Core: Make initial debug config platform-specific
This patch defines a platform abstraction layer for the initial debug
configuration, which needs to be implemented per each platform,
and executed in tfm_core.c, as an extra step in the tfm_core_init
function.
Change-Id: I27bdbe35b47e3124f7176a931f1895bd06187dc4
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
diff --git a/platform/ext/target/mps2/an519/target_cfg.c b/platform/ext/target/mps2/an519/target_cfg.c
index eff9ae8..0327ff0 100755
--- a/platform/ext/target/mps2/an519/target_cfg.c
+++ b/platform/ext/target/mps2/an519/target_cfg.c
@@ -80,6 +80,19 @@
*/
#define SCB_AIRCR_WRITE_MASK ((0x5FAUL << SCB_AIRCR_VECTKEY_Pos))
+/* Debug configuration flags */
+#define SPNIDEN_SEL_STATUS (0x01u << 7)
+#define SPNIDEN_STATUS (0x01u << 6)
+#define SPIDEN_SEL_STATUS (0x01u << 5)
+#define SPIDEN_STATUS (0x01u << 4)
+#define NIDEN_SEL_STATUS (0x01u << 3)
+#define NIDEN_STATUS (0x01u << 2)
+#define DBGEN_SEL_STATUS (0x01u << 1)
+#define DBGEN_STATUS (0x01u << 0)
+
+#define All_SEL_STATUS (SPNIDEN_SEL_STATUS | SPIDEN_SEL_STATUS | \
+ NIDEN_SEL_STATUS | DBGEN_SEL_STATUS)
+
struct tfm_spm_partition_platform_data_t tfm_peripheral_std_uart = {
UART0_BASE_NS,
UART0_BASE_NS + 0xFFF,
@@ -127,6 +140,44 @@
SCB->AIRCR = reg_value;
}
+void tfm_spm_hal_init_debug(void)
+{
+ volatile struct sysctrl_t *sys_ctrl =
+ (struct sysctrl_t *)CMSDK_SYSCTRL_BASE_S;
+
+#if defined(DAUTH_NONE)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 0 */
+ sys_ctrl->secdbgclr =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_NS_ONLY)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set the debug enable bits to 1 for NS, and 0 for S mode */
+ sys_ctrl->secdbgset = DBGEN_STATUS | NIDEN_STATUS;
+ sys_ctrl->secdbgclr = SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_FULL)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 1 */
+ sys_ctrl->secdbgset =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#else
+
+#if !defined(DAUTH_CHIP_DEFAULT)
+#error "No debug authentication setting is provided."
+#endif
+
+ /* Set all the debug enable selector bits to 0 */
+ sys_ctrl->secdbgclr = All_SEL_STATUS;
+
+ /* No need to set any enable bits because the value depends on
+ * input signals.
+ */
+#endif
+}
+
/*----------------- NVIC interrupt target state to NS configuration ----------*/
void nvic_interrupt_target_state_cfg()
{
diff --git a/platform/ext/target/mps2/an521/target_cfg.c b/platform/ext/target/mps2/an521/target_cfg.c
index 5b1c5ef..492187c 100755
--- a/platform/ext/target/mps2/an521/target_cfg.c
+++ b/platform/ext/target/mps2/an521/target_cfg.c
@@ -80,6 +80,19 @@
*/
#define SCB_AIRCR_WRITE_MASK ((0x5FAUL << SCB_AIRCR_VECTKEY_Pos))
+/* Debug configuration flags */
+#define SPNIDEN_SEL_STATUS (0x01u << 7)
+#define SPNIDEN_STATUS (0x01u << 6)
+#define SPIDEN_SEL_STATUS (0x01u << 5)
+#define SPIDEN_STATUS (0x01u << 4)
+#define NIDEN_SEL_STATUS (0x01u << 3)
+#define NIDEN_STATUS (0x01u << 2)
+#define DBGEN_SEL_STATUS (0x01u << 1)
+#define DBGEN_STATUS (0x01u << 0)
+
+#define All_SEL_STATUS (SPNIDEN_SEL_STATUS | SPIDEN_SEL_STATUS | \
+ NIDEN_SEL_STATUS | DBGEN_SEL_STATUS)
+
struct tfm_spm_partition_platform_data_t tfm_peripheral_std_uart = {
UART0_BASE_NS,
UART0_BASE_NS + 0xFFF,
@@ -129,6 +142,44 @@
SCB->AIRCR = reg_value;
}
+void tfm_spm_hal_init_debug(void)
+{
+ volatile struct sysctrl_t *sys_ctrl =
+ (struct sysctrl_t *)CMSDK_SYSCTRL_BASE_S;
+
+#if defined(DAUTH_NONE)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 0 */
+ sys_ctrl->secdbgclr =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_NS_ONLY)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set the debug enable bits to 1 for NS, and 0 for S mode */
+ sys_ctrl->secdbgset = DBGEN_STATUS | NIDEN_STATUS;
+ sys_ctrl->secdbgclr = SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_FULL)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 1 */
+ sys_ctrl->secdbgset =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#else
+
+#if !defined(DAUTH_CHIP_DEFAULT)
+#error "No debug authentication setting is provided."
