xref: /rk3399_ARM-atf/plat/arm/common/arm_tzc400.c (revision 7593252cee8745bbf1b05deb2f4a5f742d36c412) 
1 /*
2  * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <arm_def.h>
8 #include <arm_spm_def.h>
9 #include <debug.h>
10 #include <platform_def.h>
11 #include <tzc400.h>
12 
13 
14 /* Weak definitions may be overridden in specific ARM standard platform */
15 #pragma weak plat_arm_security_setup
16 
17 
18 /*******************************************************************************
19  * Initialize the TrustZone Controller for ARM standard platforms.
20  * Configure:
21  *   - Region 0 with no access;
22  *   - Region 1 with secure access only;
23  *   - the remaining DRAM regions access from the given Non-Secure masters.
24  *
25  * When booting an EL3 payload, this is simplified: we configure region 0 with
26  * secure access only and do not enable any other region.
27  ******************************************************************************/
28 void arm_tzc400_setup(void)
29 {
30 	INFO("Configuring TrustZone Controller\n");
31 
32 	tzc400_init(PLAT_ARM_TZC_BASE);
33 
34 	/* Disable filters. */
35 	tzc400_disable_filters();
36 
37 #ifndef EL3_PAYLOAD_BASE
38 
39 	/* Region 0 set to no access by default */
40 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
41 
42 	/* Region 1 set to cover Secure part of DRAM */
43 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
44 			ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
45 			TZC_REGION_S_RDWR,
46 			0);
47 
48 	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
49 	 * Apply the same configuration to given filters in the TZC. */
50 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
51 			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
52 			ARM_TZC_NS_DRAM_S_ACCESS,
53 			PLAT_ARM_TZC_NS_DEV_ACCESS);
54 
55 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
56 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
57 			ARM_DRAM2_BASE, ARM_DRAM2_END,
58 			ARM_TZC_NS_DRAM_S_ACCESS,
59 			PLAT_ARM_TZC_NS_DEV_ACCESS);
60 
61 #if ENABLE_SPM
62 	/*
63 	 * Region 4 set to cover Non-Secure access to the communication buffer
64 	 * shared with the Secure world.
65 	 */
66 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
67 				4,
68 				ARM_SP_IMAGE_NS_BUF_BASE,
69 				(ARM_SP_IMAGE_NS_BUF_BASE +
70 				 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
71 				TZC_REGION_S_NONE,
72 				PLAT_ARM_TZC_NS_DEV_ACCESS);
73 #endif
74 
75 #else /* if defined(EL3_PAYLOAD_BASE) */
76 
77 	/* Allow Secure and Non-secure access to DRAM for EL3 payloads */
78 	tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);
79 
80 #endif /* EL3_PAYLOAD_BASE */
81 
82 	/*
83 	 * Raise an exception if a NS device tries to access secure memory
84 	 * TODO: Add interrupt handling support.
85 	 */
86 	tzc400_set_action(TZC_ACTION_ERR);
87 
88 	/* Enable filters. */
89 	tzc400_enable_filters();
90 }
91 
92 void plat_arm_security_setup(void)
93 {
94 	arm_tzc400_setup();
95 }
96