xref: /openbmc/qemu/hw/misc/tz-msc.c (revision 6a0acfff) 
1 /*
2  * ARM TrustZone master security controller emulation
3  *
4  * Copyright (c) 2018 Linaro Limited
5  * Written by Peter Maydell
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 or
9  * (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qemu/log.h"
14 #include "qemu/module.h"
15 #include "qapi/error.h"
16 #include "trace.h"
17 #include "hw/sysbus.h"
18 #include "hw/registerfields.h"
19 #include "hw/irq.h"
20 #include "hw/misc/tz-msc.h"
21 
22 static void tz_msc_update_irq(TZMSC *s)
23 {
24     bool level = s->irq_status;
25 
26     trace_tz_msc_update_irq(level);
27     qemu_set_irq(s->irq, level);
28 }
29 
30 static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
31 {
32     TZMSC *s = TZ_MSC(opaque);
33 
34     trace_tz_msc_cfg_nonsec(level);
35     s->cfg_nonsec = level;
36 }
37 
38 static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
39 {
40     TZMSC *s = TZ_MSC(opaque);
41 
42     trace_tz_msc_cfg_sec_resp(level);
43     s->cfg_sec_resp = level;
44 }
45 
46 static void tz_msc_irq_clear(void *opaque, int n, int level)
47 {
48     TZMSC *s = TZ_MSC(opaque);
49 
50     trace_tz_msc_irq_clear(level);
51 
52     s->irq_clear = level;
53     if (level) {
54         s->irq_status = false;
55         tz_msc_update_irq(s);
56     }
57 }
58 
59 /* The MSC may either block a transaction by aborting it, block a
60  * transaction by making it RAZ/WI, allow it through with
61  * MemTxAttrs indicating a secure transaction, or allow it with
62  * MemTxAttrs indicating a non-secure transaction.
63  */
64 typedef enum MSCAction {
65     MSCBlockAbort,
66     MSCBlockRAZWI,
67     MSCAllowSecure,
68     MSCAllowNonSecure,
69 } MSCAction;
70 
71 static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
72 {
73     /*
74      * Check whether to allow an access from the bus master, returning
75      * an MSCAction indicating the required behaviour. If the transaction
76      * is blocked, the caller must check cfg_sec_resp to determine
77      * whether to abort or RAZ/WI the transaction.
78      */
79     IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
80     IDAUInterface *ii = IDAU_INTERFACE(s->idau);
81     bool idau_exempt = false, idau_ns = true, idau_nsc = true;
82     int idau_region = IREGION_NOTVALID;
83 
84     iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
85 
86     if (idau_exempt) {
87         /*
88          * Uncheck region -- OK, transaction type depends on
89          * whether bus master is configured as Secure or NonSecure
90          */
91         return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
92     }
93 
94     if (idau_ns) {
95         /* NonSecure region -- always forward as NS transaction */
96         return MSCAllowNonSecure;
97     }
98 
99     if (!s->cfg_nonsec) {
100         /* Access to Secure region by Secure bus master: OK */
101         return MSCAllowSecure;
102     }
103 
104     /* Attempted access to Secure region by NS bus master: block */
105     trace_tz_msc_access_blocked(addr);
106     if (!s->cfg_sec_resp) {
107         return MSCBlockRAZWI;
108     }
109 
110     /*
111      * The TRM isn't clear on behaviour if irq_clear is high when a
112      * transaction is blocked. We assume that the MSC behaves like the
113      * PPC, where holding irq_clear high suppresses the interrupt.
