From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 75BD081FB0 for ; Tue, 31 Jan 2017 01:48:14 -0800 (PST) Received: by mail-lf0-x235.google.com with SMTP id x1so121579820lff.0 for ; Tue, 31 Jan 2017 01:48:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LyVmoQ8nMV6aJX6xzmC9zaxxVuKYF8QL1UQj4loBiA8=; b=fzaV1pSouYNgcYkUA8+ALMgeR5YtkFbctTBdCFh881ToyyVJu/ufR4kUuvz1h87xL3 dgJJsKmsjJoUhIZw9M20ua/C/1BKag93nYHRbwuriiNqGj20n7pG/edNS2EwhrmpmYhc 5GbPOXkacFxwg1flfnTvxhfGHt0dPtxL1Yeu4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LyVmoQ8nMV6aJX6xzmC9zaxxVuKYF8QL1UQj4loBiA8=; b=Sssn3kIc8DXRP9a5ePXkb+/FXhGzEujx5QrWg+dY7OaHBCYvCk/8t88nXRWstWNTT8 SCmjUU/fNzKXYZ1IPOy9nw3t+r6InjV4+bzJz8j6+JU3QZ6swXn26C1YqrdR3qTNFnBr L9pDeeeRwacupmy+SZYmJi3Ni87TYpo4v5g0UkMpUtfChIweiltqkq+WkQpXlx2nwocQ +UaYWxnADncDbG4OtI6SKggEob5/JZ3g4dGES2KUoaDRemnf/JfHKaREsLn0URNaNFph aA5TJHIUS6S74Wa12oYukbvQAZMI6KoWCRS22a4bnECsgQybOdKu8xT6fKKHJ2RWPOKk kgzg== X-Gm-Message-State: AIkVDXJ3jG39cO+U4Ab/dbQr5UbI0O0ZYKy6YzkraEA89mTKPO5npC9P3V1aLo4mlhkRYo4mc41SsRZHanwtj2H3 X-Received: by 10.25.10.6 with SMTP id 6mr8919145lfk.88.1485856092126; Tue, 31 Jan 2017 01:48:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.207.72 with HTTP; Tue, 31 Jan 2017 01:48:11 -0800 (PST) In-Reply-To: <20170126143633.GY25883@bivouac.eciton.net> References: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com> <20170126143633.GY25883@bivouac.eciton.net> From: Ryan Harkin Date: Tue, 31 Jan 2017 09:48:11 +0000 Message-ID: To: Leif Lindholm Cc: Bhupesh Sharma , "edk2-devel@lists.01.org" , Ard Biesheuvel Subject: Re: [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2017 09:48:14 -0000 Content-Type: text/plain; charset=UTF-8 On 26 January 2017 at 14:36, Leif Lindholm wrote: > On Fri, Jan 20, 2017 at 05:10:45PM +0530, Bhupesh Sharma wrote: >> ARM TZASC-380 IP provides a mechanism to split memory regions being >> protected via it into eight equal-sized sub-regions. A bit-setting >> allows the corresponding subregion to be disabled. >> >> Several NXP/FSL SoCs support the TZASC-380 IP block and allow >> the DDR connected via the TZASC to be partitioned into regions >> having different security settings and also allow subregions >> to be disabled. >> >> This patch enables this support and can be used for SoCs which >> support such a partition of DDR regions. >> >> Details of the 'subregion_disable' register can be viewed here: >> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html >> >> Cc: Leif Lindholm >> Cc: Ard Biesheuvel >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Bhupesh Sharma >> [bhupesh.linux@gmail.com : Added my gmail ID as the NXP one is no longer valid] >> Signed-off-by: Bhupesh Sharma > > Thanks for the cleanup. > I may actually delete that CTA9x4 lib once your platform gets in... > Probably a good idea. I suspect it's not used or tested any more, unless QEMU is using it? > Reviewed-by: Leif Lindholm > > Pushed as 465663e. > >> --- >> Changes from v2: >> - Added more descriptive arrays as suggested by Leif >> >> .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++------- >> ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 13 ++++++++++--- >> ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 19 ++++++++++++++++++- >> 3 files changed, 35 insertions(+), 11 deletions(-) >> >> diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> index 6fa0774f59f8..42d731ea98c9 100644 >> --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit ( >> // NOR Flash 0 non secure (BootMon) >> TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR0_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> >> // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) >> if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { >> //Note: Your OS Kernel must be aware of the secure regions before to enable this region >> TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, >> - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); >> } else { >> TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR1_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> // Base of SRAM. Only half of SRAM in Non Secure world >> @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit ( >> //Note: Your OS Kernel must be aware of the secure regions before to enable this region >> TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, >> ARM_VE_SMB_SRAM_BASE,0, >> - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0); >> } else { >> TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, >> ARM_VE_SMB_SRAM_BASE,0, >> - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> // Memory Mapped Peripherals. All in non secure world >> TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, >> ARM_VE_SMB_PERIPH_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> >> // MotherBoard Peripherals and On-chip peripherals. >> TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, >> ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, >> - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> /** >> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> index 070c0dcb5d4d..1f002198e552 100644 >> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> @@ -87,20 +87,27 @@ TZASCSetRegion ( >> IN UINTN LowAddress, >> IN UINTN HighAddress, >> IN UINTN Size, >> - IN UINTN Security >> + IN UINTN Security, >> + IN UINTN SubregionDisableMask >> ) >> { >> UINT32* Region; >> + UINT32 RegionAttributes; >> >> if (RegionId > TZASCGetNumRegions(TzascBase)) { >> return EFI_INVALID_PARAMETER; >> } >> >> + RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) | >> + TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) | >> + TZASC_REGION_ATTR_SIZE(Size) | >> + TZASC_REGION_ATTR_ENABLE(Enabled); >> + >> Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10)); >> >> - MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); >> + MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress)); >> MmioWrite32((UINTN)(Region+1), HighAddress); >> - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); >> + MmioWrite32((UINTN)(Region+2), RegionAttributes); >> >> return EFI_SUCCESS; >> } >> diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> index 78e98aad535f..827b5cd568c1 100644 >> --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> @@ -71,6 +71,22 @@ TZPCClearDecProtBits ( >> #define TZASC_REGION_SECURITY_NSW 1 >> #define TZASC_REGION_SECURITY_NSRW (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW) >> >> +/* Some useful masks */ >> +#define TZASC_REGION_SETUP_LO_ADDR_MASK 0xFFFF8000 >> + >> +#define TZASC_REGION_ATTR_SECURITY_MASK 0xF >> +#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF >> +#define TZASC_REGION_ATTR_SIZE_MASK 0x3F >> +#define TZASC_REGION_ATTR_EN_MASK 0x1 >> + >> +#define TZASC_REGION_SETUP_LO_ADDR(x) ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK) >> + >> +#define TZASC_REGION_ATTR_SECURITY(x) (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28) >> +#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \ >> + (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8) >> +#define TZASC_REGION_ATTR_SIZE(x) (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1) >> +#define TZASC_REGION_ATTR_ENABLE(x) ((x) & TZASC_REGION_ATTR_EN_MASK) >> + >> /** >> FIXME: Need documentation >> **/ >> @@ -82,7 +98,8 @@ TZASCSetRegion ( >> IN UINTN LowAddress, >> IN UINTN HighAddress, >> IN UINTN Size, >> - IN UINTN Security >> + IN UINTN Security, >> + IN UINTN SubregionDisableMask >> ); >> >> #endif >> -- >> 2.7.4 >> > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel