1 /***********************************************************************************************************************
2 * Copyright [2020-2022] Renesas Electronics Corporation and/or its affiliates. All Rights Reserved.
3 *
4 * This software and documentation are supplied by Renesas Electronics America Inc. and may only be used with products
5 * of Renesas Electronics Corp. and its affiliates ("Renesas"). No other uses are authorized. Renesas products are
6 * sold pursuant to Renesas terms and conditions of sale. Purchasers are solely responsible for the selection and use
7 * of Renesas products and Renesas assumes no liability. No license, express or implied, to any intellectual property
8 * right is granted by Renesas. This software is protected under all applicable laws, including copyright laws. Renesas
9 * reserves the right to change or discontinue this software and/or this documentation. THE SOFTWARE AND DOCUMENTATION
10 * IS DELIVERED TO YOU "AS IS," AND RENESAS MAKES NO REPRESENTATIONS OR WARRANTIES, AND TO THE FULLEST EXTENT
11 * PERMISSIBLE UNDER APPLICABLE LAW, DISCLAIMS ALL WARRANTIES, WHETHER EXPLICITLY OR IMPLICITLY, INCLUDING WARRANTIES
12 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, WITH RESPECT TO THE SOFTWARE OR
13 * DOCUMENTATION. RENESAS SHALL HAVE NO LIABILITY ARISING OUT OF ANY SECURITY VULNERABILITY OR BREACH. TO THE MAXIMUM
14 * EXTENT PERMITTED BY LAW, IN NO EVENT WILL RENESAS BE LIABLE TO YOU IN CONNECTION WITH THE SOFTWARE OR DOCUMENTATION
15 * (OR ANY PERSON OR ENTITY CLAIMING RIGHTS DERIVED FROM YOU) FOR ANY LOSS, DAMAGES, OR CLAIMS WHATSOEVER, INCLUDING,
16 * WITHOUT LIMITATION, ANY DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT, PUNITIVE, OR INCIDENTAL DAMAGES; ANY LOST PROFITS,
17 * OTHER ECONOMIC DAMAGE, PROPERTY DAMAGE, OR PERSONAL INJURY; AND EVEN IF RENESAS HAS BEEN ADVISED OF THE POSSIBILITY
18 * OF SUCH LOSS, DAMAGES, CLAIMS OR COSTS.
19 **********************************************************************************************************************/
20
21 /***********************************************************************************************************************
22 * Includes <System Includes> , "Project Includes"
23 **********************************************************************************************************************/
24 #include "bsp_api.h"
25
26 #if BSP_FEATURE_TZ_HAS_TRUSTZONE
27
28 /***********************************************************************************************************************
29 * Macro definitions
30 **********************************************************************************************************************/
31 #define BSP_PRV_TZ_REG_KEY (0xA500U)
32 #define BSP_PRV_AIRCR_VECTKEY (0x05FA0000U)
33 #define RA_NOT_DEFINED (0)
34
35 /***********************************************************************************************************************
36 * Typedef definitions
37 **********************************************************************************************************************/
38
39 /***********************************************************************************************************************
40 * Exported global variables (to be accessed by other files)
41 **********************************************************************************************************************/
42 void R_BSP_SecurityInit(void);
43 void R_BSP_PinCfgSecurityInit(void);
44 void R_BSP_ElcCfgSecurityInit(void);
45
46 /***********************************************************************************************************************
47 * External symbols
48 **********************************************************************************************************************/
