ArmPlatformPkg/TZASC: Allow specifying subregions to be disabled

ARM TZASC-380 IP provides a mechanism to split memory regions being protected via it into eight equal-sized sub-regions. A bit-setting allows the corresponding subregion to be disabled. Several NXP/FSL SoCs support the TZASC-380 IP block and allow the DDR connected via the TZASC to be partitioned into regions having different security settings and also allow subregions to be disabled. This patch enables this support and can be used for SoCs which support such a partition of DDR regions. Details of the 'subregion_disable' register can be viewed here: http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/CHDIGDCI.html Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Bhupesh Sharma <bhupesh.sharma@nxp.com> [bhupesh.linux@gmail.com : Added gmail ID as NXP one is no longer valid] Signed-off-by: Bhupesh Sharma <bhupesh.linux@gmail.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
author: Bhupesh Sharma <bhupesh.linux@gmail.com> 2017-01-20 17:10:45 +0530
committer: Leif Lindholm <leif.lindholm@linaro.org> 2017-01-26 14:31:37 +0000
commit: 465663e9f128428323e6c6e4431dd15ac287a24c (patch)
tree: 6c3d31fd6232a6f7be01d56dfce400fb37982ee4
parent: c1b0828b3ba8fa203033ede0c3329c0d5573719e (diff)
download: edk2-465663e9f128428323e6c6e4431dd15ac287a24c.tar.gz
edk2-465663e9f128428323e6c6e4431dd15ac287a24c.tar.bz2
edk2-465663e9f128428323e6c6e4431dd15ac287a24c.zip
3 files changed, 35 insertions, 11 deletions
diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774f59..42d731ea98 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
   // NOR Flash 0 non secure (BootMon)
   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,
       ARM_VE_SMB_NOR0_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)
   if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,
         ARM_VE_SMB_NOR1_BASE,0,
-        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Base of SRAM. Only half of SRAM in Non Secure world
@@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);
   } else {
     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,
         ARM_VE_SMB_SRAM_BASE,0,
-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);
+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);
   }
 
   // Memory Mapped Peripherals. All in non secure world
   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,
       ARM_VE_SMB_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);
 
   // MotherBoard Peripherals and On-chip peripherals.
   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,
       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,
-      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);
+      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);
 }
 
 /**
diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dcb5d..1f002198e5 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,20 +87,27 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   )
 {
   UINT32*     Region;
+  UINT32      RegionAttributes;
 
   if (RegionId > TZASCGetNumRegions(TzascBase)) {
     return EFI_INVALID_PARAMETER;
   }
 
+  RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) |
+                     TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) |
+                     TZASC_REGION_ATTR_SIZE(Size) |
+                     TZASC_REGION_ATTR_ENABLE(Enabled);
+
   Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));
 
-  MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);
+  MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress));
   MmioWrite32((UINTN)(Region+1), HighAddress);
-  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));
+  MmioWrite32((UINTN)(Region+2), RegionAttributes);
 
   return EFI_SUCCESS;
 }
diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
index 78e98aad53..827b5cd568 100644
--- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
+++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
@@ -71,6 +71,22 @@ TZPCClearDecProtBits (
 #define TZASC_REGION_SECURITY_NSW   1
 #define TZASC_REGION_SECURITY_NSRW  (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW)
 
+/* Some useful masks */
+#define TZASC_REGION_SETUP_LO_ADDR_MASK   0xFFFF8000
+
+#define TZASC_REGION_ATTR_SECURITY_MASK   0xF
+#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF
+#define TZASC_REGION_ATTR_SIZE_MASK       0x3F
+#define TZASC_REGION_ATTR_EN_MASK         0x1
+
+#define TZASC_REGION_SETUP_LO_ADDR(x)  ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK)
+
+#define TZASC_REGION_ATTR_SECURITY(x)  (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28)
+#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \
+                                       (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8)
+#define TZASC_REGION_ATTR_SIZE(x)      (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1)
+#define TZASC_REGION_ATTR_ENABLE(x)    ((x) & TZASC_REGION_ATTR_EN_MASK)
+
 /**
     FIXME: Need documentation
 **/
@@ -82,7 +98,8 @@ TZASCSetRegion (
   IN  UINTN LowAddress,
   IN  UINTN HighAddress,
   IN  UINTN Size,
-  IN  UINTN Security
+  IN  UINTN Security,
+  IN  UINTN SubregionDisableMask
   );
 
 #endif
author	Bhupesh Sharma <bhupesh.linux@gmail.com>	2017-01-20 17:10:45 +0530
committer	Leif Lindholm <leif.lindholm@linaro.org>	2017-01-26 14:31:37 +0000
commit	465663e9f128428323e6c6e4431dd15ac287a24c (patch)
tree	6c3d31fd6232a6f7be01d56dfce400fb37982ee4
parent	c1b0828b3ba8fa203033ede0c3329c0d5573719e (diff)
download	edk2-465663e9f128428323e6c6e4431dd15ac287a24c.tar.gz edk2-465663e9f128428323e6c6e4431dd15ac287a24c.tar.bz2 edk2-465663e9f128428323e6c6e4431dd15ac287a24c.zip