+#endif
+
+ /* Set all the debug enable selector bits to 0 */
+ sys_ctrl->secdbgclr = All_SEL_STATUS;
+
+ /* No need to set any enable bits because the value depends on
+ * input signals.
+ */
+#endif
+}
+
/*----------------- NVIC interrupt target state to NS configuration ----------*/
void nvic_interrupt_target_state_cfg()
{
diff --git a/platform/ext/target/musca_a/target_cfg.c b/platform/ext/target/musca_a/target_cfg.c
index 40defc4..fedcf12 100755
--- a/platform/ext/target/musca_a/target_cfg.c
+++ b/platform/ext/target/musca_a/target_cfg.c
@@ -71,6 +71,19 @@
*/
#define SCB_AIRCR_WRITE_MASK ((0x5FAUL << SCB_AIRCR_VECTKEY_Pos))
+/* Debug configuration flags */
+#define SPNIDEN_SEL_STATUS (0x01u << 7)
+#define SPNIDEN_STATUS (0x01u << 6)
+#define SPIDEN_SEL_STATUS (0x01u << 5)
+#define SPIDEN_STATUS (0x01u << 4)
+#define NIDEN_SEL_STATUS (0x01u << 3)
+#define NIDEN_STATUS (0x01u << 2)
+#define DBGEN_SEL_STATUS (0x01u << 1)
+#define DBGEN_STATUS (0x01u << 0)
+
+#define All_SEL_STATUS (SPNIDEN_SEL_STATUS | SPIDEN_SEL_STATUS | \
+ NIDEN_SEL_STATUS | DBGEN_SEL_STATUS)
+
struct tfm_spm_partition_platform_data_t tfm_peripheral_std_uart = {
MUSCA_UART1_NS_BASE,
MUSCA_UART1_NS_BASE + 0xFFF,
@@ -106,6 +119,44 @@
SCB->AIRCR = reg_value;
}
+void tfm_spm_hal_init_debug(void)
+{
+ volatile struct sysctrl_t *sys_ctrl =
+ (struct sysctrl_t *)CMSDK_SYSCTRL_BASE_S;
+
+#if defined(DAUTH_NONE)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 0 */
+ sys_ctrl->secdbgclr =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_NS_ONLY)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set the debug enable bits to 1 for NS, and 0 for S mode */
+ sys_ctrl->secdbgset = DBGEN_STATUS | NIDEN_STATUS;
+ sys_ctrl->secdbgclr = SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_FULL)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 1 */
+ sys_ctrl->secdbgset =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#else
+
+#if !defined(DAUTH_CHIP_DEFAULT)
+#error "No debug authentication setting is provided."
+#endif
+
+ /* Set all the debug enable selector bits to 0 */
+ sys_ctrl->secdbgclr = All_SEL_STATUS;
+
+ /* No need to set any enable bits because the value depends on
+ * input signals.
+ */
+#endif
+}
+
/*----------------- NVIC interrupt target state to NS configuration ----------*/
void nvic_interrupt_target_state_cfg()
{
diff --git a/platform/ext/target/musca_b1/target_cfg.c b/platform/ext/target/musca_b1/target_cfg.c
index db6e9e2..bc4c475 100644
--- a/platform/ext/target/musca_b1/target_cfg.c
+++ b/platform/ext/target/musca_b1/target_cfg.c
@@ -82,6 +82,19 @@
*/
#define SCB_AIRCR_WRITE_MASK ((0x5FAUL << SCB_AIRCR_VECTKEY_Pos))
+/* Debug configuration flags */
+#define SPNIDEN_SEL_STATUS (0x01u << 7)
+#define SPNIDEN_STATUS (0x01u << 6)
+#define SPIDEN_SEL_STATUS (0x01u << 5)
+#define SPIDEN_STATUS (0x01u << 4)
+#define NIDEN_SEL_STATUS (0x01u << 3)
+#define NIDEN_STATUS (0x01u << 2)
+#define DBGEN_SEL_STATUS (0x01u << 1)
+#define DBGEN_STATUS (0x01u << 0)
+
+#define All_SEL_STATUS (SPNIDEN_SEL_STATUS | SPIDEN_SEL_STATUS | \
+ NIDEN_SEL_STATUS | DBGEN_SEL_STATUS)
+
struct tfm_spm_partition_platform_data_t tfm_peripheral_std_uart = {
MUSCA_B1_UART1_NS_BASE,
MUSCA_B1_UART1_NS_BASE + 0xFFF,
@@ -117,6 +130,44 @@
SCB->AIRCR = reg_value;
}
+void tfm_spm_hal_init_debug(void)
+{
+ volatile struct sysctrl_t *sys_ctrl =
+ (struct sysctrl_t *)CMSDK_SYSCTRL_BASE_S;
+
+#if defined(DAUTH_NONE)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 0 */
+ sys_ctrl->secdbgclr =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_NS_ONLY)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set the debug enable bits to 1 for NS, and 0 for S mode */
+ sys_ctrl->secdbgset = DBGEN_STATUS | NIDEN_STATUS;
+ sys_ctrl->secdbgclr = SPIDEN_STATUS | SPNIDEN_STATUS;
+#elif defined(DAUTH_FULL)
+ /* Set all the debug enable selector bits to 1 */
+ sys_ctrl->secdbgset = All_SEL_STATUS;
+ /* Set all the debug enable bits to 1 */
+ sys_ctrl->secdbgset =
+ DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
+#else
+
+#if !defined(DAUTH_CHIP_DEFAULT)
+#error "No debug authentication setting is provided."
