9cc84d7SVikram Kanigiri tzc_configure_region(PLAT_ARM_TZC_FILTERS, 2, 73*a9cc84d7SVikram Kanigiri ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, 74*a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 75*a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 76*a9cc84d7SVikram Kanigiri 77*a9cc84d7SVikram Kanigiri /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */ 78*a9cc84d7SVikram Kanigiri tzc_configure_region(PLAT_ARM_TZC_FILTERS, 3, 79*a9cc84d7SVikram Kanigiri ARM_DRAM2_BASE, ARM_DRAM2_END, 80*a9cc84d7SVikram Kanigiri TZC_REGION_S_NONE, 81*a9cc84d7SVikram Kanigiri PLAT_ARM_TZC_NS_DEV_ACCESS); 82*a9cc84d7SVikram Kanigiri #else 83*a9cc84d7SVikram Kanigiri /* Allow secure access only to DRAM for EL3 payloads. */ 84*a9cc84d7SVikram Kanigiri tzc_configure_region0(TZC_REGION_S_RDWR, 0); 85*a9cc84d7SVikram Kanigiri #endif /* EL3_PAYLOAD_BASE */ 86*a9cc84d7SVikram Kanigiri 87*a9cc84d7SVikram Kanigiri /* 88*a9cc84d7SVikram Kanigiri * Raise an exception if a NS device tries to access secure memory 89*a9cc84d7SVikram Kanigiri * TODO: Add interrupt handling support. 90*a9cc84d7SVikram Kanigiri */ 91*a9cc84d7SVikram Kanigiri tzc_set_action(TZC_ACTION_ERR); 92*a9cc84d7SVikram Kanigiri 93*a9cc84d7SVikram Kanigiri /* Enable filters. */ 94*a9cc84d7SVikram Kanigiri tzc_enable_filters(); 95*a9cc84d7SVikram Kanigiri } 96*a9cc84d7SVikram Kanigiri 97*a9cc84d7SVikram Kanigiri void plat_arm_security_setup(void) 98*a9cc84d7SVikram Kanigiri { 99*a9cc84d7SVikram Kanigiri arm_tzc_setup(); 100*a9cc84d7SVikram Kanigiri } 101