From 364daf93208b7344b9618922004997f341ff1ca3 Mon Sep 17 00:00:00 2001
From: Juan Castillo <juan.castillo@arm.com>
Date: Fri, 16 May 2014 15:33:15 +0100
Subject: [PATCH] Reserve some DDR DRAM for secure use on FVP platforms

TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
the rest of DRAM as non-secure. Non-secure software must not attempt to
access the 16MB secure area.

Device tree files (sources and binaries) have been updated to match this
configuration, removing that memory from the Linux physical memory map.

To use UEFI and Linux with this patch, the latest version of UEFI and
the updated device tree files are required. Check the user guide in the
documentation for more details.

Replaced magic numbers with #define for memory region definition in the
platform security initialization function.

Fixes ARM-software/tf-issues#149

Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
---
 docs/user-guide.md                       |   2 +-
 fdts/fvp-base-gicv2-psci.dtb             | Bin 9077 -> 9077 bytes
 fdts/fvp-base-gicv2-psci.dts             |   2 +-
 fdts/fvp-base-gicv2legacy-psci.dtb       | Bin 9077 -> 9077 bytes
 fdts/fvp-base-gicv2legacy-psci.dts       |   2 +-
 fdts/fvp-base-gicv3-psci.dtb             | Bin 9544 -> 9544 bytes
 fdts/fvp-base-gicv3-psci.dts             |   2 +-
 fdts/fvp-foundation-gicv2-psci.dtb       | Bin 6802 -> 6802 bytes
 fdts/fvp-foundation-gicv2-psci.dts       |   2 +-
 fdts/fvp-foundation-gicv2legacy-psci.dtb | Bin 6802 -> 6802 bytes
 fdts/fvp-foundation-gicv2legacy-psci.dts |   2 +-
 fdts/fvp-foundation-gicv3-psci.dtb       | Bin 7269 -> 7269 bytes
 fdts/fvp-foundation-gicv3-psci.dts       |   2 +-
 plat/fvp/aarch64/plat_common.c           |   2 +-
 plat/fvp/bl2_plat_setup.c                |   4 ++--
 plat/fvp/plat_security.c                 |  11 +++++++++--
 plat/fvp/platform.h                      |  15 ++++++++++++---
 17 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/docs/user-guide.md b/docs/user-guide.md
index e7f0df54c..3359fee54 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -280,7 +280,7 @@ and Foundation FVPs:
 
     git clone -n https://github.com/tianocore/edk2.git
     cd edk2
-    git checkout c1cdcab9526506673b882017845a043cead8bc69
+    git checkout 129ff94661bd3a6c759b1e154c143d0136bedc7d
 
 
 To build the software to be compatible with Foundation and Base FVPs, follow
diff --git a/fdts/fvp-base-gicv2-psci.dtb b/fdts/fvp-base-gicv2-psci.dtb
index abdb9a0cd5ede8549fc3f315519f50b2dc46b166..efe83be5daf349c33b6e9af6bb83fe4f2587a243 100644
GIT binary patch
delta 14
WcmezB_SJ2}3RcGY%_~{Y$N~U2SO%T|

delta 14
WcmezB_SJ2}3RcF3%_~{Y$N~U2UIw24

diff --git a/fdts/fvp-base-gicv2-psci.dts b/fdts/fvp-base-gicv2-psci.dts
index 7d089227f..2b2c2b099 100644
--- a/fdts/fvp-base-gicv2-psci.dts
+++ b/fdts/fvp-base-gicv2-psci.dts
@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/fdts/fvp-base-gicv2legacy-psci.dtb b/fdts/fvp-base-gicv2legacy-psci.dtb
index 3fc6b3eeda052a44440b41956f3f4a3e6a5bd9a5..7243c06588704ead8578094b79a8f1a4f3e339d9 100644
GIT binary patch
delta 14
WcmezB_SJ2}3RcGY%_~{Y$N~U2SO%T|

