cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

armsse.h (8194B)

      1/*
      2 * ARM SSE (Subsystems for Embedded): IoTKit, SSE-200
      3 *
      4 * Copyright (c) 2018 Linaro Limited
      5 * Written by Peter Maydell
      6 *
      7 * This program is free software; you can redistribute it and/or modify
      8 * it under the terms of the GNU General Public License version 2 or
      9 * (at your option) any later version.
     10 */
     11
     12/*
     13 * This is a model of the Arm "Subsystems for Embedded" family of
     14 * hardware, which include the IoT Kit and the SSE-050, SSE-100 and
     15 * SSE-200. Currently we model:
     16 *  - the Arm IoT Kit which is documented in
     17 *    https://developer.arm.com/documentation/ecm0601256/latest
     18 *  - the SSE-200 which is documented in
     19 *    https://developer.arm.com/documentation/101104/latest/
     20 *
     21 * The IoTKit contains:
     22 *  a Cortex-M33
     23 *  the IDAU
     24 *  some timers and watchdogs
     25 *  two peripheral protection controllers
     26 *  a memory protection controller
     27 *  a security controller
     28 *  a bus fabric which arranges that some parts of the address
     29 *  space are secure and non-secure aliases of each other
     30 * The SSE-200 additionally contains:
     31 *  a second Cortex-M33
     32 *  two Message Handling Units (MHUs)
     33 *  an optional CryptoCell (which we do not model)
     34 *  more SRAM banks with associated MPCs
     35 *  multiple Power Policy Units (PPUs)
     36 *  a control interface for an icache for each CPU
     37 *  per-CPU identity and control register blocks
     38 *
     39 * QEMU interface:
     40 *  + Clock input "MAINCLK": clock for CPUs and most peripherals
     41 *  + Clock input "S32KCLK": slow 32KHz clock used for a few peripherals
     42 *  + QOM property "memory" is a MemoryRegion containing the devices provided
     43 *    by the board model.
     44 *  + QOM property "EXP_NUMIRQ" sets the number of expansion interrupts.
     45 *    (In hardware, the SSE-200 permits the number of expansion interrupts
     46 *    for the two CPUs to be configured separately, but we restrict it to
     47 *    being the same for both, to avoid having to have separate Property
     48 *    lists for different variants. This restriction can be relaxed later
     49 *    if necessary.)
     50 *  + QOM property "SRAM_ADDR_WIDTH" sets the number of bits used for the
     51 *    address of each SRAM bank (and thus the total amount of internal SRAM)
     52 *  + QOM property "init-svtor" sets the initial value of the CPU SVTOR register
     53 *    (where it expects to load the PC and SP from the vector table on reset)
     54 *  + QOM properties "CPU0_FPU", "CPU0_DSP", "CPU1_FPU" and "CPU1_DSP" which
     55 *    set whether the CPUs have the FPU and DSP features present. The default
     56 *    (matching the hardware) is that for CPU0 in an IoTKit and CPU1 in an
     57 *    SSE-200 both are present; CPU0 in an SSE-200 has neither.
     58 *    Since the IoTKit has only one CPU, it does not have the CPU1_* properties.
