xref: /rk3399_ARM-atf/plat/arm/common/arm_tzc400.c (revision 73a9605197ba04aaf02d436a2a4ad56e695b426c) 
1 /*
2  * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <arm_def.h>
8 #include <arm_spm_def.h>
9 #include <debug.h>
10 #include <plat_arm.h>
11 #include <platform_def.h>
12 #include <tzc400.h>
13 
14 
15 /* Weak definitions may be overridden in specific ARM standard platform */
16 #pragma weak plat_arm_security_setup
17 
18 
19 /*******************************************************************************
20  * Initialize the TrustZone Controller for ARM standard platforms.
21  * Configure:
22  *   - Region 0 with no access;
23  *   - Region 1 with secure access only;
24  *   - the remaining DRAM regions access from the given Non-Secure masters.
25  *
26  * When booting an EL3 payload, this is simplified: we configure region 0 with
27  * secure access only and do not enable any other region.
28  ******************************************************************************/
29 void arm_tzc400_setup(void)
30 {
31 	INFO("Configuring TrustZone Controller\n");
32 
33 	tzc400_init(PLAT_ARM_TZC_BASE);
34 
35 	/* Disable filters. */
36 	tzc400_disable_filters();
37 
38 #ifndef EL3_PAYLOAD_BASE
39 
40 	/* Region 0 set to no access by default */
41 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
42 
43 	/* Region 1 set to cover Secure part of DRAM */
44 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
45 			ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
46 			TZC_REGION_S_RDWR,
47 			0);
48 
49 	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
50 	 * Apply the same configuration to given filters in the TZC. */
51 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
52 			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
53 			ARM_TZC_NS_DRAM_S_ACCESS,
54 			PLAT_ARM_TZC_NS_DEV_ACCESS);
55 
56 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
57 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
58 			ARM_DRAM2_BASE, ARM_DRAM2_END,
59 			ARM_TZC_NS_DRAM_S_ACCESS,
60 			PLAT_ARM_TZC_NS_DEV_ACCESS);
61 
62 #if ENABLE_SPM
63 	/*
64 	 * Region 4 set to cover Non-Secure access to the communication buffer
65 	 * shared with the Secure world.
66 	 */
67 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
68 				4,
69 				ARM_SP_IMAGE_NS_BUF_BASE,
70 				(ARM_SP_IMAGE_NS_BUF_BASE +
71 				 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
72 				TZC_REGION_S_NONE,
73 				PLAT_ARM_TZC_NS_DEV_ACCESS);
74 #endif
75 
76 #else /* if defined(EL3_PAYLOAD_BASE) */
77 
78 	/* Allow Secure and Non-secure access to DRAM for EL3 payloads */
79 	tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);
80 
81 #endif /* EL3_PAYLOAD_BASE */
82 
83 	/*
84 	 * Raise an exception if a NS device tries to access secure memory
85 	 * TODO: Add interrupt handling support.
86 	 */
87 	tzc400_set_action(TZC_ACTION_ERR);
88 
89 	/* Enable filters. */
90 	tzc400_enable_filters();
91 }
92 
93 void plat_arm_security_setup(void)
94 {
95 	arm_tzc400_setup();
96 }
97