1*54fd6939SJiyong Park /*
2*54fd6939SJiyong Park * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
3*54fd6939SJiyong Park *
4*54fd6939SJiyong Park * SPDX-License-Identifier: BSD-3-Clause
5*54fd6939SJiyong Park */
6*54fd6939SJiyong Park
7*54fd6939SJiyong Park #include <platform_def.h>
8*54fd6939SJiyong Park
9*54fd6939SJiyong Park #include <common/debug.h>
10*54fd6939SJiyong Park #include <drivers/arm/tzc400.h>
11*54fd6939SJiyong Park #include <plat/arm/common/plat_arm.h>
12*54fd6939SJiyong Park
13*54fd6939SJiyong Park /* Weak definitions may be overridden in specific ARM standard platform */
14*54fd6939SJiyong Park #pragma weak plat_arm_security_setup
15*54fd6939SJiyong Park
16*54fd6939SJiyong Park
17*54fd6939SJiyong Park /*******************************************************************************
18*54fd6939SJiyong Park * Initialize the TrustZone Controller for ARM standard platforms.
19*54fd6939SJiyong Park * When booting an EL3 payload, this is simplified: we configure region 0 with
20*54fd6939SJiyong Park * secure access only and do not enable any other region.
21*54fd6939SJiyong Park ******************************************************************************/
arm_tzc400_setup(uintptr_t tzc_base,const arm_tzc_regions_info_t * tzc_regions)22*54fd6939SJiyong Park void arm_tzc400_setup(uintptr_t tzc_base,
23*54fd6939SJiyong Park const arm_tzc_regions_info_t *tzc_regions)
24*54fd6939SJiyong Park {
25*54fd6939SJiyong Park #ifndef EL3_PAYLOAD_BASE
26*54fd6939SJiyong Park unsigned int region_index = 1U;
27*54fd6939SJiyong Park const arm_tzc_regions_info_t *p;
28*54fd6939SJiyong Park const arm_tzc_regions_info_t init_tzc_regions[] = {
29*54fd6939SJiyong Park ARM_TZC_REGIONS_DEF,
30*54fd6939SJiyong Park {0}
31*54fd6939SJiyong Park };
32*54fd6939SJiyong Park #endif
33*54fd6939SJiyong Park
34*54fd6939SJiyong Park INFO("Configuring TrustZone Controller\n");
35*54fd6939SJiyong Park
36*54fd6939SJiyong Park tzc400_init(tzc_base);
37*54fd6939SJiyong Park
38*54fd6939SJiyong Park /* Disable filters. */
39*54fd6939SJiyong Park tzc400_disable_filters();
40*54fd6939SJiyong Park
41*54fd6939SJiyong Park #ifndef EL3_PAYLOAD_BASE
42*54fd6939SJiyong Park if (tzc_regions == NULL)
43*54fd6939SJiyong Park p = init_tzc_regions;
44*54fd6939SJiyong Park else
45*54fd6939SJiyong Park p = tzc_regions;
46*54fd6939SJiyong Park
47*54fd6939SJiyong Park /* Region 0 set to no access by default */
48*54fd6939SJiyong Park tzc400_configure_region0(TZC_REGION_S_NONE, 0);
49*54fd6939SJiyong Park
50*54fd6939SJiyong Park /* Rest Regions set according to tzc_regions array */
51*54fd6939SJiyong Park for (; p->base != 0ULL; p++) {
52*54fd6939SJiyong Park tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
53*54fd6939SJiyong Park p->base, p->end, p->sec_attr, p->nsaid_permissions);
54*54fd6939SJiyong Park region_index++;
55*54fd6939SJiyong Park }
56*54fd6939SJiyong Park
57*54fd6939SJiyong Park INFO("Total %u regions set.\n", region_index);
58*54fd6939SJiyong Park
59*54fd6939SJiyong Park #else /* if defined(EL3_PAYLOAD_BASE) */
60*54fd6939SJiyong Park
61*54fd6939SJiyong Park /* Allow Secure and Non-secure access to DRAM for EL3 payloads */
62*54fd6939SJiyong Park tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);
63*54fd6939SJiyong Park
64*54fd6939SJiyong Park #endif /* EL3_PAYLOAD_BASE */
65*54fd6939SJiyong Park
66*54fd6939SJiyong Park /*
67*54fd6939SJiyong Park * Raise an exception if a NS device tries to access secure memory
68*54fd6939SJiyong Park * TODO: Add interrupt handling support.
69*54fd6939SJiyong Park */
70*54fd6939SJiyong Park tzc400_set_action(TZC_ACTION_ERR);
71*54fd6939SJiyong Park
72*54fd6939SJiyong Park /* Enable filters. */
73*54fd6939SJiyong Park tzc400_enable_filters();
74*54fd6939SJiyong Park }
75*54fd6939SJiyong Park
plat_arm_security_setup(void)76*54fd6939SJiyong Park void plat_arm_security_setup(void)
77*54fd6939SJiyong Park {
78*54fd6939SJiyong Park arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL);
79*54fd6939SJiyong Park }
80