diff options
-rw-r--r-- | platform/ext/target/cypress/psoc64/spm_hal.c | 4 | ||||
-rw-r--r-- | platform/ext/target/mps2/an519/spm_hal.c | 13 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/spm_hal.c | 11 | ||||
-rw-r--r-- | platform/ext/target/mps2/an539/spm_hal.c | 13 | ||||
-rw-r--r-- | platform/ext/target/mps3/an524/spm_hal.c | 13 | ||||
-rw-r--r-- | platform/ext/target/musca_a/spm_hal.c | 13 | ||||
-rw-r--r-- | platform/ext/target/musca_b1/spm_hal.c | 15 | ||||
-rw-r--r-- | platform/ext/target/musca_s1/spm_hal.c | 15 | ||||
-rw-r--r-- | platform/ext/target/sse-200_aws/spm_hal.c | 11 | ||||
-rw-r--r-- | platform/include/tfm_spm_hal.h | 9 | ||||
-rw-r--r-- | secure_fw/core/include/tfm_platform_core_api.h | 13 | ||||
-rw-r--r-- | secure_fw/spm/spm_api.c | 19 | ||||
-rw-r--r-- | secure_fw/spm/spm_api.h | 22 | ||||
-rw-r--r-- | secure_fw/spm/spm_api_func.c | 4 | ||||
-rw-r--r-- | secure_fw/spm/spm_api_ipc.c | 11 |
15 files changed, 137 insertions, 49 deletions
diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c index a48757624f..405e1857a2 100644 --- a/platform/ext/target/cypress/psoc64/spm_hal.c +++ b/platform/ext/target/cypress/psoc64/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * Copyright (c) 2019, Cypress Semiconductor Corporation. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -42,8 +42,10 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( + uint32_t partition_idx, const struct tfm_spm_partition_platform_data_t *platform_data) { + (void) partition_idx; /* Unused parameter */ printf("In %s()\n", __func__); if (platform_data) { /* TBD */ diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/mps2/an519/spm_hal.c index c85d8d0094..19a52c292a 100644 --- a/platform/ext/target/mps2/an519/spm_hal.c +++ b/platform/ext/target/mps2/an519/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -41,12 +41,21 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/mps2/an521/spm_hal.c index d0cfbc173b..19a52c292a 100644 --- a/platform/ext/target/mps2/an521/spm_hal.c +++ b/platform/ext/target/mps2/an521/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -41,12 +41,21 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( + uint32_t partition_idx, const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/mps2/an539/spm_hal.c b/platform/ext/target/mps2/an539/spm_hal.c index 374e9d6d19..de95e2f951 100644 --- a/platform/ext/target/mps2/an539/spm_hal.c +++ b/platform/ext/target/mps2/an539/spm_hal.c @@ -53,14 +53,21 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, platform_data->periph_ppc_loc); - ppc_configure_to_secure_priv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); + if (privileged) { + ppc_configure_to_secure_priv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_configure_to_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/mps3/an524/spm_hal.c index a1bafb15e4..5fa18cdecd 100644 --- a/platform/ext/target/mps3/an524/spm_hal.c +++ b/platform/ext/target/mps3/an524/spm_hal.c @@ -49,12 +49,19 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { - ppc_configure_to_secure_priv(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); + if (privileged) { + ppc_configure_to_secure_priv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/musca_a/spm_hal.c b/platform/ext/target/musca_a/spm_hal.c index 4b20f52072..e8682f90de 100644 --- a/platform/ext/target/musca_a/spm_hal.c +++ b/platform/ext/target/musca_a/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019 Arm Limited. All rights reserved. + * Copyright (c) 2018-2020 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -39,12 +39,21 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/musca_b1/spm_hal.c b/platform/ext/target/musca_b1/spm_hal.c index a7fd7a161c..4da1c9d493 100644 --- a/platform/ext/target/musca_b1/spm_hal.c +++ b/platform/ext/target/musca_b1/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -43,12 +43,19 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { - ppc_configure_to_secure(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/musca_s1/spm_hal.c b/platform/ext/target/musca_s1/spm_hal.c index d9ff79cb21..d7ec07e67e 100644 --- a/platform/ext/target/musca_s1/spm_hal.c +++ b/platform/ext/target/musca_s1/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -42,12 +42,19 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( - const struct tfm_spm_partition_platform_data_t *platform_data) + uint32_t partition_idx, + const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { - ppc_configure_to_secure(platform_data->periph_ppc_bank, - platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/ext/target/sse-200_aws/spm_hal.c b/platform/ext/target/sse-200_aws/spm_hal.c index d37361f3de..f3e0fbdf37 100644 --- a/platform/ext/target/sse-200_aws/spm_hal.c +++ b/platform/ext/target/sse-200_aws/spm_hal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -41,12 +41,21 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void) } void tfm_spm_hal_configure_default_isolation( + uint32_t partition_idx, const struct tfm_spm_partition_platform_data_t *platform_data) { + bool privileged = tfm_is_partition_privileged(partition_idx); if (platform_data) { if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) { ppc_configure_to_secure(platform_data->periph_ppc_bank, platform_data->periph_ppc_loc); + if (privileged) { + ppc_clr_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } else { + ppc_en_secure_unpriv(platform_data->periph_ppc_bank, + platform_data->periph_ppc_loc); + } } } } diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h index 1bc2626cad..b12df11571 100644 --- a/platform/include/tfm_spm_hal.h +++ b/platform/include/tfm_spm_hal.