diff options
author | Edison Ai <edison.ai@arm.com> | 2019-07-11 18:02:18 +0800 |
---|---|---|
committer | Edison Ai <edison.ai@arm.com> | 2019-08-12 14:17:03 +0800 |
commit | 14dd13702059757fd6dd42a73f939b2df51731c2 (patch) | |
tree | 9a5e4390a34b45c86180d91bebf084f19d2764a9 | |
parent | 7aff9e8d196e4ea92a29b8e36335d8df452e3b9d (diff) | |
download | trusted-firmware-m-14dd13702059757fd6dd42a73f939b2df51731c2.tar.gz |
Platform: Remove isolation level 3
Remove isolation level 3 related functions and configure from library
model.
Change-Id: I988cee997861f8c682ea5f218800a36be37dc674
Signed-off-by: Edison Ai <edison.ai@arm.com>
-rw-r--r-- | platform/ext/common/armclang/tfm_common_s.sct | 28 | ||||
-rw-r--r-- | platform/ext/common/armclang/tfm_common_s.sct.template | 15 | ||||
-rw-r--r-- | platform/ext/common/gcc/tfm_common_s.ld | 65 | ||||
-rw-r--r-- | platform/ext/common/gcc/tfm_common_s.ld.template | 35 | ||||
-rw-r--r-- | platform/ext/target/mps2/an519/spm_hal.c | 175 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/spm_hal.c | 175 | ||||
-rw-r--r-- | platform/ext/target/mps3/an524/spm_hal.c | 168 | ||||
-rw-r--r-- | platform/ext/target/musca_a/spm_hal.c | 175 | ||||
-rw-r--r-- | platform/ext/target/musca_b1/spm_hal.c | 175 | ||||
-rw-r--r-- | platform/include/tfm_plat_defs.h | 9 | ||||
-rw-r--r-- | platform/include/tfm_spm_hal.h | 41 |
11 files changed, 49 insertions, 1012 deletions
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct index 24bdbae3b2..d950e47b93 100644 --- a/platform/ext/common/armclang/tfm_common_s.sct +++ b/platform/ext/common/armclang/tfm_common_s.sct @@ -170,10 +170,10 @@ LR_CODE S_CODE_START { .ANY (+RW +ZI) } -#if (TFM_LVL == 1) && !defined(TFM_PSA_API) +#if !defined(TFM_PSA_API) TFM_SECURE_STACK +0 ALIGN 128 EMPTY 0x2000 { } -#endif /* (TFM_LVL == 1) && !defined(TFM_PSA_API) */ +#endif /* !defined(TFM_PSA_API) */ TFM_UNPRIV_DATA +0 ALIGN 32 { tfm_spm_services.o (+RW +ZI) @@ -204,7 +204,7 @@ LR_CODE S_CODE_START { *(TFM_SP_STORAGE_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_STORAGE_STACK +0 ALIGN 128 EMPTY 0x1800 { } #endif @@ -219,9 +219,6 @@ LR_CODE S_CODE_START { #if defined (TFM_PSA_API) TFM_SP_AUDIT_LOG_STACK +0 ALIGN 128 EMPTY 0 { } -#elif TFM_LVL != 1 - TFM_SP_AUDIT_LOG_STACK +0 ALIGN 128 EMPTY 0x0200 { - } #endif #endif /* TFM_PARTITION_AUDIT_LOG */ @@ -231,7 +228,7 @@ LR_CODE S_CODE_START { *(TFM_SP_CRYPTO_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_CRYPTO_STACK +0 ALIGN 128 EMPTY 0x2000 { } #endif @@ -246,9 +243,6 @@ LR_CODE S_CODE_START { #if defined (TFM_PSA_API) TFM_SP_PLATFORM_STACK +0 ALIGN 128 EMPTY 0 { } -#elif TFM_LVL != 1 - TFM_SP_PLATFORM_STACK +0 ALIGN 128 EMPTY 0x0400 { - } #endif #endif /* TFM_PARTITION_PLATFORM */ @@ -258,7 +252,7 @@ LR_CODE S_CODE_START { *(TFM_SP_INITIAL_ATTESTATION_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_INITIAL_ATTESTATION_STACK +0 ALIGN 128 EMPTY 0x0A00 { } #endif @@ -278,7 +272,7 @@ LR_CODE S_CODE_START { *(TFM_SP_SECURE_TEST_PARTITION_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_SECURE_TEST_PARTITION_STACK +0 ALIGN 128 EMPTY 0x0C00 { } #endif @@ -291,7 +285,7 @@ LR_CODE S_CODE_START { *(TFM_SP_IPC_SERVICE_TEST_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_IPC_SERVICE_TEST_STACK +0 ALIGN 128 EMPTY 0x0200 { } #endif @@ -319,7 +313,7 @@ LR_CODE S_CODE_START { *(TFM_SP_CORE_TEST_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_CORE_TEST_STACK +0 ALIGN 128 EMPTY 0x0300 { } #endif @@ -332,7 +326,7 @@ LR_CODE S_CODE_START { *(TFM_SP_CORE_TEST_2_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_CORE_TEST_2_STACK +0 ALIGN 128 EMPTY 0x0200 { } #endif @@ -345,7 +339,7 @@ LR_CODE S_CODE_START { *(TFM_SP_IPC_CLIENT_TEST_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_SP_IPC_CLIENT_TEST_STACK +0 ALIGN 128 EMPTY 0x0200 { } #endif @@ -359,7 +353,7 @@ LR_CODE S_CODE_START { *(TFM_IRQ_TEST_1_ATTR_ZI) } -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) TFM_IRQ_TEST_1_STACK +0 ALIGN 128 EMPTY 0x0400 { } #endif diff --git a/platform/ext/common/armclang/tfm_common_s.sct.template b/platform/ext/common/armclang/tfm_common_s.sct.template index dc73f09a77..bfc98c0f2e 100644 --- a/platform/ext/common/armclang/tfm_common_s.sct.template +++ b/platform/ext/common/armclang/tfm_common_s.sct.template @@ -138,10 +138,10 @@ LR_CODE S_CODE_START { .ANY (+RW +ZI) } -#if (TFM_LVL == 1) && !defined(TFM_PSA_API) +#if !defined(TFM_PSA_API) TFM_SECURE_STACK +0 ALIGN 128 EMPTY 0x2000 { } -#endif /* (TFM_LVL == 1) && !defined(TFM_PSA_API) */ +#endif /* !defined(TFM_PSA_API) */ TFM_UNPRIV_DATA +0 ALIGN 32 { tfm_spm_services.o (+RW +ZI) @@ -187,7 +187,7 @@ LR_CODE S_CODE_START { } {% if manifest.attr.tfm_partition_ipc %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY {{manifest.manifest.stack_size}} { } #endif @@ -195,9 +195,6 @@ LR_CODE S_CODE_START { #if defined (TFM_PSA_API) {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY 0 { } -#elif TFM_LVL != 1 - {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY {{manifest.manifest.stack_size}} { - } #endif {% endif %} {% if manifest.attr.conditional %} @@ -242,7 +239,7 @@ LR_CODE S_CODE_START { } {% if manifest.attr.tfm_partition_ipc %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY {{manifest.manifest.stack_size}} { } #endif @@ -250,10 +247,6 @@ LR_CODE S_CODE_START { #if defined (TFM_PSA_API) {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY 0 { } -#elif TFM_LVL != 1 - {{manifest.manifest.name}}_STACK +0 ALIGN 128 EMPTY {{manifest.manifest.stack_size}} { - } -#endif {% endif %} {% if manifest.attr.conditional %} #endif /* {{manifest.attr.conditional}} */ diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld index c17135aab4..e9f2f59a40 100644 --- a/platform/ext/common/gcc/tfm_common_s.ld +++ b/platform/ext/common/gcc/tfm_common_s.ld @@ -127,52 +127,47 @@ SECTIONS LONG (ADDR(.TFM_BSS)) LONG (SIZEOF(.TFM_BSS)) #if !defined(TFM_PSA_API) -#if TFM_LVL == 1 LONG (ADDR(.TFM_SECURE_STACK)) LONG (SIZEOF(.TFM_SECURE_STACK)) -#else /* TFM_LVL == 1 */ - LONG (ADDR(.TFM_UNPRIV_BSS)) - LONG (SIZEOF(.TFM_UNPRIV_BSS)) -#endif /* TFM_LVL == 1 */ #endif /* !defined(TFM_PSA_API) */ LONG (ADDR(.TFM_SP_STORAGE_BSS)) LONG (SIZEOF(.TFM_SP_STORAGE_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_STORAGE_STACK)) LONG (SIZEOF(.TFM_SP_STORAGE_STACK)) #endif #ifdef TFM_PARTITION_AUDIT_LOG LONG (ADDR(.TFM_SP_AUDIT_LOG_BSS)) LONG (SIZEOF(.TFM_SP_AUDIT_LOG_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_AUDIT_LOG_STACK)) LONG (SIZEOF(.TFM_SP_AUDIT_LOG_STACK)) #endif #endif /* TFM_PARTITION_AUDIT_LOG */ LONG (ADDR(.TFM_SP_CRYPTO_BSS)) LONG (SIZEOF(.TFM_SP_CRYPTO_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_CRYPTO_STACK)) LONG (SIZEOF(.TFM_SP_CRYPTO_STACK)) #endif #ifdef TFM_PARTITION_PLATFORM LONG (ADDR(.TFM_SP_PLATFORM_BSS)) LONG (SIZEOF(.TFM_SP_PLATFORM_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_PLATFORM_STACK)) LONG (SIZEOF(.TFM_SP_PLATFORM_STACK)) #endif #endif /* TFM_PARTITION_PLATFORM */ LONG (ADDR(.TFM_SP_INITIAL_ATTESTATION_BSS)) LONG (SIZEOF(.TFM_SP_INITIAL_ATTESTATION_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_INITIAL_ATTESTATION_STACK)) LONG (SIZEOF(.TFM_SP_INITIAL_ATTESTATION_STACK)) #endif #ifdef TFM_PARTITION_TEST_CORE LONG (ADDR(.TFM_SP_CORE_TEST_BSS)) LONG (SIZEOF(.TFM_SP_CORE_TEST_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_CORE_TEST_STACK)) LONG (SIZEOF(.TFM_SP_CORE_TEST_STACK)) #endif @@ -180,7 +175,7 @@ SECTIONS #ifdef TFM_PARTITION_TEST_CORE LONG (ADDR(.TFM_SP_CORE_TEST_2_BSS)) LONG (SIZEOF(.TFM_SP_CORE_TEST_2_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_CORE_TEST_2_STACK)) LONG (SIZEOF(.TFM_SP_CORE_TEST_2_STACK)) #endif @@ -188,7 +183,7 @@ SECTIONS #ifdef TFM_PARTITION_TEST_SECURE_SERVICES LONG (ADDR(.TFM_SP_SECURE_TEST_PARTITION_BSS)) LONG (SIZEOF(.TFM_SP_SECURE_TEST_PARTITION_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_SECURE_TEST_PARTITION_STACK)) LONG (SIZEOF(.TFM_SP_SECURE_TEST_PARTITION_STACK)) #endif @@ -196,7 +191,7 @@ SECTIONS #ifdef TFM_PARTITION_TEST_CORE_IPC LONG (ADDR(.TFM_SP_IPC_SERVICE_TEST_BSS)) LONG (SIZEOF(.TFM_SP_IPC_SERVICE_TEST_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_IPC_SERVICE_TEST_STACK)) LONG (SIZEOF(.TFM_SP_IPC_SERVICE_TEST_STACK)) #endif @@ -204,7 +199,7 @@ SECTIONS #ifdef TFM_PARTITION_TEST_CORE_IPC LONG (ADDR(.TFM_SP_IPC_CLIENT_TEST_BSS)) LONG (SIZEOF(.TFM_SP_IPC_CLIENT_TEST_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_SP_IPC_CLIENT_TEST_STACK)) LONG (SIZEOF(.TFM_SP_IPC_CLIENT_TEST_STACK)) #endif @@ -212,7 +207,7 @@ SECTIONS #ifdef TFM_PARTITION_TEST_CORE LONG (ADDR(.TFM_IRQ_TEST_1_BSS)) LONG (SIZEOF(.TFM_IRQ_TEST_1_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.TFM_IRQ_TEST_1_STACK)) LONG (SIZEOF(.TFM_IRQ_TEST_1_STACK)) #endif @@ -585,7 +580,7 @@ SECTIONS Image$$TFM_SP_STORAGE_DATA$$ZI$$Base = ADDR(.TFM_SP_STORAGE_BSS); Image$$TFM_SP_STORAGE_DATA$$ZI$$Limit = ADDR(.TFM_SP_STORAGE_BSS) + SIZEOF(.TFM_SP_STORAGE_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_STORAGE_STACK : ALIGN(128) { . += 0x1800; @@ -617,16 +612,6 @@ SECTIONS Image$$TFM_SP_AUDIT_LOG_DATA$$ZI$$Base = ADDR(.TFM_SP_AUDIT_LOG_BSS); Image$$TFM_SP_AUDIT_LOG_DATA$$ZI$$Limit = ADDR(.TFM_SP_AUDIT_LOG_BSS) + SIZEOF(.TFM_SP_AUDIT_LOG_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) - .TFM_SP_AUDIT_LOG_STACK : ALIGN(128) - { -#if !defined(TFM_PSA_API) - . += 0x0200; -#endif - } > RAM - Image$$TFM_SP_AUDIT_LOG_STACK$$ZI$$Base = ADDR(.TFM_SP_AUDIT_LOG_STACK); - Image$$TFM_SP_AUDIT_LOG_STACK$$ZI$$Limit = ADDR(.TFM_SP_AUDIT_LOG_STACK) + SIZEOF(.TFM_SP_AUDIT_LOG_STACK); -#endif #endif /* TFM_PARTITION_AUDIT_LOG */ @@ -651,7 +636,7 @@ SECTIONS Image$$TFM_SP_CRYPTO_DATA$$ZI$$Base = ADDR(.TFM_SP_CRYPTO_BSS); Image$$TFM_SP_CRYPTO_DATA$$ZI$$Limit = ADDR(.TFM_SP_CRYPTO_BSS) + SIZEOF(.TFM_SP_CRYPTO_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_CRYPTO_STACK : ALIGN(128) { . += 0x2000; @@ -683,16 +668,6 @@ SECTIONS Image$$TFM_SP_PLATFORM_DATA$$ZI$$Base = ADDR(.TFM_SP_PLATFORM_BSS); Image$$TFM_SP_PLATFORM_DATA$$ZI$$Limit = ADDR(.TFM_SP_PLATFORM_BSS) + SIZEOF(.TFM_SP_PLATFORM_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) - .TFM_SP_PLATFORM_STACK : ALIGN(128) - { -#if !defined(TFM_PSA_API) - . += 0x0400; -#endif - } > RAM - Image$$TFM_SP_PLATFORM_STACK$$ZI$$Base = ADDR(.TFM_SP_PLATFORM_STACK); - Image$$TFM_SP_PLATFORM_STACK$$ZI$$Limit = ADDR(.TFM_SP_PLATFORM_STACK) + SIZEOF(.TFM_SP_PLATFORM_STACK); -#endif #endif /* TFM_PARTITION_PLATFORM */ @@ -717,7 +692,7 @@ SECTIONS Image$$TFM_SP_INITIAL_ATTESTATION_DATA$$ZI$$Base = ADDR(.TFM_SP_INITIAL_ATTESTATION_BSS); Image$$TFM_SP_INITIAL_ATTESTATION_DATA$$ZI$$Limit = ADDR(.TFM_SP_INITIAL_ATTESTATION_BSS) + SIZEOF(.TFM_SP_INITIAL_ATTESTATION_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_INITIAL_ATTESTATION_STACK : ALIGN(128) { . += 0x0A00; @@ -773,7 +748,7 @@ SECTIONS Image$$TFM_SP_SECURE_TEST_PARTITION_DATA$$ZI$$Base = ADDR(.TFM_SP_SECURE_TEST_PARTITION_BSS); Image$$TFM_SP_SECURE_TEST_PARTITION_DATA$$ZI$$Limit = ADDR(.TFM_SP_SECURE_TEST_PARTITION_BSS) + SIZEOF(.TFM_SP_SECURE_TEST_PARTITION_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_SECURE_TEST_PARTITION_STACK : ALIGN(128) { . += 0x0C00; @@ -806,7 +781,7 @@ SECTIONS Image$$TFM_SP_IPC_SERVICE_TEST_DATA$$ZI$$Base = ADDR(.TFM_SP_IPC_SERVICE_TEST_BSS); Image$$TFM_SP_IPC_SERVICE_TEST_DATA$$ZI$$Limit = ADDR(.TFM_SP_IPC_SERVICE_TEST_BSS) + SIZEOF(.TFM_SP_IPC_SERVICE_TEST_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_IPC_SERVICE_TEST_STACK : ALIGN(128) { . += 0x0200; @@ -845,7 +820,7 @@ SECTIONS Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_BSS); Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_BSS) + SIZEOF(.TFM_SP_CORE_TEST_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_CORE_TEST_STACK : ALIGN(128) { . += 0x0300; @@ -878,7 +853,7 @@ SECTIONS Image$$TFM_SP_CORE_TEST_2_DATA$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_2_BSS); Image$$TFM_SP_CORE_TEST_2_DATA$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_2_BSS) + SIZEOF(.TFM_SP_CORE_TEST_2_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_CORE_TEST_2_STACK : ALIGN(128) { . += 0x0200; @@ -911,7 +886,7 @@ SECTIONS Image$$TFM_SP_IPC_CLIENT_TEST_DATA$$ZI$$Base = ADDR(.TFM_SP_IPC_CLIENT_TEST_BSS); Image$$TFM_SP_IPC_CLIENT_TEST_DATA$$ZI$$Limit = ADDR(.TFM_SP_IPC_CLIENT_TEST_BSS) + SIZEOF(.TFM_SP_IPC_CLIENT_TEST_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_SP_IPC_CLIENT_TEST_STACK : ALIGN(128) { . += 0x0200; @@ -947,7 +922,7 @@ SECTIONS Image$$TFM_IRQ_TEST_1_DATA$$ZI$$Base = ADDR(.TFM_IRQ_TEST_1_BSS); Image$$TFM_IRQ_TEST_1_DATA$$ZI$$Limit = ADDR(.TFM_IRQ_TEST_1_BSS) + SIZEOF(.TFM_IRQ_TEST_1_BSS); -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .TFM_IRQ_TEST_1_STACK : ALIGN(128) { . += 0x0400; diff --git a/platform/ext/common/gcc/tfm_common_s.ld.template b/platform/ext/common/gcc/tfm_common_s.ld.template index 229aeff3a5..5ec72778d1 100644 --- a/platform/ext/common/gcc/tfm_common_s.ld.template +++ b/platform/ext/common/gcc/tfm_common_s.ld.template @@ -89,13 +89,8 @@ SECTIONS LONG (ADDR(.TFM_BSS)) LONG (SIZEOF(.TFM_BSS)) #if !defined(TFM_PSA_API) -#if TFM_LVL == 1 LONG (ADDR(.TFM_SECURE_STACK)) LONG (SIZEOF(.TFM_SECURE_STACK)) -#else /* TFM_LVL == 1 */ - LONG (ADDR(.TFM_UNPRIV_BSS)) - LONG (SIZEOF(.TFM_UNPRIV_BSS)) -#endif /* TFM_LVL == 1 */ #endif /* !defined(TFM_PSA_API) */ {% for manifest in manifests %} {% if manifest.attr.conditional %} @@ -103,7 +98,7 @@ SECTIONS {% endif %} LONG (ADDR(.{{manifest.manifest.name}}_BSS)) LONG (SIZEOF(.{{manifest.manifest.name}}_BSS)) -#if defined(TFM_PSA_API) || (TFM_LVL != 1) +#if defined(TFM_PSA_API) LONG (ADDR(.{{manifest.manifest.name}}_STACK)) LONG (SIZEOF(.{{manifest.manifest.name}}_STACK)) #endif @@ -402,7 +397,7 @@ SECTIONS Image$${{manifest.manifest.name}}_DATA$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_BSS) + SIZEOF(.{{manifest.manifest.name}}_BSS); {% if manifest.attr.tfm_partition_ipc %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .{{manifest.manifest.name}}_STACK : ALIGN(128) { . += {{manifest.manifest.stack_size}}; @@ -410,18 +405,6 @@ SECTIONS Image$${{manifest.manifest.name}}_STACK$$ZI$$Base = ADDR(.{{manifest.manifest.name}}_STACK); Image$${{manifest.manifest.name}}_STACK$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_STACK) + SIZEOF(.{{manifest.manifest.name}}_STACK); #endif - {% else %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) - .{{manifest.manifest.name}}_STACK : ALIGN(128) - { - {# Note: Don't allocate stack for partition when using TFM_PSA_API if tfm_partition_ipc is false #} -#if !defined(TFM_PSA_API) - . += {{manifest.manifest.stack_size}}; -#endif - } > RAM - Image$${{manifest.manifest.name}}_STACK$$ZI$$Base = ADDR(.{{manifest.manifest.name}}_STACK); - Image$${{manifest.manifest.name}}_STACK$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_STACK) + SIZEOF(.{{manifest.manifest.name}}_STACK); -#endif {% endif %} {% if manifest.attr.conditional %} @@ -482,22 +465,10 @@ SECTIONS Image$${{manifest.manifest.name}}_DATA$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_BSS) + SIZEOF(.{{manifest.manifest.name}}_BSS); {% if manifest.attr.tfm_partition_ipc %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) - .{{manifest.manifest.name}}_STACK : ALIGN(128) - { - . += {{manifest.manifest.stack_size}}; - } > RAM - Image$${{manifest.manifest.name}}_STACK$$ZI$$Base = ADDR(.{{manifest.manifest.name}}_STACK); - Image$${{manifest.manifest.name}}_STACK$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_STACK) + SIZEOF(.{{manifest.manifest.name}}_STACK); -#endif - {% else %} -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#if defined (TFM_PSA_API) .{{manifest.manifest.name}}_STACK : ALIGN(128) { - {# Note: Don't allocate stack for partition when using TFM_PSA_API if tfm_partition_ipc is false #} -#if !defined(TFM_PSA_API) . += {{manifest.manifest.stack_size}}; -#endif } > RAM Image$${{manifest.manifest.name}}_STACK$$ZI$$Base = ADDR(.{{manifest.manifest.name}}_STACK); Image$${{manifest.manifest.name}}_STACK$$ZI$$Limit = ADDR(.{{manifest.manifest.name}}_STACK) + SIZEOF(.