Platform: Move isolation hw code to SPM hal
Moves code related to hardware specific aspects of MPU, PPC, MPC and SAU
to SPM hal. Leaves the code parts that use cmse defined interface to
access these peripherals in secure_sw folder.
Change-Id: I594847686cac51ee0f9fae217152b6e90723bb9e
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c
index 3cc4f1e..8212ab7 100644
--- a/secure_fw/core/tfm_core.c
+++ b/secure_fw/core/tfm_core.c
@@ -9,7 +9,7 @@
#include "region_defs.h"
#include "tfm_core.h"
#include "tfm_internal.h"
-#include "target_cfg.h"
+#include "platform/include/tfm_spm_hal.h"
#include "uart_stdout.h"
#include "secure_utilities.h"
#include "secure_fw/spm/spm_api.h"
@@ -22,6 +22,15 @@
__asm(" .global __ARM_use_no_argv\n");
#endif
+#if defined ( __GNUC__ )
+/* The macro cmse_nsfptr_create defined in the gcc library uses the non-standard
+ * gcc C lanuage extension 'typeof'. TF-M is built with '-std=c99' so typeof
+ * cannot be used in the code. As a workaround cmse_nsfptr_create is redefined
+ * here to use only standard language elements. */
+#undef cmse_nsfptr_create
+#define cmse_nsfptr_create(p) ((intptr_t) (p) & ~1)
+#endif
+
#ifndef TFM_LVL
#error TFM_LVL is not defined!
#endif
@@ -100,7 +109,7 @@
/* Clears LSB of the function address to indicate the function-call
* will perform the switch from secure to non-secure
*/
- ns_entry = (nsfptr_t) (entry_ptr & (~0x1));
+ ns_entry = (nsfptr_t) cmse_nsfptr_create(entry_ptr);
}
int32_t tfm_core_init(void)
@@ -120,10 +129,7 @@
printf("TFM level is: %d\r\n", TFM_LVL);
#endif
- /* Configures non-secure memory spaces in the target */
- sau_and_idau_cfg();
- mpc_init_cfg();
- ppc_init_cfg();
+ tfm_spm_hal_init_isolation_hw();
configure_ns_code();
/* Configures all interrupts to retarget NS state, except for
@@ -146,14 +152,9 @@
tfm_core_init();
tfm_spm_db_init();
-#if TFM_LVL != 1
- if (tfm_spm_mpu_init() != SPM_ERR_OK) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- while (1) {
- ;
- }
- }
-#endif
+
+ tfm_spm_hal_setup_isolation_hw();
+
tfm_spm_partition_set_state(TFM_SP_CORE_ID, SPM_PARTITION_STATE_RUNNING);
extern uint32_t Stack_Mem[];
diff --git a/secure_fw/core/tfm_handler.c b/secure_fw/core/tfm_handler.c
index 0986f27..1a7150b 100644
--- a/secure_fw/core/tfm_handler.c
+++ b/secure_fw/core/tfm_handler.c
@@ -9,18 +9,13 @@
#include <string.h>
#include "cmsis.h"
-#include "Driver_MPC.h"
#include "secure_utilities.h"
#include "arm_acle.h"
-#include "target_cfg.h"
#include "tfm_svc.h"
#include "tfm_secure_api.h"
#include "region_defs.h"
#include "tfm_api.h"
-/* Import MPC driver */
-extern ARM_DRIVER_MPC Driver_SRAM1_MPC;
-
/* This SVC handler is called if veneer is running in thread mode */
extern void tfm_core_partition_request_svc_handler(
uint32_t *svc_args, uint32_t *lr_ptr);
@@ -108,39 +103,6 @@
#error "Unsupported ARM Architecture."
#endif
-
-void MPC_Handler(void)
-{
- /* Clear MPC interrupt flag and pending MPC IRQ */
- Driver_SRAM1_MPC.ClearInterrupt();
- NVIC_ClearPendingIRQ(MPC_IRQn);
-
- /* Print fault message and block execution */
- LOG_MSG("Oops... MPC fault!!!");
- while (1) {
- ;
- }
-}
-
-void PPC_Handler(void)
-{
- /*
- * Due to an issue on the FVP, the PPC fault doesn't trigger a
- * PPC IRQ which is handled by the PPC_handler.
- * In the FVP execution, this code is not execute.
