From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bhupesh.linux@gmail.com>
Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com
 [IPv6:2607:f8b0:400e:c05::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 777968191D
 for <edk2-devel@lists.01.org>; Mon, 26 Dec 2016 13:16:44 -0800 (PST)
Received: by mail-pg0-x243.google.com with SMTP id i5so10236426pgh.2
 for <edk2-devel@lists.01.org>; Mon, 26 Dec 2016 13:16:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=44gHuR7R4hz5ZLiOD+HQgZwfv8dk3/eixNcMf8BM4AU=;
 b=FDDLGMx1Ol+aZ8nK/HZg6WxT3Lt6VPi7+ZUDLzmgIeclxMz0s8pq5pXwwjoID1KSkL
 lLX1V1uyozZyKQSKwPFI7cyUtqotp8fGj/mYrubnI9BnL4wtU63tJpc03+5R8CHlwNZU
 oSjKxfFX74IqbVmxtmGpy7w+RW2RJF1dfkKVcW/08KCI3uBDFGZTo5lN0BLpinsD66NL
 Obph18JDVGLCncJxD0svK+auRRYW/ah9QSGoPBURArgzAEuTXeIMmP6F7ZCWxWKS2jq1
 fb6eiDJeMqHhNXQ6o5ergPdqIg4ZH8gEBWkxRKyNYwjxFE1x3ZKjIK38QuOu3k9x8J87
 Hs/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=44gHuR7R4hz5ZLiOD+HQgZwfv8dk3/eixNcMf8BM4AU=;
 b=f8fh8qHG7deOQbZPXFPkAkyXacSeF2+lKtrDC84RB6HhDDp8d5r+OlSNqjcmKHcKHJ
 ko1e04gkgcFHt/5RxFRSh9Urpaxys4oqDn/LsGOyMm0LowpQuJuJOW2sg3cEAQTjAJAv
 yyf/dqN/Iuzga8e37SOK4sXEZjGVjMXnlkjpYaHbJVBzLkXQaCnjSFbCJ7283uZ/SAFM
 kgAkb0KYPRpVN8WKCvr18j75cHCOhH/LhqFaevIlHFGZuP9QfMYHUt6PqAhk7wBXdMAr
 dXroIENF1qEQwSJU0kWSQl4pbffjTtWw6AfhWG+I4PJEeNtuPtwdo7t3d+S4iyENTqNh
 Ri2Q==
X-Gm-Message-State: AIkVDXIIo4oIm4WQYYUSmYt0vAtG0C+zfM93wVoLIYntkNcnEsDxhKZc1Wj0YDM1Qo1wlw==
X-Received: by 10.98.9.149 with SMTP id 21mr27279126pfj.159.1482787003892;
 Mon, 26 Dec 2016 13:16:43 -0800 (PST)
Received: from localhost.localdomain ([112.196.191.8])
 by smtp.gmail.com with ESMTPSA id s5sm84979289pgj.19.2016.12.26.13.16.41
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 26 Dec 2016 13:16:43 -0800 (PST)
From: Bhupesh Sharma <bhupesh.linux@gmail.com>
To: linaro-uefi@lists.linaro.org,
	edk2-devel@lists.01.org
Cc: Bhupesh Sharma <bhupesh.linux@gmail.com>,
 Leif Lindholm <leif.lindholm@linaro.org>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Tue, 27 Dec 2016 02:45:42 +0530
Message-Id: <1482786942-9600-1-git-send-email-bhupesh.linux@gmail.com>
X-Mailer: git-send-email 2.7.4
Subject: [PATCH V2 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Dec 2016 21:16:44 -0000

ARM TZASC-380 IP provides a mechanism to split memory regions being
protected via it into eight equal-sized sub-regions. A bit-setting
allows the corresponding subregion to be disabled.

Several NXP/FSL SoCs support the TZASC-380 IP block and allow
the DDR connected via the TZASC to be partitioned into regions
having different security settings and also allow subregions
to be disabled.

This patch enables this support and can be used for SoCs which
support such a partition of DDR regions.

Details of the 'subregion_disable' register can be viewed here:
http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com>
Contributed-under: TianoCore Contribution Agreement 1.0
---
 .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c            | 14 +++++++-------
 ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c         | 10 ++++++++--
 ArmPlatformPkg/Include/Drivers/ArmTrustzone.h              |  3 ++-
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774f59f8..42d731ea98c9 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
   // NOR Flash 0 non secure (BootMon)
   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
       ARM_VE_SMB_NOR0_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
   if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE,0,
-        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Base of SRAM. Only half of SRAM in Non Secure world
@@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Memory Mapped Peripherals. All in non secure world
   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
       ARM_VE_SMB_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // MotherBoard Peripherals and On-chip peripherals.
   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
 }
 
 /**
diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dcb5d4d..c99c16d4c442 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,20 +87,26 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   )
 {
   UINT32*     Region;
+  UINT32      RegionAttributes;
 
   if (RegionId > TZASCGetNumRegions(TzascBase)) {
     return EFI_INVALID_PARAMETER;
   }
 
+  RegionAttributes = ((Security & 0xF) << 28) |
+                     ((SubregionDisableMask & 0xFF) << 8) |
+                     ((Size & 0x3F) << 1) | (Enabled & 0x1);
+
   Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
 
   MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
   MmioWrite32((UINTN)(Region+1), HighAddress);
-  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
+  MmioWrite32((UINTN)(Region+2), RegionAttributes);
 
   return EFI_SUCCESS;
 }
diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
index 78e98aad535f..1ba963d7b6c5 100644
--- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
+++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
@@ -82,7 +82,8 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   );
 
 #endif
-- 
2.7.4