1 /* 2 * Copyright (c) 2020-2022, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __TFM_HAL_ISOLATION_H__ 9 #define __TFM_HAL_ISOLATION_H__ 10 11 #include <stddef.h> 12 #include <stdint.h> 13 #include <stdbool.h> 14 #include "fih.h" 15 #include "tfm_hal_defs.h" 16 #include "load/partition_defs.h" 17 #include "load/asset_defs.h" 18 19 #ifdef __cplusplus 20 extern "C" { 21 #endif 22 23 /* Memory access attributes */ 24 #define TFM_HAL_ACCESS_EXECUTABLE (1UL << 0) 25 #define TFM_HAL_ACCESS_READABLE (1UL << 1) 26 #define TFM_HAL_ACCESS_WRITABLE (1UL << 2) 27 #define TFM_HAL_ACCESS_UNPRIVILEGED (1UL << 3) 28 #define TFM_HAL_ACCESS_DEVICE (1UL << 4) 29 #define TFM_HAL_ACCESS_NS (1UL << 5) 30 31 #define TFM_HAL_ACCESS_READWRITE \ 32 (TFM_HAL_ACCESS_READABLE | TFM_HAL_ACCESS_WRITABLE) 33 34 #ifdef TFM_FIH_PROFILE_ON 35 36 /** 37 * \brief This function is responsible for checking all critical isolation 38 configurations. 39 * 40 * \return TFM_HAL_SUCCESS - the verification passed. 41 * TFM_HAL_ERROR_GENERIC - the verification failed. 42 */ 43 fih_int tfm_hal_verify_static_boundaries(void); 44 45 #endif /* TFM_FIH_PROFILE_ON */ 46 /** 47 * \brief Sets up the static isolation boundaries which are constant throughout 48 * the runtime of the system, including the SPE/NSPE and partition 49 * boundaries. 50 * 51 * \param[out] p_spm_boundary Pointer of the boundary value 52 * 53 * \return TFM_HAL_SUCCESS - the isolation boundaries have been set up. 54 * TFM_HAL_ERROR_GENERIC - failed to set up the isolation boundaries. 55 */ 56 FIH_RET_TYPE(enum tfm_hal_status_t) tfm_hal_set_up_static_boundaries( 57 uintptr_t *p_spm_boundary); 58 59 /** 60 * \brief Activate one Secure Partition boundary. 61 * 62 * \param[in] p_ldinf Partition load information. 63 * \param[in] boundary Platform boundary value for partition. 64 * 65 * \return TFM_HAL_SUCCESS The isolation boundaries update succeeded. 66 * TFM_HAL_ERROR_GENERIC Failed to update the isolation boundaries. 67 */ 68 FIH_RET_TYPE(enum tfm_hal_status_t) tfm_hal_activate_boundary( 69 const struct partition_load_info_t *p_ldinf, 70 uintptr_t boundary); 71 72 /** 73 * \brief This API checks if a given range of memory can be accessed with 74 * specified access types in boundary. The boundary belongs to 75 * a partition which contains all asset info. 76 * 77 * \param[in] boundary The boundary that the given memory is to be 78 * checked with. 79 * \param[in] base The base address of the region. 80 * \param[in] size The size of the region. 81 * \param[in] access_type The memory access types to be checked between 82 * given memory and boundaries. 83 * 84 * \return TFM_HAL_SUCCESS - The memory region has the access permissions. 85 * TFM_HAL_ERROR_MEM_FAULT - The memory region has not the access 86 * permissions. 87 * TFM_HAL_ERROR_INVALID_INPUT - Invalid inputs. 88 * TFM_HAL_ERROR_GENERIC - An error occurred. 89 */ 90 FIH_RET_TYPE(enum tfm_hal_status_t) tfm_hal_memory_check( 91 uintptr_t boundary, uintptr_t base, 92 size_t size, uint32_t access_type); 93 94 /** 95 * \brief This API binds partition boundaries with the platform. The platform 96 * maintains the platform-specific settings for SPM further 97 * usage, such as update partition boundaries or 98 * check resource accessibility. The platform needs to manage 99 * the settings with internal mechanism, and return a value 100 * to SPM. SPM delivers this value back to platform when 101 * necessary. And SPM checks this value to decide if the 102 * platform-specific settings need to be updated. Hence 103 * multiple partitions can have the same value if they have 104 * the same platform-specific settings, depending on isolation level. 105 * 106 * \param[in] p_ldinf Partition load information. 107 * \param[in] p_boundary Pointer of the boundary value 108 * 109 * \return TFM_HAL_SUCCESS - A platform value bound successfully. 110 * TFM_HAL_ERROR_GENERIC - Error occurred while binding. 111 */ 112 FIH_RET_TYPE(enum tfm_hal_status_t) tfm_hal_bind_boundary( 113 const struct partition_load_info_t *p_ldinf, 114 uintptr_t *p_boundary); 115 116 /** 117 * \brief This API let the platform decide if a boundary switch is needed. 118 * 119 * \param[in] boundary_from The current boundary to be switched. 120 * \param[in] boundary_to The target boundary to be switched to. 121 * 122 * \return true - a switching is needed. 123 * false - do not need a switch. 124 */ 125 FIH_RET_TYPE(bool) tfm_hal_boundary_need_switch(uintptr_t boundary_from, 126 uintptr_t boundary_to); 127 128 #ifdef __cplusplus 129 } 130 #endif 131 132 #endif /* __TFM_HAL_ISOLATION_H__ */ 133