diff options
-rw-r--r-- | product/corstone-700/include/firewall.h | 171 | ||||
-rw-r--r-- | product/corstone-700/include/se_mmap.h | 2 | ||||
-rw-r--r-- | product/corstone-700/include/se_system_mmap.h | 18 | ||||
-rw-r--r-- | product/corstone-700/module/firewall/include/mod_firewall.h | 20 | ||||
-rw-r--r-- | product/corstone-700/module/firewall/src/Makefile | 10 | ||||
-rwxr-xr-x | product/corstone-700/module/firewall/src/mod_firewall.c | 124 | ||||
-rw-r--r-- | product/corstone-700/se_romfw/config_firewall.c | 18 | ||||
-rw-r--r-- | product/corstone-700/se_romfw/firmware.mk | 2 |
8 files changed, 361 insertions, 4 deletions
diff --git a/product/corstone-700/include/firewall.h b/product/corstone-700/include/firewall.h new file mode 100644 index 0000000..eb7aed8 --- /dev/null +++ b/product/corstone-700/include/firewall.h @@ -0,0 +1,171 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef SE_FW_H +#define SE_FW_H + +#include <stdint.h> +#include <se_mmap.h> + +/* + * The Firewall occupies up to 2MB of address space in total. + * Each Firewall Component is allocated 64KB so in total a Firewall + * can have maximum of 32 Components with first component being + * FW controller. + */ +#define FW_TOTAL_SIZE 0x200000 +#define FW_CMP_SIZE 0x10000 +#define MAX_FW_CMP 32 + +/* + * boot processor contains a dedicated Firewall having one FW controller + * and one FW component which allows boot processor access to the Host System address + * space. + */ +#define SE_FCTLR_BASE SE_FIREWALL_BASE +#define SE_FC1_BASE SE_FIREWALL_BASE + FW_CMP_SIZE + +/* + * Common Firewall Registers, present in both Controller and Components. + */ +#define LD_CTRL 0x010 +#define RGN_SCTRL0 0x020 +#define RGN_SCTRL1 0x024 +#define RGN_SCTRL2 0x028 +#define RGN_SCTRL3 0x02C +#define RGN_SCTRL4 0x030 +#define RGN_SCTRL5 0x034 +#define RGN_SCTRL6 0x038 +#define RGN_SCTRL7 0x03C +#define RGN_SST0 0x040 +#define RGN_SST1 0x044 +#define RGN_SST2 0x048 +#define RGN_SST3 0x04C +#define RGN_SST4 0x050 +#define RGN_SST5 0x054 +#define RGN_SST6 0x058 +#define RGN_SST7 0x05C +#define FC_SCTRL 0x060 +#define FC_SST 0x064 +#define PE_CTRL 0x100 +#define PE_ST 0x104 +#define PE_BPS 0x108 +#define RWE_CTRL 0x10C +#define RGN_CTRL0 0x110 +#define RGN_CTRL1 0x114 +#define RGN_LCTRL 0x118 +#define RGN_ST 0x11C +#define RGN_CFG0 0x120 +#define RGN_CFG1 0x124 +#define RGN_SIZE 0x128 +#define RGN_TCFG0 0x130 +#define RGN_TCFG1 0x134 +#define RGN_TCFG2 0x138 +#define RGN_MID0 0x140 +#define RGN_MPL0 0x144 +#define RGN_MID1 0x148 +#define RGN_MPL1 0x14C +#define RGN_MID2 0x150 +#define RGN_MPL2 0x154 +#define RGN_MID3 0x158 +#define RGN_MPL3 0x15C +#define FE_TAL 0x180 +#define FE_TAU 0x184 +#define FE_TP 0x188 +#define FE_MID 0x18C +#define FE_CTRL 0x190 +#define ME_CTRL 0x200 +#define ME_ST 0x204 +#define EDR_TAL 0x260 +#define EDR_TAU 0x264 +#define EDR_TP 0x268 +#define EDR_MID 0x26C +#define EDR_CTRL 0x270 +/* Capability registers */ +#define FC_CAP0 0xFA0 +#define FC_CAP1 