Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 | /*
* Copyright (c) 2018 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @file
* @brief TrustZone API
*
* TrustZone API for Cortex-M23/M33 CPUs implementing the Security Extension.
*/
#ifndef ZEPHYR_ARCH_ARM_INCLUDE_CORTEX_M_TZ_H_
#define ZEPHYR_ARCH_ARM_INCLUDE_CORTEX_M_TZ_H_
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _ASMLANGUAGE
/* nothing */
#else
#include <arm_cmse.h>
#include <zephyr/types.h>
/**
*
* @brief Initial Non-Secure state configuration
*
* A convenient struct to include all required Non-Secure
* state configuration.
*/
typedef struct tz_nonsecure_setup_conf {
u32_t msp_ns;
u32_t psp_ns;
u32_t vtor_ns;
struct {
u32_t npriv:1;
u32_t spsel:1;
u32_t reserved:30;
} control_ns;
} tz_nonsecure_setup_conf_t;
/**
*
* @brief Setup Non-Secure state core registers
*
* Configure the Non-Secure instances of the VTOR, MSP, PSP,
* and CONTROL register.
*
* @param p_ns_conf Pointer to a structure holding the desired configuration.
*
* Notes:
*
* This function shall only be called from Secure state, otherwise the
* Non-Secure instances of the core registers are RAZ/WI.
*
* This function shall be called before the Secure Firmware may transition
* to Non-Secure state.
*
* @return N/A
*/
void tz_nonsecure_state_setup(const tz_nonsecure_setup_conf_t *p_ns_conf);
#if defined(CONFIG_ARMV8_M_MAINLINE)
/**
*
* @brief Setup Non-Secure Main Stack Pointer limit register
*
* Configure the Non-Secure instance of the MSPLIM register.
*
* @param val value to configure the MSPLIM_NS register with.
*
* Notes:
*
* This function shall only be called from Secure state.
* Only ARMv8-M Mainline implementations have Non-Secure MSPLIM instance.
*
* @return N/A
*/
void tz_nonsecure_msplim_set(u32_t val);
/**
*
* @brief Setup Non-Secure Process Stack Pointer limit register
*
* Configure the Non-Secure instance of the PSPLIM register.
*
* @param val value to configure the PSPLIM_NS register with.
*
* Notes:
*
* This function shall only be called from Secure state.
* Only ARMv8-M Mainline implementations have Non-Secure PSPLIM instance.
*
* @return N/A
*/
void tz_nonsecure_psplim_set(u32_t val);
#endif /* CONFIG_ARMV8_M_MAINLINE */
/**
* @brief Block or permit Non-Secure System Reset Requests
*
* Function allows the user to configure the system to block or
* permit the Non-Secure domain to issue System Reset Requests.
*
* @param block Flag indicating whether Non-Secure System Reset
* Requests shall be blocked (1), or permitted (0).
*
* Note:
*
* This function shall only be called from Secure state.
*
* @return N/A
*/
void tz_nonsecure_system_reset_req_block(int block);
/**
* @brief Prioritize Secure exceptions
*
* Function allows the user to prioritize Secure exceptions over Non-Secure,
* enabling Secure exception priority boosting.
*
* @param secure_boost Flag indicating whether Secure priority boosting
* is desired; select 1 for priority boosting, otherwise 0.
*
* Note:
*
* This function shall only be called from Secure state.
*
* @return N/A
*/
void tz_nonsecure_exception_prio_config(int secure_boost);
/**
* @brief Set target state for exceptions not banked between security states
*
* Function sets the security state (Secure or Non-Secure) target
* for ARMv8-M HardFault, NMI, and BusFault exception.
*
* @param secure_state 1 if target state is Secure, 0 if target state
* is Non-Secure.
*
* Secure state: BusFault, HardFault, and NMI are Secure.
* Non-Secure state: BusFault and NMI are Non-Secure and exceptions can
* target Non-Secure HardFault.
*
* Notes:
*
* - This function shall only be called from Secure state.
* - NMI and BusFault are not banked between security states; they
* shall either target Secure or Non-Secure state based on user selection.
* - HardFault exception generated through escalation will target the
* security state of the original fault before its escalation to HardFault.
* - If secure_state is set to 1 (Secure), all Non-Secure HardFaults are
* escalated to Secure HardFaults.
* - BusFault is present only if the Main Extension is implemented.
*
* @return N/A
*/
void tz_nbanked_exception_target_state_set(int secure_state);
#if defined(CONFIG_ARMV7_M_ARMV8_M_FP)
/**
* @brief Allow Non-Secure firmware to access the FPU
*
* Function allows the Non-Secure firmware to access the Floating Point Unit.
*
* Relevant for ARMv8-M MCUs supporting the Floating Point Extension.
*
* Note:
*
* This function shall only be called from Secure state.
*
* @return N/A
*/
void tz_nonsecure_fpu_access_enable(void);
#endif /* CONFIG_ARMV7_M_ARMV8_M_FP */
/**
*
* @brief Configure SAU
*
* Configure (enable or disable) the ARMv8-M Security Attribution Unit.
*
* @param enable SAU enable flag: 1 if SAU is to be enabled, 0 if SAU is
* to be disabled.
* @param allns SAU_CTRL.ALLNS flag: select 1 to set SAU_CTRL.ALLNS, 0
* to clear SAU_CTRL.ALLNS.
*
* Notes:
*
* SAU_CTRL.ALLNS bit: All Non-secure. When SAU_CTRL.ENABLE is 0
* this bit controls if the memory is marked as Non-secure or Secure.
* Values:
* Secure (not Non-Secure Callable): 0
* Non-Secure: 1
*
* This function shall only be called from Secure state, otherwise the
* Non-Secure instance of SAU_CTRL register is RAZ/WI.
*
* This function shall be called before the Secure Firmware may transition
* to Non-Secure state.
*
* @return N/A
*/
void tz_sau_configure(int enable, int allns);
/**
*
* @brief Get number of SAU regions
*
* Get the number of regions implemented by the Security Attribution Unit,
* indicated by SAU_TYPE.SREGION (read-only) register field.
*
* Notes:
*
* The SREGION field reads as an IMPLEMENTATION DEFINED value.
*
* This function shall only be called from Secure state, otherwise the
* Non-Secure instance of SAU_TYPE register is RAZ.
*
* @return The number of configured SAU regions.
*/
u32_t tz_sau_number_of_regions_get(void);
#if defined(CONFIG_CPU_HAS_ARM_SAU)
/**
*
* @brief SAU Region configuration
*
* A convenient struct to include all required elements
* for a SAU region configuration.
*/
typedef struct {
u8_t region_num;
u8_t enable:1;
u8_t nsc:1;
u32_t base_addr;
u32_t limit_addr;
} tz_sau_conf_t;
/**
*
* @brief Configure SAU Region
*
* Configure an existing ARMv8-M SAU region.
*
* @param p_sau_conf pointer to a tz_sau_conf_t structure
*
* This function shall only be called from Secure state, otherwise the
* Non-Secure instances of SAU RNR, RLAR, RBAR registers are RAZ/WI.
*
* This function shall be called before the Secure Firmware may transition
* to Non-Secure state.
*
* @return 1 if configuration is successful, otherwise 0.
*/
int tz_sau_region_configure(tz_sau_conf_t *p_sau_conf);
#endif /* CONFIG_CPU_HAS_ARM_SAU */
/**
* @brief Non-Secure function type
*
* Defines a function pointer type to implement a non-secure function call,
* i.e. a function call that switches state from Secure to Non-secure.
*
* Note:
*
* A non-secure function call can only happen through function pointers.
* This is a consequence of separating secure and non-secure code into
* separate executable files.
*/
typedef void __attribute__((cmse_nonsecure_call)) (*tz_ns_func_ptr_t) (void);
/* Required for C99 compilation */
#define typeof __typeof__
#if defined(CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS)
/**
* @brief Non-Secure entry function attribute.
*
* Declares a non-secure entry function that may be called from Non-Secure
* or from Secure state using the CMSE _cmse_nonsecure_entry intrinsic.
*
* Note:
*
* The function must reside in Non-Secure Callable memory region.
*/
#define __TZ_NONSECURE_ENTRY_FUNC \
__attribute__((cmse_nonsecure_entry, noinline))
#endif /* CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS */
/**
* @brief Declare a pointer of non-secure function type
*
* Note:
*
* A non-secure function type must only be used as a base type of pointer.
*/
#define TZ_NONSECURE_FUNC_PTR_DECLARE(fptr) tz_ns_func_ptr_t fptr
/**
* @brief Define a non-secure function pointer
*
* A non-secure function pointer is a function pointer that has its LSB unset.
* The macro uses the CMSE intrinsic: cmse_nsfptr_create(p) to return the
* value of a pointer with its LSB cleared.
*/
#define TZ_NONSECURE_FUNC_PTR_CREATE(fptr) \
((tz_ns_func_ptr_t)(cmse_nsfptr_create(fptr)))
/**
* @brief Check if pointer can be of non-secure function type
*
* A non-secure function pointer is a function pointer that has its LSB unset.
* The macro uses the CMSE intrinsic: cmse_is_nsfptr(p) to evaluate whether
* the supplied pointer has its LSB cleared and, thus, can be of non-secure
* function type.
*
* @param fptr supplied pointer to be checked
*
* @return non-zero if pointer can be of non-secure function type
* (i.e. with LSB unset), zero otherwise.
*/
#define TZ_NONSECURE_FUNC_PTR_IS_NS(fptr) \
cmse_is_nsfptr(fptr)
#endif /* _ASMLANGUAGE */
#ifdef __cplusplus
}
#endif
#endif /* ZEPHYR_ARCH_ARM_INCLUDE_CORTEX_M_TZ_H_ */
|