diff --git a/docs/firmware-design.rst b/docs/firmware-design.rst index 477eeaa54..51f5b42eb 100644 --- a/docs/firmware-design.rst +++ b/docs/firmware-design.rst @@ -516,8 +516,8 @@ This functionality can be tested with FVP loading the image directly in memory and changing the address where the system jumps at reset. For example: - -C cluster0.cpu0.RVBAR=0x4014000 - --data cluster0.cpu0=bl2.bin@0x4014000 + -C cluster0.cpu0.RVBAR=0x4020000 + --data cluster0.cpu0=bl2.bin@0x4020000 With this configuration, FVP is like a platform of the first case, where the Boot ROM jumps always to the same address. For simplification, @@ -1743,17 +1743,20 @@ The following list describes the memory layout on the Arm development platforms: this is also used for the MHU payload when passing messages to and from the SCP. +- Another 4 KB page is reserved for passing memory layout between BL1 and BL2 + and also the dynamic firmware configurations. + - On FVP, BL1 is originally sitting in the Trusted ROM at address ``0x0``. On Juno, BL1 resides in flash memory at address ``0x0BEC0000``. BL1 read-write data are relocated to the top of Trusted SRAM at runtime. +- BL2 is loaded below BL1 RW + - EL3 Runtime Software, BL31 for AArch64 and BL32 for AArch32 (e.g. SP\_MIN), is loaded at the top of the Trusted SRAM, such that its NOBITS sections will - overwrite BL1 R/W data. This implies that BL1 global variables remain valid - only until execution reaches the EL3 Runtime Software entry point during a - cold boot. - -- BL2 is loaded below EL3 Runtime Software. + overwrite BL1 R/W data and BL2. This implies that BL1 global variables + remain valid only until execution reaches the EL3 Runtime Software entry + point during a cold boot. - On Juno, SCP\_BL2 is loaded temporarily into the EL3 Runtime Software memory region and transfered to the SCP before being overwritten by EL3 Runtime @@ -1766,9 +1769,8 @@ The following list describes the memory layout on the Arm development platforms: - Secure region of DRAM (top 16MB of DRAM configured by the TrustZone controller) - When BL32 (for AArch64) is loaded into Trusted SRAM, its NOBITS sections - are allowed to overlay BL2. This memory layout is designed to give the - BL32 image as much memory as possible when it is loaded into Trusted SRAM. + When BL32 (for AArch64) is loaded into Trusted SRAM, it is loaded below + BL31. When LOAD\_IMAGE\_V2 is disabled the memory regions for the overlap detection mechanism at boot time are defined as follows (shown per API): @@ -1814,21 +1816,32 @@ an example. Note: Loading the BL32 image in TZC secured DRAM doesn't change the memory layout of the other images in Trusted SRAM. -**FVP with TSP in Trusted SRAM (default option):** +**FVP with TSP in Trusted SRAM with firmware configs :** (These diagrams only cover the AArch64 case) :: + DRAM + 0xffffffff +----------+ + : : + |----------| + |HW_CONFIG | + 0x83000000 |----------| (non-secure) + | | + 0x80000000 +----------+ + Trusted SRAM - 0x04040000 +----------+ loaded by BL2 ------------------ - | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS | + 0x04040000 +----------+ loaded by BL2 +----------------+ + | BL1 (rw) | <<<<<<<<<<<<< | | + |----------| <<<<<<<<<<<<< | BL31 NOBITS | + | BL2 | <<<<<<<<<<<<< | | |----------| <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL31 PROGBITS | - |----------| ------------------ - | BL2 | <<<<<<<<<<<<< | BL32 NOBITS | - |----------| <<<<<<<<<<<<< |----------------| - | | <<<<<<<<<<<<< | BL32 PROGBITS | - 0x04001000 +----------+ ------------------ + | | <<<<<<<<<<<<< |----------------| + | | <<<<<<<<<<<<< | BL32 | + 0x04002000 +----------+ +----------------+ + |fw_configs| + 0x04001000 +----------+ | Shared | 0x04000000 +----------+ @@ -1837,7 +1850,7 @@ layout of the other images in Trusted SRAM. | BL1 (ro) | 0x00000000 +----------+ -**FVP with TSP in Trusted DRAM with TB_FW_CONFIG and HW_CONFIG :** +**FVP with TSP in Trusted DRAM with firmware configs (default option):** :: @@ -1856,17 +1869,15 @@ layout of the other images in Trusted SRAM. 0x06000000 +--------------+ Trusted SRAM - 0x04040000 +--------------+ loaded by BL2 ------------------ - | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS | + 0x04040000 +--------------+ loaded by BL2 +----------------+ + | BL1 (rw) | <<<<<<<<<<<<< | | + |--------------| <<<<<<<<<<<<< | BL31 NOBITS | + | BL2 | <<<<<<<<<<<<< | | |--------------| <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL31 PROGBITS | - |--------------| ------------------ - | BL2 | - |--------------| - | | - |--------------| - | TB_FW_CONFIG | - |--------------| + | | +----------------+ + +--------------+ + | fw_configs | 0x04001000 +--------------+ | Shared | 0x04000000 +--------------+ @@ -1876,7 +1887,7 @@ layout of the other images in Trusted SRAM. | BL1 (ro) | 0x00000000 +--------------+ -**FVP with TSP in TZC-Secured DRAM:** +**FVP with TSP in TZC-Secured DRAM with firmware configs :** :: @@ -1885,19 +1896,22 @@ layout of the other images in Trusted SRAM. | BL32 | (secure) 0xff000000 +----------+ | | - : : (non-secure) + |----------| + |HW_CONFIG | + 0x83000000 |----------| (non-secure) | | 0x80000000 +----------+ Trusted SRAM - 0x04040000 +----------+ loaded by BL2 ------------------ - | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS | + 0x04040000 +----------+ loaded by BL2 +----------------+ + | BL1 (rw) | <<<<<<<<<<<<< | | + |----------| <<<<<<<<<<<<< | BL31 NOBITS | + | BL2 | <<<<<<<<<<<<< | | |----------| <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL31 PROGBITS | - |----------| ------------------ - | BL2 | - |----------| - | | + | | +----------------+ + 0x04002000 +----------+ + |fw_configs| 0x04001000 +----------+ | Shared | 0x04000000 +----------+ @@ -1907,7 +1921,7 @@ layout of the other images in Trusted SRAM. | BL1 (ro) | 0x00000000 +----------+ -**Juno with BL32 in Trusted SRAM (default option):** +**Juno with BL32 in Trusted SRAM :** :: @@ -1921,19 +1935,21 @@ layout of the other images in Trusted SRAM. 0x08000000 +----------+ BL31 is loaded after SCP_BL2 has Trusted SRAM been sent to SCP - 0x04040000 +----------+ loaded by BL2 ------------------ - | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS | + 0x04040000 +----------+ loaded by BL2 +----------------+ + | BL1 (rw) | <<<<<<<<<<<<< | | + |----------| <<<<<<<<<<<<< | BL31 NOBITS | + | BL2 | <<<<<<<<<<<<< | | |----------| <<<<<<<<<<<<< |----------------| | SCP_BL2 | <<<<<<<<<<<<< | BL31 PROGBITS | - |----------| ------------------ - | BL2 | <<<<<<<<<<<<< | BL32 NOBITS | |----------| <<<<<<<<<<<<< |----------------| - | | <<<<<<<<<<<<< | BL32 PROGBITS | - 0x04001000 +----------+ ------------------ + | | <<<<<<<<<<<<< | BL32 | + | | +----------------+ + | | + 0x04001000 +----------+ | MHU | 0x04000000 +----------+ -**Juno with BL32 in TZC-secured DRAM:** +**Juno with BL32 in TZC-secured DRAM :** :: @@ -1956,14 +1972,13 @@ layout of the other images in Trusted SRAM. 0x08000000 +----------+ BL31 is loaded after SCP_BL2 has Trusted SRAM been sent to SCP - 0x04040000 +----------+ loaded by BL2 ------------------ - | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS | + 0x04040000 +----------+ loaded by BL2 +----------------+ + | BL1 (rw) | <<<<<<<<<<<<< | | + |----------| <<<<<<<<<<<<< | BL31 NOBITS | + | BL2 | <<<<<<<<<<<<< | | |----------| <<<<<<<<<<<<< |----------------| | SCP_BL2 | <<<<<<<<<<<<< | BL31 PROGBITS | - |----------| ------------------ - | BL2 | - |----------| - | | + |----------| +----------------+ 0x04001000 +----------+ | MHU | 0x04000000 +----------+ diff --git a/docs/user-guide.rst b/docs/user-guide.rst index 