- */
-
- /* Clear PPC interrupt flag and pending PPC IRQ*/
- ppc_clear_irq();
- NVIC_ClearPendingIRQ(PPC_IRQn);
-
- /* Print fault message*/
- LOG_MSG("Oops... PPC fault!!!");
- while (1) {
- ;
- }
-}
-
#if defined(__ARM_ARCH_8M_MAIN__)
__attribute__((naked)) void SVC_Handler(void)
{
@@ -224,3 +186,10 @@
return TFM_ERROR_GENERIC;
}
+
+void tfm_access_violation_handler(void)
+{
+ while (1) {
+ ;
+ }
+}
diff --git a/secure_fw/core/tfm_platform_api.h b/secure_fw/core/tfm_platform_api.h
new file mode 100644
index 0000000..26abd41
--- /dev/null
+++ b/secure_fw/core/tfm_platform_api.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_PLATFORM_API_H__
+#define __TFM_PLATFORM_API_H__
+
+/**
+ * \brief Should be called in case of access violation.
+ *
+ * There might be platform specific means, by which it is possible on a
+ * subsystem to detect access violation. For example a platform can have a
+ * Peripheral Protection Controller, to detect unauthorised accesses to
+ * peripheral registers. Setting up the protection, and handling the violation
+ * is implemented in platform specific code. However TF-M should be able to
+ * decide how to proceed if a violation happens. So to notify TF-M, platform
+ * code have to call this function, if a violation happens.
+ */
+void tfm_access_violation_handler(void);
+
+#endif /* __TFM_PLATFORM_API_H__ */
diff --git a/secure_fw/services/audit_logging/manifest.yaml b/secure_fw/services/audit_logging/manifest.yaml
index dbcfd61..fa16238 100644
--- a/secure_fw/services/audit_logging/manifest.yaml
+++ b/secure_fw/services/audit_logging/manifest.yaml
@@ -17,11 +17,8 @@
"heap_size": "0x0400",
"mmio_regions" : [
{
- "name": "UART1",
- "base": "UART1_BASE_S",
- "size": "0xFFF",
+ "name": "TFM_PERIPHERAL_UART1",
"permission": "READ-WRITE",
- "ppc_config": "PPC_SP_APB_PPC_EXP1, CMSDK_UART1_APB_PPC_POS",
"conditional": "LOG_UART_REDIRECTION"
}
],
diff --git a/secure_fw/services/tfm_partition_list.inc b/secure_fw/services/tfm_partition_list.inc
index 223ddce..c5ad1b8 100644
--- a/secure_fw/services/tfm_partition_list.inc
+++ b/secure_fw/services/tfm_partition_list.inc
@@ -18,18 +18,14 @@
PARTITION_DECLARE(TFM_SP_AUDIT_LOG, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
PARTITION_ADD_INIT_FUNC(TFM_SP_AUDIT_LOG, log_core_init);
#ifdef LOG_UART_REDIRECTION
-PARTITION_ADD_PERIPHERAL(TFM_SP_AUDIT_LOG, UART1_BASE_S,
- UART1_BASE_S + 0xFFF,
- PPC_SP_APB_PPC_EXP1, CMSDK_UART1_APB_PPC_POS);
+PARTITION_ADD_PERIPHERAL(TFM_SP_AUDIT_LOG, TFM_PERIPHERAL_UART1);
#endif /* LOG_UART_REDIRECTION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
PARTITION_DECLARE(TFM_SP_CORE_TEST, SPM_PART_FLAG_SECURE);
PARTITION_ADD_INIT_FUNC(TFM_SP_CORE_TEST, core_test_init);
-PARTITION_ADD_PERIPHERAL(TFM_SP_CORE_TEST, MPS2_IO_FPGAIO_BASE_S,
- MPS2_IO_FPGAIO_BASE_S + 0xFFF,
- PPC_SP_APB_PPC_EXP2, CMSDK_FPGA_IO_PPC_POS);
+PARTITION_ADD_PERIPHERAL(TFM_SP_CORE_TEST, TFM_PERIPHERAL_FPGA_IO);
#endif /* TFM_PARTITION_TEST_CORE */
#ifdef TFM_PARTITION_TEST_CORE
diff --git a/secure_fw/services/tfm_partition_list.inc.template b/secure_fw/services/tfm_partition_list.inc.template
index 930ae86..7cc1993 100644
--- a/secure_fw/services/tfm_partition_list.inc.template
+++ b/secure_fw/services/tfm_partition_list.inc.template
@@ -24,10 +24,8 @@
@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.conditional@@
#ifdef @@manifest.mmio_regions.conditional@@
@!GENERATOR_CONDITIONAL_END!@
-@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.base@@
-PARTITION_ADD_PERIPHERAL(@@manifest.tfm_partition_name@@, @@manifest.mmio_regions.base@@,
- @@manifest.mmio_regions.base@@ + @@manifest.mmio_regions.size@@,
- @@manifest.mmio_regions.ppc_config@@);
+@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.name@@
+PARTITION_ADD_PERIPHERAL(@@manifest.tfm_partition_name@@, @@manifest.mmio_regions.name@@);
@!GENERATOR_CONDITIONAL_END!@
@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.conditional@@
#endif /* @@manifest.mmio_regions.conditional@@ */
diff --git a/secure_fw/spm/CMakeLists.inc b/secure_fw/spm/CMakeLists.inc
index e3f05f6..be6bdf8 100644
--- a/secure_fw/spm/CMakeLists.inc
+++ b/secure_fw/spm/CMakeLists.inc
@@ -24,9 +24,7 @@
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-set (SS_SPM_C_SRC "${SS_SPM_DIR}/mpu_armv8m_drv.c"
- "${SS_SPM_DIR}/spm_api.c"
- )
+set (SS_SPM_C_SRC "${SS_SPM_DIR}/spm_api.c")
#Append all our source files to global lists.
diff --git a/secure_fw/spm/mpu_armv8m_drv.c b/secure_fw/spm/mpu_armv8m_drv.c
deleted file mode 100644
index a374a13..0000000
--- a/secure_fw/spm/mpu_armv8m_drv.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "mpu_armv8m_drv.h"
-#include "cmsis_cpu.h"
-
-/*
- * FixMe:
- * This is a beta quality driver for MPU in v8M. To be finalized and integrated
- * into platform code
- */
-
-enum mpu_armv8m_error_t mpu_armv8m_enable(struct mpu_armv8m_dev_t *dev,
- uint32_t privdef_en,
- uint32_t hfnmi_en)
-{
- /*No error checking*/
-
- MPU_Type *mpu = (MPU_Type *)dev->base;
-
- mpu->CTRL =
- (privdef_en ? MPU_CTRL_PRIVDEFENA_Msk : 0) |
- (hfnmi_en ? MPU_CTRL_HFNMIENA_Msk : 0);
-
- /*Ensure all configuration is written before enable*/
-
- mpu->CTRL |= MPU_CTRL_ENABLE_Msk;
-
- /* Enable MPU before next instruction */
- __asm("DSB");
- __asm("ISB");
- return MPU_ARMV8M_OK;
-}
-
-enum mpu_armv8m_error_t mpu_armv8m_disable(struct mpu_armv8m_dev_t *dev)
-{
- MPU_Type *mpu = (MPU_Type *)dev->base;
-
- /* Reset all fields as enable does full setup */
- mpu->CTRL = 0;
-
- return MPU_ARMV8M_OK;
-}
-
-
-enum mpu_armv8m_error_t mpu_armv8m_region_enable(
- struct mpu_armv8m_dev_t *dev,
- struct mpu_armv8m_region_cfg_t *region_cfg)
-{
- MPU_Type *mpu = (MPU_Type *)dev->base;
-
- enum mpu_armv8m_error_t ret_val = MPU_ARMV8M_OK;
- uint32_t ctrl_before;
- uint32_t base_cfg;
- uint32_t limit_cfg;
-
- /*FIXME : Add complete error checking*/
- if ((region_cfg->region_base & ~MPU_RBAR_ADDR_Msk) != 0) {
- return MPU_ARMV8M_ERROR;
- }
- /* region_limit doesn't need to be aligned but the scatter
- * file needs to be setup to ensure that partitions do not overlap.