+#endif
+
+ /* Set all the debug enable selector bits to 0 */
+ sys_ctrl->secdbgclr = All_SEL_STATUS;
+
+ /* No need to set any enable bits because the value depends on
+ * input signals.
+ */
+#endif
+}
+
/*----------------- NVIC interrupt target state to NS configuration ----------*/
void nvic_interrupt_target_state_cfg()
{
diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h
index d3505b8..a33c1fb 100644
--- a/platform/include/tfm_spm_hal.h
+++ b/platform/include/tfm_spm_hal.h
@@ -87,6 +87,18 @@
*/
void tfm_spm_hal_configure_default_isolation(
const struct tfm_spm_partition_platform_data_t *platform_data);
+/**
+ * \brief Configures the system debug properties.
+ * The default configuration of this function should disable secure debug
+ * when either DAUTH_NONE or DAUTH_NS_ONLY define is set. It is up to the
+ * platform owner to decide if secure debug can be turned on in their
+ * system, if DAUTH_FULL define is present.
+ * The DAUTH_CHIP_DEFAULT define should not be considered a safe default
+ * option unless explicitly noted by the chip vendor.
+ * The implementation has to expect that one of those defines is going to
+ * be set. Otherwise, a compile error needs to be triggered.
+ */
+void tfm_spm_hal_init_debug(void);
/**
* \brief Enables the fault handlers
@@ -97,7 +109,7 @@
* \brief Configures the system reset request properties
*/
void system_reset_cfg(void);
-
+
/**
* \brief Configures all external interrupts to target the
* NS state, apart for the ones associated to secure
diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c
index 651bbf8..81eeccd 100644
--- a/secure_fw/core/tfm_core.c
+++ b/secure_fw/core/tfm_core.c
@@ -48,53 +48,6 @@
REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-#define SPNIDEN_SEL_STATUS (0x01u << 7)
-#define SPNIDEN_STATUS (0x01u << 6)
-#define SPIDEN_SEL_STATUS (0x01u << 5)
-#define SPIDEN_STATUS (0x01u << 4)
-#define NIDEN_SEL_STATUS (0x01u << 3)
-#define NIDEN_STATUS (0x01u << 2)
-#define DBGEN_SEL_STATUS (0x01u << 1)
-#define DBGEN_STATUS (0x01u << 0)
-
-#define All_SEL_STATUS (SPNIDEN_SEL_STATUS | SPIDEN_SEL_STATUS | \
- NIDEN_SEL_STATUS | DBGEN_SEL_STATUS)
-
-void configure_debug_registers(void)
-{
- volatile struct sysctrl_t *sys_ctrl =
- (struct sysctrl_t *)CMSDK_SYSCTRL_BASE_S;
-
-#if defined(DAUTH_NONE)
- /* Set all the debug enable selector bits to 1 */
- sys_ctrl->secdbgset = All_SEL_STATUS;
- /* Set all the debug enable bits to 0 */
- sys_ctrl->secdbgclr =
- DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
-#elif defined(DAUTH_NS_ONLY)
- /* Set all the debug enable selector bits to 1 */
- sys_ctrl->secdbgset = All_SEL_STATUS;
- /* Set the debug enable bits to 1 for NS, and 0 for S mode */
- sys_ctrl->secdbgset = DBGEN_STATUS | NIDEN_STATUS;
- sys_ctrl->secdbgclr = SPIDEN_STATUS | SPNIDEN_STATUS;
-#elif defined(DAUTH_FULL)
- /* Set all the debug enable selector bits to 1 */
- sys_ctrl->secdbgset = All_SEL_STATUS;
- /* Set all the debug enable bits to 1 */
- sys_ctrl->secdbgset =
- DBGEN_STATUS | NIDEN_STATUS | SPIDEN_STATUS | SPNIDEN_STATUS;
-#else
-#if !defined(DAUTH_CHIP_DEFAULT)
-#error "No debug authentication setting is provided."
-#endif
- /* Set all the debug enable selector bits to 0 */
- sys_ctrl->secdbgclr = All_SEL_STATUS;
- /* No need to set any enable bits because the value depends on
- *input signals
- */
-#endif
-}
-
void configure_ns_code(void)
{
/* SCB_NS.VTOR points to the Non-secure vector table base address */
@@ -122,8 +75,8 @@
/* Configures the system reset request properties */
system_reset_cfg();
- /* Configure the debug configuration registers */
- configure_debug_registers();
+ /* Configures debug authentication */
+ tfm_spm_hal_init_debug();
__enable_irq();