3 files changed, 35 insertions, 11 deletions

diff --git a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
index 6fa0774f59..42d731ea98 100644
--- a/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
+++ b/ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibCTA9x4/CTA9x4Sec.c
@@ -72,18 +72,18 @@ ArmPlatformSecTrustzoneInit (
   // NOR Flash 0 non secure (BootMon)

   TZASCSetRegion(ARM_VE_TZASC_BASE,1,TZASC_REGION_ENABLED,

       ARM_VE_SMB_NOR0_BASE,0,

-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);

 

   // NOR Flash 1. The first half of the NOR Flash1 must be secure for the secure firmware (sec_uefi.bin)

   if (PcdGetBool (PcdTrustzoneSupport) == TRUE) {

     //Note: Your OS Kernel must be aware of the secure regions before to enable this region

     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,

         ARM_VE_SMB_NOR1_BASE + SIZE_32MB,0,

-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);

+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);

   } else {

     TZASCSetRegion(ARM_VE_TZASC_BASE,2,TZASC_REGION_ENABLED,

         ARM_VE_SMB_NOR1_BASE,0,

-        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

+        TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);

   }

 

   // Base of SRAM. Only half of SRAM in Non Secure world

@@ -92,22 +92,22 @@ ArmPlatformSecTrustzoneInit (
     //Note: Your OS Kernel must be aware of the secure regions before to enable this region

     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,

         ARM_VE_SMB_SRAM_BASE,0,

-        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW);

+        TZASC_REGION_SIZE_16MB, TZASC_REGION_SECURITY_NSRW, 0);

   } else {

     TZASCSetRegion(ARM_VE_TZASC_BASE,3,TZASC_REGION_ENABLED,

         ARM_VE_SMB_SRAM_BASE,0,

-        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW);

+        TZASC_REGION_SIZE_32MB, TZASC_REGION_SECURITY_NSRW, 0);

   }

 

   // Memory Mapped Peripherals. All in non secure world

   TZASCSetRegion(ARM_VE_TZASC_BASE,4,TZASC_REGION_ENABLED,

       ARM_VE_SMB_PERIPH_BASE,0,

-      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW);

+      TZASC_REGION_SIZE_64MB, TZASC_REGION_SECURITY_NSRW, 0);

 

   // MotherBoard Peripherals and On-chip peripherals.

   TZASCSetRegion(ARM_VE_TZASC_BASE,5,TZASC_REGION_ENABLED,

       ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE,0,

-      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW);

+      TZASC_REGION_SIZE_256MB, TZASC_REGION_SECURITY_NSRW, 0);

 }

 

 /**

diff --git a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
index 070c0dcb5d..1f002198e5 100644
--- a/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
+++ b/ArmPlatformPkg/Drivers/ArmTrustZone/ArmTrustZone.c
@@ -87,20 +87,27 @@ TZASCSetRegion (
   IN  UINTN LowAddress,

   IN  UINTN HighAddress,

   IN  UINTN Size,

-  IN  UINTN Security

+  IN  UINTN Security,

+  IN  UINTN SubregionDisableMask

   )

 {

   UINT32*     Region;

+  UINT32      RegionAttributes;

 

   if (RegionId > TZASCGetNumRegions(TzascBase)) {

     return EFI_INVALID_PARAMETER;

   }

 

+  RegionAttributes = TZASC_REGION_ATTR_SECURITY(Security) |

+                     TZASC_REGION_ATTR_SUBREG_DISABLE(SubregionDisableMask) |

+                     TZASC_REGION_ATTR_SIZE(Size) |

+                     TZASC_REGION_ATTR_ENABLE(Enabled);

+

   Region = (UINT32*)((UINTN)TzascBase + TZASC_REGIONS_REG + (RegionId * 0x10));

 

-  MmioWrite32((UINTN)(Region), LowAddress&0xFFFF8000);

+  MmioWrite32((UINTN)(Region), TZASC_REGION_SETUP_LO_ADDR(LowAddress));

   MmioWrite32((UINTN)(Region+1), HighAddress);

-  MmioWrite32((UINTN)(Region+2), ((Security & 0xF) <<28) | ((Size & 0x3F) << 1) | (Enabled & 0x1));

+  MmioWrite32((UINTN)(Region+2), RegionAttributes);

 

   return EFI_SUCCESS;

 }

diff --git a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
index 78e98aad53..827b5cd568 100644
--- a/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
+++ b/ArmPlatformPkg/Include/Drivers/ArmTrustzone.h
@@ -71,6 +71,22 @@ TZPCClearDecProtBits (
 #define TZASC_REGION_SECURITY_NSW   1

 #define TZASC_REGION_SECURITY_NSRW  (TZASC_REGION_SECURITY_NSR|TZASC_REGION_SECURITY_NSW)

 

+/* Some useful masks */

+#define TZASC_REGION_SETUP_LO_ADDR_MASK   0xFFFF8000

+

+#define TZASC_REGION_ATTR_SECURITY_MASK   0xF

+#define TZASC_REGION_ATTR_SUBREG_DIS_MASK 0xFF

+#define TZASC_REGION_ATTR_SIZE_MASK       0x3F

+#define TZASC_REGION_ATTR_EN_MASK         0x1

+

+#define TZASC_REGION_SETUP_LO_ADDR(x)  ((x) & TZASC_REGION_SETUP_LO_ADDR_MASK)

+

+#define TZASC_REGION_ATTR_SECURITY(x)  (((x) & TZASC_REGION_ATTR_SECURITY_MASK) << 28)

+#define TZASC_REGION_ATTR_SUBREG_DISABLE(x) \

+                                       (((x) & TZASC_REGION_ATTR_SUBREG_DIS_MASK) << 8)

+#define TZASC_REGION_ATTR_SIZE(x)      (((x) & TZASC_REGION_ATTR_SIZE_MASK) << 1)

+#define TZASC_REGION_ATTR_ENABLE(x)    ((x) & TZASC_REGION_ATTR_EN_MASK)

+

 /**

     FIXME: Need documentation

 **/

@@ -82,7 +98,8 @@ TZASCSetRegion (
   IN  UINTN LowAddress,

   IN  UINTN HighAddress,

   IN  UINTN Size,

-  IN  UINTN Security

+  IN  UINTN Security,

+  IN  UINTN SubregionDisableMask

   );

 

 #endif