Documentation ¶
Overview ¶
Package tzasc implements a driver for the TrustZone Address Space Controller (TZASC) included in NXP i.MX6ULL/i.MX6ULZ SoCs.
Note that the TZASC must be initialized early in the boot process, see TZASC_BYPASS for information.
The driver is based on the following reference specifications:
- TZC-380 TRM - CoreLink™ TrustZone Address Space Controller TZC-380 - Revision: r0p1
This package is only meant to be used with `GOOS=tamago GOARCH=arm` as supported by the TamaGo framework for bare metal Go on ARM SoCs, see https://github.com/f-secure-foundry/tamago.
Index ¶
Constants ¶
const ( IOMUXC_GPR_GPR1 = 0x020e4004 GPR1_TZASC1_BOOT_LOCK = 23 // TZASC_BYPASS represents the register that allows to enable the TZASC // monitoring of DDR transactions. // // To use the TZASC the bypass must be disabled early in the boot // process, before DDR use. // // To do so the register can be written in the board DCD file (e.g. // imximage.cfg in usbarmory package): // `DATA 4 0x020e4024 0x00000001` // // This is a one time operation, until the next power-up cycle. TZASC_BYPASS = 0x020e4024 TZASC_BASE = 0x021d0000 )
TZASC imx6 specific registers
const ( TZASC_CONF = TZASC_BASE + 0x000 CONF_REGIONS = 0 TZASC_ACTION = TZASC_BASE + 0x004 TZASC_LOCKDOWN_RANGE = TZASC_BASE + 0x008 TZASC_LOCKDOWN_SELECT = TZASC_BASE + 0x00c TZASC_SEC_INV_EN = TZASC_BASE + 0x034 TZASC_REGION_SETUP_LOW_0 = TZASC_BASE + 0x100 TZASC_REGION_SETUP_HIGH_0 = TZASC_BASE + 0x104 TZASC_REGION_ATTRS_0 = TZASC_BASE + 0x108 REGION_ATTRS_SP = 28 REGION_ATTRS_SIZE = 1 REGION_ATTRS_EN = 0 SIZE_MIN = 0b001110 SIZE_MAX = 0b111111 )
TZASC registers (p37, Table 3-1 Register summary, TZC-380 TRM).
const ( // Secure Read Access bit SP_SW_RD = 3 // Secure Write Access bit SP_SW_WR = 2 // NonSecure Read Access bit SP_NW_RD = 1 // NonSecure Write Access bit SP_NW_WR = 0 )
TZASC security permissions, (p28, Table 2-4, TZC-380 TRM).
Variables ¶
This section is empty.
Functions ¶
func EnableRegion ¶
EnableRegion configures a TZASC region with the argument start address, size and security permissions, for region 0 only security permissions are relevant.
func EnableSecurityInversion ¶
func EnableSecurityInversion()
EnableSecurityInversion allows configuration of arbitrary security permissions, disabling automatic enabling of secure access on non-secure only permissions (p49, 3.2.12 Security Inversion Enable Register, TZC-380 TRM).
Types ¶
This section is empty.