From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leif.lindholm@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::443; helo=mail-wr1-x443.google.com;
 envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com
 [IPv6:2a00:1450:4864:20::443])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 93D0D211B81B1
 for <edk2-devel@lists.01.org>; Tue, 22 Jan 2019 11:07:24 -0800 (PST)
Received: by mail-wr1-x443.google.com with SMTP id c14so28739087wrr.0
 for <edk2-devel@lists.01.org>; Tue, 22 Jan 2019 11:07:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:content-transfer-encoding:in-reply-to
 :user-agent; bh=naWAC+IqAJc0/F+p0ARpA8sdCZ76IGzRatEQJws8CDw=;
 b=LOf0vWErfspZy4Pxps4MpoUaMCdRQ4IAHrTwLvQyjMep6i5aLrxUq7BxhwXKCH2ynF
 146dtcwkBrCD+3IHORBgaq1MqiMFGFKUXlcI6Wr+72UQR0sKo9jJYj/Y0vgaTfXyHVCS
 Xl5W2JQq7Cn8ck8KYC7BTI710itEsJNJbNacc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:content-transfer-encoding
 :in-reply-to:user-agent;
 bh=naWAC+IqAJc0/F+p0ARpA8sdCZ76IGzRatEQJws8CDw=;
 b=OyLc4Lj3bbYYXa/EbIX/ZrJD8X1zlMiLg649hVj2WnDfUyDiITJAP+7Klohsq34Hz3
 YwoPTUic6yg6JCOkDz0TPyUO4Rou7mSF3WDVXs76QayFbTGOD5B40hCEHOuvaABTgppz
 aBHJKhzvGkjx15vDa+BDQVR4Ttn6nk2Al2z3CK2GsCAEFLIfabNvW6cxdVuGam8Bz3rh
 M4rJ5DqW2Si2gPjKW/xDJOnWNatmtNYpFsDbsyuCap3HcT3VzwVw5/yA1gl47qnpnCNF
 aAKbqtWHnGAVC3hoKs2qsHtXLO5Dsj3GET/8FJobvaxYeOHPDCG7tA8IJ5pz9pbf9M0h
 k4hA==
X-Gm-Message-State: AJcUukdCQ8EnV01vrKW+/08lGnQiZa5/vm5iRC8FRBCbQ1vnM3DJHl5O
 ZrNx662FmTaHK9vIaSKRjgsq0g==
X-Google-Smtp-Source: ALg8bN6AHu3fJ9xXwx+95P/SYf0fWvj4jBBIOu3EUsYHWsso1S1gS1nWfs5DqvzzVBZQgQA6q1dCuQ==
X-Received: by 2002:adf:e247:: with SMTP id n7mr32656161wri.205.1548184012040; 
 Tue, 22 Jan 2019 11:06:52 -0800 (PST)
Received: from bivouac.eciton.net (bivouac.eciton.net.
 [2a00:1098:0:86:1000:23:0:2])
 by smtp.gmail.com with ESMTPSA id c65sm54185900wma.24.2019.01.22.11.06.51
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 22 Jan 2019 11:06:51 -0800 (PST)
Date: Tue, 22 Jan 2019 19:06:49 +0000
From: Leif Lindholm <leif.lindholm@linaro.org>
To: Marcin Wojtas <mw@semihalf.com>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, nadavh@marvell.com,
 "jsd@semihalf.com" <jsd@semihalf.com>,
 Grzegorz Jaszczyk <jaz@semihalf.com>,
 Kostya Porotchkin <kostap@marvell.com>
Message-ID: <20190122190649.x2bh7gd5szxmfxy5@bivouac.eciton.net>
References: <1548120742-11928-1-git-send-email-mw@semihalf.com>
 <1548120742-11928-2-git-send-email-mw@semihalf.com>
 <20190122172643.i6newphbfjiertsb@bivouac.eciton.net>
 <CAPv3WKezXgovav6a5NG4rDGLOok5EZkc2MLwB4DqA3X0p33NUQ@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAPv3WKezXgovav6a5NG4rDGLOok5EZkc2MLwB4DqA3X0p33NUQ@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Subject: Re: [platforms: PATCH v2 1/4] Marvell/Armada7k8k: Shift PEI stack base
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 19:07:24 -0000
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

On Tue, Jan 22, 2019 at 07:26:58PM +0100, Marcin Wojtas wrote:
> Hi Leif,
> 
> wt., 22 sty 2019 o 18:26 Leif Lindholm <leif.lindholm@linaro.org> napisał(a):
> >
> > On Tue, Jan 22, 2019 at 02:32:19AM +0100, Marcin Wojtas wrote:
> > > Recent changes in the ARM-TF configure its runtime serices region
> > > as protected, hence the hitherto PEI stack base address (0x41F0000)
> > > violated it.
> > >
> > > In order to fix this, extend the region which is non-accessible
> > > by the OS to cover both the ARM-TF (0x4000000 - 0x4200000) and OPTEE
> > > (0x4400000 - 0x5400000) within a single area (0x4000000 - 0x5400000).
> > > Set the PEI stack base address between both images (0x43F0000).
> >
> > OK, that is a much better description.
> > But I'm getting slight cognitive dissonance from placing the PEI stack
> > inside something we've just claimed belongs to Secure world...
> >
> > Could you instead break this out into two separate protected regions?
> > PcdSecureOpteeBase/Size and PcdSecureTfBase/Size?
> >
> > Alternatively, nudge the stackbase to 0x5400000?
> 
> As discussed some time ago with Ard, when the PEI stack base was
> introduced, it is recommended that this stack is placed in the
> location, which is not accessible by OS. Most preferred is to have it
> in the SRAM (cannot do it on Armada7k8k) or in a reserved region - cut
> out from the memory map passed to the OS.
> 
> Currently we have a single region (a "hole") that covers:
> 2MB for EL3 runtime services
> 2MB of nothing
> 16MB for OPTEE image
> 
> The 2MB space between images IMO seems perfect for PEI stack to place.
> If it was placed e.g. @0x5400000 and we kept the reserved regions
> separate, the outcome would be:
> 2MB for EL3 runtime services
> 2MB of DRAM normal memory
> 16MB + 64kB for Optee and PEI stack base.
> 
> This is the reason, I'd like to keep original setting, proposed in the
> patch. Please let know your opinion.

I have no issue with the placement of the PEI stack between the ARM-TF
region and the Op-TEE region. I _have_ an issue with the PEI stack
being placed between PcdSecureRegionBase and (PcdSecureRegionBase +
PcdSecureRegionSize). I.e. something that we describe as "the Secure
region".

I think I gave my suggestion for the resolution of this problem (with
moving StackBase to 0x05400000 as the alternative) in my previous
reply.

Best Regards,

Leif

> 
> Best regards,
> Marcin
> 
> 
> >
> > /
> >     Leif
> >
> > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > Signed-off-by: Marcin Wojtas <mw@semihalf.com>
> > > ---
> > >  Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc b/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> > > index eafcd6e..c8c597f 100644
> > > --- a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> > > +++ b/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc
> > > @@ -376,12 +376,12 @@
> > >
> > >    gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|36
> > >
> > > -  gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x41F0000
> > > +  gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x43F0000
> > >    gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x10000
> > >
> > >    # Secure region reservation
> > >    gMarvellTokenSpaceGuid.PcdSecureRegionBase|0x4000000
> > > -  gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x0200000
> > > +  gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x1400000
> > >
> > >    # TRNG
> > >    gMarvellTokenSpaceGuid.PcdEip76TrngBaseAddress|0xF2760000
> > > --
> > > 2.7.4
> > >