From: Ian Campbell <ijc@hellion.org.uk>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v1 4/4] tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0
Date: Tue, 13 Jan 2015 19:46:00 +0000 [thread overview]
Message-ID: <1421178360-23778-4-git-send-email-ijc@hellion.org.uk> (raw)
In-Reply-To: <1421178290.11796.159.camel@hellion.org.uk>
These registers can be used to prevent non-secure world from accessing a
megabyte aligned region of RAM, use them to protect the u-boot secure monitor
code.
At first I tried to do this from s_init(), however this inexplicably causes
u-boot's networking (e.g. DHCP) to fail, while networking under Linux was fine.
So instead I have added a new weak arch function protect_secure_section()
called from relocate_secure_section() and reserved the region there. This is
better overall since it defers the reservation until after the sec vs. non-sec
decision (which can be influenced by an envvar) has been made when booting the
os.
Signed-off-by: Ian Campbell <ijc@hellion.org.uk>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
---
arch/arm/cpu/armv7/virt-v7.c | 5 +++++
arch/arm/cpu/tegra-common/ap.c | 15 +++++++++++++++
arch/arm/include/asm/system.h | 1 +
3 files changed, 21 insertions(+)
diff --git a/arch/arm/cpu/armv7/virt-v7.c b/arch/arm/cpu/armv7/virt-v7.c
index 651ca40..a83214b 100644
--- a/arch/arm/cpu/armv7/virt-v7.c
+++ b/arch/arm/cpu/armv7/virt-v7.c
@@ -48,6 +48,10 @@ static unsigned long get_gicd_base_address(void)
#endif
}
+/* Define a specific version of this function to enable any available
+ * hardware protections for the reserved region */
+void __weak protect_secure_section(void) {}
+
static void relocate_secure_section(void)
{
#ifdef CONFIG_ARMV7_SECURE_BASE
@@ -56,6 +60,7 @@ static void relocate_secure_section(void)
memcpy((void *)CONFIG_ARMV7_SECURE_BASE, __secure_start, sz);
flush_dcache_range(CONFIG_ARMV7_SECURE_BASE,
CONFIG_ARMV7_SECURE_BASE + sz + 1);
+ protect_secure_section();
invalidate_icache_all();
#endif
}
diff --git a/arch/arm/cpu/tegra-common/ap.c b/arch/arm/cpu/tegra-common/ap.c
index a17dfd1..f1d3070 100644
--- a/arch/arm/cpu/tegra-common/ap.c
+++ b/arch/arm/cpu/tegra-common/ap.c
@@ -10,6 +10,7 @@
#include <common.h>
#include <asm/io.h>
#include <asm/arch/gp_padctrl.h>
+#include <asm/arch/mc.h>
#include <asm/arch-tegra/ap.h>
#include <asm/arch-tegra/clock.h>
#include <asm/arch-tegra/fuse.h>
@@ -154,6 +155,20 @@ static void init_pmc_scratch(void)
writel(odmdata, &pmc->pmc_scratch20);
}
+#ifdef CONFIG_ARMV7_SECURE_RESERVE_SIZE
+void protect_secure_section(void)
+{
+ struct mc_ctlr *mc = (struct mc_ctlr *)NV_PA_MC_BASE;
+
+ /* Must be MB aligned */
+ BUILD_BUG_ON(CONFIG_ARMV7_SECURE_BASE & 0xFFFFF);
+ BUILD_BUG_ON(CONFIG_ARMV7_SECURE_RESERVE_SIZE & 0xFFFFF);
+
+ writel(CONFIG_ARMV7_SECURE_BASE, &mc->mc_security_cfg0);
+ writel(CONFIG_ARMV7_SECURE_RESERVE_SIZE>>20, &mc->mc_security_cfg1);
+}
+#endif
+
void s_init(void)
{
/* Init PMC scratch memory */
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
index 89f2294..21be69d 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
@@ -76,6 +76,7 @@ void armv8_switch_to_el1(void);
void gic_init(void);
void gic_send_sgi(unsigned long sgino);
void wait_for_wakeup(void);
+void protect_secure_region(void);
void smp_kick_all_cpus(void);
void flush_l3_cache(void);
--
2.1.3
next prev parent reply other threads:[~2015-01-13 19:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-13 19:44 [U-Boot] [PATCH v1 0/4] Jetson-TK1 support for PSCI Ian Campbell
2015-01-13 19:45 ` [U-Boot] [PATCH v1 1/4] tegra124: Add more registers to struct mc_ctlr Ian Campbell
2015-01-15 23:37 ` Stephen Warren
2015-01-16 9:32 ` Ian Campbell
2015-01-13 19:45 ` [U-Boot] [PATCH v1 2/4] virt-dt: Allow reservation of the secure region when it is in a RAM carveout Ian Campbell
2015-01-15 23:49 ` Stephen Warren
2015-01-16 9:33 ` Ian Campbell
2015-01-18 18:06 ` Ian Campbell
2015-01-13 19:45 ` [U-Boot] [PATCH v1 3/4] jetson-tk1: Add PSCI configuration options and reserve secure code Ian Campbell
2015-01-15 23:59 ` Stephen Warren
2015-01-16 8:52 ` Thierry Reding
2015-01-16 9:39 ` Ian Campbell
2015-01-19 17:17 ` Stephen Warren
2015-01-13 19:46 ` Ian Campbell [this message]
2015-01-14 7:57 ` [U-Boot] [PATCH v1 0/4] Jetson-TK1 support for PSCI Thierry Reding
2015-01-14 8:58 ` Ian Campbell
2015-01-15 14:55 ` Thierry Reding
2015-01-16 9:43 ` Ian Campbell
2015-01-16 10:05 ` Thierry Reding
2015-01-16 10:24 ` Ian Campbell
2015-01-16 16:03 ` Thierry Reding
2015-01-16 16:11 ` Ian Campbell
2015-01-19 9:25 ` Thierry Reding
2015-01-19 12:09 ` Ian Campbell
2015-01-15 19:19 ` Mark Rutland
2015-01-16 9:12 ` Thierry Reding
2015-01-22 19:20 ` Mark Rutland
2015-01-23 10:10 ` Thierry Reding
2015-01-23 12:37 ` Mark Rutland
2015-01-23 14:08 ` Mark Rutland
2015-01-30 12:20 ` Thierry Reding
2015-02-05 11:44 ` Thierry Reding
2015-02-05 12:01 ` Ian Campbell
2015-02-05 12:37 ` Mark Rutland
2015-02-05 13:55 ` Thierry Reding
2015-02-05 14:37 ` Ian Campbell
2015-02-09 11:26 ` Mark Rutland
2015-02-14 15:08 ` Jan Kiszka
2015-02-19 9:20 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1421178360-23778-4-git-send-email-ijc@hellion.org.uk \
--to=ijc@hellion.org.uk \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox