summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarry Liebel <Harry.Liebel@arm.com>2014-04-01 19:27:38 +0100
committerHarry Liebel <Harry.Liebel@arm.com>2014-04-24 14:08:01 +0100
commitf2199d95d931826be7f87af0935ac536812d0488 (patch)
tree273cea29e9d7fea8bb38cc36a86385cc66b02098
parentcd116d177b76dbb333ed2aa0cb47a0c17678f0c2 (diff)
downloadarm-trusted-firmware-f2199d95d931826be7f87af0935ac536812d0488.tar.gz
Enable secure memory support for FVPs
- Use the TrustZone controller on Base FVP to program DRAM access permissions. By default no access to DRAM is allowed if 'secure memory' is enabled on the Base FVP. - The Foundation FVP does not have a TrustZone controller but instead has fixed access permissions. - Update FDTs for Linux to use timers at the correct security level. - Starting the FVPs with 'secure memory' disabled is also supported. Limitations: Virtio currently uses a reserved NSAID. This will be corrected in future FVP releases. Change-Id: I0b6c003a7b5982267815f62bcf6eb82aa4c50a31
-rw-r--r--fdts/fvp-base-gicv2-psci.dtbbin9077 -> 9077 bytes
-rw-r--r--fdts/fvp-base-gicv2-psci.dts8
-rw-r--r--fdts/fvp-base-gicv2legacy-psci.dtbbin9077 -> 9077 bytes
-rw-r--r--fdts/fvp-base-gicv2legacy-psci.dts8
-rw-r--r--fdts/fvp-base-gicv3-psci.dtbbin9544 -> 9544 bytes
-rw-r--r--fdts/fvp-base-gicv3-psci.dts8
-rw-r--r--fdts/fvp-foundation-gicv2-psci.dtbbin6798 -> 6802 bytes
-rw-r--r--fdts/fvp-foundation-gicv2-psci.dts10
-rw-r--r--fdts/fvp-foundation-gicv2legacy-psci.dtbbin6798 -> 6802 bytes
-rw-r--r--fdts/fvp-foundation-gicv2legacy-psci.dts10
-rw-r--r--fdts/fvp-foundation-gicv3-psci.dtbbin7265 -> 7269 bytes
-rw-r--r--fdts/fvp-foundation-gicv3-psci.dts10
-rw-r--r--plat/fvp/aarch64/plat_common.c2
-rw-r--r--plat/fvp/bl2_plat_setup.c8
-rw-r--r--plat/fvp/plat_security.c131
-rw-r--r--plat/fvp/platform.h29
-rw-r--r--plat/fvp/platform.mk6
17 files changed, 201 insertions, 29 deletions
diff --git a/fdts/fvp-base-gicv2-psci.dtb b/fdts/fvp-base-gicv2-psci.dtb
index 5bfdcf1da..abdb9a0cd 100644
--- a/fdts/fvp-base-gicv2-psci.dtb
+++ b/fdts/fvp-base-gicv2-psci.dtb
Binary files differ
diff --git a/fdts/fvp-base-gicv2-psci.dts b/fdts/fvp-base-gicv2-psci.dts
index 7924651e5..7d089227f 100644
--- a/fdts/fvp-base-gicv2-psci.dts
+++ b/fdts/fvp-base-gicv2-psci.dts
@@ -147,10 +147,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/fdts/fvp-base-gicv2legacy-psci.dtb b/fdts/fvp-base-gicv2legacy-psci.dtb
index db17e9806..3fc6b3eed 100644
--- a/fdts/fvp-base-gicv2legacy-psci.dtb
+++ b/fdts/fvp-base-gicv2legacy-psci.dtb
Binary files differ
diff --git a/fdts/fvp-base-gicv2legacy-psci.dts b/fdts/fvp-base-gicv2legacy-psci.dts
index cfd50a707..f0952314e 100644
--- a/fdts/fvp-base-gicv2legacy-psci.dts
+++ b/fdts/fvp-base-gicv2legacy-psci.dts
@@ -147,10 +147,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/fdts/fvp-base-gicv3-psci.dtb b/fdts/fvp-base-gicv3-psci.dtb
index 52f251b88..1efa13680 100644
--- a/fdts/fvp-base-gicv3-psci.dtb
+++ b/fdts/fvp-base-gicv3-psci.dtb
Binary files differ
diff --git a/fdts/fvp-base-gicv3-psci.dts b/fdts/fvp-base-gicv3-psci.dts
index 84faeba59..96d264e91 100644
--- a/fdts/fvp-base-gicv3-psci.dts
+++ b/fdts/fvp-base-gicv3-psci.dts
@@ -156,10 +156,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/fdts/fvp-foundation-gicv2-psci.dtb b/fdts/fvp-foundation-gicv2-psci.dtb
index d982e8567..ca100889e 100644
--- a/fdts/fvp-foundation-gicv2-psci.dtb
+++ b/fdts/fvp-foundation-gicv2-psci.dtb
Binary files differ
diff --git a/fdts/fvp-foundation-gicv2-psci.dts b/fdts/fvp-foundation-gicv2-psci.dts
index c886f5dcc..bf368a01c 100644
--- a/fdts/fvp-foundation-gicv2-psci.dts
+++ b/fdts/fvp-foundation-gicv2-psci.dts
@@ -36,7 +36,7 @@
};
/ {
- model = "FVP Base";
+ model = "FVP Foundation";
compatible = "arm,fvp-base", "arm,vexpress";
interrupt-parent = <&gic>;
#address-cells = <2>;
@@ -123,10 +123,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dtb b/fdts/fvp-foundation-gicv2legacy-psci.dtb
index 849e68ac4..a602ff5ce 100644
--- a/fdts/fvp-foundation-gicv2legacy-psci.dtb
+++ b/fdts/fvp-foundation-gicv2legacy-psci.dtb
Binary files differ
diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dts b/fdts/fvp-foundation-gicv2legacy-psci.dts
index b62ef2bfb..63cef80c7 100644
--- a/fdts/fvp-foundation-gicv2legacy-psci.dts
+++ b/fdts/fvp-foundation-gicv2legacy-psci.dts
@@ -36,7 +36,7 @@
};
/ {
- model = "FVP Base";
+ model = "FVP Foundation";
compatible = "arm,fvp-base", "arm,vexpress";
interrupt-parent = <&gic>;
#address-cells = <2>;
@@ -123,10 +123,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/fdts/fvp-foundation-gicv3-psci.dtb b/fdts/fvp-foundation-gicv3-psci.dtb
index c6472e000..f64e42105 100644
--- a/fdts/fvp-foundation-gicv3-psci.dtb
+++ b/fdts/fvp-foundation-gicv3-psci.dtb
Binary files differ
diff --git a/fdts/fvp-foundation-gicv3-psci.dts b/fdts/fvp-foundation-gicv3-psci.dts
index 1bf7234df..f9f1ff335 100644
--- a/fdts/fvp-foundation-gicv3-psci.dts
+++ b/fdts/fvp-foundation-gicv3-psci.dts
@@ -36,7 +36,7 @@
};
/ {
- model = "FVP Base";
+ model = "FVP Foundation";
compatible = "arm,fvp-base", "arm,vexpress";
interrupt-parent = <&gic>;
#address-cells = <2>;
@@ -132,10 +132,10 @@
#address-cells = <2>;
#size-cells = <2>;
ranges;
- frame@2a820000 {
- frame-number = <0>;
- interrupts = <0 25 4>;
- reg = <0x0 0x2a820000 0x0 0x10000>;
+ frame@2a830000 {
+ frame-number = <1>;
+ interrupts = <0 26 4>;
+ reg = <0x0 0x2a830000 0x0 0x10000>;
};
};
diff --git a/plat/fvp/aarch64/plat_common.c b/plat/fvp/aarch64/plat_common.c
index 16645cb72..dd362f0d3 100644
--- a/plat/fvp/aarch64/plat_common.c
+++ b/plat/fvp/aarch64/plat_common.c
@@ -220,6 +220,7 @@ int platform_config_setup(void)
platform_config[CONFIG_CPU_SETUP] = 0;
platform_config[CONFIG_BASE_MMAP] = 0;
platform_config[CONFIG_HAS_CCI] = 0;
+ platform_config[CONFIG_HAS_TZC] = 0;
break;
case HBI_FVP_BASE:
midr_pn = (read_midr() >> MIDR_PN_SHIFT) & MIDR_PN_MASK;
@@ -232,6 +233,7 @@ int platform_config_setup(void)
platform_config[CONFIG_MAX_AFF1] = 2;
platform_config[CONFIG_BASE_MMAP] = 1;
platform_config[CONFIG_HAS_CCI] = 1;
+ platform_config[CONFIG_HAS_TZC] = 1;
break;
default:
assert(0);
diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c
index 4d57ed562..da6a4858a 100644
--- a/plat/fvp/bl2_plat_setup.c
+++ b/plat/fvp/bl2_plat_setup.c
@@ -122,6 +122,14 @@ void bl2_early_platform_setup(meminfo *mem_layout,
******************************************************************************/
void bl2_platform_setup()
{
+ /*
+ * Do initial security configuration to allow DRAM/device access. On
+ * Base FVP only DRAM security is programmable (via TrustZone), but
+ * other platforms might have more programmable security devices
+ * present.
+ */
+ plat_security_setup();
+
/* Initialise the IO layer and register platform IO devices */
io_setup();
diff --git a/plat/fvp/plat_security.c b/plat/fvp/plat_security.c
new file mode 100644
index 000000000..a60eca3dd
--- /dev/null
+++ b/plat/fvp/plat_security.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include "platform.h"
+#include "tzc400.h"
+#include "debug.h"
+
+/* Used to improve readability for configuring regions. */
+#define FILTER_SHIFT(filter) (1 << filter)
+
+/*
+ * For the moment we assume that all security programming is done by the
+ * primary core.
+ * TODO:
+ * Might want to enable interrupt on violations when supported?
+ */
+void plat_security_setup(void)
+{
+ struct tzc_instance controller;
+
+ /*
+ * The Base FVP has a TrustZone address space controller, the Foundation
+ * FVP does not. Trying to program the device on the foundation FVP will
+ * cause an abort.
+ *
+ * If the platform had additional peripheral specific security
+ * configurations, those would be configured here.
+ */
+
+ if (!platform_get_cfgvar(CONFIG_HAS_TZC))
+ return;
+
+ /*
+ * The TrustZone controller controls access to main DRAM. Give
+ * full NS access for the moment to use with OS.
+ */
+ INFO("Configuring TrustZone Controller\n");
+
+ /*
+ * The driver does some error checking and will assert.
+ * - Provide base address of device on platform.
+ * - Provide width of ACE-Lite IDs on platform.
+ */
+ controller.base = TZC400_BASE;
+ controller.aid_width = FVP_AID_WIDTH;
+ tzc_init(&controller);
+
+ /*
+ * Currently only filters 0 and 2 are connected on Base FVP.
+ * Filter 0 : CPU clusters (no access to DRAM by default)
+ * Filter 1 : not connected
+ * Filter 2 : LCDs (access to VRAM allowed by default)
+ * Filter 3 : not connected
+ * Programming unconnected filters will have no effect at the
+ * moment. These filter could, however, be connected in future.
+ * So care should be taken not to configure the unused filters.
+ */
+
+ /* Disable all filters before programming. */
+ tzc_disable_filters(&controller);
+
+ /*
+ * Allow full access to all DRAM to supported devices for the
+ * moment. Give access to the CPUs and Virtio. Some devices
+ * would normally use the default ID so allow that too. We use
+ * three different regions to cover the three separate blocks of
+ * memory in the FVPs. We allow secure access to DRAM to load NS
+ * software.
+ * FIXME: In current models Virtio uses a reserved ID. This is
+ * not correct and will be fixed.