49 extern const fsp_vector_t g_vector_table[BSP_ICU_VECTOR_MAX_ENTRIES];
50
51 #if defined(__ARMCC_VERSION) || defined(__ICCARM__)
52 typedef void (BSP_CMSE_NONSECURE_CALL * bsp_nonsecure_func_t)(void);
53 #elif defined(__GNUC__)
54 typedef BSP_CMSE_NONSECURE_CALL void (*volatile bsp_nonsecure_func_t)(void);
55 #endif
56
57 #if defined(__IAR_SYSTEMS_ICC__) && BSP_TZ_SECURE_BUILD
58 #pragma section=".tz_flash_nsc_start"
59 #pragma section=".tz_flash_ns_start"
60 #pragma section=".tz_ram_nsc_start"
61 #pragma section=".tz_ram_ns_start"
62 #pragma section=".tz_data_flash_ns_start"
63 #pragma section=".tz_sdram_ns_start"
64 #pragma section=".tz_qspi_flash_ns_start"
65 #pragma section=".tz_ospi_device_0_ns_start"
66 #pragma section=".tz_ospi_device_1_ns_start"
67
68 /* &__tz_<REGION>_C is the address of the non-secure callable section. Must assign value to this variable or
69 * linker will give error. */
70
71 /* &__tz_<REGION>_N is the start address of the non-secure region. */
72 BSP_DONT_REMOVE void const * const __tz_FLASH_C BSP_ALIGN_VARIABLE(1024) @".tz_flash_nsc_start" = 0;
73 BSP_DONT_REMOVE void const * const __tz_FLASH_N BSP_ALIGN_VARIABLE(32768) @".tz_flash_ns_start" = 0;
74 BSP_DONT_REMOVE void * __tz_RAM_C BSP_ALIGN_VARIABLE(1024) @".tz_ram_nsc_start";
75 BSP_DONT_REMOVE void * __tz_RAM_N BSP_ALIGN_VARIABLE(8192) @".tz_ram_ns_start";
76 BSP_DONT_REMOVE void * __tz_DATA_FLASH_N BSP_ALIGN_VARIABLE(1024) @".tz_data_flash_ns_start";
77
78 #if BSP_FEATURE_SDRAM_START_ADDRESS
79 BSP_DONT_REMOVE void * __tz_SDRAM_N @".tz_sdram_ns_start";
80 #endif
81 BSP_DONT_REMOVE void * __tz_QSPI_FLASH_N @".tz_qspi_flash_ns_start";
82 #if BSP_FEATURE_OSPI_DEVICE_0_START_ADDRESS
83 BSP_DONT_REMOVE void * __tz_OSPI_DEVICE_0_N @".tz_ospi_device_0_ns_start";
84 #endif
85 #if BSP_FEATURE_OSPI_DEVICE_1_START_ADDRESS
86 BSP_DONT_REMOVE void * __tz_OSPI_DEVICE_1_N @".tz_ospi_device_1_ns_start";
87 #endif
88
89 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_flash = (uint32_t *) &__tz_FLASH_N;
90 #elif defined(__ARMCC_VERSION)
91 extern const uint32_t Image$$__tz_FLASH_N$$Base;
92 extern const uint32_t Image$$__tz_FLASH_C$$Base;
93 extern const uint32_t Image$$__tz_FLASH_S$$Base;
94 extern const uint32_t Image$$__tz_RAM_N$$Base;
95 extern const uint32_t Image$$__tz_RAM_C$$Base;
96 extern const uint32_t Image$$__tz_RAM_S$$Base;
97 extern const uint32_t Image$$__tz_DATA_FLASH_N$$Base;
98 extern const uint32_t Image$$__tz_DATA_FLASH_S$$Base;
99 extern const uint32_t Image$$__tz_QSPI_FLASH_N$$Base;
100 extern const uint32_t Image$$__tz_QSPI_FLASH_S$$Base;
101 extern const uint32_t Image$$__tz_SDRAM_N$$Base;
102 extern const uint32_t Image$$__tz_SDRAM_S$$Base;
103 extern const uint32_t Image$$__tz_OSPI_DEVICE_0_N$$Base;
104 extern const uint32_t Image$$__tz_OSPI_DEVICE_0_S$$Base;
105 extern const uint32_t Image$$__tz_OSPI_DEVICE_1_N$$Base;
106 extern const uint32_t Image$$__tz_OSPI_DEVICE_1_S$$Base;
107 extern const uint32_t Image$$__tz_OPTION_SETTING_N$$Base;
108 extern const uint32_t Image$$__tz_OPTION_SETTING_S$$Base;
109 extern const uint32_t Image$$__tz_OPTION_SETTING_S_N$$Base;
110 extern const uint32_t Image$$__tz_OPTION_SETTING_S_S$$Base;
111 extern const uint32_t Image$$__tz_ID_CODE_N$$Base;
112 extern const uint32_t Image$$__tz_ID_CODE_S$$Base;
113
114 #define __tz_FLASH_N Image$$__tz_FLASH_N$$Base
115 #define __tz_FLASH_C Image$$__tz_FLASH_C$$Base
116 #define __tz_FLASH_S Image$$__tz_FLASH_S$$Base
117 #define __tz_RAM_N Image$$__tz_RAM_N$$Base
118 #define __tz_RAM_C Image$$__tz_RAM_C$$Base
119 #define __tz_RAM_S Image$$__tz_RAM_S$$Base
120 #define __tz_DATA_FLASH_N Image$$__tz_DATA_FLASH_N$$Base
121 #define __tz_DATA_FLASH_S Image$$__tz_DATA_FLASH_S$$Base
