aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--product/corstone-700/include/firewall.h171
-rw-r--r--product/corstone-700/include/se_mmap.h2
-rw-r--r--product/corstone-700/include/se_system_mmap.h18
-rw-r--r--product/corstone-700/module/firewall/include/mod_firewall.h20
-rw-r--r--product/corstone-700/module/firewall/src/Makefile10
-rwxr-xr-xproduct/corstone-700/module/firewall/src/mod_firewall.c124
-rw-r--r--product/corstone-700/se_romfw/config_firewall.c18
-rw-r--r--product/corstone-700/se_romfw/firmware.mk2
8 files changed, 361 insertions, 4 deletions
diff --git a/product/corstone-700/include/firewall.h b/product/corstone-700/include/firewall.h
new file mode 100644
index 0000000..eb7aed8
--- /dev/null
+++ b/product/corstone-700/include/firewall.h
@@ -0,0 +1,171 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef SE_FW_H
+#define SE_FW_H
+
+#include <stdint.h>
+#include <se_mmap.h>
+
+/*
+ * The Firewall occupies up to 2MB of address space in total.
+ * Each Firewall Component is allocated 64KB so in total a Firewall
+ * can have maximum of 32 Components with first component being
+ * FW controller.
+ */
+#define FW_TOTAL_SIZE 0x200000
+#define FW_CMP_SIZE 0x10000
+#define MAX_FW_CMP 32
+
+/*
+ * boot processor contains a dedicated Firewall having one FW controller
+ * and one FW component which allows boot processor access to the Host System address
+ * space.
+ */
+#define SE_FCTLR_BASE SE_FIREWALL_BASE
+#define SE_FC1_BASE SE_FIREWALL_BASE + FW_CMP_SIZE
+
+/*
+ * Common Firewall Registers, present in both Controller and Components.
+ */
+#define LD_CTRL 0x010
+#define RGN_SCTRL0 0x020
+#define RGN_SCTRL1 0x024
+#define RGN_SCTRL2 0x028
+#define RGN_SCTRL3 0x02C
+#define RGN_SCTRL4 0x030
+#define RGN_SCTRL5 0x034
+#define RGN_SCTRL6 0x038
+#define RGN_SCTRL7 0x03C
+#define RGN_SST0 0x040
+#define RGN_SST1 0x044
+#define RGN_SST2 0x048
+#define RGN_SST3 0x04C
+#define RGN_SST4 0x050
+#define RGN_SST5 0x054
+#define RGN_SST6 0x058
+#define RGN_SST7 0x05C
+#define FC_SCTRL 0x060
+#define FC_SST 0x064
+#define PE_CTRL 0x100
+#define PE_ST 0x104
+#define PE_BPS 0x108
+#define RWE_CTRL 0x10C
+#define RGN_CTRL0 0x110
+#define RGN_CTRL1 0x114
+#define RGN_LCTRL 0x118
+#define RGN_ST 0x11C
+#define RGN_CFG0 0x120
+#define RGN_CFG1 0x124
+#define RGN_SIZE 0x128
+#define RGN_TCFG0 0x130
+#define RGN_TCFG1 0x134
+#define RGN_TCFG2 0x138
+#define RGN_MID0 0x140
+#define RGN_MPL0 0x144
+#define RGN_MID1 0x148
+#define RGN_MPL1 0x14C
+#define RGN_MID2 0x150
+#define RGN_MPL2 0x154
+#define RGN_MID3 0x158
+#define RGN_MPL3 0x15C
+#define FE_TAL 0x180
+#define FE_TAU 0x184
+#define FE_TP 0x188
+#define FE_MID 0x18C
+#define FE_CTRL 0x190
+#define ME_CTRL 0x200
+#define ME_ST 0x204
+#define EDR_TAL 0x260
+#define EDR_TAU 0x264
+#define EDR_TP 0x268
+#define EDR_MID 0x26C
+#define EDR_CTRL 0x270
+/* Capability registers */
+#define FC_CAP0 0xFA0
+#define FC_CAP1 0xFA4
+#define FC_CAP2 0xFA8
+#define FC_CAP3 0xFAC
+/* Configuration registers */
+#define FC_CFG0 0xFB0
+#define FC_CFG1 0xFB4
+#define FC_CFG2 0xFB8
+#define FC_CFG3 0xFBC
+
+/*
+ * Firewall Controller only Registers.
+ */
+#define FW_CTRL 0x000
+#define FW_ST 0x004
+#define FW_SR_CTRL 0x00C
+#define FW_INT_ST 0xD90
+#define FW_TMP_TA 0xE90
+#define FW_TMP_TP 0xE98
+#define FW_TMP_MID 0xE9C
+#define FW_TMP_CTRL 0xEA0
+#define IIDR 0xFC8
+#define AIDR 0xFCC
+#define FC0_INT_ST 0xD00
+#define FC0_INT_MSK 0xE00
+#define FC_INT_ST(x) FC0_INT_ST+x*4
+#define FC_INT_MSK(x) FC0_INT_MSK+x*4
+
+/*
+ * Generic Macros
+ */
+#define ENABLE 0x1
+#define DISABLE 0x0
+#define PE_ENABLE ENABLE << 31
+#define ADDR_TRANS_ENABLE ENABLE << 17
+#define RGN_SIZE_4KB 0x0C
+#define RGN_SIZE_32MB 0x19
+#define RGN_SIZE_128MB 0x1B
+
+
+/*
+ * Host access regions view from boot processor
+ */
+enum se_firewall_regions {
+ DEFAULT_REGION = 0,
+ HOST_BIR_REGION,
+ SHARED_RAM_REGION,
+ XIP_FLASH_REGION,
+ HOST_PERIPHERAL_REGION,
+ DRAM_REGION,
+ NUM_REGIONS
+};
+
+/*
+ * Region Master Permission List
+ * S: Secure, N: Non-secure
+ * P: Privileged, U: Unprivileged
+ * R: Read, W: Write, X: Execute
+ */
+#define ANY_MST ENABLE << 12
+#define SPX ENABLE << 11
+#define SPW ENABLE << 10
+#define SPR ENABLE << 9
+#define SUX ENABLE << 8
+#define SUW ENABLE << 7
+#define SUR ENABLE << 6
+#define NSPX ENABLE << 5
+#define NSPW ENABLE << 4
+#define NSPR ENABLE << 3
+#define NSUX ENABLE << 2
+#define NSUW ENABLE << 1
+#define NSUR ENABLE << 0
+
+/*
+ * Master Permission Enable
+ */
+#define MPE3_EN ENABLE << 4
+#define MPE2_EN ENABLE << 3
+#define MPE1_EN ENABLE << 2
+#define MPE0_EN ENABLE << 1
+
+#endif /* SE_FW_H */
diff --git a/product/corstone-700/include/se_mmap.h b/product/corstone-700/include/se_mmap.h
index 33cca9d..57429b1 100644
--- a/product/corstone-700/include/se_mmap.h
+++ b/product/corstone-700/include/se_mmap.h
@@ -31,4 +31,6 @@
#define HOST_SYS_RST_CTRL (SE_BASE_SYS_CTRL + 0x0)
#define BOOT_INST_REGISTER (SE_HOST_ACCESS + 0x0)
+#define SE_FIREWALL_BASE (SE_PERIPHERAL_BASE + 0x200000)
+
#endif /* SE_MMAP_H */
diff --git a/product/corstone-700/include/se_system_mmap.h b/product/corstone-700/include/se_system_mmap.h
index 1df8078..68cec01 100644
--- a/product/corstone-700/include/se_system_mmap.h
+++ b/product/corstone-700/include/se_system_mmap.h
@@ -13,11 +13,21 @@
/*Memory*/
#define SE_ROM_BASE 0x00000000
#define SE_RAM_BASE 0x30000000
-#define SE_HOST_ACCESS 0x60000000
+
#define SE_PERIPHERAL_BASE 0x50000000
+
+/* Host access regions from boot processor view */
+#define SE_HOST_ACCESS 0x60000000
+#define HOST_BIR_BASE 0x00000000
#define HOST_SHARED_RAM_BASE 0x02000000
-#define SE_FLASH_BASE (SE_HOST_ACCESS + 0x8000000)
+#define HOST_FLASH_BASE 0x08000000
+#define HOST_DRAM_BASE 0x80000000
