1 /* 2 * Arm SSE (Subsystems for Embedded): IoTKit 3 * 4 * Copyright (c) 2018 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "qapi/error.h" 15 #include "trace.h" 16 #include "hw/sysbus.h" 17 #include "hw/registerfields.h" 18 #include "hw/arm/armsse.h" 19 #include "hw/arm/arm.h" 20 21 struct ARMSSEInfo { 22 const char *name; 23 int sram_banks; 24 int num_cpus; 25 }; 26 27 static const ARMSSEInfo armsse_variants[] = { 28 { 29 .name = TYPE_IOTKIT, 30 .sram_banks = 1, 31 .num_cpus = 1, 32 }, 33 }; 34 35 /* Clock frequency in HZ of the 32KHz "slow clock" */ 36 #define S32KCLK (32 * 1000) 37 38 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */ 39 static bool irq_is_common[32] = { 40 [0 ... 5] = true, 41 /* 6, 7: per-CPU MHU interrupts */ 42 [8 ... 12] = true, 43 /* 13: per-CPU icache interrupt */ 44 /* 14: reserved */ 45 [15 ... 20] = true, 46 /* 21: reserved */ 47 [22 ... 26] = true, 48 /* 27: reserved */ 49 /* 28, 29: per-CPU CTI interrupts */ 50 /* 30, 31: reserved */ 51 }; 52 53 /* Create an alias region of @size bytes starting at @base 54 * which mirrors the memory starting at @orig. 55 */ 56 static void make_alias(ARMSSE *s, MemoryRegion *mr, const char *name, 57 hwaddr base, hwaddr size, hwaddr orig) 58 { 59 memory_region_init_alias(mr, NULL, name, &s->container, orig, size); 60 /* The alias is even lower priority than unimplemented_device regions */ 61 memory_region_add_subregion_overlap(&s->container, base, mr, -1500); 62 } 63 64 static void irq_status_forwarder(void *opaque, int n, int level) 65 { 66 qemu_irq destirq = opaque; 67 68 qemu_set_irq(destirq, level); 69 } 70 71 static void nsccfg_handler(void *opaque, int n, int level) 72 { 73 ARMSSE *s = ARMSSE(opaque); 74 75 s->nsccfg = level; 76 } 77 78 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) 79 { 80 /* Each of the 4 AHB and 4 APB PPCs that might be present in a 81 * system using the ARMSSE has a collection of control lines which 82 * are provided by the security controller and which we want to 83 * expose as control lines on the ARMSSE device itself, so the 84 * code using the ARMSSE can wire them up to the PPCs. 85 */ 86 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum]; 87 DeviceState *armssedev = DEVICE(s); 88 DeviceState *dev_secctl = DEVICE(&s->secctl); 89 DeviceState *dev_splitter = DEVICE(splitter); 90 char *name; 91 92 name = g_strdup_printf("%s_nonsec", ppcname); 93 qdev_pass_gpios(dev_secctl, armssedev, name); 94 g_free(name); 95 name = g_strdup_printf("%s_ap", ppcname); 96 qdev_pass_gpios(dev_secctl, armssedev, name); 97 g_free(name); 98 name = g_strdup_printf("%s_irq_enable", ppcname); 99 qdev_pass_gpios(dev_secctl, armssedev, name); 100 g_free(name); 101 name = g_strdup_printf("%s_irq_clear", ppcname); 102 qdev_pass_gpios(dev_secctl, armssedev, name); 103 g_free(name); 104 105 /* irq_status is a little more tricky, because we need to 106 * split it so we can send it both to the security controller 107 * and to our OR gate for the NVIC interrupt line. 108 * Connect up the splitter's outputs, and create a GPIO input 109 * which will pass the line state to the input splitter. 110 */ 111 name = g_strdup_printf("%s_irq_status", ppcname); 112 qdev_connect_gpio_out(dev_splitter, 0, 113 qdev_get_gpio_in_named(dev_secctl, 114 name, 0)); 115 qdev_connect_gpio_out(dev_splitter, 1, 116 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum)); 117 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0); 118 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder, 119 s->irq_status_in[ppcnum], name, 1); 120 g_free(name); 121 } 122 123 static void armsse_forward_sec_resp_cfg(ARMSSE *s) 124 { 125 /* Forward the 3rd output from the splitter device as a 126 * named GPIO output of the armsse object. 127 */ 128 DeviceState *dev = DEVICE(s); 129 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter); 130 131 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1); 132 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder, 133 s->sec_resp_cfg, 1); 134 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in); 135 } 136 137 static void armsse_init(Object *obj) 138 { 139 ARMSSE *s = ARMSSE(obj); 140 ARMSSEClass *asc = ARMSSE_GET_CLASS(obj); 141 const ARMSSEInfo *info = asc->info; 142 int i; 143 144 assert(info->sram_banks <= MAX_SRAM_BANKS); 145 assert(info->num_cpus <= SSE_MAX_CPUS); 146 147 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); 148 149 for (i = 0; i < info->num_cpus; i++) { 150 /* 151 * We put each CPU in its own cluster as they are logically 152 * distinct and may be configured differently. 153 */ 154 char *name; 155 156 name = g_strdup_printf("cluster%d", i); 157 object_initialize_child(obj, name, &s->cluster[i], 158 sizeof(s->cluster[i]), TYPE_CPU_CLUSTER, 159 &error_abort, NULL); 160 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i); 161 g_free(name); 162 163 name = g_strdup_printf("armv7m%d", i); 164 sysbus_init_child_obj(OBJECT(&s->cluster[i]), name, 165 &s->armv7m[i], sizeof(s->armv7m), TYPE_ARMV7M); 166 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", 167 ARM_CPU_TYPE_NAME("cortex-m33")); 168 g_free(name); 169 name = g_strdup_printf("arm-sse-cpu-container%d", i); 170 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX); 171 g_free(name); 172 if (i > 0) { 173 name = g_strdup_printf("arm-sse-container-alias%d", i); 174 memory_region_init_alias(&s->container_alias[i - 1], obj, 175 name, &s->container, 0, UINT64_MAX); 176 g_free(name); 177 } 178 } 179 180 sysbus_init_child_obj(obj, "secctl", &s->secctl, sizeof(s->secctl), 181 TYPE_IOTKIT_SECCTL); 182 sysbus_init_child_obj(obj, "apb-ppc0", &s->apb_ppc0, sizeof(s->apb_ppc0), 183 TYPE_TZ_PPC); 184 sysbus_init_child_obj(obj, "apb-ppc1", &s->apb_ppc1, sizeof(s->apb_ppc1), 185 TYPE_TZ_PPC); 186 for (i = 0; i < info->sram_banks; i++) { 187 char *name = g_strdup_printf("mpc%d", i); 188 sysbus_init_child_obj(obj, name, &s->mpc[i], 189 sizeof(s->mpc[i]), TYPE_TZ_MPC); 190 g_free(name); 191 } 192 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate, 193 sizeof(s->mpc_irq_orgate), TYPE_OR_IRQ, 194 &error_abort, NULL); 195 196 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 197 char *name = g_strdup_printf("mpc-irq-splitter-%d", i); 198 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 199 200 object_initialize_child(obj, name, splitter, sizeof(*splitter), 201 TYPE_SPLIT_IRQ, &error_abort, NULL); 202 g_free(name); 203 } 204 sysbus_init_child_obj(obj, "timer0", &s->timer0, sizeof(s->timer0), 205 TYPE_CMSDK_APB_TIMER); 206 sysbus_init_child_obj(obj, "timer1", &s->timer1, sizeof(s->timer1), 207 TYPE_CMSDK_APB_TIMER); 208 sysbus_init_child_obj(obj, "s32ktimer", &s->s32ktimer, sizeof(s->s32ktimer), 209 TYPE_CMSDK_APB_TIMER); 210 sysbus_init_child_obj(obj, "dualtimer", &s->dualtimer, sizeof(s->dualtimer), 211 TYPE_CMSDK_APB_DUALTIMER); 212 sysbus_init_child_obj(obj, "s32kwatchdog", &s->s32kwatchdog, 213 sizeof(s->s32kwatchdog), TYPE_CMSDK_APB_WATCHDOG); 214 sysbus_init_child_obj(obj, "nswatchdog", &s->nswatchdog, 215 sizeof(s->nswatchdog), TYPE_CMSDK_APB_WATCHDOG); 216 sysbus_init_child_obj(obj, "swatchdog", &s->swatchdog, 217 sizeof(s->swatchdog), TYPE_CMSDK_APB_WATCHDOG); 218 sysbus_init_child_obj(obj, "armsse-sysctl", &s->sysctl, 219 sizeof(s->sysctl), TYPE_IOTKIT_SYSCTL); 220 sysbus_init_child_obj(obj, "armsse-sysinfo", &s->sysinfo, 221 sizeof(s->sysinfo), TYPE_IOTKIT_SYSINFO); 222 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, 223 sizeof(s->nmi_orgate), TYPE_OR_IRQ, 224 &error_abort, NULL); 225 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate, 226 sizeof(s->ppc_irq_orgate), TYPE_OR_IRQ, 227 &error_abort, NULL); 228 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter, 229 sizeof(s->sec_resp_splitter), TYPE_SPLIT_IRQ, 230 &error_abort, NULL); 231 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 232 char *name = g_strdup_printf("ppc-irq-splitter-%d", i); 233 SplitIRQ *splitter = &s->ppc_irq_splitter[i]; 234 235 object_initialize_child(obj, name, splitter, sizeof(*splitter), 236 TYPE_SPLIT_IRQ, &error_abort, NULL); 237 g_free(name); 238 } 239 if (info->num_cpus > 1) { 240 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 241 if (irq_is_common[i]) { 242 char *name = g_strdup_printf("cpu-irq-splitter%d", i); 243 SplitIRQ *splitter = &s->cpu_irq_splitter[i]; 244 245 object_initialize_child(obj, name, splitter, sizeof(*splitter), 246 TYPE_SPLIT_IRQ, &error_abort, NULL); 247 g_free(name); 248 } 249 } 250 } 251 } 252 253 static void armsse_exp_irq(void *opaque, int n, int level) 254 { 255 qemu_irq *irqarray = opaque; 256 257 qemu_set_irq(irqarray[n], level); 258 } 259 260 static void armsse_mpcexp_status(void *opaque, int n, int level) 261 { 262 ARMSSE *s = ARMSSE(opaque); 263 qemu_set_irq(s->mpcexp_status_in[n], level); 264 } 265 266 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno) 267 { 268 /* 269 * Return a qemu_irq which can be used to signal IRQ n to 270 * all CPUs in the SSE. 271 */ 272 ARMSSEClass *asc = ARMSSE_GET_CLASS(s); 273 const ARMSSEInfo *info = asc->info; 274 275 assert(irq_is_common[irqno]); 276 277 if (info->num_cpus == 1) { 278 /* Only one CPU -- just connect directly to it */ 279 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno); 280 } else { 281 /* Connect to the splitter which feeds all CPUs */ 282 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0); 283 } 284 } 285 286 static void armsse_realize(DeviceState *dev, Error **errp) 287 { 288 ARMSSE *s = ARMSSE(dev); 289 ARMSSEClass *asc = ARMSSE_GET_CLASS(dev); 290 const ARMSSEInfo *info = asc->info; 291 int i; 292 MemoryRegion *mr; 293 Error *err = NULL; 294 SysBusDevice *sbd_apb_ppc0; 295 SysBusDevice *sbd_secctl; 296 DeviceState *dev_apb_ppc0; 297 DeviceState *dev_apb_ppc1; 298 DeviceState *dev_secctl; 299 DeviceState *dev_splitter; 300 uint32_t addr_width_max; 301 302 if (!s->board_memory) { 303 error_setg(errp, "memory property was not set"); 304 return; 305 } 306 307 if (!s->mainclk_frq) { 308 error_setg(errp, "MAINCLK property was not set"); 309 return; 310 } 311 312 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */ 313 assert(is_power_of_2(info->sram_banks)); 314 addr_width_max = 24 - ctz32(info->sram_banks); 315 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) { 316 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d", 317 addr_width_max); 318 return; 319 } 320 321 /* Handling of which devices should be available only to secure 322 * code is usually done differently for M profile than for A profile. 323 * Instead of putting some devices only into the secure address space, 324 * devices exist in both address spaces but with hard-wired security 325 * permissions that will cause the CPU to fault for non-secure accesses. 326 * 327 * The ARMSSE has an IDAU (Implementation Defined Access Unit), 328 * which specifies hard-wired security permissions for different 329 * areas of the physical address space. For the ARMSSE IDAU, the 330 * top 4 bits of the physical address are the IDAU region ID, and 331 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS 332 * region, otherwise it is an S region. 333 * 334 * The various devices and RAMs are generally all mapped twice, 335 * once into a region that the IDAU defines as secure and once 336 * into a non-secure region. They sit behind either a Memory 337 * Protection Controller (for RAM) or a Peripheral Protection 338 * Controller (for devices), which allow a more fine grained 339 * configuration of whether non-secure accesses are permitted. 340 * 341 * (The other place that guest software can configure security 342 * permissions is in the architected SAU (Security Attribution 343 * Unit), which is entirely inside the CPU. The IDAU can upgrade 344 * the security attributes for a region to more restrictive than 345 * the SAU specifies, but cannot downgrade them.) 346 * 347 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff 348 * 0x20000000..0x2007ffff 32KB FPGA block RAM 349 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff 350 * 0x40000000..0x4000ffff base peripheral region 1 351 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE) 352 * 0x40020000..0x4002ffff system control element peripherals 353 * 0x40080000..0x400fffff base peripheral region 2 354 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff 355 */ 356 357 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2); 358 359 for (i = 0; i < info->num_cpus; i++) { 360 DeviceState *cpudev = DEVICE(&s->armv7m[i]); 361 Object *cpuobj = OBJECT(&s->armv7m[i]); 362 int j; 363 char *gpioname; 364 365 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + 32); 366 /* 367 * In real hardware the initial Secure VTOR is set from the INITSVTOR0 368 * register in the IoT Kit System Control Register block, and the 369 * initial value of that is in turn specifiable by the FPGA that 370 * instantiates the IoT Kit. In QEMU we don't implement this wrinkle, 371 * and simply set the CPU's init-svtor to the IoT Kit default value. 