1 /* 2 * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <platform_def.h> 8 9 #include <common/debug.h> 10 #include <drivers/arm/tzc400.h> 11 12 #include <arm_def.h> 13 #include <arm_spm_def.h> 14 #include <plat_arm.h> 15 16 /* Weak definitions may be overridden in specific ARM standard platform */ 17 #pragma weak plat_arm_security_setup 18 19 20 /******************************************************************************* 21 * Initialize the TrustZone Controller for ARM standard platforms. 22 * When booting an EL3 payload, this is simplified: we configure region 0 with 23 * secure access only and do not enable any other region. 24 ******************************************************************************/ 25 void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions) 26 { 27 #ifndef EL3_PAYLOAD_BASE 28 unsigned int region_index = 1U; 29 const arm_tzc_regions_info_t *p; 30 const arm_tzc_regions_info_t init_tzc_regions[] = { 31 ARM_TZC_REGIONS_DEF, 32 {0} 33 }; 34 #endif 35 36 INFO("Configuring TrustZone Controller\n"); 37 38 tzc400_init(PLAT_ARM_TZC_BASE); 39 40 /* Disable filters. */ 41 tzc400_disable_filters(); 42 43 #ifndef EL3_PAYLOAD_BASE 44 if (tzc_regions == NULL) 45 p = init_tzc_regions; 46 else 47 p = tzc_regions; 48 49 /* Region 0 set to no access by default */ 50 tzc400_configure_region0(TZC_REGION_S_NONE, 0); 51 52 /* Rest Regions set according to tzc_regions array */ 53 for (; p->base != 0ULL; p++) { 54 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index, 55 p->base, p->end, p->sec_attr, p->nsaid_permissions); 56 region_index++; 57 } 58 59 INFO("Total %u regions set.\n", region_index); 60 61 #else /* if defined(EL3_PAYLOAD_BASE) */ 62 63 /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ 64 tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); 65 66 #endif /* EL3_PAYLOAD_BASE */ 67 68 /* 69 * Raise an exception if a NS device tries to access secure memory 70 * TODO: Add interrupt handling support. 71 */ 72 tzc400_set_action(TZC_ACTION_ERR); 73 74 /* Enable filters. */ 75 tzc400_enable_filters(); 76 } 77 78 void plat_arm_security_setup(void) 79 { 80 arm_tzc400_setup(NULL); 81 } 82