From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bhupesh.linux@gmail.com>
Received: from mail-yb0-x242.google.com (mail-yb0-x242.google.com
 [IPv6:2607:f8b0:4002:c09::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4E7A681E9C
 for <edk2-devel@lists.01.org>; Fri, 20 Jan 2017 03:41:00 -0800 (PST)
Received: by mail-yb0-x242.google.com with SMTP id 123so6675679ybe.0
 for <edk2-devel@lists.01.org>; Fri, 20 Jan 2017 03:41:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=2XnykjSGN8gOisFZkMrzP/J1PZLWMHZ+Bd+BAF/fMlg=;
 b=E5EWM6X4iiyHzX4IUKRl7txKs8Cm9a38ch25kXbjHpk0Ogjr6vzj1grVIS/02UOH/A
 zqwlcEGElxAnDHYhycdJ2LRG1duDg1XQz2FnXmeCmYEzHR269gyiKxuufGsiAPD3GWen
 NizbkmXxeAZRx1HalZPGPsTqgmCkNax5X7Z8yr5iozIvb9nRp5ItPFRlRHTuqAYwBD0X
 Y0tWHWPhxOP2LshyQa4qrjYQXusP56Xv+2vTFG3FAPLRSwcKNMBVfbh/XoNTCqNhp8Qc
 w7iXZ1TR4nE08+SOanUPUv8DRcsgjsdEGhXd4ExYdAVBqAiXf/rid6/5P0xKkuvs2cN3
 hNyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=2XnykjSGN8gOisFZkMrzP/J1PZLWMHZ+Bd+BAF/fMlg=;
 b=aOQuA8v5cConDmyRzLlSaeRMD+KRiiZ9XoDeJiRrnkO0fG654aBjVlZ91lYJG3YYD5
 2QQiF4w96ZBwBWwY1AtK1jN7V7fIiJVNND/yYfVmiwni8xC3z7TozfuH6G5Q7Wcmy51I
 o9wXfC8y4ar+Kh2pHfueCrvUCW1DlYRdzsH9K5NbO9PGw2uJWue0Fe5YZfm38+7Ot5qM
 o3nZyjzSSkBXBuKWo6NWMPvQ3bpwRI0iFjZjV4HCXJA4ub1FQi9kK6TlW9tWIl215KpY
 co7N/qyrcRsFXMfBfFZ2q8pIC9Il5TFzkQVHG1D0LMaVKWlkFJRirurrMW62I1obzTJK
 gnxg==
X-Gm-Message-State: AIkVDXKtH3owc18+I4WjONsEZY9g9DdNPW57cepttUHq8OMaA7Q2y2tIqsAWnzr3ze67Cg==
X-Received: by 10.237.49.225 with SMTP id 88mr11561442qth.120.1484912459302;
 Fri, 20 Jan 2017 03:40:59 -0800 (PST)
Received: from dhcppc2.redhat.com ([122.177.103.227])
 by smtp.gmail.com with ESMTPSA id s71sm5679540qkl.22.2017.01.20.03.40.55
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 20 Jan 2017 03:40:58 -0800 (PST)
From: Bhupesh Sharma <bhupesh.linux@gmail.com>
To: edk2-devel@lists.01.org
Cc: bhupesh.linux@gmail.com, Leif Lindholm <leif.lindholm@linaro.org>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Fri, 20 Jan 2017 17:10:45 +0530
Message-Id: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com>
X-Mailer: git-send-email 2.7.4
Subject: [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 11:41:00 -0000

ARM TZASC-380 IP provides a mechanism to split memory regions being
protected via it into eight equal-sized sub-regions. A bit-setting
allows the corresponding subregion to be disabled.

Several NXP/FSL SoCs support the TZASC-380 IP block and allow
the DDR connected via the TZASC to be partitioned into regions
having different security settings and also allow subregions
to be disabled.

This patch enables this support and can be used for SoCs which
support such a partition of DDR regions.

Details of the 'subregion_disable' register can be viewed here:
http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
[bhupesh.linux@gmail.com : Added my gmail ID as the NXP one is no longer valid]
Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com>
---
Changes from v2:
 - Added more descriptive arrays as suggested by Leif

 .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c       | 14 +++++++-------
 ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c    | 13 ++++++++++---
 ArmPlatformPkg/Include/Drivers/ArmTrustzone.h         | 19 ++++++++++++++++++-
 3 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774f59f8..42d731ea98c9 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
   // NOR Flash 0 non secure (BootMon)
   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
       ARM_VE_SMB_NOR0_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
   if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE,0,
-        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Base of SRAM. Only half of SRAM in Non Secure world
@@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Memory Mapped Peripherals. All in non secure world
   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
       ARM_VE_SMB_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // MotherBoard Peripherals and On-chip peripherals.
   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
 }
 
 /**
diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dcb5d4d..1f002198e552 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,20 +87,27 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   )
 {
   UINT32*     Region;
+  UINT32      RegionAttributes;
 
   if (RegionId > TZASCGetNumRegions(TzascBase)) {
     return EFI_INVALID_PARAMETER;
   }
 
+  RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) |
+                     TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) |
+                     TZASC_REGION_ATTR_SIZE(Size) |
+                     TZASC_REGION_ATTR_ENABLE(Enabled);
+
   Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
 
-  MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
+  MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress));
   MmioWrite32((UINTN)(Region+1), HighAddress);
-  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
+  MmioWrite32((UINTN)(Region+2), RegionAttributes);
 
   return EFI_SUCCESS;
 }
diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
index 78e98aad535f..827b5cd568c1 100644
--- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
+++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
@@ -71,6 +71,22 @@ TZPCClearDecProtBits (
 #define TZASC_REGION_SECURITY_NSW   1
 #define TZASC_REGION_SECURITY_NSRW  (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW)
 
+/* Some useful masks */
+#define TZASC_REGION_SETUP_LO_ADDR_MASK   0xFFFF8000
+
+#define TZASC_REGION_ATTR_SECURITY_MASK   0xF
+#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF
+#define TZASC_REGION_ATTR_SIZE_MASK       0x3F
+#define TZASC_REGION_ATTR_EN_MASK         0x1
+
+#define TZASC_REGION_SETUP_LO_ADDR(x)  ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK)
+
+#define TZASC_REGION_ATTR_SECURITY(x)  (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28)
+#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \
+                                       (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8)
+#define TZASC_REGION_ATTR_SIZE(x)      (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1)
+#define TZASC_REGION_ATTR_ENABLE(x)    ((x) & TZASC_REGION_ATTR_EN_MASK)
+
 /**
     FIXME: Need documentation
 **/
@@ -82,7 +98,8 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   );
 
 #endif
-- 
2.7.4