diff options
Diffstat (limited to 'product/corstone-700/module')
3 files changed, 154 insertions, 0 deletions
diff --git a/product/corstone-700/module/firewall/include/mod_firewall.h b/product/corstone-700/module/firewall/include/mod_firewall.h new file mode 100644 index 0000000..a666612 --- /dev/null +++ b/product/corstone-700/module/firewall/include/mod_firewall.h @@ -0,0 +1,20 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef MOD_SE_FIREWALL_H +#define MOD_SE_FIREWALL_H + +#include <stddef.h> +#include <stdint.h> +#include <fwk_id.h> +#include <firewall.h> + +struct firewall_config { + const uintptr_t se_firewall_base; +}; +#endif /* MOD_SE_FIREWALL_H */ diff --git a/product/corstone-700/module/firewall/src/Makefile b/product/corstone-700/module/firewall/src/Makefile new file mode 100644 index 0000000..7badf24 --- /dev/null +++ b/product/corstone-700/module/firewall/src/Makefile @@ -0,0 +1,10 @@ +# +# Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +BS_LIB_NAME := FIREWALL +BS_LIB_SOURCES = mod_firewall.c + +include $(BS_DIR)/lib.mk diff --git a/product/corstone-700/module/firewall/src/mod_firewall.c b/product/corstone-700/module/firewall/src/mod_firewall.c new file mode 100755 index 0000000..12ed384 --- /dev/null +++ b/product/corstone-700/module/firewall/src/mod_firewall.c @@ -0,0 +1,124 @@ +/* + * + * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <string.h> +#include <assert.h> +#include <fwk_errno.h> +#include <fwk_id.h> +#include <fwk_module.h> +#include <fwk_interrupt.h> +#include <fwk_module_idx.h> +#include <fwk_mm.h> +#include <mod_log.h> +#include <se_system_mmap.h> +#include <mod_firewall.h> + +/* + * boot processor Firewall programming. + * The Host Access Region is a 2GB region starting at 0x6000_0000. + * It allows the boot processor access to the Host System address + * space, all access pass through Secure enclave firewall having + * translation extension programmed. + * Four host regions are currently accessed by boot processor namely + * Boot Instruction Register, Shared RAM, XIP Flash and Host + * Peripheral regions. + */ +static int se_firewall_setup() +{ + volatile uint32_t *pe_ctrl = (uint32_t *)(SE_FC1_BASE+PE_CTRL); + volatile uint32_t *rwe_ctrl = (uint32_t *)(SE_FC1_BASE+RWE_CTRL); + volatile uint32_t *rgn_size = (uint32_t *)(SE_FC1_BASE+RGN_SIZE); + volatile uint32_t *rgn_cfg0 = (uint32_t *)(SE_FC1_BASE+RGN_CFG0); + volatile uint32_t *rgn_tcfg0 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG0); + volatile uint32_t *rgn_tcfg2 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG2); + volatile uint32_t *rgn_mpl0 = (uint32_t *)(SE_FC1_BASE+RGN_MPL0); + volatile uint32_t *rgn_ctrl1 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL1); + volatile uint32_t *rgn_ctrl0 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL0); + + /* + * Region Programming Sequence + * -Select The correct region using RWE_CTRL + * -Program region Base address using RGN_CFG{0,1} + * -Program Region size using RGN_TCFG{0,1} + * -Enable Translation properties using RGN_TCFG2 + * -Program the required Permission entries RGN_MPL + * -Enable the required master permission entries using RGN_CTRL1 + * -Enable the region using RGN_CTRL1 + */ + + /* Enable PE_CTRL */ + *pe_ctrl = PE_ENABLE | *pe_ctrl; + + /* Boot Instruction Register region: 4KB */ + *rwe_ctrl = HOST_BIR_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_4KB; + *rgn_cfg0 = SE_HOST_ACCESS; + *rgn_tcfg0 = HOST_BIR_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Shared RAM region: 32MB */ + *rwe_ctrl = SHARED_RAM_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_32MB; + *rgn_cfg0 = SE_SHARED_RAM_ACCESS; + *rgn_tcfg0 = HOST_SHARED_RAM_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Execute in place(XIP) Flash region: 128MB */ + *rwe_ctrl = XIP_FLASH_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_128MB; + *rgn_cfg0 = SE_FLASH_BASE; + *rgn_tcfg0 = HOST_FLASH_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + /* Host peripherals region: 128MB */ + *rwe_ctrl = HOST_PERIPHERAL_REGION; + *rgn_ctrl0 = DISABLE; + *rgn_size = RGN_SIZE_128MB; + *rgn_cfg0 = SE_HOST_PERIPHERAL_BASE; + *rgn_tcfg0 = HOST_PERIPHERAL_BASE; + *rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2; + *rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \ + | NSPX | NSPW | NSPR | NSUX | NSUW | NSUR; + *rgn_ctrl1 = MPE0_EN; + *rgn_ctrl0 = ENABLE; + + *rwe_ctrl = DEFAULT_REGION; + *rgn_ctrl0 = ENABLE; + + return FWK_SUCCESS; +} + +static int firewall_init( + fwk_id_t module_id, + unsigned int element_count, + const void *data) +{ + se_firewall_setup(); + return FWK_SUCCESS; +} + +const struct fwk_module module_firewall = { + .name = "firewall", + .type = FWK_MODULE_TYPE_SERVICE, + .init = firewall_init, +}; |