372 * In SSE-200 the situation is similar, except that the default value 373 * is a reset-time signal input. Typically a board using the SSE-200 374 * will have a system control processor whose boot firmware initializes 375 * the INITSVTOR* registers before powering up the CPUs in any case, 376 * so the hardware's default value doesn't matter. QEMU doesn't emulate 377 * the control processor, so instead we behave in the way that the 378 * firmware does. All boards currently known about have firmware that 379 * sets the INITSVTOR0 and INITSVTOR1 registers to 0x10000000, like the 380 * IoTKit default. We can make this more configurable if necessary. 381 */ 382 qdev_prop_set_uint32(cpudev, "init-svtor", 0x10000000); 383 /* 384 * Start all CPUs except CPU0 powered down. In real hardware it is 385 * a configurable property of the SSE-200 which CPUs start powered up 386 * (via the CPUWAIT0_RST and CPUWAIT1_RST parameters), but since all 387 * the boards we care about start CPU0 and leave CPU1 powered off, 388 * we hard-code that for now. We can add QOM properties for this 389 * later if necessary. 390 */ 391 if (i > 0) { 392 object_property_set_bool(cpuobj, true, "start-powered-off", &err); 393 if (err) { 394 error_propagate(errp, err); 395 return; 396 } 397 } 398 399 if (i > 0) { 400 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 401 &s->container_alias[i - 1], -1); 402 } else { 403 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 404 &s->container, -1); 405 } 406 object_property_set_link(cpuobj, OBJECT(&s->cpu_container[i]), 407 "memory", &err); 408 if (err) { 409 error_propagate(errp, err); 410 return; 411 } 412 object_property_set_link(cpuobj, OBJECT(s), "idau", &err); 413 if (err) { 414 error_propagate(errp, err); 415 return; 416 } 417 object_property_set_bool(cpuobj, true, "realized", &err); 418 if (err) { 419 error_propagate(errp, err); 420 return; 421 } 422 /* 423 * The cluster must be realized after the armv7m container, as 424 * the container's CPU object is only created on realize, and the 425 * CPU must exist and have been parented into the cluster before 426 * the cluster is realized. 427 */ 428 object_property_set_bool(OBJECT(&s->cluster[i]), 429 true, "realized", &err); 430 if (err) { 431 error_propagate(errp, err); 432 return; 433 } 434 435 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */ 436 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq); 437 for (j = 0; j < s->exp_numirq; j++) { 438 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, i + 32); 439 } 440 if (i == 0) { 441 gpioname = g_strdup("EXP_IRQ"); 442 } else { 443 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i); 444 } 445 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq, 446 s->exp_irqs[i], 447 gpioname, s->exp_numirq); 448 g_free(gpioname); 449 } 450 451 /* Wire up the splitters that connect common IRQs to all CPUs */ 452 if (info->num_cpus > 1) { 453 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 454 if (irq_is_common[i]) { 455 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]); 456 DeviceState *devs = DEVICE(splitter); 457 int cpunum; 458 459 object_property_set_int(splitter, info->num_cpus, 460 "num-lines", &err); 461 if (err) { 462 error_propagate(errp, err); 463 return; 464 } 465 object_property_set_bool(splitter, true, "realized", &err); 466 if (err) { 467 error_propagate(errp, err); 468 return; 469 } 470 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { 471 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); 472 473 qdev_connect_gpio_out(devs, cpunum, 474 qdev_get_gpio_in(cpudev, i)); 475 } 476 } 477 } 478 } 479 480 /* Set up the big aliases first */ 481 make_alias(s, &s->alias1, "alias 1", 0x10000000, 0x10000000, 0x00000000); 482 make_alias(s, &s->alias2, "alias 2", 0x30000000, 0x10000000, 0x20000000); 483 /* The 0x50000000..0x5fffffff region is not a pure alias: it has 484 * a few extra devices that only appear there (generally the 485 * control interfaces for the protection controllers). 