3 files changed, 154 insertions, 0 deletions
diff --git a/product/corstone-700/module/firewall/include/mod_firewall.h b/product/corstone-700/module/firewall/include/mod_firewall.h
new file mode 100644
index 0000000..a666612
--- /dev/null
+++ b/product/corstone-700/module/firewall/include/mod_firewall.h
@@ -0,0 +1,20 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef MOD_SE_FIREWALL_H
+#define MOD_SE_FIREWALL_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <fwk_id.h>
+#include <firewall.h>
+
+struct firewall_config {
+      const uintptr_t se_firewall_base;
+};
+#endif /* MOD_SE_FIREWALL_H */
diff --git a/product/corstone-700/module/firewall/src/Makefile b/product/corstone-700/module/firewall/src/Makefile
new file mode 100644
index 0000000..7badf24
--- /dev/null
+++ b/product/corstone-700/module/firewall/src/Makefile
@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+BS_LIB_NAME := FIREWALL
+BS_LIB_SOURCES = mod_firewall.c
+
+include $(BS_DIR)/lib.mk
diff --git a/product/corstone-700/module/firewall/src/mod_firewall.c b/product/corstone-700/module/firewall/src/mod_firewall.c
new file mode 100755
index 0000000..12ed384
--- /dev/null
+++ b/product/corstone-700/module/firewall/src/mod_firewall.c
@@ -0,0 +1,124 @@
+/*
+ *
+ * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <string.h>
+#include <assert.h>
+#include <fwk_errno.h>
+#include <fwk_id.h>
+#include <fwk_module.h>
+#include <fwk_interrupt.h>
+#include <fwk_module_idx.h>
+#include <fwk_mm.h>
+#include <mod_log.h>
+#include <se_system_mmap.h>
+#include <mod_firewall.h>
+
+/*
+ * boot processor Firewall programming.
+ * The Host Access Region is a 2GB region starting at 0x6000_0000.
+ * It allows the boot processor access to the Host System address
+ * space, all access pass through Secure enclave firewall having
+ * translation extension programmed.
+ * Four host regions are currently accessed by boot processor namely
+ * Boot Instruction Register, Shared RAM, XIP Flash and Host
+ * Peripheral regions.
+ */
+static int se_firewall_setup()
+{
+    volatile uint32_t *pe_ctrl = (uint32_t *)(SE_FC1_BASE+PE_CTRL);
+    volatile uint32_t *rwe_ctrl = (uint32_t *)(SE_FC1_BASE+RWE_CTRL);
+    volatile uint32_t *rgn_size = (uint32_t *)(SE_FC1_BASE+RGN_SIZE);
+    volatile uint32_t *rgn_cfg0 = (uint32_t *)(SE_FC1_BASE+RGN_CFG0);
+    volatile uint32_t *rgn_tcfg0 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG0);
+    volatile uint32_t *rgn_tcfg2 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG2);
+    volatile uint32_t *rgn_mpl0 = (uint32_t *)(SE_FC1_BASE+RGN_MPL0);
+    volatile uint32_t *rgn_ctrl1 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL1);
+    volatile uint32_t *rgn_ctrl0 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL0);
+
+    /*
+     * Region Programming Sequence
+     *  -Select The correct region using RWE_CTRL
+     *  -Program region Base address using RGN_CFG{0,1}
+     *  -Program Region size  using RGN_TCFG{0,1}
+     *  -Enable Translation properties using RGN_TCFG2
+     *  -Program the required Permission entries RGN_MPL
+     *  -Enable the required master permission entries using RGN_CTRL1
+     *  -Enable the region using RGN_CTRL1
+     */
+
+    /* Enable PE_CTRL */
+    *pe_ctrl = PE_ENABLE | *pe_ctrl;
+
+    /* Boot Instruction Register region: 4KB */
+    *rwe_ctrl = HOST_BIR_REGION;
+    *rgn_ctrl0 = DISABLE;
+    *rgn_size = RGN_SIZE_4KB;
+    *rgn_cfg0 = SE_HOST_ACCESS;
+    *rgn_tcfg0 = HOST_BIR_BASE;
+    *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+    *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+                | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+    *rgn_ctrl1 = MPE0_EN;
+    *rgn_ctrl0 = ENABLE;
+
+    /* Shared RAM region: 32MB */
+    *rwe_ctrl = SHARED_RAM_REGION;
+    *rgn_ctrl0 = DISABLE;
+    *rgn_size = RGN_SIZE_32MB;
+    *rgn_cfg0 = SE_SHARED_RAM_ACCESS;
+    *rgn_tcfg0 = HOST_SHARED_RAM_BASE;
+    *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+    *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+                | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+    *rgn_ctrl1 = MPE0_EN;
+    *rgn_ctrl0 = ENABLE;
+
+    /* Execute in place(XIP) Flash region: 128MB */
+    *rwe_ctrl = XIP_FLASH_REGION;
+    *rgn_ctrl0 = DISABLE;
+    *rgn_size = RGN_SIZE_128MB;
+    *rgn_cfg0 = SE_FLASH_BASE;
+    *rgn_tcfg0 = HOST_FLASH_BASE;
+    *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+    *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+                | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+    *rgn_ctrl1 = MPE0_EN;
+    *rgn_ctrl0 = ENABLE;
+
+    /* Host peripherals region: 128MB */
+    *rwe_ctrl = HOST_PERIPHERAL_REGION;
+    *rgn_ctrl0 = DISABLE;
+    *rgn_size = RGN_SIZE_128MB;
+    *rgn_cfg0 = SE_HOST_PERIPHERAL_BASE;
+    *rgn_tcfg0 = HOST_PERIPHERAL_BASE;
+    *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
+    *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
+                | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
+    *rgn_ctrl1 = MPE0_EN;
+    *rgn_ctrl0 = ENABLE;
+
+    *rwe_ctrl = DEFAULT_REGION;
+    *rgn_ctrl0 = ENABLE;
+
+    return FWK_SUCCESS;
+}
+
+static int firewall_init(
+    fwk_id_t module_id,
+    unsigned int element_count,
+    const void *data)
+{
+    se_firewall_setup();
+    return FWK_SUCCESS;
+}
+
+const struct fwk_module module_firewall = {
+    .name = "firewall",
+    .type = FWK_MODULE_TYPE_SERVICE,
+    .init = firewall_init,
+};