+#define HOST_PERIPHERAL_BASE 0x1A000000
+#define SE_BIR_BASE (SE_HOST_ACCESS + HOST_BIR_BASE)
#define SE_SHARED_RAM_ACCESS (SE_HOST_ACCESS + HOST_SHARED_RAM_BASE)
+#define SE_FLASH_BASE (SE_HOST_ACCESS + HOST_FLASH_BASE)
+#define SE_DRAM_BASE (SE_HOST_ACCESS + HOST_DRAM_BASE)
+#define SE_HOST_PERIPHERAL_BASE (SE_HOST_ACCESS + HOST_PERIPHERAL_BASE)
/*Image offsets*/
@@ -26,7 +36,7 @@
#define HOST_DTB_BASE (SE_SHARED_RAM_ACCESS + 0x800000)
#define ROOTFS_SRAM_BASE (SE_SHARED_RAM_ACCESS + 0xa00000)
-#define SE_ROM_SIZE (32 * 1024)
-#define SE_RAM_SIZE (128 * 1024)
+#define SE_ROM_SIZE (32 * 1024)
+#define SE_RAM_SIZE (128 * 1024)
#endif
diff --git a/product/corstone-700/module/firewall/include/mod_firewall.h b/product/corstone-700/module/firewall/include/mod_firewall.h
new file mode 100644
index 0000000..a666612
--- /dev/null
+++ b/product/corstone-700/module/firewall/include/mod_firewall.h
@@ -0,0 +1,20 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef MOD_SE_FIREWALL_H
+#define MOD_SE_FIREWALL_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <fwk_id.h>
+#include <firewall.h>
+
+struct firewall_config {
+ const uintptr_t se_firewall_base;
+};
+#endif /* MOD_SE_FIREWALL_H */
diff --git a/product/corstone-700/module/firewall/src/Makefile b/product/corstone-700/module/firewall/src/Makefile
new file mode 100644
index 0000000..7badf24
--- /dev/null
+++ b/product/corstone-700/module/firewall/src/Makefile
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+BS_LIB_NAME := FIREWALL
+BS_LIB_SOURCES = mod_firewall.c
+
+include $(BS_DIR)/lib.mk
diff --git a/product/corstone-700/module/firewall/src/mod_firewall.c b/product/corstone-700/module/firewall/src/mod_firewall.c
new file mode 100755
index 0000000..12ed384
--- /dev/null
+++ b/product/corstone-700/module/firewall/src/mod_firewall.c
@@ -0,0 +1,124 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <string.h>
+#include <assert.h>
+#include <fwk_errno.h>
+#include <fwk_id.h>
+#include <fwk_module.h>
+#include <fwk_interrupt.h>
+#include <fwk_module_idx.h>
+#include <fwk_mm.h>
+#include <mod_log.h>
+#include <se_system_mmap.h>
+#include <mod_firewall.h>
+
+/*
+ * boot processor Firewall programming.
+ * The Host Access Region is a 2GB region starting at 0x6000_0000.
+ * It allows the boot processor access to the Host System address
+ * space, all access pass through Secure enclave firewall having
+ * translation extension programmed.
+ * Four host regions are currently accessed by boot processor namely
+ * Boot Instruction Register, Shared RAM, XIP Flash and Host
+ * Peripheral regions.