+ */
+
+ /* Set to cover 2GB block of DRAM */
+ tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
+ DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_RDWR,
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
+
+ /* Set to cover the 30GB block */
+ tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
+ 0x880000000, 0xFFFFFFFFF, TZC_REGION_S_RDWR,
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
+
+ /* Set to cover 480GB block */
+ tzc_configure_region(&controller, FILTER_SHIFT(0), 3,
+ 0x8800000000, 0xFFFFFFFFFF, TZC_REGION_S_RDWR,
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
+ TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5));
+
+ /*
+ * TODO: Interrupts are not currently supported. The only
+ * options we have are for access errors to occur quietly or to
+ * cause an exception. We choose to cause an exception.
+ */
+ tzc_set_action(&controller, TZC_ACTION_ERR);
+
+ /* Enable filters. */
+ tzc_enable_filters(&controller);
+}
diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h
index c59435767..01b995b82 100644
--- a/plat/fvp/platform.h
+++ b/plat/fvp/platform.h
@@ -99,7 +99,8 @@
#define CONFIG_BASE_MMAP 7
/* Indicates whether CCI should be enabled on the platform. */
#define CONFIG_HAS_CCI 8
-#define CONFIG_LIMIT 9
+#define CONFIG_HAS_TZC 9
+#define CONFIG_LIMIT 10
/*******************************************************************************
* Platform memory map related constants
@@ -303,6 +304,28 @@
#define PL011_UART3_BASE 0x1c0c0000
#define PL011_BASE PL011_UART0_BASE
+
+/*******************************************************************************
+ * TrustZone address space controller related constants
+ ******************************************************************************/
+#define TZC400_BASE 0x2a4a0000
+
+/*
+ * The NSAIDs for this platform as used to program the TZC400.
+ * TODO:
+ * This list and the numbers in it is still changing on the Base FVP.
+ * For now only specify the NSAIDs we actually use.
+ */
+
+/* The FVP has 4 bits of NSAIDs. Used with TZC FAIL_ID (ACE Lite ID width) */
+#define FVP_AID_WIDTH 4
+#define FVP_NSAID_DEFAULT 0
+#define FVP_NSAID_AP 9 /* Application Processors */
+
+/* FIXME: Currently incorrectly used by Virtio */
+#define FVP_NSAID_RES5 15
+
+
/*******************************************************************************
* Declarations and constants to access the mailboxes safely. Each mailbox is
* aligned on the biggest cache line size in the platform. This is known only
@@ -374,6 +397,10 @@ extern void io_setup(void);
extern int plat_get_image_source(const char *image_name,
io_dev_handle *dev_handle, void **image_spec);
+/* Declarations for plat_security.c */
+extern void plat_security_setup(void);
+
+
#endif /*__ASSEMBLY__*/
#endif /* __PLATFORM_H__ */
diff --git a/plat/fvp/platform.mk b/plat/fvp/platform.mk
index 36090f206..0fc45de68 100644
--- a/plat/fvp/platform.mk
+++ b/plat/fvp/platform.mk
@@ -29,6 +29,7 @@
#
PLAT_INCLUDES := -Idrivers/arm/interconnect/cci-400 \
+ -Idrivers/arm/interconnect/tzc-400 \
-Idrivers/console \
-Idrivers/arm/peripherals/pl011 \
-Idrivers/power
@@ -43,6 +44,7 @@ PLAT_BL1_C_VPATH := drivers/arm/interconnect/cci-400 \
PLAT_BL1_S_VPATH := lib/semihosting/${ARCH}
PLAT_BL2_C_VPATH := drivers/arm/interconnect/cci-400 \
+ drivers/arm/interconnect/tzc-400 \
drivers/arm/peripherals/pl011 \
lib/arch/${ARCH} \
lib/stdlib \
@@ -82,7 +84,9 @@ BL1_SOURCES += bl1_plat_setup.c \
BL2_SOURCES += bl2_plat_setup.c \
platform_up_stack.S \
- plat_common.c
+ plat_common.c \
+ plat_security.c \
+ tzc400.c
BL31_SOURCES += bl31_plat_setup.c \
plat_helpers.S \