Home | History | Annotate | Download | only in common 
      1 /*
      2  * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
      3  *
      4  * SPDX-License-Identifier: BSD-3-Clause
      5  */
      6 
      7 #include <arm_def.h>
      8 #include <debug.h>
      9 #include <platform_def.h>
     10 #include <tzc400.h>
     11 
     12 
     13 /* Weak definitions may be overridden in specific ARM standard platform */
     14 #pragma weak plat_arm_security_setup
     15 
     16 
     17 /*******************************************************************************
     18  * Initialize the TrustZone Controller for ARM standard platforms.
     19  * Configure:
     20  *   - Region 0 with no access;
     21  *   - Region 1 with secure access only;
     22  *   - the remaining DRAM regions access from the given Non-Secure masters.
     23  *
     24  * When booting an EL3 payload, this is simplified: we configure region 0 with
     25  * secure access only and do not enable any other region.
     26  ******************************************************************************/
     27 void arm_tzc400_setup(void)
     28 {
     29 	INFO("Configuring TrustZone Controller\n");
     30 
     31 	tzc400_init(PLAT_ARM_TZC_BASE);
     32 
     33 	/* Disable filters. */
     34 	tzc400_disable_filters();
     35 
     36 #ifndef EL3_PAYLOAD_BASE
     37 
     38 	/* Region 0 set to no access by default */
     39 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
     40 
     41 	/* Region 1 set to cover Secure part of DRAM */
     42 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
     43 			ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
     44 			TZC_REGION_S_RDWR,
     45 			0);
     46 
     47 	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
     48 	 * Apply the same configuration to given filters in the TZC. */
     49 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
     50 			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
     51 			ARM_TZC_NS_DRAM_S_ACCESS,
     52 			PLAT_ARM_TZC_NS_DEV_ACCESS);
     53 
     54 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
     55 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
     56 			ARM_DRAM2_BASE, ARM_DRAM2_END,
     57 			ARM_TZC_NS_DRAM_S_ACCESS,
     58 			PLAT_ARM_TZC_NS_DEV_ACCESS);
     59 #else
     60 	/* Allow secure access only to DRAM for EL3 payloads. */
     61 	tzc400_configure_region0(TZC_REGION_S_RDWR, 0);
     62 #endif /* EL3_PAYLOAD_BASE */
     63 
     64 	/*
     65 	 * Raise an exception if a NS device tries to access secure memory
     66 	 * TODO: Add interrupt handling support.
     67 	 */
     68 	tzc400_set_action(TZC_ACTION_ERR);
     69 
     70 	/* Enable filters. */
     71 	tzc400_enable_filters();
     72 }
     73 
     74 void plat_arm_security_setup(void)
     75 {
     76 	arm_tzc400_setup();
     77 }
     78