122 #define __tz_QSPI_FLASH_N Image$$__tz_QSPI_FLASH_N$$Base
123 #define __tz_QSPI_FLASH_S Image$$__tz_QSPI_FLASH_S$$Base
124 #define __tz_SDRAM_N Image$$__tz_SDRAM_N$$Base
125 #define __tz_SDRAM_S Image$$__tz_SDRAM_S$$Base
126 #define __tz_OSPI_DEVICE_0_N Image$$__tz_OSPI_DEVICE_0_N$$Base
127 #define __tz_OSPI_DEVICE_0_S Image$$__tz_OSPI_DEVICE_0_S$$Base
128 #define __tz_OSPI_DEVICE_1_N Image$$__tz_OSPI_DEVICE_1_N$$Base
129 #define __tz_OSPI_DEVICE_1_S Image$$__tz_OSPI_DEVICE_1_S$$Base
130 #define __tz_OPTION_SETTING_N Image$$__tz_OPTION_SETTING_N$$Base
131 #define __tz_OPTION_SETTING_S Image$$__tz_OPTION_SETTING_S$$Base
132 #define __tz_OPTION_SETTING_S_N Image$$__tz_OPTION_SETTING_S_N$$Base
133 #define __tz_OPTION_SETTING_S_S Image$$__tz_OPTION_SETTING_S_S$$Base
134 #define __tz_ID_CODE_N Image$$__tz_ID_CODE_N$$Base
135 #define __tz_ID_CODE_S Image$$__tz_ID_CODE_S$$Base
136
137 /* Assign region addresses to pointers so that AC6 includes symbols that can be used to determine the
138 * start addresses of Secure, Non-secure and Non-secure Callable regions. */
139 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_flash = &__tz_FLASH_N;
140 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_callable_flash = &__tz_FLASH_C;
141 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_flash = &__tz_FLASH_S;
142 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_ram = &__tz_RAM_N;
143 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_callable_ram = &__tz_RAM_C;
144 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_ram = &__tz_RAM_S;
145 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_data_flash = &__tz_DATA_FLASH_N;
146 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_data_flash = &__tz_DATA_FLASH_S;
147
148 #if BSP_TZ_SECURE_BUILD
149
150 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_qspi_flash = &__tz_QSPI_FLASH_N;
151 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_qspi_flash = &__tz_QSPI_FLASH_S;
152 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_sdram = &__tz_SDRAM_N;
153 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_sdram = &__tz_SDRAM_S;
154 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_ospi_device_0 = &__tz_OSPI_DEVICE_0_N;
155 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_ospi_device_0 = &__tz_OSPI_DEVICE_0_S;
156 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_ospi_device_1 = &__tz_OSPI_DEVICE_1_N;
157 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_ospi_device_1 = &__tz_OSPI_DEVICE_1_S;
158 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_option_setting = &__tz_OPTION_SETTING_N;
159 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_option_setting = &__tz_OPTION_SETTING_S;
160 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_option_setting_s = &__tz_OPTION_SETTING_S_N;
161 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_option_setting_s = &__tz_OPTION_SETTING_S_S;
162 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_id_code = &__tz_ID_CODE_N;
163 BSP_DONT_REMOVE uint32_t const * const gp_start_of_secure_id_code = &__tz_ID_CODE_S;
164
165 #endif
166
167 #elif defined(__GNUC__)
168 extern const uint32_t FLASH_NS_IMAGE_START;
169 BSP_DONT_REMOVE uint32_t const * const gp_start_of_nonsecure_flash = &FLASH_NS_IMAGE_START;
170 #endif
171
172 #if BSP_TZ_SECURE_BUILD
173
174 /*******************************************************************************************************************//**
175 * @addtogroup BSP_MCU
176 * @{
177 **********************************************************************************************************************/
178
179 /*******************************************************************************************************************//**
180 * Enter the non-secure code environment.
