]>
Commit | Line | Data |
---|---|---|
211e701d PM |
1 | /* |
2 | * ARM TrustZone master security controller emulation | |
3 | * | |
4 | * Copyright (c) 2018 Linaro Limited | |
5 | * Written by Peter Maydell | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License version 2 or | |
9 | * (at your option) any later version. | |
10 | */ | |
11 | ||
12 | /* | |
13 | * This is a model of the TrustZone master security controller (MSC). | |
14 | * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM | |
15 | * (DDI 0571G): | |
16 | * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g | |
17 | * | |
18 | * The MSC sits in front of a device which can be a bus master (such as | |
19 | * a DMA controller) and allows secure software to configure it to either | |
20 | * pass through or reject transactions made by that bus master. | |
21 | * Rejected transactions may be configured to either be aborted, or to | |
22 | * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction. | |
23 | * | |
24 | * The MSC has no register interface -- it is configured purely by a | |
25 | * collection of input signals from other hardware in the system. Typically | |
26 | * they are either hardwired or exposed in an ad-hoc register interface by | |
27 | * the SoC that uses the MSC. | |
28 | * | |
29 | * We don't currently implement the irq_enable GPIO input, because on | |
30 | * the MPS2 FPGA images it is always tied high, which is awkward to | |
31 | * implement in QEMU. | |
32 | * | |
33 | * QEMU interface: | |
34 | * + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be | |
35 | * treated as nonsecure, or 0 for secure | |
36 | * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should | |
37 | * result in a transaction error, or 0 for the transaction to RAZ/WI | |
38 | * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt | |
39 | * + Named GPIO output "irq": set for a transaction-failed interrupt | |
40 | * + Property "downstream": MemoryRegion defining where bus master transactions | |
41 | * are made if they are not blocked | |
42 | * + Property "idau": an object implementing IDAUInterface, which defines which | |
43 | * addresses should be treated as secure and which as non-secure. | |
44 | * This need not be the same IDAU as the one used by the CPU. | |
45 | * + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC; | |
46 | * this should be passed to the bus master device as the region it should | |
47 | * make memory transactions to | |
48 | */ | |
49 | ||
50 | #ifndef TZ_MSC_H | |
51 | #define TZ_MSC_H | |
52 | ||
53 | #include "hw/sysbus.h" | |
54 | #include "target/arm/idau.h" | |
db1015e9 | 55 | #include "qom/object.h" |
211e701d PM |
56 | |
57 | #define TYPE_TZ_MSC "tz-msc" | |
db1015e9 | 58 | typedef struct TZMSC TZMSC; |
8110fa1d EH |
59 | DECLARE_INSTANCE_CHECKER(TZMSC, TZ_MSC, |
60 | TYPE_TZ_MSC) | |
211e701d | 61 | |
db1015e9 | 62 | struct TZMSC { |
211e701d PM |
63 | /*< private >*/ |
64 | SysBusDevice parent_obj; | |
65 | ||
66 | /*< public >*/ | |
67 | ||
68 | /* State: these just track the values of our input signals */ | |
69 | bool cfg_nonsec; | |
70 | bool cfg_sec_resp; | |
71 | bool irq_clear; | |
72 | /* State: are we asserting irq ? */ | |
73 | bool irq_status; | |
74 | ||
75 | qemu_irq irq; | |
76 | MemoryRegion *downstream; | |
77 | AddressSpace downstream_as; | |
78 | MemoryRegion upstream; | |
79 | IDAUInterface *idau; | |
db1015e9 | 80 | }; |
211e701d PM |
81 | |
82 | #endif |