diff options
author | Harry Liebel <Harry.Liebel@arm.com> | 2014-04-01 19:27:38 +0100 |
---|---|---|
committer | Harry Liebel <Harry.Liebel@arm.com> | 2014-04-24 14:08:01 +0100 |
commit | f2199d95d931826be7f87af0935ac536812d0488 (patch) | |
tree | 273cea29e9d7fea8bb38cc36a86385cc66b02098 | |
parent | cd116d177b76dbb333ed2aa0cb47a0c17678f0c2 (diff) | |
download | arm-trusted-firmware-f2199d95d931826be7f87af0935ac536812d0488.tar.gz |
Enable secure memory support for FVPs
- Use the TrustZone controller on Base FVP to program DRAM access
permissions. By default no access to DRAM is allowed if
'secure memory' is enabled on the Base FVP.
- The Foundation FVP does not have a TrustZone controller but instead
has fixed access permissions.
- Update FDTs for Linux to use timers at the correct security level.
- Starting the FVPs with 'secure memory' disabled is also supported.
Limitations:
Virtio currently uses a reserved NSAID. This will be corrected in
future FVP releases.
Change-Id: I0b6c003a7b5982267815f62bcf6eb82aa4c50a31
-rw-r--r-- | fdts/fvp-base-gicv2-psci.dtb | bin | 9077 -> 9077 bytes | |||
-rw-r--r-- | fdts/fvp-base-gicv2-psci.dts | 8 | ||||
-rw-r--r-- | fdts/fvp-base-gicv2legacy-psci.dtb | bin | 9077 -> 9077 bytes | |||
-rw-r--r-- | fdts/fvp-base-gicv2legacy-psci.dts | 8 | ||||
-rw-r--r-- | fdts/fvp-base-gicv3-psci.dtb | bin | 9544 -> 9544 bytes | |||
-rw-r--r-- | fdts/fvp-base-gicv3-psci.dts | 8 | ||||
-rw-r--r-- | fdts/fvp-foundation-gicv2-psci.dtb | bin | 6798 -> 6802 bytes | |||
-rw-r--r-- | fdts/fvp-foundation-gicv2-psci.dts | 10 | ||||
-rw-r--r-- | fdts/fvp-foundation-gicv2legacy-psci.dtb | bin | 6798 -> 6802 bytes | |||
-rw-r--r-- | fdts/fvp-foundation-gicv2legacy-psci.dts | 10 | ||||
-rw-r--r-- | fdts/fvp-foundation-gicv3-psci.dtb | bin | 7265 -> 7269 bytes | |||
-rw-r--r-- | fdts/fvp-foundation-gicv3-psci.dts | 10 | ||||
-rw-r--r-- | plat/fvp/aarch64/plat_common.c | 2 | ||||
-rw-r--r-- | plat/fvp/bl2_plat_setup.c | 8 | ||||
-rw-r--r-- | plat/fvp/plat_security.c | 131 | ||||
-rw-r--r-- | plat/fvp/platform.h | 29 | ||||
-rw-r--r-- | plat/fvp/platform.mk | 6 |
17 files changed, 201 insertions, 29 deletions
diff --git a/fdts/fvp-base-gicv2-psci.dtb b/fdts/fvp-base-gicv2-psci.dtb Binary files differindex 5bfdcf1da..abdb9a0cd 100644 --- a/fdts/fvp-base-gicv2-psci.dtb +++ b/fdts/fvp-base-gicv2-psci.dtb diff --git a/fdts/fvp-base-gicv2-psci.dts b/fdts/fvp-base-gicv2-psci.dts index 7924651e5..7d089227f 100644 --- a/fdts/fvp-base-gicv2-psci.dts +++ b/fdts/fvp-base-gicv2-psci.dts @@ -147,10 +147,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/fdts/fvp-base-gicv2legacy-psci.dtb b/fdts/fvp-base-gicv2legacy-psci.dtb Binary files differindex db17e9806..3fc6b3eed 100644 --- a/fdts/fvp-base-gicv2legacy-psci.dtb +++ b/fdts/fvp-base-gicv2legacy-psci.dtb diff --git a/fdts/fvp-base-gicv2legacy-psci.dts b/fdts/fvp-base-gicv2legacy-psci.dts index cfd50a707..f0952314e 100644 --- a/fdts/fvp-base-gicv2legacy-psci.dts +++ b/fdts/fvp-base-gicv2legacy-psci.dts @@ -147,10 +147,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/fdts/fvp-base-gicv3-psci.dtb b/fdts/fvp-base-gicv3-psci.dtb Binary files differindex 52f251b88..1efa13680 100644 --- a/fdts/fvp-base-gicv3-psci.dtb +++ b/fdts/fvp-base-gicv3-psci.dtb diff --git