From: Bhupesh Sharma <bhupesh.sharma@nxp.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Leif Lindholm <leif.lindholm@linaro.org>,
Bhupesh Sharma <bhupesh.sharma@nxp.com>
Cc: "edk2-devel@ml01.01.org" <edk2-devel@ml01.01.org>,
"linaro-uefi@lists.linaro.org" <linaro-uefi@lists.linaro.org>,
Evan Lloyd <evan.lloyd@arm.com>,
Ryan Harkin <ryan.harkin@linaro.org>
Subject: Re: [RESEND PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled
Date: Thu, 27 Oct 2016 05:23:17 +0000 [thread overview]
Message-ID: <AM4PR0401MB22893A5FFA18C7EF77CF8BA488AA0@AM4PR0401MB2289.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <CAKv+Gu82wFjgN8N_n+OU+RK6sr0ixBtwipniOx80NfstOX0+tw@mail.gmail.com>
Hi Ard,
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Monday, October 17, 2016 7:46 PM
>
> On 17 October 2016 at 14:25, Leif Lindholm <leif.lindholm@linaro.org>
> wrote:
> > On Mon, Oct 17, 2016 at 10:18:01AM +0000, Bhupesh Sharma wrote:
> >> Hi Ard, Leif,
> >>
> >> Any comments on this patch ?
> >
> > You didn't cc me before :)
> >
> > But more importantly, I don't really have any platform to test this
> > on, so I could use a Tested-by: from someone who does. Evan, do you?
> >
> >> > From: Bhupesh Sharma [mailto:bhupesh.sharma@nxp.com]
> >> > Sent: Friday, October 14, 2016 4:40 PM
> >> >
> >> > ARM TZASC-380 IP provides a mechanism to split memory regions
> being
> >> > protected via it into eight equal-sized sub-regions, with a bit
> >> > setting allowing the corresponding subregion to be disabled.
> >> >
> >> > Several NXP/FSL SoCs support the TZASC-380 IP block and allow the
> >> > DDR connected via the TZASC to be partitioned into regions having
> >> > different security settings.
> >> >
> >> > This patch enables this support and can be used for SoCs which
> >> > support such partition of DDR regions.
> >> >
> >> > Details of the 'subregion_disable'
> >
> > This is not actually what the register is called in the link you're
> > providing.
> >
> >> > register can be viewed here:
> >> >
> http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0431
> >> > c/CJ
> >> > ABCFHB.html
> >> >
> >> > Contributed-under: TianoCore Contribution Agreement 1.0
> >> > Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
> >> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> > ---
> >> > .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 21
> >> > ++++++++++++++-------
> >> > ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 5 +++--
> >> > ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 3 ++-
> >> > 3 files changed, 19 insertions(+), 10 deletions(-)
> >> >
> >> > diff --git
> >> >
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA
> >> > 9x4S
> >> > ec.c
> >> >
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA
> >> > 9x4S
> >> > ec.c
> >> > index 6fa0774..d358d65 100644
> >> > ---
> >> >
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA
> >> > 9x4S
> >> > ec.c
> >> > +++
> >> >
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA
> >> > 9
> >> > +++ x4Sec.c
> >> > @@ -72,18 +72,21 @@ ArmPlatformSecTrustzoneInit (
> >> > // NOR Flash 0 non secure (BootMon)
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_NOR0_BASE,0,
> >> > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >> >
> >> > // NOR Flash 1. The first half of the NOR Flash1 must be secure
> >> > for the secure firmware (sec_uefi.bin)
> >> > if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
> >> > //Note: Your OS Kernel must be aware of the secure regions
> >> > before to enable this region
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
> >> > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >
> > TAB used (convert to spaces).
> >
> >> > } else {
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_NOR1_BASE,0,
> >> > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >
> > TAB used (convert to spaces).
