diff options
author | Avinash Mehta <avinash.mehta@arm.com> | 2019-11-13 16:58:20 +0000 |
---|---|---|
committer | Tushar Khandelwal <tushar.khandelwal@arm.com> | 2020-01-24 14:41:28 +0000 |
commit | e4acc1854c98d41fc2cf262ec753bf6bb671551a (patch) | |
tree | bbf5507c556f98e3a0a7d25e417ed3e3c1064fe4 | |
parent | 97af78bc9ab0e821d934bd0bac18eaf7eab6d42e (diff) |
Adding firewall ISRs
This patch adds Interrupt service routines for the secure enclave
and tamper feature in firewall.
Change-Id: I3d8ad8059e991153684e2ad4c04bd33dee9c2e1b
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
-rwxr-xr-x | module/firewall/include/mod_firewall.h | 6 | ||||
-rwxr-xr-x | module/firewall/src/mod_firewall.c | 58 | ||||
-rw-r--r-- | product/corstone-700/se_ramfw/config_firewall.c | 19 | ||||
-rw-r--r-- | product/corstone-700/se_ramfw/firmware.mk | 2 | ||||
-rwxr-xr-x | product/corstone-700/se_romfw/config_firewall.c | 8 |
5 files changed, 85 insertions, 8 deletions
diff --git a/module/firewall/include/mod_firewall.h b/module/firewall/include/mod_firewall.h index 66add13..2a1cd9e 100755 --- a/module/firewall/include/mod_firewall.h +++ b/module/firewall/include/mod_firewall.h @@ -14,8 +14,10 @@ #include <fwk_id.h> #include <se_mmap.h> -struct firewall_config { - const uintptr_t se_firewall_base; +struct firewall_intr_config { + unsigned int tamper_irq; /*!< Host System Firewall Tamper Interrupt */ + unsigned int se_irq; /*!< Secure Enclave Firewall Interrupt */ + bool firewall_initialized; /*!< Firewall module initialization status */ }; enum se_firewall_comp_id_t { diff --git a/module/firewall/src/mod_firewall.c b/module/firewall/src/mod_firewall.c index f641db8..0b35874 100755 --- a/module/firewall/src/mod_firewall.c +++ b/module/firewall/src/mod_firewall.c @@ -78,6 +78,22 @@ void mpu_configure(void) MPU->RASR = 0x0200003D; } +/* Interrupt service routine for Secure Enclave Firewall Interrupt */ +static void firewall_se_isr(void) +{ + volatile uint32_t i = 1; + while (i) + ; +} + +/* Interrupt service routine for Host System Firewall Tamper Interrupt */ +static void firewall_tamper_isr(void) +{ + volatile uint32_t i = 1; + while (i) + ; +} + static int host_firewall_setup(void) { enum rgn_mpl_t mpl_rights = 0; @@ -365,9 +381,45 @@ static int firewall_init( unsigned int element_count, const void *data) { - mpu_configure(); - se_firewall_setup(); - host_firewall_setup(); + int status; + const struct firewall_intr_config *config = data; + + /* Registering Host System Firewall Tamper Interrupt */ + status = fwk_interrupt_set_isr(config->tamper_irq, firewall_tamper_isr); + if (status != FWK_SUCCESS) { + /* Failed to set isr */ + assert(false); + return status; + } + status = fwk_interrupt_enable(config->tamper_irq); + if (status != FWK_SUCCESS) { + assert(false); + return status; + } + + /* Registering Secure Enclave Firewall Interrupt */ + status = fwk_interrupt_set_isr(config->se_irq, firewall_se_isr); + if (status != FWK_SUCCESS) { + /* Failed to set isr */ + assert(false); + return status; + } + status = fwk_interrupt_enable(config->se_irq); + if (status != FWK_SUCCESS) { + assert(false); + return status; + } + + /** + * Call *_firewall_setup only if the firewall has not been initialized + * *_firewall_setup are called from romfw only + * calling them from ramfw again will result in tamper interrupts + */ + if (!config->firewall_initialized) { + mpu_configure(); + se_firewall_setup(); + host_firewall_setup(); + } return FWK_SUCCESS; } diff --git a/product/corstone-700/se_ramfw/config_firewall.c b/product/corstone-700/se_ramfw/config_firewall.c new file mode 100644 index 0000000..2f56696 --- /dev/null +++ b/product/corstone-700/se_ramfw/config_firewall.c @@ -0,0 +1,19 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <fwk_module.h> +#include <mod_firewall.h> +#include <se_irq.h> + +const struct fwk_module_config config_firewall = { + .data = &((struct firewall_intr_config) { + .tamper_irq = INT_HOST_FRWL_TAM, + .se_irq = INT_SE_FRWL, + .firewall_initialized = true, + }) +}; diff --git a/product/corstone-700/se_ramfw/firmware.mk b/product/corstone-700/se_ramfw/firmware.mk index 809e2d3..230999e 100644 --- a/product/corstone-700/se_ramfw/firmware.mk +++ b/product/corstone-700/se_ramfw/firmware.mk @@ -15,6 +15,7 @@ BS_FIRMWARE_HAS_SDC600 := no BS_FIRMWARE_MODULES := \ pl011 \ log \ + firewall \ spitoc_parser \ fip_parser \ mhu2 \ @@ -32,6 +33,7 @@ endif BS_FIRMWARE_SOURCES := \ config_log.c \ + config_firewall.c \ rtx_config.c \ config_spitoc_parser.c \ config_fip_parser.c \ diff --git a/product/corstone-700/se_romfw/config_firewall.c b/product/corstone-700/se_romfw/config_firewall.c index 6cca283..e3b3fcd 100755 --- a/product/corstone-700/se_romfw/config_firewall.c +++ b/product/corstone-700/se_romfw/config_firewall.c @@ -7,11 +7,13 @@ */ #include <fwk_module.h> -#include <se_mmap.h> #include <mod_firewall.h> +#include <se_irq.h> const struct fwk_module_config config_firewall = { - .data = &((struct firewall_config) { - .se_firewall_base = SE_FIREWALL_BASE, + .data = &((struct firewall_intr_config) { + .tamper_irq = INT_HOST_FRWL_TAM, + .se_irq = INT_SE_FRWL, + .firewall_initialized = false, }) }; |