/*******************************************************************************
* Initialize the TrustZone Controller for ARM standard platforms.
* Configure Region 0 with no access, Region 1 with secure access only, and
* the remaining DRAM regions access from the given Non-Secure masters.
******************************************************************************/
void arm_tzc_setup(void)
{
INFO("Configuring TrustZone Controller\n");
tzc_init(ARM_TZC_BASE);
/* Disable filters. */
tzc_disable_filters();
/* Region 0 set to no access by default */
tzc_configure_region0(TZC_REGION_S_NONE, 0);
/* Region 1 set to cover Secure part of DRAM */
tzc_configure_region(PLAT_ARM_TZC_FILTERS, 1,
ARM_AP_TZC_DRAM1_BASE, ARM_AP_TZC_DRAM1_END,
TZC_REGION_S_RDWR,
0);
/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
* Apply the same configuration to given filters in the TZC. */
tzc_configure_region(PLAT_ARM_TZC_FILTERS, 2,
ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
TZC_REGION_S_NONE,
PLAT_ARM_TZC_NS_DEV_ACCESS);
/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
tzc_configure_region(PLAT_ARM_TZC_FILTERS, 3,
ARM_DRAM2_BASE, ARM_DRAM2_END,
TZC_REGION_S_NONE,
PLAT_ARM_TZC_NS_DEV_ACCESS);
/*
* Raise an exception if a NS device tries to access secure memory
* TODO: Add interrupt handling support.
*/
tzc_set_action(TZC_ACTION_ERR);
/* Enable filters. */
tzc_enable_filters();
}
/*
* For the moment we assume that all security programming is done by the
* primary core.
* TODO:
* Might want to enable interrupt on violations when supported?
*/
void plat_security_setup(void)
{
struct tzc_instance controller;
/*
* The Base FVP has a TrustZone address space controller, the Foundation
* FVP does not. Trying to program the device on the foundation FVP will
* cause an abort.
*
* If the platform had additional peripheral specific security
* configurations, those would be configured here.
*/
if (!platform_get_cfgvar(CONFIG_HAS_TZC))
return;
/*
* The TrustZone controller controls access to main DRAM. Give
* full NS access for the moment to use with OS.
*/
INFO("Configuring TrustZone Controller\n");
/*
* The driver does some error checking and will assert.
* - Provide base address of device on platform.
* - Provide width of ACE-Lite IDs on platform.
*/
controller.base = TZC400_BASE;
controller.aid_width = FVP_AID_WIDTH;
tzc_init(&controller);
/*
* Currently only filters 0 and 2 are connected on Base FVP.
* Filter 0 : CPU clusters (no access to DRAM by default)
* Filter 1 : not connected
* Filter 2 : LCDs (access to VRAM allowed by default)
* Filter 3 : not connected
* Programming unconnected filters will have no effect at the
* moment. These filter could, however, be connected in future.
* So care should be taken not to configure the unused filters.
*/
/* Disable all filters before programming. */
tzc_disable_filters(&controller);
/*
* Allow full access to all DRAM to supported devices for the
* moment. Give access to the CPUs and Virtio. Some devices
* would normally use the default ID so allow that too. We use
* three different regions to cover the three separate blocks of
* memory in the FVPs. We allow secure access to DRAM to load NS
* software.
* FIXME: In current models Virtio uses a reserved ID. This is
* not correct and will be fixed.
*/
/* Set to cover 2GB block of DRAM */
tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_RDWR,
TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
/* Set to cover the 30GB block */
tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
0x880000000, 0xFFFFFFFFF, TZC_REGION_S_RDWR,
TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
/* Set to cover 480GB block */
tzc_configure_region(&controller, FILTER_SHIFT(0), 3,
0x8800000000, 0xFFFFFFFFFF, TZC_REGION_S_RDWR,
TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
/*
* TODO: Interrupts are not currently supported. The only
* options we have are for access errors to occur quietly or to
* cause an exception. We choose to cause an exception.
*/
tzc_set_action(&controller, TZC_ACTION_ERR);
/* Enable filters. */
tzc_enable_filters(&controller);
}
/*
* For the moment we assume that all security programming is done by the
* primary core.
* TODO:
* Might want to enable interrupt on violations when supported?
*/
void plat_security_setup(void)
{
tzc_instance_t controller;
/*
* The Base FVP has a TrustZone address space controller, the Foundation
* FVP does not. Trying to program the device on the foundation FVP will
* cause an abort.
*
* If the platform had additional peripheral specific security
* configurations, those would be configured here.
*/
if (!platform_get_cfgvar(CONFIG_HAS_TZC))
return;
/*
* The TrustZone controller controls access to main DRAM. Give
* full NS access for the moment to use with OS.
*/
INFO("Configuring TrustZone Controller\n");
/*
* The driver does some error checking and will assert.
* - Provide base address of device on platform.
* - Provide width of ACE-Lite IDs on platform.
*/
controller.base = TZC400_BASE;
controller.aid_width = FVP_AID_WIDTH;
tzc_init(&controller);
/*
* Currently only filters 0 and 2 are connected on Base FVP.
* Filter 0 : CPU clusters (no access to DRAM by default)
* Filter 1 : not connected
* Filter 2 : LCDs (access to VRAM allowed by default)
* Filter 3 : not connected
* Programming unconnected filters will have no effect at the
* moment. These filter could, however, be connected in future.
* So care should be taken not to configure the unused filters.
*/
/* Disable all filters before programming. */
tzc_disable_filters(&controller);
/*
* Allow only non-secure access to all DRAM to supported devices.
* Give access to the CPUs and Virtio. Some devices
* would normally use the default ID so allow that too. We use
* two regions to cover the blocks of physical memory in the FVPs.
*
* Software executing in the secure state, such as a secure
* boot-loader, can access the DRAM by using the NS attributes in
* the MMU translation tables and descriptors.
*/
/* Set to cover the first block of DRAM */
tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_NONE,
TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
/* Set to cover the second block of DRAM */
tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
0x880000000, 0xFFFFFFFFF, TZC_REGION_S_NONE,
TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
/*
* TODO: Interrupts are not currently supported. The only
* options we have are for access errors to occur quietly or to
* cause an exception. We choose to cause an exception.
*/
tzc_set_action(&controller, TZC_ACTION_ERR);
/* Enable filters. */
tzc_enable_filters(&controller);
}