- */
-
- ctrl_before = mpu->CTRL;
- mpu->CTRL = 0;
-
- mpu->RNR = region_cfg->region_nr & MPU_RNR_REGION_Msk;
-
- /* This 0s the lower bits of the base address */
- base_cfg = region_cfg->region_base & MPU_RBAR_ADDR_Msk;
- base_cfg |= (region_cfg->attr_sh << MPU_RBAR_SH_Pos) & MPU_RBAR_SH_Msk;
- base_cfg |= (region_cfg->attr_access << MPU_RBAR_AP_Pos) & MPU_RBAR_AP_Msk;
- base_cfg |= (region_cfg->attr_exec << MPU_RBAR_XN_Pos) & MPU_RBAR_XN_Msk;
-
- mpu->RBAR = base_cfg;
-
- /*This 0s the lower bits of base address but they are treated as 1 */
- limit_cfg = (region_cfg->region_limit-1) & MPU_RLAR_LIMIT_Msk;
-
- /*FIXME: Enable the memory attr setting */
- limit_cfg |= MPU_RLAR_EN_Msk;
-
- mpu->RLAR = limit_cfg;
-
- /*Restore main MPU control*/
- mpu->CTRL = ctrl_before;
-
- /* Enable MPU before the next instruction */
- __asm("DSB");
- __asm("ISB");
-
- return ret_val;
-}
-
-
-enum mpu_armv8m_error_t mpu_armv8m_region_disable(
- struct mpu_armv8m_dev_t *dev,
- uint32_t region_nr)
-{
-
- MPU_Type *mpu = (MPU_Type *)dev->base;
-
- enum mpu_armv8m_error_t ret_val = MPU_ARMV8M_OK;
- uint32_t ctrl_before;
-
- /*FIXME : Add complete error checking*/
-
- ctrl_before = mpu->CTRL;
- mpu->CTRL = 0;
-
- mpu->RNR = region_nr & MPU_RNR_REGION_Msk;
-
- mpu->RBAR = 0;
- mpu->RLAR = 0;
-
- /*Restore main MPU control*/
- mpu->CTRL = ctrl_before;
-
- return ret_val;
-}
-
-enum mpu_armv8m_error_t mpu_armv8m_clean(struct mpu_armv8m_dev_t *dev)
-{
- MPU_Type *mpu = (MPU_Type *)dev->base;
- uint32_t i = (mpu->TYPE & MPU_TYPE_DREGION_Msk) >> MPU_TYPE_DREGION_Pos;
-
- while (i > 0) {
- mpu_armv8m_region_disable(dev, i-1);
- i--;
- }
-
- return MPU_ARMV8M_OK;
-
-}
diff --git a/secure_fw/spm/mpu_armv8m_drv.h b/secure_fw/spm/mpu_armv8m_drv.h
deleted file mode 100644
index 6d4c11e..0000000
--- a/secure_fw/spm/mpu_armv8m_drv.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 2017, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __MPU_ARMV8M_DRV_H__
-#define __MPU_ARMV8M_DRV_H__
-
-#include <stdint.h>
-
-#include "cmsis.h"
-
-struct mpu_armv8m_dev_t {
- const uint32_t base;
-};
-
-
-enum mpu_armv8m_error_t {
- MPU_ARMV8M_OK,
- MPU_ARMV8M_ERROR
-};
-
-enum mpu_armv8m_attr_exec_t {
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_XN_EXEC_NEVER
-};
-
-enum mpu_armv8m_attr_access_t {
- MPU_ARMV8M_AP_RW_PRIV_ONLY,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_AP_RO_PRIV_ONLY,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV
-};
-
-enum mpu_armv8m_attr_shared_t {
- MPU_ARMV8M_SH_NONE,
- MPU_ARMV8M_SH_UNUSED,
- MPU_ARMV8M_SH_OUTER,
- MPU_ARMV8M_SH_INNER
-};
-
-struct mpu_armv8m_region_cfg_t {
- uint32_t region_nr;
- uint32_t region_base;
- uint32_t region_limit;
- enum mpu_armv8m_attr_exec_t attr_exec;
- enum mpu_armv8m_attr_access_t attr_access;
- enum mpu_armv8m_attr_shared_t attr_sh;
-};
-
-struct mpu_armv8m_region_cfg_raw_t {
- uint32_t region_nr;
- uint32_t region_base;
- uint32_t region_limit;
-};
-
-
-/**
- * \brief Enable MPU
- *
- * \param[in] dev MPU device \ref mpu_armv8m_dev_t
- * \param[in] privdef_en privilege default region 1:enable 0:disable
- * \param[in] hfnmi_en mpu for hard fault & nmi 1:enable 0:disable
- *
- * \return Error code \ref mpu_armv8m_error_t
- *
- * \note This function doesn't check if dev is NULL.
- */
-
-enum mpu_armv8m_error_t mpu_armv8m_enable(struct mpu_armv8m_dev_t *dev,
- uint32_t privdef_en,
- uint32_t hfnmi_en);
-
-/**
- * \brief Disable MPU
- *
- * \param[in] dev MPU device \ref mpu_armv8m_dev_t
- *
- * \return Error code \ref arm_mpu_error_t
- *
- * \note This function doesn't check if dev is NULL.
- */
-enum mpu_armv8m_error_t mpu_armv8m_disable(struct mpu_armv8m_dev_t *dev);
-
-/**
- * \brief Disable MPU and clean all regions
- *
- * \param[in] dev MPU device \ref mpu_armv8m_dev_t
- *
- * \return Error code \ref arm_mpu_error_t
- *
- * \note This function doesn't check if dev is NULL.
