mps2-tz.c (55000B)
1/* 2 * ARM V2M MPS2 board emulation, trustzone aware FPGA images 3 * 4 * Copyright (c) 2017 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12/* The MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger 13 * FPGA but is otherwise the same as the 2). Since the CPU itself 14 * and most of the devices are in the FPGA, the details of the board 15 * as seen by the guest depend significantly on the FPGA image. 16 * This source file covers the following FPGA images, for TrustZone cores: 17 * "mps2-an505" -- Cortex-M33 as documented in ARM Application Note AN505 18 * "mps2-an521" -- Dual Cortex-M33 as documented in Application Note AN521 19 * "mps2-an524" -- Dual Cortex-M33 as documented in Application Note AN524 20 * "mps2-an547" -- Single Cortex-M55 as documented in Application Note AN547 21 * 22 * Links to the TRM for the board itself and to the various Application 23 * Notes which document the FPGA images can be found here: 24 * https://developer.arm.com/products/system-design/development-boards/fpga-prototyping-boards/mps2 25 * 26 * Board TRM: 27 * https://developer.arm.com/documentation/100112/latest/ 28 * Application Note AN505: 29 * https://developer.arm.com/documentation/dai0505/latest/ 30 * Application Note AN521: 31 * https://developer.arm.com/documentation/dai0521/latest/ 32 * Application Note AN524: 33 * https://developer.arm.com/documentation/dai0524/latest/ 34 * Application Note AN547: 35 * https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/DAI0547B_SSE300_PLUS_U55_FPGA_for_mps3.pdf 36 * 37 * The AN505 defers to the Cortex-M33 processor ARMv8M IoT Kit FVP User Guide 38 * (ARM ECM0601256) for the details of some of the device layout: 39 * https://developer.arm.com/documentation/ecm0601256/latest 40 * Similarly, the AN521 and AN524 use the SSE-200, and the SSE-200 TRM defines 41 * most of the device layout: 42 * https://developer.arm.com/documentation/101104/latest/ 43 * and the AN547 uses the SSE-300, whose layout is in the SSE-300 TRM: 44 * https://developer.arm.com/documentation/101773/latest/ 45 */ 46 47#include "qemu/osdep.h" 48#include "qemu/units.h" 49#include "qemu/cutils.h" 50#include "qapi/error.h" 51#include "qemu/error-report.h" 52#include "hw/arm/boot.h" 53#include "hw/arm/armv7m.h" 54#include "hw/or-irq.h" 55#include "hw/boards.h" 56#include "exec/address-spaces.h" 57#include "sysemu/sysemu.h" 58#include "sysemu/reset.h" 59#include "hw/misc/unimp.h" 60#include "hw/char/cmsdk-apb-uart.h" 61#include "hw/timer/cmsdk-apb-timer.h" 62#include "hw/misc/mps2-scc.h" 63#include "hw/misc/mps2-fpgaio.h" 64#include "hw/misc/tz-mpc.h" 65#include "hw/misc/tz-msc.h" 66#include "hw/arm/armsse.h" 67#include "hw/dma/pl080.h" 68#include "hw/rtc/pl031.h" 69#include "hw/ssi/pl022.h" 70#include "hw/i2c/arm_sbcon_i2c.h" 71#include "hw/net/lan9118.h" 72#include "net/net.h" 73#include "hw/core/split-irq.h" 74#include "hw/qdev-clock.h" 75#include "qom/object.h" 76#include "hw/irq.h" 77 78#define MPS2TZ_NUMIRQ_MAX 96 79#define MPS2TZ_RAM_MAX 5 80 81typedef enum MPS2TZFPGAType { 82 FPGA_AN505, 83 FPGA_AN521, 84 FPGA_AN524, 85 FPGA_AN547, 86} MPS2TZFPGAType; 87 88/* 89 * Define the layout of RAM in a board, including which parts are 90 * behind which MPCs. 91 * mrindex specifies the index into mms->ram[] to use for the backing RAM; 92 * -1 means "use the system RAM". 93 */ 94typedef struct RAMInfo { 95 const char *name; 96 uint32_t base; 97 uint32_t size; 98 int mpc; /* MPC number, -1 for "not behind an MPC" */ 99 int mrindex; 100 int flags; 101} RAMInfo; 102 103/* 104 * Flag values: 105 * IS_ALIAS: this RAM area is an alias to the upstream end of the 106 * MPC specified by its .mpc value 107 * IS_ROM: this RAM area is read-only 108 */ 109#define IS_ALIAS 1 110#define IS_ROM 2 111 112struct MPS2TZMachineClass { 113 MachineClass parent; 114 MPS2TZFPGAType fpga_type; 115 uint32_t scc_id; 116 uint32_t sysclk_frq; /* Main SYSCLK frequency in Hz */ 117 uint32_t apb_periph_frq; /* APB peripheral frequency in Hz */ 118 uint32_t len_oscclk; 119 const uint32_t *oscclk; 120 uint32_t fpgaio_num_leds; /* Number of LEDs in FPGAIO LED0 register */ 121 bool fpgaio_has_switches; /* Does FPGAIO have SWITCH register? */ 122 bool fpgaio_has_dbgctrl; /* Does FPGAIO have DBGCTRL register? */ 123 int numirq; /* Number of external interrupts */ 124 int uart_overflow_irq; /* number of the combined UART overflow IRQ */ 125 uint32_t init_svtor; /* init-svtor setting for SSE */ 126 uint32_t sram_addr_width; /* SRAM_ADDR_WIDTH setting for SSE */ 127 const RAMInfo *raminfo; 128 const char *armsse_type; 129 uint32_t boot_ram_size; /* size of ram at address 0; 0 == find in raminfo */ 130}; 131 132struct MPS2TZMachineState { 133 MachineState parent; 134 135 ARMSSE iotkit; 136 MemoryRegion ram[MPS2TZ_RAM_MAX]; 137 MemoryRegion eth_usb_container; 138 139 MPS2SCC scc; 140 MPS2FPGAIO fpgaio; 141 TZPPC ppc[5]; 142 TZMPC mpc[3]; 143 PL022State spi[5]; 144 ArmSbconI2CState i2c[5]; 145 UnimplementedDeviceState i2s_audio; 146 UnimplementedDeviceState gpio[4]; 147 UnimplementedDeviceState gfx; 148 UnimplementedDeviceState cldc; 149 UnimplementedDeviceState usb; 150 PL031State rtc; 151 PL080State dma[4]; 152 TZMSC msc[4]; 153 CMSDKAPBUART uart[6]; 154 SplitIRQ sec_resp_splitter; 155 qemu_or_irq uart_irq_orgate; 156 DeviceState *lan9118; 157 SplitIRQ cpu_irq_splitter[MPS2TZ_NUMIRQ_MAX]; 158 Clock *sysclk; 159 Clock *s32kclk; 160 161 bool remap; 162 qemu_irq remap_irq; 163}; 164 165#define TYPE_MPS2TZ_MACHINE "mps2tz" 166#define TYPE_MPS2TZ_AN505_MACHINE MACHINE_TYPE_NAME("mps2-an505") 167#define TYPE_MPS2TZ_AN521_MACHINE MACHINE_TYPE_NAME("mps2-an521") 168#define TYPE_MPS3TZ_AN524_MACHINE MACHINE_TYPE_NAME("mps3-an524") 169#define TYPE_MPS3TZ_AN547_MACHINE MACHINE_TYPE_NAME("mps3-an547") 170 171OBJECT_DECLARE_TYPE(MPS2TZMachineState, MPS2TZMachineClass, MPS2TZ_MACHINE) 172 173/* Slow 32Khz S32KCLK frequency in Hz */ 174#define S32KCLK_FRQ (32 * 1000) 175 176/* 177 * The MPS3 DDR is 2GiB, but on a 32-bit host QEMU doesn't permit 178 * emulation of that much guest RAM, so artificially make it smaller. 