Adding firewall ISRs

This patch adds Interrupt service routines for the secure enclave and tamper feature in firewall. Change-Id: I3d8ad8059e991153684e2ad4c04bd33dee9c2e1b Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
author: Avinash Mehta <avinash.mehta@arm.com> 2019-11-13 16:58:20 +0000
committer: Tushar Khandelwal <tushar.khandelwal@arm.com> 2020-01-24 14:41:28 +0000
commit: e4acc1854c98d41fc2cf262ec753bf6bb671551a (patch)
tree: bbf5507c556f98e3a0a7d25e417ed3e3c1064fe4
parent: 97af78bc9ab0e821d934bd0bac18eaf7eab6d42e (diff)
5 files changed, 85 insertions, 8 deletions
diff --git a/module/firewall/include/mod_firewall.h b/module/firewall/include/mod_firewall.h
index 66add13..2a1cd9e 100755
--- a/module/firewall/include/mod_firewall.h
+++ b/module/firewall/include/mod_firewall.h
@@ -14,8 +14,10 @@
 #include <fwk_id.h>
 #include <se_mmap.h>
 
-struct firewall_config {
-      const uintptr_t se_firewall_base;
+struct firewall_intr_config {
+    unsigned int tamper_irq;   /*!< Host System Firewall Tamper Interrupt */
+    unsigned int se_irq;       /*!< Secure Enclave Firewall Interrupt     */
+    bool firewall_initialized; /*!< Firewall module initialization status */
 };
 
 enum se_firewall_comp_id_t {
diff --git a/module/firewall/src/mod_firewall.c b/module/firewall/src/mod_firewall.c
index f641db8..0b35874 100755
--- a/module/firewall/src/mod_firewall.c
+++ b/module/firewall/src/mod_firewall.c
@@ -78,6 +78,22 @@ void mpu_configure(void)
   MPU->RASR = 0x0200003D;
 }
 
+/* Interrupt service routine for Secure Enclave Firewall Interrupt */
+static void firewall_se_isr(void)
+{
+    volatile uint32_t i = 1;
+    while (i)
+        ;
+}
+
+/* Interrupt service routine for Host System Firewall Tamper Interrupt */
+static void firewall_tamper_isr(void)
+{
+    volatile uint32_t i = 1;
+    while (i)
+        ;
+}
+
 static int host_firewall_setup(void)
 {
     enum rgn_mpl_t mpl_rights = 0;
@@ -365,9 +381,45 @@ static int firewall_init(
     unsigned int element_count,
     const void *data)
 {
-    mpu_configure();
-    se_firewall_setup();
-    host_firewall_setup();
+    int status;
+    const struct firewall_intr_config *config = data;
+
+    /* Registering Host System Firewall Tamper Interrupt */
+    status = fwk_interrupt_set_isr(config->tamper_irq, firewall_tamper_isr);
+    if (status != FWK_SUCCESS) {
+        /* Failed to set isr */
+        assert(false);
+        return status;
+    }
+    status = fwk_interrupt_enable(config->tamper_irq);
+    if (status != FWK_SUCCESS) {
+        assert(false);
+        return status;
+    }
+
+    /* Registering Secure Enclave Firewall Interrupt */
+    status = fwk_interrupt_set_isr(config->se_irq, firewall_se_isr);
+    if (status != FWK_SUCCESS) {
+        /* Failed to set isr */
+        assert(false);
+        return status;
+    }
+    status = fwk_interrupt_enable(config->se_irq);
+    if (status != FWK_SUCCESS) {
+        assert(false);
+        return status;
+    }
+
+    /**
+     * Call *_firewall_setup only if the firewall has not been initialized
+     * *_firewall_setup are called from romfw only
+     * calling them from ramfw again will result in tamper interrupts
+     */
+    if (!config->firewall_initialized) {
+        mpu_configure();
+        se_firewall_setup();
+        host_firewall_setup();
+    }
     return FWK_SUCCESS;
 }
 
diff --git a/product/corstone-700/se_ramfw/config_firewall.c b/product/corstone-700/se_ramfw/config_firewall.c
new file mode 100644
index 0000000..2f56696
--- /dev/null
+++ b/product/corstone-700/se_ramfw/config_firewall.c
@@ -0,0 +1,19 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <fwk_module.h>
+#include <mod_firewall.h>
+#include <se_irq.h>
+
+const struct fwk_module_config config_firewall = {
+    .data = &((struct firewall_intr_config) {
+        .tamper_irq = INT_HOST_FRWL_TAM,
+        .se_irq = INT_SE_FRWL,
+        .firewall_initialized = true,
+    })
+};
diff --git a/product/corstone-700/se_ramfw/firmware.mk b/product/corstone-700/se_ramfw/firmware.mk
index 809e2d3..230999e 100644
--- a/product/corstone-700/se_ramfw/firmware.mk
+++ b/product/corstone-700/se_ramfw/firmware.mk
@@ -15,6 +15,7 @@ BS_FIRMWARE_HAS_SDC600 := no
 BS_FIRMWARE_MODULES := \
     pl011 \
     log \
+    firewall \
     spitoc_parser \
     fip_parser \
     mhu2 \
@@ -32,6 +33,7 @@ endif
 
 BS_FIRMWARE_SOURCES := \
     config_log.c \
+    config_firewall.c \
     rtx_config.c \
     config_spitoc_parser.c \
     config_fip_parser.c \
diff --git a/product/corstone-700/se_romfw/config_firewall.c b/product/corstone-700/se_romfw/config_firewall.c
index 6cca283..e3b3fcd 100755
--- a/product/corstone-700/se_romfw/config_firewall.c
+++ b/product/corstone-700/se_romfw/config_firewall.c
@@ -7,11 +7,13 @@
  */
 
 #include <fwk_module.h>
-#include <se_mmap.h>
 #include <mod_firewall.h>
+#include <se_irq.h>
 
 const struct fwk_module_config config_firewall = {
-    .data = &((struct firewall_config) {
-        .se_firewall_base = SE_FIREWALL_BASE,
+    .data = &((struct firewall_intr_config) {
+        .tamper_irq = INT_HOST_FRWL_TAM,
+        .se_irq = INT_SE_FRWL,
+        .firewall_initialized = false,
     })
 };
author	Avinash Mehta <avinash.mehta@arm.com>	2019-11-13 16:58:20 +0000
committer	Tushar Khandelwal <tushar.khandelwal@arm.com>	2020-01-24 14:41:28 +0000
commit	e4acc1854c98d41fc2cf262ec753bf6bb671551a (patch)
tree	bbf5507c556f98e3a0a7d25e417ed3e3c1064fe4
parent	97af78bc9ab0e821d934bd0bac18eaf7eab6d42e (diff)