[freertos] / FreeRTOS / Demo / CORTEX_MPU_M33F_NXP_LPC55S69_MCUXpresso / Projects / MCUXpresso / Secure / tzm_config.c

/*\r
 * Copyright 2018 NXP\r
 *\r
 * SPDX-License-Identifier: BSD-3-Clause\r
 */\r
\r
#include "fsl_common.h"\r
#include "tzm_config.h"\r
\r
/*******************************************************************************\r
 * Definitions\r
 ******************************************************************************/\r
#define CODE_FLASH_START_NS         0x00010000  \r
#define CODE_FLASH_SIZE_NS          0x00072000\r
#define CODE_FLASH_START_NSC        0x1000FE00\r
#define CODE_FLASH_SIZE_NSC         0x200\r
#define DATA_RAM_START_NS           0x20008000\r
#define DATA_RAM_SIZE_NS            0x0002B000\r
#define PERIPH_START_NS             0x40000000\r
#define PERIPH_SIZE_NS              0x00100000\r
\r
/*******************************************************************************\r
 * Variables\r
 ******************************************************************************/\r
#if defined(__MCUXPRESSO)\r
extern unsigned char _start_sg[];\r
#endif\r
\r
/*!\r
 * @brief TrustZone initialization\r
 *\r
 * SAU Configuration\r
 * This function configures 3 regions:\r
 * 0x00010000 - 0x00081FFF - non-secure for code execution\r
 * 0x1000FE00 - 0x1000FFFF - secure, non-secure callable for veneer table\r
 * 0x20000000 - 0x20032FFF - non-secure for data\r
 *\r
 * AHB secure controller settings\r
 * After RESET all memories and peripherals are set to user:non-secure access\r
 * This function configures following memories and peripherals as secure:\r
 * 0x00000000 - 0x0000FFFF - for secure code execution (this is physical FLASH address)\r
 * 0x00008000 - 0x20032FFF - for secure data (this is physical RAM address)\r
 *\r
 * Secure peripherals: SYSCON, IOCON, FLEXCOMM0\r
 * NOTE: This example configures necessary peripherals for this example. \r
 *       User should configure all peripherals, which shouldn't be accessible\r
 *       from normal world.\r
*/\r
void BOARD_InitTrustZone()\r
{\r
    /* Disable SAU */\r
    SAU->CTRL = 0U;\r
    \r
    /* Configure SAU region 0 - Non-secure RAM for CODE execution*/\r
    /* Set SAU region number */\r
    SAU->RNR = 0;\r
    /* Region base address */   \r
    SAU->RBAR = (CODE_FLASH_START_NS & SAU_RBAR_BADDR_Msk);\r
    /* Region end address */\r
    SAU->RLAR = ((CODE_FLASH_START_NS + CODE_FLASH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) | \r
                 /* Region memory attribute index */\r
                 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
                 /* Enable region */\r
                 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
    \r
    /* Configure SAU region 1 - Non-secure RAM for DATA */\r
    /* Set SAU region number */\r
    SAU->RNR = 1;\r
    /* Region base address */   \r
    SAU->RBAR = (DATA_RAM_START_NS & SAU_RBAR_BADDR_Msk);\r
    /* Region end address */\r
    SAU->RLAR = ((DATA_RAM_START_NS + DATA_RAM_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) | \r
                 /* Region memory attribute index */\r
                 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
                 /* Enable region */\r
                 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
    \r
    /* Configure SAU region 2 - Non-secure callable FLASH for CODE veneer table*/\r
    /* Set SAU region number */\r
    SAU->RNR = 2;\r
    /* Region base address */   \r
#if defined(__MCUXPRESSO)\r
    SAU->RBAR = ((uint32_t)&_start_sg & SAU_RBAR_BADDR_Msk);\r
#else\r
    SAU->RBAR = (CODE_FLASH_START_NSC & SAU_RBAR_BADDR_Msk);\r
#endif\r
    /* Region end address */\r
#if defined(__MCUXPRESSO)\r
    SAU->RLAR = (((uint32_t)&_start_sg + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) |\r
                 /* Region memory attribute index */\r
                 ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
                 /* Enable region */\r
                 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);\r
#else\r
    SAU->RLAR = ((CODE_FLASH_START_NSC + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) | \r
                 /* Region memory attribute index */\r
                 ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
                 /* Enable region */\r
                 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
#endif\r
\r
    /* Configure SAU region 3 - Non-secure peripherals address space */\r
    /* Set SAU region number */\r
    SAU->RNR = 3;\r
    /* Region base address */\r
    SAU->RBAR = (PERIPH_START_NS & SAU_RBAR_BADDR_Msk);\r
    /* Region end address */\r
    SAU->RLAR = ((PERIPH_START_NS + PERIPH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) |\r
                 /* Region memory attribute index */\r
                 ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
                 /* Enable region */\r
                 ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);\r
\r
    /* Force memory writes before continuing */\r
    __DSB();\r
    /* Flush and refill pipeline with updated permissions */\r
    __ISB();     \r
    /* Enable SAU */\r
    SAU->CTRL = 1U;  \r
\r
    /*Configuration of AHB Secure Controller \r
     * Possible values for every memory sector or peripheral rule: \r
     *  0b00    Non-secure and Non-priviledge user access allowed.\r
     *  0b01    Non-secure and Privilege access allowed.\r
     *  0b10    Secure and Non-priviledge user access allowed.\r
     *  0b11    Secure and Priviledge user access allowed. */\r
\r
    /* FLASH memory configuration from 0x00000000 to 0x0000FFFF, sector size is 32kB */\r
    AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[0] = 0x00000033U;\r
    AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[1] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[2] = 0x00000000U;\r
    /* RAM memory configuration from 0x20000000 to 0x20007FFF, sector size is 4kB */\r
    /* Memory settings for user non-secure access (0x0U) is mentioned for completness only. It is default RESET value. */    \r
    AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[0] = 0x33333333U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[1] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[0] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[1] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[0] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[1] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[0] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[1] = 0x00000000U;\r
    AHB_SECURE_CTRL->SEC_CTRL_RAM4[0].MEM_RULE[0] = 0x00000000U;\r
    \r
    /* Set SYSCON and IOCON as secure */\r
    AHB_SECURE_CTRL->SEC_CTRL_APB_BRIDGE[0].SEC_CTRL_APB_BRIDGE0_MEM_CTRL0 = AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_SYSCON_RULE(0x3U) |\r
                                                                             AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_IOCON_RULE(0x3U);\r
\r
    /* Set FLEXCOMM0 as secure */\r
    AHB_SECURE_CTRL->SEC_CTRL_AHB0_0_SLAVE_RULE = AHB_SECURE_CTRL_SEC_CTRL_AHB0_0_SLAVE_RULE_FLEXCOMM0_RULE(0x3U);\r
\r
    /* Enable AHB secure controller check and lock all rule registers */\r
    AHB_SECURE_CTRL->MISC_CTRL_DP_REG = (AHB_SECURE_CTRL->MISC_CTRL_DP_REG & ~(AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK_MASK | \r
                                                                               AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING_MASK)) |\r
                                        AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK(0x1U) |\r
                                        AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING(0x1U);\r
}\r