{{manifest.manifest.name}}_STACK); diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/mps2/an519/spm_hal.c index 7233b1a794..aee35004b1 100644 --- a/platform/ext/target/mps2/an519/spm_hal.c +++ b/platform/ext/target/mps2/an519/spm_hal.c @@ -54,33 +54,22 @@ void tfm_spm_hal_configure_default_isolation( #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 +#define MPU_REGION_NS_STACK 3 #define PARTITION_REGION_RO 4 #define PARTITION_REGION_RW_STACK 5 #define PARTITION_REGION_PERIPH 6 #define PARTITION_REGION_SHARE 7 -#if TFM_LVL == 2 -#define MPU_REGION_NS_STACK 3 -#elif TFM_LVL == 3 -#define MPU_REGION_NS_DATA 3 -#endif - REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit); -#ifndef TFM_PSA_API -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); -#endif -#if TFM_LVL == 2 REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit); -#endif static enum spm_err_t tfm_spm_mpu_init(void) { @@ -128,21 +117,6 @@ static enum spm_err_t tfm_spm_mpu_init(void) return SPM_ERR_INVALID_CONFIG; } -#if TFM_LVL == 3 - /* TFM Core unprivileged non-secure data region */ - region_cfg.region_nr = MPU_REGION_NS_DATA; - region_cfg.region_base = NS_DATA_START; - region_cfg.region_limit = NS_DATA_LIMIT; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } -#endif - -#if TFM_LVL == 2 /* NSPM PSP */ region_cfg.region_nr = MPU_REGION_NS_STACK; region_cfg.region_base = @@ -184,159 +158,12 @@ static enum spm_err_t tfm_spm_mpu_init(void) if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { return SPM_ERR_INVALID_CONFIG; } -#endif mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); return SPM_ERR_OK; } - -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and enables the - * SPM partition for that partition - */ - - struct mpu_armv8m_region_cfg_t region_cfg; - - mpu_armv8m_disable(&dev_mpu_s); - - /* Configure Regions */ - if (memory_data->ro_start) { - /* RO region */ - region_cfg.region_nr = PARTITION_REGION_RO; - region_cfg.region_base = memory_data->ro_start; - region_cfg.region_limit = memory_data->ro_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - } - - /* RW, ZI and stack as one region */ - region_cfg.region_nr = PARTITION_REGION_RW_STACK; - region_cfg.region_base = memory_data->rw_start; - region_cfg.region_limit = memory_data->stack_top; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - if (platform_data) { - /* Peripheral */ - region_cfg.region_nr = PARTITION_REGION_PERIPH; - region_cfg.region_base = platform_data->periph_start; - region_cfg.region_limit = platform_data->periph_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DEVICE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - ppc_en_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and disables the - * SPM partition for that partition - */ - - if (platform_data) { - /* Peripheral */ - ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_disable(&dev_mpu_s); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RO); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RW_STACK); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_PERIPH); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -#if !defined(TFM_PSA_API) -/** - * Set share region to which the partition needs access - */ -enum spm_err_t tfm_spm_hal_set_share_region(uint32_t share) -{ - struct mpu_armv8m_region_cfg_t region_cfg; - enum spm_err_t res = SPM_ERR_INVALID_CONFIG; - uint32_t scratch_base = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); - uint32_t scratch_limit = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); - - mpu_armv8m_disable(&dev_mpu_s); - - if (share == TFM_BUFFER_SHARE_DISABLE) { - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - } else { - - region_cfg.region_nr = PARTITION_REGION_SHARE; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - switch (share) { - case TFM_BUFFER_SHARE_SCRATCH: - /* Use scratch area for SP-to-SP data sharing */ - region_cfg.region_base = scratch_base; - region_cfg.region_limit = scratch_limit; - res = SPM_ERR_OK; - break; - case TFM_BUFFER_SHARE_NS_CODE: - region_cfg.region_base = memory_regions.non_secure_partition_base; - region_cfg.region_limit = memory_regions.non_secure_partition_limit; - /* Only allow read access to NS code region and keep - * exec.never attribute - */ - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - res = SPM_ERR_OK; - break; - default: - /* Leave res to be set to SPM_ERR_INVALID_CONFIG */ - break; - } - if (res == SPM_ERR_OK) { - mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg); - } - } - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return res; -} -#endif /* !defined(TFM_PSA_API) */ #endif /* TFM_LVL != 1 */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/mps2/an521/spm_hal.c index 3cca2ee365..0c9cbd19a2 100644 --- a/platform/ext/target/mps2/an521/spm_hal.c +++ b/platform/ext/target/mps2/an521/spm_hal.c @@ -54,33 +54,22 @@ void tfm_spm_hal_configure_default_isolation( #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 +#define MPU_REGION_NS_STACK 3 #define PARTITION_REGION_RO 4 #define PARTITION_REGION_RW_STACK 5 #define PARTITION_REGION_PERIPH 6 #define PARTITION_REGION_SHARE 7 -#if TFM_LVL == 2 -#define MPU_REGION_NS_STACK 3 -#elif TFM_LVL == 3 -#define MPU_REGION_NS_DATA 3 -#endif - REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit); -#ifndef TFM_PSA_API -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); -#endif -#if TFM_LVL == 2 REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit); -#endif static enum spm_err_t tfm_spm_mpu_init(void) { @@ -128,21 +117,6 @@ static enum spm_err_t tfm_spm_mpu_init(void) return SPM_ERR_INVALID_CONFIG; } -#if TFM_LVL == 3 - /* TFM Core unprivileged non-secure data region */ - region_cfg.region_nr = MPU_REGION_NS_DATA; - region_cfg.region_base = NS_DATA_START; - region_cfg.region_limit = NS_DATA_LIMIT; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } -#endif - -#if TFM_LVL == 2 /* NSPM PSP */ region_cfg.region_nr = MPU_REGION_NS_STACK; region_cfg.region_base = @@ -184,159 +158,12 @@ static enum spm_err_t tfm_spm_mpu_init(void) if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { return SPM_ERR_INVALID_CONFIG; } -#endif mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); return SPM_ERR_OK; } - -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and enables the - * SPM partition for that partition - */ - - struct mpu_armv8m_region_cfg_t region_cfg; - - mpu_armv8m_disable(&dev_mpu_s); - - /* Configure Regions */ - if (memory_data->ro_start) { - /* RO region */ - region_cfg.region_nr = PARTITION_REGION_RO; - region_cfg.region_base = memory_data->ro_start; - region_cfg.region_limit = memory_data->ro_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - } - - /* RW, ZI and stack as one region */ - region_cfg.region_nr = PARTITION_REGION_RW_STACK; - region_cfg.region_base = memory_data->rw_start; - region_cfg.region_limit = memory_data->stack_top; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - if (platform_data) { - /* Peripheral */ - region_cfg.region_nr = PARTITION_REGION_PERIPH; - region_cfg.region_base = platform_data->periph_start; - region_cfg.region_limit = platform_data->periph_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DEVICE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - ppc_en_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and disables the - * SPM partition for that partition - */ - - if (platform_data) { - /* Peripheral */ - ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_disable(&dev_mpu_s); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RO); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RW_STACK); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_PERIPH); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -#if !defined(TFM_PSA_API) -/** - * Set share region to which the partition needs access - */ -enum spm_err_t tfm_spm_hal_set_share_region(uint32_t share) -{ - struct mpu_armv8m_region_cfg_t region_cfg; - enum spm_err_t res = SPM_ERR_INVALID_CONFIG; - uint32_t scratch_base = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); - uint32_t scratch_limit = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); - - mpu_armv8m_disable(&dev_mpu_s); - - if (share == TFM_BUFFER_SHARE_DISABLE) { - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - } else { - - region_cfg.region_nr = PARTITION_REGION_SHARE; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - switch (share) { - case TFM_BUFFER_SHARE_SCRATCH: - /* Use scratch area for SP-to-SP data sharing */ - region_cfg.region_base = scratch_base; - region_cfg.region_limit = scratch_limit; - res = SPM_ERR_OK; - break; - case TFM_BUFFER_SHARE_NS_CODE: - region_cfg.region_base = memory_regions.non_secure_partition_base; - region_cfg.region_limit = memory_regions.non_secure_partition_limit; - /* Only allow read access to NS code region and keep - * exec.never attribute - */ - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - res = SPM_ERR_OK; - break; - default: - /* Leave res to be set to SPM_ERR_INVALID_CONFIG */ - break; - } - if (res == SPM_ERR_OK) { - mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg); - } - } - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return res; -} -#endif /* !defined(TFM_PSA_API) */ #endif /* TFM_LVL != 1 */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/mps3/an524/spm_hal.c index 506a4a8704..2a1885d83c 100644 --- a/platform/ext/target/mps3/an524/spm_hal.c +++ b/platform/ext/target/mps3/an524/spm_hal.c @@ -64,33 +64,22 @@ void tfm_spm_hal_configure_default_isolation( #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 +#define MPU_REGION_NS_STACK 3 #define PARTITION_REGION_RO 4 #define PARTITION_REGION_RW_STACK 5 #define PARTITION_REGION_PERIPH 6 #define PARTITION_REGION_SHARE 7 -#if TFM_LVL == 2 -#define MPU_REGION_NS_STACK 3 -#elif TFM_LVL == 3 -#define MPU_REGION_NS_DATA 3 -#endif - REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit); -#ifndef TFM_PSA_API -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); -#endif -#if TFM_LVL == 2 REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit); -#endif static enum spm_err_t tfm_spm_mpu_init(void) { @@ -138,21 +127,6 @@ static enum spm_err_t tfm_spm_mpu_init(void) return SPM_ERR_INVALID_CONFIG; } -#if TFM_LVL == 3 - /* TFM Core unprivileged non-secure data region */ - region_cfg.region_nr = MPU_REGION_NS_DATA; - region_cfg.region_base = NS_DATA_START; - region_cfg.region_limit = NS_DATA_LIMIT; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } -#endif - -#if TFM_LVL == 2 /* NSPM PSP */ region_cfg.region_nr = MPU_REGION_NS_STACK; region_cfg.region_base = @@ -194,151 +168,11 @@ static enum spm_err_t tfm_spm_mpu_init(void) if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) { return SPM_ERR_INVALID_CONFIG; } -#endif - - mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and enables the - * SPM partition for that partition - */ - - struct mpu_armv8m_region_cfg_t region_cfg; - - mpu_disable(); - - /* Configure Regions */ - if (memory_data->ro_start) { - /* RO region */ - region_cfg.region_nr = PARTITION_REGION_RO; - region_cfg.region_base = memory_data->ro_start; - region_cfg.region_limit = memory_data->ro_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK; - - if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - } - - /* RW, ZI and stack as one region */ - region_cfg.region_nr = PARTITION_REGION_RW_STACK; - region_cfg.region_base = memory_data->rw_start; - region_cfg.region_limit = memory_data->stack_top; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - - if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - if (platform_data) { - /* Peripheral */ - region_cfg.region_nr = PARTITION_REGION_PERIPH; - region_cfg.region_base = platform_data->periph_start; - region_cfg.region_limit = platform_data->periph_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DEVICE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_region_enable(®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - ppc_en_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); return SPM_ERR_OK; } - -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and disables the - * SPM partition for that partition - */ - - if (platform_data) { - /* Peripheral */ - ppc_configure_to_secure_priv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_disable(); - mpu_region_disable(PARTITION_REGION_RO); - mpu_region_disable(PARTITION_REGION_RW_STACK); - mpu_region_disable(PARTITION_REGION_PERIPH); - mpu_region_disable(PARTITION_REGION_SHARE); - mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -#if !defined(TFM_PSA_API) -/* Set share region to which the partition needs access */ -enum spm_err_t tfm_spm_hal_set_share_region( - enum tfm_buffer_share_region_e share) -{ - struct mpu_armv8m_region_cfg_t region_cfg; - enum spm_err_t res = SPM_ERR_INVALID_CONFIG; - uint32_t scratch_base = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); - uint32_t scratch_limit = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); - - mpu_disable(); - - if (share == TFM_BUFFER_SHARE_DISABLE) { - mpu_region_disable(PARTITION_REGION_SHARE); - } else { - region_cfg.region_nr = PARTITION_REGION_SHARE; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - switch (share) { - case TFM_BUFFER_SHARE_SCRATCH: - /* Use scratch area for SP-to-SP data sharing */ - region_cfg.region_base = scratch_base; - region_cfg.region_limit = scratch_limit; - res = SPM_ERR_OK; - break; - case TFM_BUFFER_SHARE_NS_CODE: - region_cfg.region_base = memory_regions.non_secure_partition_base; - region_cfg.region_limit = memory_regions.non_secure_partition_limit; - /* Only allow read access to NS code region and keep - * exec.never attribute - */ - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - res = SPM_ERR_OK; - break; - default: - /* Leave res to be set to SPM_ERR_INVALID_CONFIG */ - break; - } - if (res == SPM_ERR_OK) { - mpu_region_enable(®ion_cfg); - } - } - mpu_enable(PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); - - return res; -} -#endif /* !defined(TFM_PSA_API) */ #endif /* TFM_LVL != 1 */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) diff --git a/platform/ext/target/musca_a/spm_hal.c b/platform/ext/target/musca_a/spm_hal.c index 02232b4e55..f576fd8d7e 100644 --- a/platform/ext/target/musca_a/spm_hal.c +++ b/platform/ext/target/musca_a/spm_hal.c @@ -54,33 +54,22 @@ void tfm_spm_hal_configure_default_isolation( #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 +#define MPU_REGION_NS_STACK 3 #define PARTITION_REGION_RO 4 #define PARTITION_REGION_RW_STACK 5 #define PARTITION_REGION_PERIPH 6 #define PARTITION_REGION_SHARE 7 -#if TFM_LVL == 2 -#define MPU_REGION_NS_STACK 3 -#elif TFM_LVL == 3 -#define MPU_REGION_NS_DATA 3 -#endif - REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit); -#ifndef TFM_PSA_API -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); -#endif -#if TFM_LVL == 2 REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit); -#endif static enum spm_err_t tfm_spm_mpu_init(void) { @@ -128,21 +117,6 @@ static enum spm_err_t tfm_spm_mpu_init(void) return SPM_ERR_INVALID_CONFIG; } -#if TFM_LVL == 3 - /* TFM Core unprivileged non-secure data region */ - region_cfg.region_nr = MPU_REGION_NS_DATA; - region_cfg.region_base = NS_DATA_START; - region_cfg.region_limit = NS_DATA_LIMIT; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } -#endif - -#if TFM_LVL == 2 /* NSPM PSP */ region_cfg.region_nr = MPU_REGION_NS_STACK; region_cfg.region_base = @@ -184,159 +158,12 @@ static enum spm_err_t tfm_spm_mpu_init(void) if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { return SPM_ERR_INVALID_CONFIG; } -#endif mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); return SPM_ERR_OK; } - -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and enables the - * SPM partition for that partition - */ - - struct mpu_armv8m_region_cfg_t region_cfg; - - mpu_armv8m_disable(&dev_mpu_s); - - /* Configure Regions */ - if (memory_data->ro_start) { - /* RO region */ - region_cfg.region_nr = PARTITION_REGION_RO; - region_cfg.region_base = memory_data->ro_start; - region_cfg.region_limit = memory_data->ro_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - } - - /* RW, ZI and stack as one region */ - region_cfg.region_nr = PARTITION_REGION_RW_STACK; - region_cfg.region_base = memory_data->rw_start; - region_cfg.region_limit = memory_data->stack_top; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - if (platform_data) { - /* Peripheral */ - region_cfg.region_nr = PARTITION_REGION_PERIPH; - region_cfg.region_base = platform_data->periph_start; - region_cfg.region_limit = platform_data->periph_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DEVICE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - ppc_en_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and disables the - * SPM partition for that partition - */ - - if (platform_data) { - /* Peripheral */ - ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_disable(&dev_mpu_s); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RO); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RW_STACK); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_PERIPH); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -#if !defined(TFM_PSA_API) -/** - * Set share region to which the partition needs access - */ -enum spm_err_t tfm_spm_hal_set_share_region(uint32_t share) -{ - struct mpu_armv8m_region_cfg_t region_cfg; - enum spm_err_t res = SPM_ERR_INVALID_CONFIG; - uint32_t scratch_base = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); - uint32_t scratch_limit = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); - - mpu_armv8m_disable(&dev_mpu_s); - - if (share == TFM_BUFFER_SHARE_DISABLE) { - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - } else { - - region_cfg.region_nr = PARTITION_REGION_SHARE; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - switch (share) { - case TFM_BUFFER_SHARE_SCRATCH: - /* Use scratch area for SP-to-SP data sharing */ - region_cfg.region_base = scratch_base; - region_cfg.region_limit = scratch_limit; - res = SPM_ERR_OK; - break; - case TFM_BUFFER_SHARE_NS_CODE: - region_cfg.region_base = memory_regions.non_secure_partition_base; - region_cfg.region_limit = memory_regions.non_secure_partition_limit; - /* Only allow read access to NS code region and keep - * exec.never attribute - */ - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - res = SPM_ERR_OK; - break; - default: - /* Leave res to be set to SPM_ERR_INVALID_CONFIG */ - break; - } - if (res == SPM_ERR_OK) { - mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg); - } - } - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return res; -} -#endif /* !defined(TFM_PSA_API) */ #endif /* TFM_LVL != 1 */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) diff --git a/platform/ext/target/musca_b1/spm_hal.c b/platform/ext/target/musca_b1/spm_hal.c index d185b10a65..47b9dc3dc7 100644 --- a/platform/ext/target/musca_b1/spm_hal.c +++ b/platform/ext/target/musca_b1/spm_hal.c @@ -57,33 +57,22 @@ void tfm_spm_hal_configure_default_isolation( #define MPU_REGION_VENEERS 0 #define MPU_REGION_TFM_UNPRIV_CODE 1 #define MPU_REGION_TFM_UNPRIV_DATA 2 +#define MPU_REGION_NS_STACK 3 #define PARTITION_REGION_RO 4 #define PARTITION_REGION_RW_STACK 5 #define PARTITION_REGION_PERIPH 6 #define PARTITION_REGION_SHARE 7 -#if TFM_LVL == 2 -#define MPU_REGION_NS_STACK 3 -#elif TFM_LVL == 3 -#define MPU_REGION_NS_DATA 3 -#endif - REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base); REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$ZI$$Limit); -#ifndef TFM_PSA_API -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); -REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); -#endif -#if TFM_LVL == 2 REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base); REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base); REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit); -#endif static enum spm_err_t tfm_spm_mpu_init(void) { @@ -131,21 +120,6 @@ static enum spm_err_t tfm_spm_mpu_init(void) return SPM_ERR_INVALID_CONFIG; } -#if TFM_LVL == 3 - /* TFM Core unprivileged non-secure data region */ - region_cfg.region_nr = MPU_REGION_NS_DATA; - region_cfg.region_base = NS_DATA_START; - region_cfg.region_limit = NS_DATA_LIMIT; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } -#endif - -#if TFM_LVL == 2 /* NSPM PSP */ region_cfg.region_nr = MPU_REGION_NS_STACK; region_cfg.region_base = @@ -187,159 +161,12 @@ static enum spm_err_t tfm_spm_mpu_init(void) if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { return SPM_ERR_INVALID_CONFIG; } -#endif mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, HARDFAULT_NMI_ENABLE); return SPM_ERR_OK; } - -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and enables the - * SPM partition for that partition - */ - - struct mpu_armv8m_region_cfg_t region_cfg; - - mpu_armv8m_disable(&dev_mpu_s); - - /* Configure Regions */ - if (memory_data->ro_start) { - /* RO region */ - region_cfg.region_nr = PARTITION_REGION_RO; - region_cfg.region_base = memory_data->ro_start; - region_cfg.region_limit = memory_data->ro_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - } - - /* RW, ZI and stack as one region */ - region_cfg.region_nr = PARTITION_REGION_RW_STACK; - region_cfg.region_base = memory_data->rw_start; - region_cfg.region_limit = memory_data->stack_top; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - if (platform_data) { - /* Peripheral */ - region_cfg.region_nr = PARTITION_REGION_PERIPH; - region_cfg.region_base = platform_data->periph_start; - region_cfg.region_limit = platform_data->periph_limit; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DEVICE_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) - != MPU_ARMV8M_OK) { - return SPM_ERR_INVALID_CONFIG; - } - - ppc_en_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data) -{ - /* This function takes a partition id and disables the - * SPM partition for that partition - */ - - if (platform_data) { - /* Peripheral */ - ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); - } - - mpu_armv8m_disable(&dev_mpu_s); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RO); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_RW_STACK); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_PERIPH); - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return SPM_ERR_OK; -} - -#if !defined(TFM_PSA_API) -/** - * Set share region to which the partition needs access - */ -enum spm_err_t tfm_spm_hal_set_share_region(uint32_t share) -{ - struct mpu_armv8m_region_cfg_t region_cfg; - enum spm_err_t res = SPM_ERR_INVALID_CONFIG; - uint32_t scratch_base = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base); - uint32_t scratch_limit = - (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit); - - mpu_armv8m_disable(&dev_mpu_s); - - if (share == TFM_BUFFER_SHARE_DISABLE) { - mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE); - } else { - - region_cfg.region_nr = PARTITION_REGION_SHARE; - region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX; - region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV; - region_cfg.attr_sh = MPU_ARMV8M_SH_NONE; - region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER; - switch (share) { - case TFM_BUFFER_SHARE_SCRATCH: - /* Use scratch area for SP-to-SP data sharing */ - region_cfg.region_base = scratch_base; - region_cfg.region_limit = scratch_limit; - res = SPM_ERR_OK; - break; - case TFM_BUFFER_SHARE_NS_CODE: - region_cfg.region_base = memory_regions.non_secure_partition_base; - region_cfg.region_limit = memory_regions.non_secure_partition_limit; - /* Only allow read access to NS code region and keep - * exec.never attribute - */ - region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV; - res = SPM_ERR_OK; - break; - default: - /* Leave res to be set to SPM_ERR_INVALID_CONFIG */ - break; - } - if (res == SPM_ERR_OK) { - mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg); - } - } - mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE, - HARDFAULT_NMI_ENABLE); - - return res; -} -#endif /* !defined(TFM_PSA_API) */ #endif /* TFM_LVL != 1 */ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void) diff --git a/platform/include/tfm_plat_defs.h b/platform/include/tfm_plat_defs.h index 2a90d9454f..748b2e4883 100644 --- a/platform/include/tfm_plat_defs.h +++ b/platform/include/tfm_plat_defs.h @@ -25,13 +25,14 @@ enum tfm_plat_err_t { TFM_PLAT_ERR_FORCE_INT_SIZE = INT_MAX }; -#if defined(TFM_LVL) && (TFM_LVL != 1) +#if defined(TFM_PSA_API) && (TFM_LVL != 1) + /*! * \def TFM_LINK_SET_RO_IN_PARTITION_SECTION(TFM_PARTITION_NAME) * * \brief This macro provides a mechanism to place a function code or a data * variable in the code section (e.g. RO) of a specific secure partition - * at linker time in TF-M Level 3. + * at linker time. * * \param[in] TFM_PARTITION_NAME TF-M partition name assigned in the manifest * file "name" field. @@ -43,7 +44,7 @@ enum tfm_plat_err_t { * \def TFM_LINK_SET_RW_IN_PARTITION_SECTION(TFM_PARTITION_NAME) * * \brief This macro provides a mechanism to place data variables in the RW data - * section of a specific secure partition at linker time in TF-M Level 3. + * section of a specific secure partition at linker time. * * \param[in] TFM_PARTITION_NAME TF-M partition name assigned in the manifest * file "name" field. @@ -55,7 +56,7 @@ enum tfm_plat_err_t { * \def TFM_LINK_SET_ZI_IN_PARTITION_SECTION(TFM_PARTITION_NAME) * * \brief This macro provides a mechanism to place data variables in the ZI data - * section of a specific secure partition at linker time in TF-M Level 3. + * section of a specific secure partition at linker time. * * \param[in] TFM_PARTITION_NAME TF-M partition name assigned in the manifest * file "name" field. diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h index 2a33fe5ea4..b6820f5d93 100644 --- a/platform/include/tfm_spm_hal.h +++ b/platform/include/tfm_spm_hal.h @@ -34,7 +34,7 @@ enum irq_target_state_t { TFM_IRQ_TARGET_STATE_NON_SECURE, }; -#if defined (TFM_PSA_API) || (TFM_LVL != 1) +#ifdef TFM_PSA_API /** * \brief Holds SPM db fields that define the memory regions used by a * partition. @@ -219,43 +219,4 @@ enum irq_target_state_t tfm_spm_hal_set_irq_target_state( int32_t irq_line, enum irq_target_state_t target_state); -#if (TFM_LVL != 1) && !defined(TFM_PSA_API) -/** - * \brief Configure the sandbox for a partition. - * - * \param[in] memory_data The memory ranges from the partition DB for this - * partition - * \param[in] platform_data The platform fields of the partition DB record - * for this partition. Can be NULL. - * - * \return Returns the result operation as per \ref spm_err_t - */ -enum spm_err_t tfm_spm_hal_partition_sandbox_config( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data); - -/** - * \brief Deconfigure the sandbox for a partition. - * - * \param[in] memory_data The memory ranges from the partition DB for this - * partition - * \param[in] platform_data The platform fields of the partition DB record - * for this partition. Can be NULL. - * - * \return Returns the result operation as per \ref spm_err_t - */ -enum spm_err_t tfm_spm_hal_partition_sandbox_deconfig( - const struct tfm_spm_partition_memory_data_t *memory_data, - const struct tfm_spm_partition_platform_data_t *platform_data); - -/** - * \brief Set the share region mode - * - * \param[in] share The mode to set - * - * \return Returns the result operation as per \ref spm_err_t - */ -enum spm_err_t tfm_spm_hal_set_share_region(uint32_t share); -#endif - #endif /* __TFM_SPM_HAL_H__ */ |