blob: 12ed384c8fcbb29b6899f836b6ea560523afd2b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*
*
* Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <string.h>
#include <assert.h>
#include <fwk_errno.h>
#include <fwk_id.h>
#include <fwk_module.h>
#include <fwk_interrupt.h>
#include <fwk_module_idx.h>
#include <fwk_mm.h>
#include <mod_log.h>
#include <se_system_mmap.h>
#include <mod_firewall.h>
/*
* boot processor Firewall programming.
* The Host Access Region is a 2GB region starting at 0x6000_0000.
* It allows the boot processor access to the Host System address
* space, all access pass through Secure enclave firewall having
* translation extension programmed.
* Four host regions are currently accessed by boot processor namely
* Boot Instruction Register, Shared RAM, XIP Flash and Host
* Peripheral regions.
*/
static int se_firewall_setup()
{
volatile uint32_t *pe_ctrl = (uint32_t *)(SE_FC1_BASE+PE_CTRL);
volatile uint32_t *rwe_ctrl = (uint32_t *)(SE_FC1_BASE+RWE_CTRL);
volatile uint32_t *rgn_size = (uint32_t *)(SE_FC1_BASE+RGN_SIZE);
volatile uint32_t *rgn_cfg0 = (uint32_t *)(SE_FC1_BASE+RGN_CFG0);
volatile uint32_t *rgn_tcfg0 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG0);
volatile uint32_t *rgn_tcfg2 = (uint32_t *)(SE_FC1_BASE+RGN_TCFG2);
volatile uint32_t *rgn_mpl0 = (uint32_t *)(SE_FC1_BASE+RGN_MPL0);
volatile uint32_t *rgn_ctrl1 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL1);
volatile uint32_t *rgn_ctrl0 = (uint32_t *)(SE_FC1_BASE+RGN_CTRL0);
/*
* Region Programming Sequence
* -Select The correct region using RWE_CTRL
* -Program region Base address using RGN_CFG{0,1}
* -Program Region size using RGN_TCFG{0,1}
* -Enable Translation properties using RGN_TCFG2
* -Program the required Permission entries RGN_MPL
* -Enable the required master permission entries using RGN_CTRL1
* -Enable the region using RGN_CTRL1
*/
/* Enable PE_CTRL */
*pe_ctrl = PE_ENABLE | *pe_ctrl;
/* Boot Instruction Register region: 4KB */
*rwe_ctrl = HOST_BIR_REGION;
*rgn_ctrl0 = DISABLE;
*rgn_size = RGN_SIZE_4KB;
*rgn_cfg0 = SE_HOST_ACCESS;
*rgn_tcfg0 = HOST_BIR_BASE;
*rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
*rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
| NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
*rgn_ctrl1 = MPE0_EN;
*rgn_ctrl0 = ENABLE;
/* Shared RAM region: 32MB */
*rwe_ctrl = SHARED_RAM_REGION;
*rgn_ctrl0 = DISABLE;
*rgn_size = RGN_SIZE_32MB;
*rgn_cfg0 = SE_SHARED_RAM_ACCESS;
*rgn_tcfg0 = HOST_SHARED_RAM_BASE;
*rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
*rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
| NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
*rgn_ctrl1 = MPE0_EN;
*rgn_ctrl0 = ENABLE;
/* Execute in place(XIP) Flash region: 128MB */
*rwe_ctrl = XIP_FLASH_REGION;
*rgn_ctrl0 = DISABLE;
*rgn_size = RGN_SIZE_128MB;
*rgn_cfg0 = SE_FLASH_BASE;
*rgn_tcfg0 = HOST_FLASH_BASE;
*rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
*rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
| NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
*rgn_ctrl1 = MPE0_EN;
*rgn_ctrl0 = ENABLE;
/* Host peripherals region: 128MB */
*rwe_ctrl = HOST_PERIPHERAL_REGION;
*rgn_ctrl0 = DISABLE;
*rgn_size = RGN_SIZE_128MB;
*rgn_cfg0 = SE_HOST_PERIPHERAL_BASE;
*rgn_tcfg0 = HOST_PERIPHERAL_BASE;
*rgn_tcfg2 = ADDR_TRANS_ENABLE | *rgn_tcfg2;
*rgn_mpl0 = ANY_MST | SPX | SPW | SPR | SUX | SUW | SUR \
| NSPX | NSPW | NSPR | NSUX | NSUW | NSUR;
*rgn_ctrl1 = MPE0_EN;
*rgn_ctrl0 = ENABLE;
*rwe_ctrl = DEFAULT_REGION;
*rgn_ctrl0 = ENABLE;
return FWK_SUCCESS;
}
static int firewall_init(
fwk_id_t module_id,
unsigned int element_count,
const void *data)
{
se_firewall_setup();
return FWK_SUCCESS;
}
const struct fwk_module module_firewall = {
.name = "firewall",
.type = FWK_MODULE_TYPE_SERVICE,
.init = firewall_init,
};
|