179 */ 180#if HOST_LONG_BITS == 32 181#define MPS3_DDR_SIZE (1 * GiB) 182#else 183#define MPS3_DDR_SIZE (2 * GiB) 184#endif 185 186static const uint32_t an505_oscclk[] = { 187 40000000, 188 24580000, 189 25000000, 190}; 191 192static const uint32_t an524_oscclk[] = { 193 24000000, 194 32000000, 195 50000000, 196 50000000, 197 24576000, 198 23750000, 199}; 200 201static const RAMInfo an505_raminfo[] = { { 202 .name = "ssram-0", 203 .base = 0x00000000, 204 .size = 0x00400000, 205 .mpc = 0, 206 .mrindex = 0, 207 }, { 208 .name = "ssram-1", 209 .base = 0x28000000, 210 .size = 0x00200000, 211 .mpc = 1, 212 .mrindex = 1, 213 }, { 214 .name = "ssram-2", 215 .base = 0x28200000, 216 .size = 0x00200000, 217 .mpc = 2, 218 .mrindex = 2, 219 }, { 220 .name = "ssram-0-alias", 221 .base = 0x00400000, 222 .size = 0x00400000, 223 .mpc = 0, 224 .mrindex = 3, 225 .flags = IS_ALIAS, 226 }, { 227 /* Use the largest bit of contiguous RAM as our "system memory" */ 228 .name = "mps.ram", 229 .base = 0x80000000, 230 .size = 16 * MiB, 231 .mpc = -1, 232 .mrindex = -1, 233 }, { 234 .name = NULL, 235 }, 236}; 237 238/* 239 * Note that the addresses and MPC numbering here should match up 240 * with those used in remap_memory(), which can swap the BRAM and QSPI. 241 */ 242static const RAMInfo an524_raminfo[] = { { 243 .name = "bram", 244 .base = 0x00000000, 245 .size = 512 * KiB, 246 .mpc = 0, 247 .mrindex = 0, 248 }, { 249 /* We don't model QSPI flash yet; for now expose it as simple ROM */ 250 .name = "QSPI", 251 .base = 0x28000000, 252 .size = 8 * MiB, 253 .mpc = 1, 254 .mrindex = 1, 255 .flags = IS_ROM, 256 }, { 257 .name = "DDR", 258 .base = 0x60000000, 259 .size = MPS3_DDR_SIZE, 260 .mpc = 2, 261 .mrindex = -1, 262 }, { 263 .name = NULL, 264 }, 265}; 266 267static const RAMInfo an547_raminfo[] = { { 268 .name = "sram", 269 .base = 0x01000000, 270 .size = 2 * MiB, 271 .mpc = 0, 272 .mrindex = 1, 273 }, { 274 .name = "sram 2", 275 .base = 0x21000000, 276 .size = 4 * MiB, 277 .mpc = -1, 278 .mrindex = 3, 279 }, { 280 /* We don't model QSPI flash yet; for now expose it as simple ROM */ 281 .name = "QSPI", 282 .base = 0x28000000, 283 .size = 8 * MiB, 284 .mpc = 1, 285 .mrindex = 4, 286 .flags = IS_ROM, 287 }, { 288 .name = "DDR", 289 .base = 0x60000000, 290 .size = MPS3_DDR_SIZE, 291 .mpc = 2, 292 .mrindex = -1, 293 }, { 294 .name = NULL, 295 }, 296}; 297 298static const RAMInfo *find_raminfo_for_mpc(MPS2TZMachineState *mms, int mpc) 299{ 300 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 301 const RAMInfo *p; 302 const RAMInfo *found = NULL; 303 304 for (p = mmc->raminfo; p->name; p++) { 305 if (p->mpc == mpc && !(p->flags & IS_ALIAS)) { 306 /* There should only be one entry in the array for this MPC */ 307 g_assert(!found); 308 found = p; 309 } 310 } 311 /* if raminfo array doesn't have an entry for each MPC this is a bug */ 312 assert(found); 313 return found; 314} 315 316static MemoryRegion *mr_for_raminfo(MPS2TZMachineState *mms, 317 const RAMInfo *raminfo) 318{ 319 /* Return an initialized MemoryRegion for the RAMInfo. */ 320 MemoryRegion *ram; 321 322 if (raminfo->mrindex < 0) { 323 /* Means this RAMInfo is for QEMU's "system memory" */ 324 MachineState *machine = MACHINE(mms); 325 assert(!(raminfo->flags & IS_ROM)); 326 return machine->ram; 327 } 328 329 assert(raminfo->mrindex < MPS2TZ_RAM_MAX); 330 ram = &mms->ram[raminfo->mrindex]; 331 332 memory_region_init_ram(ram, NULL, raminfo->name, 333 raminfo->size, &error_fatal); 334 if (raminfo->flags & IS_ROM) { 335 memory_region_set_readonly(ram, true); 336 } 337 return ram; 338} 339 340/* Create an alias of an entire original MemoryRegion @orig 341 * located at @base in the memory map. 342 */ 343static void make_ram_alias(MemoryRegion *mr, const char *name, 344 MemoryRegion *orig, hwaddr base) 345{ 346 memory_region_init_alias(mr, NULL, name, orig, 0, 347 memory_region_size(orig)); 348 memory_region_add_subregion(get_system_memory(), base, mr); 349} 350 351static qemu_irq get_sse_irq_in(MPS2TZMachineState *mms, int irqno) 352{ 353 /* 354 * Return a qemu_irq which will signal IRQ n to all CPUs in the 355 * SSE. The irqno should be as the CPU sees it, so the first 356 * external-to-the-SSE interrupt is 32. 357 */ 358 MachineClass *mc = MACHINE_GET_CLASS(mms); 359 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 360 361 assert(irqno >= 32 && irqno < (mmc->numirq + 32)); 362 363 /* 364 * Convert from "CPU irq number" (as listed in the FPGA image 365 * documentation) to the SSE external-interrupt number. 366 */ 367 irqno -= 32; 368 369 if (mc->max_cpus > 1) { 370 return qdev_get_gpio_in(DEVICE(&mms->cpu_irq_splitter[irqno]), 0); 371 } else { 372 return qdev_get_gpio_in_named(DEVICE(&mms->iotkit), "EXP_IRQ", irqno); 373 } 374} 375 376/* Union describing the device-specific extra data we pass to the devfn. */ 377typedef union PPCExtraData { 378 bool i2c_internal; 379} PPCExtraData; 380 381/* Most of the devices in the AN505 FPGA image sit behind 382 * Peripheral Protection Controllers. These data structures 383 * define the layout of which devices sit behind which PPCs. 384 * The devfn for each port is a function which creates, configures 385 * and initializes the device, returning the MemoryRegion which 386 * needs to be plugged into the downstream end of the PPC port. 387 */ 388typedef MemoryRegion *MakeDevFn(MPS2TZMachineState *mms, void *opaque, 389 const char *name, hwaddr size, 390 const int *irqs, 391 const PPCExtraData *extradata); 392 393typedef struct PPCPortInfo { 394 const char *name; 395 MakeDevFn *devfn; 396 void *opaque; 397 hwaddr addr; 398 hwaddr size; 399 int irqs[3]; /* currently no device needs more IRQ lines than this */ 400 PPCExtraData extradata; /* to pass device-specific info to the devfn */ 401} PPCPortInfo; 402 403typedef struct PPCInfo { 404 const char *name; 405 PPCPortInfo ports[TZ_NUM_PORTS]; 406} PPCInfo; 407 408static MemoryRegion *make_unimp_dev(MPS2TZMachineState *mms, 409 void *opaque, 410 const char *name, hwaddr size, 411 const int *irqs, 412 const PPCExtraData *extradata) 413{ 414 /* Initialize, configure and realize a TYPE_UNIMPLEMENTED_DEVICE, 415 * and return a pointer to its MemoryRegion. 