1 /* 2 * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <platform_def.h> 8 9 #include <common/debug.h> 10 #include <drivers/arm/tzc400.h> 11 #include <plat/arm/common/plat_arm.h> 12 13 /* Weak definitions may be overridden in specific ARM standard platform */ 14 #pragma weak plat_arm_security_setup 15 16 17 /******************************************************************************* 18 * Initialize the TrustZone Controller for ARM standard platforms. 19 * When booting an EL3 payload, this is simplified: we configure region 0 with 20 * secure access only and do not enable any other region. 21 ******************************************************************************/ 22 void arm_tzc400_setup(uintptr_t tzc_base, 23 const arm_tzc_regions_info_t *tzc_regions) 24 { 25 #ifndef EL3_PAYLOAD_BASE 26 unsigned int region_index = 1U; 27 const arm_tzc_regions_info_t *p; 28 const arm_tzc_regions_info_t init_tzc_regions[] = { 29 ARM_TZC_REGIONS_DEF, 30 {0} 31 }; 32 #endif 33 34 INFO("Configuring TrustZone Controller\n"); 35 36 tzc400_init(tzc_base); 37 38 /* Disable filters. */ 39 tzc400_disable_filters(); 40 41 #ifndef EL3_PAYLOAD_BASE 42 if (tzc_regions == NULL) 43 p = init_tzc_regions; 44 else 45 p = tzc_regions; 46 47 /* Region 0 set to no access by default */ 48 tzc400_configure_region0(TZC_REGION_S_NONE, 0); 49 50 /* Rest Regions set according to tzc_regions array */ 51 for (; p->base != 0ULL; p++) { 52 tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index, 53 p->base, p->end, p->sec_attr, p->nsaid_permissions); 54 region_index++; 55 } 56 57 INFO("Total %u regions set.\n", region_index); 58 59 #else /* if defined(EL3_PAYLOAD_BASE) */ 60 61 /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ 62 tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); 63 64 #endif /* EL3_PAYLOAD_BASE */ 65 66 /* 67 * Raise an exception if a NS device tries to access secure memory 68 * TODO: Add interrupt handling support. 69 */ 70 tzc400_set_action(TZC_ACTION_ERR); 71 72 /* Enable filters. */ 73 tzc400_enable_filters(); 74 } 75 76 void plat_arm_security_setup(void) 77 { 78 arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL); 79 } 80