/*
* Copyright (c) 2013 Jan Vesely
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* - The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/** @addtogroup kernel_arm32
* @{
*/
/** @file
* @brief Security Extensions Routines
*/
#ifndef KERN_arm32_SECURITY_EXT_H_
#define KERN_arm32_SECURITY_EXT_H_
#include <arch/cp15.h>
#include <arch/regutils.h>
/** Test whether the current cpu supports security extensions.
* return true if security extensions are supported, false otherwise.
* @note The Processor Feature Register 1 that provides this information
* is available only on armv7+. This function returns false on all\
* older archs.
*/
static inline bool sec_ext_is_implemented(void)
{
#ifdef PROCESSOR_ARCH_armv7_a
const uint32_t idpfr = ID_PFR1_read() & ID_PFR1_SEC_EXT_MASK;
return idpfr == ID_PFR1_SEC_EXT || idpfr == ID_PFR1_SEC_EXT_RFR;
#endif
return false;
}
/** Test whether we are running in monitor mode.
* return true, if the current mode is Monitor mode, false otherwise.
* @note this is safe to call even on machines that do not implement monitor
* mode.
*/
static inline bool sec_ext_is_monitor_mode(void)
{
return (current_status_reg_read() & MODE_MASK) == MONITOR_MODE;
}
/** Test whether we are running in a secure state.
* return true if the current state is secure, false otherwise.
*
* @note: This functions will cause undef isntruction trap if we
* are not running in the secure state.
*
* @note: u-boot enables non-secure access to cp 10/11, as well as some other
* features and switches to non-secure state during boot.
* Look for 'secureworld_exit' in arch/arm/cpu/armv7/omap3/board.c.
*/
static inline bool sec_ext_is_secure(void)
{
return sec_ext_is_implemented() &&
(sec_ext_is_monitor_mode() || !(SCR_read() & SCR_NS_FLAG));
}
#endif
/** @}
*/