projects / mirror_qemu.git / blame
| Commit | Line | Data |
|---|---|---|
| 211e701d PM |
1 | /* |
| 2 | * ARM TrustZone master security controller emulation | |
| 3 | * | |
| 4 | * Copyright (c) 2018 Linaro Limited | |
| 5 | * Written by Peter Maydell | |
| 6 | * | |
| 7 | * This program is free software; you can redistribute it and/or modify | |
| 8 | * it under the terms of the GNU General Public License version 2 or | |
| 9 | * (at your option) any later version. | |
| 10 | */ | |
| 11 | ||
| 12 | /* | |
| 13 | * This is a model of the TrustZone master security controller (MSC). | |
| 14 | * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM | |
| 15 | * (DDI 0571G): | |
| 16 | * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g | |
| 17 | * | |
| 18 | * The MSC sits in front of a device which can be a bus master (such as | |
| 19 | * a DMA controller) and allows secure software to configure it to either | |
| 20 | * pass through or reject transactions made by that bus master. | |
| 21 | * Rejected transactions may be configured to either be aborted, or to | |
| 22 | * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction. | |
| 23 | * | |
| 24 | * The MSC has no register interface -- it is configured purely by a | |
| 25 | * collection of input signals from other hardware in the system. Typically | |
| 26 | * they are either hardwired or exposed in an ad-hoc register interface by | |
| 27 | * the SoC that uses the MSC. | |
| 28 | * | |
| 29 | * We don't currently implement the irq_enable GPIO input, because on | |
| 30 | * the MPS2 FPGA images it is always tied high, which is awkward to | |
| 31 | * implement in QEMU. | |
| 32 | * | |
| 33 | * QEMU interface: | |
| 34 | * + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be | |
| 35 | * treated as nonsecure, or 0 for secure | |
| 36 | * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should | |
| 37 | * result in a transaction error, or 0 for the transaction to RAZ/WI | |
| 38 | * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt | |
| 39 | * + Named GPIO output "irq": set for a transaction-failed interrupt | |
| 40 | * + Property "downstream": MemoryRegion defining where bus master transactions | |
| 41 | * are made if they are not blocked | |
| 42 | * + Property "idau": an object implementing IDAUInterface, which defines which | |
| 43 | * addresses should be treated as secure and which as non-secure. | |
| 44 | * This need not be the same IDAU as the one used by the CPU. | |
| 45 | * + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC; | |
| 46 | * this should be passed to the bus master device as the region it should | |
| 47 | * make memory transactions to | |
| 48 | */ | |
| 49 | ||
| 50 | #ifndef TZ_MSC_H | |
| 51 | #define TZ_MSC_H | |
| 52 | ||
| 53 | #include "hw/sysbus.h" | |
| 54 | #include "target/arm/idau.h" | |
| db1015e9 | 55 | #include "qom/object.h" |
| 211e701d PM |
56 | |
| 57 | #define TYPE_TZ_MSC "tz-msc" | |
| db1015e9 | 58 | typedef struct TZMSC TZMSC; |
| 8110fa1d EH |
59 | DECLARE_INSTANCE_CHECKER(TZMSC, TZ_MSC, |
| 60 | TYPE_TZ_MSC) | |
| 211e701d | 61 | |
| db1015e9 | 62 | struct TZMSC { |
| 211e701d PM |
63 | /*< private >*/ |
| 64 | SysBusDevice parent_obj; | |
| 65 | ||
| 66 | /*< public >*/ | |
| 67 | ||
| 68 | /* State: these just track the values of our input signals */ | |
| 69 | bool cfg_nonsec; | |
| 70 | bool cfg_sec_resp; | |
| 71 | bool irq_clear; | |
| 72 | /* State: are we asserting irq ? */ | |
| 73 | bool irq_status; | |
| 74 | ||
| 75 | qemu_irq irq; | |
| 76 | MemoryRegion *downstream; | |
| 77 | AddressSpace downstream_as; | |
| 78 | MemoryRegion upstream; | |
| 79 | IDAUInterface *idau; | |
| db1015e9 | 80 | }; |
| 211e701d PM |
81 | |
| 82 | #endif |