From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on060c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::60c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 633CD1A1E24 for ; Mon, 17 Oct 2016 03:18:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QwZOSF+oWlD/sAybo2sxCzJSVr1qcKi+kSewRRzwgrk=; b=clvKLS+x0VKr8b/CJCSrGcx6qNohTawVsplLgi5Ah70b81zp7aVRFJ8LQr33lJme3DcJnVVJqJV6SjDLrlAalAXVyAv3iVv9cAE840l9UhrrZn7XlBaZuPk5OuQwJZAKiXBCNWsYTa2D8z00X64c0BtZv+zvLLEEqt5xxrNQYSg= Received: from AM4PR0401MB2289.eurprd04.prod.outlook.com (10.165.45.12) by AM4PR0401MB2291.eurprd04.prod.outlook.com (10.165.45.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.8; Mon, 17 Oct 2016 10:18:01 +0000 Received: from AM4PR0401MB2289.eurprd04.prod.outlook.com ([10.165.45.12]) by AM4PR0401MB2289.eurprd04.prod.outlook.com ([10.165.45.12]) with mapi id 15.01.0659.025; Mon, 17 Oct 2016 10:18:01 +0000 From: Bhupesh Sharma To: "edk2-devel@ml01.01.org" , Ard Biesheuvel , Leif Lindholm CC: "linaro-uefi@lists.linaro.org" , "Bhupesh Sharma" Thread-Topic: [RESEND PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled Thread-Index: AQHSJg0TdnbQqmbe1UKsTtgYkyg4c6CscvEQ Date: Mon, 17 Oct 2016 10:18:01 +0000 Message-ID: References: <1476443381-30175-1-git-send-email-bhupesh.sharma@nxp.com> In-Reply-To: <1476443381-30175-1-git-send-email-bhupesh.sharma@nxp.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=bhupesh.sharma@nxp.com; x-originating-ip: [192.88.169.1] x-ms-office365-filtering-correlation-id: 22b6a203-aa87-42e9-8c14-08d3f676e054 x-microsoft-exchange-diagnostics: 1; AM4PR0401MB2291; 7:sEqpJ3Hy4FM/P4Cm2Yp0w2uKX/XvHDokmiCfK5w10PrMItbNaOA0yEPdYoo5Dv/jFgfviPz4WHAO/amn3gtzRfAzvww1hDsdQHiJREYxMx7GZ4ZOLsERsm3m/+/IDFQ1rT39V13Rg1dIPkqDHD6l3aD6E7fUsMO9ZKc3UUkZU4vbKjoCm3cvCvJuEZfRun234a1Jp5rJBddCsCtdgPCV88WpbwsbbeRM+xYgHCJXCC8C4n4frxUvhJedUXjJ8KNkLohPXdBXvng57Zl0xbbG1PAU7JDm+972HIu8sFxq0b7GWEUN1KLNk24UfkL/G0uXUx6bXfcgYlODx4p/p6mUzyQUobD5fogbM/4l+3cDK4M= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0401MB2291; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705)(185117386973197); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:AM4PR0401MB2291; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0401MB2291; x-forefront-prvs: 0098BA6C6C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(6009001)(7916002)(377454003)(189002)(199003)(3280700002)(92566002)(5002640100001)(19580405001)(7696004)(106356001)(19580395003)(586003)(9686002)(105586002)(2950100002)(74316002)(3846002)(5001770100001)(81166006)(81156014)(6116002)(102836003)(122556002)(87936001)(101416001)(2501003)(97736004)(68736007)(11100500001)(189998001)(2906002)(2900100001)(76576001)(7846002)(15975445007)(10400500002)(3660700001)(7736002)(5660300001)(8676002)(54356999)(76176999)(305945005)(33656002)(8936002)(106116001)(50986999)(66066001)(86362001)(4326007)(575784001)(77096005)(217873001)(19627235001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0401MB2291; H:AM4PR0401MB2289.eurprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2016 10:18:01.7651 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0401MB2291 Subject: Re: [RESEND PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 10:18:05 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Ard, Leif, Any comments on this patch ? > From: Bhupesh Sharma [mailto:bhupesh.sharma@nxp.com] > Sent: Friday, October 14, 2016 4:40 PM >=20 > ARM TZASC-380 IP provides a mechanism to split memory regions being > protected via it into eight equal-sized sub-regions, with a bit setting > allowing the corresponding subregion to be disabled. >=20 > Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR > connected via the TZASC to be partitioned into regions having different > security settings. >=20 > This patch enables this support and can be used for SoCs which support > such partition of DDR regions. >=20 > Details of the 'subregion_disable' register can be viewed here: > http://infocenter.arm.com/help/index.jsp?topic=3D/com.arm.doc.ddi0431c/CJ > ABCFHB.html >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Bhupesh Sharma > Cc: Ard Biesheuvel > --- > .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 21 > ++++++++++++++------- > ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 5 +++-- > ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 3 ++- > 3 files changed, 19 insertions(+), 10 deletions(-) >=20 > diff --git > a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S > ec.c > b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S > ec.c > index 6fa0774..d358d65 100644 > --- > a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4S > ec.c > +++ > b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9 > +++ x4Sec.c > @@ -72,18 +72,21 @@ ArmPlatformSecTrustzoneInit ( > // NOR Flash 0 non secure (BootMon) > TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR0_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, > + 0); >=20 > // NOR Flash 1. The first half of the NOR Flash1 must be secure for > the secure firmware (sec_uefi.bin) > if (PcdGetBool (PcdTrustzoneSupport) =3D=3D TRUE) { > //Note: Your OS Kernel must be aware of the secure regions before > to enable this region > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, > + 0); > } else { > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, > ARM_VE_SMB_NOR1_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, > + 0); > } >=20 > // Base of SRAM. Only half of SRAM in Non Secure world @@ -92,22 > +95,26 @@ ArmPlatformSecTrustzoneInit ( > //Note: Your OS Kernel must be aware of the secure regions before > to enable this region > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, > ARM_VE_SMB_SRAM_BASE,0, > - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, > + 0); > } else { > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, > ARM_VE_SMB_SRAM_BASE,0, > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, > + 0); > } >=20 > // Memory Mapped Peripherals. All in non secure world > TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, > ARM_VE_SMB_PERIPH_BASE,0, > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, > + 0); >=20 > // MotherBoard Peripherals and On-chip peripherals. > TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, > ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, > - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); > + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, > + 0); > } >=20 > /** > diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > index 070c0dc..5cd41ef 100644 > --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c > @@ -87,7 +87,8 @@ TZASCSetRegion ( > IN UINTN LowAddress, > IN UINTN HighAddress, > IN UINTN Size, > - IN UINTN Security > + IN UINTN Security, > + IN UINTN SubregionDisableMask > ) > { > UINT32* Region; > @@ -100,7 +101,7 @@ TZASCSetRegion ( >=20 > MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); > MmioWrite32((UINTN)(Region+1), HighAddress); > - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & > 0x3F) << 1) | (Enabled & 0x1)); > + MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | > + ((SubregionDisableMask & 0xFF) << 8) | ((Size & 0x3F) << 1) | > (Enabled > + & 0x1)); >=20 > return EFI_SUCCESS; > } > diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > index 78e98aa..1ba963d 100644 > --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h > @@ -82,7 +82,8 @@ TZASCSetRegion ( > IN UINTN LowAddress, > IN UINTN HighAddress, > IN UINTN Size, > - IN UINTN Security > + IN UINTN Security, > + IN UINTN SubregionDisableMask > ); >=20 > #endif > -- > 1.9.1 >=20 Regards, Bhupesh