xref: /rk3399_ARM-atf/plat/arm/common/arm_tzc400.c (revision 82cb2c1ad9897473743f08437d0a3995bed561b9) 
1 /*
2  * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <arm_def.h>
8 #include <debug.h>
9 #include <platform_def.h>
10 #include <tzc400.h>
11 
12 
13 /* Weak definitions may be overridden in specific ARM standard platform */
14 #pragma weak plat_arm_security_setup
15 
16 
17 /*******************************************************************************
18  * Initialize the TrustZone Controller for ARM standard platforms.
19  * Configure:
20  *   - Region 0 with no access;
21  *   - Region 1 with secure access only;
22  *   - the remaining DRAM regions access from the given Non-Secure masters.
23  *
24  * When booting an EL3 payload, this is simplified: we configure region 0 with
25  * secure access only and do not enable any other region.
26  ******************************************************************************/
27 void arm_tzc400_setup(void)
28 {
29 	INFO("Configuring TrustZone Controller\n");
30 
31 	tzc400_init(PLAT_ARM_TZC_BASE);
32 
33 	/* Disable filters. */
34 	tzc400_disable_filters();
35 
36 #ifndef EL3_PAYLOAD_BASE
37 	/* Region 0 set to no access by default */
38 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
39 
40 	/* Region 1 set to cover Secure part of DRAM */
41 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
42 			ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END,
43 			TZC_REGION_S_RDWR,
44 			0);
45 
46 	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
47 	 * Apply the same configuration to given filters in the TZC. */
48 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
49 			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
50 			TZC_REGION_S_NONE,
51 			PLAT_ARM_TZC_NS_DEV_ACCESS);
52 
53 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
54 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
55 			ARM_DRAM2_BASE, ARM_DRAM2_END,
56 			TZC_REGION_S_NONE,
57 			PLAT_ARM_TZC_NS_DEV_ACCESS);
58 #else
59 	/* Allow secure access only to DRAM for EL3 payloads. */
60 	tzc400_configure_region0(TZC_REGION_S_RDWR, 0);
61 #endif /* EL3_PAYLOAD_BASE */
62 
63 	/*
64 	 * Raise an exception if a NS device tries to access secure memory
65 	 * TODO: Add interrupt handling support.
66 	 */
67 	tzc400_set_action(TZC_ACTION_ERR);
68 
69 	/* Enable filters. */
70 	tzc400_enable_filters();
71 }
72 
73 void plat_arm_security_setup(void)
74 {
75 	arm_tzc400_setup();
76 }
77