Platform: Implementation of isolation HAL API
Implementation of isolation HAL API for all platforms.
- tfm_hal_set_up_static_boundaries() is implemented in each
platform.
- tfm_hal_memory_has_access() is implemented in a common
source file except that nordic and psoc64 have their own
dedicated implementations.
Change-Id: I15bf2e8706a079097757273e25b78fa5087be74a
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
diff --git a/platform/ext/common/tfm_hal_isolation_mpu_v8m.c b/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
new file mode 100644
index 0000000..e570c0e
--- /dev/null
+++ b/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <arm_cmse.h>
+#include <stddef.h>
+#include <stdint.h>
+#include "cmsis.h"
+#include "tfm_hal_defs.h"
+#include "tfm_hal_isolation.h"
+
+enum tfm_hal_status_t tfm_hal_memory_has_access(uintptr_t base,
+ size_t size,
+ uint32_t attr)
+{
+ int flags = 0;
+
+ if (attr & TFM_HAL_ACCESS_NS) {
+ CONTROL_Type ctrl;
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ attr |= TFM_HAL_ACCESS_UNPRIVILEGED;
+ } else {
+ attr &= ~TFM_HAL_ACCESS_UNPRIVILEGED;
+ }
+ flags |= CMSE_NONSECURE;
+ }
+
+ if (attr & TFM_HAL_ACCESS_UNPRIVILEGED) {
+ flags |= CMSE_MPU_UNPRIV;
+ }
+
+ if ((attr & TFM_HAL_ACCESS_READABLE) && (attr & TFM_HAL_ACCESS_WRITABLE)) {
+ flags |= CMSE_MPU_READWRITE;
+ } else if (attr & TFM_HAL_ACCESS_READABLE) {
+ flags |= CMSE_MPU_READ;
+ } else {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
+ if (cmse_check_address_range((void *)base, size, flags) != NULL) {
+ return TFM_HAL_SUCCESS;
+ } else {
+ return TFM_HAL_ERROR_MEM_FAULT;
+ }
+}
diff --git a/platform/ext/target/cypress/psoc64/CMakeLists.txt b/platform/ext/target/cypress/psoc64/CMakeLists.txt
index df7e65a..03fbb67 100644
--- a/platform/ext/target/cypress/psoc64/CMakeLists.txt
+++ b/platform/ext/target/cypress/psoc64/CMakeLists.txt
@@ -108,6 +108,7 @@
./Native_Driver/generated_source/cycfg_system.c
./Native_Driver/generated_source/cycfg_qspi_memslot.c
./spm_hal.c
+ ./tfm_hal_isolation.c
./CMSIS_Driver/Driver_Flash.c
./CMSIS_Driver/Driver_USART.c
./target_cfg.c
diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c
index 6442bb5..4661195 100644
--- a/platform/ext/target/cypress/psoc64/spm_hal.c
+++ b/platform/ext/target/cypress/psoc64/spm_hal.c
@@ -66,150 +66,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_DATA 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-#define PARTITION_REGION_SHARE 7
-
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_RO_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_RO_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
-#if 0
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_RO_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_RO_DATA, $$ZI$$Limit);
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged non-secure data region */
- region_cfg.region_nr = MPU_REGION_NS_DATA;
- region_cfg.region_base = NS_DATA_START;
- region_cfg.region_limit = NS_DATA_LIMIT;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-#endif
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_partition_sandbox_config(
- const struct tfm_spm_partition_memory_data_t *memory_data,
- const struct tfm_spm_partition_platform_data_t *platform_data)
-{
-#if 0
- /* This function takes a partition id and enables the
- * SPM partition for that partition
- */
-
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_disable(&dev_mpu_s);
-
- /* Configure Regions */
- if (memory_data->ro_start) {
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base = memory_data->ro_start;
- region_cfg.region_limit = memory_data->ro_limit;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
-
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg)
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base = memory_data->rw_start;
- region_cfg.region_limit = memory_data->stack_top;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
-
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- if (platform_data) {
- /* Peripheral */
- region_cfg.region_nr = PARTITION_REGION_PERIPH;
- region_cfg.region_base = platform_data->periph_start;
- region_cfg.region_limit = platform_data->periph_limit;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg)
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- ppc_en_secure_unpriv(platform_data->periph_ppc_bank,
- platform_data->periph_ppc_loc);
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-#endif
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
uint32_t tfm_spm_hal_get_ns_VTOR(void)
{
return memory_regions.non_secure_code_start;
diff --git a/platform/ext/target/cypress/psoc64/tfm_hal_isolation.c b/platform/ext/target/cypress/psoc64/tfm_hal_isolation.c
new file mode 100644
index 0000000..464c5c1
--- /dev/null
+++ b/platform/ext/target/cypress/psoc64/tfm_hal_isolation.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cy_device.h"
+#include "target_cfg.h"
+#include "tfm_api.h"
+#include "tfm_hal_defs.h"
+#include "tfm_multi_core.h"
+#include "tfm_plat_defs.h"
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ Cy_PDL_Init(CY_DEVICE_CFG);
+ smpu_init_cfg();
+ ppu_init_cfg();
+ bus_masters_cfg();
+
+ return TFM_HAL_SUCCESS;
+}
+
+enum tfm_hal_status_t tfm_hal_memory_has_access(uintptr_t base,
+ size_t size,
+ uint32_t attr)
+{
+ enum tfm_status_e status;
+
+ status = tfm_has_access_to_region((const void *)base, size, attr);
+ if (status != TFM_SUCCESS) {
+ return TFM_HAL_ERROR_MEM_FAULT;
+ }
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an519/CMakeLists.txt b/platform/ext/target/mps2/an519/CMakeLists.txt
index f98e8f5..326fca9 100644
--- a/platform/ext/target/mps2/an519/CMakeLists.txt
+++ b/platform/ext/target/mps2/an519/CMakeLists.txt
@@ -88,10 +88,12 @@
native_drivers/mpu_armv8m_drv.c
native_drivers/ppc_sse200_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
native_drivers/ppc_sse200_drv.c
native_drivers/arm_uart_drv.c
native_drivers/timer_cmsdk/timer_cmsdk.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/mps2/an519/spm_hal.c
index 3f69cd7..1340bdd 100644
--- a/platform/ext/target/mps2/an519/spm_hal.c
+++ b/platform/ext/target/mps2/an519/spm_hal.c
@@ -14,9 +14,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
-
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
/* Import MPC driver */
extern ARM_DRIVER_MPC Driver_SRAM1_MPC;
@@ -24,8 +21,6 @@
/* Get address of memory regions to configure MPU */
extern const struct memory_region_limits memory_regions;
-struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
int32_t ret = ARM_DRIVER_OK;
@@ -63,122 +58,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-const struct mpu_armv8m_region_cfg_t region_cfg[] = {
- /* Veneer region */
- {
- MPU_REGION_VENEERS,
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged code region */
- {
- MPU_REGION_TFM_UNPRIV_CODE,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged data region */
- {
- MPU_REGION_TFM_UNPRIV_DATA,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* NSPM PSP */
- {
- MPU_REGION_NS_STACK,
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RO region */
- {
- PARTITION_REGION_RO,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RW, ZI and stack as one region */
- {
- PARTITION_REGION_RW_STACK,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- }
- };
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- int32_t i;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
- if (mpu_armv8m_region_enable(&dev_mpu_s,
- (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps2/an519/tfm_hal_isolation.c b/platform/ext/target/mps2/an519/tfm_hal_isolation.c
new file mode 100644
index 0000000..08bdc64
--- /dev/null
+++ b/platform/ext/target/mps2/an519/tfm_hal_isolation.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged data region */
+ {
+ MPU_REGION_TFM_UNPRIV_DATA,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ }
+};
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ ppc_init_cfg();
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+ int32_t i;
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an521/CMakeLists.txt b/platform/ext/target/mps2/an521/CMakeLists.txt
index 6851345..aabdbaf 100644
--- a/platform/ext/target/mps2/an521/CMakeLists.txt
+++ b/platform/ext/target/mps2/an521/CMakeLists.txt
@@ -89,10 +89,12 @@
native_drivers/mpu_armv8m_drv.c
native_drivers/ppc_sse200_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
native_drivers/ppc_sse200_drv.c
native_drivers/arm_uart_drv.c
native_drivers/timer_cmsdk/timer_cmsdk.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/mps2/an521/spm_hal.c
index 5fa8cb9..88f72e8 100644
--- a/platform/ext/target/mps2/an521/spm_hal.c
+++ b/platform/ext/target/mps2/an521/spm_hal.c
@@ -14,9 +14,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
-
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
/* Import MPC driver */
extern ARM_DRIVER_MPC Driver_SRAM1_MPC;
@@ -27,12 +24,6 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -67,8 +58,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -105,113 +95,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-const struct mpu_armv8m_region_cfg_t region_cfg[] = {
- /* Veneer region */
- {
- MPU_REGION_VENEERS,
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged code region */
- {
- MPU_REGION_TFM_UNPRIV_CODE,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged data region */
- {
- MPU_REGION_TFM_UNPRIV_DATA,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* NSPM PSP */
- {
- MPU_REGION_NS_STACK,
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RO region */
- {
- PARTITION_REGION_RO,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RW, ZI and stack as one region */
- {
- PARTITION_REGION_RW_STACK,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- }
- };
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- int32_t i;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
- if (mpu_armv8m_region_enable(&dev_mpu_s,
- (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps2/an521/tfm_hal_isolation.c b/platform/ext/target/mps2/an521/tfm_hal_isolation.c
new file mode 100644
index 0000000..d51ee58
--- /dev/null
+++ b/platform/ext/target/mps2/an521/tfm_hal_isolation.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#if TFM_LVL != 3
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged data region */
+ {
+ MPU_REGION_TFM_UNPRIV_DATA,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ }
+};
+#endif /* TFM_LVL != 3 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ ppc_init_cfg();
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#if TFM_LVL != 3
+ int32_t i;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* TFM_LVL != 3 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an539/CMakeLists.txt b/platform/ext/target/mps2/an539/CMakeLists.txt
index e783586..c026cbe 100644
--- a/platform/ext/target/mps2/an539/CMakeLists.txt
+++ b/platform/ext/target/mps2/an539/CMakeLists.txt
@@ -101,7 +101,9 @@
native_drivers/systimer_armv8-m_drv.c
native_drivers/syscounter_armv8-m_cntrl_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps2/an539/spm_hal.c b/platform/ext/target/mps2/an539/spm_hal.c
index 3864710..ee02584 100644
--- a/platform/ext/target/mps2/an539/spm_hal.c
+++ b/platform/ext/target/mps2/an539/spm_hal.c
@@ -78,130 +78,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_clean();
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration!");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps2/an539/tfm_hal_isolation.c b/platform/ext/target/mps2/an539/tfm_hal_isolation.c
new file mode 100644
index 0000000..a3a8576
--- /dev/null
+++ b/platform/ext/target/mps2/an539/tfm_hal_isolation.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+#include "tfm_plat_defs.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+extern const struct memory_region_limits memory_regions;
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (ppc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+
+ mpu_clean();
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt b/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt
index 2593e20..f9bc870 100644
--- a/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt
+++ b/platform/ext/target/mps2/fvp_sse300/CMakeLists.txt
@@ -97,9 +97,11 @@
native_drivers/mpc_sie_drv.c
native_drivers/ppc_sse300_drv.c
spm_hal.c
+ tfm_hal_isolation.c
native_drivers/mpu_armv8m_drv.c
cmsis_drivers/Driver_MPC.c
cmsis_drivers/Driver_SSE300_PPC.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps2/fvp_sse300/spm_hal.c b/platform/ext/target/mps2/fvp_sse300/spm_hal.c
index ccdabab..dbc22bc 100644
--- a/platform/ext/target/mps2/fvp_sse300/spm_hal.c
+++ b/platform/ext/target/mps2/fvp_sse300/spm_hal.c
@@ -5,7 +5,6 @@
*
*/
-#include <stdio.h>
#include "cmsis.h"
#include "tfm_spm_hal.h"
#include "tfm_platform_core_api.h"
@@ -14,11 +13,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
-
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
