summaryrefslogtreecommitdiffstats
path: root/plat/arm/common/arm_tzc400.c
diff options
context:
space:
mode:
Diffstat (limited to 'plat/arm/common/arm_tzc400.c')
-rw-r--r--plat/arm/common/arm_tzc400.c79
1 files changed, 79 insertions, 0 deletions
diff --git a/plat/arm/common/arm_tzc400.c b/plat/arm/common/arm_tzc400.c
new file mode 100644
index 0000000..370ef0a
--- /dev/null
+++ b/plat/arm/common/arm_tzc400.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <platform_def.h>
+
+#include <common/debug.h>
+#include <drivers/arm/tzc400.h>
+#include <plat/arm/common/plat_arm.h>
+
+/* Weak definitions may be overridden in specific ARM standard platform */
+#pragma weak plat_arm_security_setup
+
+
+/*******************************************************************************
+ * Initialize the TrustZone Controller for ARM standard platforms.
+ * When booting an EL3 payload, this is simplified: we configure region 0 with
+ * secure access only and do not enable any other region.
+ ******************************************************************************/
+void arm_tzc400_setup(uintptr_t tzc_base,
+ const arm_tzc_regions_info_t *tzc_regions)
+{
+#ifndef EL3_PAYLOAD_BASE
+ unsigned int region_index = 1U;
+ const arm_tzc_regions_info_t *p;
+ const arm_tzc_regions_info_t init_tzc_regions[] = {
+ ARM_TZC_REGIONS_DEF,
+ {0}
+ };
+#endif
+
+ INFO("Configuring TrustZone Controller\n");
+
+ tzc400_init(tzc_base);
+
+ /* Disable filters. */
+ tzc400_disable_filters();
+
+#ifndef EL3_PAYLOAD_BASE
+ if (tzc_regions == NULL)
+ p = init_tzc_regions;
+ else
+ p = tzc_regions;
+
+ /* Region 0 set to no access by default */
+ tzc400_configure_region0(TZC_REGION_S_NONE, 0);
+
+ /* Rest Regions set according to tzc_regions array */
+ for (; p->base != 0ULL; p++) {
+ tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
+ p->base, p->end, p->sec_attr, p->nsaid_permissions);
+ region_index++;
+ }
+
+ INFO("Total %u regions set.\n", region_index);
+
+#else /* if defined(EL3_PAYLOAD_BASE) */
+
+ /* Allow Secure and Non-secure access to DRAM for EL3 payloads */
+ tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);
+
+#endif /* EL3_PAYLOAD_BASE */
+
+ /*
+ * Raise an exception if a NS device tries to access secure memory
+ * TODO: Add interrupt handling support.
+ */
+ tzc400_set_action(TZC_ACTION_ERR);
+
+ /* Enable filters. */
+ tzc400_enable_filters();
+}
+
+void plat_arm_security_setup(void)
+{
+ arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL);
+}