delta 14
WcmezB_SJ2}3RcF3%_~{Y$N~U2UIw24

diff --git a/fdts/fvp-base-gicv2legacy-psci.dts b/fdts/fvp-base-gicv2legacy-psci.dts
index f0952314e..620bc05b7 100644
--- a/fdts/fvp-base-gicv2legacy-psci.dts
+++ b/fdts/fvp-base-gicv2legacy-psci.dts
@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/fdts/fvp-base-gicv3-psci.dtb b/fdts/fvp-base-gicv3-psci.dtb
index 1efa13680ff027754dcf3777ea7bfec6acbf3070..b9fe1cf3fe0407f3bcf4b8b8bb7db1536c088ac1 100644
GIT binary patch
delta 14
WcmX@%b;4`I3RcGY%_~{w%L4#1&ITa>

delta 14
WcmX@%b;4`I3RcF3%_~{w%L4#1)CM8|

diff --git a/fdts/fvp-base-gicv3-psci.dts b/fdts/fvp-base-gicv3-psci.dts
index 96d264e91..d111a9918 100644
--- a/fdts/fvp-base-gicv3-psci.dts
+++ b/fdts/fvp-base-gicv3-psci.dts
@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/fdts/fvp-foundation-gicv2-psci.dtb b/fdts/fvp-foundation-gicv2-psci.dtb
index ca100889e1ebcf4b7d7ad8747de067f24fecf830..70175e892b994a7d92a7d9455759d0d59329ab71 100644
GIT binary patch
delta 14
VcmbPaI>~f{4hv)bW?hz4F#sfn1Wo_|

delta 14
VcmbPaI>~f{4hv($W?hz4F#sft1Wy0}

diff --git a/fdts/fvp-foundation-gicv2-psci.dts b/fdts/fvp-foundation-gicv2-psci.dts
index bf368a01c..8f3de9df2 100644
--- a/fdts/fvp-foundation-gicv2-psci.dts
+++ b/fdts/fvp-foundation-gicv2-psci.dts
@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dtb b/fdts/fvp-foundation-gicv2legacy-psci.dtb
index a602ff5ce512e766b70a60792212220a76db48e7..564d223fe90e2f3b33ee5acaab13f6c973b3929e 100644
GIT binary patch
delta 14
VcmbPaI>~f{4hv)bW?hz4F#sfn1Wo_|

delta 14
VcmbPaI>~f{4hv($W?hz4F#sft1Wy0}

diff --git a/fdts/fvp-foundation-gicv2legacy-psci.dts b/fdts/fvp-foundation-gicv2legacy-psci.dts
index 63cef80c7..951da06da 100644
--- a/fdts/fvp-foundation-gicv2legacy-psci.dts
+++ b/fdts/fvp-foundation-gicv2legacy-psci.dts
@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/fdts/fvp-foundation-gicv3-psci.dtb b/fdts/fvp-foundation-gicv3-psci.dtb
index f64e42105ac9b3c9083462c1c09670cacc4c6e39..26800ba03a5a68bdedc448d677d688a798da9c78 100644
GIT binary patch
delta 14
VcmaEA@zi324hv)bW?dEw2>>kQ1kV5f

delta 14
VcmaEA@zi324hv($W?dEw2>>kW1keBg

diff --git a/fdts/fvp-foundation-gicv3-psci.dts b/fdts/fvp-foundation-gicv3-psci.dts
index f9f1ff335..7692c6187 100644
--- a/fdts/fvp-foundation-gicv3-psci.dts
+++ b/fdts/fvp-foundation-gicv3-psci.dts
@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 
diff --git a/plat/fvp/aarch64/plat_common.c b/plat/fvp/aarch64/plat_common.c
index 29bf602f3..2845f3e4f 100644
--- a/plat/fvp/aarch64/plat_common.c
+++ b/plat/fvp/aarch64/plat_common.c
@@ -122,7 +122,7 @@ const mmap_region_t fvp_mmap[] = {
 	{ DEVICE1_BASE,	DEVICE1_SIZE,	MT_DEVICE | MT_RW | MT_SECURE },
 	/* 2nd GB as device for now...*/
 	{ 0x40000000,	0x40000000,	MT_DEVICE | MT_RW | MT_SECURE },
-	{ DRAM_BASE,	DRAM_SIZE,	MT_MEMORY | MT_RW | MT_NS },
+	{ DRAM1_BASE,	DRAM1_SIZE,	MT_MEMORY | MT_RW | MT_NS },
 	{0}
 };
 
diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c
index ea9d0a488..8c006e92f 100644
--- a/plat/fvp/bl2_plat_setup.c
+++ b/plat/fvp/bl2_plat_setup.c
@@ -285,9 +285,9 @@ void bl2_plat_get_bl32_meminfo(meminfo_t *bl32_meminfo)
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
 	bl33_meminfo->total_base = DRAM_BASE;
-	bl33_meminfo->total_size = DRAM_SIZE;
+	bl33_meminfo->total_size = DRAM_SIZE - DRAM1_SEC_SIZE;
 	bl33_meminfo->free_base = DRAM_BASE;
-	bl33_meminfo->free_size = DRAM_SIZE;
+	bl33_meminfo->free_size = DRAM_SIZE - DRAM1_SEC_SIZE;
 	bl33_meminfo->attr = 0;
 	bl33_meminfo->attr = 0;
 }
diff --git a/plat/fvp/plat_security.c b/plat/fvp/plat_security.c
index c39907a89..9da561220 100644
--- a/plat/fvp/plat_security.c
+++ b/plat/fvp/plat_security.c
@@ -100,16 +100,23 @@ void plat_security_setup(void)
 
 	/* Set to cover the first block of DRAM */
 	tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
-			DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_NONE,
+			DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
+			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
 
+	/* Set to cover the secure reserved region */
+	tzc_configure_region(&controller, FILTER_SHIFT(0), 3,
+			(DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
+			TZC_REGION_S_RDWR,
+			0x0);
+
 	/* Set to cover the second block of DRAM */
 	tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
-			0x880000000, 0xFFFFFFFFF, TZC_REGION_S_NONE,
+			DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h
index bd76d678b..b50df00e5 100644
--- a/plat/fvp/platform.h
+++ b/plat/fvp/platform.h
@@ -68,7 +68,7 @@
 
 /* Non-Trusted Firmware BL33 and its load address */
 #define BL33_IMAGE_NAME			"bl33.bin" /* e.g. UEFI */
-#define NS_IMAGE_OFFSET			(DRAM_BASE + 0x8000000) /* DRAM + 128MB */
+#define NS_IMAGE_OFFSET			(DRAM1_BASE + 0x8000000) /* DRAM + 128MB */
 
 /* Firmware Image Package */
 #define FIP_IMAGE_NAME			"fip.bin"
@@ -139,8 +139,17 @@
 #define PARAMS_BASE		TZDRAM_BASE
 
 
-#define DRAM_BASE              0x80000000ull
-#define DRAM_SIZE              0x80000000ull
+#define DRAM1_BASE		0x80000000ull
+#define DRAM1_SIZE		0x80000000ull
+#define DRAM1_END		(DRAM1_BASE + DRAM1_SIZE - 1)
+#define DRAM1_SEC_SIZE		0x01000000ull
+
+#define DRAM_BASE		DRAM1_BASE
+#define DRAM_SIZE		DRAM1_SIZE
+
+#define DRAM2_BASE		0x880000000ull
+#define DRAM2_SIZE		0x780000000ull
+#define DRAM2_END		(DRAM2_BASE + DRAM2_SIZE - 1)
 
 #define PCIE_EXP_BASE		0x40000000
 #define TZRNG_BASE		0x7fe60000