a/fdts/fvp-base-gicv3-psci.dts b/fdts/fvp-base-gicv3-psci.dts index 84faeba59..96d264e91 100644 --- a/fdts/fvp-base-gicv3-psci.dts +++ b/fdts/fvp-base-gicv3-psci.dts @@ -156,10 +156,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/fdts/fvp-foundation-gicv2-psci.dtb b/fdts/fvp-foundation-gicv2-psci.dtb Binary files differindex d982e8567..ca100889e 100644 --- a/fdts/fvp-foundation-gicv2-psci.dtb +++ b/fdts/fvp-foundation-gicv2-psci.dtb diff --git a/fdts/fvp-foundation-gicv2-psci.dts b/fdts/fvp-foundation-gicv2-psci.dts index c886f5dcc..bf368a01c 100644 --- a/fdts/fvp-foundation-gicv2-psci.dts +++ b/fdts/fvp-foundation-gicv2-psci.dts @@ -36,7 +36,7 @@ }; / { - model = "FVP Base"; + model = "FVP Foundation"; compatible = "arm,fvp-base", "arm,vexpress"; interrupt-parent = <&gic>; #address-cells = <2>; @@ -123,10 +123,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dtb b/fdts/fvp-foundation-gicv2legacy-psci.dtb Binary files differindex 849e68ac4..a602ff5ce 100644 --- a/fdts/fvp-foundation-gicv2legacy-psci.dtb +++ b/fdts/fvp-foundation-gicv2legacy-psci.dtb diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dts b/fdts/fvp-foundation-gicv2legacy-psci.dts index b62ef2bfb..63cef80c7 100644 --- a/fdts/fvp-foundation-gicv2legacy-psci.dts +++ b/fdts/fvp-foundation-gicv2legacy-psci.dts @@ -36,7 +36,7 @@ }; / { - model = "FVP Base"; + model = "FVP Foundation"; compatible = "arm,fvp-base", "arm,vexpress"; interrupt-parent = <&gic>; #address-cells = <2>; @@ -123,10 +123,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/fdts/fvp-foundation-gicv3-psci.dtb b/fdts/fvp-foundation-gicv3-psci.dtb Binary files differindex c6472e000..f64e42105 100644 --- a/fdts/fvp-foundation-gicv3-psci.dtb +++ b/fdts/fvp-foundation-gicv3-psci.dtb diff --git a/fdts/fvp-foundation-gicv3-psci.dts b/fdts/fvp-foundation-gicv3-psci.dts index 1bf7234df..f9f1ff335 100644 --- a/fdts/fvp-foundation-gicv3-psci.dts +++ b/fdts/fvp-foundation-gicv3-psci.dts @@ -36,7 +36,7 @@ }; / { - model = "FVP Base"; + model = "FVP Foundation"; compatible = "arm,fvp-base", "arm,vexpress"; interrupt-parent = <&gic>; #address-cells = <2>; @@ -132,10 +132,10 @@ #address-cells = <2>; #size-cells = <2>; ranges; - frame@2a820000 { - frame-number = <0>; - interrupts = <0 25 4>; - reg = <0x0 0x2a820000 0x0 0x10000>; + frame@2a830000 { + frame-number = <1>; + interrupts = <0 26 4>; + reg = <0x0 0x2a830000 0x0 0x10000>; }; }; diff --git a/plat/fvp/aarch64/plat_common.c b/plat/fvp/aarch64/plat_common.c index 16645cb72..dd362f0d3 100644 --- a/plat/fvp/aarch64/plat_common.c +++ b/plat/fvp/aarch64/plat_common.c @@ -220,6 +220,7 @@ int platform_config_setup(void) platform_config[CONFIG_CPU_SETUP] = 0; platform_config[CONFIG_BASE_MMAP] = 0; platform_config[CONFIG_HAS_CCI] = 0; + platform_config[CONFIG_HAS_TZC] = 0; break; case HBI_FVP_BASE: midr_pn = (read_midr() >> MIDR_PN_SHIFT) & MIDR_PN_MASK; @@ -232,6 +233,7 @@ int platform_config_setup(void) platform_config[CONFIG_MAX_AFF1] = 2; platform_config[CONFIG_BASE_MMAP] = 1; platform_config[CONFIG_HAS_CCI] = 1; + platform_config[CONFIG_HAS_TZC] = 1; break; default: assert(0); diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c index 4d57ed562..da6a4858a 100644 --- a/plat/fvp/bl2_plat_setup.c +++ b/plat/fvp/bl2_plat_setup.c @@ -122,6 +122,14 @@ void bl2_early_platform_setup(meminfo *mem_layout, ******************************************************************************/ void bl2_platform_setup() { + /* + * Do initial security configuration to allow DRAM/device access. On + * Base FVP only DRAM security is programmable (via TrustZone), but + * other platforms might have more programmable security devices + * present. + */ + plat_security_setup(); + /* Initialise the IO layer and register platform IO devices */ io_setup(); diff --git a/plat/fvp/plat_security.c b/plat/fvp/plat_security.c new file mode 100644 index 000000000..a60eca3dd --- /dev/null +++ b/plat/fvp/plat_security.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <assert.h> +#include "platform.h" +#include "tzc400.h" +#include "debug.h" + +/* Used to improve readability for configuring regions. */ +#define FILTER_SHIFT(filter) (1 << filter) + +/* + * For the moment we assume that all security programming is done by the + * primary core. + * TODO: + * Might want to enable interrupt on violations when supported? + */ +void plat_security_setup(void) +{ + struct tzc_instance controller; + + /* + * The Base FVP has a TrustZone address space controller, the Foundation + * FVP does not. Trying to program the device on the foundation FVP will + * cause an abort. + * + * If the platform had additional peripheral specific security + * configurations, those would be configured here. + */ + + if (!platform_get_cfgvar(CONFIG_HAS_TZC)) + return; + + /* + * The TrustZone controller controls access to main DRAM. Give + * full NS access for the moment to use with OS. + */ + INFO("Configuring TrustZone Controller\n"); + + /* + * The driver does some error checking and will assert. + * - Provide base address of device on platform. + * - Provide width of ACE-Lite IDs on platform. + */ + controller.base = TZC400_BASE; + controller.aid_width = FVP_AID_WIDTH; + tzc_init(&controller); + + /* + * Currently only filters 0 and 2 are connected on Base FVP. + * Filter 0 : CPU clusters (no access to DRAM by default) + * Filter 1 : not connected + * Filter 2 : LCDs (access to VRAM allowed by default) + * Filter 3 : not connected + * Programming unconnected filters will have no effect at the + * moment. These filter could, however, be connected in future. + * So care should be taken not to configure the unused filters. + */ + + /* Disable all filters before programming. */ + tzc_disable_filters(&controller); + + /* + * Allow full access to all DRAM to supported devices for the + * moment. Give access to the CPUs and Virtio. Some devices + * would normally use the default ID so allow that too. We use + * three different regions to cover the three separate blocks of + * memory in the FVPs. We allow secure access to DRAM to load NS + * software. + * FIXME: In current models Virtio uses a reserved ID. This is + * not correct and will be fixed. + */ + + /* Set to cover 2GB block of DRAM */ + tzc_configure_region(&controller, FILTER_SHIFT(0), 1, + DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_RDWR, + TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); + + /* Set to cover the 30GB block */ + tzc_configure_region(&controller, FILTER_SHIFT(0), 2, + 0x880000000, 