+ */
+static int se_firewall_setup()
+{
+ volatile uint32_t *pe_ctrl = (uint32_t *)(SE_FC1_BASE+PE_CTRL);
+ volatile uint32_t *rwe_ctrl = (uint32_t *)(SE_FC1_BASE+RWE_CTRL);
+ volatile uint32_t *rgn_size = (uint32_t *)(SE_FC1_BASE+RGN_SIZE);
+ volatile uint32_t *rgn_cfg0 = (uint32_t *)(SE_FC1_BASE+RGN_CFG0);
+ volatile uint32_t *rgn_tcfg0 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG0);
+ volatile uint32_t *rgn_tcfg2 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG2);
+ volatile uint32_t *rgn_mpl0 = (uint32_t *)(SE_FC1_BASE+RGN_MPL0);
+ volatile uint32_t *rgn_ctrl1 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL1);
+ volatile uint32_t *rgn_ctrl0 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL0);
+
+ /*
+ * Region Programming Sequence
+ * -Select The correct region using RWE_CTRL
+ * -Program region Base address using RGN_CFG{0,1}
+ * -Program Region size using RGN_TCFG{0,1}
+ * -Enable Translation properties using RGN_TCFG2
+ * -Program the required Permission entries RGN_MPL
+ * -Enable the required master permission entries using RGN_CTRL1
+ * -Enable the region using RGN_CTRL1
+ */
+
+ /* Enable PE_CTRL */
+ *pe_ctrl = PE_ENABLE | *pe_ctrl;
+
+ /* Boot Instruction Register region: 4KB */
+ *rwe_ctrl = HOST_BIR_REGION;
+ *rgn_ctrl0 = DISABLE;
+ *rgn_size = RGN_SIZE_4KB;
+ *rgn_cfg0 = SE_HOST_ACCESS;
+ *rgn_tcfg0 = HOST_BIR_BASE;
+ *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+ *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+ | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+ *rgn_ctrl1 = MPE0_EN;
+ *rgn_ctrl0 = ENABLE;
+
+ /* Shared RAM region: 32MB */
+ *rwe_ctrl = SHARED_RAM_REGION;
+ *rgn_ctrl0 = DISABLE;
+ *rgn_size = RGN_SIZE_32MB;
+ *rgn_cfg0 = SE_SHARED_RAM_ACCESS;
+ *rgn_tcfg0 = HOST_SHARED_RAM_BASE;
+ *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+ *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+ | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+ *rgn_ctrl1 = MPE0_EN;
+ *rgn_ctrl0 = ENABLE;
+
+ /* Execute in place(XIP) Flash region: 128MB */
+ *rwe_ctrl = XIP_FLASH_REGION;
+ *rgn_ctrl0 = DISABLE;
+ *rgn_size = RGN_SIZE_128MB;
+ *rgn_cfg0 = SE_FLASH_BASE;
+ *rgn_tcfg0 = HOST_FLASH_BASE;
+ *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+ *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+ | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+ *rgn_ctrl1 = MPE0_EN;
+ *rgn_ctrl0 = ENABLE;
+
+ /* Host peripherals region: 128MB */
+ *rwe_ctrl = HOST_PERIPHERAL_REGION;
+ *rgn_ctrl0 = DISABLE;
+ *rgn_size = RGN_SIZE_128MB;
+ *rgn_cfg0 = SE_HOST_PERIPHERAL_BASE;
+ *rgn_tcfg0 = HOST_PERIPHERAL_BASE;
+ *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+ *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+ | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+ *rgn_ctrl1 = MPE0_EN;
+ *rgn_ctrl0 = ENABLE;
+
+ *rwe_ctrl = DEFAULT_REGION;
+ *rgn_ctrl0 = ENABLE;
+
+ return FWK_SUCCESS;
+}
+
+static int firewall_init(
+ fwk_id_t module_id,
+ unsigned int element_count,
+ const void *data)
+{
+ se_firewall_setup();
+ return FWK_SUCCESS;
+}
+
+const struct fwk_module module_firewall = {
+ .name = "firewall",
+ .type = FWK_MODULE_TYPE_SERVICE,
+ .init = firewall_init,
+};
diff --git a/product/corstone-700/se_romfw/config_firewall.c b/product/corstone-700/se_romfw/config_firewall.c
new file mode 100644
index 0000000..0d10bb0
--- /dev/null
+++ b/product/corstone-700/se_romfw/config_firewall.c
@@ -0,0 +1,18 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <fwk_module.h>
+#include <se_system_mmap.h>
+#include <se_mmap.h>
+#include <mod_firewall.h>
+
+const struct fwk_module_config config_firewall = {
+ .data = &((struct firewall_config) {
+ .se_firewall_base = SE_FIREWALL_BASE,
+ })
+};
diff --git a/product/corstone-700/se_romfw/firmware.mk b/product/corstone-700/se_romfw/firmware.mk
index 6716114..9b6618d 100644
--- a/product/corstone-700/se_romfw/firmware.mk
+++ b/product/corstone-700/se_romfw/firmware.mk
@@ -13,11 +13,13 @@ BS_FIRMWARE_MODULE_HEADERS_ONLY := \
BS_FIRMWARE_MODULES := \
pl011 \
log \
+ firewall \
spitoc_parser \
ramfw_loader
BS_FIRMWARE_SOURCES := \
config_log.c \
+ config_firewall.c \
config_spitoc_parser.c \
config_ramfw_loader.c
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 15:59:52 +0000