1 /*
2 * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <debug.h>
9 #include <mmio.h>
10 #include <tzc_dmc500.h>
11 #include "tzc_common.h"
12 #include "tzc_common_private.h"
13
14 /*
15 * Macros which will be used by common core functions.
16 */
17 #define TZC_DMC500_REGION_BASE_LOW_0_OFFSET 0x054
18 #define TZC_DMC500_REGION_BASE_HIGH_0_OFFSET 0x058
19 #define TZC_DMC500_REGION_TOP_LOW_0_OFFSET 0x05C
20 #define TZC_DMC500_REGION_TOP_HIGH_0_OFFSET 0x060
21 #define TZC_DMC500_REGION_ATTR_0_OFFSET 0x064
22 #define TZC_DMC500_REGION_ID_ACCESS_0_OFFSET 0x068
23
24 #define TZC_DMC500_ACTION_OFF 0x50
25
26 /* Pointer to the tzc_dmc500_driver_data structure populated by the platform */
27 static const tzc_dmc500_driver_data_t *g_driver_data;
28
29 #define verify_region_attr(region, attr) \
30 ((g_conf_regions[(region)].sec_attr == \
31 ((attr) >> TZC_REGION_ATTR_SEC_SHIFT)) \
32 && ((attr) & (0x1 << TZC_REGION_ATTR_F_EN_SHIFT)))
33
34 /*
35 * Structure for configured regions attributes in DMC500.
36 */
37 typedef struct tzc_dmc500_regions {
38 tzc_region_attributes_t sec_attr;
39 int is_enabled;
40 } tzc_dmc500_regions_t;
41
42 /*
43 * Array storing the attributes of the configured regions. This array
44 * will be used by the `tzc_dmc500_verify_complete` to verify the flush
45 * completion.
46 */
47 static tzc_dmc500_regions_t g_conf_regions[MAX_REGION_VAL + 1];
48
49 /* Helper Macros for making the code readable */
50 #define DMC_INST_BASE_ADDR(instance) (g_driver_data->dmc_base[instance])
51 #define DMC_INST_SI_BASE(instance, interface) \
52 (DMC_INST_BASE_ADDR(instance) + IFACE_OFFSET(interface))
53
DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500,DMC500)54 DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500, DMC500)
55 DEFINE_TZC_COMMON_WRITE_REGION_BASE(_dmc500, DMC500)
56 DEFINE_TZC_COMMON_WRITE_REGION_TOP(_dmc500, DMC500)
57 DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(_dmc500, DMC500)
58 DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(_dmc500, DMC500)
59
60 DEFINE_TZC_COMMON_CONFIGURE_REGION0(_dmc500)
61 DEFINE_TZC_COMMON_CONFIGURE_REGION(_dmc500)
62
63 static inline unsigned int _tzc_dmc500_read_region_attr_0(
64 uintptr_t dmc_si_base,
65 int region_no)
66 {
67 return mmio_read_32(dmc_si_base +
68 TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) +
69 TZC_DMC500_REGION_ATTR_0_OFFSET);
70 }
71
_tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)72 static inline void _tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)
73 {
74 mmio_write_32(dmc_si_base + SI_FLUSH_CTRL_OFFSET, 1);
75 }
76
77 /*
78 * Sets the Flush controls for all the DMC Instances and System Interfaces.
79 * This initiates the flush of configuration settings from the shadow
80 * registers to the actual configuration register. The caller should poll
81 * changed register to confirm update.
82 */
tzc_dmc500_config_complete(void)83 void tzc_dmc500_config_complete(void)
84 {
85 int dmc_inst, sys_if;
86
87 assert(g_driver_data);
88
89 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
90 assert(DMC_INST_BASE_ADDR(dmc_inst));
91 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++)
92 _tzc_dmc500_write_flush_control(
93 DMC_INST_SI_BASE(dmc_inst, sys_if));
94 }
95 }
96
97 /*
98 * This function reads back the secure attributes from the configuration
99 * register for each DMC Instance and System Interface and compares it with
100 * the configured value. The successful verification of the region attributes
101 * confirms that the flush operation has completed.
102 * If the verification fails, the caller is expected to invoke this API again
103 * till it succeeds.
104 * Returns 0 on success and 1 on failure.
105 */
tzc_dmc500_verify_complete(void)106 int tzc_dmc500_verify_complete(void)
107 {
108 int dmc_inst, sys_if, region_no;
109 unsigned int attr;
110
111 assert(g_driver_data);
112 /* Region 0 must be configured */
113 assert(g_conf_regions[0].is_enabled);
114
115 /* Iterate over all configured regions */
116 for (region_no = 0; region_no <= MAX_REGION_VAL; region_no++) {
117 if (!g_conf_regions[region_no].is_enabled)
118 continue;
119 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count;
120 dmc_inst++) {
121 assert(DMC_INST_BASE_ADDR(dmc_inst));
122 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT;
123 sys_if++) {
124 attr = _tzc_dmc500_read_region_attr_0(
125 DMC_INST_SI_BASE(dmc_inst, sys_if),
126 region_no);
127 VERBOSE("Verifying DMC500 region:%d"
128 " dmc_inst:%d sys_if:%d attr:%x\n",
129 region_no, dmc_inst, sys_if, attr);
130 if (!verify_region_attr(region_no, attr))
131 return 1;
132 }
133 }
134 }
135
136 return 0;
137 }
138
139 /*
140 * `tzc_dmc500_configure_region0` is used to program region 0 in both the
141 * system interfaces of all the DMC-500 instances. Region 0 covers the whole
142 * address space that is not mapped to any other region for a system interface,
143 * and is always enabled; this cannot be changed. This function only changes
144 * the access permissions.