-
-
/* Get address of memory regions to configure MPU */
extern const struct memory_region_limits memory_regions;
@@ -26,12 +20,6 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -74,8 +62,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -105,113 +92,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-const struct mpu_armv8m_region_cfg_t region_cfg[] = {
- /* Veneer region */
- {
- MPU_REGION_VENEERS,
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged code region */
- {
- MPU_REGION_TFM_UNPRIV_CODE,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged data region */
- {
- MPU_REGION_TFM_UNPRIV_DATA,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* NSPM PSP */
- {
- MPU_REGION_NS_STACK,
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RO region */
- {
- PARTITION_REGION_RO,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RW, ZI and stack as one region */
- {
- PARTITION_REGION_RW_STACK,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- }
- };
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- int32_t i;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
- if (mpu_armv8m_region_enable(&dev_mpu_s,
- (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c b/platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c
new file mode 100644
index 0000000..253c2bf
--- /dev/null
+++ b/platform/ext/target/mps2/fvp_sse300/tfm_hal_isolation.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+#include "tfm_plat_defs.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged data region */
+ {
+ MPU_REGION_TFM_UNPRIV_DATA,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ }
+};
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (ppc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ int32_t i;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/sse-200_aws/CMakeLists.txt b/platform/ext/target/mps2/sse-200_aws/CMakeLists.txt
index 0d11c14..c4b647f 100644
--- a/platform/ext/target/mps2/sse-200_aws/CMakeLists.txt
+++ b/platform/ext/target/mps2/sse-200_aws/CMakeLists.txt
@@ -89,11 +89,13 @@
native_drivers/mpu_armv8m_drv.c
native_drivers/ppc_sse200_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
native_drivers/ppc_sse200_drv.c
native_drivers/uart_cmsdk_drv.c
- $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
native_drivers/timer_cmsdk/timer_cmsdk_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
+ $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps2/sse-200_aws/spm_hal.c b/platform/ext/target/mps2/sse-200_aws/spm_hal.c
index 8796d64..7f6f73f 100644
--- a/platform/ext/target/mps2/sse-200_aws/spm_hal.c
+++ b/platform/ext/target/mps2/sse-200_aws/spm_hal.c
@@ -16,7 +16,7 @@
#include "utilities.h"
#include "region.h"
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
/* Import MPC driver */
extern ARM_DRIVER_MPC Driver_SSRAM1_MPC;
@@ -63,122 +63,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-const struct mpu_armv8m_region_cfg_t region_cfg[] = {
- /* Veneer region */
- {
- MPU_REGION_VENEERS,
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged code region */
- {
- MPU_REGION_TFM_UNPRIV_CODE,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged data region */
- {
- MPU_REGION_TFM_UNPRIV_DATA,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* NSPM PSP */
- {
- MPU_REGION_NS_STACK,
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RO region */
- {
- PARTITION_REGION_RO,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RW, ZI and stack as one region */
- {
- PARTITION_REGION_RW_STACK,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- }
- };
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- int32_t i;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
- if (mpu_armv8m_region_enable(&dev_mpu_s,
- (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps2/sse-200_aws/tfm_hal_isolation.c b/platform/ext/target/mps2/sse-200_aws/tfm_hal_isolation.c
new file mode 100644
index 0000000..a852e59
--- /dev/null
+++ b/platform/ext/target/mps2/sse-200_aws/tfm_hal_isolation.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged data region */
+ {
+ MPU_REGION_TFM_UNPRIV_DATA,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ }
+};
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ ppc_init_cfg();
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ int32_t i;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/mps3/an524/CMakeLists.txt b/platform/ext/target/mps3/an524/CMakeLists.txt
index 1256763..4042cd9 100644
--- a/platform/ext/target/mps3/an524/CMakeLists.txt
+++ b/platform/ext/target/mps3/an524/CMakeLists.txt
@@ -91,8 +91,10 @@
native_drivers/uart_cmsdk_drv.c
native_drivers/timer_cmsdk_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
native_drivers/ppc_sse200_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/mps3/an524/spm_hal.c
index 62cb8f3..818382c 100644
--- a/platform/ext/target/mps3/an524/spm_hal.c
+++ b/platform/ext/target/mps3/an524/spm_hal.c
@@ -70,130 +70,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_clean();
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/mps3/an524/tfm_hal_isolation.c b/platform/ext/target/mps3/an524/tfm_hal_isolation.c
new file mode 100644
index 0000000..7f4a8dc
--- /dev/null
+++ b/platform/ext/target/mps3/an524/tfm_hal_isolation.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+extern const struct memory_region_limits memory_regions;
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (ppc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+
+ mpu_clean();
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/musca_a/CMakeLists.txt b/platform/ext/target/musca_a/CMakeLists.txt
index e2814a4..e79bffb 100644
--- a/platform/ext/target/musca_a/CMakeLists.txt
+++ b/platform/ext/target/musca_a/CMakeLists.txt
@@ -93,10 +93,12 @@
Native_Driver/qspi_ip6514e_drv.c
Native_Driver/musca_a1_scc_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
Native_Driver/ppc_sse200_drv.c
Native_Driver/uart_pl011_drv.c
Native_Driver/timer_cmsdk_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
Libraries/mt25ql_flash_lib.c
diff --git a/platform/ext/target/musca_a/spm_hal.c b/platform/ext/target/musca_a/spm_hal.c
index 2d232cc..ec7fd3c 100644
--- a/platform/ext/target/musca_a/spm_hal.c
+++ b/platform/ext/target/musca_a/spm_hal.c
@@ -14,7 +14,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
/* Import MPC driver */
extern ARM_DRIVER_MPC Driver_CODE_SRAM_MPC;
