1 /*
2 * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <common/debug.h>
10 #include <drivers/arm/tzc_dmc500.h>
11 #include <drivers/arm/tzc_common.h>
12 #include <lib/mmio.h>
13
14 #include "tzc_common_private.h"
15
16 /*
17 * Macros which will be used by common core functions.
18 */
19 #define TZC_DMC500_REGION_BASE_LOW_0_OFFSET 0x054
20 #define TZC_DMC500_REGION_BASE_HIGH_0_OFFSET 0x058
21 #define TZC_DMC500_REGION_TOP_LOW_0_OFFSET 0x05C
22 #define TZC_DMC500_REGION_TOP_HIGH_0_OFFSET 0x060
23 #define TZC_DMC500_REGION_ATTR_0_OFFSET 0x064
24 #define TZC_DMC500_REGION_ID_ACCESS_0_OFFSET 0x068
25
26 #define TZC_DMC500_ACTION_OFF 0x50
27
28 /* Pointer to the tzc_dmc500_driver_data structure populated by the platform */
29 static const tzc_dmc500_driver_data_t *g_driver_data;
30 static unsigned int g_sys_if_count;
31
32 #define verify_region_attr(region, attr) \
33 ((g_conf_regions[(region)].sec_attr == \
34 ((attr) >> TZC_REGION_ATTR_SEC_SHIFT)) \
35 && ((attr) & (0x1 << TZC_REGION_ATTR_F_EN_SHIFT)))
36
37 /*
38 * Structure for configured regions attributes in DMC500.
39 */
40 typedef struct tzc_dmc500_regions {
41 unsigned int sec_attr;
42 int is_enabled;
43 } tzc_dmc500_regions_t;
44
45 /*
46 * Array storing the attributes of the configured regions. This array
47 * will be used by the `tzc_dmc500_verify_complete` to verify the flush
48 * completion.
49 */
50 static tzc_dmc500_regions_t g_conf_regions[MAX_REGION_VAL + 1];
51
52 /* Helper Macros for making the code readable */
53 #define DMC_INST_BASE_ADDR(instance) (g_driver_data->dmc_base[instance])
54 #define DMC_INST_SI_BASE(instance, interface) \
55 (DMC_INST_BASE_ADDR(instance) + IFACE_OFFSET(interface))
56
DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500,DMC500)57 DEFINE_TZC_COMMON_WRITE_ACTION(_dmc500, DMC500)
58 DEFINE_TZC_COMMON_WRITE_REGION_BASE(_dmc500, DMC500)
59 DEFINE_TZC_COMMON_WRITE_REGION_TOP(_dmc500, DMC500)
60 DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(_dmc500, DMC500)
61 DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(_dmc500, DMC500)
62
63 DEFINE_TZC_COMMON_CONFIGURE_REGION0(_dmc500)
64 DEFINE_TZC_COMMON_CONFIGURE_REGION(_dmc500)
65
66 static inline unsigned int _tzc_dmc500_read_region_attr_0(
67 uintptr_t dmc_si_base,
68 unsigned int region_no)
69 {
70 return mmio_read_32(dmc_si_base +
71 TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) +
72 TZC_DMC500_REGION_ATTR_0_OFFSET);
73 }
74
_tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)75 static inline void _tzc_dmc500_write_flush_control(uintptr_t dmc_si_base)
76 {
77 mmio_write_32(dmc_si_base + SI_FLUSH_CTRL_OFFSET, 1);
78 }
79
80 /*
81 * Sets the Flush controls for all the DMC Instances and System Interfaces.
82 * This initiates the flush of configuration settings from the shadow
83 * registers to the actual configuration register. The caller should poll
84 * changed register to confirm update.
85 */
tzc_dmc500_config_complete(void)86 void tzc_dmc500_config_complete(void)
87 {
88 int dmc_inst, sys_if;
89
90 assert(g_driver_data);
91
92 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
93 assert(DMC_INST_BASE_ADDR(dmc_inst));
94 for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
95 _tzc_dmc500_write_flush_control(
96 DMC_INST_SI_BASE(dmc_inst, sys_if));
97 }
98 }
99
100 /*
101 * This function reads back the secure attributes from the configuration
102 * register for each DMC Instance and System Interface and compares it with
103 * the configured value. The successful verification of the region attributes
104 * confirms that the flush operation has completed.
105 * If the verification fails, the caller is expected to invoke this API again
106 * till it succeeds.
107 * Returns 0 on success and 1 on failure.
108 */
tzc_dmc500_verify_complete(void)109 int tzc_dmc500_verify_complete(void)
110 {
111 int dmc_inst, sys_if, region_no;
112 unsigned int attr;
113
114 assert(g_driver_data);
115 /* Region 0 must be configured */
116 assert(g_conf_regions[0].is_enabled);
117
118 /* Iterate over all configured regions */
119 for (region_no = 0; region_no <= MAX_REGION_VAL; region_no++) {
120 if (!g_conf_regions[region_no].is_enabled)
121 continue;
122 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count;
123 dmc_inst++) {
124 assert(DMC_INST_BASE_ADDR(dmc_inst));
125 for (sys_if = 0; sys_if < g_sys_if_count;
126 sys_if++) {
127 attr = _tzc_dmc500_read_region_attr_0(
128 DMC_INST_SI_BASE(dmc_inst, sys_if),
129 region_no);
130 VERBOSE("Verifying DMC500 region:%d"
131 " dmc_inst:%d sys_if:%d attr:%x\n",
132 region_no, dmc_inst, sys_if, attr);
133 if (!verify_region_attr(region_no, attr))
134 return 1;
135 }
136 }
137 }
138
139 return 0;
140 }
141
142 /*
143 * `tzc_dmc500_configure_region0` is used to program region 0 in both the
144 * system interfaces of all the DMC-500 instances. Region 0 covers the whole
145 * address space that is not mapped to any other region for a system interface,
146 * and is always enabled; this cannot be changed. This function only changes
147 * the access permissions.
