4 * SPDX-License-Identifier: BSD-3-Clause
\r
7 #include "fsl_common.h"
\r
8 #include "tzm_config.h"
\r
10 /*******************************************************************************
\r
12 ******************************************************************************/
\r
13 #define CODE_FLASH_START_NS 0x00010000
\r
14 #define CODE_FLASH_SIZE_NS 0x00072000
\r
15 #define CODE_FLASH_START_NSC 0x1000FE00
\r
16 #define CODE_FLASH_SIZE_NSC 0x200
\r
17 #define DATA_RAM_START_NS 0x20008000
\r
18 #define DATA_RAM_SIZE_NS 0x0002B000
\r
19 #define PERIPH_START_NS 0x40000000
\r
20 #define PERIPH_SIZE_NS 0x00100000
\r
22 /*******************************************************************************
\r
24 ******************************************************************************/
\r
25 #if defined(__MCUXPRESSO)
\r
26 extern unsigned char _start_sg[];
\r
30 * @brief TrustZone initialization
\r
33 * This function configures 3 regions:
\r
34 * 0x00010000 - 0x00081FFF - non-secure for code execution
\r
35 * 0x1000FE00 - 0x1000FFFF - secure, non-secure callable for veneer table
\r
36 * 0x20000000 - 0x20032FFF - non-secure for data
\r
38 * AHB secure controller settings
\r
39 * After RESET all memories and peripherals are set to user:non-secure access
\r
40 * This function configures following memories and peripherals as secure:
\r
41 * 0x00000000 - 0x0000FFFF - for secure code execution (this is physical FLASH address)
\r
42 * 0x00008000 - 0x20032FFF - for secure data (this is physical RAM address)
\r
44 * Secure peripherals: SYSCON, IOCON, FLEXCOMM0
\r
45 * NOTE: This example configures necessary peripherals for this example.
\r
46 * User should configure all peripherals, which shouldn't be accessible
\r
47 * from normal world.
\r
49 void BOARD_InitTrustZone()
\r
54 /* Configure SAU region 0 - Non-secure RAM for CODE execution*/
\r
55 /* Set SAU region number */
\r
57 /* Region base address */
\r
58 SAU->RBAR = (CODE_FLASH_START_NS & SAU_RBAR_BADDR_Msk);
\r
59 /* Region end address */
\r
60 SAU->RLAR = ((CODE_FLASH_START_NS + CODE_FLASH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) |
\r
61 /* Region memory attribute index */
\r
62 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |
\r
64 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);
\r
66 /* Configure SAU region 1 - Non-secure RAM for DATA */
\r
67 /* Set SAU region number */
\r
69 /* Region base address */
\r
70 SAU->RBAR = (DATA_RAM_START_NS & SAU_RBAR_BADDR_Msk);
\r
71 /* Region end address */
\r
72 SAU->RLAR = ((DATA_RAM_START_NS + DATA_RAM_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) |
\r
73 /* Region memory attribute index */
\r
74 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |
\r
76 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);
\r
78 /* Configure SAU region 2 - Non-secure callable FLASH for CODE veneer table*/
\r
79 /* Set SAU region number */
\r
81 /* Region base address */
\r
82 #if defined(__MCUXPRESSO)
\r
83 SAU->RBAR = ((uint32_t)&_start_sg & SAU_RBAR_BADDR_Msk);
\r
85 SAU->RBAR = (CODE_FLASH_START_NSC & SAU_RBAR_BADDR_Msk);
\r
87 /* Region end address */
\r
88 #if defined(__MCUXPRESSO)
\r
89 SAU->RLAR = (((uint32_t)&_start_sg + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) |
\r
90 /* Region memory attribute index */
\r
91 ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |
\r
93 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);
\r
95 SAU->RLAR = ((CODE_FLASH_START_NSC + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) |
\r
96 /* Region memory attribute index */
\r
97 ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |
\r
99 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);
\r
102 /* Configure SAU region 3 - Non-secure peripherals address space */
\r
103 /* Set SAU region number */
\r
105 /* Region base address */
\r
106 SAU->RBAR = (PERIPH_START_NS & SAU_RBAR_BADDR_Msk);
\r
107 /* Region end address */
\r
108 SAU->RLAR = ((PERIPH_START_NS + PERIPH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) |
\r
109 /* Region memory attribute index */
\r
110 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |
\r
111 /* Enable region */
\r
112 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);
\r
114 /* Force memory writes before continuing */
\r
116 /* Flush and refill pipeline with updated permissions */
\r
121 /*Configuration of AHB Secure Controller
\r
122 * Possible values for every memory sector or peripheral rule:
\r
123 * 0b00 Non-secure and Non-priviledge user access allowed.
\r
124 * 0b01 Non-secure and Privilege access allowed.
\r
125 * 0b10 Secure and Non-priviledge user access allowed.
\r
126 * 0b11 Secure and Priviledge user access allowed. */
\r
128 /* FLASH memory configuration from 0x00000000 to 0x0000FFFF, sector size is 32kB */
\r
129 AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[0] = 0x00000033U;
\r
130 AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[1] = 0x00000000U;
\r
131 AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[2] = 0x00000000U;
\r
132 /* RAM memory configuration from 0x20000000 to 0x20007FFF, sector size is 4kB */
\r
133 /* Memory settings for user non-secure access (0x0U) is mentioned for completness only. It is default RESET value. */
\r
134 AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[0] = 0x33333333U;
\r
135 AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[1] = 0x00000000U;
\r
136 AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[0] = 0x00000000U;
\r
137 AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[1] = 0x00000000U;
\r
138 AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[0] = 0x00000000U;
\r
139 AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[1] = 0x00000000U;
\r
140 AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[0] = 0x00000000U;
\r
141 AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[1] = 0x00000000U;
\r
142 AHB_SECURE_CTRL->SEC_CTRL_RAM4[0].MEM_RULE[0] = 0x00000000U;
\r
144 /* Set SYSCON and IOCON as secure */
\r
145 AHB_SECURE_CTRL->SEC_CTRL_APB_BRIDGE[0].SEC_CTRL_APB_BRIDGE0_MEM_CTRL0 = AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_SYSCON_RULE(0x3U) |
\r
146 AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_IOCON_RULE(0x3U);
\r
148 /* Set FLEXCOMM0 as secure */
\r
149 AHB_SECURE_CTRL->SEC_CTRL_AHB0_0_SLAVE_RULE = AHB_SECURE_CTRL_SEC_CTRL_AHB0_0_SLAVE_RULE_FLEXCOMM0_RULE(0x3U);
\r
151 /* Enable AHB secure controller check and lock all rule registers */
\r
152 AHB_SECURE_CTRL->MISC_CTRL_DP_REG = (AHB_SECURE_CTRL->MISC_CTRL_DP_REG & ~(AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK_MASK |
\r
153 AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING_MASK)) |
\r
154 AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK(0x1U) |
\r
155 AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING(0x1U);
\r