aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorJamie Fox <jamie.fox@arm.com>2020-08-17 18:31:14 +0100
committerKen Liu <ken.liu@arm.com>2020-08-31 01:24:13 +0000
commit455876743e22b16b237240bdd6ff8bebdf92f2f9 (patch)
tree664e4990238b4c956bc33edbec63ae7d27476d19 /secure_fw
parent4924cf829593338eb6251913893ff4742380cb1f (diff)
downloadtrusted-firmware-m-455876743e22b16b237240bdd6ff8bebdf92f2f9.tar.gz
Arch: Add function to configure coprocessors
Adds a function to do architecture-specific coprocessor configuration and implements it to configure the FPU as appropriate for all supported architectures. Change-Id: Ie09b27513b57d561081d10271f2042b5d965b0fd Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/spm/cmsis_func/arch.c33
-rw-r--r--secure_fw/spm/cmsis_func/main.c3
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c14
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c5
-rw-r--r--secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c29
-rw-r--r--secure_fw/spm/cmsis_psa/main.c3
-rw-r--r--secure_fw/spm/include/tfm_arch.h5
7 files changed, 92 insertions, 0 deletions
diff --git a/secure_fw/spm/cmsis_func/arch.c b/secure_fw/spm/cmsis_func/arch.c
index f804d4e7ee..d62ce71f93 100644
--- a/secure_fw/spm/cmsis_func/arch.c
+++ b/secure_fw/spm/cmsis_func/arch.c
@@ -251,6 +251,39 @@ void tfm_arch_prioritize_secure_exception(void)
}
#endif
+void tfm_arch_configure_coprocessors(void)
+{
+#if defined (__FPU_PRESENT) && (__FPU_PRESENT == 1U)
+ /* Configure Secure access to the FPU only if the secure image is being
+ * built with the FPU in use. This avoids introducing extra interrupt
+ * latency when the FPU is not used by the SPE.
+ */
+#if defined (__FPU_USED) && (__FPU_USED == 1U)
+ /* Enable Secure privileged and unprivilged access to the FP Extension */
+ SCB->CPACR |= (3U << 10U*2U) /* enable CP10 full access */
+ | (3U << 11U*2U); /* enable CP11 full access */
+
+#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
+ /* If the SPE will ever use the floating-point registers for sensitive data,
+ * then FPCCR.TS, FPCCR.CLRONRET and FPCCR.CLRONRETS must be set at
+ * initialisation and not changed again afterwards.
+ */
+ FPU->FPCCR |= FPU_FPCCR_TS_Msk
+ | FPU_FPCCR_CLRONRET_Msk
+ | FPU_FPCCR_CLRONRETS_Msk;
+#endif
+#endif
+
+#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
+ /* Permit Non-secure access to the Floating-point Extension.
+ * Note: It is still necessary to set CPACR_NS to enable the FP Extension in
+ * the NSPE. This configuration is left to NS privileged software.
+ */
+ SCB->NSACR |= SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk;
+#endif
+#endif
+}
+
#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
__attribute__((naked)) void SVC_Handler(void)
{
diff --git a/secure_fw/spm/cmsis_func/main.c b/secure_fw/spm/cmsis_func/main.c
index e785587e6a..d6bb304a21 100644
--- a/secure_fw/spm/cmsis_func/main.c
+++ b/secure_fw/spm/cmsis_func/main.c
@@ -72,6 +72,9 @@ static int32_t tfm_core_init(void)
return TFM_ERROR_GENERIC;
}
+ /* Configures architecture-specific coprocessors */
+ tfm_arch_configure_coprocessors();
+
LOG_MSG("\033[1;34m[Sec Thread] Secure image initializing!\033[0m\r\n");
#ifdef TFM_CORE_DEBUG
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
index 34debc6b36..8b66522c75 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.c
@@ -147,6 +147,20 @@ void tfm_arch_prioritize_secure_exception(void)
{
}
+void tfm_arch_configure_coprocessors(void)
+{
+ /* There are no coprocessors in Armv6-M implementations */
+#ifndef __ARM_ARCH_6M__
+#if defined (__FPU_USED) && (__FPU_USED == 1U)
+ /* Enable privileged and unprivilged access to the floating-point
+ * coprocessor.