- */
-enum mpu_armv8m_error_t mpu_armv8m_clean(struct mpu_armv8m_dev_t *dev);
-
-/**
- * \brief Enable MPU Region
- *
- * \param[in] dev MPU device \ref mpu_armv8m_dev_t
- * \param[in] region_cfg MPU region config \ref mpu_armv8m_region_cfg_t
- *
- * \return Error code \ref arm_mpu_error_t
- *
- * \note This function doesn't check if dev is NULL.
- */
-enum mpu_armv8m_error_t mpu_armv8m_region_enable(
- struct mpu_armv8m_dev_t *dev,
- struct mpu_armv8m_region_cfg_t *region_cfg);
-
-/**
- * \brief Disable MPU Region
- *
- * \param[in] dev MPU device \ref mpu_armv8m_dev_t
- * \param[in] region_nr Region number
- *
- * \return Error code \ref arm_mpu_error_t
- *
- * \note This function doesn't check if dev is NULL.
- */
-enum mpu_armv8m_error_t mpu_armv8m_region_disable(
- struct mpu_armv8m_dev_t *dev,
- uint32_t region_nr);
-
-#endif /* __MPU_ARMV8M_DRV_H__ */
diff --git a/secure_fw/spm/spm_api.c b/secure_fw/spm/spm_api.c
index fd25dc3..91d30e0 100644
--- a/secure_fw/spm/spm_api.c
+++ b/secure_fw/spm/spm_api.c
@@ -14,28 +14,14 @@
#include "spm_db_setup.h"
#include "tfm_internal.h"
#include "tfm_api.h"
-#include "mpu_armv8m_drv.h"
-#include "region_defs.h"
#include "secure_fw/core/tfm_core.h"
#include "platform_retarget.h"
-#include "target_cfg.h"
+#include "tfm_peripherals_def.h"
#include "spm_partition_defs.h"
struct spm_partition_db_t g_spm_partition_db = {0,};
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_DATA 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-#define PARTITION_REGION_SHARE 7
-
-/* This should move to platform retarget */
-struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-
typedef enum {
TFM_INIT_FAILURE,
} sp_error_type_t;
@@ -46,7 +32,7 @@
* returned.
*/
static void tfm_spm_partition_err_handler(
- struct tfm_spm_partition_desc_t *partition,
+ struct spm_partition_desc_t *partition,
sp_error_type_t err_type,
int32_t err_code)
{
@@ -82,7 +68,7 @@
enum spm_err_t tfm_spm_db_init(void)
{
- struct tfm_spm_partition_desc_t *part_ptr;
+ struct spm_partition_desc_t *part_ptr;
memset (&g_spm_partition_db, 0, sizeof(g_spm_partition_db));
@@ -108,12 +94,12 @@
part_ptr->static_data.partition_flags = 0;
#if TFM_LVL != 1
- part_ptr->static_data.stack_bottom = (uint32_t)Stack_Mem;
- part_ptr->static_data.stack_top = (uint32_t)Stack_top;
+ part_ptr->memory_data.stack_bottom = (uint32_t)Stack_Mem;
+ part_ptr->memory_data.stack_top = (uint32_t)Stack_top;
/* Since RW, ZI and stack are configured as one MPU region, configure
* RW start address to Stack_Mem to get RW access to stack
*/
- part_ptr->static_data.rw_start = (uint32_t)Stack_Mem;
+ part_ptr->memory_data.rw_start = (uint32_t)Stack_Mem;
#endif
part_ptr->runtime_data.partition_state = SPM_PARTITION_STATE_UNINIT;
@@ -139,129 +125,9 @@
return SPM_ERR_OK;
}
-#if TFM_LVL != 1
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_RO_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_RO_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-
-enum spm_err_t tfm_spm_mpu_init(void)
-{
- mpu_armv8m_clean(&dev_mpu_s);
-
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = CMSE_VENEER_REGION_START;
- region_cfg.region_limit = CMSE_VENEER_REGION_LIMIT;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_RO_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_RO_DATA, $$ZI$$Limit);
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- /* TFM Core unprivileged non-secure data region */
- region_cfg.region_nr = MPU_REGION_NS_DATA;
- region_cfg.region_base = NS_DATA_START;
- region_cfg.region_limit = NS_DATA_LIMIT;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, 1, 1);
-
- return SPM_ERR_OK;
-}
-
-/**
- * Set share region to which the partition needs access
- */
-static enum spm_err_t tfm_spm_set_share_region(
- enum tfm_buffer_share_region_e share)
-{
- enum spm_err_t res = SPM_ERR_INVALID_CONFIG;
- uint32_t scratch_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
- uint32_t scratch_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-
- mpu_armv8m_disable(&dev_mpu_s);
-
- if (share == TFM_BUFFER_SHARE_DISABLE) {
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE);
- } else {
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- region_cfg.region_nr = PARTITION_REGION_SHARE;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- switch (share) {
