From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bhupesh.linux@gmail.com>
Received: from mail-qt0-x243.google.com (mail-qt0-x243.google.com
 [IPv6:2607:f8b0:400d:c0d::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id E229481E70
 for <edk2-devel@lists.01.org>; Wed, 18 Jan 2017 21:57:48 -0800 (PST)
Received: by mail-qt0-x243.google.com with SMTP id l7so6663340qtd.3
 for <edk2-devel@lists.01.org>; Wed, 18 Jan 2017 21:57:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=U4kkyYXGhlB/41tI8vNG6qZ/nEBSwaeFxTJiNnSjDCw=;
 b=r2ZgOG/ULEAny3A6sNQS5MvFwAv4Ykuo2RvrffClUnX0cAf2PLgTG/EGSFD3NSgeyI
 zLkPMICGVfdHRG31U+yqEHegUbc1OFhPnEOpYquLcQxYbDD+49RCaofZaGMDX6GFZl9V
 JatOzA6ApqEmfMMDX7mgadnyS8iWdy7RcthnDsnyqG2Xvq/DNy1XvzANZi0eRjJ2HqmB
 qYO//BMlAe2jIvLeihXNyzfD/xkA8mr73VdIZPoezovVRxoxW12yw8G4dU/yh6Y7NrtI
 J7KUJaEAJjeMtScViE5JISMv+/ia5Y6KAeEPiqCWC5JMRAEs1RQlHArSo0dYqNObpEfY
 ArVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=U4kkyYXGhlB/41tI8vNG6qZ/nEBSwaeFxTJiNnSjDCw=;
 b=dKWLaop/cKIVXmR1HwZme9/MGOuMUWdQrhTHSdFspMMXUCeO43xdq1izlwRAC5h1Iw
 iuu6oCYdk0qGHoJbHnhNdPaEs7OrD+OUiDlkeCbIVBvVPciag6DjglCHa4/LleQZsG53
 UrXkIEMgi4ascfxkKC/HB2iah2erylfRpz7Yq9+OaV4u7SvOaKThMoYHSnP8ZrQxV1pa
 BHuznNWfEAyD8jV3Ki2RO6MtBJM2GZOOGL2UszvXoYtmc9uHvKGsBJS3jsL9lVZQ6oO/
 ka+YW4hvVFrhF7pv4uYCyrhdbYHSwebGJk9EJDpQZz6+yRs1GX+z4ysgZFrjlm6d9474
 MQng==
X-Gm-Message-State: AIkVDXJv99iPfK6Vjy0wnfqe0K6evKf7W3T2FRXglL+m4pRmhiri0Xeob1kWQB5XBfehiamNrSUO2BCgXaGpVQ==
X-Received: by 10.55.20.137 with SMTP id 9mr6163738qku.237.1484805467435; Wed,
 18 Jan 2017 21:57:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.89.75 with HTTP; Wed, 18 Jan 2017 21:57:47 -0800 (PST)
In-Reply-To: <20170116172011.GM25883@bivouac.eciton.net>
References: <1482786942-9600-1-git-send-email-bhupesh.linux@gmail.com>
 <20170116172011.GM25883@bivouac.eciton.net>
From: Bhupesh SHARMA <bhupesh.linux@gmail.com>
Date: Thu, 19 Jan 2017 11:27:47 +0530
Message-ID: <CAFTCetQfvJOTedO3MfYrKhewy2o4A=5LPj9hcX5hfHfU6rvaoQ@mail.gmail.com>
To: Leif Lindholm <leif.lindholm@linaro.org>
Cc: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org, 
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH V2 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 05:57:49 -0000
Content-Type: text/plain; charset=UTF-8

Hi Leif,

Thanks for the review.

On Mon, Jan 16, 2017 at 10:50 PM, Leif Lindholm
<leif.lindholm@linaro.org> wrote:
> On Tue, Dec 27, 2016 at 02:45:42AM +0530, Bhupesh Sharma wrote:
>> ARM TZASC-380 IP provides a mechanism to split memory regions being
>> protected via it into eight equal-sized sub-regions. A bit-setting
>> allows the corresponding subregion to be disabled.
>>
>> Several NXP/FSL SoCs support the TZASC-380 IP block and allow
>> the DDR connected via the TZASC to be partitioned into regions
>> having different security settings and also allow subregions
>> to be disabled.
>>
>> This patch enables this support and can be used for SoCs which
>> support such a partition of DDR regions.
>
> So, I am tempted to take this patch, but I should warn you that you
> are possibly now the only consumer of this driver. (Other platforms
> use ARM Trusted Firmware.)

Gulp. Understood :)

>> Details of the 'subregion_disable' register can be viewed here:
>> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html
>>
>> Cc: Leif Lindholm <leif.lindholm@linaro.org>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com>
>
> Please add Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
> as was in the v1 submission, then add your gmail.com submission below.

Sure.

>> Contributed-under: TianoCore Contribution Agreement 1.0
>
> Contributed-under: goes before Signed-off-by:.
>
>> ---
>>  .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c            | 14 +++++++-------
>>  ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c         | 10 ++++++++--
>>  ArmPlatformPkg/Include/Drivers/ArmTrustzone.h              |  3 ++-
>>  3 files changed, 17 insertions(+), 10 deletions(-)
>>
>> diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> index 6fa0774f59f8..42d731ea98c9 100644
>> --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
>>    // NOR Flash 0 non secure (BootMon)
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_NOR0_BASE,0,
>> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>
>>    // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
>>    if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
>>      //Note: Your OS Kernel must be aware of the secure regions before to enable this region
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
>> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    } else {
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_NOR1_BASE,0,
>> -        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    }
>>
>>    // Base of SRAM. Only half of SRAM in Non Secure world
>> @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
>>      //Note: Your OS Kernel must be aware of the secure regions before to enable this region
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_SRAM_BASE,0,
>> -        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    } else {
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_SRAM_BASE,0,
>> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    }
>>
>>    // Memory Mapped Peripherals. All in non secure world
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_PERIPH_BASE,0,
>> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>
>>    // MotherBoard Peripherals and On-chip peripherals.
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
>> -      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
>>  }
>>
>>  /**
>> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> index 070c0dcb5d4d..c99c16d4c442 100644
>> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> @@ -87,20 +87,26 @@ TZASCSetRegion (
>>    IN  UINTN LowAddress,
>>    IN  UINTN HighAddress,
>>    IN  UINTN Size,
>> -  IN  UINTN Security
>> +  IN  UINTN Security,
>> +  IN  UINTN SubregionDisableMask
>>    )
>>  {
>>    UINT32*     Region;
>> +  UINT32      RegionAttributes;
>>
>>    if (RegionId > TZASCGetNumRegions(TzascBase)) {
>>      return EFI_INVALID_PARAMETER;
>>    }
>>
>> +  RegionAttributes = ((Security & 0xF) << 28) |
>> +                     ((SubregionDisableMask & 0xFF) << 8) |
>> +                     ((Size & 0x3F) << 1) | (Enabled & 0x1);
>> +
>
> While I realise this is mostly a refactoring of the modified line
> below - could you possibly get rid of those magic values with some
> judicial use of #defines?

Ok, will add those in the V3.

Many thanks,
Bhupesh

> Regards,
>
> Leif
>
>>    Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
>>
>>    MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
>>    MmioWrite32((UINTN)(Region+1), HighAddress);
>> -  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
>> +  MmioWrite32((UINTN)(Region+2), RegionAttributes);
>>
>>    return EFI_SUCCESS;
>>  }
>> diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> index 78e98aad535f..1ba963d7b6c5 100644
>> --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> @@ -82,7 +82,8 @@ TZASCSetRegion (
>>    IN  UINTN LowAddress,
>>    IN  UINTN HighAddress,
>>    IN  UINTN Size,
>> -  IN  UINTN Security
>> +  IN  UINTN Security,
>> +  IN  UINTN SubregionDisableMask
>>    );
>>
>>  #endif
>> --
>> 2.7.4
>>