1 /* 2 * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <debug.h> 9 #include <mmio.h> 10 #include <tzc_dmc500.h> 11 #include "tzc_common.h" 12 #include "tzc_common_private.h" 13 14 /* 15 * Macros which will be used by common core functions. 16 */ 17 #define TZC_DMC500_REGION_BASE_LOW_0_OFFSET 0x054 18 #define TZC_DMC500_REGION_BASE_HIGH_0_OFFSET 0x058 19 #define TZC_DMC500_REGION_TOP_LOW_0_OFFSET 0x05C 20 #define TZC_DMC500_REGION_TOP_HIGH_0_OFFSET 0x060 21 #define TZC_DMC500_REGION_ATTR_0_OFFSET 0x064 22 #define TZC_DMC500_REGION_ID_ACCESS_0_OFFSET 0x068 23 24 #define TZC_DMC500_ACTION_OFF 0x50 25 26 /* Pointer to the tzc_dmc500_driver_data structure populated by the platform */ 27 static const tzc_dmc500_driver_data_t *g_driver_data; 28 29 #define verify_region_attr(region, attr) \ 30 ((g_conf_regions[(region)].sec_attr == \ 31 ((attr) >> TZC_REGION_ATTR_SEC_SHIFT)) \ 32 && ((attr) & (0x1 << TZC_REGION_ATTR_F_EN_SHIFT))) 33 34 /* 35 * Structure for configured regions attributes in DMC500. 36 */ 37 typedef struct tzc_dmc500_regions { 38 tzc_region_attributes_t sec_attr; 39 int is_enabled; 40 } tzc_dmc500_regions_t; 41 42 /* 43 * Array storing the attributes of the configured regions. This array 44 * will be used by the `tzc_dmc500_verify_complete` to verify the flush 45 * completion. 46 */ 47 static tzc_dmc500_regions_t g_conf_regions[MAX_REGION_VAL + 1]; 48 49 /* Helper Macros for making the code readable */ 50 #define DMC_INST_BASE_ADDR(instance) (g_driver_data->dmc_base[instance]) 51 #define DMC_INST_SI_BASE(instance, interface) \ 52 (DMC_INST_BASE_ADDR(instance) + IFACE_OFFSET(interface)) 53 54 DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500, DMC500) 55 DEFINE_TZC_COMMON_WRITE_REGION_BASE(_dmc500, DMC500) 56 DEFINE_TZC_COMMON_WRITE_REGION_TOP(_dmc500, DMC500) 57 DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(_dmc500, DMC500) 58 DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(_dmc500, DMC500) 59 60 DEFINE_TZC_COMMON_CONFIGURE_REGION0(_dmc500) 61 DEFINE_TZC_COMMON_CONFIGURE_REGION(_dmc500) 62 63 static inline unsigned int _tzc_dmc500_read_region_attr_0( 64 uintptr_t dmc_si_base, 65 int region_no) 66 { 67 return mmio_read_32(dmc_si_base + 68 TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) + 69 TZC_DMC500_REGION_ATTR_0_OFFSET); 70 } 71 72 static inline void _tzc_dmc500_write_flush_control(uintptr_t dmc_si_base) 73 { 74 mmio_write_32(dmc_si_base + SI_FLUSH_CTRL_OFFSET, 1); 75 } 76 77 /* 78 * Sets the Flush controls for all the DMC Instances and System Interfaces. 79 * This initiates the flush of configuration settings from the shadow 80 * registers to the actual configuration register. The caller should poll 81 * changed register to confirm update. 82 */ 83 void tzc_dmc500_config_complete(void) 84 { 85 int dmc_inst, sys_if; 86 87 assert(g_driver_data); 88 89 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) { 90 assert(DMC_INST_BASE_ADDR(dmc_inst)); 91 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++) 92 _tzc_dmc500_write_flush_control( 93 DMC_INST_SI_BASE(dmc_inst, sys_if)); 94 } 95 } 96 97 /* 98 * This function reads back the secure attributes from the configuration 99 * register for each DMC Instance and System Interface and compares it with 100 * the configured value. The successful verification of the region attributes 101 * confirms that the flush operation has completed. 102 * If the verification fails, the caller is expected to invoke this API again 103 * till it succeeds. 104 * Returns 0 on success and 1 on failure. 105 */ 106 int tzc_dmc500_verify_complete(void) 107 { 108 int dmc_inst, sys_if, region_no; 109 unsigned int attr; 110 111 assert(g_driver_data); 112 /* Region 0 must be configured */ 113 assert(g_conf_regions[0].is_enabled); 114 115 /* Iterate over all configured regions */ 116 for (region_no = 0; region_no <= MAX_REGION_VAL; region_no++) { 117 if (!g_conf_regions[region_no].is_enabled) 118 continue; 119 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; 120 dmc_inst++) { 121 assert(DMC_INST_BASE_ADDR(dmc_inst)); 122 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; 123 sys_if++) { 124 attr = _tzc_dmc500_read_region_attr_0( 125 DMC_INST_SI_BASE(dmc_inst, sys_if), 126 region_no); 127 VERBOSE("Verifying DMC500 region:%d" 128 " dmc_inst:%d sys_if:%d attr:%x\n", 129 region_no, dmc_inst, sys_if, attr); 130 if (!verify_region_attr(region_no, attr)) 131 return 1; 132 } 133 } 134 } 135 136 return 0; 137 } 138 139 /* 140 * `tzc_dmc500_configure_region0` is used to program region 0 in both the 141 * system interfaces of all the DMC-500 instances. Region 0 covers the whole 142 * address space that is not mapped to any other region for a system interface, 143 * and is always enabled; this cannot be changed. This function only changes 144 * the access permissions. 145 */ 146 void tzc_dmc500_configure_region0(tzc_region_attributes_t sec_attr, 147 unsigned int nsaid_permissions) 148 { 149 int dmc_inst, sys_if; 150 151 /* Assert if DMC-500 is not initialized */ 152 assert(g_driver_data); 153 154 /* Configure region_0 in all DMC instances */ 155 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) { 156 assert(DMC_INST_BASE_ADDR(dmc_inst)); 157 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++) 158 _tzc_dmc500_configure_region0( 159 DMC_INST_SI_BASE(dmc_inst, sys_if), 160 sec_attr, nsaid_permissions); 161 } 162 163 g_conf_regions[0].sec_attr = sec_attr; 164 g_conf_regions[0].is_enabled = 1; 165 } 166 167 /* 168 * `tzc_dmc500_configure_region` is used to program a region into all system 169 * interfaces of all the DMC instances. 170 * NOTE: 171 * Region 0 is special; it is preferable to use tzc_dmc500_configure_region0 172 * for this region (see comment for that function). 173 */ 174 void tzc_dmc500_configure_region(int region_no, 175 unsigned long long region_base, 176 unsigned long long region_top, 177 tzc_region_attributes_t sec_attr, 178 unsigned int nsaid_permissions) 179 { 180 int dmc_inst, sys_if; 181 182 assert(g_driver_data); 183 /* Do range checks on regions. */ 184 assert(region_no >= 0 && region_no <= MAX_REGION_VAL); 185 186 /* 187 * Do address range check based on DMC-TZ configuration. A 43bit address 188 * is the max and expected case. 189 */ 190 assert(((region_top <= _tzc_get_max_top_addr(43)) && 191 (region_base < region_top))); 192 193 /* region_base and (region_top + 1) must be 4KB aligned */ 194 assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0); 195 196 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) { 197 assert(DMC_INST_BASE_ADDR(dmc_inst)); 198 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++) 199 _tzc_dmc500_configure_region( 200 DMC_INST_SI_BASE(dmc_inst, sys_if), 201 TZC_DMC500_REGION_ATTR_F_EN_MASK, 202 region_no, region_base, region_top, 203 sec_attr, nsaid_permissions); 204 } 205 206 g_conf_regions[region_no].sec_attr = sec_attr; 207 g_conf_regions[region_no].is_enabled = 1; 208 } 209 210 /* Sets the action value for all the DMC instances */ 211 void tzc_dmc500_set_action(tzc_action_t action) 212 { 213 int dmc_inst; 214 215 assert(g_driver_data); 216 217 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) { 218 assert(DMC_INST_BASE_ADDR(dmc_inst)); 219 /* 220 * - Currently no handler is provided to trap an error via 221 * interrupt or exception. 222 * - The interrupt action has not been tested. 223 */ 224 _tzc_dmc500_write_action(DMC_INST_BASE_ADDR(dmc_inst), action); 225 } 226 } 227 228 /* 229 * A DMC-500 instance must be present at each base address provided by the 230 * platform. It also expects platform to pass at least one instance of 231 * DMC-500. 232 */ 233 static void validate_plat_driver_data( 234 const tzc_dmc500_driver_data_t *plat_driver_data) 235 { 236 #if ENABLE_ASSERTIONS 237 int i; 238 unsigned int dmc_id; 239 uintptr_t dmc_base; 240 241 assert(plat_driver_data); 242 assert(plat_driver_data->dmc_count > 0 && 243 (plat_driver_data->dmc_count <= MAX_DMC_COUNT)); 244 245 for (i = 0; i < plat_driver_data->dmc_count; i++) { 246 dmc_base = plat_driver_data->dmc_base[i]; 247 assert(dmc_base); 248 249 dmc_id = _tzc_read_peripheral_id(dmc_base); 250 assert(dmc_id == DMC500_PERIPHERAL_ID); 251 } 252 #endif /* ENABLE_ASSERTIONS */ 253 } 254 255 256 /* 257 * Initializes the base address and count of DMC instances. 258 * 259 * Note : Only pointer to plat_driver_data is saved, so it is caller's 260 * responsibility to keep it valid until the driver is used. 261 */ 262 void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data) 263 { 264 /* Check valid pointer is passed */ 265 assert(plat_driver_data); 266 267 /* 268 * NOTE: This driver expects the DMC-500 controller is already in 269 * READY state. Hence, it uses the reconfiguration method for 270 * programming TrustZone regions 271 */ 272 /* Validates the information passed by platform */ 273 validate_plat_driver_data(plat_driver_data); 274 g_driver_data = plat_driver_data; 275 } 276
