--- /dev/null
+/*\r
+ * Copyright 2018 NXP\r
+ *\r
+ * SPDX-License-Identifier: BSD-3-Clause\r
+ */\r
+\r
+#include "fsl_common.h"\r
+#include "tzm_config.h"\r
+\r
+/*******************************************************************************\r
+ * Definitions\r
+ ******************************************************************************/\r
+#define CODE_FLASH_START_NS 0x00010000 \r
+#define CODE_FLASH_SIZE_NS 0x00072000\r
+#define CODE_FLASH_START_NSC 0x1000FE00\r
+#define CODE_FLASH_SIZE_NSC 0x200\r
+#define DATA_RAM_START_NS 0x20008000\r
+#define DATA_RAM_SIZE_NS 0x0002B000\r
+#define PERIPH_START_NS 0x40000000\r
+#define PERIPH_SIZE_NS 0x00100000\r
+\r
+/*******************************************************************************\r
+ * Variables\r
+ ******************************************************************************/\r
+#if defined(__MCUXPRESSO)\r
+extern unsigned char _start_sg[];\r
+#endif\r
+\r
+/*!\r
+ * @brief TrustZone initialization\r
+ *\r
+ * SAU Configuration\r
+ * This function configures 3 regions:\r
+ * 0x00010000 - 0x00081FFF - non-secure for code execution\r
+ * 0x1000FE00 - 0x1000FFFF - secure, non-secure callable for veneer table\r
+ * 0x20000000 - 0x20032FFF - non-secure for data\r
+ *\r
+ * AHB secure controller settings\r
+ * After RESET all memories and peripherals are set to user:non-secure access\r
+ * This function configures following memories and peripherals as secure:\r
+ * 0x00000000 - 0x0000FFFF - for secure code execution (this is physical FLASH address)\r
+ * 0x00008000 - 0x20032FFF - for secure data (this is physical RAM address)\r
+ *\r
+ * Secure peripherals: SYSCON, IOCON, FLEXCOMM0\r
+ * NOTE: This example configures necessary peripherals for this example. \r
+ * User should configure all peripherals, which shouldn't be accessible\r
+ * from normal world.\r
+*/\r
+void BOARD_InitTrustZone()\r
+{\r
+ /* Disable SAU */\r
+ SAU->CTRL = 0U;\r
+ \r
+ /* Configure SAU region 0 - Non-secure RAM for CODE execution*/\r
+ /* Set SAU region number */\r
+ SAU->RNR = 0;\r
+ /* Region base address */ \r
+ SAU->RBAR = (CODE_FLASH_START_NS & SAU_RBAR_BADDR_Msk);\r
+ /* Region end address */\r
+ SAU->RLAR = ((CODE_FLASH_START_NS + CODE_FLASH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) | \r
+ /* Region memory attribute index */\r
+ ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
+ /* Enable region */\r
+ ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
+ \r
+ /* Configure SAU region 1 - Non-secure RAM for DATA */\r
+ /* Set SAU region number */\r
+ SAU->RNR = 1;\r
+ /* Region base address */ \r
+ SAU->RBAR = (DATA_RAM_START_NS & SAU_RBAR_BADDR_Msk);\r
+ /* Region end address */\r
+ SAU->RLAR = ((DATA_RAM_START_NS + DATA_RAM_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) | \r
+ /* Region memory attribute index */\r
+ ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
+ /* Enable region */\r
+ ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
+ \r
+ /* Configure SAU region 2 - Non-secure callable FLASH for CODE veneer table*/\r
+ /* Set SAU region number */\r
+ SAU->RNR = 2;\r
+ /* Region base address */ \r
+#if defined(__MCUXPRESSO)\r
+ SAU->RBAR = ((uint32_t)&_start_sg & SAU_RBAR_BADDR_Msk);\r
+#else\r
+ SAU->RBAR = (CODE_FLASH_START_NSC & SAU_RBAR_BADDR_Msk);\r
+#endif\r
+ /* Region end address */\r
+#if defined(__MCUXPRESSO)\r
+ SAU->RLAR = (((uint32_t)&_start_sg + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) |\r
+ /* Region memory attribute index */\r
+ ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
+ /* Enable region */\r
+ ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);\r
+#else\r
+ SAU->RLAR = ((CODE_FLASH_START_NSC + CODE_FLASH_SIZE_NSC-1) & SAU_RLAR_LADDR_Msk) | \r
+ /* Region memory attribute index */\r
+ ((1U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
+ /* Enable region */\r
+ ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk); \r
+#endif\r
+\r
+ /* Configure SAU region 3 - Non-secure peripherals address space */\r
+ /* Set SAU region number */\r
+ SAU->RNR = 3;\r
+ /* Region base address */\r
+ SAU->RBAR = (PERIPH_START_NS & SAU_RBAR_BADDR_Msk);\r
+ /* Region end address */\r
+ SAU->RLAR = ((PERIPH_START_NS + PERIPH_SIZE_NS-1) & SAU_RLAR_LADDR_Msk) |\r
+ /* Region memory attribute index */\r
+ ((0U << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) |\r
+ /* Enable region */\r
+ ((1U << SAU_RLAR_ENABLE_Pos) & SAU_RLAR_ENABLE_Msk);\r
+\r
+ /* Force memory writes before continuing */\r
+ __DSB();\r
+ /* Flush and refill pipeline with updated permissions */\r
+ __ISB(); \r
+ /* Enable SAU */\r
+ SAU->CTRL = 1U; \r
+\r
+ /*Configuration of AHB Secure Controller \r
+ * Possible values for every memory sector or peripheral rule: \r
+ * 0b00 Non-secure and Non-priviledge user access allowed.\r
+ * 0b01 Non-secure and Privilege access allowed.\r
+ * 0b10 Secure and Non-priviledge user access allowed.\r
+ * 0b11 Secure and Priviledge user access allowed. */\r
+\r
+ /* FLASH memory configuration from 0x00000000 to 0x0000FFFF, sector size is 32kB */\r
+ AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[0] = 0x00000033U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[1] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_FLASH_ROM[0].SEC_CTRL_FLASH_MEM_RULE[2] = 0x00000000U;\r
+ /* RAM memory configuration from 0x20000000 to 0x20007FFF, sector size is 4kB */\r
+ /* Memory settings for user non-secure access (0x0U) is mentioned for completness only. It is default RESET value. */ \r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[0] = 0x33333333U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM0[0].MEM_RULE[1] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[0] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM1[0].MEM_RULE[1] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[0] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM2[0].MEM_RULE[1] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[0] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM3[0].MEM_RULE[1] = 0x00000000U;\r
+ AHB_SECURE_CTRL->SEC_CTRL_RAM4[0].MEM_RULE[0] = 0x00000000U;\r
+ \r
+ /* Set SYSCON and IOCON as secure */\r
+ AHB_SECURE_CTRL->SEC_CTRL_APB_BRIDGE[0].SEC_CTRL_APB_BRIDGE0_MEM_CTRL0 = AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_SYSCON_RULE(0x3U) |\r
+ AHB_SECURE_CTRL_SEC_CTRL_APB_BRIDGE_SEC_CTRL_APB_BRIDGE0_MEM_CTRL0_IOCON_RULE(0x3U);\r
+\r
+ /* Set FLEXCOMM0 as secure */\r
+ AHB_SECURE_CTRL->SEC_CTRL_AHB0_0_SLAVE_RULE = AHB_SECURE_CTRL_SEC_CTRL_AHB0_0_SLAVE_RULE_FLEXCOMM0_RULE(0x3U);\r
+\r
+ /* Enable AHB secure controller check and lock all rule registers */\r
+ AHB_SECURE_CTRL->MISC_CTRL_DP_REG = (AHB_SECURE_CTRL->MISC_CTRL_DP_REG & ~(AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK_MASK | \r
+ AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING_MASK)) |\r
+ AHB_SECURE_CTRL_MISC_CTRL_DP_REG_WRITE_LOCK(0x1U) |\r
+ AHB_SECURE_CTRL_MISC_CTRL_DP_REG_ENABLE_SECURE_CHECKING(0x1U);\r
+}\r
projects / freertos / blobdiff