486 * We implement this by mapping those devices over the top of this 487 * alias MR at a higher priority. 488 */ 489 make_alias(s, &s->alias3, "alias 3", 0x50000000, 0x10000000, 0x40000000); 490 491 492 /* Security controller */ 493 object_property_set_bool(OBJECT(&s->secctl), true, "realized", &err); 494 if (err) { 495 error_propagate(errp, err); 496 return; 497 } 498 sbd_secctl = SYS_BUS_DEVICE(&s->secctl); 499 dev_secctl = DEVICE(&s->secctl); 500 sysbus_mmio_map(sbd_secctl, 0, 0x50080000); 501 sysbus_mmio_map(sbd_secctl, 1, 0x40080000); 502 503 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1); 504 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in); 505 506 /* The sec_resp_cfg output from the security controller must be split into 507 * multiple lines, one for each of the PPCs within the ARMSSE and one 508 * that will be an output from the ARMSSE to the system. 509 */ 510 object_property_set_int(OBJECT(&s->sec_resp_splitter), 3, 511 "num-lines", &err); 512 if (err) { 513 error_propagate(errp, err); 514 return; 515 } 516 object_property_set_bool(OBJECT(&s->sec_resp_splitter), true, 517 "realized", &err); 518 if (err) { 519 error_propagate(errp, err); 520 return; 521 } 522 dev_splitter = DEVICE(&s->sec_resp_splitter); 523 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0, 524 qdev_get_gpio_in(dev_splitter, 0)); 525 526 /* Each SRAM bank lives behind its own Memory Protection Controller */ 527 for (i = 0; i < info->sram_banks; i++) { 528 char *ramname = g_strdup_printf("armsse.sram%d", i); 529 SysBusDevice *sbd_mpc; 530 uint32_t sram_bank_size = 1 << s->sram_addr_width; 531 532 memory_region_init_ram(&s->sram[i], NULL, ramname, 533 sram_bank_size, &err); 534 g_free(ramname); 535 if (err) { 536 error_propagate(errp, err); 537 return; 538 } 539 object_property_set_link(OBJECT(&s->mpc[i]), OBJECT(&s->sram[i]), 540 "downstream", &err); 541 if (err) { 542 error_propagate(errp, err); 543 return; 544 } 545 object_property_set_bool(OBJECT(&s->mpc[i]), true, "realized", &err); 546 if (err) { 547 error_propagate(errp, err); 548 return; 549 } 550 /* Map the upstream end of the MPC into the right place... */ 551 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]); 552 memory_region_add_subregion(&s->container, 553 0x20000000 + i * sram_bank_size, 554 sysbus_mmio_get_region(sbd_mpc, 1)); 555 /* ...and its register interface */ 556 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000, 557 sysbus_mmio_get_region(sbd_mpc, 0)); 558 } 559 560 /* We must OR together lines from the MPC splitters to go to the NVIC */ 561 object_property_set_int(OBJECT(&s->mpc_irq_orgate), 562 IOTS_NUM_EXP_MPC + info->sram_banks, 563 "num-lines", &err); 564 if (err) { 565 error_propagate(errp, err); 566 return; 567 } 568 object_property_set_bool(OBJECT(&s->mpc_irq_orgate), true, 569 "realized", &err); 570 if (err) { 571 error_propagate(errp, err); 572 return; 573 } 574 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0, 575 armsse_get_common_irq_in(s, 9)); 576 577 /* Devices behind APB PPC0: 578 * 0x40000000: timer0 579 * 0x40001000: timer1 580 * 0x40002000: dual timer 581 * We must configure and realize each downstream device and connect 582 * it to the appropriate PPC port; then we can realize the PPC and 583 * map its upstream ends to the right place in the container. 584 */ 585 qdev_prop_set_uint32(DEVICE(&s->timer0), "pclk-frq", s->mainclk_frq); 586 object_property_set_bool(OBJECT(&s->timer0), true, "realized", &err); 587 if (err) { 588 error_propagate(errp, err); 589 return; 590 } 591 sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer0), 0, 592 armsse_get_common_irq_in(s, 3)); 593 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer0), 0); 594 object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[0]", &err); 595 if (err) { 596 error_propagate(errp, err); 597 return; 598 } 599 600 qdev_prop_set_uint32(DEVICE(&s->timer1), "pclk-frq", s->mainclk_frq); 601 object_property_set_bool(OBJECT(&s->timer1), true, "realized", &err); 602 if (err) { 603 error_propagate(errp, err); 604 return; 605 } 606 sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer1), 0, 607 armsse_get_common_irq_in(s, 