blob: 3f719833a9f59ce3749f9e4f6bcec02662982df3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
/*
* ARM TrustZone master security controller emulation
*
* Copyright (c) 2018 Linaro Limited
* Written by Peter Maydell
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 or
* (at your option) any later version.
*/
/*
* This is a model of the TrustZone master security controller (MSC).
* It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM
* (DDI 0571G):
* https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g
*
* The MSC sits in front of a device which can be a bus master (such as
* a DMA controller) and allows secure software to configure it to either
* pass through or reject transactions made by that bus master.
* Rejected transactions may be configured to either be aborted, or to
* behave as RAZ/WI. An interrupt can be signalled for a rejected transaction.
*
* The MSC has no register interface -- it is configured purely by a
* collection of input signals from other hardware in the system. Typically
* they are either hardwired or exposed in an ad-hoc register interface by
* the SoC that uses the MSC.
*
* We don't currently implement the irq_enable GPIO input, because on
* the MPS2 FPGA images it is always tied high, which is awkward to
* implement in QEMU.
*
* QEMU interface:
* + Named GPIO input "cfg_nonsec": set to 1 if the bus master should be
* treated as nonsecure, or 0 for secure
* + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should
* result in a transaction error, or 0 for the transaction to RAZ/WI
* + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt
* + Named GPIO output "irq": set for a transaction-failed interrupt
* + Property "downstream": MemoryRegion defining where bus master transactions
* are made if they are not blocked
* + Property "idau": an object implementing IDAUInterface, which defines which
* addresses should be treated as secure and which as non-secure.
* This need not be the same IDAU as the one used by the CPU.
* + sysbus MMIO region 0: MemoryRegion defining the upstream end of the MSC;
* this should be passed to the bus master device as the region it should
* make memory transactions to
*/
#ifndef TZ_MSC_H
#define TZ_MSC_H
#include "hw/sysbus.h"
#include "target/arm/idau.h"
#include "qom/object.h"
#define TYPE_TZ_MSC "tz-msc"
typedef struct TZMSC TZMSC;
#define TZ_MSC(obj) OBJECT_CHECK(TZMSC, (obj), TYPE_TZ_MSC)
struct TZMSC {
/*< private >*/
SysBusDevice parent_obj;
/*< public >*/
/* State: these just track the values of our input signals */
bool cfg_nonsec;
bool cfg_sec_resp;
bool irq_clear;
/* State: are we asserting irq ? */
bool irq_status;
qemu_irq irq;
MemoryRegion *downstream;
AddressSpace downstream_as;
MemoryRegion upstream;
IDAUInterface *idau;
};
#endif
|