181 *
182 * This function configures the non-secure MSP and vector table then jumps to the non-secure project's Reset_Handler.
183 *
184 * @note This function (and therefore the non-secure code) should not return.
185 **********************************************************************************************************************/
R_BSP_NonSecureEnter(void)186 void R_BSP_NonSecureEnter (void)
187 {
188 /* The NS vector table is at the start of the NS section in flash */
189 uint32_t const * p_ns_vector_table = gp_start_of_nonsecure_flash;
190
191 /* Set up the NS Reset_Handler to be called */
192 uint32_t const * p_ns_reset_address = (uint32_t const *) ((uint32_t) p_ns_vector_table + sizeof(uint32_t));
193 bsp_nonsecure_func_t p_ns_reset = (bsp_nonsecure_func_t) (*p_ns_reset_address);
194
195 /* Set the NS vector table address */
196 SCB_NS->VTOR = (uint32_t) p_ns_vector_table;
197
198 /* Set the NS stack pointer to the first entry in the NS vector table */
199 __TZ_set_MSP_NS(p_ns_vector_table[0]);
200
201 /* Jump to the NS Reset_Handler */
202 p_ns_reset();
203 }
204
205 /** @} (end addtogroup BSP_MCU) */
206
207 /*******************************************************************************************************************//**
208 * Initialize security features for TrustZone.
209 *
210 * This function initializes ARM security register and Renesas SAR registers for secure projects.
211 *
212 * @note IDAU settings must be configured to match project settings with a separate configuration tool.
213 **********************************************************************************************************************/
R_BSP_SecurityInit(void)214 void R_BSP_SecurityInit (void)
215 {
216 /* Setting SAU_CTRL.ALLNS to 1 allows the security attribution of all addresses to be set by the IDAU in the
217 * system. */
218 SAU->CTRL = SAU_CTRL_ALLNS_Msk;
219
220 /* The following section of code to configure SCB->AIRCR, SCB->NSACR, and FPU->FPCCR is taken from
221 * system_ARMCM33.c in the CMSIS_5 repository. SCB->SCR SLEEPDEEPS bit is not configured because the
222 * SCB->SCR SLEEPDEEP bit is ignored on RA MCUs. */
223 #if defined(SCB_CSR_AIRCR_INIT) && (SCB_CSR_AIRCR_INIT == 1U)
224
225 /* Configure whether non-secure projects have access to system reset, whether bus fault, hard fault, and NMI target
226 * secure or non-secure, and whether non-secure interrupt priorities are reduced to the lowest 8 priority levels. */
227 SCB->AIRCR = (SCB->AIRCR & ~(SCB_AIRCR_VECTKEY_Msk | SCB_AIRCR_SYSRESETREQS_Msk |
228 SCB_AIRCR_BFHFNMINS_Msk | SCB_AIRCR_PRIS_Msk)) |
