1 /* 2 * ARM TrustZone master security controller emulation 3 * 4 * Copyright (c) 2018 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12 /* 13 * This is a model of the TrustZone master security controller (MSC). 14 * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM 15 * (DDI 0571G): 16 * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g 17 * 18 * The MSC sits in front of a device which can be a bus master (such as 19 * a DMA controller) and allows secure software to configure it to either 20 * pass through or reject transactions made by that bus master. 21 * Rejected transactions may be configured to either be aborted, or to 22 * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction. 23 * 24 * The MSC has no register interface -- it is configured purely by a 25 * collection of input signals from other hardware in the system. Typically 26 * they are either hardwired or exposed in an ad-hoc register interface by 27 * the SoC that uses the MSC. 28 * 29 * We don't currently implement the irq_enable GPIO input, because on 30 * the MPS2 FPGA images it is always tied high, which is awkward to 31 * implement in QEMU. 32 * 33 * QEMU interface: 34 * + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be 35 * treated as nonsecure, or 0 for secure 36 * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should 37 * result in a transaction error, or 0 for the transaction to RAZ/WI 38 * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt 39 * + Named GPIO output "irq": set for a transaction-failed interrupt 40 * + Property "downstream": MemoryRegion defining where bus master transactions 41 * are made if they are not blocked 42 * + Property "idau": an object implementing IDAUInterface, which defines which 43 * addresses should be treated as secure and which as non-secure. 44 * This need not be the same IDAU as the one used by the CPU. 45 * + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC; 46 * this should be passed to the bus master device as the region it should 47 * make memory transactions to 48 */ 49 50 #ifndef TZ_MSC_H 51 #define TZ_MSC_H 52 53 #include "hw/sysbus.h" 54 #include "target/arm/idau.h" 55 #include "qom/object.h" 56 57 #define TYPE_TZ_MSC "tz-msc" 58 typedef struct TZMSC TZMSC; 59 DECLARE_INSTANCE_CHECKER(TZMSC, TZ_MSC, 60 TYPE_TZ_MSC) 61 62 struct TZMSC { 63 /*< private >*/ 64 SysBusDevice parent_obj; 65 66 /*< public >*/ 67 68 /* State: these just track the values of our input signals */ 69 bool cfg_nonsec; 70 bool cfg_sec_resp; 71 bool irq_clear; 72 /* State: are we asserting irq ? */ 73 bool irq_status; 74 75 qemu_irq irq; 76 MemoryRegion *downstream; 77 AddressSpace downstream_as; 78 MemoryRegion upstream; 79 IDAUInterface *idau; 80 }; 81 82 #endif 83