416 */ 417 UnimplementedDeviceState *uds = opaque; 418 419 object_initialize_child(OBJECT(mms), name, uds, TYPE_UNIMPLEMENTED_DEVICE); 420 qdev_prop_set_string(DEVICE(uds), "name", name); 421 qdev_prop_set_uint64(DEVICE(uds), "size", size); 422 sysbus_realize(SYS_BUS_DEVICE(uds), &error_fatal); 423 return sysbus_mmio_get_region(SYS_BUS_DEVICE(uds), 0); 424} 425 426static MemoryRegion *make_uart(MPS2TZMachineState *mms, void *opaque, 427 const char *name, hwaddr size, 428 const int *irqs, const PPCExtraData *extradata) 429{ 430 /* The irq[] array is tx, rx, combined, in that order */ 431 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 432 CMSDKAPBUART *uart = opaque; 433 int i = uart - &mms->uart[0]; 434 SysBusDevice *s; 435 DeviceState *orgate_dev = DEVICE(&mms->uart_irq_orgate); 436 437 object_initialize_child(OBJECT(mms), name, uart, TYPE_CMSDK_APB_UART); 438 qdev_prop_set_chr(DEVICE(uart), "chardev", serial_hd(i)); 439 qdev_prop_set_uint32(DEVICE(uart), "pclk-frq", mmc->apb_periph_frq); 440 sysbus_realize(SYS_BUS_DEVICE(uart), &error_fatal); 441 s = SYS_BUS_DEVICE(uart); 442 sysbus_connect_irq(s, 0, get_sse_irq_in(mms, irqs[0])); 443 sysbus_connect_irq(s, 1, get_sse_irq_in(mms, irqs[1])); 444 sysbus_connect_irq(s, 2, qdev_get_gpio_in(orgate_dev, i * 2)); 445 sysbus_connect_irq(s, 3, qdev_get_gpio_in(orgate_dev, i * 2 + 1)); 446 sysbus_connect_irq(s, 4, get_sse_irq_in(mms, irqs[2])); 447 return sysbus_mmio_get_region(SYS_BUS_DEVICE(uart), 0); 448} 449 450static MemoryRegion *make_scc(MPS2TZMachineState *mms, void *opaque, 451 const char *name, hwaddr size, 452 const int *irqs, const PPCExtraData *extradata) 453{ 454 MPS2SCC *scc = opaque; 455 DeviceState *sccdev; 456 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 457 uint32_t i; 458 459 object_initialize_child(OBJECT(mms), "scc", scc, TYPE_MPS2_SCC); 460 sccdev = DEVICE(scc); 461 qdev_prop_set_uint32(sccdev, "scc-cfg0", mms->remap ? 1 : 0); 462 qdev_prop_set_uint32(sccdev, "scc-cfg4", 0x2); 463 qdev_prop_set_uint32(sccdev, "scc-aid", 0x00200008); 464 qdev_prop_set_uint32(sccdev, "scc-id", mmc->scc_id); 465 qdev_prop_set_uint32(sccdev, "len-oscclk", mmc->len_oscclk); 466 for (i = 0; i < mmc->len_oscclk; i++) { 467 g_autofree char *propname = g_strdup_printf("oscclk[%u]", i); 468 qdev_prop_set_uint32(sccdev, propname, mmc->oscclk[i]); 469 } 470 sysbus_realize(SYS_BUS_DEVICE(scc), &error_fatal); 471 return sysbus_mmio_get_region(SYS_BUS_DEVICE(sccdev), 0); 472} 473 474static MemoryRegion *make_fpgaio(MPS2TZMachineState *mms, void *opaque, 475 const char *name, hwaddr size, 476 const int *irqs, const PPCExtraData *extradata) 477{ 478 MPS2FPGAIO *fpgaio = opaque; 479 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 480 481 object_initialize_child(OBJECT(mms), "fpgaio", fpgaio, TYPE_MPS2_FPGAIO); 482 qdev_prop_set_uint32(DEVICE(fpgaio), "num-leds", mmc->fpgaio_num_leds); 483 qdev_prop_set_bit(DEVICE(fpgaio), "has-switches", mmc->fpgaio_has_switches); 484 qdev_prop_set_bit(DEVICE(fpgaio), "has-dbgctrl", mmc->fpgaio_has_dbgctrl); 485 sysbus_realize(SYS_BUS_DEVICE(fpgaio), &error_fatal); 486 return sysbus_mmio_get_region(SYS_BUS_DEVICE(fpgaio), 0); 487} 488 489static MemoryRegion *make_eth_dev(MPS2TZMachineState *mms, void *opaque, 490 const char *name, hwaddr size, 491 const int *irqs, 492 const PPCExtraData *extradata) 493{ 494 SysBusDevice *s; 495 NICInfo *nd = &nd_table[0]; 496 497 /* In hardware this is a LAN9220; the LAN9118 is software compatible 498 * except that it doesn't support the checksum-offload feature. 499 */ 500 qemu_check_nic_model(nd, "lan9118"); 501 mms->lan9118 = qdev_new(TYPE_LAN9118); 502 qdev_set_nic_properties(mms->lan9118, nd); 503 504 s = SYS_BUS_DEVICE(mms->lan9118); 505 sysbus_realize_and_unref(s, &error_fatal); 506 sysbus_connect_irq(s, 0, get_sse_irq_in(mms, irqs[0])); 507 return sysbus_mmio_get_region(s, 0); 508} 509 510static MemoryRegion *make_eth_usb(MPS2TZMachineState *mms, void *opaque, 511 const char *name, hwaddr size, 512 const int *irqs, 513 const PPCExtraData *extradata) 514{ 515 /* 516 * The AN524 makes the ethernet and USB share a PPC port. 517 * irqs[] is the ethernet IRQ. 518 */ 519 SysBusDevice *s; 520 NICInfo *nd = &nd_table[0]; 521 522 memory_region_init(&mms->eth_usb_container, OBJECT(mms), 523 "mps2-tz-eth-usb-container", 0x200000); 524 525 /* 526 * In hardware this is a LAN9220; the LAN9118 is software compatible 527 * except that it doesn't support the checksum-offload feature. 528 */ 529 qemu_check_nic_model(nd, "lan9118"); 530 mms->lan9118 = qdev_new(TYPE_LAN9118); 531 qdev_set_nic_properties(mms->lan9118, nd); 532 533 s = SYS_BUS_DEVICE(mms->lan9118); 534 sysbus_realize_and_unref(s, &error_fatal); 535 sysbus_connect_irq(s, 0, get_sse_irq_in(mms, irqs[0])); 536 537 memory_region_add_subregion(&mms->eth_usb_container, 538 0, sysbus_mmio_get_region(s, 0)); 539 540 /* The USB OTG controller is an ISP1763; we don't have a model of it. */ 541 object_initialize_child(OBJECT(mms), "usb-otg", 542 &mms->usb, TYPE_UNIMPLEMENTED_DEVICE); 543 qdev_prop_set_string(DEVICE(&mms->usb), "name", "usb-otg"); 544 qdev_prop_set_uint64(DEVICE(&mms->usb), "size", 0x100000); 545 s = SYS_BUS_DEVICE(&mms->usb); 546 sysbus_realize(s, &error_fatal); 547 548 memory_region_add_subregion(&mms->eth_usb_container, 549 0x100000, sysbus_mmio_get_region(s, 0)); 550 551 return &mms->eth_usb_container; 552} 553 554static MemoryRegion *make_mpc(MPS2TZMachineState *mms, void *opaque, 555 const char *name, hwaddr size, 556 const int *irqs, const PPCExtraData *extradata) 557{ 558 TZMPC *mpc = opaque; 559 int i = mpc - &mms->mpc[0]; 560 MemoryRegion *upstream; 561 const RAMInfo *raminfo = find_raminfo_for_mpc(mms, i); 562 MemoryRegion *ram = mr_for_raminfo(mms, raminfo); 563 564 object_initialize_child(OBJECT(mms), name, mpc, TYPE_TZ_MPC); 565 object_property_set_link(OBJECT(mpc), "downstream", OBJECT(ram), 566 &error_fatal); 567 sysbus_realize(SYS_BUS_DEVICE(mpc), &error_fatal); 568 /* Map the upstream end of the MPC into system memory */ 569 upstream = sysbus_mmio_get_region(SYS_BUS_DEVICE(mpc), 1); 570 memory_region_add_subregion(get_system_memory(), raminfo->base, upstream); 571 /* and connect its interrupt to the IoTKit */ 572 qdev_connect_gpio_out_named(DEVICE(mpc), "irq", 0, 573 qdev_get_gpio_in_named(DEVICE(&mms->iotkit), 574 "mpcexp_status", i)); 575 576 /* Return the register interface MR for our caller to map behind the PPC */ 577 return sysbus_mmio_get_region(SYS_BUS_DEVICE(mpc), 0); 578} 579 580static hwaddr boot_mem_base(MPS2TZMachineState *mms) 581{ 582 /* 583 * Return the canonical address of the block which will be mapped 584 * at address 0x0 (i.e. where the vector table is). 585 * This is usually 0, but if the AN524 alternate memory map is 586 * enabled it will be the base address of the QSPI block. 587 */ 588 return mms->remap ? 0x28000000 : 0; 589} 590 591static void remap_memory(MPS2TZMachineState *mms, int map) 592{ 593 /* 594 * Remap the memory for the AN524. 'map' is the value of 595 * SCC CFG_REG0 bit 0, i.e. 0 for the default map and 1 596 * for the "option 1" mapping where QSPI is at address 0. 597 * 598 * Effectively we need to swap around the "upstream" ends of 599 * MPC 0 and MPC 1. 600 */ 601 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 602 int i; 603 604 if (mmc->fpga_type != FPGA_AN524) { 605 return; 606 } 607 608 memory_region_transaction_begin(); 609 for (i = 0; i < 2; i++) { 610 TZMPC *mpc = &mms->mpc[i]; 611 MemoryRegion *upstream = sysbus_mmio_get_region(SYS_BUS_DEVICE(mpc), 1); 612 hwaddr addr = (i ^ map) ? 0x28000000 : 0; 613 614 memory_region_set_address(upstream, addr); 615 } 616 memory_region_transaction_commit(); 617} 618 619static void remap_irq_fn(void *opaque, int n, int level) 620{ 621 MPS2TZMachineState *mms = opaque; 622 623 remap_memory(mms, level); 624} 625 626static MemoryRegion *make_dma(MPS2TZMachineState *mms, void *opaque, 627 const char *name, hwaddr size, 628 const int *irqs, const PPCExtraData *extradata) 629{ 630 /* The irq[] array is DMACINTR, DMACINTERR, DMACINTTC, in that order */ 631 PL080State *dma = opaque; 632 int i = dma - &mms->dma[0]; 633 SysBusDevice *s; 634 char *mscname = g_strdup_printf("%s-msc", name); 635 TZMSC *msc = &mms->msc[i]; 636 DeviceState *iotkitdev = DEVICE(&mms->iotkit); 637 MemoryRegion *msc_upstream; 638 MemoryRegion *msc_downstream; 639 640 /* 641 * Each DMA device is a PL081 whose transaction master interface 642 * is guarded by a Master Security Controller. The downstream end of 643 * the MSC connects to the IoTKit AHB Slave Expansion port, so the 644 * DMA devices can see all devices and memory that the CPU does. 645 */ 646 object_initialize_child(OBJECT(mms), mscname, msc, TYPE_TZ_MSC); 647 msc_downstream = sysbus_mmio_get_region(SYS_BUS_DEVICE(&mms->iotkit), 0); 648 object_property_set_link(OBJECT(msc), "downstream", 649 OBJECT(msc_downstream), &error_fatal); 650 object_property_set_link(OBJECT(msc), "idau", OBJECT(mms), &error_fatal); 651 sysbus_realize(SYS_BUS_DEVICE(msc), &error_fatal); 652 653 qdev_connect_gpio_out_named(DEVICE(msc), "irq", 0, 654 qdev_get_gpio_in_named(iotkitdev, 655 "mscexp_status", i)); 656 qdev_connect_gpio_out_named(iotkitdev, "mscexp_clear", i, 657 qdev_get_gpio_in_named(DEVICE(msc), 658 "irq_clear", 0)); 659 qdev_connect_gpio_out_named(iotkitdev, "mscexp_ns", i, 660 qdev_get_gpio_in_named(DEVICE(msc), 661 "cfg_nonsec", 0)); 662 qdev_connect_gpio_out(DEVICE(&mms->sec_resp_splitter), 663 ARRAY_SIZE(mms->ppc) + i, 664 qdev_get_gpio_in_named(DEVICE(msc), 665 "cfg_sec_resp", 0)); 666 msc_upstream = sysbus_mmio_get_region(SYS_BUS_DEVICE(msc), 0); 667 668 object_initialize_child(OBJECT(mms), name, dma, TYPE_PL081); 669 object_property_set_link(OBJECT(dma), "downstream", OBJECT(msc_upstream), 670 &error_fatal); 671 sysbus_realize(SYS_BUS_DEVICE(dma), &error_fatal); 672 673 s = SYS_BUS_DEVICE(dma); 674 /* Wire up DMACINTR, DMACINTERR, DMACINTTC */ 675 sysbus_connect_irq(s, 0, get_sse_irq_in(mms, irqs[0])); 676 sysbus_connect_irq(s, 1, get_sse_irq_in(mms, irqs[1])); 677 sysbus_connect_irq(s, 2, get_sse_irq_in(mms, irqs[2])); 678 679 g_free(mscname); 680 return sysbus_mmio_get_region(s, 0); 681} 682 683static MemoryRegion *make_spi(MPS2TZMachineState *mms, void *opaque, 684 const char *name, hwaddr size, 685 const int *irqs, const PPCExtraData *extradata) 686{ 687 /* 688 * The AN505 has five PL022 SPI controllers. 689 * One of these should have the LCD controller behind it; the others 690 * are connected only to the FPGA's "general purpose SPI connector" 691 * or "shield" expansion connectors. 692 * Note that if we do implement devices behind SPI, the chip select 693 * lines are set via the "MISC" register in the MPS2 FPGAIO device. 694 */ 695 PL022State *spi = opaque; 696 SysBusDevice *s; 697 698 object_initialize_child(OBJECT(mms), name, spi, TYPE_PL022); 699 sysbus_realize(SYS_BUS_DEVICE(spi), &error_fatal); 700 s = SYS_BUS_DEVICE(spi); 701 sysbus_connect_irq(s, 0, get_sse_irq_in(mms, irqs[0])); 702 return sysbus_mmio_get_region(s, 0); 703} 704 705static MemoryRegion *make_i2c(MPS2TZMachineState *mms, void *opaque, 706 const char *name, hwaddr size, 707 const int *irqs, const PPCExtraData *extradata) 708{ 709 ArmSbconI2CState *i2c = opaque; 710 SysBusDevice *s; 711 712 object_initialize_child(OBJECT(mms), name, i2c, TYPE_ARM_SBCON_I2C); 713 s = SYS_BUS_DEVICE(i2c); 714 sysbus_realize(s, &error_fatal); 715 716 /* 717 * If this is an internal-use-only i2c bus, mark it full 718 * so that user-created i2c devices are not plugged into it. 719 * If we implement models of any on-board i2c devices that 720 * plug in to one of the internal-use-only buses, then we will 721 * need to create and plugging those in here before we mark the 722 * bus as full. 723 */ 724 if (extradata->i2c_internal) { 725 BusState *qbus = qdev_get_child_bus(DEVICE(i2c), "i2c"); 726 qbus_mark_full(qbus); 727 } 728 729 return sysbus_mmio_get_region(s, 0); 730} 731 732static MemoryRegion *make_rtc(MPS2TZMachineState *mms, void *opaque, 733 const char *name, hwaddr size, 734 const int *irqs, const PPCExtraData *extradata) 735{ 736 PL031State *pl031 = opaque; 737 SysBusDevice *s; 738 739 object_initialize_child(OBJECT(mms), name, pl031, TYPE_PL031); 740 s = SYS_BUS_DEVICE(pl031); 741 sysbus_realize(s, &error_fatal); 742 /* 743 * The board docs don't give an IRQ number for the PL031, so 744 * presumably it is not connected. 