From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1A04C8200C for ; Sun, 29 Jan 2017 07:55:51 -0800 (PST) Received: by mail-qt0-x244.google.com with SMTP id h53so16530739qth.3 for ; Sun, 29 Jan 2017 07:55:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=P8xU5Osslffm/XJcxZWkSV+AqFCMGonnMd3GrQEg6Y4=; b=uSe6ggv8vHh9n8sd0UIrL82LCa7doPiMCe5NAhCr+xm2CaknbY5aDSbKSi88bJL0AU BvRNU//HhLyyKZ579YHLVjlsDJHWe2YTcxUxoFHVCLj3l1bLJI4g2Cx3EB99P2+Hd3CD zqtUJx40qp+uTMJ9qg1DlpJlOAdfRLRNGrMk8aoDjfOzOv1pgAXqowB94+XwPA46Xopo uQSJLP9eXg5Jll9itA8e3k3U1QNg9Dsi9AQ2b3RPUURORfZXpO9gS/CzAbnMrN1aEryD tw784kodnjt0oN5y6mcwGMdavKWs+875mtPsjnPX/zPy3GzdwiaJmCiorq6SnHZdNRRg E6bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=P8xU5Osslffm/XJcxZWkSV+AqFCMGonnMd3GrQEg6Y4=; b=ZjzrEFmP6g4E/CrlOdPkIHJ6T01HoqLrrFjABmr1SNZEov6kBfTnQdI53ofBpbOfaX mNOTe7wgzDGGMYHxFFJJOMLdyWrR0wnwn6bix0rufk8Wh1VPXTTwn+OqJTBPU0zDljPi oMn78RuAug2VrBAiRIn1Vo3EbWZWhYc7ltOGUz06DrjAmM8ZUAWyd2pKGuHXYQDDtz+q wnVxkpzQasTsBxk6kWMq7o3kNj25X5kMbqVMlQ6hIwTARorENW/XJbten/Jr4emjVUXI HHEreVifjeu52OoAVH1ivAAFGn2QDuq2T8gc5LU4qMGL5gOeSpQPYdNs/3lktsnfMrL3 1PlA== X-Gm-Message-State: AIkVDXK/3Q8Vk1TzwriguWlA5aMyYW7QFH6VNnwd/27tJYigbkOSyRwwmzQgpu61qN261brwX8YmAVVTwAtA+g== X-Received: by 10.237.49.199 with SMTP id 65mr16038889qth.88.1485705350051; Sun, 29 Jan 2017 07:55:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.89.75 with HTTP; Sun, 29 Jan 2017 07:55:49 -0800 (PST) In-Reply-To: <20170126143633.GY25883@bivouac.eciton.net> References: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com> <20170126143633.GY25883@bivouac.eciton.net> From: Bhupesh SHARMA Date: Sun, 29 Jan 2017 21:25:49 +0530 Message-ID: To: Leif Lindholm Cc: edk2-devel@lists.01.org, Ard Biesheuvel Subject: Re: [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2017 15:55:51 -0000 Content-Type: text/plain; charset=UTF-8 On Thu, Jan 26, 2017 at 8:06 PM, Leif Lindholm wrote: > On Fri, Jan 20, 2017 at 05:10:45PM +0530, Bhupesh Sharma wrote: >> ARM TZASC-380 IP provides a mechanism to split memory regions being >> protected via it into eight equal-sized sub-regions. A bit-setting >> allows the corresponding subregion to be disabled. >> >> Several NXP/FSL SoCs support the TZASC-380 IP block and allow >> the DDR connected via the TZASC to be partitioned into regions >> having different security settings and also allow subregions >> to be disabled. >> >> This patch enables this support and can be used for SoCs which >> support such a partition of DDR regions. >> >> Details of the 'subregion_disable' register can be viewed here: >> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html >> >> Cc: Leif Lindholm >> Cc: Ard Biesheuvel >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Bhupesh Sharma >> [bhupesh.linux@gmail.com : Added my gmail ID as the NXP one is no longer valid] >> Signed-off-by: Bhupesh Sharma > > Thanks for the cleanup. > I may actually delete that CTA9x4 lib once your platform gets in... > > Reviewed-by: Leif Lindholm > > Pushed as 465663e. Many thanks Leif. Regards, Bhupesh >> --- >> Changes from v2: >> - Added more descriptive arrays as suggested by Leif >> >> .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c | 14 +++++++------- >> ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c | 13 ++++++++++--- >> ArmPlatformPkg/Include/Drivers/ArmTrustzone.h | 19 ++++++++++++++++++- >> 3 files changed, 35 insertions(+), 11 deletions(-) >> >> diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> index 6fa0774f59f8..42d731ea98c9 100644 >> --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c >> @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit ( >> // NOR Flash 0 non secure (BootMon) >> TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR0_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> >> // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin) >> if (PcdGetBool (PcdTrustzoneSupport) == TRUE) { >> //Note: Your OS Kernel must be aware of the secure regions before to enable this region >> TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0, >> - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); >> } else { >> TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED, >> ARM_VE_SMB_NOR1_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> // Base of SRAM. Only half of SRAM in Non Secure world >> @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit ( >> //Note: Your OS Kernel must be aware of the secure regions before to enable this region >> TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, >> ARM_VE_SMB_SRAM_BASE,0, >> - TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0); >> } else { >> TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED, >> ARM_VE_SMB_SRAM_BASE,0, >> - TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> // Memory Mapped Peripherals. All in non secure world >> TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED, >> ARM_VE_SMB_PERIPH_BASE,0, >> - TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0); >> >> // MotherBoard Peripherals and On-chip peripherals. >> TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED, >> ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0, >> - TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW); >> + TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0); >> } >> >> /** >> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> index 070c0dcb5d4d..1f002198e552 100644 >> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c >> @@ -87,20 +87,27 @@ TZASCSetRegion ( >> IN UINTN LowAddress, >> IN UINTN HighAddress, >> IN UINTN Size, >> - IN UINTN Security >> + IN UINTN Security, >> + IN UINTN SubregionDisableMask >> ) >> { >> UINT32* Region; >> + UINT32 RegionAttributes; >> >> if (RegionId > TZASCGetNumRegions(TzascBase)) { >> return EFI_INVALID_PARAMETER; >> } >> >> + RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) | >> + TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) | >> + TZASC_REGION_ATTR_SIZE(Size) | >> + TZASC_REGION_ATTR_ENABLE(Enabled); >> + >> Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10)); >> >> - MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000); >> + MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress)); >> MmioWrite32((UINTN)(Region+1), HighAddress); >> - MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1)); >> + MmioWrite32((UINTN)(Region+2), RegionAttributes); >> >> return EFI_SUCCESS; >> } >> diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> index 78e98aad535f..827b5cd568c1 100644 >> --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h >> @@ -71,6 +71,22 @@ TZPCClearDecProtBits ( >> #define TZASC_REGION_SECURITY_NSW 1 >> #define TZASC_REGION_SECURITY_NSRW (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW) >> >> +/* Some useful masks */ >> +#define TZASC_REGION_SETUP_LO_ADDR_MASK 0xFFFF8000 >> + >> +#define TZASC_REGION_ATTR_SECURITY_MASK 0xF >> +#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF >> +#define TZASC_REGION_ATTR_SIZE_MASK 0x3F >> +#define TZASC_REGION_ATTR_EN_MASK 0x1 >> + >> +#define TZASC_REGION_SETUP_LO_ADDR(x) ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK) >> + >> +#define TZASC_REGION_ATTR_SECURITY(x) (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28) >> +#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \ >> + (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8) >> +#define TZASC_REGION_ATTR_SIZE(x) (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1) >> +#define TZASC_REGION_ATTR_ENABLE(x) ((x) & TZASC_REGION_ATTR_EN_MASK) >> + >> /** >> FIXME: Need documentation >> **/ >> @@ -82,7 +98,8 @@ TZASCSetRegion ( >> IN UINTN LowAddress, >> IN UINTN HighAddress, >> IN UINTN Size, >> - IN UINTN Security >> + IN UINTN Security, >> + IN UINTN SubregionDisableMask >> ); >> >> #endif >> -- >> 2.7.4 >>