Reserve some DDR DRAM for secure use on FVP platforms

TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
the rest of DRAM as non-secure. Non-secure software must not attempt to
access the 16MB secure area.

Device tree files (sources and binaries) have been updated to match this
configuration, removing that memory from the Linux physical memory map.

To use UEFI and Linux with this patch, the latest version of UEFI and
the updated device tree files are required. Check the user guide in the
documentation for more details.

Replaced magic numbers with #define for memory region definition in the
platform security initialization function.

Fixes ARM-software/tf-issues#149

Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe

diff --git a/docs/user-guide.md b/docs/user-guide.md
index e7f0df54cea27a6a59a78dd7647c662769394b7d..3359fee54aefad3a92da0a102ace3d36e852a36f 100644 (file)
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -280,7 +280,7 @@ and Foundation FVPs:
 
     git clone -n https://github.com/tianocore/edk2.git
     cd edk2
-    git checkout c1cdcab9526506673b882017845a043cead8bc69
+    git checkout 129ff94661bd3a6c759b1e154c143d0136bedc7d
 
 
 To build the software to be compatible with Foundation and Base FVPs, follow

diff --git a/fdts/fvp-base-gicv2-psci.dtb b/fdts/fvp-base-gicv2-psci.dtb
index abdb9a0cd5ede8549fc3f315519f50b2dc46b166..efe83be5daf349c33b6e9af6bb83fe4f2587a243 100644 (file)
Binary files a/fdts/fvp-base-gicv2-psci.dtb and b/fdts/fvp-base-gicv2-psci.dtb differ

diff --git a/fdts/fvp-base-gicv2-psci.dts b/fdts/fvp-base-gicv2-psci.dts
index 7d089227fbc1c2f43c8c189624ab880833398689..2b2c2b099aaac293d47698756b59fd984aa3a74f 100644 (file)
--- a/fdts/fvp-base-gicv2-psci.dts
+++ b/fdts/fvp-base-gicv2-psci.dts
@@ -115,7 +115,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/fdts/fvp-base-gicv2legacy-psci.dtb b/fdts/fvp-base-gicv2legacy-psci.dtb
index 3fc6b3eeda052a44440b41956f3f4a3e6a5bd9a5..7243c06588704ead8578094b79a8f1a4f3e339d9 100644 (file)
Binary files a/fdts/fvp-base-gicv2legacy-psci.dtb and b/fdts/fvp-base-gicv2legacy-psci.dtb differ

diff --git a/fdts/fvp-base-gicv2legacy-psci.dts b/fdts/fvp-base-gicv2legacy-psci.dts
index f0952314e1d83ab64247c0fa0577f2d33476e90e..620bc05b7c54a45179ddbbd49234281b2cce6db4 100644 (file)
--- a/fdts/fvp-base-gicv2legacy-psci.dts
+++ b/fdts/fvp-base-gicv2legacy-psci.dts
@@ -115,7 +115,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/fdts/fvp-base-gicv3-psci.dtb b/fdts/fvp-base-gicv3-psci.dtb
index 1efa13680ff027754dcf3777ea7bfec6acbf3070..b9fe1cf3fe0407f3bcf4b8b8bb7db1536c088ac1 100644 (file)
Binary files a/fdts/fvp-base-gicv3-psci.dtb and b/fdts/fvp-base-gicv3-psci.dtb differ

diff --git a/fdts/fvp-base-gicv3-psci.dts b/fdts/fvp-base-gicv3-psci.dts
index 96d264e917bb130a04dbf59df78258053f5be000..d111a9918c219b9c182c4f307ee08d1ce82717da 100644 (file)
--- a/fdts/fvp-base-gicv3-psci.dts
+++ b/fdts/fvp-base-gicv3-psci.dts
@@ -115,7 +115,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/fdts/fvp-foundation-gicv2-psci.dtb b/fdts/fvp-foundation-gicv2-psci.dtb
index ca100889e1ebcf4b7d7ad8747de067f24fecf830..70175e892b994a7d92a7d9455759d0d59329ab71 100644 (file)
Binary files a/fdts/fvp-foundation-gicv2-psci.dtb and b/fdts/fvp-foundation-gicv2-psci.dtb differ

diff --git a/fdts/fvp-foundation-gicv2-psci.dts b/fdts/fvp-foundation-gicv2-psci.dts
index bf368a01c7878a74e348e2d917edfa66c4e82ebe..8f3de9df2228d5c8b7be1c82d1c5f8f25f84c646 100644 (file)
--- a/fdts/fvp-foundation-gicv2-psci.dts
+++ b/fdts/fvp-foundation-gicv2-psci.dts
@@ -91,7 +91,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dtb b/fdts/fvp-foundation-gicv2legacy-psci.dtb
index a602ff5ce512e766b70a60792212220a76db48e7..564d223fe90e2f3b33ee5acaab13f6c973b3929e 100644 (file)
Binary files a/fdts/fvp-foundation-gicv2legacy-psci.dtb and b/fdts/fvp-foundation-gicv2legacy-psci.dtb differ

diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dts b/fdts/fvp-foundation-gicv2legacy-psci.dts
index 63cef80c7e57943d5d796d47052b2c2e6fcfcd50..951da06da7c5fc85a44f32ab68dec1c21f212523 100644 (file)
--- a/fdts/fvp-foundation-gicv2legacy-psci.dts
+++ b/fdts/fvp-foundation-gicv2legacy-psci.dts
@@ -91,7 +91,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/fdts/fvp-foundation-gicv3-psci.dtb b/fdts/fvp-foundation-gicv3-psci.dtb
index f64e42105ac9b3c9083462c1c09670cacc4c6e39..26800ba03a5a68bdedc448d677d688a798da9c78 100644 (file)
Binary files a/fdts/fvp-foundation-gicv3-psci.dtb and b/fdts/fvp-foundation-gicv3-psci.dtb differ

