1211e701dSPeter Maydell /* 2211e701dSPeter Maydell * ARM TrustZone master security controller emulation 3211e701dSPeter Maydell * 4211e701dSPeter Maydell * Copyright (c) 2018 Linaro Limited 5211e701dSPeter Maydell * Written by Peter Maydell 6211e701dSPeter Maydell * 7211e701dSPeter Maydell * This program is free software; you can redistribute it and/or modify 8211e701dSPeter Maydell * it under the terms of the GNU General Public License version 2 or 9211e701dSPeter Maydell * (at your option) any later version. 10211e701dSPeter Maydell */ 11211e701dSPeter Maydell 12211e701dSPeter Maydell /* 13211e701dSPeter Maydell * This is a model of the TrustZone master security controller (MSC). 14211e701dSPeter Maydell * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM 15211e701dSPeter Maydell * (DDI 0571G): 16211e701dSPeter Maydell * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g 17211e701dSPeter Maydell * 18211e701dSPeter Maydell * The MSC sits in front of a device which can be a bus master (such as 19211e701dSPeter Maydell * a DMA controller) and allows secure software to configure it to either 20211e701dSPeter Maydell * pass through or reject transactions made by that bus master. 21211e701dSPeter Maydell * Rejected transactions may be configured to either be aborted, or to 22211e701dSPeter Maydell * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction. 23211e701dSPeter Maydell * 24211e701dSPeter Maydell * The MSC has no register interface -- it is configured purely by a 25211e701dSPeter Maydell * collection of input signals from other hardware in the system. Typically 26211e701dSPeter Maydell * they are either hardwired or exposed in an ad-hoc register interface by 27211e701dSPeter Maydell * the SoC that uses the MSC. 28211e701dSPeter Maydell * 29211e701dSPeter Maydell * We don't currently implement the irq_enable GPIO input, because on 30211e701dSPeter Maydell * the MPS2 FPGA images it is always tied high, which is awkward to 31211e701dSPeter Maydell * implement in QEMU. 32211e701dSPeter Maydell * 33211e701dSPeter Maydell * QEMU interface: 34211e701dSPeter Maydell * + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be 35211e701dSPeter Maydell * treated as nonsecure, or 0 for secure 36211e701dSPeter Maydell * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should 37211e701dSPeter Maydell * result in a transaction error, or 0 for the transaction to RAZ/WI 38211e701dSPeter Maydell * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt 39211e701dSPeter Maydell * + Named GPIO output "irq": set for a transaction-failed interrupt 40211e701dSPeter Maydell * + Property "downstream": MemoryRegion defining where bus master transactions 41211e701dSPeter Maydell * are made if they are not blocked 42211e701dSPeter Maydell * + Property "idau": an object implementing IDAUInterface, which defines which 43211e701dSPeter Maydell * addresses should be treated as secure and which as non-secure. 44211e701dSPeter Maydell * This need not be the same IDAU as the one used by the CPU. 45211e701dSPeter Maydell * + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC; 46211e701dSPeter Maydell * this should be passed to the bus master device as the region it should 47211e701dSPeter Maydell * make memory transactions to 48211e701dSPeter Maydell */ 49211e701dSPeter Maydell 50211e701dSPeter Maydell #ifndef TZ_MSC_H 51211e701dSPeter Maydell #define TZ_MSC_H 52211e701dSPeter Maydell 53211e701dSPeter Maydell #include "hw/sysbus.h" 54211e701dSPeter Maydell #include "target/arm/idau.h" 55db1015e9SEduardo Habkost #include "qom/object.h" 56211e701dSPeter Maydell 57211e701dSPeter Maydell #define TYPE_TZ_MSC "tz-msc" 58*8063396bSEduardo Habkost OBJECT_DECLARE_SIMPLE_TYPE(TZMSC, TZ_MSC) 59211e701dSPeter Maydell 60db1015e9SEduardo Habkost struct TZMSC { 61211e701dSPeter Maydell /*< private >*/ 62211e701dSPeter Maydell SysBusDevice parent_obj; 63211e701dSPeter Maydell 64211e701dSPeter Maydell /*< public >*/ 65211e701dSPeter Maydell 66211e701dSPeter Maydell /* State: these just track the values of our input signals */ 67211e701dSPeter Maydell bool cfg_nonsec; 68211e701dSPeter Maydell bool cfg_sec_resp; 69211e701dSPeter Maydell bool irq_clear; 70211e701dSPeter Maydell /* State: are we asserting irq ? */ 71211e701dSPeter Maydell bool irq_status; 72211e701dSPeter Maydell 73211e701dSPeter Maydell qemu_irq irq; 74211e701dSPeter Maydell MemoryRegion *downstream; 75211e701dSPeter Maydell AddressSpace downstream_as; 76211e701dSPeter Maydell MemoryRegion upstream; 77211e701dSPeter Maydell IDAUInterface *idau; 78db1015e9SEduardo Habkost }; 79211e701dSPeter Maydell 80211e701dSPeter Maydell #endif 81