TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 130248c6ef674334d8ff63878521bf4cf3f76a7f^! / . / platform / include
commit130248c6ef674334d8ff63878521bf4cf3f76a7f[log] [tgz]
authorIoannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>Thu Jul 30 15:09:01 2020 +0200
committerMáté Tóth-Pál <Mate.Toth-Pal@arm.com>Mon Sep 14 11:21:05 2020 +0000
tree2bd15391784d1d1cbbb480c68147acaf16d32b61
parent8f895ab86920549747f6d8b33eb710a3da906744 [diff]
SPM: make has_access_to_region() compatible with vendor IDAUs

We enhance the implementation of has_access_to_region(), so
it works with IDAU implementations, i.e. other than the ARM
SAU. We add a hook for a platform-specific check, in case
the memory address range crosses multiple IDAU boundaries.

We provide a declaration of the platform-specific hook in
SPM HAL API.

Additional information:

The existing implementation of has_access_to_region() is based on the
CMSE address range check API for ARMv8-M that works with the Test
Target instructions. The address range checks function, however, will
not return true (i.e. a passing result for the check, based on the
provided flags and the underlying attribution policy), if the memory
range being is checked is crossing one or multiple IDAU boundaries,
regardless of whether the current attribution policy satisfies the
query. This has been identified in Nordic Cortex-M33 platforms,
which have an implementation-defined security attribution unit.

In order to be able to use the has_access_to_region() function, the
implementation has to be enhanced with an additional check, whether
the range actually crossed IDAU boundaries. In that case, we add a
hook for a platform-specific function that re-checks the access
policy taking into account the characteristics of the platform-specific
IDAU.

The change in has_access_to_region is only compiled in when
__SAUREGION_PRESENT is not defined (or defined as 0), so it
has no effect on platforms that implement the SAU peripheral.

The patch also includes an API definition of a platform-specific
function check for access permissions.

The patch is required to be able to successfully run TF-M on Nordic
nRF platforms.

Change-Id: I18ad67637e561a54786846b844adde21240438f1
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>

diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h
index 673fbc9..3756d9c 100644
--- a/platform/include/tfm_spm_hal.h
+++ b/platform/include/tfm_spm_hal.h

@@ -286,4 +286,22 @@
 
 #endif /*TFM_MULTI_CORE_TOPOLOGY*/
 
+#if !defined(__SAUREGION_PRESENT) || (__SAUREGION_PRESENT == 0)
+/**
+ * \brief Platform-specific check whether the current partition has access to a memory range
+ *
+ * The function checks whether the current partition has access to a memory range,
+ * taking into consideration the implementation-defined attribution unit that is
+ * present on a particular platform.
+ *
+ * \param[in] p      The start address of the range to check
+ * \param[in] s      The size of the range to check
+ * \param[in] flags  The flags to pass to the cmse_check_address_range func
+ *
+ * \return True if the access is granted, false otherwise.
+ */
+bool tfm_spm_hal_has_access_to_region(const void *p, size_t s,
+                                              int flags);
+#endif /* !defined(__SAUREGION_PRESENT) || (__SAUREGION_PRESENT == 0) */
+
 #endif /* __TFM_SPM_HAL_H__ */