@@ -25,12 +24,6 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -65,8 +58,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -103,122 +95,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/musca_a/tfm_hal_isolation.c b/platform/ext/target/musca_a/tfm_hal_isolation.c
new file mode 100644
index 0000000..1d9a4d4
--- /dev/null
+++ b/platform/ext/target/musca_a/tfm_hal_isolation.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+extern const struct memory_region_limits memory_regions;
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ ppc_init_cfg();
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/musca_b1/CMakeLists.txt b/platform/ext/target/musca_b1/CMakeLists.txt
index cef50a4..a1f9c5a 100644
--- a/platform/ext/target/musca_b1/CMakeLists.txt
+++ b/platform/ext/target/musca_b1/CMakeLists.txt
@@ -87,11 +87,13 @@
Libraries/mt25ql_flash_lib.c
Native_Driver/qspi_ip6514e_drv.c
spm_hal.c
+ tfm_hal_isolation.c
attest_hal.c
target_cfg.c
Native_Driver/ppc_sse200_drv.c
Native_Driver/uart_pl011_drv.c
Native_Driver/timer_cmsdk_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/musca_b1/spm_hal.c b/platform/ext/target/musca_b1/spm_hal.c
index 034eb86..7d7edec 100644
--- a/platform/ext/target/musca_b1/spm_hal.c
+++ b/platform/ext/target/musca_b1/spm_hal.c
@@ -14,7 +14,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
#include "tfm_hal_platform.h"
/* Import MPC driver */
@@ -27,12 +26,6 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -70,8 +63,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -108,122 +100,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flags and pending MPC IRQ */
diff --git a/platform/ext/target/musca_b1/tfm_hal_isolation.c b/platform/ext/target/musca_b1/tfm_hal_isolation.c
new file mode 100644
index 0000000..67ac95a
--- /dev/null
+++ b/platform/ext/target/musca_b1/tfm_hal_isolation.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#if TFM_LVL != 3
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+extern const struct memory_region_limits memory_regions;
+#endif /* TFM_LVL != 3 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (ppc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#if TFM_LVL != 3
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* TFM_LVL != 3 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/musca_s1/CMakeLists.txt b/platform/ext/target/musca_s1/CMakeLists.txt
index cf159ee..536b12a 100644
--- a/platform/ext/target/musca_s1/CMakeLists.txt
+++ b/platform/ext/target/musca_s1/CMakeLists.txt
@@ -86,8 +86,10 @@
Native_Driver/musca_s1_scc_drv.c
Native_Driver/cache_drv.c
spm_hal.c
+ tfm_hal_isolation.c
target_cfg.c
Native_Driver/timer_cmsdk_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/musca_s1/spm_hal.c b/platform/ext/target/musca_s1/spm_hal.c
index 8bf6a20..3b4d9b4 100644
--- a/platform/ext/target/musca_s1/spm_hal.c
+++ b/platform/ext/target/musca_s1/spm_hal.c
@@ -62,132 +62,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void MPC_Handler(void)
{
/* Clear MPC interrupt flag and pending MPC IRQ */
diff --git a/platform/ext/target/musca_s1/tfm_hal_isolation.c b/platform/ext/target/musca_s1/tfm_hal_isolation.c
new file mode 100644
index 0000000..779b582
--- /dev/null
+++ b/platform/ext/target/musca_s1/tfm_hal_isolation.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+extern const struct memory_region_limits memory_regions;
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (mpc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (ppc_init_cfg() != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
index 36abb79..eb2fd0b 100644
--- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
+++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
@@ -65,6 +65,7 @@
native_drivers/mpu_armv8m_drv.c
native_drivers/spu.c
spm_hal.c
+ tfm_hal_isolation.c
$<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
)
diff --git a/platform/ext/target/nordic_nrf/common/core/spm_hal.c b/platform/ext/target/nordic_nrf/common/core/spm_hal.c
index aa6c183..4c49821 100644
--- a/platform/ext/target/nordic_nrf/common/core/spm_hal.c
+++ b/platform/ext/target/nordic_nrf/common/core/spm_hal.c
@@ -22,12 +22,6 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT)
static struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -66,8 +60,7 @@
if (!tfm_is_partition_privileged(partition_idx)) {
struct mpu_armv8m_region_cfg_t region_cfg;
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -101,122 +94,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void SPU_Handler(void)
{
/*
diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c
new file mode 100644
index 0000000..23937a0
--- /dev/null
+++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <arm_cmse.h>
+#include "cmsis.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+#include "tfm_spm_hal.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+/* Get address of memory regions to configure MPU */
+extern const struct memory_region_limits memory_regions;
+#endif
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (spu_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (spu_periph_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+#if TFM_LVL != 3
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+#endif
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif
+ return TFM_HAL_SUCCESS;
+}
+
+enum tfm_hal_status_t tfm_hal_memory_has_access(uintptr_t base,
+ size_t size,
+ uint32_t attr)
+{
+ int flags = 0;
+ int32_t range_access_allowed_by_mpu;
+
+ if (attr & TFM_HAL_ACCESS_NS) {
+ CONTROL_Type ctrl;
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ attr |= TFM_HAL_ACCESS_UNPRIVILEGED;
+ } else {
+ attr &= ~TFM_HAL_ACCESS_UNPRIVILEGED;
+ }
+ flags |= CMSE_NONSECURE;
+ }
+
+ if (attr & TFM_HAL_ACCESS_UNPRIVILEGED) {
+ flags |= CMSE_MPU_UNPRIV;
+ }
+
+ if ((attr & TFM_HAL_ACCESS_READABLE) && (attr & TFM_HAL_ACCESS_WRITABLE)) {
+ flags |= CMSE_MPU_READWRITE;
+ } else if (attr & TFM_HAL_ACCESS_READABLE) {
+ flags |= CMSE_MPU_READ;
+ } else {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
+ /* Use the TT instruction to check access to the partition's regions*/
+ range_access_allowed_by_mpu =
+ cmse_check_address_range((void *)base, size, flags) != NULL;
+
+
+#if !defined(__SAUREGION_PRESENT) || (__SAUREGION_PRESENT == 0)
+ if (!range_access_allowed_by_mpu) {
+ /*
+ * Verification failure may be due to address range crossing
+ * one or multiple IDAU boundaries. In this case request a
+ * platform-specific check for access permissions.
+ */
+ cmse_address_info_t addr_info_base = cmse_TT((void *)base);
+ cmse_address_info_t addr_info_last =
+ cmse_TT((void *)((uint32_t)base + size - 1));
+
+ if ((addr_info_base.flags.idau_region_valid != 0) &&
+ (addr_info_last.flags.idau_region_valid != 0) &&
+ (addr_info_base.flags.idau_region != addr_info_last.flags.idau_region)) {
+ range_access_allowed_by_mpu =
+ tfm_spm_hal_has_access_to_region((void *)base, size, flags);
+ }
+ }
+#endif
+
+ if (range_access_allowed_by_mpu) {
+ return TFM_HAL_SUCCESS;
+ } else {
+ return TFM_HAL_ERROR_MEM_FAULT;
+ }
+}
diff --git a/platform/ext/target/nuvoton/m2351/CMakeLists.txt b/platform/ext/target/nuvoton/m2351/CMakeLists.txt
index d8a25b1..1f3f907 100644
--- a/platform/ext/target/nuvoton/m2351/CMakeLists.txt
+++ b/platform/ext/target/nuvoton/m2351/CMakeLists.txt
@@ -93,6 +93,7 @@
services/src/tfm_platform_system.c
target_cfg.c
spm_hal.c
+ tfm_hal_isolation.c
boot_hal.c
${PLATFORM_DIR}/ext/common/uart_stdout.c
${PLATFORM_DIR}/ext/common/template/attest_hal.c
@@ -101,6 +102,7 @@
${PLATFORM_DIR}/ext/common/template/tfm_rotpk.c
${PLATFORM_DIR}/ext/common/template/crypto_keys.c
${PLATFORM_DIR}/ext/common/template/nv_counters.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/nuvoton/m2351/spm_hal.c b/platform/ext/target/nuvoton/m2351/spm_hal.c
index c98f98b..8bce507 100644
--- a/platform/ext/target/nuvoton/m2351/spm_hal.c
+++ b/platform/ext/target/nuvoton/m2351/spm_hal.c
@@ -14,9 +14,6 @@
#include "mpu_armv8m_drv.h"
#include "region_defs.h"
#include "utilities.h"
-#include "region.h"
-
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
/* Import MPC driver */
extern ARM_DRIVER_MPC Driver_SRAM1_MPC;
@@ -24,8 +21,6 @@
/* Get address of memory regions to configure MPU */
extern const struct memory_region_limits memory_regions;
-struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
int32_t ret = ARM_DRIVER_OK;
@@ -63,122 +58,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
-REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-const struct mpu_armv8m_region_cfg_t region_cfg[] = {
- /* Veneer region */
- {
- MPU_REGION_VENEERS,
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
- (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged code region */
- {
- MPU_REGION_TFM_UNPRIV_CODE,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* TFM Core unprivileged data region */
- {
- MPU_REGION_TFM_UNPRIV_DATA,
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* NSPM PSP */
- {
- MPU_REGION_NS_STACK,
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RO region */
- {
- PARTITION_REGION_RO,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
- MPU_ARMV8M_XN_EXEC_OK,
- MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- },
- /* RW, ZI and stack as one region */
- {
- PARTITION_REGION_RW_STACK,
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
- MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
- MPU_ARMV8M_XN_EXEC_NEVER,
- MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
- MPU_ARMV8M_SH_NONE
- }
- };
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- int32_t i;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
- if (mpu_armv8m_region_enable(&dev_mpu_s,
- (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
- != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
void SCU_IRQHandler(void)
{
ERROR_MSG("Oops... secure violation fault!!!");
diff --git a/platform/ext/target/nuvoton/m2351/tfm_hal_isolation.c b/platform/ext/target/nuvoton/m2351/tfm_hal_isolation.c
new file mode 100644
index 0000000..247a92a
--- /dev/null
+++ b/platform/ext/target/nuvoton/m2351/tfm_hal_isolation.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+#include "tfm_plat_defs.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged data region */
+ {
+ MPU_REGION_TFM_UNPRIV_DATA,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ }
+};
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ if (mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ if (ppc_init_cfg() != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ int32_t i;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt b/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
index da79526..148caf5 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
+++ b/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
@@ -84,6 +84,7 @@
PRIVATE
target_cfg.c
spm_hal.c
+ tfm_hal_isolation.c
Native_Driver/project_template/s/board.c
Native_Driver/project_template/s/clock_config.c
Native_Driver/project_template/s/peripherals.c
@@ -112,6 +113,7 @@
../common/Native_Driver/utilities/debug_console/fsl_debug_console.c
../common/Native_Driver/utilities/str/fsl_str.c
../common/Native_Driver/mpu_armv8m_drv.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/spm_hal.c b/platform/ext/target/nxp/lpcxpresso55s69/spm_hal.c
index b49c66f..726bc1f 100755
--- a/platform/ext/target/nxp/lpcxpresso55s69/spm_hal.c
+++ b/platform/ext/target/nxp/lpcxpresso55s69/spm_hal.c
@@ -22,12 +22,6 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define MPU_REGION_NS_STACK 3
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
#define PARTITION_REGION_PERIPH_START 6
#define PARTITION_REGION_PERIPH_MAX_NUM 2
@@ -65,8 +59,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
- region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
- periph_num_count;
+ region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
periph_num_count++;
if (periph_num_count >= PARTITION_REGION_PERIPH_MAX_NUM) {
return TFM_PLAT_ERR_MAX_VALUE;
@@ -96,123 +89,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-#endif /* TFM_LVL != 1 */
-
void SEC_VIO_IRQHandler(void)
{
/* Clear interrupt flag and pending IRQ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/tfm_hal_isolation.c b/platform/ext/target/nxp/lpcxpresso55s69/tfm_hal_isolation.c
new file mode 100644
index 0000000..8b2282d
--- /dev/null
+++ b/platform/ext/target/nxp/lpcxpresso55s69/tfm_hal_isolation.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define MPU_REGION_NS_STACK 3
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+
+/* Get address of memory regions to configure MPU */
+extern const struct memory_region_limits memory_regions;
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ int32_t ret = ARM_DRIVER_OK;
+
+ /* Set up isolation boundaries between SPE and NSPE */
+ sau_and_idau_cfg();
+
+ ret = ahb_secure_control_memory_init();
+ if (ret != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ ret = ahb_secure_control_peripheral_init();
+ if (ret != ARM_DRIVER_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
index d893f39..d98b54f 100644
--- a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
+++ b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
@@ -66,6 +66,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/Native_Driver/mpu_armv8m_drv.c
${CMAKE_CURRENT_SOURCE_DIR}/stm32l5xx_hal/Src/stm32l5xx_hal.c
${CMAKE_CURRENT_SOURCE_DIR}/secure/spm_hal.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_hal_isolation.c
${CMAKE_CURRENT_SOURCE_DIR}/secure/target_cfg.c
${CMAKE_CURRENT_SOURCE_DIR}/secure/low_level_device.c
${CMAKE_CURRENT_SOURCE_DIR}/CMSIS_Driver/low_level_flash.c
@@ -81,6 +82,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/stm32l5xx_hal/Src/stm32l5xx_hal_uart_ex.c
${CMAKE_CURRENT_SOURCE_DIR}/stm32l5xx_hal/Src/stm32l5xx_hal_rcc.c
${CMAKE_CURRENT_SOURCE_DIR}/stm32l5xx_hal/Src/stm32l5xx_hal_gtzc.c
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system>
)
diff --git a/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c b/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
index b0b3e6a..1051f54 100644
--- a/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
+++ b/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
@@ -18,14 +18,13 @@
/* Get address of memory regions to configure MPU */
extern const struct memory_region_limits memory_regions;
-struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
/* Configures non-secure memory spaces in the target */
gtzc_init_cfg();
sau_and_idau_cfg();
pinmux_init_cfg();
+
return TFM_PLAT_ERR_SUCCESS;
}
@@ -37,222 +36,6 @@
return TFM_PLAT_ERR_SUCCESS;
}
-
-#if TFM_LVL != 1
-
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define MPU_REGION_TFM_UNPRIV_DATA 2
-#define PARTITION_REGION_RO 4
-#define PARTITION_REGION_RW_STACK 5
-#define PARTITION_REGION_PERIPH 6
-#define PARTITION_REGION_SHARE 7
-
-#if TFM_LVL == 2
-#define MPU_REGION_NS_STACK 3
-#elif TFM_LVL == 3
-#define MPU_REGION_NS_DATA 3
-#endif
-
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
-#ifndef TFM_PSA_API
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-#endif
-#if TFM_LVL == 2
-REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
-REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
-REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-#endif
-
-static enum tfm_plat_err_t tfm_spm_mpu_init(void)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
-
- mpu_armv8m_clean(&dev_mpu_s);
-
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* TFM Core unprivileged data region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
-#if TFM_LVL == 3
- /* TFM Core unprivileged non-secure data region */
- region_cfg.region_nr = MPU_REGION_NS_DATA;
- region_cfg.region_base = NS_DATA_START;
- region_cfg.region_limit = NS_DATA_LIMIT;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-#endif
-
-#if TFM_LVL == 2
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-#endif
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return TFM_PLAT_ERR_SUCCESS;
-}
-
-
-
-#if !defined(TFM_PSA_API)
-/**
- * Set share region to which the partition needs access
- */
-enum tfm_plat_err_t tfm_spm_hal_set_share_region(
- enum tfm_buffer_share_region_e share)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
- enum tfm_plat_err_t res = TFM_PLAT_ERR_SYSTEM_ERR;
- uint32_t scratch_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
- uint32_t scratch_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-
- mpu_armv8m_disable(&dev_mpu_s);
-
- if (share == TFM_BUFFER_SHARE_DISABLE) {
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE);
- } else {
-
- region_cfg.region_nr = PARTITION_REGION_SHARE;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- switch (share) {
- case TFM_BUFFER_SHARE_SCRATCH:
- /* Use scratch area for SP-to-SP data sharing */
- region_cfg.region_base = scratch_base;
- region_cfg.region_limit = scratch_limit;
- res = TFM_PLAT_ERR_SUCCESS;
- break;
- case TFM_BUFFER_SHARE_NS_CODE:
- region_cfg.region_base = memory_regions.non_secure_partition_base;
- region_cfg.region_limit = memory_regions.non_secure_partition_limit;
- /* Only allow read access to NS code region and keep
- * exec.never attribute
- */
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- res = TFM_PLAT_ERR_SUCCESS;
- break;
- default:
- /* Leave res to be set to SPM_ERR_INVALID_CONFIG */
- break;
- }
- if (res == TFM_PLAT_ERR_SUCCESS) {
- mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg);
- }
- }
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return res;
-}
-#endif /* !defined(TFM_PSA_API) */
-#endif /* TFM_LVL != 1 */
-
-enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
-{
-#if TFM_LVL != 1
- if (tfm_spm_mpu_init() != TFM_PLAT_ERR_SUCCESS) {
- ERROR_MSG("Failed to set up initial MPU configuration! Halting.");
- while (1) {
- ;
- }
- }
-#endif
- return TFM_PLAT_ERR_SUCCESS;
-}
-
uint32_t tfm_spm_hal_get_ns_VTOR(void)
{
return memory_regions.non_secure_code_start;
diff --git a/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c
new file mode 100644
index 0000000..d22959e
--- /dev/null
+++ b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "cmsis.h"
+#include "Driver_Common.h"
+#include "mpu_armv8m_drv.h"
+#include "region.h"
+#include "target_cfg.h"
+#include "tfm_hal_isolation.h"
+#include "tfm_plat_defs.h"
+
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_TFM_UNPRIV_DATA 2
+#define PARTITION_REGION_RO 4
+#define PARTITION_REGION_RW_STACK 5
+#define PARTITION_REGION_PERIPH 6
+#define PARTITION_REGION_SHARE 7
+
+#if TFM_LVL == 2
+#define MPU_REGION_NS_STACK 3
+#elif TFM_LVL == 3
+#define MPU_REGION_NS_DATA 3
+#endif
+
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+#ifndef TFM_PSA_API
+REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
+#endif
+#if TFM_LVL == 2
+REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
+REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+#endif
+
+/* Get address of memory regions to configure MPU */
+extern const struct memory_region_limits memory_regions;
+
+#if !defined(TFM_PSA_API)
+/**
+ * Set share region to which the partition needs access
+ */
+enum tfm_plat_err_t tfm_spm_hal_set_share_region(
+ enum tfm_buffer_share_region_e share)
+{
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ enum tfm_plat_err_t res = TFM_PLAT_ERR_SYSTEM_ERR;
+ uint32_t scratch_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
+ uint32_t scratch_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
+
+ mpu_armv8m_disable(&dev_mpu_s);
+
+ if (share == TFM_BUFFER_SHARE_DISABLE) {
+ mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE);
+ } else {
+
+ region_cfg.region_nr = PARTITION_REGION_SHARE;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ switch (share) {
+ case TFM_BUFFER_SHARE_SCRATCH:
+ /* Use scratch area for SP-to-SP data sharing */
+ region_cfg.region_base = scratch_base;
+ region_cfg.region_limit = scratch_limit;
+ res = TFM_PLAT_ERR_SUCCESS;
+ break;
+ case TFM_BUFFER_SHARE_NS_CODE:
+ region_cfg.region_base = memory_regions.non_secure_partition_base;
+ region_cfg.region_limit = memory_regions.non_secure_partition_limit;
+ /* Only allow read access to NS code region and keep
+ * exec.never attribute
+ */
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ res = TFM_PLAT_ERR_SUCCESS;
+ break;
+ default:
+ /* Leave res to be set to SPM_ERR_INVALID_CONFIG */
+ break;
+ }
+ if (res == TFM_PLAT_ERR_SUCCESS) {
+ mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg);
+ }
+ }
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+
+ return res;
+}
+#endif /* !defined(TFM_PSA_API) */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Set up isolation boundaries between SPE and NSPE */
+ gtzc_init_cfg();
+ sau_and_idau_cfg();
+ pinmux_init_cfg();
+
+ /* Set up static isolation boundaries inside SPE */
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ struct mpu_armv8m_region_cfg_t region_cfg;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ mpu_armv8m_clean(&dev_mpu_s);
+
+ /* Veneer region */
+ region_cfg.region_nr = MPU_REGION_VENEERS;
+ region_cfg.region_base = memory_regions.veneer_base;
+ region_cfg.region_limit = memory_regions.veneer_limit;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged code region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* TFM Core unprivileged data region */
+ region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_DATA;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+#if TFM_LVL == 3
+ /* TFM Core unprivileged non-secure data region */
+ region_cfg.region_nr = MPU_REGION_NS_DATA;
+ region_cfg.region_base = NS_DATA_START;
+ region_cfg.region_limit = NS_DATA_LIMIT;
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+#endif
+
+#if TFM_LVL == 2
+ /* NSPM PSP */
+ region_cfg.region_nr = MPU_REGION_NS_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RO region */
+ region_cfg.region_nr = PARTITION_REGION_RO;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+
+ /* RW, ZI and stack as one region */
+ region_cfg.region_nr = PARTITION_REGION_RW_STACK;
+ region_cfg.region_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+ region_cfg.region_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+#endif
+
+ mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE);
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/secure_fw/spm/CMakeLists.txt b/secure_fw/spm/CMakeLists.txt
index 15661a8..e243f05 100755
--- a/secure_fw/spm/CMakeLists.txt
+++ b/secure_fw/spm/CMakeLists.txt
@@ -39,7 +39,7 @@
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_multi_core_mem_check.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_rpc.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_spe_mailbox.c>
- $<$<NOT:$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>>:common/tfm_core_mem_check.c>
+ $<$<NOT:$<BOOL:${TFM_PSA_API}>>:common/tfm_core_mem_check.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/arch/tfm_arch.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/main.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/spm_ipc.c>
diff --git a/secure_fw/spm/cmsis_psa/main.c b/secure_fw/spm/cmsis_psa/main.c
index dcb13ec..40f3590 100644
--- a/secure_fw/spm/cmsis_psa/main.c
+++ b/secure_fw/spm/cmsis_psa/main.c
@@ -9,6 +9,7 @@
#include "region.h"
#include "spm_ipc.h"
#include "tfm_hal_platform.h"
+#include "tfm_hal_isolation.h"
#include "tfm_irq_list.h"
#include "tfm_nspm.h"
#include "tfm_spm_hal.h"
@@ -60,8 +61,8 @@
* Access to any peripheral should be performed after programming
* the necessary security components such as PPC/SAU.
*/
- plat_err = tfm_spm_hal_init_isolation_hw();
- if (plat_err != TFM_PLAT_ERR_SUCCESS) {
+ hal_status = tfm_hal_set_up_static_boundaries();
+ if (hal_status != TFM_HAL_SUCCESS) {
return TFM_ERROR_GENERIC;
}
@@ -133,12 +134,6 @@
tfm_core_panic();
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
- if (tfm_spm_hal_setup_isolation_hw() != TFM_PLAT_ERR_SUCCESS) {
- tfm_core_panic();
- }
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
/*
* Prioritise secure exceptions to avoid NS being able to pre-empt
* secure SVC or SecureFault. Do it before PSA API initialization.
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index deebf3d..ffec2f8 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -17,12 +17,13 @@
#include "tfm_api.h"
#include "tfm_secure_api.h"
#include "tfm_memory_utils.h"
+#include "tfm_hal_defs.h"
+#include "tfm_hal_isolation.h"
#include "spm_ipc.h"
#include "tfm_peripherals_def.h"
#include "tfm_core_utils.h"
#include "tfm_rpc.h"
#include "tfm_core_trustzone.h"
-#include "tfm_core_mem_check.h"
#include "tfm_list.h"
#include "tfm_pools.h"
#include "region.h"
@@ -595,7 +596,8 @@
enum tfm_memory_access_e access,
uint32_t privileged)
{
- enum tfm_status_e err;
+ enum tfm_hal_status_t err;
+ uint32_t attr = 0;
/* If len is zero, this indicates an empty buffer and base is ignored */
if (len == 0) {
@@ -611,13 +613,24 @@
}
if (access == TFM_MEMORY_ACCESS_RW) {
- err = tfm_core_has_write_access_to_region(buffer, len, ns_caller,
- privileged);
+ attr |= (TFM_HAL_ACCESS_READABLE | TFM_HAL_ACCESS_WRITABLE);
} else {
- err = tfm_core_has_read_access_to_region(buffer, len, ns_caller,
- privileged);
+ attr |= TFM_HAL_ACCESS_READABLE;
}
- if (err == TFM_SUCCESS) {
+
+ if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
+ attr |= TFM_HAL_ACCESS_UNPRIVILEGED;
+ } else {
+ attr &= ~TFM_HAL_ACCESS_UNPRIVILEGED;
+ }
+
+ if (ns_caller) {
+ attr |= TFM_HAL_ACCESS_NS;
+ }
+
+ err = tfm_hal_memory_has_access((uintptr_t)buffer, len, attr);
+
+ if (err == TFM_HAL_SUCCESS) {
return IPC_SUCCESS;
}
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core.h b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
index 2618804..0cf4ba2 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core.h
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -77,4 +77,16 @@
void tfm_get_ns_mem_region_attr(const void *p, size_t s,
struct mem_attr_info_t *p_attr);
+/**
+ * \brief Check whether a memory access is allowed to access to a memory range
+ *
+ * \param[in] p The start address of the range to check
+ * \param[in] s The size of the range to check
+ * \param[in] attr The attributes indicating the access permissions.
+ *
+ * \return TFM_SUCCESS if the access is allowed,
+ * TFM_ERROR_GENERIC otherwise.
+ */
+int32_t tfm_has_access_to_region(const void *p, size_t s, uint32_t attr);
+
#endif /* __TFM_MULTI_CORE_H__ */
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c b/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
index fd21e58..5842013 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
@@ -9,6 +9,7 @@
#include "tfm_spm_hal.h"
#include "region_defs.h"
#include "spm_ipc.h"
+#include "tfm_hal_isolation.h"
#include "tfm_multi_core.h"
#include "tfm_secure_api.h"
#include "utilities.h"
@@ -418,20 +419,11 @@
return secure_mem_attr_check(attr, flags);
}
-/**
- * \brief Check whether a memory access is allowed to access to a memory range
- *
- * \param[in] p The start address of the range to check
- * \param[in] s The size of the range to check
- * \param[in] flags The flags indicating the access permissions.
- *
- * \return TFM_SUCCESS if the access is allowed,
- * TFM_ERROR_GENERIC otherwise.
- */
-static int32_t has_access_to_region(const void *p, size_t s, uint8_t flags)
+int32_t tfm_has_access_to_region(const void *p, size_t s, uint32_t attr)
{
struct security_attr_info_t security_attr;
struct mem_attr_info_t mem_attr;
+ uint8_t flags = 0;
if (!p) {
return (int32_t)TFM_ERROR_GENERIC;
@@ -446,6 +438,22 @@
tfm_core_panic();
}
+ if (attr & TFM_HAL_ACCESS_UNPRIVILEGED) {
+ flags |= MEM_CHECK_MPU_UNPRIV;
+ }
+
+ if (attr & TFM_HAL_ACCESS_NS) {
+ flags |= MEM_CHECK_NONSECURE;
+ }
+
+ if ((attr & TFM_HAL_ACCESS_WRITABLE) && (attr & TFM_HAL_ACCESS_READABLE)) {
+ flags |= MEM_CHECK_MPU_READWRITE;
+ } else if (attr & TFM_HAL_ACCESS_READABLE) {
+ flags |= MEM_CHECK_MPU_READ;
+ } else {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
security_attr_init(&security_attr);
/* Retrieve security attributes of target memory region */
@@ -474,41 +482,3 @@
return (int32_t)mem_attr_check(mem_attr, flags);
}
-
-int32_t tfm_core_has_read_access_to_region(const void *p, size_t s,
- bool ns_caller,
- uint32_t privileged)
-{
- uint8_t flags = MEM_CHECK_MPU_READ;
-
- if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
- flags |= MEM_CHECK_MPU_UNPRIV;
- } else if (privileged != TFM_PARTITION_PRIVILEGED_MODE) {
- return TFM_ERROR_GENERIC;
- }
-
- if (ns_caller) {
- flags |= MEM_CHECK_NONSECURE;
- }
-
- return has_access_to_region(p, s, flags);
-}
-
-int32_t tfm_core_has_write_access_to_region(void *p, size_t s,
- bool ns_caller,
- uint32_t privileged)
-{
- uint8_t flags = MEM_CHECK_MPU_READWRITE;
-
- if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
- flags |= MEM_CHECK_MPU_UNPRIV;
- } else if (privileged != TFM_PARTITION_PRIVILEGED_MODE) {
- return TFM_ERROR_GENERIC;
- }
-
- if (ns_caller) {
- flags |= MEM_CHECK_NONSECURE;
- }
-
- return has_access_to_region(p, s, flags);
-}
diff --git a/secure_fw/spm/common/tfm_core_mem_check.c b/secure_fw/spm/common/tfm_core_mem_check.c
index aeb0a86..7f028d4 100644
--- a/secure_fw/spm/common/tfm_core_mem_check.c
+++ b/secure_fw/spm/common/tfm_core_mem_check.c
@@ -11,11 +11,7 @@
#include "tfm_arch.h"
#include "tfm_spm_hal.h"
#include "tfm_api.h"
-#ifdef TFM_PSA_API
-#include "spm_ipc.h"
-#else
#include "spm_func.h"
-#endif
/**
* \brief Check whether the current partition has access to a memory range