From: Jan Kiszka <jan.kiszka@siemens.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 11/12] tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0
Date: Mon, 16 Feb 2015 14:55:38 +0100 [thread overview]
Message-ID: <54E1F6DA.3010603@siemens.com> (raw)
In-Reply-To: <20150216134920.GD8994@leverpostej>
On 2015-02-16 14:49, Mark Rutland wrote:
> On Mon, Feb 16, 2015 at 12:54:48PM +0000, Jan Kiszka wrote:
>> From: Ian Campbell <ijc@hellion.org.uk>
>>
>> These registers can be used to prevent non-secure world from accessing a
>> megabyte aligned region of RAM, use them to protect the u-boot secure monitor
>> code.
>
> What happens if the CPU tried to read this memory from the non-secure
> world? If the OS has it mapped then the CPU could perform speculative
> reads at any point in time.
>
> If that can raise an abort then the OS needs to not map the region.
>
> I take it U-Boot uses a secure mapping for the region (which I believe
> should avoid the mismatched attributes issue I mentioned in my other
> reply).
What I can contribute to this are kernel messages due to a
misconfiguration of our hypervisor Jailhouse (while Linux was still
trying to boot it):
[ 61.896860] tegra-mc 70019000.memory-controller: mpcorew: write @0x00000000fff00040: Security violation (TrustZone violation)
[ 61.896888] tegra-mc 70019000.memory-controller: mpcorew: write @0x00000000fff2d340: Security violation (TrustZone violation)
So it seems that Linux is receiving a violation report here when trying
to access the memory.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2015-02-16 13:55 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-16 12:54 [U-Boot] [PATCH v2 00/12] Add PSCI support for Jetson TK1/Tegra124 + CNTFRQ fix Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 01/12] ARM: Factor out reusable psci_cpu_off_common Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 02/12] ARM: Factor out reusable psci_cpu_entry Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 03/12] ARM: Factor out reusable psci_get_cpu_stack_top Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 04/12] ARM: Put target PC for PSCI CPU_ON on per-CPU stack Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 05/12] tegra124: Add more registers to struct mc_ctlr Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 06/12] virt-dt: Allow reservation of the secure region when it is in a RAM carveout Jan Kiszka
2015-02-16 13:42 ` Mark Rutland
2015-02-16 13:51 ` Jan Kiszka
2015-02-16 14:25 ` Mark Rutland
2015-02-16 14:31 ` Jan Kiszka
2015-02-16 14:56 ` Mark Rutland
2015-02-16 15:38 ` Jan Kiszka
2015-02-17 8:09 ` Jan Kiszka
2015-02-17 10:46 ` Mark Rutland
2015-02-17 11:32 ` Jan Kiszka
2015-02-17 11:55 ` Mark Rutland
2015-02-19 8:28 ` Thierry Reding
2015-02-19 9:19 ` Ian Campbell
2015-02-19 9:25 ` Jan Kiszka
2015-02-19 10:13 ` Ian Campbell
2015-02-19 13:49 ` Mark Rutland
2015-02-19 10:22 ` Thierry Reding
2015-02-19 13:42 ` Mark Rutland
2015-02-19 10:34 ` Thierry Reding
2015-02-19 11:17 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 07/12] tegra: Make tegra_powergate_power_on public Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 08/12] tegra: Add ap_pm_init hook Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 09/12] tegra124: Add PSCI support for Tegra124 Jan Kiszka
2015-02-17 21:03 ` Stephen Warren
2015-02-18 6:13 ` Jan Kiszka
2015-02-18 16:34 ` Stephen Warren
2015-02-19 9:14 ` Thierry Reding
2015-02-20 9:36 ` Jan Kiszka
2015-02-24 7:23 ` Jan Kiszka
2015-02-24 8:18 ` Thierry Reding
2015-02-24 8:23 ` Jan Kiszka
2015-02-19 8:57 ` Thierry Reding
2015-02-19 9:04 ` Thierry Reding
2015-02-16 12:54 ` [U-Boot] [PATCH v2 10/12] jetson-tk1: Add PSCI configuration options and reserve secure code Jan Kiszka
2015-02-17 21:05 ` Stephen Warren
2015-02-18 7:39 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 11/12] tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0 Jan Kiszka
2015-02-16 13:49 ` Mark Rutland
2015-02-16 13:55 ` Jan Kiszka [this message]
2015-02-17 21:06 ` Stephen Warren
2015-02-18 7:24 ` Jan Kiszka
2015-02-16 12:54 ` [U-Boot] [PATCH v2 12/12] tegra: Set CNTFRQ for secondary CPUs Jan Kiszka
2015-02-16 13:37 ` Mark Rutland
2015-02-16 13:44 ` Jan Kiszka
2015-02-16 13:51 ` Mark Rutland
2015-02-16 14:02 ` Jan Kiszka
2015-02-17 7:01 ` Jan Kiszka
2015-02-17 10:21 ` Mark Rutland
2015-02-17 10:27 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54E1F6DA.3010603@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox