From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com [IPv6:2607:f8b0:400e:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 777968191D for ; Mon, 26 Dec 2016 13:16:44 -0800 (PST) Received: by mail-pg0-x243.google.com with SMTP id i5so10236426pgh.2 for ; Mon, 26 Dec 2016 13:16:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=44gHuR7R4hz5ZLiOD+HQgZwfv8dk3/eixNcMf8BM4AU=; b=FDDLGMx1Ol+aZ8nK/HZg6WxT3Lt6VPi7+ZUDLzmgIeclxMz0s8pq5pXwwjoID1KSkL lLX1V1uyozZyKQSKwPFI7cyUtqotp8fGj/mYrubnI9BnL4wtU63tJpc03+5R8CHlwNZU oSjKxfFX74IqbVmxtmGpy7w+RW2RJF1dfkKVcW/08KCI3uBDFGZTo5lN0BLpinsD66NL Obph18JDVGLCncJxD0svK+auRRYW/ah9QSGoPBURArgzAEuTXeIMmP6F7ZCWxWKS2jq1 fb6eiDJeMqHhNXQ6o5ergPdqIg4ZH8gEBWkxRKyNYwjxFE1x3ZKjIK38QuOu3k9x8J87 Hs/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=44gHuR7R4hz5ZLiOD+HQgZwfv8dk3/eixNcMf8BM4AU=; b=f8fh8qHG7deOQbZPXFPkAkyXacSeF2+lKtrDC84RB6HhDDp8d5r+OlSNqjcmKHcKHJ ko1e04gkgcFHt/5RxFRSh9Urpaxys4oqDn/LsGOyMm0LowpQuJuJOW2sg3cEAQTjAJAv yyf/dqN/Iuzga8e37SOK4sXEZjGVjMXnlkjpYaHbJVBzLkXQaCnjSFbCJ7283uZ/SAFM kgAkb0KYPRpVN8WKCvr18j75cHCOhH/LhqFaevIlHFGZuP9QfMYHUt6PqAhk7wBXdMAr dXroIENF1qEQwSJU0kWSQl4pbffjTtWw6AfhWG+I4PJEeNtuPtwdo7t3d+S4iyENTqNh Ri2Q== X-Gm-Message-State: AIkVDXIIo4oIm4WQYYUSmYt0vAtG0C+zfM93wVoLIYntkNcnEsDxhKZc1Wj0YDM1Qo1wlw== X-Received: by 10.98.9.149 with SMTP id 21mr27279126pfj.159.1482787003892; Mon, 26 Dec 2016 13:16:43 -0800 (PST) Received: from localhost.localdomain ([112.196.191.8]) by smtp.gmail.com with ESMTPSA id s5sm84979289pgj.19.2016.12.26.13.16.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Dec 2016 13:16:43 -0800 (PST) From: Bhupesh Sharma To: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Cc: Bhupesh Sharma , Leif Lindholm , Ard Biesheuvel Date: Tue, 27 Dec 2016 02:45:42 +0530 Message-Id: <1482786942-9600-1-git-send-email-bhupesh.linux@gmail.com> X-Mailer: git-send-email 2.7.4 Subject: [PATCH V2 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Dec 2016 21:16:44 -0000 ARM TZASC-380 IP provides a mechanism to split memory regions being protected via it into eight equal-sized sub-regions. A bit-setting allows the corresponding subregion to be disabled. Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR connected via the TZASC to be partitioned into regions having different security settings and also allow subregions to be disabled. This patch enables this support and can be used for SoCs which support such a partition of DDR regions. Details of the 'subregion_disable' register can be viewed here: http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html Cc: Leif Lindholm Cc: Ard Biesheuvel Signed-off-by: Bhupesh Sharma Contributed-under: TianoCore Contribution Agreement 1.0 --- .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++------- ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 10 ++++++++-- ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 3 ++- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c index 6fa0774f59f8..42d731ea98c9 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit ( // NOR Flash 0 non secure (BootMon) TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR0_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, ARM_VE_SMB_NOR1_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); } // Base of SRAM. Only half of SRAM in Non Secure world @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit ( //Note: Your OS Kernel must be aware of the secure regions before to enable this region TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0); } else { TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, ARM_VE_SMB_SRAM_BASE,0, - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); } // Memory Mapped Peripherals. All in non secure world TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, ARM_VE_SMB_PERIPH_BASE,0, - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); // MotherBoard Peripherals and On-chip peripherals. TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0); } /** diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c index 070c0dcb5d4d..c99c16d4c442 100644 --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c @@ -87,20 +87,26 @@ TZASCSetRegion ( IN UINTN LowAddress, IN UINTN HighAddress, IN UINTN Size, - IN UINTN Security + IN UINTN Security, + IN UINTN SubregionDisableMask ) { UINT32* Region; + UINT32 RegionAttributes; if (RegionId > TZASCGetNumRegions(TzascBase)) { return EFI_INVALID_PARAMETER; } + RegionAttributes = ((Security & 0xF) << 28) | + ((SubregionDisableMask & 0xFF) << 8) | + ((Size & 0x3F) << 1) | (Enabled & 0x1); + Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10)); MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); MmioWrite32((UINTN)(Region+1), HighAddress); - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); + MmioWrite32((UINTN)(Region+2), RegionAttributes); return EFI_SUCCESS; } diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h index 78e98aad535f..1ba963d7b6c5 100644 --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h @@ -82,7 +82,8 @@ TZASCSetRegion ( IN UINTN LowAddress, IN UINTN HighAddress, IN UINTN Size, - IN UINTN Security + IN UINTN Security, + IN UINTN SubregionDisableMask ); #endif -- 2.7.4