include/hw/misc/tz-msc.h

   1 /*
   2  * ARM TrustZone master security controller emulation
   3  *
   4  * Copyright (c) 2018 Linaro Limited
   5  * Written by Peter Maydell
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License version 2 or
   9  * (at your option) any later version.
  10  */
  11
  12 /*
  13  * This is a model of the TrustZone master security controller (MSC).
  14  * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM
  15  * (DDI 0571G):
  16  * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g
  17  *
  18  * The MSC sits in front of a device which can be a bus master (such as
  19  * a DMA controller) and allows secure software to configure it to either
  20  * pass through or reject transactions made by that bus master.
  21  * Rejected transactions may be configured to either be aborted, or to
  22  * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction.
  23  *
  24  * The MSC has no register interface -- it is configured purely by a
  25  * collection of input signals from other hardware in the system. Typically
  26  * they are either hardwired or exposed in an ad-hoc register interface by
  27  * the SoC that uses the MSC.
  28  *
  29  * We don't currently implement the irq_enable GPIO input, because on
  30  * the MPS2 FPGA images it is always tied high, which is awkward to
  31  * implement in QEMU.
  32  *
  33  * QEMU interface:
  34  * + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be
  35  *   treated as nonsecure, or 0 for secure
  36  * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should
  37  *   result in a transaction error, or 0 for the transaction to RAZ/WI
  38  * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt
  39  * + Named GPIO output "irq": set for a transaction-failed interrupt
  40  * + Property "downstream": MemoryRegion defining where bus master transactions
  41  *   are made if they are not blocked
  42  * + Property "idau": an object implementing IDAUInterface, which defines which
  43  *   addresses should be treated as secure and which as non-secure.
  44  *   This need not be the same IDAU as the one used by the CPU.
  45  * + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC;
  46  *   this should be passed to the bus master device as the region it should
  47  *   make memory transactions to
  48  */
  49
  50 #ifndef TZ_MSC_H
  51 #define TZ_MSC_H
  52
  53 #include "hw/sysbus.h"
  54 #include "target/arm/idau.h"
  55
  56 #define TYPE_TZ_MSC "tz-msc"
  57 #define TZ_MSC(obj) OBJECT_CHECK(TZMSC, (obj), TYPE_TZ_MSC)
  58
  59 typedef struct TZMSC {
  60     /*< private >*/
  61     SysBusDevice parent_obj;
  62
  63     /*< public >*/
  64
  65     /* State: these just track the values of our input signals */
  66     bool cfg_nonsec;
  67     bool cfg_sec_resp;
  68     bool irq_clear;
  69     /* State: are we asserting irq ? */
  70     bool irq_status;
  71
  72     qemu_irq irq;
  73     MemoryRegion *downstream;
  74     AddressSpace downstream_as;
  75     MemoryRegion upstream;
  76     IDAUInterface *idau;
  77 } TZMSC;
  78
  79 #endif