1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #include <platform_def.h> 8*91f16700Schasinglulu 9*91f16700Schasinglulu #include <common/debug.h> 10*91f16700Schasinglulu #include <drivers/arm/tzc400.h> 11*91f16700Schasinglulu #include <plat/arm/common/plat_arm.h> 12*91f16700Schasinglulu 13*91f16700Schasinglulu /* Weak definitions may be overridden in specific ARM standard platform */ 14*91f16700Schasinglulu #pragma weak plat_arm_security_setup 15*91f16700Schasinglulu 16*91f16700Schasinglulu 17*91f16700Schasinglulu /******************************************************************************* 18*91f16700Schasinglulu * Initialize the TrustZone Controller for ARM standard platforms. 19*91f16700Schasinglulu * When booting an EL3 payload, this is simplified: we configure region 0 with 20*91f16700Schasinglulu * secure access only and do not enable any other region. 21*91f16700Schasinglulu ******************************************************************************/ 22*91f16700Schasinglulu void arm_tzc400_setup(uintptr_t tzc_base, 23*91f16700Schasinglulu const arm_tzc_regions_info_t *tzc_regions) 24*91f16700Schasinglulu { 25*91f16700Schasinglulu #ifndef EL3_PAYLOAD_BASE 26*91f16700Schasinglulu unsigned int region_index = 1U; 27*91f16700Schasinglulu const arm_tzc_regions_info_t *p; 28*91f16700Schasinglulu const arm_tzc_regions_info_t init_tzc_regions[] = { 29*91f16700Schasinglulu ARM_TZC_REGIONS_DEF, 30*91f16700Schasinglulu {0} 31*91f16700Schasinglulu }; 32*91f16700Schasinglulu #endif 33*91f16700Schasinglulu 34*91f16700Schasinglulu INFO("Configuring TrustZone Controller\n"); 35*91f16700Schasinglulu 36*91f16700Schasinglulu tzc400_init(tzc_base); 37*91f16700Schasinglulu 38*91f16700Schasinglulu /* Disable filters. */ 39*91f16700Schasinglulu tzc400_disable_filters(); 40*91f16700Schasinglulu 41*91f16700Schasinglulu #ifndef EL3_PAYLOAD_BASE 42*91f16700Schasinglulu if (tzc_regions == NULL) 43*91f16700Schasinglulu p = init_tzc_regions; 44*91f16700Schasinglulu else 45*91f16700Schasinglulu p = tzc_regions; 46*91f16700Schasinglulu 47*91f16700Schasinglulu /* Region 0 set to no access by default */ 48*91f16700Schasinglulu tzc400_configure_region0(TZC_REGION_S_NONE, 0); 49*91f16700Schasinglulu 50*91f16700Schasinglulu /* Rest Regions set according to tzc_regions array */ 51*91f16700Schasinglulu for (; p->base != 0ULL; p++) { 52*91f16700Schasinglulu tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index, 53*91f16700Schasinglulu p->base, p->end, p->sec_attr, p->nsaid_permissions); 54*91f16700Schasinglulu region_index++; 55*91f16700Schasinglulu } 56*91f16700Schasinglulu 57*91f16700Schasinglulu INFO("Total %u regions set.\n", region_index); 58*91f16700Schasinglulu 59*91f16700Schasinglulu #else /* if defined(EL3_PAYLOAD_BASE) */ 60*91f16700Schasinglulu 61*91f16700Schasinglulu /* Allow Secure and Non-secure access to DRAM for EL3 payloads */ 62*91f16700Schasinglulu tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS); 63*91f16700Schasinglulu 64*91f16700Schasinglulu #endif /* EL3_PAYLOAD_BASE */ 65*91f16700Schasinglulu 66*91f16700Schasinglulu /* 67*91f16700Schasinglulu * Raise an exception if a NS device tries to access secure memory 68*91f16700Schasinglulu * TODO: Add interrupt handling support. 69*91f16700Schasinglulu */ 70*91f16700Schasinglulu tzc400_set_action(TZC_ACTION_ERR); 71*91f16700Schasinglulu 72*91f16700Schasinglulu /* Enable filters. */ 73*91f16700Schasinglulu tzc400_enable_filters(); 74*91f16700Schasinglulu } 75*91f16700Schasinglulu 76*91f16700Schasinglulu void plat_arm_security_setup(void) 77*91f16700Schasinglulu { 78*91f16700Schasinglulu arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL); 79*91f16700Schasinglulu } 80