     59 *  + Named GPIO inputs "EXP_IRQ" 0..n are the expansion interrupts for CPU 0,
     60 *    which are wired to its NVIC lines 32 .. n+32
     61 *  + Named GPIO inputs "EXP_CPU1_IRQ" 0..n are the expansion interrupts for
     62 *    CPU 1, which are wired to its NVIC lines 32 .. n+32
     63 *  + sysbus MMIO region 0 is the "AHB Slave Expansion" which allows
     64 *    bus master devices in the board model to make transactions into
     65 *    all the devices and memory areas in the IoTKit
     66 * Controlling up to 4 AHB expansion PPBs which a system using the IoTKit
     67 * might provide:
     68 *  + named GPIO outputs apb_ppcexp{0,1,2,3}_nonsec[0..15]
     69 *  + named GPIO outputs apb_ppcexp{0,1,2,3}_ap[0..15]
     70 *  + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_enable
     71 *  + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_clear
     72 *  + named GPIO inputs apb_ppcexp{0,1,2,3}_irq_status
     73 * Controlling each of the 4 expansion AHB PPCs which a system using the IoTKit
     74 * might provide:
     75 *  + named GPIO outputs ahb_ppcexp{0,1,2,3}_nonsec[0..15]
     76 *  + named GPIO outputs ahb_ppcexp{0,1,2,3}_ap[0..15]
     77 *  + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_enable
     78 *  + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_clear
     79 *  + named GPIO inputs ahb_ppcexp{0,1,2,3}_irq_status
     80 * Controlling each of the 16 expansion MPCs which a system using the IoTKit
     81 * might provide:
     82 *  + named GPIO inputs mpcexp_status[0..15]
     83 * Controlling each of the 16 expansion MSCs which a system using the IoTKit
     84 * might provide:
     85 *  + named GPIO inputs mscexp_status[0..15]
     86 *  + named GPIO outputs mscexp_clear[0..15]
     87 *  + named GPIO outputs mscexp_ns[0..15]
     88 */
     89
     90#ifndef ARMSSE_H
     91#define ARMSSE_H
     92
     93#include "hw/sysbus.h"
     94#include "hw/arm/armv7m.h"
     95#include "hw/misc/iotkit-secctl.h"
     96#include "hw/misc/tz-ppc.h"
     97#include "hw/misc/tz-mpc.h"
     98#include "hw/timer/cmsdk-apb-timer.h"
     99#include "hw/timer/cmsdk-apb-dualtimer.h"
    100#include "hw/timer/sse-counter.h"
    101#include "hw/timer/sse-timer.h"
    102#include "hw/watchdog/cmsdk-apb-watchdog.h"
    103#include "hw/misc/iotkit-sysctl.h"
    104#include "hw/misc/iotkit-sysinfo.h"
    105#include "hw/misc/armsse-cpuid.h"
    106#include "hw/misc/armsse-mhu.h"
    107#include "hw/misc/armsse-cpu-pwrctrl.h"
    108#include "hw/misc/unimp.h"
    109#include "hw/or-irq.h"
    110#include "hw/clock.h"
    111#include "hw/core/split-irq.h"
    112#include "hw/cpu/cluster.h"
    113#include "qom/object.h"
    114
    115#define TYPE_ARM_SSE "arm-sse"
    116OBJECT_DECLARE_TYPE(ARMSSE, ARMSSEClass,
    117                    ARM_SSE)
    118
    119/*
    120 * These type names are for specific IoTKit subsystems; other than
    121 * instantiating them, code using these devices should always handle
    122 * them via the ARMSSE base class, so they have no IOTKIT() etc macros.
