#include <cassert.h>
#include <cpu_data.h>
#include <stdint.h>
+#include <tzc_common.h>
#include <utils_def.h>
/*******************************************************************************
struct image_info;
struct bl_params;
+typedef struct arm_tzc_regions_info {
+ unsigned long long base;
+ unsigned long long end;
+ tzc_region_attributes_t sec_attr;
+ unsigned int nsaid_permissions;
+} arm_tzc_regions_info_t;
+
+/*******************************************************************************
+ * Default mapping definition of the TrustZone Controller for ARM standard
+ * platforms.
+ * Configure:
+ * - Region 0 with no access;
+ * - Region 1 with secure access only;
+ * - the remaining DRAM regions access from the given Non-Secure masters.
+ ******************************************************************************/
+#if ENABLE_SPM
+#define ARM_TZC_REGIONS_DEF \
+ {ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
+ TZC_REGION_S_RDWR, 0}, \
+ {ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_SP_IMAGE_NS_BUF_BASE, (ARM_SP_IMAGE_NS_BUF_BASE + \
+ ARM_SP_IMAGE_NS_BUF_SIZE) - 1, TZC_REGION_S_NONE, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}
+
+#else
+#define ARM_TZC_REGIONS_DEF \
+ {ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END, \
+ TZC_REGION_S_RDWR, 0}, \
+ {ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}, \
+ {ARM_DRAM2_BASE, ARM_DRAM2_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+ PLAT_ARM_TZC_NS_DEV_ACCESS}
+#endif
+
#define ARM_CASSERT_MMAP \
CASSERT((ARRAY_SIZE(plat_arm_mmap) + ARM_BL_REGIONS) \
<= MAX_MMAP_REGIONS, \
void arm_io_setup(void);
/* Security utility functions */
-void arm_tzc400_setup(void);
+void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions);
struct tzc_dmc500_driver_data;
-void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data);
+void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data,
+ const arm_tzc_regions_info_t *tzc_regions);
/* Systimer utility function */
void arm_configure_sys_timer(void);
/*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
*/
if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
}
/*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* Initialize debug configuration */
init_debug_cfg();
/* Initialize the TrustZone Controller */
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
/* Do ARM CSS internal NIC setup */
css_init_nic400();
/* Do ARM CSS SoC security setup */
/*******************************************************************************
* Initialize the TrustZone Controller for ARM standard platforms.
- * Configure:
- * - Region 0 with no access;
- * - Region 1 with secure access only;
- * - the remaining DRAM regions access from the given Non-Secure masters.
- *
* When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region.
******************************************************************************/
-void arm_tzc400_setup(void)
+void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions)
{
+#ifndef EL3_PAYLOAD_BASE
+ int region_index = 1;
+ const arm_tzc_regions_info_t *p;
+ const arm_tzc_regions_info_t init_tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {0}
+ };
+#endif
+
INFO("Configuring TrustZone Controller\n");
tzc400_init(PLAT_ARM_TZC_BASE);
tzc400_disable_filters();
#ifndef EL3_PAYLOAD_BASE
+ if (tzc_regions == NULL)
+ p = init_tzc_regions;
+ else
+ p = tzc_regions;
/* Region 0 set to no access by default */
tzc400_configure_region0(TZC_REGION_S_NONE, 0);
- /* Region 1 set to cover Secure part of DRAM */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
- ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
- TZC_REGION_S_RDWR,
- 0);
-
- /* Region 2 set to cover Non-Secure access to 1st DRAM address range.
- * Apply the same configuration to given filters in the TZC. */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
- ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-
- /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
- ARM_DRAM2_BASE, ARM_DRAM2_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-
-#if ENABLE_SPM
- /*
- * Region 4 set to cover Non-Secure access to the communication buffer
- * shared with the Secure world.
- */
- tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
- 4,
- ARM_SP_IMAGE_NS_BUF_BASE,
- (ARM_SP_IMAGE_NS_BUF_BASE +
- ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
- TZC_REGION_S_NONE,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
-#endif
+ /* Rest Regions set according to tzc_regions array */
+ for (; p->base != 0ULL; p++) {
+ tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
+ p->base, p->end, p->sec_attr, p->nsaid_permissions);
+ region_index++;
+ }
+
+ INFO("Total %d regions set.\n", region_index);
#else /* if defined(EL3_PAYLOAD_BASE) */
void plat_arm_security_setup(void)
{
- arm_tzc400_setup();
+ arm_tzc400_setup(NULL);
}
/*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*******************************************************************************
* Initialize the DMC500-TrustZone Controller for ARM standard platforms.
- * Configure both the interfaces on Region 0 with no access, Region 1 with
- * secure access only, and the remaining DRAM regions access from the
- * given Non-Secure masters.
- *
* When booting an EL3 payload, this is simplified: we configure region 0 with
* secure access only and do not enable any other region.
******************************************************************************/
-void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
+void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data,
+ const arm_tzc_regions_info_t *tzc_regions)
{
+#ifndef EL3_PAYLOAD_BASE
+ int region_index = 1;
+ const arm_tzc_regions_info_t *p;
+ const arm_tzc_regions_info_t init_tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {0}
+ };
+#endif
+
assert(plat_driver_data);
INFO("Configuring DMC-500 TZ Settings\n");
tzc_dmc500_driver_init(plat_driver_data);
#ifndef EL3_PAYLOAD_BASE
+ if (tzc_regions == NULL)
+ p = init_tzc_regions;
+ else
+ p = tzc_regions;
+
/* Region 0 set to no access by default */
tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
- /* Region 1 set to cover Secure part of DRAM */
- tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE,
- ARM_EL3_TZC_DRAM1_END,
- TZC_REGION_S_RDWR,
- 0);
+ /* Rest Regions set according to tzc_regions array */
+ for (; p->base != 0ULL; p++) {
+ tzc_dmc500_configure_region(region_index, p->base, p->end,
+ p->sec_attr, p->nsaid_permissions);
+ region_index++;
+ }
- /* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/
- tzc_dmc500_configure_region(2,
- ARM_NS_DRAM1_BASE,
- ARM_NS_DRAM1_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
+ INFO("Total %d regions set.\n", region_index);
- /* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
- tzc_dmc500_configure_region(3,
- ARM_DRAM2_BASE,
- ARM_DRAM2_END,
- ARM_TZC_NS_DRAM_S_ACCESS,
- PLAT_ARM_TZC_NS_DEV_ACCESS);
#else
/* Allow secure access only to DRAM for EL3 payloads */
tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);
projects / project / bcm63xx / atf.git / commitdiff