229 BSP_PRV_AIRCR_VECTKEY |
230 ((SCB_AIRCR_SYSRESETREQS_VAL << SCB_AIRCR_SYSRESETREQS_Pos) & SCB_AIRCR_SYSRESETREQS_Msk) |
231 ((SCB_AIRCR_PRIS_VAL << SCB_AIRCR_PRIS_Pos) & SCB_AIRCR_PRIS_Msk) |
232 ((SCB_AIRCR_BFHFNMINS_VAL << SCB_AIRCR_BFHFNMINS_Pos) & SCB_AIRCR_BFHFNMINS_Msk);
233 #endif
234
235 #if defined(__FPU_USED) && (__FPU_USED == 1U) && \
236 defined(TZ_FPU_NS_USAGE) && (TZ_FPU_NS_USAGE == 1U)
237
238 /* Configure whether the FPU can be accessed in the non-secure project. */
239 SCB->NSACR = (SCB->NSACR & ~(SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk)) |
240 ((SCB_NSACR_CP10_11_VAL << SCB_NSACR_CP10_Pos) & (SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk));
241
242 /* Configure whether FPU registers are always treated as non-secure (and therefore not preserved on the stack when
243 * switching from secure to non-secure), and whether the FPU registers should be cleared on exception return. */
244 FPU->FPCCR = (FPU->FPCCR & ~(FPU_FPCCR_TS_Msk | FPU_FPCCR_CLRONRETS_Msk | FPU_FPCCR_CLRONRET_Msk)) |
245 ((FPU_FPCCR_TS_VAL << FPU_FPCCR_TS_Pos) & FPU_FPCCR_TS_Msk) |
246 ((FPU_FPCCR_CLRONRETS_VAL << FPU_FPCCR_CLRONRETS_Pos) & FPU_FPCCR_CLRONRETS_Msk) |
247 ((FPU_FPCCR_CLRONRET_VAL << FPU_FPCCR_CLRONRET_Pos) & FPU_FPCCR_CLRONRET_Msk);
248 #endif
249
250 /* Disable PRCR for SARs. */
251 R_BSP_RegisterProtectDisable(BSP_REG_PROTECT_SAR);
252
253 /* Set TrustZone filter to Secure. */
254 R_TZF->TZFSAR = ~R_TZF_TZFSAR_TZFSA0_Msk;
255
256 /* Set TrustZone filter exception response. */
257 R_TZF->TZFPT = BSP_PRV_TZ_REG_KEY + 1U;
258 R_TZF->TZFOAD = BSP_PRV_TZ_REG_KEY + BSP_TZ_CFG_EXCEPTION_RESPONSE;
259 R_TZF->TZFPT = BSP_PRV_TZ_REG_KEY + 0U;
260
261 /* Initialize PSARs. */
262 R_PSCU->PSARB = BSP_TZ_CFG_PSARB;
263 R_PSCU->PSARC = BSP_TZ_CFG_PSARC;
264 R_PSCU->PSARD = BSP_TZ_CFG_PSARD;
265 R_PSCU->PSARE = BSP_TZ_CFG_PSARE;
266 R_PSCU->MSSAR = BSP_TZ_CFG_MSSAR;
267
268 /* Initialize Type 2 SARs. */
269 R_CPSCU->CSAR = BSP_TZ_CFG_CSAR; /* Cache Security Attribution. */
270 R_SYSTEM->RSTSAR = BSP_TZ_CFG_RSTSAR; /* RSTSRn Security Attribution. */
271 R_SYSTEM->LVDSAR = BSP_TZ_CFG_LVDSAR; /* LVD Security Attribution. */
272 R_SYSTEM->CGFSAR = BSP_TZ_CFG_CGFSAR; /* CGC Security Attribution. */
273 R_SYSTEM->LPMSAR = BSP_TZ_CFG_LPMSAR; /* LPM Security Attribution. */
274 R_SYSTEM->DPFSAR = BSP_TZ_CFG_DPFSAR; /* Deep Standby Interrupt Factor Security Attribution. */
275 #ifdef BSP_TZ_CFG_BBFSAR
276 R_SYSTEM->BBFSAR = BSP_TZ_CFG_BBFSAR; /* Battery Backup Security Attribution. */
277 #endif
278 R_CPSCU->ICUSARA = BSP_TZ_CFG_ICUSARA; /* External IRQ Security Attribution. */
279 R_CPSCU->ICUSARB = BSP_TZ_CFG_ICUSARB; /* NMI Security Attribution. */
280 R_CPSCU->ICUSARC = BSP_TZ_CFG_ICUSARC; /* DMAC Channel Security Attribution. */
281 R_CPSCU->ICUSARD = BSP_TZ_CFG_ICUSARD; /* SELSR0 Security Attribution. */
282 R_CPSCU->ICUSARE = BSP_TZ_CFG_ICUSARE; /* WUPEN0 Security Attribution. */
283 #ifdef BSP_TZ_CFG_ICUSARF
284 R_CPSCU->ICUSARF = BSP_TZ_CFG_ICUSARF; /* WUPEN1 Security Attribution. */
285 #endif
286 R_FCACHE->FSAR = BSP_TZ_CFG_FSAR; /* FLWT and FCKMHZ Security Attribution. */
287 R_CPSCU->SRAMSAR = BSP_TZ_CFG_SRAMSAR; /* SRAM Security Attribution. */
288 R_CPSCU->STBRAMSAR = BSP_TZ_CFG_STBRAMSAR; /* Standby RAM Security Attribution. */
289 R_CPSCU->MMPUSARA = BSP_TZ_CFG_MMPUSARA; /* Security Attribution for the DMAC Bus Master MPU. */
290 R_CPSCU->BUSSARA = BSP_TZ_CFG_BUSSARA; /* Security Attribution Register A for the BUS Control Registers. */
291 R_CPSCU->BUSSARB = BSP_TZ_CFG_BUSSARB; /* Security Attribution Register B for the BUS Control Registers. */
292
293 #if BSP_TZ_CFG_ICUSARC != UINT32_MAX
294 R_BSP_MODULE_START(FSP_IP_DMAC, 0);
295
296 /* If any DMAC channels are required by secure program, disable nonsecure write access to DMAST
297 * in order to prevent the nonsecure program from disabling all DMAC channels. */
298 R_CPSCU->DMACSAR = ~1U; /* Protect DMAST from nonsecure write access. */
299
300 /* Ensure that DMAST is set so that the nonsecure program can use DMA. */
301 R_DMA->DMAST = 1U;
302 #endif
303
304 #if BSP_TZ_CFG_DTC_USED
305 R_BSP_MODULE_START(FSP_IP_DTC, 0);
306
307 /* If the DTC is used by the secure program, disable nonsecure write access to DTCST
308 * in order to prevent the nonsecure program from disabling all DTC transfers. */
309 R_CPSCU->DTCSAR = ~1U;
310
311 /* Ensure that DTCST is set so that the nonsecure program can use DTC. */
312 R_DTC->DTCST = 1U;
313 #endif
314
315 /* Initialize security attribution registers for Pins. */
316 R_BSP_PinCfgSecurityInit();
317
318 /* Initialize security attribution registers for ELC. */
319 R_BSP_ElcCfgSecurityInit();
320
321 /* Reenable PRCR for SARs. */
322 R_BSP_RegisterProtectEnable(BSP_REG_PROTECT_SAR);
323 }
324
325 /* This function is overridden by tooling. */
R_BSP_PinCfgSecurityInit(void)326 BSP_WEAK_REFERENCE void R_BSP_PinCfgSecurityInit (void)
327 {
328 }
329
330 /* This function is overridden by tooling. */
R_BSP_ElcCfgSecurityInit(void)331 BSP_WEAK_REFERENCE void R_BSP_ElcCfgSecurityInit (void)
332 {
333 }
334
335 #endif
336 #endif
337