    123 */
    124#define TYPE_IOTKIT "iotkit"
    125#define TYPE_SSE200 "sse-200"
    126#define TYPE_SSE300 "sse-300"
    127
    128/* We have an IRQ splitter and an OR gate input for each external PPC
    129 * and the 2 internal PPCs
    130 */
    131#define NUM_INTERNAL_PPCS 2
    132#define NUM_EXTERNAL_PPCS (IOTS_NUM_AHB_EXP_PPC + IOTS_NUM_APB_EXP_PPC)
    133#define NUM_PPCS (NUM_EXTERNAL_PPCS + NUM_INTERNAL_PPCS)
    134
    135#define MAX_SRAM_BANKS 4
    136#if MAX_SRAM_BANKS > IOTS_NUM_MPC
    137#error Too many SRAM banks
    138#endif
    139
    140#define SSE_MAX_CPUS 2
    141
    142#define NUM_PPUS 8
    143
    144/* Number of CPU IRQs used by the SSE itself */
    145#define NUM_SSE_IRQS 32
    146
    147struct ARMSSE {
    148    /*< private >*/
    149    SysBusDevice parent_obj;
    150
    151    /*< public >*/
    152    ARMv7MState armv7m[SSE_MAX_CPUS];
    153    CPUClusterState cluster[SSE_MAX_CPUS];
    154    IoTKitSecCtl secctl;
    155    TZPPC apb_ppc[NUM_INTERNAL_PPCS];
    156    TZMPC mpc[IOTS_NUM_MPC];
    157    CMSDKAPBTimer timer[3];
    158    qemu_or_irq ppc_irq_orgate;
    159    SplitIRQ sec_resp_splitter;
    160    SplitIRQ ppc_irq_splitter[NUM_PPCS];
    161    SplitIRQ mpc_irq_splitter[IOTS_NUM_EXP_MPC + IOTS_NUM_MPC];
    162    qemu_or_irq mpc_irq_orgate;
    163    qemu_or_irq nmi_orgate;
    164
    165    SplitIRQ cpu_irq_splitter[NUM_SSE_IRQS];
    166
    167    CMSDKAPBDualTimer dualtimer;
    168
    169    CMSDKAPBWatchdog cmsdk_watchdog[3];
    170
    171    SSECounter sse_counter;
    172    SSETimer sse_timer[4];
    173
    174    IoTKitSysCtl sysctl;
    175    IoTKitSysCtl sysinfo;
    176
    177    ARMSSEMHU mhu[2];
    178    UnimplementedDeviceState unimp[NUM_PPUS];
    179    UnimplementedDeviceState cachectrl[SSE_MAX_CPUS];
    180    UnimplementedDeviceState cpusecctrl[SSE_MAX_CPUS];
    181
    182    ARMSSECPUID cpuid[SSE_MAX_CPUS];
    183
    184    ARMSSECPUPwrCtrl cpu_pwrctrl[SSE_MAX_CPUS];
    185
    186    /*
    187     * 'container' holds all devices seen by all CPUs.
    188     * 'cpu_container[i]' is the view that CPU i has: this has the
    189     * per-CPU devices of that CPU, plus as the background 'container'
    190     * (or an alias of it, since we can only use it directly once).
    191     * container_alias[i] is the alias of 'container' used by CPU i+1;
    192     * CPU 0 can use 'container' directly.
    193     */
    194    MemoryRegion container;
    195    MemoryRegion container_alias[SSE_MAX_CPUS - 1];
    196    MemoryRegion cpu_container[SSE_MAX_CPUS];
    197    MemoryRegion alias1;
    198    MemoryRegion alias2;
    199    MemoryRegion alias3[SSE_MAX_CPUS];
    200    MemoryRegion sram[MAX_SRAM_BANKS];
    201    MemoryRegion itcm;
    202    MemoryRegion dtcm;
    203
    204    qemu_irq *exp_irqs[SSE_MAX_CPUS];
    205    qemu_irq ppc0_irq;
    206    qemu_irq ppc1_irq;
    207    qemu_irq sec_resp_cfg;
    208    qemu_irq sec_resp_cfg_in;
    209    qemu_irq nsc_cfg_in;
    210
    211    qemu_irq irq_status_in[NUM_EXTERNAL_PPCS];
    212    qemu_irq mpcexp_status_in[IOTS_NUM_EXP_MPC];
    213
    214    uint32_t nsccfg;
    215
    216    Clock *mainclk;
    217    Clock *s32kclk;
    218
    219    /* Properties */
    220    MemoryRegion *board_memory;
    221    uint32_t exp_numirq;
    222    uint32_t sram_addr_width;
    223    uint32_t init_svtor;
    224    bool cpu_fpu[SSE_MAX_CPUS];
    225    bool cpu_dsp[SSE_MAX_CPUS];
    226};
    227
    228typedef struct ARMSSEInfo ARMSSEInfo;
    229
    230struct ARMSSEClass {
    231    SysBusDeviceClass parent_class;
    232    const ARMSSEInfo *info;
    233};
    234
    235
    236#endif