745 */ 746 return sysbus_mmio_get_region(s, 0); 747} 748 749static void create_non_mpc_ram(MPS2TZMachineState *mms) 750{ 751 /* 752 * Handle the RAMs which are either not behind MPCs or which are 753 * aliases to another MPC. 754 */ 755 const RAMInfo *p; 756 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 757 758 for (p = mmc->raminfo; p->name; p++) { 759 if (p->flags & IS_ALIAS) { 760 SysBusDevice *mpc_sbd = SYS_BUS_DEVICE(&mms->mpc[p->mpc]); 761 MemoryRegion *upstream = sysbus_mmio_get_region(mpc_sbd, 1); 762 make_ram_alias(&mms->ram[p->mrindex], p->name, upstream, p->base); 763 } else if (p->mpc == -1) { 764 /* RAM not behind an MPC */ 765 MemoryRegion *mr = mr_for_raminfo(mms, p); 766 memory_region_add_subregion(get_system_memory(), p->base, mr); 767 } 768 } 769} 770 771static uint32_t boot_ram_size(MPS2TZMachineState *mms) 772{ 773 /* Return the size of the RAM block at guest address zero */ 774 const RAMInfo *p; 775 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 776 777 /* 778 * Use a per-board specification (for when the boot RAM is in 779 * the SSE and so doesn't have a RAMInfo list entry) 780 */ 781 if (mmc->boot_ram_size) { 782 return mmc->boot_ram_size; 783 } 784 785 for (p = mmc->raminfo; p->name; p++) { 786 if (p->base == boot_mem_base(mms)) { 787 return p->size; 788 } 789 } 790 g_assert_not_reached(); 791} 792 793static void mps2tz_common_init(MachineState *machine) 794{ 795 MPS2TZMachineState *mms = MPS2TZ_MACHINE(machine); 796 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); 797 MachineClass *mc = MACHINE_GET_CLASS(machine); 798 MemoryRegion *system_memory = get_system_memory(); 799 DeviceState *iotkitdev; 800 DeviceState *dev_splitter; 801 const PPCInfo *ppcs; 802 int num_ppcs; 803 int i; 804 805 if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) { 806 error_report("This board can only be used with CPU %s", 807 mc->default_cpu_type); 808 exit(1); 809 } 810 811 if (machine->ram_size != mc->default_ram_size) { 812 char *sz = size_to_str(mc->default_ram_size); 813 error_report("Invalid RAM size, should be %s", sz); 814 g_free(sz); 815 exit(EXIT_FAILURE); 816 } 817 818 /* These clocks don't need migration because they are fixed-frequency */ 819 mms->sysclk = clock_new(OBJECT(machine), "SYSCLK"); 820 clock_set_hz(mms->sysclk, mmc->sysclk_frq); 821 mms->s32kclk = clock_new(OBJECT(machine), "S32KCLK"); 822 clock_set_hz(mms->s32kclk, S32KCLK_FRQ); 823 824 object_initialize_child(OBJECT(machine), TYPE_IOTKIT, &mms->iotkit, 825 mmc->armsse_type); 826 iotkitdev = DEVICE(&mms->iotkit); 827 object_property_set_link(OBJECT(&mms->iotkit), "memory", 828 OBJECT(system_memory), &error_abort); 829 qdev_prop_set_uint32(iotkitdev, "EXP_NUMIRQ", mmc->numirq); 830 qdev_prop_set_uint32(iotkitdev, "init-svtor", mmc->init_svtor); 831 qdev_prop_set_uint32(iotkitdev, "SRAM_ADDR_WIDTH", mmc->sram_addr_width); 832 qdev_connect_clock_in(iotkitdev, "MAINCLK", mms->sysclk); 833 qdev_connect_clock_in(iotkitdev, "S32KCLK", mms->s32kclk); 834 sysbus_realize(SYS_BUS_DEVICE(&mms->iotkit), &error_fatal); 835 836 /* 837 * If this board has more than one CPU, then we need to create splitters 838 * to feed the IRQ inputs for each CPU in the SSE from each device in the 839 * board. If there is only one CPU, we can just wire the device IRQ 840 * directly to the SSE's IRQ input. 841 */ 842 assert(mmc->numirq <= MPS2TZ_NUMIRQ_MAX); 843 if (mc->max_cpus > 1) { 844 for (i = 0; i < mmc->numirq; i++) { 845 char *name = g_strdup_printf("mps2-irq-splitter%d", i); 846 SplitIRQ *splitter = &mms->cpu_irq_splitter[i]; 847 848 object_initialize_child_with_props(OBJECT(machine), name, 849 splitter, sizeof(*splitter), 850 TYPE_SPLIT_IRQ, &error_fatal, 851 NULL); 852 g_free(name); 853 854 object_property_set_int(OBJECT(splitter), "num-lines", 2, 855 &error_fatal); 856 qdev_realize(DEVICE(splitter), NULL, &error_fatal); 857 qdev_connect_gpio_out(DEVICE(splitter), 0, 858 qdev_get_gpio_in_named(DEVICE(&mms->iotkit), 859 "EXP_IRQ", i)); 860 qdev_connect_gpio_out(DEVICE(splitter), 1, 861 qdev_get_gpio_in_named(DEVICE(&mms->iotkit), 862 "EXP_CPU1_IRQ", i)); 863 } 864 } 865 866 /* The sec_resp_cfg output from the IoTKit must be split into multiple 867 * lines, one for each of the PPCs we create here, plus one per MSC. 868 */ 869 object_initialize_child(OBJECT(machine), "sec-resp-splitter", 870 &mms->sec_resp_splitter, TYPE_SPLIT_IRQ); 871 object_property_set_int(OBJECT(&mms->sec_resp_splitter), "num-lines", 872 ARRAY_SIZE(mms->ppc) + ARRAY_SIZE(mms->msc), 873 &error_fatal); 874 qdev_realize(DEVICE(&mms->sec_resp_splitter), NULL, &error_fatal); 875 dev_splitter = DEVICE(&mms->sec_resp_splitter); 876 qdev_connect_gpio_out_named(iotkitdev, "sec_resp_cfg", 0, 877 qdev_get_gpio_in(dev_splitter, 0)); 878 879 /* 880 * The IoTKit sets up much of the memory layout, including 881 * the aliases between secure and non-secure regions in the 882 * address space, and also most of the devices in the system. 883 * The FPGA itself contains various RAMs and some additional devices. 884 * The FPGA images have an odd combination of different RAMs, 885 * because in hardware they are different implementations and 886 * connected to different buses, giving varying performance/size 887 * tradeoffs. For QEMU they're all just RAM, though. We arbitrarily 888 * call the largest lump our "system memory". 889 */ 890 891 /* 892 * The overflow IRQs for all UARTs are ORed together. 893 * Tx, Rx and "combined" IRQs are sent to the NVIC separately. 894 * Create the OR gate for this: it has one input for the TX overflow 895 * and one for the RX overflow for each UART we might have. 896 * (If the board has fewer than the maximum possible number of UARTs 897 * those inputs are never wired up and are treated as always-zero.) 898 */ 899 object_initialize_child(OBJECT(mms), "uart-irq-orgate", 900 &mms->uart_irq_orgate, TYPE_OR_IRQ); 901 object_property_set_int(OBJECT(&mms->uart_irq_orgate), "num-lines", 902 2 * ARRAY_SIZE(mms->uart), 903 &error_fatal); 904 qdev_realize(DEVICE(&mms->uart_irq_orgate), NULL, &error_fatal); 905 qdev_connect_gpio_out(DEVICE(&mms->uart_irq_orgate), 0, 906 get_sse_irq_in(mms, mmc->uart_overflow_irq)); 907 908 /* Most of the devices in the FPGA are behind Peripheral Protection 909 * Controllers. The required order for initializing things is: 910 * + initialize the PPC 911 * + initialize, configure and realize downstream devices 912 * + connect downstream device MemoryRegions to the PPC 913 * + realize the PPC 914 * + map the PPC's MemoryRegions to the places in the address map 915 * where the downstream devices should appear 916 * + wire up the PPC's control lines to the IoTKit object 917 */ 918 919 const PPCInfo an505_ppcs[] = { { 920 .name = "apb_ppcexp0", 921 .ports = { 922 { "ssram-0-mpc", make_mpc, &mms->mpc[0], 0x58007000, 0x1000 }, 923 { "ssram-1-mpc", make_mpc, &mms->mpc[1], 0x58008000, 0x1000 }, 924 { "ssram-2-mpc", make_mpc, &mms->mpc[2], 0x58009000, 0x1000 }, 925 }, 926 }, { 927 .name = "apb_ppcexp1", 928 .ports = { 929 { "spi0", make_spi, &mms->spi[0], 0x40205000, 0x1000, { 51 } }, 930 { "spi1", make_spi, &mms->spi[1], 0x40206000, 0x1000, { 52 } }, 931 { "spi2", make_spi, &mms->spi[2], 0x40209000, 0x1000, { 53 } }, 932 { "spi3", make_spi, &mms->spi[3], 0x4020a000, 0x1000, { 54 } }, 933 { "spi4", make_spi, &mms->spi[4], 0x4020b000, 0x1000, { 55 } }, 934 { "uart0", make_uart, &mms->uart[0], 0x40200000, 0x1000, { 32, 33, 42 } }, 935 { "uart1", make_uart, &mms->uart[1], 0x40201000, 0x1000, { 34, 35, 43 } }, 936 { "uart2", make_uart, &mms->uart[2], 0x40202000, 0x1000, { 36, 37, 44 } }, 937 { "uart3", make_uart, &mms->uart[3], 0x40203000, 0x1000, { 38, 39, 45 } }, 938 { "uart4", make_uart, &mms->uart[4], 0x40204000, 0x1000, { 40, 41, 46 } }, 939 { "i2c0", make_i2c, &mms->i2c[0], 0x40207000, 0x1000, {}, 940 { .i2c_internal = true /* touchscreen */ } }, 941 { "i2c1", make_i2c, &mms->i2c[1], 0x40208000, 0x1000, {}, 942 { .i2c_internal = true /* audio conf */ } }, 943 { "i2c2", make_i2c, &mms->i2c[2], 0x4020c000, 0x1000, {}, 944 { .i2c_internal = false /* shield 0 */ } }, 945 { "i2c3", make_i2c, &mms->i2c[3], 0x4020d000, 0x1000, {}, 946 { .i2c_internal = false /* shield 1 */ } }, 947 }, 948 }, { 949 .name = "apb_ppcexp2", 950 .ports = { 951 { "scc", make_scc, &mms->scc, 0x40300000, 0x1000 }, 952 { "i2s-audio", make_unimp_dev, &mms->i2s_audio, 953 0x40301000, 0x1000 }, 954 { "fpgaio", make_fpgaio, &mms->fpgaio, 0x40302000, 0x1000 }, 955 }, 956 }, { 957 .name = "ahb_ppcexp0", 958 .ports = { 959 { "gfx", make_unimp_dev, &mms->gfx, 0x41000000, 0x140000 }, 960 { "gpio0", make_unimp_dev, &mms->gpio[0], 0x40100000, 0x1000 }, 961 { "gpio1", make_unimp_dev, &mms->gpio[1], 0x40101000, 0x1000 }, 962 { "gpio2", make_unimp_dev, &mms->gpio[2], 0x40102000, 0x1000 }, 963 { "gpio3", make_unimp_dev, &mms->gpio[3], 0x40103000, 0x1000 }, 964 { "eth", make_eth_dev, NULL, 0x42000000, 0x100000, { 48 } }, 965 }, 966 }, { 967 .name = "ahb_ppcexp1", 968 .ports = { 969 { "dma0", make_dma, &mms->dma[0], 0x40110000, 0x1000, { 58, 56, 57 } }, 970 { "dma1", make_dma, &mms->dma[1], 0x40111000, 0x1000, { 61, 59, 60 } }, 971 { "dma2", make_dma, &mms->dma[2], 0x40112000, 0x1000, { 64, 62, 63 } }, 972 { "dma3", make_dma, &mms->dma[3], 0x40113000, 0x1000, { 67, 65, 66 } }, 973 }, 974 }, 975 }; 976 977 const PPCInfo an524_ppcs[] = { { 978 .name = "apb_ppcexp0", 979 .ports = { 980 { "bram-mpc", make_mpc, &mms->mpc[0], 0x58007000, 0x1000 }, 981 { "qspi-mpc", make_mpc, &mms->mpc[1], 0x58008000, 0x1000 }, 982 { "ddr-mpc", make_mpc, &mms->mpc[2], 0x58009000, 0x1000 }, 983 }, 984 }, { 985 .name = "apb_ppcexp1", 986 .ports = { 987 { "i2c0", make_i2c, &mms->i2c[0], 0x41200000, 0x1000, {}, 988 { .i2c_internal = true /* touchscreen */ } }, 989 { "i2c1", make_i2c, &mms->i2c[1], 0x41201000, 0x1000, {}, 990 { .i2c_internal = true /* audio conf */ } }, 991 { "spi0", make_spi, &mms->spi[0], 0x41202000, 0x1000, { 52 } }, 992 { "spi1", make_spi, &mms->spi[1], 0x41203000, 0x1000, { 53 } }, 993 { "spi2", make_spi, &mms->spi[2], 0x41204000, 0x1000, { 54 } }, 994 { "i2c2", make_i2c, &mms->i2c[2], 0x41205000, 0x1000, {}, 995 { .i2c_internal = false /* shield 0 */ } }, 996 { "i2c3", make_i2c, &mms->i2c[3], 0x41206000, 0x1000, {}, 997 { .i2c_internal = false /* shield 1 */ } }, 998 { /* port 7 reserved */ }, 999 { "i2c4", make_i2c, &mms->i2c[4], 0x41208000, 0x1000, {}, 1000 { .i2c_internal = true /* DDR4 EEPROM */ } }, 1001 }, 1002 }, { 1003 .name = "apb_ppcexp2", 1004 .ports = { 1005 { "scc", make_scc, &mms->scc, 0x41300000, 0x1000 }, 1006 { "i2s-audio", make_unimp_dev, &mms->i2s_audio, 1007 0x41301000, 0x1000 }, 1008 { "fpgaio", make_fpgaio, &mms->fpgaio, 0x41302000, 0x1000 }, 1009 { "uart0", make_uart, &mms->uart[0], 0x41303000, 0x1000, { 32, 33, 42 } }, 1010 { "uart1", make_uart, &mms->uart[1], 0x41304000, 0x1000, { 34, 35, 43 } }, 1011 { "uart2", make_uart, &mms->uart[2], 0x41305000, 0x1000, { 36, 37, 44 } }, 1012 { "uart3", make_uart, &mms->uart[3], 0x41306000, 0x1000, { 38, 39, 45 } }, 1013 { "uart4", make_uart, &mms->uart[4], 0x41307000, 0x1000, { 40, 41, 46 } }, 1014 { "uart5", make_uart, &mms->uart[5], 0x41308000, 0x1000, { 124, 125, 126 } }, 1015 1016 { /* port 9 reserved */ }, 1017 { "clcd", make_unimp_dev, &mms->cldc, 0x4130a000, 0x1000 }, 1018 { "rtc", make_rtc, &mms->rtc, 0x4130b000, 0x1000 }, 1019 }, 1020 }, { 1021 .name = "ahb_ppcexp0", 1022 .ports = { 1023 { "gpio0", make_unimp_dev, &mms->gpio[0], 0x41100000, 0x1000 }, 1024 { "gpio1", make_unimp_dev, &mms->gpio[1], 0x41101000, 0x1000 }, 1025 { "gpio2", make_unimp_dev, &mms->gpio[2], 0x41102000, 0x1000 }, 1026 { "gpio3", make_unimp_dev, &mms->gpio[3], 0x41103000, 0x1000 }, 1027 { "eth-usb", make_eth_usb, NULL, 0x41400000, 0x200000, { 48 } }, 1028 }, 1029 }, 1030 }; 1031 1032 const PPCInfo an547_ppcs[] = { { 1033 .name = "apb_ppcexp0", 1034 .ports = { 1035 { "ssram-mpc", make_mpc, &mms->mpc[0], 0x57000000, 0x1000 }, 1036 { "qspi-mpc", make_mpc, &mms->mpc[1], 0x57001000, 0x1000 }, 1037 { "ddr-mpc", make_mpc, &mms->mpc[2], 0x57002000, 0x1000 }, 1038 }, 1039 }, { 1040 .name = "apb_ppcexp1", 1041 .ports = { 1042 { "i2c0", make_i2c, &mms->i2c[0], 0x49200000, 0x1000, {}, 1043 { .i2c_internal = true /* touchscreen */ } }, 1044 { "i2c1", make_i2c, &mms->i2c[1], 0x49201000, 0x1000, {}, 1045 { .i2c_internal = true /* audio conf */ } }, 1046 { "spi0", make_spi, &mms->spi[0], 0x49202000, 0x1000, { 53 } }, 1047 { "spi1", make_spi, &mms->spi[1], 0x49203000, 0x1000, { 54 } }, 1048 { "spi2", make_spi, &mms->spi[2], 0x49204000, 0x1000, { 55 } }, 1049 { "i2c2", make_i2c, &mms->i2c[2], 0x49205000, 0x1000, {}, 1050 { .i2c_internal = false /* shield 0 */ } }, 1051 { "i2c3", make_i2c, &mms->i2c[3], 0x49206000, 0x1000, {}, 1052 { .i2c_internal = false /* shield 1 */ } }, 1053 { /* port 7 reserved */ }, 1054 { "i2c4", make_i2c, &mms->i2c[4], 0x49208000, 0x1000, {}, 1055 { .i2c_internal = true /* DDR4 EEPROM */ } }, 1056 }, 1057 }, { 1058 .name = "apb_ppcexp2", 1059 .ports = { 1060 { "scc", make_scc, &mms->scc, 0x49300000, 0x1000 }, 1061 { "i2s-audio", make_unimp_dev, &mms->i2s_audio, 0x49301000, 0x1000 }, 1062 { "fpgaio", make_fpgaio, &mms->fpgaio, 0x49302000, 0x1000 }, 1063 { "uart0", make_uart, &mms->uart[0], 0x49303000, 0x1000, { 33, 34, 43 } }, 1064 { "uart1", make_uart, &mms->uart[1], 0x49304000, 0x1000, { 35, 36, 44 } }, 1065 { "uart2", make_uart, &mms->uart[2], 0x49305000, 0x1000, { 37, 38, 45 } }, 1066 { "uart3", make_uart, &mms->uart[3], 0x49306000, 0x1000, { 39, 40, 46 } }, 1067 { "uart4", make_uart, &mms->uart[4], 0x49307000, 0x1000, { 41, 42, 47 } }, 1068 { "uart5", make_uart, &mms->uart[5], 0x49308000, 0x1000, { 125, 126, 127 } }, 1069 1070 { /* port 9 reserved */ }, 1071 { "clcd", make_unimp_dev, &mms->cldc, 0x4930a000, 0x1000 }, 1072 { "rtc", make_rtc, &mms->rtc, 0x4930b000, 0x1000 }, 1073 }, 1074 }, { 1075 .name = "ahb_ppcexp0", 1076 .ports = { 1077 { "gpio0", make_unimp_dev, &mms->gpio[0], 0x41100000, 0x1000 }, 1078 { "gpio1", make_unimp_dev, &mms->gpio[1], 0x41101000, 0x1000 }, 1079 { "gpio2", make_unimp_dev, &mms->gpio[2], 0x41102000, 0x1000 }, 1080 { "gpio3", make_unimp_dev, &mms->gpio[3], 0x41103000, 0x1000 }, 1081 { "eth-usb", make_eth_usb, NULL, 0x41400000, 0x200000, { 49 } }, 1082 }, 1083 }, 1084 }; 1085 1086 switch (mmc->fpga_type) { 1087 case FPGA_AN505: 1088 case FPGA_AN521: 1089 ppcs = an505_ppcs; 1090 num_ppcs = ARRAY_SIZE(an505_ppcs); 1091 break; 1092 case FPGA_AN524: 1093 ppcs = an524_ppcs; 1094 num_ppcs = ARRAY_SIZE(an524_ppcs); 1095 break; 1096 case FPGA_AN547: 1097 ppcs = an547_ppcs; 1098 num_ppcs = ARRAY_SIZE(an547_ppcs); 1099 break; 1100 default: 1101 g_assert_not_reached(); 1102 } 1103 1104 for (i = 0; i < num_ppcs; i++) { 1105 const PPCInfo *ppcinfo = &ppcs[i]; 1106 TZPPC *ppc = &mms->ppc[i]; 1107 DeviceState *ppcdev; 1108 int port; 1109 char *gpioname; 1110 1111 object_initialize_child(OBJECT(machine), ppcinfo->name, ppc, 1112 TYPE_TZ_PPC); 1113 ppcdev = DEVICE(ppc); 1114 1115 for (port = 0; port < TZ_NUM_PORTS; port++) { 1116 const PPCPortInfo *pinfo = &ppcinfo->ports[port]; 1117 MemoryRegion *mr; 1118 char *portname; 1119 1120 if (!pinfo->devfn) { 1121 continue; 1122 } 1123 1124 mr = pinfo->devfn(mms, pinfo->opaque, pinfo->name, pinfo->size, 1125 pinfo->irqs, &pinfo->extradata); 1126 portname = g_strdup_printf("port[%d]", port); 1127 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr), 1128 &error_fatal); 1129 g_free(portname); 1130 } 1131 1132 sysbus_realize(SYS_BUS_DEVICE(ppc), &error_fatal); 1133 1134 for (port = 0; port < TZ_NUM_PORTS; port++) { 1135 const PPCPortInfo *pinfo = &ppcinfo->ports[port]; 1136 1137 if (!pinfo->devfn) { 1138 continue; 1139 } 1140 sysbus_mmio_map(SYS_BUS_DEVICE(ppc), port, pinfo->addr); 1141 1142 gpioname = g_strdup_printf("%s_nonsec", ppcinfo->name); 1143 qdev_connect_gpio_out_named(iotkitdev, gpioname, port, 1144 qdev_get_gpio_in_named(ppcdev, 1145 "cfg_nonsec", 1146 port)); 1147 g_free(gpioname); 1148 gpioname = g_strdup_printf("%s_ap", ppcinfo->name); 1149 qdev_connect_gpio_out_named(iotkitdev, gpioname, port, 1150 qdev_get_gpio_in_named(ppcdev, 1151 "cfg_ap", port)); 1152 g_free(gpioname); 1153 } 1154 1155 gpioname = g_strdup_printf("%s_irq_enable", ppcinfo->name); 1156 qdev_connect_gpio_out_named(iotkitdev, gpioname, 0, 1157 qdev_get_gpio_in_named(ppcdev, 1158 "irq_enable", 0)); 1159 g_free(gpioname); 1160 gpioname = g_strdup_printf("%s_irq_clear", ppcinfo->name); 1161 qdev_connect_gpio_out_named(iotkitdev, gpioname, 0, 1162 qdev_get_gpio_in_named(ppcdev, 1163 "irq_clear", 0)); 1164 g_free(gpioname); 1165 gpioname = g_strdup_printf("%s_irq_status", ppcinfo->name); 1166 qdev_connect_gpio_out_named(ppcdev, "irq", 0, 1167 qdev_get_gpio_in_named(iotkitdev, 1168 gpioname, 0)); 1169 g_free(gpioname); 1170 1171 qdev_connect_gpio_out(dev_splitter, i, 1172 qdev_get_gpio_in_named(ppcdev, 1173 "cfg_sec_resp", 0)); 1174 } 1175 1176 create_unimplemented_device("FPGA NS PC", 0x48007000, 0x1000); 1177 1178 if (mmc->fpga_type == FPGA_AN547) { 1179 create_unimplemented_device("U55 timing adapter 0", 0x48102000, 0x1000); 1180 create_unimplemented_device("U55 timing adapter 1", 0x48103000, 0x1000); 1181 } 1182 1183 create_non_mpc_ram(mms); 1184 1185 if (mmc->fpga_type == FPGA_AN524) { 1186 /* 1187 * Connect the line from the SCC so that we can remap when the 1188 * guest updates that register. 1189 */ 1190 mms->remap_irq = qemu_allocate_irq(remap_irq_fn, mms, 0); 1191 qdev_connect_gpio_out_named(DEVICE(&mms->scc), "remap", 0, 1192 mms->remap_irq); 1193 } 1194 1195 armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename, 1196 boot_ram_size(mms)); 1197} 1198 1199static void mps2_tz_idau_check(IDAUInterface *ii, uint32_t address, 1200 int *iregion, bool *exempt, bool *ns, bool *nsc) 1201{ 1202 /* 1203 * The MPS2 TZ FPGA images have IDAUs in them which are connected to 1204 * the Master Security Controllers. Thes have the same logic as 1205 * is used by the IoTKit for the IDAU connected to the CPU, except 1206 * that MSCs don't care about the NSC attribute. 1207 */ 1208 int region = extract32(address, 28, 4); 1209 1210 *ns = !(region & 1); 1211 *nsc = false; 1212 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */ 1213 *exempt = (address & 0xeff00000) == 0xe0000000; 1214 *iregion = region; 1215} 1216 1217static char *mps2_get_remap(Object *obj, Error **errp) 1218{ 1219 MPS2TZMachineState *mms = MPS2TZ_MACHINE(obj); 1220 const char *val = mms->remap ? "QSPI" : "BRAM"; 1221 return g_strdup(val); 1222} 1223 1224static void mps2_set_remap(Object *obj, const char *value, Error **errp) 1225{ 1226 MPS2TZMachineState *mms = MPS2TZ_MACHINE(obj); 1227 1228 if (!strcmp(value, "BRAM")) { 1229 mms->remap = false; 1230 } else if (!strcmp(value, "QSPI")) { 1231 mms->remap = true; 1232 } else { 1233 error_setg(errp, "Invalid remap value"); 1234 error_append_hint(errp, "Valid values are BRAM and QSPI.\n"); 1235 } 1236} 1237 1238static void mps2_machine_reset(MachineState *machine) 1239{ 1240 MPS2TZMachineState *mms = MPS2TZ_MACHINE(machine); 1241 1242 /* 1243 * Set the initial memory mapping before triggering the reset of 1244 * the rest of the system, so that the guest image loader and CPU 1245 * reset see the correct mapping. 1246 */ 1247 remap_memory(mms, mms->remap); 1248 qemu_devices_reset(); 1249} 1250 1251static void mps2tz_class_init(ObjectClass *oc, void *data) 1252{ 1253 MachineClass *mc = MACHINE_CLASS(oc); 1254 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(oc); 1255 1256 mc->init = mps2tz_common_init; 1257 mc->reset = mps2_machine_reset; 1258 iic->check = mps2_tz_idau_check; 1259} 1260 1261static void mps2tz_set_default_ram_info(MPS2TZMachineClass *mmc) 1262{ 1263 /* 1264 * Set mc->default_ram_size and default_ram_id from the 1265 * information in mmc->raminfo. 1266 */ 1267 MachineClass *mc = MACHINE_CLASS(mmc); 1268 const RAMInfo *p; 1269 1270 for (p = mmc->raminfo; p->name; p++) { 1271 if (p->mrindex < 0) { 1272 /* Found the entry for "system memory" */ 1273 mc->default_ram_size = p->size; 1274 mc->default_ram_id = p->name; 1275 return; 1276 } 1277 } 1278 g_assert_not_reached(); 1279} 1280 1281static void mps2tz_an505_class_init(ObjectClass *oc, void *data) 1282{ 1283 MachineClass *mc = MACHINE_CLASS(oc); 1284 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); 1285 1286 mc->desc = "ARM MPS2 with AN505 FPGA image for Cortex-M33"; 1287 mc->default_cpus = 1; 1288 mc->min_cpus = mc->default_cpus; 1289 mc->max_cpus = mc->default_cpus; 1290 mmc->fpga_type = FPGA_AN505; 1291 mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"); 1292 mmc->scc_id = 0x41045050; 1293 mmc->sysclk_frq = 20 * 1000 * 1000; /* 20MHz */ 1294 mmc->apb_periph_frq = mmc->sysclk_frq; 1295 mmc->oscclk = an505_oscclk; 1296 mmc->len_oscclk = ARRAY_SIZE(an505_oscclk); 1297 mmc->fpgaio_num_leds = 2; 1298 mmc->fpgaio_has_switches = false; 1299 mmc->fpgaio_has_dbgctrl = false; 1300 mmc->numirq = 92; 1301 mmc->uart_overflow_irq = 47; 1302 mmc->init_svtor = 0x10000000; 1303 mmc->sram_addr_width = 15; 1304 mmc->raminfo = an505_raminfo; 1305 mmc->armsse_type = TYPE_IOTKIT; 1306 mmc->boot_ram_size = 0; 1307 mps2tz_set_default_ram_info(mmc); 1308} 1309 1310static void mps2tz_an521_class_init(ObjectClass *oc, void *data) 1311{ 1312 MachineClass *mc = MACHINE_CLASS(oc); 1313 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); 1314 1315 mc->desc = "ARM MPS2 with AN521 FPGA image for dual Cortex-M33"; 1316 mc->default_cpus = 2; 1317 mc->min_cpus = mc->default_cpus; 1318 mc->max_cpus = mc->default_cpus; 1319 mmc->fpga_type = FPGA_AN521; 1320 mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"); 1321 mmc->scc_id = 0x41045210; 1322 mmc->sysclk_frq = 20 * 1000 * 1000; /* 20MHz */ 1323 mmc->apb_periph_frq = mmc->sysclk_frq; 1324 mmc->oscclk = an505_oscclk; /* AN521 is the same as AN505 here */ 1325 mmc->len_oscclk = ARRAY_SIZE(an505_oscclk); 1326 mmc->fpgaio_num_leds = 2; 1327 mmc->fpgaio_has_switches = false; 1328 mmc->fpgaio_has_dbgctrl = false; 1329 mmc->numirq = 92; 1330 mmc->uart_overflow_irq = 47; 1331 mmc->init_svtor = 0x10000000; 1332 mmc->sram_addr_width = 15; 1333 mmc->raminfo = an505_raminfo; /* AN521 is the same as AN505 here */ 1334 mmc->armsse_type = TYPE_SSE200; 1335 mmc->boot_ram_size = 0; 1336 mps2tz_set_default_ram_info(mmc); 1337} 1338 1339static void mps3tz_an524_class_init(ObjectClass *oc, void *data) 1340{ 1341 MachineClass *mc = MACHINE_CLASS(oc); 1342 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); 1343 1344 mc->desc = "ARM MPS3 with AN524 FPGA image for dual Cortex-M33"; 1345 mc->default_cpus = 2; 1346 mc->min_cpus = mc->default_cpus; 1347 mc->max_cpus = mc->default_cpus; 1348 mmc->fpga_type = FPGA_AN524; 1349 mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"); 1350 mmc->scc_id = 0x41045240; 1351 mmc->sysclk_frq = 32 * 1000 * 1000; /* 32MHz */ 1352 mmc->apb_periph_frq = mmc->sysclk_frq; 1353 mmc->oscclk = an524_oscclk; 1354 mmc->len_oscclk = ARRAY_SIZE(an524_oscclk); 1355 mmc->fpgaio_num_leds = 10; 1356 mmc->fpgaio_has_switches = true; 1357 mmc->fpgaio_has_dbgctrl = false; 1358 mmc->numirq = 95; 1359 mmc->uart_overflow_irq = 47; 1360 mmc->init_svtor = 0x10000000; 1361 mmc->sram_addr_width = 15; 1362 mmc->raminfo = an524_raminfo; 1363 mmc->armsse_type = TYPE_SSE200; 1364 mmc->boot_ram_size = 0; 1365 mps2tz_set_default_ram_info(mmc); 1366 1367 object_class_property_add_str(oc, "remap", mps2_get_remap, mps2_set_remap); 1368 object_class_property_set_description(oc, "remap", 1369 "Set memory mapping. Valid values " 1370 "are BRAM (default) and QSPI."); 1371} 1372 1373static void mps3tz_an547_class_init(ObjectClass *oc, void *data) 1374{ 1375 MachineClass *mc = MACHINE_CLASS(oc); 1376 MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); 1377 1378 mc->desc = "ARM MPS3 with AN547 FPGA image for Cortex-M55"; 1379 mc->default_cpus = 1; 1380 mc->min_cpus = mc->default_cpus; 1381 mc->max_cpus = mc->default_cpus; 1382 mmc->fpga_type = FPGA_AN547; 1383 mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m55"); 1384 mmc->scc_id = 0x41055470; 1385 mmc->sysclk_frq = 32 * 1000 * 1000; /* 32MHz */ 1386 mmc->apb_periph_frq = 25 * 1000 * 1000; /* 25MHz */ 1387 mmc->oscclk = an524_oscclk; /* same as AN524 */ 1388 mmc->len_oscclk = ARRAY_SIZE(an524_oscclk); 1389 mmc->fpgaio_num_leds = 10; 1390 mmc->fpgaio_has_switches = true; 1391 mmc->fpgaio_has_dbgctrl = true; 1392 mmc->numirq = 96; 1393 mmc->uart_overflow_irq = 48; 1394 mmc->init_svtor = 0x00000000; 1395 mmc->sram_addr_width = 21; 1396 mmc->raminfo = an547_raminfo; 1397 mmc->armsse_type = TYPE_SSE300; 1398 mmc->boot_ram_size = 512 * KiB; 1399 mps2tz_set_default_ram_info(mmc); 1400} 1401 1402static const TypeInfo mps2tz_info = { 1403 .name = TYPE_MPS2TZ_MACHINE, 1404 .parent = TYPE_MACHINE, 1405 .abstract = true, 1406 .instance_size = sizeof(MPS2TZMachineState), 1407 .class_size = sizeof(MPS2TZMachineClass), 1408 .class_init = mps2tz_class_init, 1409 .interfaces = (InterfaceInfo[]) { 1410 { TYPE_IDAU_INTERFACE }, 1411 { } 1412 }, 1413}; 1414 1415static const TypeInfo mps2tz_an505_info = { 1416 .name = TYPE_MPS2TZ_AN505_MACHINE, 1417 .parent = TYPE_MPS2TZ_MACHINE, 1418 .class_init = mps2tz_an505_class_init, 1419}; 1420 1421static const TypeInfo mps2tz_an521_info = { 1422 .name = TYPE_MPS2TZ_AN521_MACHINE, 1423 .parent = TYPE_MPS2TZ_MACHINE, 1424 .class_init = mps2tz_an521_class_init, 1425}; 1426 1427static const TypeInfo mps3tz_an524_info = { 1428 .name = TYPE_MPS3TZ_AN524_MACHINE, 1429 .parent = TYPE_MPS2TZ_MACHINE, 1430 .class_init = mps3tz_an524_class_init, 1431}; 1432 1433static const TypeInfo mps3tz_an547_info = { 1434 .name = TYPE_MPS3TZ_AN547_MACHINE, 1435 .parent = TYPE_MPS2TZ_MACHINE, 1436 .class_init = mps3tz_an547_class_init, 1437}; 1438 1439static void mps2tz_machine_init(void) 1440{ 1441 type_register_static(&mps2tz_info); 1442 type_register_static(&mps2tz_an505_info); 1443 type_register_static(&mps2tz_an521_info); 1444 type_register_static(&mps3tz_an524_info); 1445 type_register_static(&mps3tz_an547_info); 1446} 1447 1448type_init(mps2tz_machine_init);