From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0602.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4a::602]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BCF5F1A1E10 for ; Fri, 14 Oct 2016 04:02:00 -0700 (PDT) Received: from DM5PR03CA0021.namprd03.prod.outlook.com (10.175.104.31) by BLUPR03MB325.namprd03.prod.outlook.com (10.141.48.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5; Fri, 14 Oct 2016 11:01:58 +0000 Received: from BY2FFO11FD039.protection.gbl (2a01:111:f400:7c0c::198) by DM5PR03CA0021.outlook.office365.com (2603:10b6:3:118::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5 via Frontend Transport; Fri, 14 Oct 2016 11:01:58 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; linaro.org; dkim=none (message not signed) header.d=none;linaro.org; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BY2FFO11FD039.mail.protection.outlook.com (10.1.14.224) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.669.7 via Frontend Transport; Fri, 14 Oct 2016 11:01:58 +0000 Received: from b45370.ap.freescale.net ([10.232.40.52]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u9EB1pU7015371; Fri, 14 Oct 2016 04:01:55 -0700 From: Bhupesh Sharma To: CC: , Bhupesh Sharma , Ard Biesheuvel Date: Fri, 14 Oct 2016 16:22:01 +0530 Message-ID: <1476442321-30114-1-git-send-email-bhupesh.sharma@nxp.com> X-Mailer: git-send-email 1.9.1 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131209165183374665; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(979002)(6009001)(7916002)(2980300002)(1110001)(1109001)(339900001)(199003)(189002)(105606002)(8676002)(81166006)(5660300001)(189998001)(8936002)(47776003)(6666003)(7846002)(575784001)(8666005)(356003)(81156014)(36756003)(86362001)(50226002)(48376002)(4326007)(33646002)(11100500001)(19580395003)(110136003)(97736004)(85426001)(19580405001)(50466002)(2906002)(586003)(68736007)(104016004)(229853001)(106466001)(92566002)(6916009)(5003940100001)(77096005)(50986999)(15975445007)(626004)(87936001)(2351001)(305945005)(7059030)(19627235001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR03MB325; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD039; 1://025U/divvmboiVEudw2i+66+OGsIn7l8NriUCb7QjfzHwtDS3t6RHC1h1CqJg7Iq16Wnf5/mlBmkVGm8BcT4Ug+ZatZ/sD3uNqbA+izdD6YjAPbUIaf6OpaUBP2/X8mUWIDPOnesIKY5K5F9oXxAAIY9Wez7fFD3OCB++wAR6g66MsyLV4uPOouFo8YbJZ1uMR6xMYfK0TmXMuM9HSgLuKazRkRce7PvxLo9gUPWuy5bGtCFt0zr2DPPGizpzbSanmPzaEclKaV0KRIuL6EsI4gzNPWkxUI4cIxeuqGOU595XrwciQxG605larABYB7a0aJYaO1LGc/DF4z85L+iwetmDE4tRcExzsmwfIrN8S4rLAoFnnolK0xBkhsd+eP3FVwWamX8J809c2dFfMUseVbGMowLzBwMYhsWDhShqpWMpraQHs8Qb65nZU8c1/RX8/Xj/70tmZS0tD6xZjE/jNR5kyWvHbjd6YDEjswEQAJc05oipA2xnspxqhp734Mv62wkzG6MZfrNNVSCgH2ye3E7s0FO8bh02Nu/tVa7U/2pwNEWLvMufx5o9U6GBRNv4ANO9UauNJ7ASRhDBRg77+/K8yWJwDdfGeVZrPDQ37IHYeoEW816eaqVKFpBaD MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 47d6cd20-fcf9-4534-68e0-08d3f4218469 X-Microsoft-Exchange-Diagnostics: 1; BLUPR03MB325; 2:C7jJri/wLPOI0yBBLn0SCOoyfrRVsJmKg2vuCMJEhTPEGGLIxkin0djfMefgp5iVgghY5qU64AQfjKkFGmRRyFBXP3+o9vOtHl7pG11El2YsS9kfDRqkjDnwTa5C0j2no7SB2fBFJ0HyYczNojtX7ODjeNBcdYLBiYR3XY+vmQQ73fE90zhKgymuKjCbbySZ; 3:O8hCvExpI5/6iOAaNfLGBNlTwkr5CQmQK2kP7wzaZbcPE4L9PM3EyAO5urQAfIKyeXKgbDpvaqoQhSMb1xF1NlH/sc5zXrrq+DuAJVHALbrX97NqchY8g8IVut04ZfoUXglHr98QrnMdc44o/55OaJXMRcucU6P5YaavorIlFrJ5AOxuD1E6PpxXEyjK1B85ZGE5p9yB1YCdcUuk3SH5rrX67utTTGLWBzx1s1v0jYo=; 25:lPwntcQfZSMo+l3dGEhMERJ4xtILBk1O7ofmf/X/Sel83iptB+/ZPJMmDIQyH5rLTzAu9bTyL1Mx24Ey/GBf7sJpQt6TzSIo9Ho0rgQDPWCiNx/PM/sqlAmsxgmW+rsrIR9FQ+qnxqO4JhkrBv+NbkXMqrKDHEKxtyQUb2g7DErOGb9ZRdlHwQ+kUbcNp/oJChqFjbxn50lrLIOz4IN5O0naRFQFSEwq9wDT2G8j6sUz7jrML5jUAkSy/PnRbxvzlbnCEAxGc4Qouahfn6PEQMjhFSweUOXBt0IuCp3czAfqW4Y1Vv5lPkwljIWi6Nt43F3TBfBKHURccV9Y5QUY7QO0GPnl7wAebjwdp9lbhca9Xs3/AEGykN9NWFlxADuFVN0dYUHPM3yt4IbNVn5sWtNerSD2IY4l1+i+mzCTxpPFDtaFRAinTPIKMCBYcuev X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB325; X-Microsoft-Exchange-Diagnostics: 1; BLUPR03MB325; 31:uTG4AkGCKAvxYqsvh1PNcDCvzizRrUxGjAH1uiHzBqj4lsnOrP+NkNW78Dk/Z63t4l9ZR7wPhao6V5uc1fYQnNsetTa+XODosAuyEeAD7mlxseibfZHK3uTJ3QOtyvvU9cKFQwxfD3ZLAUcyHMfZZnaZeomvZaUyUlrDwo4r4It8CWyXOx4VCX+9BAWoBXcCC6e6W3AhzlDZVSV7e8zUJBk7WFiyMSc/Zqc93lkBkqKtYUyXGWlABMPJWCwTweiwK7FhoEH8VPvyd/HAm2yRAQ==; 4:gw1N/K7GDeBLU25iZI9xE6bhc7ktWmg8WoYlQPLNZ15bBKTkv45sKDZ+IycSdSgK4HZJOIlic31GNJske//V2FUflj2cKYQCHIVbDrj96VaOkNB94OTXCDecsXW+S/k4y+RE3eEfEwBhv0zOj2K5rz81fucaDqTSIn2qvzj6cIyGBUcegwLx1T5YVErRTaXOX/P41OwfWpRR2wtHpzUfAqBjcCX92evVasffaO5hIkrSuG3PgObjq6Iy3svSWmeWpFmQTOl15OoDDoF3SeJmhU1DfXZ4SiXRheI/UKlSyTbDRlhyyNbZiP8lijG8g9165d6n6PM0AHWsFs2SngrTj3wUOeWyiFkvApZUp1hmc8XQLq+6U5iYIZbYBgpjwpNFlt0hUBqYpl1yekWF1msldPdNsrSgzKXX3UAcPJsk8tp2LpQXADfOceA+7eS5zZ0uYXqBiDCdy984etl1NNp/xqFs3GKwyc4QSiW1Q4RDmbfWD3T2eVq7E9cdEFQrQKffEhcbJY9gptpEHWYsaf3VmDFNyoZbikbyzem7S6UFetoaz4P8ZAE1HnFNqmXTo4/hwlqEtnRDsIMlHwGGEd5KPxvHAtiL7jymBvzjcY31wXU= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(180628864354917)(192374486261705)(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13024025)(13018025)(13017025)(13015025)(13023025)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BLUPR03MB325; BCL:0; PCL:0; RULEID:(400006); SRVR:BLUPR03MB325; X-Forefront-PRVS: 0095BCF226 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BLUPR03MB325; 23:YNb880jYGzKWWRIDm2mgcWRgC0cPya67GqLomogW+E?= =?us-ascii?Q?LZUqRLB57oLBcpKXx/Yq62Dv2HnOFqJ/T/1movfPwYssaFShilycxKF57uJC?