From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leif.lindholm@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::441; helo=mail-wr1-x441.google.com;
 envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com
 [IPv6:2a00:1450:4864:20::441])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 85377211B1112
 for <edk2-devel@lists.01.org>; Tue, 22 Jan 2019 09:26:48 -0800 (PST)
Received: by mail-wr1-x441.google.com with SMTP id x10so28269939wrs.8
 for <edk2-devel@lists.01.org>; Tue, 22 Jan 2019 09:26:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=muU7sv8YnqQ0rgfy5P2W6+5jA8ojVj+ExJsFr/U1jgU=;
 b=E/X012XcGbgL+JMimv5XEkSF6qPcnPI7CQCnVAslv777n+DfDTniTkA2v9jpL3b5kx
 C3T80/jLH6raXVt0mdk1I6yLFBEpsXoxVJlcKUX8p5kW/5+Ne6gGbfN9nz5j2COkhrNE
 VzvjHnH/4sgmKhihvfoLgiwcUFWNlz+JBMXfI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=muU7sv8YnqQ0rgfy5P2W6+5jA8ojVj+ExJsFr/U1jgU=;
 b=UtsftMKi8clSeacZ2jhUB7W0oCrnucULGjsaE5l4CBnDOGU3pTxlsBbd1d7/ZhP0PW
 J89ay0Hanoaz2uy+PZDZ+Y5Y9bApCtCK0pZ4RarsPEXx/q3ptORTtZ/lwZ6ESomUzAU4
 /r2h6VWgOaqTDeUwFNOeWumozXn9A7zzV7qh7zcrR0D2fd/g1+059AqVZigGzIup3kHR
 xljjKd8Ej0TpFGJDR5nCCxZ8q/RcTVqAhf8+KtQGOxs4JiMTznQ+kdaT94oE/fPcMqa3
 gDb41FrqWbwX1weiOkMf6Jg9XuYoUa43aVoemRLS1pCy+Mze8iqkFny9vTfEFNm1EXpr
 uWiA==
X-Gm-Message-State: AJcUukdUnczppOEx2Irx0tUA+hxAD1nB88cDbIGRZ9774/1AZ9B1ENcx
 44S5DnXKSie34L8sYDyY7TqH6Q==
X-Google-Smtp-Source: ALg8bN6md2shm9W24k2WOwTUj890F6mxCabfQm0d8wfG0ZU+MdNQedYYwZ+RvSTg2CvthQ98XrYYMA==
X-Received: by 2002:adf:cd0e:: with SMTP id w14mr35059910wrm.218.1548178006543; 
 Tue, 22 Jan 2019 09:26:46 -0800 (PST)
Received: from bivouac.eciton.net (bivouac.eciton.net.
 [2a00:1098:0:86:1000:23:0:2])
 by smtp.gmail.com with ESMTPSA id 199sm60022739wmh.21.2019.01.22.09.26.44
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 22 Jan 2019 09:26:45 -0800 (PST)
Date: Tue, 22 Jan 2019 17:26:43 +0000
From: Leif Lindholm <leif.lindholm@linaro.org>
To: Marcin Wojtas <mw@semihalf.com>
Cc: edk2-devel@lists.01.org, ard.biesheuvel@linaro.org, nadavh@marvell.com,
 jsd@semihalf.com, jaz@semihalf.com, kostap@marvell.com
Message-ID: <20190122172643.i6newphbfjiertsb@bivouac.eciton.net>
References: <1548120742-11928-1-git-send-email-mw@semihalf.com>
 <1548120742-11928-2-git-send-email-mw@semihalf.com>
MIME-Version: 1.0
In-Reply-To: <1548120742-11928-2-git-send-email-mw@semihalf.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Subject: Re: [platforms: PATCH v2 1/4] Marvell/Armada7k8k: Shift PEI stack base
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 17:26:48 -0000
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Jan 22, 2019 at 02:32:19AM +0100, Marcin Wojtas wrote:
> Recent changes in the ARM-TF configure its runtime serices region
> as protected, hence the hitherto PEI stack base address (0x41F0000)
> violated it.
> 
> In order to fix this, extend the region which is non-accessible
> by the OS to cover both the ARM-TF (0x4000000 - 0x4200000) and OPTEE
> (0x4400000 - 0x5400000) within a single area (0x4000000 - 0x5400000).
> Set the PEI stack base address between both images (0x43F0000).

OK, that is a much better description.
But I'm getting slight cognitive dissonance from placing the PEI stack
inside something we've just claimed belongs to Secure world...

Could you instead break this out into two separate protected regions?
PcdSecureOpteeBase/Size and PcdSecureTfBase/Size?

Alternatively, nudge the stackbase to 0x5400000?

/
    Leif

> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Marcin Wojtas <mw@semihalf.com>
> ---
>  Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc b/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> index eafcd6e..c8c597f 100644
> --- a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> +++ b/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> @@ -376,12 +376,12 @@
>  
>    gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|36
>  
> -  gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x41F0000
> +  gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x43F0000
>    gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x10000
>  
>    # Secure region reservation
>    gMarvellTokenSpaceGuid.PcdSecureRegionBase|0x4000000
> -  gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x0200000
> +  gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x1400000
>  
>    # TRNG
>    gMarvellTokenSpaceGuid.PcdEip76TrngBaseAddress|0xF2760000
> -- 
> 2.7.4
>