1 /*
2  * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <assert.h>
32 #include <debug.h>
33 #include <plat_config.h>
34 #include <tzc400.h>
35 #include "fvp_def.h"
36 #include "fvp_private.h"
37 
38 /* Used to improve readability for configuring regions. */
39 #define FILTER_SHIFT(filter)	(1 << filter)
40 
41 /*
42  * For the moment we assume that all security programming is done by the
43  * primary core.
44  * TODO:
45  * Might want to enable interrupt on violations when supported?
46  */
fvp_security_setup(void)47 void fvp_security_setup(void)
48 {
49 	/*
50 	 * The Base FVP has a TrustZone address space controller, the Foundation
51 	 * FVP does not. Trying to program the device on the foundation FVP will
52 	 * cause an abort.
53 	 *
54 	 * If the platform had additional peripheral specific security
55 	 * configurations, those would be configured here.
56 	 */
57 
58 	if (!(get_plat_config()->flags & CONFIG_HAS_TZC))
59 		return;
60 
61 	/*
62 	 * The TrustZone controller controls access to main DRAM. Give
63 	 * full NS access for the moment to use with OS.
64 	 */
65 	INFO("Configuring TrustZone Controller\n");
66 
67 	/*
68 	 * The driver does some error checking and will assert.
69 	 * - Provide base address of device on platform.
70 	 * - Provide width of ACE-Lite IDs on platform.
71 	 */
72 	tzc_init(TZC400_BASE);
73 
74 	/*
75 	 * Currently only filters 0 and 2 are connected on Base FVP.
76 	 * Filter 0 : CPU clusters (no access to DRAM by default)
77 	 * Filter 1 : not connected
78 	 * Filter 2 : LCDs (access to VRAM allowed by default)
79 	 * Filter 3 : not connected
80 	 * Programming unconnected filters will have no effect at the
81 	 * moment. These filter could, however, be connected in future.
82 	 * So care should be taken not to configure the unused filters.
83 	 */
84 
85 	/* Disable all filters before programming. */
86 	tzc_disable_filters();
87 
88 	/*
89 	 * Allow only non-secure access to all DRAM to supported devices.
90 	 * Give access to the CPUs and Virtio. Some devices
91 	 * would normally use the default ID so allow that too. We use
92 	 * two regions to cover the blocks of physical memory in the FVPs
93 	 * plus one region to reserve some memory as secure.
94 	 *
95 	 * Software executing in the secure state, such as a secure
96 	 * boot-loader, can access the DRAM by using the NS attributes in
97 	 * the MMU translation tables and descriptors.
98 	 */
99 
100 	/* Region 1 set to cover the Non-Secure DRAM */
101 	tzc_configure_region(FILTER_SHIFT(0), 1,
102 			DRAM1_NS_BASE, DRAM1_NS_END,
103 			TZC_REGION_S_NONE,
104 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
105 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
106 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
107 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
108 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
109 
110 	/* Region 2 set to cover the Secure DRAM */
111 	tzc_configure_region(FILTER_SHIFT(0), 2,
112 			DRAM1_SEC_BASE, DRAM1_SEC_END,
113 			TZC_REGION_S_RDWR,
114 			0x0);
115 
116 	/* Region 3 set to cover the second block of DRAM */
117 	tzc_configure_region(FILTER_SHIFT(0), 3,
118 			DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
119 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
120 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
121 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
122 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
123 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
124 
125 	/*
126 	 * TODO: Interrupts are not currently supported. The only
127 	 * options we have are for access errors to occur quietly or to
128 	 * cause an exception. We choose to cause an exception.
129 	 */
130 	tzc_set_action(TZC_ACTION_ERR);
131 
132 	/* Enable filters. */
133 	tzc_enable_filters();
134 }
135