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -117,16 +117,19 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void); #endif /** - * \brief Configure peripherals for a partition based on the platfotm data from - * the DB + * \brief Configure peripherals for a partition based on the platform data and + * partition index from the DB * * This function is called during partition initialisation (before calling the * init function for the partition) * + * \param[in] partition_idx The index of the partition that this peripheral + * is assigned to. * \param[in] platform_data The platform fields of the partition DB record to * be used for configuration. Can be NULL. */ void tfm_spm_hal_configure_default_isolation( + uint32_t partition_idx, const struct tfm_spm_partition_platform_data_t *platform_data); /** * \brief Configures the system debug properties. diff --git a/secure_fw/core/include/tfm_platform_core_api.h b/secure_fw/core/include/tfm_platform_core_api.h index 3532752049..0f0d759afb 100644 --- a/secure_fw/core/include/tfm_platform_core_api.h +++ b/secure_fw/core/include/tfm_platform_core_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -8,6 +8,8 @@ #ifndef __TFM_PLATFORM_CORE_API_H__ #define __TFM_PLATFORM_CORE_API_H__ +#include <stdbool.h> + /** * \brief Should be called in case of access violation. * @@ -21,4 +23,13 @@ */ void tfm_access_violation_handler(void); +/** + * \brief Return whether a secure partition is privileged. + * + * \param[in] partition_idx The index of the partition in the partition_db. + * + * \return True if the partition is privileged, false otherwise. + */ +bool tfm_is_partition_privileged(uint32_t partition_idx); + #endif /* __TFM_PLATFORM_CORE_API_H__ */ diff --git a/secure_fw/spm/spm_api.c b/secure_fw/spm/spm_api.c index eda2ae3fc8..f162890d2d 100644 --- a/secure_fw/spm/spm_api.c +++ b/secure_fw/spm/spm_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * Copyright (c) 2017-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -89,6 +89,23 @@ uint32_t tfm_spm_partition_get_flags(uint32_t partition_idx) partition_flags; } +uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags) +{ + if (partition_flags & SPM_PART_FLAG_PSA_ROT) { + return TFM_PARTITION_PRIVILEGED_MODE; + } else { + return TFM_PARTITION_UNPRIVILEGED_MODE; + } +} + +bool tfm_is_partition_privileged(uint32_t partition_idx) +{ + uint32_t flags = tfm_spm_partition_get_flags(partition_idx); + + return tfm_spm_partition_get_privileged_mode(flags) == + TFM_PARTITION_PRIVILEGED_MODE; +} + __attribute__((section("SFN"))) void tfm_spm_partition_change_privilege(uint32_t privileged) { diff --git a/secure_fw/spm/spm_api.h b/secure_fw/spm/spm_api.h index 7c4a9a611c..d7d0e7d778 100644 --- a/secure_fw/spm/spm_api.h +++ b/secure_fw/spm/spm_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * Copyright (c) 2017-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -215,6 +215,16 @@ enum spm_err_t tfm_spm_db_init(void); */ void tfm_spm_partition_change_privilege(uint32_t privileged); +/** + * \brief Get the current partition mode. + * + * \param[in] partition_flags Flags of current partition + * + * \retval TFM_PARTITION_PRIVILEGED_MODE Privileged mode + * \retval TFM_PARTITION_UNPRIVILEGED_MODE Unprivileged mode + */ +uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags); + /*********************** library definitions ***********************/ #ifndef TFM_PSA_API @@ -405,16 +415,6 @@ uint32_t tfm_spm_partition_get_stack_top(uint32_t partition_idx); */ uint32_t tfm_spm_partition_get_running_partition_id(void); -/** - * \brief Get the current partition mode. - * - * \param[in] partition_flags Flags of current partition - * - * \retval TFM_PARTITION_PRIVILEGED_MODE Privileged mode - * \retval TFM_PARTITION_UNPRIVILEGED_MODE Unprivileged mode - */ -uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags); - /******************** Service handle management functions ********************/ /** diff --git a/secure_fw/spm/spm_api_func.c b/secure_fw/spm/spm_api_func.c index 45059d16e6..be71ec99bb 100644 --- a/secure_fw/spm/spm_api_func.c +++ b/secure_fw/spm/spm_api_func.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -58,7 +58,7 @@ enum spm_err_t tfm_spm_partition_init(void) platform_data_p = part->platform_data_list; if (platform_data_p != NULL) { while ((*platform_data_p) != NULL) { - tfm_spm_hal_configure_default_isolation(*platform_data_p); + tfm_spm_hal_configure_default_isolation(idx, *platform_data_p); ++platform_data_p; } } diff --git a/secure_fw/spm/spm_api_ipc.c b/secure_fw/spm/spm_api_ipc.c index cca156e224..dc27023dd8 100644 --- a/secure_fw/spm/spm_api_ipc.c +++ b/secure_fw/spm/spm_api_ipc.c @@ -508,15 +508,6 @@ int32_t tfm_memory_check(const void *buffer, size_t len, bool ns_caller, return IPC_ERROR_MEMORY_CHECK; } -uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags) -{ - if (partition_flags & SPM_PART_FLAG_PSA_ROT) { - return TFM_PARTITION_PRIVILEGED_MODE; - } else { - return TFM_PARTITION_UNPRIVILEGED_MODE; - } -} - /********************** SPM functions for thread mode ************************/ void tfm_spm_init(void) @@ -545,7 +536,7 @@ void tfm_spm_init(void) platform_data_p = partition->platform_data_list; if (platform_data_p != NULL) { while ((*platform_data_p) != NULL) { - tfm_spm_hal_configure_default_isolation(*platform_data_p); + tfm_spm_hal_configure_default_isolation(i, *platform_data_p); ++platform_data_p; } } |