plat/arm: Allow override of default TZC regions

This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.

This override mechanism allows specifying special regions for TZMP1
usecase.

Signed-off-by: Summer Qin <summer.qin@arm.com>

4 files changed, 51 insertions, 66 deletions

diff --git a/plat/arm/board/fvp/fvp_security.c b/plat/arm/board/fvp/fvp_security.c
index 4559865b3..a6c92278f 100644
--- a/plat/arm/board/fvp/fvp_security.c
+++ b/plat/arm/board/fvp/fvp_security.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -22,5 +22,5 @@ void plat_arm_security_setup(void)
 	 */
 
 	if (get_arm_config()->flags & ARM_CONFIG_HAS_TZC)
-		arm_tzc400_setup();
+		arm_tzc400_setup(NULL);
 }
diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c
index ce4239bf6..9f28901d2 100644
--- a/plat/arm/board/juno/juno_security.c
+++ b/plat/arm/board/juno/juno_security.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -59,7 +59,7 @@ void plat_arm_security_setup(void)
 	/* Initialize debug configuration */
 	init_debug_cfg();
 	/* Initialize the TrustZone Controller */
-	arm_tzc400_setup();
+	arm_tzc400_setup(NULL);
 	/* Do ARM CSS internal NIC setup */
 	css_init_nic400();
 	/* Do ARM CSS SoC security setup */
diff --git a/plat/arm/common/arm_tzc400.c b/plat/arm/common/arm_tzc400.c
index 6b706be92..a32736c3a 100644
--- a/plat/arm/common/arm_tzc400.c
+++ b/plat/arm/common/arm_tzc400.c
@@ -18,16 +18,20 @@
 
 /*******************************************************************************
  * Initialize the TrustZone Controller for ARM standard platforms.
- * Configure:
- *   - Region 0 with no access;
- *   - Region 1 with secure access only;
- *   - the remaining DRAM regions access from the given Non-Secure masters.
- *
  * When booting an EL3 payload, this is simplified: we configure region 0 with
  * secure access only and do not enable any other region.
  ******************************************************************************/
-void arm_tzc400_setup(void)
+void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions)
 {
+#ifndef EL3_PAYLOAD_BASE
+	int region_index = 1;
+	const arm_tzc_regions_info_t *p;
+	const arm_tzc_regions_info_t init_tzc_regions[] = {
+		ARM_TZC_REGIONS_DEF,
+		{0}
+	};
+#endif
+
 	INFO("Configuring TrustZone Controller\n");
 
 	tzc400_init(PLAT_ARM_TZC_BASE);
@@ -36,42 +40,22 @@ void arm_tzc400_setup(void)
 	tzc400_disable_filters();
 
 #ifndef EL3_PAYLOAD_BASE
+	if (tzc_regions == NULL)
+		p = init_tzc_regions;
+	else
+		p = tzc_regions;
 
 	/* Region 0 set to no access by default */
 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
 
-	/* Region 1 set to cover Secure part of DRAM */
-	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 1,
-			ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,
-			TZC_REGION_S_RDWR,
-			0);
-
-	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.
-	 * Apply the same configuration to given filters in the TZC. */
-	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
-			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
-			ARM_TZC_NS_DRAM_S_ACCESS,
-			PLAT_ARM_TZC_NS_DEV_ACCESS);
-
-	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
-	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
-			ARM_DRAM2_BASE, ARM_DRAM2_END,
-			ARM_TZC_NS_DRAM_S_ACCESS,
-			PLAT_ARM_TZC_NS_DEV_ACCESS);
-
-#if ENABLE_SPM
-	/*
-	 * Region 4 set to cover Non-Secure access to the communication buffer
-	 * shared with the Secure world.
-	 */
-	tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
-				4,
-				ARM_SP_IMAGE_NS_BUF_BASE,
-				(ARM_SP_IMAGE_NS_BUF_BASE +
-				 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
-				TZC_REGION_S_NONE,
-				PLAT_ARM_TZC_NS_DEV_ACCESS);
-#endif
+	/* Rest Regions set according to tzc_regions array */
+	for (; p->base != 0ULL; p++) {
+		tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
+			p->base, p->end, p->sec_attr, p->nsaid_permissions);
+		region_index++;
+	}
+
+	INFO("Total %d regions set.\n", region_index);
 
 #else /* if defined(EL3_PAYLOAD_BASE) */
 
@@ -92,5 +76,5 @@ void arm_tzc400_setup(void)
 
 void plat_arm_security_setup(void)
 {
-	arm_tzc400_setup();
+	arm_tzc400_setup(NULL);
 }
diff --git a/plat/arm/common/arm_tzc_dmc500.c b/plat/arm/common/arm_tzc_dmc500.c
index 8e41391f5..89c502cce 100644
--- a/plat/arm/common/arm_tzc_dmc500.c
+++ b/plat/arm/common/arm_tzc_dmc500.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -12,15 +12,21 @@
 
 /*******************************************************************************
  * Initialize the DMC500-TrustZone Controller for ARM standard platforms.
- * Configure both the interfaces on Region 0 with no access, Region 1 with
- * secure access only, and the remaining DRAM regions access from the
- * given Non-Secure masters.
- *
  * When booting an EL3 payload, this is simplified: we configure region 0 with
  * secure access only and do not enable any other region.
  ******************************************************************************/
-void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
+void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data,
+			const arm_tzc_regions_info_t *tzc_regions)
 {
+#ifndef EL3_PAYLOAD_BASE
+	int region_index = 1;
+	const arm_tzc_regions_info_t *p;
+	const arm_tzc_regions_info_t init_tzc_regions[] = {
+		ARM_TZC_REGIONS_DEF,
+		{0}
+	};
+#endif
+
 	assert(plat_driver_data);
 
 	INFO("Configuring DMC-500 TZ Settings\n");
@@ -28,28 +34,23 @@ void arm_tzc_dmc500_setup(tzc_dmc500_driver_data_t *plat_driver_data)
 	tzc_dmc500_driver_init(plat_driver_data);
 
 #ifndef EL3_PAYLOAD_BASE
+	if (tzc_regions == NULL)
+		p = init_tzc_regions;
+	else
+		p = tzc_regions;
+
 	/* Region 0 set to no access by default */
 	tzc_dmc500_configure_region0(TZC_REGION_S_NONE, 0);
 
-	/* Region 1 set to cover Secure part of DRAM */
-	tzc_dmc500_configure_region(1, ARM_AP_TZC_DRAM1_BASE,
-		ARM_EL3_TZC_DRAM1_END,
-		TZC_REGION_S_RDWR,
-		0);
+	/* Rest Regions set according to tzc_regions array */
+	for (; p->base != 0ULL; p++) {
+		tzc_dmc500_configure_region(region_index, p->base, p->end,
+					    p->sec_attr, p->nsaid_permissions);
+		region_index++;
+	}
 
-	/* Region 2 set to cover Non-Secure access to 1st DRAM address range.*/
-	tzc_dmc500_configure_region(2,
-		ARM_NS_DRAM1_BASE,
-		ARM_NS_DRAM1_END,
-		ARM_TZC_NS_DRAM_S_ACCESS,
-		PLAT_ARM_TZC_NS_DEV_ACCESS);
+	INFO("Total %d regions set.\n", region_index);
 
-	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
-	tzc_dmc500_configure_region(3,
-		ARM_DRAM2_BASE,
-		ARM_DRAM2_END,
-		ARM_TZC_NS_DRAM_S_ACCESS,
-		PLAT_ARM_TZC_NS_DEV_ACCESS);
 #else
 	/* Allow secure access only to DRAM for EL3 payloads */
 	tzc_dmc500_configure_region0(TZC_REGION_S_RDWR, 0);