- case TFM_BUFFER_SHARE_SCRATCH:
- /* Use scratch area for SP-to-SP data sharing */
- region_cfg.region_base = scratch_base;
- region_cfg.region_limit = scratch_limit;
- res = SPM_ERR_OK;
- break;
- case TFM_BUFFER_SHARE_NS_CODE:
- region_cfg.region_base = NS_CODE_START;
- region_cfg.region_limit = NS_CODE_LIMIT;
- /* Only allow read access to NS code region and keep
- * exec.never attribute
- */
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- res = SPM_ERR_OK;
- break;
- default:
- res = SPM_ERR_INVALID_CONFIG;
- break;
- }
- if (res == SPM_ERR_OK) {
- mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg);
- }
- }
- mpu_armv8m_enable(&dev_mpu_s, 1, 1);
-
- return res;
-}
-#endif
-
enum spm_err_t tfm_spm_partition_init(void)
{
- struct tfm_spm_partition_desc_t *part;
+ struct spm_partition_desc_t *part;
struct tfm_sfn_req_s desc, *desc_ptr = &desc;
int32_t args[4] = {0};
int32_t fail_cnt = 0;
@@ -270,10 +136,7 @@
/* Call the init function for each partition */
for (idx = 0; idx < g_spm_partition_db.partition_count; ++idx) {
part = &g_spm_partition_db.partitions[idx];
- if (part->platform_data.periph_start) {
- ppc_configure_to_secure(part->platform_data.periph_ppc_bank,
- part->platform_data.periph_ppc_loc);
- }
+ tfm_spm_hal_configure_default_isolation(part->platform_data);
if (part->static_data.partition_init == NULL) {
tfm_spm_partition_set_state(idx, SPM_PARTITION_STATE_IDLE);
tfm_spm_partition_set_caller_partition_idx(idx,
@@ -314,71 +177,16 @@
#if TFM_LVL != 1
enum spm_err_t tfm_spm_partition_sandbox_config(uint32_t partition_idx)
{
- /* This function takes a partition id and enables the
- * SPM partition for that partition
- */
-
- struct tfm_spm_partition_desc_t *part;
- struct mpu_armv8m_region_cfg_t region_cfg;
-
+ struct spm_partition_desc_t *part;
if (!g_spm_partition_db.is_init) {
return SPM_ERR_PARTITION_DB_NOT_INIT;
}
- /*brute force id*/
part = &g_spm_partition_db.partitions[partition_idx];
- mpu_armv8m_disable(&dev_mpu_s);
+ return tfm_spm_hal_partition_sandbox_config(&(part->memory_data),
+ part->platform_data);
- /* Configure Regions */
-
- if (part->static_data.ro_start) {
- /* RO region*/
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base = part->static_data.ro_start;
- region_cfg.region_limit = part->static_data.ro_limit;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
-
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg)
- != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
- }
-
- /* RW, ZI and stack as one region*/
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base = part->static_data.rw_start;
- region_cfg.region_limit = part->static_data.stack_top;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
-
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- if (part->platform_data.periph_start) {
- /* Peripheral */
- region_cfg.region_nr = PARTITION_REGION_PERIPH;
- region_cfg.region_base = part->platform_data.periph_start;
- region_cfg.region_limit = part->platform_data.periph_limit;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg)
- != MPU_ARMV8M_OK) {
- return SPM_ERR_INVALID_CONFIG;
- }
-
- ppc_en_secure_unpriv(part->platform_data.periph_ppc_bank,
- part->platform_data.periph_ppc_loc);
- }
-
- mpu_armv8m_enable(&dev_mpu_s, 1, 1);
-
- return SPM_ERR_OK;
}
enum spm_err_t tfm_spm_partition_sandbox_deconfig(uint32_t partition_idx)
@@ -387,35 +195,23 @@
* SPM partition for that partition
*/
- struct tfm_spm_partition_desc_t *part;
+ struct spm_partition_desc_t *part;
part = &g_spm_partition_db.partitions[partition_idx];
- if (part->platform_data.periph_start) {
- /* Peripheral */
- ppc_clr_secure_unpriv(part->platform_data.periph_ppc_bank,
- part->platform_data.periph_ppc_loc);
- }
-
- mpu_armv8m_disable(&dev_mpu_s);
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RO);
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RW_STACK);
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_PERIPH);
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE);
- mpu_armv8m_enable(&dev_mpu_s, 1, 1);
-
- return SPM_ERR_OK;
+ return tfm_spm_hal_partition_sandbox_deconfig(&(part->memory_data),
+ part->platform_data);
}
uint32_t tfm_spm_partition_get_stack_bottom(uint32_t partition_idx)
{
return g_spm_partition_db.partitions[partition_idx].
