public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled
@ 2016-10-14 10:52 Bhupesh Sharma
  2016-10-14 11:21 ` Bhupesh Sharma
  0 siblings, 1 reply; 2+ messages in thread
From: Bhupesh Sharma @ 2016-10-14 10:52 UTC (permalink / raw)
  To: edk2-devel; +Cc: linaro-uefi, Bhupesh Sharma, Ard Biesheuvel

ARM TZASC-380 IP provides a mechanism to split memory regions being
protected via it into eight equal-sized sub-regions,
with a bit setting allowing the corresponding subregion to be disabled.

Several NXP/FSL SoCs support the TZASC-380 IP block and allow
the DDR connected via the TZASC to be partitioned into regions
having different security settings.

This patch enables this support and can be used for SoCs which
support such partition of DDR regions.

Details of the 'subregion_disable' register can be viewed here:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0431c/CJABCFHB.html

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c     | 21 ++++++++++++++-------
 ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c  |  5 +++--
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774..d358d65 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,21 @@ ArmPlatformSecTrustzoneInit (
   // NOR Flash 0 non secure (BootMon)
   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
       ARM_VE_SMB_NOR0_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
+      0);
 
   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
   if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
+	0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE,0,
-        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
+	0);
   }
 
   // Base of SRAM. Only half of SRAM in Non Secure world
@@ -92,22 +95,26 @@ ArmPlatformSecTrustzoneInit (
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW,
+	0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
+	0);
   }
 
   // Memory Mapped Peripherals. All in non secure world
   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
       ARM_VE_SMB_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
+      0);
 
   // MotherBoard Peripherals and On-chip peripherals.
   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW,
+      0);
 }
 
 /**
diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dc..5cd41ef 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,7 +87,8 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   )
 {
   UINT32*     Region;
@@ -100,7 +101,7 @@ TZASCSetRegion (
 
   MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
   MmioWrite32((UINTN)(Region+1), HighAddress);
-  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
+  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((SubregionDisableMask & 0xFF) << 8) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
 
   return EFI_SUCCESS;
 }
-- 
1.9.1




^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled
  2016-10-14 10:52 [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled Bhupesh Sharma
@ 2016-10-14 11:21 ` Bhupesh Sharma
  0 siblings, 0 replies; 2+ messages in thread
From: Bhupesh Sharma @ 2016-10-14 11:21 UTC (permalink / raw)
  To: Bhupesh Sharma, edk2-devel@ml01.01.org
  Cc: linaro-uefi@lists.linaro.org, Ard Biesheuvel

This patch is missing a .h file. Please discard.
I will RESEND the patch with the fix.

Apologies for the inconvenience. 

Regards,
Bhupesh

> -----Original Message-----
> From: Bhupesh Sharma [mailto:bhupesh.sharma@nxp.com]
> Sent: Friday, October 14, 2016 4:22 PM
> To: edk2-devel@ml01.01.org
> Cc: linaro-uefi@lists.linaro.org; Bhupesh Sharma
> <bhupesh.sharma@nxp.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Subject: [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for
> specifying Subregions to be disabled
> 
> ARM TZASC-380 IP provides a mechanism to split memory regions being
> protected via it into eight equal-sized sub-regions, with a bit setting
> allowing the corresponding subregion to be disabled.
> 
> Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR
> connected via the TZASC to be partitioned into regions having different
> security settings.
> 
> This patch enables this support and can be used for SoCs which support
> such partition of DDR regions.
> 
> Details of the 'subregion_disable' register can be viewed here:
> http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0431c/CJ
> ABCFHB.html
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c     | 21
> ++++++++++++++-------
>  ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c  |  5 +++--
>  2 files changed, 17 insertions(+), 9 deletions(-)
> 
> diff --git
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S
> ec.c
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S
> ec.c
> index 6fa0774..d358d65 100644
> ---
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S
> ec.c
> +++
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9
> +++ x4Sec.c
> @@ -72,18 +72,21 @@ ArmPlatformSecTrustzoneInit (
>    // NOR Flash 0 non secure (BootMon)
>    TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_NOR0_BASE,0,
> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> +      0);
> 
>    // NOR Flash 1. The first half of the NOR Flash1 must be secure for
> the secure firmware (sec_uefi.bin)
>    if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
>      //Note: Your OS Kernel must be aware of the secure regions before
> to enable this region
>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
> +	0);
>    } else {
>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_NOR1_BASE,0,
> -        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> +	0);
>    }
> 
>    // Base of SRAM. Only half of SRAM in Non Secure world @@ -92,22
> +95,26 @@ ArmPlatformSecTrustzoneInit (
>      //Note: Your OS Kernel must be aware of the secure regions before
> to enable this region
>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_SRAM_BASE,0,
> -        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW,
> +	0);
>    } else {
>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_SRAM_BASE,0,
> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
> +	0);
>    }
> 
>    // Memory Mapped Peripherals. All in non secure world
>    TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_PERIPH_BASE,0,
> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> +      0);
> 
>    // MotherBoard Peripherals and On-chip peripherals.
>    TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
> -      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW,
> +      0);
>  }
> 
>  /**
> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> index 070c0dc..5cd41ef 100644
> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> @@ -87,7 +87,8 @@ TZASCSetRegion (
>    IN  UINTN LowAddress,
>    IN  UINTN HighAddress,
>    IN  UINTN Size,
> -  IN  UINTN Security
> +  IN  UINTN Security,
> +  IN  UINTN SubregionDisableMask
>    )
>  {
>    UINT32*     Region;
> @@ -100,7 +101,7 @@ TZASCSetRegion (
> 
>    MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
>    MmioWrite32((UINTN)(Region+1), HighAddress);
> -  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size &
> 0x3F) << 1) | (Enabled & 0x1));
> +  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) |
> + ((SubregionDisableMask & 0xFF) << 8) | ((Size & 0x3F) << 1) |
> (Enabled
> + & 0x1));
> 
>    return EFI_SUCCESS;
>  }
> --
> 1.9.1
> 



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-10-14 11:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-14 10:52 [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled Bhupesh Sharma
2016-10-14 11:21 ` Bhupesh Sharma

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox