plat/arm: Allow override of default TZC regions
This patch allows the ARM Platforms to specify the TZC regions to be specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c. If the regions are not specified then the default TZC region will be configured by these helpers. This override mechanism allows specifying special regions for TZMP1 usecase. Signed-off-by: Summer Qin <summer.qin@arm.com>
This commit is contained in:
parent
f11916bf1d
commit
23411d2c4a
|
@ -11,6 +11,7 @@
|
||||||
#include <cassert.h>
|
#include <cassert.h>
|
||||||
#include <cpu_data.h>
|
#include <cpu_data.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
#include <tzc_common.h>
|
||||||
#include <utils_def.h>
|
#include <utils_def.h>
|
||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
|
@ -21,6 +22,43 @@ struct meminfo;
|
||||||
struct image_info;
|
struct image_info;
|
||||||
struct bl_params;
|
struct bl_params;
|
||||||
|
|
||||||
|
typedef struct arm_tzc_regions_info {
|
||||||
|
unsigned long long base;
|
||||||
|
unsigned long long end;
|
||||||
|
tzc_region_attributes_t sec_attr;
|
||||||
|
unsigned int nsaid_permissions;
|
||||||
|
} arm_tzc_regions_info_t;
|
||||||
|
|
||||||
|
/*******************************************************************************
|
||||||
|
* Default mapping definition of the TrustZone Controller for ARM standard
|
||||||
|
* platforms.
|
||||||
|
* Configure:
|
||||||
|
* - Region 0 with no access;
|
||||||
|
* - Region 1 with secure access only;
|
||||||
|
* - the remaining DRAM regions access from the given Non-Secure masters.
|
||||||
|
******************************************************************************/
|
||||||
|
#if ENABLE_SPM
|
||||||
|
#define ARM_TZC_REGIONS_DEF \
|
||||||
|
{ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
|
||||||
|
TZC_REGION_S_RDWR, 0}, \
|
||||||
|
{ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
|
||||||
|
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
|
||||||
|
{ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
|
||||||
|
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
|
||||||
|
{ARM_SP_IMAGE_NS_BUF_BASE, (ARM_SP_IMAGE_NS_BUF_BASE + \
|
||||||
|
ARM_SP_IMAGE_NS_BUF_SIZE) - 1, TZC_REGION_S_NONE, \
|
||||||
|
PLAT_ARM_TZC_NS_DEV_ACCESS}
|
||||||
|
|
||||||
|
#else
|
||||||
|
#define ARM_TZC_REGIONS_DEF \
|
||||||
|
{ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
|
||||||
|
TZC_REGION_S_RDWR, 0}, \
|
||||||
|
{ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
|
||||||
|
PLAT_ARM_TZC_NS_DEV_ACCESS}, \
|
||||||
|
{ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
|
||||||
|
PLAT_ARM_TZC_NS_DEV_ACCESS}
|
||||||
|
#endif
|
||||||
|
|
||||||
#define ARM_CASSERT_MMAP \
|
#define ARM_CASSERT_MMAP \
|
||||||
CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \
|
CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \
|
||||||
<= MAX_MMAP_REGIONS, \
|
<= MAX_MMAP_REGIONS, \
|
||||||
|
@ -110,9 +148,10 @@ void arm_setup_page_tables(uintptr_t total_base,
|
||||||
void arm_io_setup(void);
|
void arm_io_setup(void);
|
||||||
|
|
||||||
/* Security utility functions */
|
/* Security utility functions */
|
||||||
void arm_tzc400_setup(void);
|
void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions);
|
||||||
struct tzc_dmc500_driver_data;
|
struct tzc_dmc500_driver_data;
|
||||||
void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data);
|
void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data,
|
||||||
|
const arm_tzc_regions_info_t *tzc_regions);
|
||||||
|
|
||||||
/* Systimer utility function */
|
/* Systimer utility function */
|
||||||
void arm_configure_sys_timer(void);
|
void arm_configure_sys_timer(void);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -22,5 +22,5 @@ void plat_arm_security_setup(void)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
|
if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
|
||||||
arm_tzc400_setup();
|
arm_tzc400_setup(NULL);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -59,7 +59,7 @@ void plat_arm_security_setup(void)
|
||||||
/* Initialize debug configuration */
|
/* Initialize debug configuration */
|
||||||
init_debug_cfg();
|
init_debug_cfg();
|
||||||
/* Initialize the TrustZone Controller */
|
/* Initialize the TrustZone Controller */
|
||||||
arm_tzc400_setup();
|
arm_tzc400_setup(NULL);
|
||||||
/* Do ARM CSS internal NIC setup */
|
/* Do ARM CSS internal NIC setup */
|
||||||
css_init_nic400();
|
css_init_nic400();
|
||||||
/* Do ARM CSS SoC security setup */
|
/* Do ARM CSS SoC security setup */
|
||||||
|
|
|
@ -18,16 +18,20 @@
|
||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
* Initialize the TrustZone Controller for ARM standard platforms.
|
* Initialize the TrustZone Controller for ARM standard platforms.
|
||||||
* Configure:
|
|
||||||
* - Region 0 with no access;
|
|
||||||
* - Region 1 with secure access only;
|
|
||||||
* - the remaining DRAM regions access from the given Non-Secure masters.
|
|
||||||
*
|
|
||||||
* When booting an EL3 payload, this is simplified: we configure region 0 with
|
* When booting an EL3 payload, this is simplified: we configure region 0 with
|
||||||
* secure access only and do not enable any other region.
|
* secure access only and do not enable any other region.
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
void arm_tzc400_setup(void)
|
void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions)
|
||||||
{
|
{
|
||||||
|
#ifndef EL3_PAYLOAD_BASE
|
||||||
|
int region_index = 1;
|
||||||
|
const arm_tzc_regions_info_t *p;
|
||||||
|
const arm_tzc_regions_info_t init_tzc_regions[] = {
|
||||||
|
ARM_TZC_REGIONS_DEF,
|
||||||
|
{0}
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
INFO("Configuring TrustZone Controller\n");
|
INFO("Configuring TrustZone Controller\n");
|
||||||
|
|
||||||
tzc400_init(PLAT_ARM_TZC_BASE);
|
tzc400_init(PLAT_ARM_TZC_BASE);
|
||||||
|
@ -36,42 +40,22 @@ void arm_tzc400_setup(void)
|
||||||
tzc400_disable_filters();
|
tzc400_disable_filters();
|
||||||
|
|
||||||
#ifndef EL3_PAYLOAD_BASE
|
#ifndef EL3_PAYLOAD_BASE
|
||||||
|
if (tzc_regions == NULL)
|
||||||
|
p = init_tzc_regions;
|
||||||
|
else
|
||||||
|
p = tzc_regions;
|
||||||
|
|
||||||
/* Region 0 set to no access by default */
|
/* Region 0 set to no access by default */
|
||||||
tzc400_configure_region0(TZC_REGION_S_NONE, 0);
|
tzc400_configure_region0(TZC_REGION_S_NONE, 0);
|
||||||
|
|
||||||
/* Region 1 set to cover Secure part of DRAM */
|
/* Rest Regions set according to tzc_regions array */
|
||||||
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
|
for (; p->base != 0ULL; p++) {
|
||||||
ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
|
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
|
||||||
TZC_REGION_S_RDWR,
|
p->base, p->end, p->sec_attr, p->nsaid_permissions);
|
||||||
0);
|
region_index++;
|
||||||
|
}
|
||||||
|
|
||||||
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
|
INFO("Total %d regions set.\n", region_index);
|
||||||
* Apply the same configuration to given filters in the TZC. */
|
|
||||||
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
|
|
||||||
ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
|
|
||||||
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
||||||
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
||||||
|
|
||||||
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
|
|
||||||
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
|
|
||||||
ARM_DRAM2_BASE, ARM_DRAM2_END,
|
|
||||||
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
||||||
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
||||||
|
|
||||||
#if ENABLE_SPM
|
|
||||||
/*
|
|
||||||
* Region 4 set to cover Non-Secure access to the communication buffer
|
|
||||||
* shared with the Secure world.
|
|
||||||
*/
|
|
||||||
tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
|
|
||||||
4,
|
|
||||||
ARM_SP_IMAGE_NS_BUF_BASE,
|
|
||||||
(ARM_SP_IMAGE_NS_BUF_BASE +
|
|
||||||
ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
|
|
||||||
TZC_REGION_S_NONE,
|
|
||||||
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#else /* if defined(EL3_PAYLOAD_BASE) */
|
#else /* if defined(EL3_PAYLOAD_BASE) */
|
||||||
|
|
||||||
|
@ -92,5 +76,5 @@ void arm_tzc400_setup(void)
|
||||||
|
|
||||||
void plat_arm_security_setup(void)
|
void plat_arm_security_setup(void)
|
||||||
{
|
{
|
||||||
arm_tzc400_setup();
|
arm_tzc400_setup(NULL);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -12,15 +12,21 @@
|
||||||
|
|
||||||
/*******************************************************************************
|
/*******************************************************************************
|
||||||
* Initialize the DMC500-TrustZone Controller for ARM standard platforms.
|
* Initialize the DMC500-TrustZone Controller for ARM standard platforms.
|
||||||
* Configure both the interfaces on Region 0 with no access, Region 1 with
|
|
||||||
* secure access only, and the remaining DRAM regions access from the
|
|
||||||
* given Non-Secure masters.
|
|
||||||
*
|
|
||||||
* When booting an EL3 payload, this is simplified: we configure region 0 with
|
* When booting an EL3 payload, this is simplified: we configure region 0 with
|
||||||
* secure access only and do not enable any other region.
|
* secure access only and do not enable any other region.
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
|
void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data,
|
||||||
|
const arm_tzc_regions_info_t *tzc_regions)
|
||||||
{
|
{
|
||||||
|
#ifndef EL3_PAYLOAD_BASE
|
||||||
|
int region_index = 1;
|
||||||
|
const arm_tzc_regions_info_t *p;
|
||||||
|
const arm_tzc_regions_info_t init_tzc_regions[] = {
|
||||||
|
ARM_TZC_REGIONS_DEF,
|
||||||
|
{0}
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
assert(plat_driver_data);
|
assert(plat_driver_data);
|
||||||
|
|
||||||
INFO("Configuring DMC-500 TZ Settings\n");
|
INFO("Configuring DMC-500 TZ Settings\n");
|
||||||
|
@ -28,28 +34,23 @@ void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
|
||||||
tzc_dmc500_driver_init(plat_driver_data);
|
tzc_dmc500_driver_init(plat_driver_data);
|
||||||
|
|
||||||
#ifndef EL3_PAYLOAD_BASE
|
#ifndef EL3_PAYLOAD_BASE
|
||||||
|
if (tzc_regions == NULL)
|
||||||
|
p = init_tzc_regions;
|
||||||
|
else
|
||||||
|
p = tzc_regions;
|
||||||
|
|
||||||
/* Region 0 set to no access by default */
|
/* Region 0 set to no access by default */
|
||||||
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
|
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
|
||||||
|
|
||||||
/* Region 1 set to cover Secure part of DRAM */
|
/* Rest Regions set according to tzc_regions array */
|
||||||
tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE,
|
for (; p->base != 0ULL; p++) {
|
||||||
ARM_EL3_TZC_DRAM1_END,
|
tzc_dmc500_configure_region(region_index, p->base, p->end,
|
||||||
TZC_REGION_S_RDWR,
|
p->sec_attr, p->nsaid_permissions);
|
||||||
0);
|
region_index++;
|
||||||
|
}
|
||||||
|
|
||||||
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/
|
INFO("Total %d regions set.\n", region_index);
|
||||||
tzc_dmc500_configure_region(2,
|
|
||||||
ARM_NS_DRAM1_BASE,
|
|
||||||
ARM_NS_DRAM1_END,
|
|
||||||
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
||||||
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
||||||
|
|
||||||
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
|
|
||||||
tzc_dmc500_configure_region(3,
|
|
||||||
ARM_DRAM2_BASE,
|
|
||||||
ARM_DRAM2_END,
|
|
||||||
ARM_TZC_NS_DRAM_S_ACCESS,
|
|
||||||
PLAT_ARM_TZC_NS_DEV_ACCESS);
|
|
||||||
#else
|
#else
|
||||||
/* Allow secure access only to DRAM for EL3 payloads */
|
/* Allow secure access only to DRAM for EL3 payloads */
|
||||||
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
|
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
|
||||||
|
|
Loading…
Reference in New Issue