- static_data.stack_bottom;
+ memory_data.stack_bottom;
}
uint32_t tfm_spm_partition_get_stack_top(uint32_t partition_idx)
{
- return g_spm_partition_db.partitions[partition_idx].static_data.stack_top;
+ return g_spm_partition_db.partitions[partition_idx].memory_data.stack_top;
}
void tfm_spm_partition_set_stack(uint32_t partition_idx, uint32_t stack_ptr)
@@ -485,7 +281,7 @@
#if TFM_LVL != 1
/* Only need to set configuration on levels higher than 1 */
- ret = tfm_spm_set_share_region(share);
+ ret = tfm_spm_hal_set_share_region(share);
#endif
if (ret == SPM_ERR_OK) {
@@ -501,7 +297,7 @@
void tfm_spm_partition_cleanup_context(uint32_t partition_idx)
{
- struct tfm_spm_partition_desc_t *partition =
+ struct spm_partition_desc_t *partition =
&(g_spm_partition_db.partitions[partition_idx]);
partition->runtime_data.caller_partition_idx = SPM_INVALID_PARTITION_IDX;
partition->runtime_data.orig_psp = 0;
diff --git a/secure_fw/spm/spm_api.h b/secure_fw/spm/spm_api.h
index 5e15044..7743d45 100644
--- a/secure_fw/spm/spm_api.h
+++ b/secure_fw/spm/spm_api.h
@@ -233,13 +233,6 @@
enum spm_err_t tfm_spm_db_init(void);
/**
- * \brief Apply default MPU configuration for execution
- *
- * \return Error code \ref spm_err_t
- */
-enum spm_err_t tfm_spm_mpu_init(void);
-
-/**
* \brief Execute partition init function
*
* \return Error code \ref spm_err_t
diff --git a/secure_fw/spm/spm_db.h b/secure_fw/spm/spm_db.h
index d267f6d..4b3b413 100644
--- a/secure_fw/spm/spm_db.h
+++ b/secure_fw/spm/spm_db.h
@@ -18,18 +18,6 @@
struct spm_partition_static_data_t {
uint32_t partition_id;
uint32_t partition_flags;
-#if TFM_LVL != 1
- uint32_t code_start;
- uint32_t code_limit;
- uint32_t ro_start;
- uint32_t ro_limit;
- uint32_t rw_start;
- uint32_t rw_limit;
- uint32_t zi_start;
- uint32_t zi_limit;
- uint32_t stack_bottom;
- uint32_t stack_top;
-#endif
sp_init_function partition_init;
};
@@ -37,10 +25,24 @@
* Holds the fields that define a partition for SPM. The fields are further
* divided to structures, to keep the related fields close to each other.
*/
-struct tfm_spm_partition_desc_t {
+struct spm_partition_desc_t {
struct spm_partition_static_data_t static_data;
struct spm_partition_runtime_data_t runtime_data;
- struct tfm_spm_partition_platform_data_t platform_data;
+ struct tfm_spm_partition_platform_data_t *platform_data;
+#if TFM_LVL != 1
+ struct tfm_spm_partition_memory_data_t memory_data;
+#endif
};
+/* Macros to pick linker symbols and allow to form the partition data base */
+#define REGION(a, b, c) a##b##c
+#define REGION_NAME(a, b, c) REGION(a, b, c)
+#if TFM_LVL == 1
+#define REGION_DECLARE(a, b, c)
+#else
+#define REGION_DECLARE(a, b, c) extern uint32_t REGION_NAME(a, b, c)
+#define PART_REGION_ADDR(partition, region) \
+ (uint32_t)®ION_NAME(Image$$, partition, region)
+#endif
+
#endif /* __SPM_DB_H__ */
diff --git a/secure_fw/spm/spm_db_setup.h b/secure_fw/spm/spm_db_setup.h
index 4862798..d36f8cf 100644
--- a/secure_fw/spm/spm_db_setup.h
+++ b/secure_fw/spm/spm_db_setup.h
@@ -12,10 +12,10 @@
#include "spm_db.h"
/**
- * \brief Return the index of a partition.
