1 /* 2 * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * Redistributions of source code must retain the above copyright notice, this 8 * list of conditions and the following disclaimer. 9 * 10 * Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * Neither the name of ARM nor the names of its contributors may be used 15 * to endorse or promote products derived from this software without specific 16 * prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <assert.h> 32 #include <debug.h> 33 #include <plat_config.h> 34 #include <tzc400.h> 35 #include "fvp_def.h" 36 #include "fvp_private.h" 37 38 /* Used to improve readability for configuring regions. */ 39 #define FILTER_SHIFT(filter) (1 << filter) 40 41 /* 42 * For the moment we assume that all security programming is done by the 43 * primary core. 44 * TODO: 45 * Might want to enable interrupt on violations when supported? 46 */ 47 void fvp_security_setup(void) 48 { 49 /* 50 * The Base FVP has a TrustZone address space controller, the Foundation 51 * FVP does not. Trying to program the device on the foundation FVP will 52 * cause an abort. 53 * 54 * If the platform had additional peripheral specific security 55 * configurations, those would be configured here. 56 */ 57 58 if (!(get_plat_config()->flags & CONFIG_HAS_TZC)) 59 return; 60 61 /* 62 * The TrustZone controller controls access to main DRAM. Give 63 * full NS access for the moment to use with OS. 64 */ 65 INFO("Configuring TrustZone Controller\n"); 66 67 /* 68 * The driver does some error checking and will assert. 69 * - Provide base address of device on platform. 70 * - Provide width of ACE-Lite IDs on platform. 71 */ 72 tzc_init(TZC400_BASE); 73 74 /* 75 * Currently only filters 0 and 2 are connected on Base FVP. 76 * Filter 0 : CPU clusters (no access to DRAM by default) 77 * Filter 1 : not connected 78 * Filter 2 : LCDs (access to VRAM allowed by default) 79 * Filter 3 : not connected 80 * Programming unconnected filters will have no effect at the 81 * moment. These filter could, however, be connected in future. 82 * So care should be taken not to configure the unused filters. 83 */ 84 85 /* Disable all filters before programming. */ 86 tzc_disable_filters(); 87 88 /* 89 * Allow only non-secure access to all DRAM to supported devices. 90 * Give access to the CPUs and Virtio. Some devices 91 * would normally use the default ID so allow that too. We use 92 * two regions to cover the blocks of physical memory in the FVPs 93 * plus one region to reserve some memory as secure. 94 * 95 * Software executing in the secure state, such as a secure 96 * boot-loader, can access the DRAM by using the NS attributes in 97 * the MMU translation tables and descriptors. 98 */ 99 100 /* Region 1 set to cover the Non-Secure DRAM */ 101 tzc_configure_region(FILTER_SHIFT(0), 1, 102 DRAM1_NS_BASE, DRAM1_NS_END, 103 TZC_REGION_S_NONE, 104 TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | 105 TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) | 106 TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | 107 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) | 108 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD)); 109 110 /* Region 2 set to cover the Secure DRAM */ 111 tzc_configure_region(FILTER_SHIFT(0), 2, 112 DRAM1_SEC_BASE, DRAM1_SEC_END, 113 TZC_REGION_S_RDWR, 114 0x0); 115 116 /* Region 3 set to cover the second block of DRAM */ 117 tzc_configure_region(FILTER_SHIFT(0), 3, 118 DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE, 119 TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | 120 TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) | 121 TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | 122 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) | 123 TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD)); 124 125 /* 126 * TODO: Interrupts are not currently supported. The only 127 * options we have are for access errors to occur quietly or to 128 * cause an exception. We choose to cause an exception. 129 */ 130 tzc_set_action(TZC_ACTION_ERR); 131 132 /* Enable filters. */ 133 tzc_enable_filters(); 134 } 135