0xFFFFFFFFF, TZC_REGION_S_RDWR, + TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); + + /* Set to cover 480GB block */ + tzc_configure_region(&controller, FILTER_SHIFT(0), 3, + 0x8800000000, 0xFFFFFFFFFF, TZC_REGION_S_RDWR, + TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) | + TZC_REGION_ACCESS_RDWR(FVP_NSAID_RES5)); + + /* + * TODO: Interrupts are not currently supported. The only + * options we have are for access errors to occur quietly or to + * cause an exception. We choose to cause an exception. + */ + tzc_set_action(&controller, TZC_ACTION_ERR); + + /* Enable filters. */ + tzc_enable_filters(&controller); +} diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h index c59435767..01b995b82 100644 --- a/plat/fvp/platform.h +++ b/plat/fvp/platform.h @@ -99,7 +99,8 @@ #define CONFIG_BASE_MMAP 7 /* Indicates whether CCI should be enabled on the platform. */ #define CONFIG_HAS_CCI 8 -#define CONFIG_LIMIT 9 +#define CONFIG_HAS_TZC 9 +#define CONFIG_LIMIT 10 /******************************************************************************* * Platform memory map related constants @@ -303,6 +304,28 @@ #define PL011_UART3_BASE 0x1c0c0000 #define PL011_BASE PL011_UART0_BASE + +/******************************************************************************* + * TrustZone address space controller related constants + ******************************************************************************/ +#define TZC400_BASE 0x2a4a0000 + +/* + * The NSAIDs for this platform as used to program the TZC400. + * TODO: + * This list and the numbers in it is still changing on the Base FVP. + * For now only specify the NSAIDs we actually use. + */ + +/* The FVP has 4 bits of NSAIDs. Used with TZC FAIL_ID (ACE Lite ID width) */ +#define FVP_AID_WIDTH 4 +#define FVP_NSAID_DEFAULT 0 +#define FVP_NSAID_AP 9 /* Application Processors */ + +/* FIXME: Currently incorrectly used by Virtio */ +#define FVP_NSAID_RES5 15 + + /******************************************************************************* * Declarations and constants to access the mailboxes safely. Each mailbox is * aligned on the biggest cache line size in the platform. This is known only @@ -374,6 +397,10 @@ extern void io_setup(void); extern int plat_get_image_source(const char *image_name, io_dev_handle *dev_handle, void **image_spec); +/* Declarations for plat_security.c */ +extern void plat_security_setup(void); + + #endif /*__ASSEMBLY__*/ #endif /* __PLATFORM_H__ */ diff --git a/plat/fvp/platform.mk b/plat/fvp/platform.mk index 36090f206..0fc45de68 100644 --- a/plat/fvp/platform.mk +++ b/plat/fvp/platform.mk @@ -29,6 +29,7 @@ # PLAT_INCLUDES := -Idrivers/arm/interconnect/cci-400 \ + -Idrivers/arm/interconnect/tzc-400 \ -Idrivers/console \ -Idrivers/arm/peripherals/pl011 \ -Idrivers/power @@ -43,6 +44,7 @@ PLAT_BL1_C_VPATH := drivers/arm/interconnect/cci-400 \ PLAT_BL1_S_VPATH := lib/semihosting/${ARCH} PLAT_BL2_C_VPATH := drivers/arm/interconnect/cci-400 \ + drivers/arm/interconnect/tzc-400 \ drivers/arm/peripherals/pl011 \ lib/arch/${ARCH} \ lib/stdlib \ @@ -82,7 +84,9 @@ BL1_SOURCES += bl1_plat_setup.c \ BL2_SOURCES += bl2_plat_setup.c \ platform_up_stack.S \ - plat_common.c + plat_common.c \ + plat_security.c \ + tzc400.c BL31_SOURCES += bl31_plat_setup.c \ plat_helpers.S \ |