145 */
tzc_dmc500_configure_region0(tzc_region_attributes_t sec_attr,unsigned int nsaid_permissions)146 void tzc_dmc500_configure_region0(tzc_region_attributes_t sec_attr,
147 unsigned int nsaid_permissions)
148 {
149 int dmc_inst, sys_if;
150
151 /* Assert if DMC-500 is not initialized */
152 assert(g_driver_data);
153
154 /* Configure region_0 in all DMC instances */
155 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
156 assert(DMC_INST_BASE_ADDR(dmc_inst));
157 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++)
158 _tzc_dmc500_configure_region0(
159 DMC_INST_SI_BASE(dmc_inst, sys_if),
160 sec_attr, nsaid_permissions);
161 }
162
163 g_conf_regions[0].sec_attr = sec_attr;
164 g_conf_regions[0].is_enabled = 1;
165 }
166
167 /*
168 * `tzc_dmc500_configure_region` is used to program a region into all system
169 * interfaces of all the DMC instances.
170 * NOTE:
171 * Region 0 is special; it is preferable to use tzc_dmc500_configure_region0
172 * for this region (see comment for that function).
173 */
tzc_dmc500_configure_region(int region_no,unsigned long long region_base,unsigned long long region_top,tzc_region_attributes_t sec_attr,unsigned int nsaid_permissions)174 void tzc_dmc500_configure_region(int region_no,
175 unsigned long long region_base,
176 unsigned long long region_top,
177 tzc_region_attributes_t sec_attr,
178 unsigned int nsaid_permissions)
179 {
180 int dmc_inst, sys_if;
181
182 assert(g_driver_data);
183 /* Do range checks on regions. */
184 assert(region_no >= 0 && region_no <= MAX_REGION_VAL);
185
186 /*
187 * Do address range check based on DMC-TZ configuration. A 43bit address
188 * is the max and expected case.
189 */
190 assert(((region_top <= _tzc_get_max_top_addr(43)) &&
191 (region_base < region_top)));
192
193 /* region_base and (region_top + 1) must be 4KB aligned */
194 assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0);
195
196 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
197 assert(DMC_INST_BASE_ADDR(dmc_inst));
198 for (sys_if = 0; sys_if < MAX_SYS_IF_COUNT; sys_if++)
199 _tzc_dmc500_configure_region(
200 DMC_INST_SI_BASE(dmc_inst, sys_if),
201 TZC_DMC500_REGION_ATTR_F_EN_MASK,
202 region_no, region_base, region_top,
203 sec_attr, nsaid_permissions);
204 }
205
206 g_conf_regions[region_no].sec_attr = sec_attr;
207 g_conf_regions[region_no].is_enabled = 1;
208 }
209
210 /* Sets the action value for all the DMC instances */
tzc_dmc500_set_action(tzc_action_t action)211 void tzc_dmc500_set_action(tzc_action_t action)
212 {
213 int dmc_inst;
214
215 assert(g_driver_data);
216
217 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
218 assert(DMC_INST_BASE_ADDR(dmc_inst));
219 /*
220 * - Currently no handler is provided to trap an error via
221 * interrupt or exception.
222 * - The interrupt action has not been tested.
223 */
224 _tzc_dmc500_write_action(DMC_INST_BASE_ADDR(dmc_inst), action);
225 }
226 }
227
228 /*
229 * A DMC-500 instance must be present at each base address provided by the
230 * platform. It also expects platform to pass at least one instance of
231 * DMC-500.
232 */
validate_plat_driver_data(const tzc_dmc500_driver_data_t * plat_driver_data)233 static void validate_plat_driver_data(
234 const tzc_dmc500_driver_data_t *plat_driver_data)
235 {
236 #if ENABLE_ASSERTIONS
237 int i;
238 unsigned int dmc_id;
239 uintptr_t dmc_base;
240
241 assert(plat_driver_data);
242 assert(plat_driver_data->dmc_count > 0 &&
243 (plat_driver_data->dmc_count <= MAX_DMC_COUNT));
244
245 for (i = 0; i < plat_driver_data->dmc_count; i++) {
246 dmc_base = plat_driver_data->dmc_base[i];
247 assert(dmc_base);
248
249 dmc_id = _tzc_read_peripheral_id(dmc_base);
250 assert(dmc_id == DMC500_PERIPHERAL_ID);
251 }
252 #endif /* ENABLE_ASSERTIONS */
253 }
254
255
256 /*
257 * Initializes the base address and count of DMC instances.
258 *
259 * Note : Only pointer to plat_driver_data is saved, so it is caller's
260 * responsibility to keep it valid until the driver is used.
261 */
tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t * plat_driver_data)262 void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data)
263 {
264 /* Check valid pointer is passed */
265 assert(plat_driver_data);
266
267 /*
268 * NOTE: This driver expects the DMC-500 controller is already in
269 * READY state. Hence, it uses the reconfiguration method for
270 * programming TrustZone regions
271 */
272 /* Validates the information passed by platform */
273 validate_plat_driver_data(plat_driver_data);
274 g_driver_data = plat_driver_data;
275 }
276