From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bhupesh.linux@gmail.com>
Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com
 [IPv6:2607:f8b0:400d:c0d::244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1A04C8200C
 for <edk2-devel@lists.01.org>; Sun, 29 Jan 2017 07:55:51 -0800 (PST)
Received: by mail-qt0-x244.google.com with SMTP id h53so16530739qth.3
 for <edk2-devel@lists.01.org>; Sun, 29 Jan 2017 07:55:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=P8xU5Osslffm/XJcxZWkSV+AqFCMGonnMd3GrQEg6Y4=;
 b=uSe6ggv8vHh9n8sd0UIrL82LCa7doPiMCe5NAhCr+xm2CaknbY5aDSbKSi88bJL0AU
 BvRNU//HhLyyKZ579YHLVjlsDJHWe2YTcxUxoFHVCLj3l1bLJI4g2Cx3EB99P2+Hd3CD
 zqtUJx40qp+uTMJ9qg1DlpJlOAdfRLRNGrMk8aoDjfOzOv1pgAXqowB94+XwPA46Xopo
 uQSJLP9eXg5Jll9itA8e3k3U1QNg9Dsi9AQ2b3RPUURORfZXpO9gS/CzAbnMrN1aEryD
 tw784kodnjt0oN5y6mcwGMdavKWs+875mtPsjnPX/zPy3GzdwiaJmCiorq6SnHZdNRRg
 E6bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=P8xU5Osslffm/XJcxZWkSV+AqFCMGonnMd3GrQEg6Y4=;
 b=ZjzrEFmP6g4E/CrlOdPkIHJ6T01HoqLrrFjABmr1SNZEov6kBfTnQdI53ofBpbOfaX
 mNOTe7wgzDGGMYHxFFJJOMLdyWrR0wnwn6bix0rufk8Wh1VPXTTwn+OqJTBPU0zDljPi
 oMn78RuAug2VrBAiRIn1Vo3EbWZWhYc7ltOGUz06DrjAmM8ZUAWyd2pKGuHXYQDDtz+q
 wnVxkpzQasTsBxk6kWMq7o3kNj25X5kMbqVMlQ6hIwTARorENW/XJbten/Jr4emjVUXI
 HHEreVifjeu52OoAVH1ivAAFGn2QDuq2T8gc5LU4qMGL5gOeSpQPYdNs/3lktsnfMrL3
 1PlA==
X-Gm-Message-State: AIkVDXK/3Q8Vk1TzwriguWlA5aMyYW7QFH6VNnwd/27tJYigbkOSyRwwmzQgpu61qN261brwX8YmAVVTwAtA+g==
X-Received: by 10.237.49.199 with SMTP id 65mr16038889qth.88.1485705350051;
 Sun, 29 Jan 2017 07:55:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.89.75 with HTTP; Sun, 29 Jan 2017 07:55:49 -0800 (PST)
In-Reply-To: <20170126143633.GY25883@bivouac.eciton.net>
References: <1484912445-23625-1-git-send-email-bhupesh.linux@gmail.com>
 <20170126143633.GY25883@bivouac.eciton.net>
From: Bhupesh SHARMA <bhupesh.linux@gmail.com>
Date: Sun, 29 Jan 2017 21:25:49 +0530
Message-ID: <CAFTCetSGHt5fGsWatoWT=2P+K5=yc+r0WMLCXQgoZjWb1oze=Q@mail.gmail.com>
To: Leif Lindholm <leif.lindholm@linaro.org>
Cc: edk2-devel@lists.01.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2017 15:55:51 -0000
Content-Type: text/plain; charset=UTF-8

On Thu, Jan 26, 2017 at 8:06 PM, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> On Fri, Jan 20, 2017 at 05:10:45PM +0530, Bhupesh Sharma wrote:
>> ARM TZASC-380 IP provides a mechanism to split memory regions being
>> protected via it into eight equal-sized sub-regions. A bit-setting
>> allows the corresponding subregion to be disabled.
>>
>> Several NXP/FSL SoCs support the TZASC-380 IP block and allow
>> the DDR connected via the TZASC to be partitioned into regions
>> having different security settings and also allow subregions
>> to be disabled.
>>
>> This patch enables this support and can be used for SoCs which
>> support such a partition of DDR regions.
>>
>> Details of the 'subregion_disable' register can be viewed here:
>> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html
>>
>> Cc: Leif Lindholm <leif.lindholm@linaro.org>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com>
>> [bhupesh.linux@gmail.com : Added my gmail ID as the NXP one is no longer valid]
>> Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com>
>
> Thanks for the cleanup.
> I may actually delete that CTA9x4 lib once your platform gets in...
>
> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
>
> Pushed as 465663e.

Many thanks Leif.

Regards,
Bhupesh

>> ---
>> Changes from v2:
>>  - Added more descriptive arrays as suggested by Leif
>>
>>  .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c       | 14 +++++++-------
>>  ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c    | 13 ++++++++++---
>>  ArmPlatformPkg/Include/Drivers/ArmTrustzone.h         | 19 ++++++++++++++++++-
>>  3 files changed, 35 insertions(+), 11 deletions(-)
>>
>> diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> index 6fa0774f59f8..42d731ea98c9 100644
>> --- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> +++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
>> @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
>>    // NOR Flash 0 non secure (BootMon)
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_NOR0_BASE,0,
>> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>
>>    // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
>>    if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
>>      //Note: Your OS Kernel must be aware of the secure regions before to enable this region
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
>> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    } else {
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_NOR1_BASE,0,
>> -        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    }
>>
>>    // Base of SRAM. Only half of SRAM in Non Secure world
>> @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
>>      //Note: Your OS Kernel must be aware of the secure regions before to enable this region
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_SRAM_BASE,0,
>> -        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    } else {
>>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>>          ARM_VE_SMB_SRAM_BASE,0,
>> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
>> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>>    }
>>
>>    // Memory Mapped Peripherals. All in non secure world
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_PERIPH_BASE,0,
>> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>>
>>    // MotherBoard Peripherals and On-chip peripherals.
>>    TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
>>        ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
>> -      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
>> +      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
>>  }
>>
>>  /**
>> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> index 070c0dcb5d4d..1f002198e552 100644
>> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
>> @@ -87,20 +87,27 @@ TZASCSetRegion (
>>    IN  UINTN LowAddress,
>>    IN  UINTN HighAddress,
>>    IN  UINTN Size,
>> -  IN  UINTN Security
>> +  IN  UINTN Security,
>> +  IN  UINTN SubregionDisableMask
>>    )
>>  {
>>    UINT32*     Region;
>> +  UINT32      RegionAttributes;
>>
>>    if (RegionId > TZASCGetNumRegions(TzascBase)) {
>>      return EFI_INVALID_PARAMETER;
>>    }
>>
>> +  RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) |
>> +                     TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) |
>> +                     TZASC_REGION_ATTR_SIZE(Size) |
>> +                     TZASC_REGION_ATTR_ENABLE(Enabled);
>> +
>>    Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
>>
>> -  MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
>> +  MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress));
>>    MmioWrite32((UINTN)(Region+1), HighAddress);
>> -  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
>> +  MmioWrite32((UINTN)(Region+2), RegionAttributes);
>>
>>    return EFI_SUCCESS;
>>  }
>> diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> index 78e98aad535f..827b5cd568c1 100644
>> --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
>> @@ -71,6 +71,22 @@ TZPCClearDecProtBits (
>>  #define TZASC_REGION_SECURITY_NSW   1
>>  #define TZASC_REGION_SECURITY_NSRW  (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW)
>>
>> +/* Some useful masks */
>> +#define TZASC_REGION_SETUP_LO_ADDR_MASK   0xFFFF8000
>> +
>> +#define TZASC_REGION_ATTR_SECURITY_MASK   0xF
>> +#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF
>> +#define TZASC_REGION_ATTR_SIZE_MASK       0x3F
>> +#define TZASC_REGION_ATTR_EN_MASK         0x1
>> +
>> +#define TZASC_REGION_SETUP_LO_ADDR(x)  ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK)
>> +
>> +#define TZASC_REGION_ATTR_SECURITY(x)  (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28)
>> +#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \
>> +                                       (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8)
>> +#define TZASC_REGION_ATTR_SIZE(x)      (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1)
>> +#define TZASC_REGION_ATTR_ENABLE(x)    ((x) & TZASC_REGION_ATTR_EN_MASK)
>> +
>>  /**
>>      FIXME: Need documentation
>>  **/
>> @@ -82,7 +98,8 @@ TZASCSetRegion (
>>    IN  UINTN LowAddress,
>>    IN  UINTN HighAddress,
>>    IN  UINTN Size,
>> -  IN  UINTN Security
>> +  IN  UINTN Security,
>> +  IN  UINTN SubregionDisableMask
>>    );
>>
>>  #endif
>> --
>> 2.7.4
>>