+ */
+ SCB->CPACR |= (3U << 10U*2U) /* enable CP10 full access */
+ | (3U << 11U*2U); /* enable CP11 full access */
+#endif
+#endif
+}
+
/* There is no FPCA in v6m */
#ifndef __ARM_ARCH_6M__
__attribute__((naked, noinline)) void tfm_arch_clear_fp_status(void)
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
index a05a6ca64a..29256d75c4 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_base.c
@@ -154,6 +154,11 @@ void tfm_arch_prioritize_secure_exception(void)
(AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
}
+/* There are no coprocessors in Armv8-M Baseline implementations */
+void tfm_arch_configure_coprocessors(void)
+{
+}
+
/* There is no FPCA in baseline. */
void tfm_arch_clear_fp_status(void)
{
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
index 718dd91b77..e363ff846a 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c
@@ -175,6 +175,35 @@ void tfm_arch_prioritize_secure_exception(void)
(AIRCR & ~SCB_AIRCR_VECTKEY_Msk);
}
+void tfm_arch_configure_coprocessors(void)
+{
+#if defined (__FPU_PRESENT) && (__FPU_PRESENT == 1U)
+ /* Configure Secure access to the FPU only if the secure image is being
+ * built with the FPU in use. This avoids introducing extra interrupt
+ * latency when the FPU is not used by the SPE.
+ */
+#if defined (__FPU_USED) && (__FPU_USED == 1U)
+ /* Enable Secure privileged and unprivilged access to the FP Extension */
+ SCB->CPACR |= (3U << 10U*2U) /* enable CP10 full access */
+ | (3U << 11U*2U); /* enable CP11 full access */
+
+ /* If the SPE will ever use the floating-point registers for sensitive data,
+ * then FPCCR.TS, FPCCR.CLRONRET and FPCCR.CLRONRETS must be set at
+ * initialisation and not changed again afterwards.
+ */
+ FPU->FPCCR |= FPU_FPCCR_TS_Msk
+ | FPU_FPCCR_CLRONRET_Msk
+ | FPU_FPCCR_CLRONRETS_Msk;
+#endif
+
+ /* Permit Non-secure access to the Floating-point Extension.
+ * Note: It is still necessary to set CPACR_NS to enable the FP Extension in
+ * the NSPE. This configuration is left to NS privileged software.
+ */
+ SCB->NSACR |= SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk;
+#endif
+}
+
__attribute__((naked, noinline)) void tfm_arch_clear_fp_status(void)
{
__ASM volatile(
diff --git a/secure_fw/spm/cmsis_psa/main.c b/secure_fw/spm/cmsis_psa/main.c
index 7fe66e6d25..39e6c47748 100644
--- a/secure_fw/spm/cmsis_psa/main.c
+++ b/secure_fw/spm/cmsis_psa/main.c
@@ -71,6 +71,9 @@ static int32_t tfm_core_init(void)
return TFM_ERROR_GENERIC;
}
+ /* Configures architecture-specific coprocessors */
+ tfm_arch_configure_coprocessors();
+
LOG_MSG("\033[1;34m[Sec Thread] Secure image initializing!\033[0m\r\n");
#ifdef TFM_CORE_DEBUG
diff --git a/secure_fw/spm/include/tfm_arch.h b/secure_fw/spm/include/tfm_arch.h
index 96251aecc9..4bf7f16f34 100644
--- a/secure_fw/spm/include/tfm_arch.h
+++ b/secure_fw/spm/include/tfm_arch.h
@@ -118,6 +118,11 @@ void tfm_arch_init_actx(struct tfm_arch_ctx_t *p_actx,
*/
void tfm_arch_prioritize_secure_exception(void);
+/**
+ * \brief Configure coprocessors
+ */
+void tfm_arch_configure_coprocessors(void);
+
/*
* Clear float point status.
*/