diff --git a/fdts/fvp-foundation-gicv3-psci.dts b/fdts/fvp-foundation-gicv3-psci.dts
index f9f1ff335f44b031a14e3a8c03590704d94dd046..7692c6187c1de30a532f9f7ee67142549a37423c 100644 (file)
--- a/fdts/fvp-foundation-gicv3-psci.dts
+++ b/fdts/fvp-foundation-gicv3-psci.dts
@@ -91,7 +91,7 @@
 
        memory@80000000 {
                device_type = "memory";
-               reg = <0x00000000 0x80000000 0 0x80000000>,
+               reg = <0x00000000 0x80000000 0 0x7F000000>,
                      <0x00000008 0x80000000 0 0x80000000>;
        };
 

diff --git a/plat/fvp/aarch64/plat_common.c b/plat/fvp/aarch64/plat_common.c
index 29bf602f3b962537aa5ef53ee0cdf2bea81f64e9..2845f3e4fb40f39676ec2ed5348ff6c5acd6a0ba 100644 (file)
--- a/plat/fvp/aarch64/plat_common.c
+++ b/plat/fvp/aarch64/plat_common.c
@@ -122,7 +122,7 @@ const mmap_region_t fvp_mmap[] = {
        { DEVICE1_BASE, DEVICE1_SIZE,   MT_DEVICE | MT_RW | MT_SECURE },
        /* 2nd GB as device for now...*/
        { 0x40000000,   0x40000000,     MT_DEVICE | MT_RW | MT_SECURE },
-       { DRAM_BASE,    DRAM_SIZE,      MT_MEMORY | MT_RW | MT_NS },
+       { DRAM1_BASE,   DRAM1_SIZE,     MT_MEMORY | MT_RW | MT_NS },
        {0}
 };
 

diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c
index ea9d0a48866c1f4e59b08e64aec433503847892d..8c006e92f3861aa7760df6e50c6ddcb99847c65c 100644 (file)
--- a/plat/fvp/bl2_plat_setup.c
+++ b/plat/fvp/bl2_plat_setup.c
@@ -285,9 +285,9 @@ void bl2_plat_get_bl32_meminfo(meminfo_t *bl32_meminfo)
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
        bl33_meminfo->total_base = DRAM_BASE;
-       bl33_meminfo->total_size = DRAM_SIZE;
+       bl33_meminfo->total_size = DRAM_SIZE - DRAM1_SEC_SIZE;
        bl33_meminfo->free_base = DRAM_BASE;
-       bl33_meminfo->free_size = DRAM_SIZE;
+       bl33_meminfo->free_size = DRAM_SIZE - DRAM1_SEC_SIZE;
        bl33_meminfo->attr = 0;
        bl33_meminfo->attr = 0;
 }

diff --git a/plat/fvp/plat_security.c b/plat/fvp/plat_security.c
index c39907a892cf907f037f053179c6eaacb016534a..9da56122035a3be5c50414ba23e5aec9e2ba4f90 100644 (file)
--- a/plat/fvp/plat_security.c
+++ b/plat/fvp/plat_security.c
@@ -100,16 +100,23 @@ void plat_security_setup(void)
 
        /* Set to cover the first block of DRAM */
        tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
-                       DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_NONE,
+                       DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
+                       TZC_REGION_S_NONE,
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
 
+       /* Set to cover the secure reserved region */
+       tzc_configure_region(&controller, FILTER_SHIFT(0), 3,
+                       (DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
+                       TZC_REGION_S_RDWR,
+                       0x0);
+
        /* Set to cover the second block of DRAM */
        tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
-                       0x880000000, 0xFFFFFFFFF, TZC_REGION_S_NONE,
+                       DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
                        TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |

diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h
index bd76d678b1bb065fbdba45c7b5cee0a65b674621..b50df00e522a14af140223c75fdeacf5087b85ab 100644 (file)
--- a/plat/fvp/platform.h
+++ b/plat/fvp/platform.h
@@ -68,7 +68,7 @@
 
 /* Non-Trusted Firmware BL33 and its load address */
 #define BL33_IMAGE_NAME                        "bl33.bin" /* e.g. UEFI */
-#define NS_IMAGE_OFFSET                        (DRAM_BASE + 0x8000000) /* DRAM + 128MB */
+#define NS_IMAGE_OFFSET                        (DRAM1_BASE + 0x8000000) /* DRAM + 128MB */
 
 /* Firmware Image Package */
 #define FIP_IMAGE_NAME                 "fip.bin"
@@ -139,8 +139,17 @@
 #define PARAMS_BASE            TZDRAM_BASE
 
 
-#define DRAM_BASE              0x80000000ull
-#define DRAM_SIZE              0x80000000ull
+#define DRAM1_BASE             0x80000000ull
+#define DRAM1_SIZE             0x80000000ull
+#define DRAM1_END              (DRAM1_BASE + DRAM1_SIZE - 1)
+#define DRAM1_SEC_SIZE         0x01000000ull
+
+#define DRAM_BASE              DRAM1_BASE
+#define DRAM_SIZE              DRAM1_SIZE
+
+#define DRAM2_BASE             0x880000000ull
+#define DRAM2_SIZE             0x780000000ull
+#define DRAM2_END              (DRAM2_BASE + DRAM2_SIZE - 1)
 
 #define PCIE_EXP_BASE          0x40000000
 #define TZRNG_BASE             0x7fe60000