From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E8AE681F60 for ; Thu, 26 Jan 2017 06:36:38 -0800 (PST) Received: by mail-wm0-x232.google.com with SMTP id r126so74853039wmr.0 for ; Thu, 26 Jan 2017 06:36:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=0ObmuT6J20JIPYKZhx8PaX1pmoYeucxJup4puT2TfyY=; b=gsR9hb6MloPCi8o/+j2jhjs1fhxJbN3jesZt9EdDo36mkM5A+r5iYqzVjC+orocaou nJq2g/JN6j0C3jF4k7r27ap7BVEnTHHKYFQV/2GIzmNr3Yw+g3eCcf2djE2poR1B1apd IEN9rjFkeZ2KzUIbr9kA4O8Q1/y/hGzfjzWsg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=0ObmuT6J20JIPYKZhx8PaX1pmoYeucxJup4puT2TfyY=; b=sWZPgVT+x0EY+2buh9x2c7i7PMbRx+NnEYfh9ps+i9MPU87JH6CtuhFlqODTu0AJFD ILQyM/IsA0AmPfwVRInGWzoQcTHXElDpgh6xL3Jtpk3Mo70oonlzJfJrxIvUtT7JhRjm K+YtOqbgkKZDrJeAxiV2uxlSWqG4xSgsAyqGEtBR+uQCmiFuG/o07gBGTXS3yjzCzWc8 y/0BaZvIfo+JFyMPhYXy+A+SIb/MuXc+VEklDbKqVYh8bzWk9DPlsXFK61+wYv+jwY/3 fI60Wm6LrXFVahGayMTdSjIMmOPKPgA0QpZLx1J+CUXBeSFsbzpXf1CdjIj8xYSoY0Ft wbqA== X-Gm-Message-State: AIkVDXKbglzJdRdsHwhUl+JgFN+hcQb89yHqwHwYaKQv3bmWs4t8NzpzeNPZ71Ggh5anzKOu X-Received: by 10.223.177.195 with SMTP id r3mr3048967wra.147.1485441396750; Thu, 26 Jan 2017 06:36:36 -0800 (PST) Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id w16sm18005977wmd.4.2017.01.26.06.36.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jan 2017 06:36:36 -0800 (PST) Date: Thu, 26 Jan 2017 14:36:33 +0000 From: Leif Lindholm To: Bhupesh Sharma Cc: edk2-devel@lists.01.org, Ard Biesheuvel Message-ID: <20170126143633.GY25883@bivouac.eciton.net> References: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com> MIME-Version: 1.0 In-Reply-To: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2017 14:36:39 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 20, 2017 at 05:10:45PM +0530, Bhupesh Sharma wrote: > ARM TZASC-380 IP provides a mechanism to split memory regions being > protected via it into eight equal-sized sub-regions. A bit-setting > allows the corresponding subregion to be disabled. > > Several NXP/FSL SoCs support the TZASC-380 IP block and allow > the DDR connected via the TZASC to be partitioned into regions > having different security settings and also allow subregions > to be disabled. > > This patch enables this support and can be used for SoCs which > support such a partition of DDR regions. > > Details of the 'subregion_disable' register can be viewed here: > http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html > > Cc: Leif Lindholm > Cc: Ard Biesheuvel > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Bhupesh Sharma > [bhupesh.linux@gmail.com : Added my gmail ID as the NXP one is no longer valid] > Signed-off-by: Bhupesh Sharma Thanks for the cleanup. I may actually delete that CTA9x4 lib once your platform gets in... Reviewed-by: Leif Lindholm Pushed as 465663e. > --- > Changes from v2: > - Added more descriptive arrays as suggested by Leif > > .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++------- > ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 13 ++++++++++--- > ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 19 ++++++++++++++++++- > 3 files changed, 35 insertions(+), 11 deletions(-) > > diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c > index 6fa0774f59f8..42d731ea98c9 100644 > --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c > +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c > @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit ( > // NOR Flash 0 non secure (BootMon) > TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR0_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); > > // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) > if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { > //Note: Your OS Kernel must be aware of the secure regions before to enable this region > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); > } else { > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR1_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); > } > > // Base of SRAM. Only half of SRAM in Non Secure world > @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit ( > //Note: Your OS Kernel must be aware of the secure regions before to enable this region > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, > ARM_VE_SMB_SRAM_BASE,0, > - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0); > } else { > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, > ARM_VE_SMB_SRAM_BASE,0, > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); > } > > // Memory Mapped Peripherals. All in non secure world > TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, > ARM_VE_SMB_PERIPH_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); > > // MotherBoard Peripherals and On-chip peripherals. > TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, > ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, > - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0); > } > > /** > diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > index 070c0dcb5d4d..1f002198e552 100644 > --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > @@ -87,20 +87,27 @@ TZASCSetRegion ( > IN UINTN LowAddress, > IN UINTN HighAddress, > IN UINTN Size, > - IN UINTN Security > + IN UINTN Security, > + IN UINTN SubregionDisableMask > ) > { > UINT32* Region; > + UINT32 RegionAttributes; > > if (RegionId > TZASCGetNumRegions(TzascBase)) { > return EFI_INVALID_PARAMETER; > } > > + RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) | > + TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) | > + TZASC_REGION_ATTR_SIZE(Size) | > + TZASC_REGION_ATTR_ENABLE(Enabled); > + > Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10)); > > - MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); > + MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress)); > MmioWrite32((UINTN)(Region+1), HighAddress); > - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); > + MmioWrite32((UINTN)(Region+2), RegionAttributes); > > return EFI_SUCCESS; > } > diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > index 78e98aad535f..827b5cd568c1 100644 > --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > @@ -71,6 +71,22 @@ TZPCClearDecProtBits ( > #define TZASC_REGION_SECURITY_NSW 1 > #define TZASC_REGION_SECURITY_NSRW (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW) > > +/* Some useful masks */ > +#define TZASC_REGION_SETUP_LO_ADDR_MASK 0xFFFF8000 > + > +#define TZASC_REGION_ATTR_SECURITY_MASK 0xF > +#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF > +#define TZASC_REGION_ATTR_SIZE_MASK 0x3F > +#define TZASC_REGION_ATTR_EN_MASK 0x1 > + > +#define TZASC_REGION_SETUP_LO_ADDR(x) ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK) > + > +#define TZASC_REGION_ATTR_SECURITY(x) (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28) > +#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \ > + (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8) > +#define TZASC_REGION_ATTR_SIZE(x) (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1) > +#define TZASC_REGION_ATTR_ENABLE(x) ((x) & TZASC_REGION_ATTR_EN_MASK) > + > /** > FIXME: Need documentation > **/ > @@ -82,7 +98,8 @@ TZASCSetRegion ( > IN UINTN LowAddress, > IN UINTN HighAddress, > IN UINTN Size, > - IN UINTN Security > + IN UINTN Security, > + IN UINTN SubregionDisableMask > ); > > #endif > -- > 2.7.4 >