0xFA4 +#define FC_CAP2 0xFA8 +#define FC_CAP3 0xFAC +/* Configuration registers */ +#define FC_CFG0 0xFB0 +#define FC_CFG1 0xFB4 +#define FC_CFG2 0xFB8 +#define FC_CFG3 0xFBC + +/* + * Firewall Controller only Registers. + */ +#define FW_CTRL 0x000 +#define FW_ST 0x004 +#define FW_SR_CTRL 0x00C +#define FW_INT_ST 0xD90 +#define FW_TMP_TA 0xE90 +#define FW_TMP_TP 0xE98 +#define FW_TMP_MID 0xE9C +#define FW_TMP_CTRL 0xEA0 +#define IIDR 0xFC8 +#define AIDR 0xFCC +#define FC0_INT_ST 0xD00 +#define FC0_INT_MSK 0xE00 +#define FC_INT_ST(x) FC0_INT_ST+x*4 +#define FC_INT_MSK(x) FC0_INT_MSK+x*4 + +/* + * Generic Macros + */ +#define ENABLE 0x1 +#define DISABLE 0x0 +#define PE_ENABLE ENABLE << 31 +#define ADDR_TRANS_ENABLE ENABLE << 17 +#define RGN_SIZE_4KB 0x0C +#define RGN_SIZE_32MB 0x19 +#define RGN_SIZE_128MB 0x1B + + +/* + * Host access regions view from boot processor + */ +enum se_firewall_regions { + DEFAULT_REGION = 0, + HOST_BIR_REGION, + SHARED_RAM_REGION, + XIP_FLASH_REGION, + HOST_PERIPHERAL_REGION, + DRAM_REGION, + NUM_REGIONS +}; + +/* + * Region Master Permission List + * S: Secure, N: Non-secure + * P: Privileged, U: Unprivileged + * R: Read, W: Write, X: Execute + */ +#define ANY_MST ENABLE << 12 +#define SPX ENABLE << 11 +#define SPW ENABLE << 10 +#define SPR ENABLE << 9 +#define SUX ENABLE << 8 +#define SUW ENABLE << 7 +#define SUR ENABLE << 6 +#define NSPX ENABLE << 5 +#define NSPW ENABLE << 4 +#define NSPR ENABLE << 3 +#define NSUX ENABLE << 2 +#define NSUW ENABLE << 1 +#define NSUR ENABLE << 0 + +/* + * Master Permission Enable + */ +#define MPE3_EN ENABLE << 4 +#define MPE2_EN ENABLE << 3 +#define MPE1_EN ENABLE << 2 +#define MPE0_EN ENABLE << 1 + +#endif /* SE_FW_H */ diff --git a/product/corstone-700/include/se_mmap.h b/product/corstone-700/include/se_mmap.h index 33cca9d..57429b1 100644 --- a/product/corstone-700/include/se_mmap.h +++ b/product/corstone-700/include/se_mmap.h @@ -31,4 +31,6 @@ #define HOST_SYS_RST_CTRL (SE_BASE_SYS_CTRL + 0x0) #define BOOT_INST_REGISTER (SE_HOST_ACCESS + 0x0) +#define SE_FIREWALL_BASE (SE_PERIPHERAL_BASE + 0x200000) + #endif /* SE_MMAP_H */ diff --git a/product/corstone-700/include/se_system_mmap.h b/product/corstone-700/include/se_system_mmap.h index 1df8078..68cec01 100644 --- a/product/corstone-700/include/se_system_mmap.h +++ b/product/corstone-700/include/se_system_mmap.h @@ -13,11 +13,21 @@ /*Memory*/ #define SE_ROM_BASE 0x00000000 #define SE_RAM_BASE 0x30000000 -#define SE_HOST_ACCESS 0x60000000 + #define SE_PERIPHERAL_BASE 0x50000000 + +/* Host access regions from boot processor view */ +#define SE_HOST_ACCESS 0x60000000 +#define HOST_BIR_BASE 0x00000000 #define HOST_SHARED_RAM_BASE 0x02000000 -#define SE_FLASH_BASE (SE_HOST_ACCESS + 0x8000000) +#define HOST_FLASH_BASE 0x08000000 +#define HOST_DRAM_BASE 0x80000000 +#define HOST_PERIPHERAL_BASE 0x1A000000 +#define SE_BIR_BASE (SE_HOST_ACCESS + HOST_BIR_BASE) #define SE_SHARED_RAM_ACCESS (SE_HOST_ACCESS + HOST_SHARED_RAM_BASE) +#define SE_FLASH_BASE (SE_HOST_ACCESS + HOST_FLASH_BASE) +#define SE_DRAM_BASE (SE_HOST_ACCESS + HOST_DRAM_BASE) +#define SE_HOST_PERIPHERAL_BASE (SE_HOST_ACCESS + HOST_PERIPHERAL_BASE) /*Image offsets*/ @@ -26,7 +36,7 @@ #define HOST_DTB_BASE (SE_SHARED_RAM_ACCESS + 0x800000) #define ROOTFS_SRAM_BASE (SE_SHARED_RAM_ACCESS + 0xa00000) -#define SE_ROM_SIZE (32 * 1024) -#define SE_RAM_SIZE (128 * 1024) +#define SE_ROM_SIZE (32 * 1024) +#define SE_RAM_SIZE (128 * 1024) #endif diff --git a/product/corstone-700/module/firewall/include/mod_firewall.h b/product/corstone-700/module/firewall/include/mod_firewall.h new file mode 100644 index 0000000..a666612 --- /dev/null +++ b/product/corstone-700/module/firewall/include/mod_firewall.h @@ -0,0 +1,20 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef MOD_SE_FIREWALL_H +#define MOD_SE_FIREWALL_H + +#include <stddef.h> +#include <stdint.h> +#include <fwk_id.h> +#include <firewall.h> + +struct firewall_config { + const uintptr_t se_firewall_base; +}; +#endif /* MOD_SE_FIREWALL_H */ diff --git a/product/corstone-700/module/firewall/src/Makefile b/product/corstone-700/module/firewall/src/Makefile new file mode 100644 index 0000000..7badf24 --- /dev/null +++ b/product/corstone-700/module/firewall/src/Makefile @@ -0,0 +1,10 @@ +# +# Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +BS_LIB_NAME := FIREWALL +BS_LIB_SOURCES = mod_firewall.c + +include $(BS_DIR)/lib.mk diff --git a/product/corstone-700/module/firewall/src/mod_firewall.c b/product/corstone-700/module/firewall/src/mod_firewall.c new file mode 100755 index 0000000..12ed384 --- /dev/null +++ b/product/corstone-700/module/firewall/src/mod_firewall.c @@ -0,0 +1,124 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <string.h> +#include <assert.h> +#include <fwk_errno.h> +#include <fwk_id.h> +#include <fwk_module.h> +#include <fwk_interrupt.h> +#include <fwk_module_idx.h> +#include <fwk_mm.h> +#include <mod_log.h> +#include <se_system_mmap.h> +#include <mod_firewall.h> + +/* + * boot processor Firewall programming. + * The Host Access Region is a 2GB region starting at 0x6000_0000. + * It allows the boot processor access to the Host System address + * space, all access pass through Secure enclave firewall having + * translation extension programmed. + * Four host regions are currently accessed by boot processor namely + * Boot Instruction Register, Shared RAM, XIP Flash and Host + * Peripheral regions. + */ +static int se_firewall_setup() +{ + volatile uint32_t *pe_ctrl = (uint32_t *)(SE_FC1_BASE+PE_CTRL); + volatile uint32_t *rwe_ctrl = (uint32_t *)(SE_FC1_BASE+RWE_CTRL); + volatile uint32_t *rgn_size = (uint32_t *)(SE_FC1_BASE+RGN_SIZE); + volatile uint32_t *rgn_cfg0 = (uint32_t *)(SE_FC1_BASE+RGN_CFG0); + volatile uint32_t *rgn_tcfg0 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG0); + volatile uint32_t *rgn_tcfg2 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG2); + volatile uint32_t *rgn_mpl0 = (uint32_t *)(SE_FC1_BASE+RGN_MPL0); + volatile uint32_t *rgn_ctrl1 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL1); + volatile uint32_t *rgn_ctrl0 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL0); + + /* + * Region Programming Sequence + * -Select The correct region using RWE_CTRL + * -Program region Base address using RGN_CFG{0,1} + * -Program Region size using RGN_TCFG{0,1} + * -Enable Translation properties using RGN_TCFG2 + * -Program the required Permission entries RGN_MPL + * -Enable the required master permission entries using RGN_CTRL1 + * -Enable the region using RGN_CTRL1 + */ + + /* Enable PE_CTRL */ + *pe_ctrl = PE_ENABLE | *pe_ctrl; + + /* Boot Instruction Register region: 4KB */ + *rwe_ctrl = HOST_BIR_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_4KB; + *rgn_cfg0 = SE_HOST_ACCESS; + *rgn_tcfg0 = HOST_BIR_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Shared RAM region: 32MB */ + *rwe_ctrl = SHARED_RAM_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_32MB; + *rgn_cfg0 = SE_SHARED_RAM_ACCESS; + *rgn_tcfg0 = HOST_SHARED_RAM_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Execute in place(XIP) Flash region: 128MB */ + *rwe_ctrl = XIP_FLASH_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_128MB; + *rgn_cfg0 = SE_FLASH_BASE; + *rgn_tcfg0 = HOST_FLASH_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Host peripherals region: 128MB */ + *rwe_ctrl = HOST_PERIPHERAL_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_128MB; + *rgn_cfg0 = SE_HOST_PERIPHERAL_BASE; + *rgn_tcfg0 = HOST_PERIPHERAL_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + *rwe_ctrl = DEFAULT_REGION; + *rgn_ctrl0 = ENABLE; + + return FWK_SUCCESS; +} + +static int firewall_init( + fwk_id_t module_id, + unsigned int element_count, + const void *data) +{ + se_firewall_setup(); + return FWK_SUCCESS; +} + +const struct fwk_module module_firewall = { + .name = "firewall", + .type = FWK_MODULE_TYPE_SERVICE, + .init = firewall_init, +}; diff --git a/product/corstone-700/se_romfw/config_firewall.c b/product/corstone-700/se_romfw/config_firewall.c new file mode 100644 index 0000000..0d10bb0 --- /dev/null +++ b/product/corstone-700/se_romfw/config_firewall.c @@ -0,0 +1,18 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <fwk_module.h> +#include <se_system_mmap.h> +#include <se_mmap.h> +#include <mod_firewall.h> + +const struct fwk_module_config config_firewall = { + .data = &((struct firewall_config) { + .se_firewall_base = SE_FIREWALL_BASE, + }) +}; diff --git a/product/corstone-700/se_romfw/firmware.mk b/product/corstone-700/se_romfw/firmware.mk index 6716114..9b6618d 100644 --- a/product/corstone-700/se_romfw/firmware.mk +++ b/product/corstone-700/se_romfw/firmware.mk @@ -13,11 +13,13 @@ BS_FIRMWARE_MODULE_HEADERS_ONLY := \ BS_FIRMWARE_MODULES := \ pl011 \ log \ + firewall \ spitoc_parser \ ramfw_loader BS_FIRMWARE_SOURCES := \ config_log.c \ + config_firewall.c \ config_spitoc_parser.c \ config_ramfw_loader.c |