4)); 608 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer1), 0); 609 object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[1]", &err); 610 if (err) { 611 error_propagate(errp, err); 612 return; 613 } 614 615 616 qdev_prop_set_uint32(DEVICE(&s->dualtimer), "pclk-frq", s->mainclk_frq); 617 object_property_set_bool(OBJECT(&s->dualtimer), true, "realized", &err); 618 if (err) { 619 error_propagate(errp, err); 620 return; 621 } 622 sysbus_connect_irq(SYS_BUS_DEVICE(&s->dualtimer), 0, 623 armsse_get_common_irq_in(s, 5)); 624 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->dualtimer), 0); 625 object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[2]", &err); 626 if (err) { 627 error_propagate(errp, err); 628 return; 629 } 630 631 object_property_set_bool(OBJECT(&s->apb_ppc0), true, "realized", &err); 632 if (err) { 633 error_propagate(errp, err); 634 return; 635 } 636 637 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc0); 638 dev_apb_ppc0 = DEVICE(&s->apb_ppc0); 639 640 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 0); 641 memory_region_add_subregion(&s->container, 0x40000000, mr); 642 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 1); 643 memory_region_add_subregion(&s->container, 0x40001000, mr); 644 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 2); 645 memory_region_add_subregion(&s->container, 0x40002000, mr); 646 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) { 647 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i, 648 qdev_get_gpio_in_named(dev_apb_ppc0, 649 "cfg_nonsec", i)); 650 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i, 651 qdev_get_gpio_in_named(dev_apb_ppc0, 652 "cfg_ap", i)); 653 } 654 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0, 655 qdev_get_gpio_in_named(dev_apb_ppc0, 656 "irq_enable", 0)); 657 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0, 658 qdev_get_gpio_in_named(dev_apb_ppc0, 659 "irq_clear", 0)); 660 qdev_connect_gpio_out(dev_splitter, 0, 661 qdev_get_gpio_in_named(dev_apb_ppc0, 662 "cfg_sec_resp", 0)); 663 664 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external 665 * ones) are sent individually to the security controller, and also 666 * ORed together to give a single combined PPC interrupt to the NVIC. 667 */ 668 object_property_set_int(OBJECT(&s->ppc_irq_orgate), 669 NUM_PPCS, "num-lines", &err); 670 if (err) { 671 error_propagate(errp, err); 672 return; 673 } 674 object_property_set_bool(OBJECT(&s->ppc_irq_orgate), true, 675 "realized", &err); 676 if (err) { 677 error_propagate(errp, err); 678 return; 679 } 680 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0, 681 armsse_get_common_irq_in(s, 10)); 682 683 /* 0x40010000 .. 0x4001ffff: private CPU region: unused in IoTKit */ 684 685 /* 0x40020000 .. 0x4002ffff : ARMSSE system control peripheral region */ 686 /* Devices behind APB PPC1: 687 * 0x4002f000: S32K timer 688 */ 689 qdev_prop_set_uint32(DEVICE(&s->s32ktimer), "pclk-frq", S32KCLK); 690 object_property_set_bool(OBJECT(&s->s32ktimer), true, "realized", &err); 691 if (err) { 692 error_propagate(errp, err); 693 return; 694 } 695 sysbus_connect_irq(SYS_BUS_DEVICE(&s->s32ktimer), 0, 696 armsse_get_common_irq_in(s, 2)); 697 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->s32ktimer), 0); 698 object_property_set_link(OBJECT(&s->apb_ppc1), OBJECT(mr), "port[0]", &err); 699 if (err) { 700 error_propagate(errp, err); 701 return; 702 } 703 704 object_property_set_bool(OBJECT(&s->apb_ppc1), true, "realized", &err); 705 if (err) { 706 error_propagate(errp, err); 707 return; 708 } 709 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->apb_ppc1), 0); 710 memory_region_add_subregion(&s->container, 0x4002f000, mr); 711 712 dev_apb_ppc1 = DEVICE(&s->apb_ppc1); 713 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0, 714 qdev_get_gpio_in_named(dev_apb_ppc1, 715 "cfg_nonsec", 0)); 716 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0, 717 qdev_get_gpio_in_named(dev_apb_ppc1, 718 "cfg_ap", 0)); 719 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0, 720 qdev_get_gpio_in_named(dev_apb_ppc1, 721 "irq_enable", 0)); 722 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0, 723 qdev_get_gpio_in_named(dev_apb_ppc1, 724 "irq_clear", 0)); 725 qdev_connect_gpio_out(dev_splitter, 1, 726 qdev_get_gpio_in_named(dev_apb_ppc1, 727 "cfg_sec_resp", 0)); 728 729 object_property_set_bool(OBJECT(&s->sysinfo), true, "realized", &err); 730 if (err) { 731 error_propagate(errp, err); 732 return; 733 } 734 /* System information registers */ 735 sysbus_mmio_map(SYS_BUS_DEVICE(&s->sysinfo), 0, 0x40020000); 736 /* System control registers */ 737 object_property_set_bool(OBJECT(&s->sysctl), true, "realized", &err); 738 if (err) { 739 error_propagate(errp, err); 740 return; 741 } 742 sysbus_mmio_map(SYS_BUS_DEVICE(&s->sysctl), 0, 0x50021000); 743 744 /* This OR gate wires together outputs from the secure watchdogs to NMI */ 745 object_property_set_int(OBJECT(&s->nmi_orgate), 2, "num-lines", &err); 746 if (err) { 747 error_propagate(errp, err); 748 return; 749 } 750 object_property_set_bool(OBJECT(&s->nmi_orgate), true, "realized", &err); 751 if (err) { 752 error_propagate(errp, err); 753 return; 754 } 755 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0, 756 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0)); 757 758 qdev_prop_set_uint32(DEVICE(&s->s32kwatchdog), "wdogclk-frq", S32KCLK); 759 object_property_set_bool(OBJECT(&s->s32kwatchdog), true, "realized", &err); 760 if (err) { 761 error_propagate(errp, err); 762 return; 763 } 764 sysbus_connect_irq(SYS_BUS_DEVICE(&s->s32kwatchdog), 0, 765 qdev_get_gpio_in(DEVICE(&s->nmi_orgate), 0)); 766 sysbus_mmio_map(SYS_BUS_DEVICE(&s->s32kwatchdog), 0, 0x5002e000); 767 768 /* 0x40080000 .. 0x4008ffff : ARMSSE second Base peripheral region */ 769 770 qdev_prop_set_uint32(DEVICE(&s->nswatchdog), "wdogclk-frq", s->mainclk_frq); 771 object_property_set_bool(OBJECT(&s->nswatchdog), true, "realized", &err); 772 if (err) { 773 error_propagate(errp, err); 774 return; 775 } 776 sysbus_connect_irq(SYS_BUS_DEVICE(&s->nswatchdog), 0, 777 armsse_get_common_irq_in(s, 1)); 778 sysbus_mmio_map(SYS_BUS_DEVICE(&s->nswatchdog), 0, 0x40081000); 779 780 qdev_prop_set_uint32(DEVICE(&s->swatchdog), "wdogclk-frq", s->mainclk_frq); 781 object_property_set_bool(OBJECT(&s->swatchdog), true, "realized", &err); 782 if (err) { 783 error_propagate(errp, err); 784 return; 785 } 786 sysbus_connect_irq(SYS_BUS_DEVICE(&s->swatchdog), 0, 787 qdev_get_gpio_in(DEVICE(&s->nmi_orgate), 1)); 788 sysbus_mmio_map(SYS_BUS_DEVICE(&s->swatchdog), 0, 0x50081000); 789 790 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 791 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]); 792 793 object_property_set_int(splitter, 2, "num-lines", &err); 794 if (err) { 795 error_propagate(errp, err); 796 return; 797 } 798 object_property_set_bool(splitter, true, "realized", &err); 799 if (err) { 800 error_propagate(errp, err); 801 return; 802 } 803 } 804 805 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) { 806 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i); 807 808 armsse_forward_ppc(s, ppcname, i); 809 g_free(ppcname); 810 } 811 812 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) { 813 char *ppcname = g_strdup_printf("apb_ppcexp%d", i); 814 815 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC); 816 g_free(ppcname); 817 } 818 819 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) { 820 /* Wire up IRQ splitter for internal PPCs */ 821 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]); 822 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status", 823 i - NUM_EXTERNAL_PPCS); 824 TZPPC *ppc = (i == NUM_EXTERNAL_PPCS) ? &s->apb_ppc0 : &s->apb_ppc1; 825 826 qdev_connect_gpio_out(devs, 0, 827 qdev_get_gpio_in_named(dev_secctl, gpioname, 0)); 828 qdev_connect_gpio_out(devs, 1, 829 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i)); 830 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0, 831 qdev_get_gpio_in(devs, 0)); 832 g_free(gpioname); 833 } 834 835 /* Wire up the splitters for the MPC IRQs */ 836 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 837 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 838 DeviceState *dev_splitter = DEVICE(splitter); 839 840 object_property_set_int(OBJECT(splitter), 2, "num-lines", &err); 841 if (err) { 842 error_propagate(errp, err); 843 return; 844 } 845 