> >
> >> > }
> >> >
> >> > // Base of SRAM. Only half of SRAM in Non Secure world @@ -
> 92,22
> >> > +95,26 @@ ArmPlatformSecTrustzoneInit (
> >> > //Note: Your OS Kernel must be aware of the secure regions
> >> > before to enable this region
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_SRAM_BASE,0,
> >> > - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >
> > TAB used (convert to spaces).
> >
> >> > } else {
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_SRAM_BASE,0,
> >> > - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >
> > TAB used (convert to spaces).
> >
> > (These are all found by BaseTools/Scripts/PatchCheck.py, which also
> > points out that the subject line is too long.)
> >
> >> > }
> >> >
> >> > // Memory Mapped Peripherals. All in non secure world
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_PERIPH_BASE,0,
> >> > - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >> >
> >> > // MotherBoard Peripherals and On-chip peripherals.
> >> > TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
> >> > ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
> >> > - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
> >> > + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW,
> >> > + 0);
> >> > }
> >> >
> >> > /**
> >> > diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> >> > b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> >> > index 070c0dc..5cd41ef 100644
> >> > --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> >> > +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> >> > @@ -87,7 +87,8 @@ TZASCSetRegion (
> >> > IN UINTN LowAddress,
> >> > IN UINTN HighAddress,
> >> > IN UINTN Size,
> >> > - IN UINTN Security
> >> > + IN UINTN Security,
> >> > + IN UINTN SubregionDisableMask
> >> > )
> >> > {
> >> > UINT32* Region;
> >> > @@ -100,7 +101,7 @@ TZASCSetRegion (
> >> >
> >> > MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
> >> > MmioWrite32((UINTN)(Region+1), HighAddress);
> >> > - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size
> >> > &
> >> > 0x3F) << 1) | (Enabled & 0x1));
> >> > + MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) |
> >> > + ((SubregionDisableMask & 0xFF) << 8) | ((Size & 0x3F) << 1) |
> >> > (Enabled
> >> > + & 0x1));
> >
> > I think these additions tip the code over to where a temporary
> > variable should be used for the register value.
> >
> >> >
> >> > return EFI_SUCCESS;
> >> > }
> >> > diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> >> > b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> >> > index 78e98aa..1ba963d 100644
> >> > --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> >> > +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> >> > @@ -82,7 +82,8 @@ TZASCSetRegion (
> >> > IN UINTN LowAddress,
> >> > IN UINTN HighAddress,
> >> > IN UINTN Size,
> >> > - IN UINTN Security
> >> > + IN UINTN Security,
> >> > + IN UINTN SubregionDisableMask
> >> > );
> >
> > This modifies a prototype of a function implemented in:
> >
> ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Se
> > c.c
> > ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibRTSM/RTSMSec.c
> > ArmPlatformPkg/Library/ArmPlatformSecLibNull/ArmPlatformLibNullSec.c
> >
> > But only modifies the implementation in one of them.
> > Arguably, the RTSM one could simply be deleted (probably), but if
> > we're keeping this library, then the LibNullSec should at least be
> > kept up to date.
> >
> > Ard: comments on deleting the RTSM one?
> >
>
> Nope.
Ok, so should I send these changes for RTSM model also or should I update the LibNullSec.
Please let me know.
Thanks,
Bhupesh
next prev parent reply other threads:[~2016-10-27 5:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-14 11:09 [RESEND PATCH 1/1] ArmPlatformPkg/ArmTrustZone: Add support for specifying Subregions to be disabled Bhupesh Sharma
2016-10-17 10:18 ` Bhupesh Sharma
2016-10-17 13:25 ` Leif Lindholm
2016-10-17 14:15 ` Ard Biesheuvel
2016-10-27 5:23 ` Bhupesh Sharma [this message]
2016-10-27 5:21 ` Bhupesh Sharma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM4PR0401MB22893A5FFA18C7EF77CF8BA488AA0@AM4PR0401MB2289.eurprd04.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox