From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: None (no SPF record) identity=mailfrom; client-ip=2607:f8b0:4864:20::144; helo=mail-it1-x144.google.com; envelope-from=mw@semihalf.com; receiver=edk2-devel@lists.01.org Received: from mail-it1-x144.google.com (mail-it1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CBFD6211B81B1 for ; Tue, 22 Jan 2019 11:27:22 -0800 (PST) Received: by mail-it1-x144.google.com with SMTP id h193so21746083ita.5 for ; Tue, 22 Jan 2019 11:27:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=o/JEHXGaBq2zV5EDDxxAs00hZBNVj7pPgwbp8Z4CVLw=; b=HDSigyz/FwU0ywcuC1SgypsIv5togDsgezor0Bhiv6UwiNkJ21vaye1Mlqq2GkZNHN 1ijO/jOLMjIEQQyMdz6Mx1DqbNsUE602zd78gYvHTBi+dR279pmx789Rs1egYfdjIAUu j0UnbSf9nyZsiaHL7YGqALVwInSA6fP/ugfUaoAujmEJMI3f/rkMr015aAOCZXKai+oO sk3bTkKRjOhshuP5rVX76UMLyHYFkE3iIlQYmhSlWUjbBBxdlTNn4ZejKkgIOaQM1s/D rQ9hOV1l+F2gBjwbs7EzWcBA4URbeMZFKP45g/RWK5ENSzMEQ/aghNoaERmiAhe9kMNP 4DSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=o/JEHXGaBq2zV5EDDxxAs00hZBNVj7pPgwbp8Z4CVLw=; b=bbycv3ZxgrvK8aJ3KIqbuCEmzWiX4MeYdN/nw4PZG1eK9D4fkJjrWXIYCCJou7vELO yDAIbs12hVJbJxGM9WwgFdlyZFzSOL7THy79iVOR6ulizMhBowKu0trTH7oYKBCCA/1p weUvTRXx9pe+bt9f8Y7nekS+YcVMplMewQNJhgMzovfpw+3MR2TbIROhzvKcOQ9TRXkb EiwPDnJs9JoZGZsha0BSRVE7HBnk8oMkZnuFhMEGGnRVoG2dsWN99LzYQl+6T2WR7EW4 L1euo1oqmeBeaJWShTQblu4AdLGVWtmnA8VYQHUvnXU85FDrsaz7bq69/3CikqM+Bom8 WgoQ== X-Gm-Message-State: AJcUukehLiV8RwJUpSxVOej43kpLn83hTANV2D9cuABZ4sGOYuwICXNZ Q38O6V/klLuhrh+4Koyimkx29j0dE+pMiCoeLcTJQA== X-Google-Smtp-Source: ALg8bN6s+YNtlKlROmtqr5bDeRfINiP8g6gpFwLTNkUjpLKy2NrGPr5LU7VE+zHba6pTEQljSGTEmKfPvXjWXnf/g1M= X-Received: by 2002:a02:7696:: with SMTP id z144mr20442806jab.102.1548185241999; Tue, 22 Jan 2019 11:27:21 -0800 (PST) MIME-Version: 1.0 References: <1548120742-11928-1-git-send-email-mw@semihalf.com> <1548120742-11928-2-git-send-email-mw@semihalf.com> <20190122172643.i6newphbfjiertsb@bivouac.eciton.net> <20190122190649.x2bh7gd5szxmfxy5@bivouac.eciton.net> In-Reply-To: <20190122190649.x2bh7gd5szxmfxy5@bivouac.eciton.net> From: Marcin Wojtas Date: Tue, 22 Jan 2019 20:27:10 +0100 Message-ID: To: Leif Lindholm Cc: edk2-devel-01 , Ard Biesheuvel , nadavh@marvell.com, "jsd@semihalf.com" , Grzegorz Jaszczyk , Kostya Porotchkin Subject: Re: [platforms: PATCH v2 1/4] Marvell/Armada7k8k: Shift PEI stack base X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 19:27:23 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Leif, wt., 22 sty 2019 o 20:06 Leif Lindholm napisa=C5= =82(a): > > On Tue, Jan 22, 2019 at 07:26:58PM +0100, Marcin Wojtas wrote: > > Hi Leif, > > > > wt., 22 sty 2019 o 18:26 Leif Lindholm napis= a=C5=82(a): > > > > > > On Tue, Jan 22, 2019 at 02:32:19AM +0100, Marcin Wojtas wrote: > > > > Recent changes in the ARM-TF configure its runtime serices region > > > > as protected, hence the hitherto PEI stack base address (0x41F0000) > > > > violated it. > > > > > > > > In order to fix this, extend the region which is non-accessible > > > > by the OS to cover both the ARM-TF (0x4000000 - 0x4200000) and OPTE= E > > > > (0x4400000 - 0x5400000) within a single area (0x4000000 - 0x5400000= ). > > > > Set the PEI stack base address between both images (0x43F0000). > > > > > > OK, that is a much better description. > > > But I'm getting slight cognitive dissonance from placing the PEI stac= k > > > inside something we've just claimed belongs to Secure world... > > > > > > Could you instead break this out into two separate protected regions? > > > PcdSecureOpteeBase/Size and PcdSecureTfBase/Size? > > > > > > Alternatively, nudge the stackbase to 0x5400000? > > > > As discussed some time ago with Ard, when the PEI stack base was > > introduced, it is recommended that this stack is placed in the > > location, which is not accessible by OS. Most preferred is to have it > > in the SRAM (cannot do it on Armada7k8k) or in a reserved region - cut > > out from the memory map passed to the OS. > > > > Currently we have a single region (a "hole") that covers: > > 2MB for EL3 runtime services > > 2MB of nothing > > 16MB for OPTEE image > > > > The 2MB space between images IMO seems perfect for PEI stack to place. > > If it was placed e.g. @0x5400000 and we kept the reserved regions > > separate, the outcome would be: > > 2MB for EL3 runtime services > > 2MB of DRAM normal memory > > 16MB + 64kB for Optee and PEI stack base. > > > > This is the reason, I'd like to keep original setting, proposed in the > > patch. Please let know your opinion. > > I have no issue with the placement of the PEI stack between the ARM-TF > region and the Op-TEE region. I _have_ an issue with the PEI stack > being placed between PcdSecureRegionBase and (PcdSecureRegionBase + > PcdSecureRegionSize). I.e. something that we describe as "the Secure > region". > > I think I gave my suggestion for the resolution of this problem (with > moving StackBase to 0x05400000 as the alternative) in my previous > reply. > Yes, and I answered, presenting the alternative memory map with additional 64kB "cut out" on top of 20MB "hole" of memory, which I'm not fancy, given available space inside the 20MB chunk. Because in fact this region is not entirely secure (EL3 runtime services are exectued in NS context for example), how about I: - rename the PCD's to be more generic (e.g. gMarvellTokenSpaceGuid.PcdReservedRegionBase) - add proper comment in Armada7k8k.dsc.inc for the default reserved memory (+ maybe in Armada7k8kLib, where the PCD's are used) ? Best regards, Marcin > > > > Best regards, > > Marcin > > > > > > > > > > / > > > Leif > > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > Signed-off-by: Marcin Wojtas > > > > --- > > > > Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc | 4 ++-- > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc b/Silico= n/Marvell/Armada7k8k/Armada7k8k.dsc.inc > > > > index eafcd6e..c8c597f 100644 > > > > --- a/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc > > > > +++ b/Silicon/Marvell/Armada7k8k/Armada7k8k.dsc.inc > > > > @@ -376,12 +376,12 @@ > > > > > > > > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|36 > > > > > > > > - gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x41F0000 > > > > + gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x43F0000 > > > > gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize|0x10000 > > > > > > > > # Secure region reservation > > > > gMarvellTokenSpaceGuid.PcdSecureRegionBase|0x4000000 > > > > - gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x0200000 > > > > + gMarvellTokenSpaceGuid.PcdSecureRegionSize|0x1400000 > > > > > > > > # TRNG > > > > gMarvellTokenSpaceGuid.PcdEip76TrngBaseAddress|0xF2760000 > > > > -- > > > > 2.7.4 > > > >