= =?us-ascii?Q?hpTP/fyxPZeBjKrH1FuB6FsmZQyICyqrtOYETENYI54mWRw02iQfMxcK0ohU?= =?us-ascii?Q?HF9ZLDcFFL66tLtEqWd0pC+nTUXCGXNzxGRmVLzFiUroEdCeSUhX4TgXEPdg?= =?us-ascii?Q?jIFePTZjzvKZqfhGtg+ME0VqZqMIDLT/nAPKI2pzT3bmJAwL8w15L0VeiBYg?= =?us-ascii?Q?c6GdSeqqbjoC0z2GsWmklE5sYwWWRWidD6tjwX3c4xHMxKqINpJrvAployp+?= =?us-ascii?Q?6nd/fcU1XPreVJ+/5QkzpmKTxvtZKLqDHjfVPtJTdTq9pHStC+/0Bf6IfxF7?= =?us-ascii?Q?pfu5uLE8naDUuELw1Tdh+Mw0g5n6p6JQd9v2kRxmgy1k1+1ZBJLvcNMnqhxx?= =?us-ascii?Q?un0kF22YRb0HvJjEDiw+O9gRXayr6E3M4sCmPMP0JKaJa701jnyyUOeJEtmo?= =?us-ascii?Q?u3ucO2m+rDZMGQ5uHsBO+l1uDMkOilar/RQy0TFvGdbnUUQ3q8sbhrXJbgaj?= =?us-ascii?Q?mLcN0pFFB4bKjp9ndY8sZHSq6EDfg+xyiQMxCkScnHRjt4gOt9/YWEe5I0bX?= =?us-ascii?Q?IRwf3JzOpjUV5L18A7teN4fUegWakBMZsb/w6ybx3zvsjtOstSQRp4e+SGMw?= =?us-ascii?Q?tfmPFdRubpLskx1yziH0vK9PdneOgSYiVjWCnpPMdPvbOGKxSlx9rADVref+?= =?us-ascii?Q?yW7DcUz0mv5dYU7k2Yh+4VMUYJaUNzQUChXOdcZe0W0T9sdThn1Y0p2Z5Ifl?= =?us-ascii?Q?TGFei1xfp1O3asdhkMo4YC+i8EORQNR8FReOxrPXzfj4kZ7lbCMhJVXLpFUW?= =?us-ascii?Q?Co80GpMtnaJDoVO/JPvptl0h4Oa+YnS+mzaNGM+SJvX9N61Y8ryduQXPf5jN?= =?us-ascii?Q?xp/5zGMdPMSMW91ZWt1R2NrS7tYkYAvNdr5Ydjo5scrzartr8bY4+CUz7kHZ?= =?us-ascii?Q?HVC9zaT6/55VqPnAwyLCpSzS+KMVkr9rjPPbUb00hv5qmtLmpGXZGvYxz4Gt?= =?us-ascii?Q?QNUA0giqCAn5xoLy9XvEOsGRRiXlg6aukUStanc7Fpcuoy2Bb+8P78I6Tixp?= =?us-ascii?Q?W2KzdFHVfRmzppFRPxUzNPPl09O+3knPLv23KNJvQJckZbDHK2LHNJyPKhpb?= =?us-ascii?Q?Gll3Td2lG4dBPo02Q+8F25ZdhvCZ1RXe+gg+DahDfBOlYzdcoyobwlD5L3ET?= =?us-ascii?Q?hl85remXawHjOzccPCZVEVTv6wEhgMOW72buPhgb3dol6dFhM6un7pBMvyJB?= =?us-ascii?Q?l5wjJjg+lWxTYvrT/53RDnvU4gp112c94QfhDLv/p/?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR03MB325; 6:3rY96lRlN8TpEYLnvie2kS3fO97EsvPpRIt2SE4DpRe2SLL5qx9n1EIvceRB28nLV2nBEVU40Wc64Xylb/oLk9PNpfaYbrOd+EbmPqQldBVUD+f5AHNEMxwZHweABpTN/GaZWvvvtGtuUDGDYGcbY8qCQi+ZmIobTc6DpIaFAi1asdghcj954iMDKDpC0W/zEqvQPDi5ruKaAO1oVoTiFFdSK9EUJ7qYH5VEnRnFmde5DDJrzN/knLuGHnzgBevWopoQAu6gpIjOrTDiAy6nPa9TPCgVnzgbrryroTL3x+s=; 5:J88QO9u58inTyMHKhRCZCkoOV4vJk+v/IwZSrE72WvB1jctstTINTOfviDRLn8usvcS/gNFUrYCwBl/zaVFnkKG/Pwviut+2HcbdClsbcH4j7FE/BCzWl1r2nAngt64OoYE+wRy9DLjAtRllu60jgRn/A/0HH7AaPPKrdVCuEcs=; 24:dd6cKoAqKjhXSDw6mzH4tVaBW5ElX9kccTzds2AtHAz8zNbFEvhNJ2I27n6MMNPqLM9Y9pti3m3Wcl2ctWL8XMl1Mgg26ifnm5fUFOT7Bg8=; 7:2bc9iguwSSg2gy+OFsRy8qjYJAOE84cIuVIURHYCtCxf8rANgFMmwY6sJXbAxv5Jl4qxcbOHden4w+RDp7chp28B9sPL8scB5uaT+hZtRFR2/0k5ctel4qku+OtW+iwCF3D0Jnfc7y4LzQfxppZAUTCLWU9Saq727DH9+KAKz4cXvx1cta5FB3BMTwU7u8XDwDp/HYM8llf7tzj1Bs6L2boyJlpR2hYU4jmEFfVVFQxjEPa4vS0DgUEo0eZbdQZ+vW5IbWN2/DPEyk1RLOylWX51ql403STXfyonm6DETXdu6mgw3QNYaMqofJEO1zllTZETiu8QD8NcfghS+BfL2Q== SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Oct 2016 11:01:58.0098 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB325 Subject: [PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Oct 2016 11:02:01 -0000 Content-Type: text/plain ARM TZASC-380 IP provides a mechanism to split memory regions being protected via it into eight equal-sized sub-regions, with a bit setting allowing the corresponding subregion to be disabled. Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR connected via the TZASC to be partitioned into regions having different security settings. This patch enables this support and can be used for SoCs which support such partition of DDR regions. Details of the 'subregion_disable' register can be viewed here: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0431c/CJABCFHB.html Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Bhupesh Sharma Cc: Ard Biesheuvel --- .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 21 ++++++++++++++------- ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 5 +++-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c index 6fa0774..d358d65 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c @@ -72,18 +72,21 @@ ArmPlatformSecTrustzoneInit ( // NOR Flash 0 non secure (BootMon) TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR0_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, + 0); // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, + 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, + 0); } // Base of SRAM. Only half of SRAM in Non Secure world @@ -92,22 +95,26 @@ ArmPlatformSecTrustzoneInit ( //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, + 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, + 0); } // Memory Mapped Peripherals. All in non secure world TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, ARM_VE_SMB_PERIPH_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, + 0); // MotherBoard Peripherals and On-chip peripherals. TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, + 0); } /** diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c index 070c0dc..5cd41ef 100644 --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c @@ -87,7 +87,8 @@ TZASCSetRegion ( IN UINTN LowAddress, IN UINTN HighAddress, IN UINTN Size, - IN UINTN Security + IN UINTN Security, + IN UINTN SubregionDisableMask ) { UINT32* Region; @@ -100,7 +101,7 @@ TZASCSetRegion ( MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); MmioWrite32((UINTN)(Region+1), HighAddress); - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); + MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((SubregionDisableMask & 0xFF) << 8) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); return EFI_SUCCESS; } -- 1.9.1