114      */
115     if (!s->irq_clear) {
116         s->irq_status = true;
117         tz_msc_update_irq(s);
118     }
119     return MSCBlockAbort;
120 }
121 
122 static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
123                                unsigned size, MemTxAttrs attrs)
124 {
125     TZMSC *s = opaque;
126     AddressSpace *as = &s->downstream_as;
127     uint64_t data;
128     MemTxResult res;
129 
130     switch (tz_msc_check(s, addr)) {
131     case MSCBlockAbort:
132         return MEMTX_ERROR;
133     case MSCBlockRAZWI:
134         *pdata = 0;
135         return MEMTX_OK;
136     case MSCAllowSecure:
137         attrs.secure = 1;
138         attrs.unspecified = 0;
139         break;
140     case MSCAllowNonSecure:
141         attrs.secure = 0;
142         attrs.unspecified = 0;
143         break;
144     }
145 
146     switch (size) {
147     case 1:
148         data = address_space_ldub(as, addr, attrs, &res);
149         break;
150     case 2:
151         data = address_space_lduw_le(as, addr, attrs, &res);
152         break;
153     case 4:
154         data = address_space_ldl_le(as, addr, attrs, &res);
155         break;
156     case 8:
157         data = address_space_ldq_le(as, addr, attrs, &res);
158         break;
159     default:
160         g_assert_not_reached();
161     }
162     *pdata = data;
163     return res;
164 }
165 
166 static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
167                                 unsigned size, MemTxAttrs attrs)
168 {
169     TZMSC *s = opaque;
170     AddressSpace *as = &s->downstream_as;
171     MemTxResult res;
172 
173     switch (tz_msc_check(s, addr)) {
174     case MSCBlockAbort:
175         return MEMTX_ERROR;
176     case MSCBlockRAZWI:
177         return MEMTX_OK;
178     case MSCAllowSecure:
179         attrs.secure = 1;
180         attrs.unspecified = 0;
181         break;
182     case MSCAllowNonSecure:
183         attrs.secure = 0;
184         attrs.unspecified = 0;
185         break;
186     }
187 
188     switch (size) {
189     case 1:
190         address_space_stb(as, addr, val, attrs, &res);
191         break;
192     case 2:
193         address_space_stw_le(as, addr, val, attrs, &res);
194         break;
195     case 4:
196         address_space_stl_le(as, addr, val, attrs, &res);
197         break;
198     case 8:
199         address_space_stq_le(as, addr, val, attrs, &res);
200         break;
201     default:
202         g_assert_not_reached();
203     }
204     return res;
205 }
206 
207 static const MemoryRegionOps tz_msc_ops = {
208     .read_with_attrs = tz_msc_read,
209     .write_with_attrs = tz_msc_write,
210     .endianness = DEVICE_LITTLE_ENDIAN,
211 };
212 
213 static void tz_msc_reset(DeviceState *dev)
214 {
215     TZMSC *s = TZ_MSC(dev);
216 
217     trace_tz_msc_reset();
218     s->cfg_sec_resp = false;
219     s->cfg_nonsec = false;
220     s->irq_clear = 0;
221     s->irq_status = 0;
222 }
223 
224 static void tz_msc_init(Object *obj)
225 {
226     DeviceState *dev = DEVICE(obj);
227     TZMSC *s = TZ_MSC(obj);
228 
229     qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
230     qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
231     qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
232     qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
233 }
234 
235 static void tz_msc_realize(DeviceState *dev, Error **errp)
236 {
237     Object *obj = OBJECT(dev);
238     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
239     TZMSC *s = TZ_MSC(dev);
240     const char *name = "tz-msc-downstream";
241     uint64_t size;
242 
243     /*
244      * We can't create the upstream end of the port until realize,
245      * as we don't know the size of the MR used as the downstream until then.
246      * We insist on having a downstream, to avoid complicating the
247      * code with handling the "don't know how big this is" case. It's easy
248      * enough for the user to create an unimplemented_device as downstream
249      * if they have nothing else to plug into this.
250      */
251     if (!s->downstream) {
252         error_setg(errp, "MSC 'downstream' link not set");
253         return;
254     }
255     if (!s->idau) {
256         error_setg(errp, "MSC 'idau' link not set");
257         return;
258     }
259 
260     size = memory_region_size(s->downstream);
261     address_space_init(&s->downstream_as, s->downstream, name);
262     memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
263     sysbus_init_mmio(sbd, &s->upstream);
264 }
265 
266 static const VMStateDescription tz_msc_vmstate = {
267     .name = "tz-msc",
268     .version_id = 1,
269     .minimum_version_id = 1,
270     .fields = (VMStateField[]) {
271         VMSTATE_BOOL(cfg_nonsec, TZMSC),
272         VMSTATE_BOOL(cfg_sec_resp, TZMSC),
273         VMSTATE_BOOL(irq_clear, TZMSC),
274         VMSTATE_BOOL(irq_status, TZMSC),
275         VMSTATE_END_OF_LIST()
276     }
277 };
278 
279 static Property tz_msc_properties[] = {
280     DEFINE_PROP_LINK("downstream", TZMSC, downstream,
281                      TYPE_MEMORY_REGION, MemoryRegion *),
282     DEFINE_PROP_LINK("idau", TZMSC, idau,
283                      TYPE_IDAU_INTERFACE, IDAUInterface *),
284     DEFINE_PROP_END_OF_LIST(),
285 };
286 
287 static void tz_msc_class_init(ObjectClass *klass, void *data)
288 {
289     DeviceClass *dc = DEVICE_CLASS(klass);
290 
291     dc->realize = tz_msc_realize;
292     dc->vmsd = &tz_msc_vmstate;
293     dc->reset = tz_msc_reset;
294     dc->props = tz_msc_properties;
295 }
296 
297 static const TypeInfo tz_msc_info = {
298     .name = TYPE_TZ_MSC,
299     .parent = TYPE_SYS_BUS_DEVICE,
300     .instance_size = sizeof(TZMSC),
301     .instance_init = tz_msc_init,
302     .class_init = tz_msc_class_init,
303 };
304 
305 static void tz_msc_register_types(void)
306 {
307     type_register_static(&tz_msc_info);
308 }
309 
310 type_init(tz_msc_register_types);
311