+ * \brief Get the index of a partition.
*
- * Returns the index of a partition in the partition db based on the partition
- * ID provided as a parameter.
+ * Gets the index of a partition in the partition db based on the partition ID
+ * provided as a parameter.
*
* \param[in] partition_id The ID of the partition
*
@@ -28,32 +28,20 @@
uint32_t is_init;
uint32_t partition_count;
uint32_t running_partition_idx;
- struct tfm_spm_partition_desc_t partitions[SPM_MAX_PARTITIONS];
+ struct spm_partition_desc_t partitions[SPM_MAX_PARTITIONS];
};
-/* Macros to pick linker symbols and allow to form the partition data base */
-#define REGION(a, b, c) a##b##c
-#define REGION_NAME(a, b, c) REGION(a, b, c)
-#if TFM_LVL == 1
-#define REGION_DECLARE(a, b, c)
-#else
-#define REGION_DECLARE(a, b, c) extern uint32_t REGION_NAME(a, b, c)
-#define PART_REGION_ADDR(partition, region) \
- (uint32_t)®ION_NAME(Image$$, partition, region)
-#endif
-
-
-#if TFM_LVL == 1
#define PARTITION_INIT_STATIC_DATA(data, partition, flags) \
do { \
data.partition_id = partition##_ID; \
data.partition_flags = flags; \
} while (0)
+
+#if TFM_LVL == 1
+#define PARTITION_INIT_MEMORY_DATA(data, partition)
#else
-#define PARTITION_INIT_STATIC_DATA(data, partition, flags) \
+#define PARTITION_INIT_MEMORY_DATA(data, partition) \
do { \
- data.partition_id = partition##_ID; \
- data.partition_flags = flags; \
data.code_start = PART_REGION_ADDR(partition, $$Base); \
data.code_limit = PART_REGION_ADDR(partition, $$Limit); \
data.ro_start = PART_REGION_ADDR(partition, $$RO$$Base); \
@@ -67,6 +55,7 @@
} while (0)
#endif
+
#if TFM_LVL == 1
#define PARTITION_INIT_RUNTIME_DATA(data, partition) \
do { \
@@ -93,7 +82,7 @@
REGION_DECLARE(Image$$, partition, _DATA$$ZI$$Limit); \
REGION_DECLARE(Image$$, partition, _STACK$$ZI$$Base); \
REGION_DECLARE(Image$$, partition, _STACK$$ZI$$Limit); \
- struct tfm_spm_partition_desc_t *part_ptr; \
+ struct spm_partition_desc_t *part_ptr; \
if (g_spm_partition_db.partition_count >= SPM_MAX_PARTITIONS) { \
return SPM_ERR_INVALID_CONFIG; \
} \
@@ -101,6 +90,7 @@
g_spm_partition_db.partition_count]); \
PARTITION_INIT_STATIC_DATA(part_ptr->static_data, partition, flags); \
PARTITION_INIT_RUNTIME_DATA(part_ptr->runtime_data, partition); \
+ PARTITION_INIT_MEMORY_DATA(part_ptr->memory_data, partition); \
++g_spm_partition_db.partition_count; \
} while (0)
@@ -108,20 +98,17 @@
do { \
extern int32_t init_func(void); \
uint32_t partition_idx = get_partition_idx(partition##_ID); \
- struct tfm_spm_partition_desc_t *part_ptr = \
+ struct spm_partition_desc_t *part_ptr = \
&(g_spm_partition_db.partitions[partition_idx]); \
part_ptr->static_data.partition_init = init_func; \
} while (0)
-#define PARTITION_ADD_PERIPHERAL(partition, start, limit, bank, loc) \
+#define PARTITION_ADD_PERIPHERAL(partition, peripheral) \
do { \
uint32_t partition_idx = get_partition_idx(partition##_ID); \
- struct tfm_spm_partition_desc_t *part_ptr = \
+ struct spm_partition_desc_t *part_ptr = \
&(g_spm_partition_db.partitions[partition_idx]); \
- part_ptr->platform_data.periph_start = start; \
- part_ptr->platform_data.periph_limit = limit; \
- part_ptr->platform_data.periph_ppc_bank = bank; \
- part_ptr->platform_data.periph_ppc_loc = loc; \
+ part_ptr->platform_data = peripheral; \
} while (0)
#endif /* __SPM_DB_SETUP_H__ */