148 */
tzc_dmc500_configure_region0(unsigned int sec_attr,unsigned int nsaid_permissions)149 void tzc_dmc500_configure_region0(unsigned int sec_attr,
150 unsigned int nsaid_permissions)
151 {
152 int dmc_inst, sys_if;
153
154 /* Assert if DMC-500 is not initialized */
155 assert(g_driver_data);
156
157 /* Configure region_0 in all DMC instances */
158 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
159 assert(DMC_INST_BASE_ADDR(dmc_inst));
160 for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
161 _tzc_dmc500_configure_region0(
162 DMC_INST_SI_BASE(dmc_inst, sys_if),
163 sec_attr, nsaid_permissions);
164 }
165
166 g_conf_regions[0].sec_attr = sec_attr;
167 g_conf_regions[0].is_enabled = 1;
168 }
169
170 /*
171 * `tzc_dmc500_configure_region` is used to program a region into all system
172 * interfaces of all the DMC instances.
173 * NOTE:
174 * Region 0 is special; it is preferable to use tzc_dmc500_configure_region0
175 * for this region (see comment for that function).
176 */
tzc_dmc500_configure_region(unsigned int region_no,unsigned long long region_base,unsigned long long region_top,unsigned int sec_attr,unsigned int nsaid_permissions)177 void tzc_dmc500_configure_region(unsigned int region_no,
178 unsigned long long region_base,
179 unsigned long long region_top,
180 unsigned int sec_attr,
181 unsigned int nsaid_permissions)
182 {
183 int dmc_inst, sys_if;
184
185 assert(g_driver_data);
186 /* Do range checks on regions. */
187 assert((region_no >= 0U) && (region_no <= MAX_REGION_VAL));
188
189 /*
190 * Do address range check based on DMC-TZ configuration. A 43bit address
191 * is the max and expected case.
192 */
193 assert(((region_top <= (UINT64_MAX >> (64U - 43U))) &&
194 (region_base < region_top)));
195
196 /* region_base and (region_top + 1) must be 4KB aligned */
197 assert(((region_base | (region_top + 1U)) & (4096U - 1U)) == 0U);
198
199 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
200 assert(DMC_INST_BASE_ADDR(dmc_inst));
201 for (sys_if = 0; sys_if < g_sys_if_count; sys_if++)
202 _tzc_dmc500_configure_region(
203 DMC_INST_SI_BASE(dmc_inst, sys_if),
204 TZC_DMC500_REGION_ATTR_F_EN_MASK,
205 region_no, region_base, region_top,
206 sec_attr, nsaid_permissions);
207 }
208
209 g_conf_regions[region_no].sec_attr = sec_attr;
210 g_conf_regions[region_no].is_enabled = 1;
211 }
212
213 /* Sets the action value for all the DMC instances */
tzc_dmc500_set_action(unsigned int action)214 void tzc_dmc500_set_action(unsigned int action)
215 {
216 int dmc_inst;
217
218 assert(g_driver_data);
219
220 for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
221 assert(DMC_INST_BASE_ADDR(dmc_inst));
222 /*
223 * - Currently no handler is provided to trap an error via
224 * interrupt or exception.
225 * - The interrupt action has not been tested.
226 */
227 _tzc_dmc500_write_action(DMC_INST_BASE_ADDR(dmc_inst), action);
228 }
229 }
230
231 /*
232 * A DMC-500 instance must be present at each base address provided by the
233 * platform. It also expects platform to pass at least one instance of
234 * DMC-500.
235 */
validate_plat_driver_data(const tzc_dmc500_driver_data_t * plat_driver_data)236 static void validate_plat_driver_data(
237 const tzc_dmc500_driver_data_t *plat_driver_data)
238 {
239 #if ENABLE_ASSERTIONS
240 int i;
241 unsigned int dmc_id;
242 uintptr_t dmc_base;
243
244 assert(plat_driver_data);
245 assert(plat_driver_data->dmc_count > 0 &&
246 (plat_driver_data->dmc_count <= MAX_DMC_COUNT));
247
248 for (i = 0; i < plat_driver_data->dmc_count; i++) {
249 dmc_base = plat_driver_data->dmc_base[i];
250 assert(dmc_base);
251
252 dmc_id = _tzc_read_peripheral_id(dmc_base);
253 assert(dmc_id == DMC500_PERIPHERAL_ID);
254 }
255 #endif /* ENABLE_ASSERTIONS */
256 }
257
258
259 /*
260 * Initializes the base address and count of DMC instances.
261 *
262 * Note : Only pointer to plat_driver_data is saved, so it is caller's
263 * responsibility to keep it valid until the driver is used.
264 */
tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t * plat_driver_data)265 void tzc_dmc500_driver_init(const tzc_dmc500_driver_data_t *plat_driver_data)
266 {
267 /* Check valid pointer is passed */
268 assert(plat_driver_data);
269
270 /*
271 * NOTE: This driver expects the DMC-500 controller is already in
272 * READY state. Hence, it uses the reconfiguration method for
273 * programming TrustZone regions
274 */
275 /* Validates the information passed by platform */
276 validate_plat_driver_data(plat_driver_data);
277 g_driver_data = plat_driver_data;
278
279 /* Check valid system interface count */
280 assert(g_driver_data->sys_if_count <= MAX_SYS_IF_COUNT);
281
282 g_sys_if_count = g_driver_data->sys_if_count;
283
284 /* If interface count is not present then assume max */
285 if (g_sys_if_count == 0U)
286 g_sys_if_count = MAX_SYS_IF_COUNT;
287 }
288