object_property_set_bool(OBJECT(splitter), true, "realized", &err); 846 if (err) { 847 error_propagate(errp, err); 848 return; 849 } 850 851 if (i < IOTS_NUM_EXP_MPC) { 852 /* Splitter input is from GPIO input line */ 853 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0); 854 qdev_connect_gpio_out(dev_splitter, 0, 855 qdev_get_gpio_in_named(dev_secctl, 856 "mpcexp_status", i)); 857 } else { 858 /* Splitter input is from our own MPC */ 859 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]), 860 "irq", 0, 861 qdev_get_gpio_in(dev_splitter, 0)); 862 qdev_connect_gpio_out(dev_splitter, 0, 863 qdev_get_gpio_in_named(dev_secctl, 864 "mpc_status", 0)); 865 } 866 867 qdev_connect_gpio_out(dev_splitter, 1, 868 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i)); 869 } 870 /* Create GPIO inputs which will pass the line state for our 871 * mpcexp_irq inputs to the correct splitter devices. 872 */ 873 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status", 874 IOTS_NUM_EXP_MPC); 875 876 armsse_forward_sec_resp_cfg(s); 877 878 /* Forward the MSC related signals */ 879 qdev_pass_gpios(dev_secctl, dev, "mscexp_status"); 880 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear"); 881 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns"); 882 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0, 883 armsse_get_common_irq_in(s, 11)); 884 885 /* 886 * Expose our container region to the board model; this corresponds 887 * to the AHB Slave Expansion ports which allow bus master devices 888 * (eg DMA controllers) in the board model to make transactions into 889 * devices in the ARMSSE. 890 */ 891 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container); 892 893 system_clock_scale = NANOSECONDS_PER_SECOND / s->mainclk_frq; 894 } 895 896 static void armsse_idau_check(IDAUInterface *ii, uint32_t address, 897 int *iregion, bool *exempt, bool *ns, bool *nsc) 898 { 899 /* 900 * For ARMSSE systems the IDAU responses are simple logical functions 901 * of the address bits. The NSC attribute is guest-adjustable via the 902 * NSCCFG register in the security controller. 903 */ 904 ARMSSE *s = ARMSSE(ii); 905 int region = extract32(address, 28, 4); 906 907 *ns = !(region & 1); 908 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2)); 909 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */ 910 *exempt = (address & 0xeff00000) == 0xe0000000; 911 *iregion = region; 912 } 913 914 static const VMStateDescription armsse_vmstate = { 915 .name = "iotkit", 916 .version_id = 1, 917 .minimum_version_id = 1, 918 .fields = (VMStateField[]) { 919 VMSTATE_UINT32(nsccfg, ARMSSE), 920 VMSTATE_END_OF_LIST() 921 } 922 }; 923 924 static Property armsse_properties[] = { 925 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 926 MemoryRegion *), 927 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 928 DEFINE_PROP_UINT32("MAINCLK", ARMSSE, mainclk_frq, 0), 929 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 930 DEFINE_PROP_END_OF_LIST() 931 }; 932 933 static void armsse_reset(DeviceState *dev) 934 { 935 ARMSSE *s = ARMSSE(dev); 936 937 s->nsccfg = 0; 938 } 939 940 static void armsse_class_init(ObjectClass *klass, void *data) 941 { 942 DeviceClass *dc = DEVICE_CLASS(klass); 943 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass); 944 ARMSSEClass *asc = ARMSSE_CLASS(klass); 945 946 dc->realize = armsse_realize; 947 dc->vmsd = &armsse_vmstate; 948 dc->props = armsse_properties; 949 dc->reset = armsse_reset; 950 iic->check = armsse_idau_check; 951 asc->info = data; 952 } 953 954 static const TypeInfo armsse_info = { 955 .name = TYPE_ARMSSE, 956 .parent = TYPE_SYS_BUS_DEVICE, 957 .instance_size = sizeof(ARMSSE), 958 .instance_init = armsse_init, 959 .abstract = true, 960 .interfaces = (InterfaceInfo[]) { 961 { TYPE_IDAU_INTERFACE }, 962 { } 963 } 964 }; 965 966 static void armsse_register_types(void) 967 { 968 int i; 969 970 type_register_static(&armsse_info); 971 972 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) { 973 TypeInfo ti = { 974 .name = armsse_variants[i].name, 975 .parent = TYPE_ARMSSE, 976 .class_init = armsse_class_init, 977 .class_data = (void *)&armsse_variants[i], 978 }; 979 type_register(&ti); 980 } 981 } 982 983 type_init(armsse_register_types); 984