TZASC: Allow specifying subregions to be disabled

Leif Lindholm Thu, 26 Jan 2017 06:37:41 -0800

On Fri, Jan 20, 2017 at 05:10:45PM +0530, Bhupesh Sharma wrote:
> ARM TZASC-380 IP provides a mechanism to split memory regions being
> protected via it into eight equal-sized sub-regions. A bit-setting
> allows the corresponding subregion to be disabled.
> 
> Several NXP/FSL SoCs support the TZASC-380 IP block and allow
> the DDR connected via the TZASC to be partitioned into regions
> having different security settings and also allow subregions
> to be disabled.
> 
> This patch enables this support and can be used for SoCs which
> support such a partition of DDR regions.
> 
> Details of the 'subregion_disable' register can be viewed here:
> http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html
> 
> Cc: Leif Lindholm <[email protected]>
> Cc: Ard Biesheuvel <[email protected]>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Bhupesh Sharma <[email protected]>
> [[email protected] : Added my gmail ID as the NXP one is no longer 
> valid]
> Signed-off-by: Bhupesh Sharma <[email protected]>


Thanks for the cleanup.
I may actually delete that CTA9x4 lib once your platform gets in...

Reviewed-by: Leif Lindholm <[email protected]>

Pushed as 465663e.

> ---
> Changes from v2:
>  - Added more descriptive arrays as suggested by Leif
> 
>  .../Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c       | 14 +++++++-------
>  ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c    | 13 ++++++++++---
>  ArmPlatformPkg/Include/Drivers/ArmTrustzone.h         | 19 
> ++++++++++++++++++-
>  3 files changed, 35 insertions(+), 11 deletions(-)
> 
> diff --git 
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c 
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
> index 6fa0774f59f8..42d731ea98c9 100644
> --- 
> a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
> +++ 
> b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
> @@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
>    // NOR Flash 0 non secure (BootMon)
>    TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_NOR0_BASE,0,
> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>  
>    // NOR Flash 1. The first half of the NOR Flash1 must be secure for the 
> secure firmware (sec_uefi.bin)
>    if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
>      //Note: Your OS Kernel must be aware of the secure regions before to 
> enable this region
>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>    } else {
>      TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_NOR1_BASE,0,
> -        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>    }
>  
>    // Base of SRAM. Only half of SRAM in Non Secure world
> @@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
>      //Note: Your OS Kernel must be aware of the secure regions before to 
> enable this region
>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_SRAM_BASE,0,
> -        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
>    } else {
>      TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
>          ARM_VE_SMB_SRAM_BASE,0,
> -        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
> +        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
>    }
>  
>    // Memory Mapped Peripherals. All in non secure world
>    TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_PERIPH_BASE,0,
> -      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
>  
>    // MotherBoard Peripherals and On-chip peripherals.
>    TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
>        ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
> -      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
> +      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
>  }
>  
>  /**
> diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c 
> b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> index 070c0dcb5d4d..1f002198e552 100644
> --- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> +++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
> @@ -87,20 +87,27 @@ TZASCSetRegion (
>    IN  UINTN LowAddress,
>    IN  UINTN HighAddress,
>    IN  UINTN Size,
> -  IN  UINTN Security
> +  IN  UINTN Security,
> +  IN  UINTN SubregionDisableMask
>    )
>  {
>    UINT32*     Region;
> +  UINT32      RegionAttributes;
>  
>    if (RegionId > TZASCGetNumRegions(TzascBase)) {
>      return EFI_INVALID_PARAMETER;
>    }
>  
> +  RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) |
> +                     TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) |
> +                     TZASC_REGION_ATTR_SIZE(Size) |
> +                     TZASC_REGION_ATTR_ENABLE(Enabled);
> +
>    Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 
> 0x10));
>  
> -  MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
> +  MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress));
>    MmioWrite32((UINTN)(Region+1), HighAddress);
> -  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 
> 1) | (Enabled & 0x1));
> +  MmioWrite32((UINTN)(Region+2), RegionAttributes);
>  
>    return EFI_SUCCESS;
>  }
> diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h 
> b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> index 78e98aad535f..827b5cd568c1 100644
> --- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> +++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
> @@ -71,6 +71,22 @@ TZPCClearDecProtBits (
>  #define TZASC_REGION_SECURITY_NSW   1
>  #define TZASC_REGION_SECURITY_NSRW  
> (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW)
>  
> +/* Some useful masks */
> +#define TZASC_REGION_SETUP_LO_ADDR_MASK   0xFFFF8000
> +
> +#define TZASC_REGION_ATTR_SECURITY_MASK   0xF
> +#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF
> +#define TZASC_REGION_ATTR_SIZE_MASK       0x3F
> +#define TZASC_REGION_ATTR_EN_MASK         0x1
> +
> +#define TZASC_REGION_SETUP_LO_ADDR(x)  ((x) & 
> TZASC_REGION_SETUP_LO_ADDR_MASK)
> +
> +#define TZASC_REGION_ATTR_SECURITY(x)  (((x) & 
> TZASC_REGION_ATTR_SECURITY_MASK) << 28)
> +#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \
> +                                       (((x) & 
> TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8)
> +#define TZASC_REGION_ATTR_SIZE(x)      (((x) & TZASC_REGION_ATTR_SIZE_MASK) 
> << 1)
> +#define TZASC_REGION_ATTR_ENABLE(x)    ((x) & TZASC_REGION_ATTR_EN_MASK)
> +
>  /**
>      FIXME: Need documentation
>  **/
> @@ -82,7 +98,8 @@ TZASCSetRegion (
>    IN  UINTN LowAddress,
>    IN  UINTN HighAddress,
>    IN  UINTN Size,
> -  IN  UINTN Security
> +  IN  UINTN Security,
> +  IN  UINTN SubregionDisableMask
>    );
>  
>  #endif
> -- 
> 2.7.4
> 
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH V3 1/1] ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled

Reply via email to