| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 1 | /* |
| Tamas Ban | d28286e | 2020-11-27 12:58:39 +0000 | [diff] [blame] | 2 | * Copyright (c) 2020-2021, Arm Limited. All rights reserved. |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | * |
| 6 | */ |
| 7 | |
| 8 | #ifndef __TFM_HAL_ISOLATION_H__ |
| 9 | #define __TFM_HAL_ISOLATION_H__ |
| 10 | |
| 11 | #include <stddef.h> |
| 12 | #include <stdint.h> |
| Tamas Ban | d28286e | 2020-11-27 12:58:39 +0000 | [diff] [blame] | 13 | #include "fih.h" |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 14 | #include "tfm_hal_defs.h" |
| 15 | |
| 16 | #ifdef __cplusplus |
| 17 | extern "C" { |
| 18 | #endif |
| 19 | |
| 20 | /* Memory access attributes */ |
| 21 | #define TFM_HAL_ACCESS_EXECUTABLE (1UL << 0) |
| 22 | #define TFM_HAL_ACCESS_READABLE (1UL << 1) |
| 23 | #define TFM_HAL_ACCESS_WRITABLE (1UL << 2) |
| 24 | #define TFM_HAL_ACCESS_UNPRIVILEGED (1UL << 3) |
| 25 | #define TFM_HAL_ACCESS_DEVICE (1UL << 4) |
| 26 | #define TFM_HAL_ACCESS_NS (1UL << 5) |
| 27 | |
| Tamas Ban | d28286e | 2020-11-27 12:58:39 +0000 | [diff] [blame] | 28 | #ifdef TFM_FIH_PROFILE_ON |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 29 | /** |
| 30 | * \brief Sets up the static isolation boundaries which are constant throughout |
| 31 | * the runtime of the system, including the SPE/NSPE and partition |
| 32 | * boundaries. |
| 33 | * |
| 34 | * \return TFM_HAL_SUCCESS - the isolation boundaries have been set up. |
| 35 | * TFM_HAL_ERROR_GENERIC - failed to set up the isolation boundaries. |
| 36 | */ |
| Tamas Ban | d28286e | 2020-11-27 12:58:39 +0000 | [diff] [blame] | 37 | fih_int tfm_hal_set_up_static_boundaries(void); |
| 38 | |
| 39 | #if TFM_LVL == 3 |
| 40 | /** |
| 41 | * \brief Updates the partition isolation boundary for isolation level 3. |
| 42 | * The boundary protects the private data of the running partition. |
| 43 | * The boundary is updated with SPM switching partition in level 3. |
| 44 | * |
| 45 | * \param[in] start start address of the partition boundary. |
| 46 | * \param[in] end end address of the partition boundary. |
| 47 | * |
| 48 | * \return TFM_HAL_SUCCESS - the isolation boundary has been set up. |
| 49 | * TFM_HAL_ERROR_GENERIC - failed to set up the isolation boundary. |
| 50 | * |
| 51 | * \note When FIH_ENABLE_DOUBLE_VARS is enabled, the return code will be |
| 52 | * wrapped and protected in \ref fih_int structure. |
| 53 | */ |
| 54 | fih_int tfm_hal_mpu_update_partition_boundary(uintptr_t start, |
| 55 | uintptr_t end); |
| 56 | #endif |
| 57 | #else /* TFM_FIH_PROFILE_ON */ |
| 58 | /** |
| 59 | * \brief Sets up the static isolation boundaries which are constant throughout |
| 60 | * the runtime of the system, including the SPE/NSPE and partition |
| 61 | * boundaries. |
| 62 | * |
| 63 | * \return TFM_HAL_SUCCESS - the isolation boundaries have been set up. |
| 64 | * TFM_HAL_ERROR_GENERIC - failed to set up the isolation boundaries. |
| 65 | * |
| 66 | * \note When FIH_ENABLE_DOUBLE_VARS is enabled, the return code will be |
| 67 | * wrapped and protected in \ref fih_int structure. |
| 68 | */ |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 69 | enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void); |
| 70 | |
| Tamas Ban | d28286e | 2020-11-27 12:58:39 +0000 | [diff] [blame] | 71 | #if TFM_LVL == 3 |
| 72 | /** |
| 73 | * \brief Updates the partition isolation boundary for isolation level 3. |
| 74 | * The boundary protects the private data of the running partition. |
| 75 | * The boundary is updated with SPM switching partition in level 3. |
| 76 | * |
| 77 | * \param[in] start start address of the partition boundary. |
| 78 | * \param[in] end end address of the partition boundary. |
| 79 | * |
| 80 | * \return TFM_HAL_SUCCESS - the isolation boundary has been set up. |
| 81 | * TFM_HAL_ERROR_GENERIC - failed to set up the isolation boundary. |
| 82 | * |
| 83 | * \note When FIH_ENABLE_DOUBLE_VARS is enabled, the return code will be |
| 84 | * wrapped and protected in \ref fih_int structure. |
| 85 | */ |
| 86 | enum tfm_hal_status_t tfm_hal_mpu_update_partition_boundary(uintptr_t start, |
| 87 | uintptr_t end); |
| 88 | #endif |
| 89 | #endif /* TFM_FIH_PROFILE_ON */ |
| 90 | |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 91 | /** |
| 92 | * \brief This API checks if the memory region defined by base and size |
| 93 | * matches the given attributes - attr. |
| 94 | * The attributes can include NSPE access, privileged mode, and |
| 95 | * read-write permissions. |
| 96 | * |
| 97 | * \param[in] base The base address of the region. |
| 98 | * \param[in] size The size of the region. |
| 99 | * \param[in] attr The memory access attributes. |
| 100 | * |
| 101 | * \return TFM_HAL_SUCCESS - The memory region has the access permissions. |
| 102 | * TFM_HAL_ERROR_MEM_FAULT - The memory region has not the access |
| 103 | * permissions. |
| 104 | * TFM_HAL_ERROR_INVALID_INPUT - Invalid inputs. |
| 105 | * TFM_HAL_ERROR_GENERIC - An error occurred. |
| 106 | */ |
| 107 | enum tfm_hal_status_t tfm_hal_memory_has_access(uintptr_t base, |
| 108 | size_t size, |
| 109 | uint32_t attr); |
| 110 | |
| Kevin Peng | 93fb9f5 | 2020-09-17 11:45:54 +0800 | [diff] [blame] | 111 | #ifdef __cplusplus |
| 112 | } |
| 113 | #endif |
| 114 | |
| 115 | #endif /* __TFM_HAL_ISOLATION_H__ */ |