5f3823dbe..f6d0c7641 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -1928,7 +1928,7 @@ with 8 CPUs using the AArch32 build of TF-A. -C cluster1.cpu1.RVBAR=0x04001000 \ -C cluster1.cpu2.RVBAR=0x04001000 \ -C cluster1.cpu3.RVBAR=0x04001000 \ - --data cluster0.cpu0="/"@0x04001000 \ + --data cluster0.cpu0="/"@0x04002000 \ --data cluster0.cpu0="/"@0x88000000 \ --data cluster0.cpu0="/"@0x82000000 \ --data cluster0.cpu0="/"@0x80080000 \ @@ -1959,7 +1959,7 @@ boot Linux with 8 CPUs using the AArch64 build of TF-A. -C cluster1.cpu2.RVBARADDR=0x04020000 \ -C cluster1.cpu3.RVBARADDR=0x04020000 \ --data cluster0.cpu0="/"@0x04020000 \ - --data cluster0.cpu0="/"@0x04001000 \ + --data cluster0.cpu0="/"@0x04002000 \ --data cluster0.cpu0="/"@0x88000000 \ --data cluster0.cpu0="/"@0x82000000 \ --data cluster0.cpu0="/"@0x80080000 \ @@ -1982,7 +1982,7 @@ boot Linux with 4 CPUs using the AArch32 build of TF-A. -C cluster0.cpu1.RVBARADDR=0x04001000 \ -C cluster0.cpu2.RVBARADDR=0x04001000 \ -C cluster0.cpu3.RVBARADDR=0x04001000 \ - --data cluster0.cpu0="/"@0x04001000 \ + --data cluster0.cpu0="/"@0x04002000 \ --data cluster0.cpu0="/"@0x88000000 \ --data cluster0.cpu0="/"@0x82000000 \ --data cluster0.cpu0="/"@0x80080000 \ diff --git a/include/plat/arm/board/common/board_arm_def.h b/include/plat/arm/board/common/board_arm_def.h index 21ceae30a..2d8e4c139 100644 --- a/include/plat/arm/board/common/board_arm_def.h +++ b/include/plat/arm/board/common/board_arm_def.h @@ -93,21 +93,19 @@ #endif /* - * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a - * little space for growth. + * Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is + * calculated using the current BL31 PROGBITS debug size plus the sizes of + * BL2 and BL1-RW */ -#if ENABLE_SPM -# define PLAT_ARM_MAX_BL31_SIZE 0x40000 -#else -# define PLAT_ARM_MAX_BL31_SIZE 0x20000 -#endif +#define PLAT_ARM_MAX_BL31_SIZE 0x3B000 #ifdef AARCH32 /* - * PLAT_ARM_MAX_BL32_SIZE is calculated for SP_MIN as the AArch32 Secure - * Payload. + * Since BL32 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL32_SIZE is + * calculated using the current SP_MIN PROGBITS debug size plus the sizes of + * BL2 and BL1-RW */ -# define PLAT_ARM_MAX_BL32_SIZE 0x1D000 +# define PLAT_ARM_MAX_BL32_SIZE 0x3B000 #endif #endif /* ARM_BOARD_OPTIMISE_MEM */ diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 18390d6a7..1f62ebe7d 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -317,7 +317,7 @@ * and limit. Leave enough space of BL2 meminfo. */ #define ARM_TB_FW_CONFIG_BASE ARM_BL_RAM_BASE + sizeof(meminfo_t) -#define ARM_TB_FW_CONFIG_LIMIT BL2_BASE +#define ARM_TB_FW_CONFIG_LIMIT ARM_BL_RAM_BASE + PAGE_SIZE /******************************************************************************* * BL1 specific defines. @@ -338,32 +338,18 @@ /******************************************************************************* * BL2 specific defines. ******************************************************************************/ -#if ARM_BL31_IN_DRAM +#if BL2_AT_EL3 +/* Put BL2 in the middle of the Trusted SRAM */ +#define BL2_BASE (ARM_TRUSTED_SRAM_BASE + \ + (PLAT_ARM_TRUSTED_SRAM_SIZE >> 1)) +#define BL2_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) + +#else /* - * For AArch64 BL31 is loaded in the DRAM. * Put BL2 just below BL1. */ #define BL2_BASE (BL1_RW_BASE - PLAT_ARM_MAX_BL2_SIZE) #define BL2_LIMIT BL1_RW_BASE - -#elif BL2_AT_EL3 - -#define BL2_BASE ARM_BL_RAM_BASE -#define BL2_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) - -#elif defined(AARCH32) || JUNO_AARCH32_EL3_RUNTIME -/* - * Put BL2 just below BL32. - */ -#define BL2_BASE (BL32_BASE - PLAT_ARM_MAX_BL2_SIZE) -#define BL2_LIMIT BL32_BASE - -#else -/* - * Put BL2 just below BL31. - */ -#define BL2_BASE (BL31_BASE - PLAT_ARM_MAX_BL2_SIZE) -#define BL2_LIMIT BL31_BASE #endif /******************************************************************************* @@ -384,13 +370,10 @@ (PLAT_ARM_TRUSTED_SRAM_SIZE >> 1)) #define BL31_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) #else -/* - * Put BL31 at the top of the Trusted SRAM. - */ -#define BL31_BASE (ARM_BL_RAM_BASE + \ - ARM_BL_RAM_SIZE - \ - PLAT_ARM_MAX_BL31_SIZE) -#define BL31_PROGBITS_LIMIT BL1_RW_BASE +/* Put BL31 below BL2 in the Trusted SRAM.*/ +#define BL31_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\ + - PLAT_ARM_MAX_BL31_SIZE) +#define BL31_PROGBITS_LIMIT BL2_BASE #define BL31_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) #endif @@ -399,15 +382,17 @@ * BL32 specific defines for EL3 runtime in AArch32 mode ******************************************************************************/ # if RESET_TO_SP_MIN && !JUNO_AARCH32_EL3_RUNTIME -/* SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM to BL32 */ -# define BL32_BASE ARM_BL_RAM_BASE +/* + * SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM (excluding + * the page reserved for fw_configs) to BL32 + */ +# define BL32_BASE ARM_TB_FW_CONFIG_LIMIT # define BL32_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) # else -/* Put BL32 at the top of the Trusted SRAM.*/ -# define BL32_BASE (ARM_BL_RAM_BASE + \ - ARM_BL_RAM_SIZE - \ - PLAT_ARM_MAX_BL32_SIZE) -# define BL32_PROGBITS_LIMIT BL1_RW_BASE +/* Put BL32 below BL2 in the Trusted SRAM.*/ +# define BL32_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\ + - PLAT_ARM_MAX_BL32_SIZE) +# define BL32_PROGBITS_LIMIT BL2_BASE # define BL32_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) # endif /* RESET_TO_SP_MIN && !JUNO_AARCH32_EL3_RUNTIME */ @@ -438,8 +423,8 @@ # elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_SRAM_ID # define TSP_SEC_MEM_BASE ARM_BL_RAM_BASE # define TSP_SEC_MEM_SIZE ARM_BL_RAM_SIZE -# define TSP_PROGBITS_LIMIT BL2_BASE -# define BL32_BASE ARM_BL_RAM_BASE +# define TSP_PROGBITS_LIMIT BL31_BASE +# define BL32_BASE ARM_TB_FW_CONFIG_LIMIT # define BL32_LIMIT BL31_BASE # elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_DRAM_ID # define TSP_SEC_MEM_BASE PLAT_ARM_TRUSTED_DRAM_BASE diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h index 6d68b4406..725c27cbc 100644 --- a/include/plat/arm/css/common/css_def.h +++ b/include/plat/arm/css/common/css_def.h @@ -158,14 +158,14 @@ /* * Load address of SCP_BL2 in CSS platform ports * SCP_BL2 is loaded to the same place as BL31 but it shouldn't overwrite BL1 - * rw data. Once SCP_BL2 is transferred to the SCP, it is discarded and BL31 - * is loaded over the top. + * rw data or BL2. Once SCP_BL2 is transferred to the SCP, it is discarded and + * BL31 is loaded over the top. */ -#define SCP_BL2_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2_SIZE) -#define SCP_BL2_LIMIT BL1_RW_BASE +#define SCP_BL2_BASE (BL2_BASE - PLAT_CSS_MAX_SCP_BL2_SIZE) +#define SCP_BL2_LIMIT BL2_BASE -#define SCP_BL2U_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2U_SIZE) -#define SCP_BL2U_LIMIT BL1_RW_BASE +#define SCP_BL2U_BASE (BL2_BASE - PLAT_CSS_MAX_SCP_BL2U_SIZE) +#define SCP_BL2U_LIMIT BL2_BASE #endif /* CSS_LOAD_SCP_IMAGES */ /* Load address of Non-Secure Image for CSS platform ports */ diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index c02831ac3..f807dc6e4 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -225,12 +225,6 @@ ifneq (${BL2_AT_EL3}, 0) override BL1_SOURCES = endif -ifeq (${ENABLE_SPM},1) -ifneq (${ARM_BL31_IN_DRAM},1) - $(error "Error: SPM needs BL31 to be located in DRAM.") -endif -endif - include plat/arm/board/common/board_common.mk include plat/arm/common/arm_common.mk diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h index e616e1fcf..75ee991ca 100644 --- a/plat/arm/board/juno/include/platform_def.h +++ b/plat/arm/board/juno/include/platform_def.h @@ -139,22 +139,21 @@ #endif /* - * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a - * little space for growth. - * SCP_BL2 image is loaded into the space BL31 -> BL1_RW_BASE. - * For TBB use case, PLAT_ARM_MAX_BL1_RW_SIZE has been increased and therefore - * PLAT_ARM_MAX_BL31_SIZE has been increased to ensure SCP_BL2 has the same - * space available. + * Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is + * calculated using the current BL31 PROGBITS debug size plus the sizes of + * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL31 -> BL2_BASE. + * Hence the BL31 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE. */ -#define PLAT_ARM_MAX_BL31_SIZE 0x1E000 +#define PLAT_ARM_MAX_BL31_SIZE 0x3E000 #if JUNO_AARCH32_EL3_RUNTIME /* - * PLAT_ARM_MAX_BL32_SIZE is calculated for SP_MIN as the AArch32 Secure - * Payload. We also need to take care of SCP_BL2 size as well, as the SCP_BL2 - * is loaded into the space BL32 -> BL1_RW_BASE + * Since BL32 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL32_SIZE is + * calculated using the current BL32 PROGBITS debug size plus the sizes of + * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL32 -> BL2_BASE. + * Hence the BL32 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE. */ -# define PLAT_ARM_MAX_BL32_SIZE 0x1E000 +#define PLAT_ARM_MAX_BL32_SIZE 0x3E000 #endif /* diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index d490f83c8..4ef3a9b0f 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -25,18 +25,10 @@ static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE); /* - * Check that BL2_BASE is atleast a page over ARM_BL_RAM_BASE. The page is for - * `meminfo_t` data structure and TB_FW_CONFIG passed from BL1. Not needed - * when BL2 is compiled for BL_AT_EL3 as BL2 doesn't need any info from BL1 and - * BL2 is loaded at base of usable SRAM. + * Check that BL2_BASE is above ARM_TB_FW_CONFIG_LIMIT. This reserved page is + * for `meminfo_t` data structure and fw_configs passed from BL1. */ -#if BL2_AT_EL3 -#define BL1_MEMINFO_OFFSET 0x0 -#else -#define BL1_MEMINFO_OFFSET PAGE_SIZE -#endif - -CASSERT(BL2_BASE >= (ARM_BL_RAM_BASE + BL1_MEMINFO_OFFSET), assert_bl2_base_overflows); +CASSERT(BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl2_base_overflows); /* Weak definitions may be overridden in specific ARM standard platform */ #pragma weak bl2_early_platform_setup2 diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c index 551e7002f..46f7ae0e5 100644 --- a/plat/arm/common/arm_bl31_setup.c +++ b/plat/arm/common/arm_bl31_setup.c @@ -25,6 +25,11 @@ static entry_point_info_t bl32_image_ep_info; static entry_point_info_t bl33_image_ep_info; +/* + * Check that BL31_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page + * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2. + */ +CASSERT(BL31_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl31_base_overflows); /* Weak definitions may be overridden in specific ARM standard platform */ #pragma weak bl31_early_platform_setup2 diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 3f0a9b4cf..32a515b56 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -143,8 +143,8 @@ void arm_bl2_dyn_cfg_init(void) if (check_uptr_overflow(image_base, image_size) != 0) continue; - /* Ensure the configs don't overlap with BL2 */ - if ((image_base > BL2_BASE) || ((image_base + image_size) > BL2_BASE)) + /* Ensure the configs don't overlap with BL31 */ + if ((image_base > BL31_BASE) || ((image_base + image_size) > BL31_BASE)) continue; /* Ensure the configs are loaded in a valid address */ diff --git a/plat/arm/common/sp_min/arm_sp_min_setup.c b/plat/arm/common/sp_min/arm_sp_min_setup.c index 9a6c0740b..b42e35f3a 100644 --- a/plat/arm/common/sp_min/arm_sp_min_setup.c +++ b/plat/arm/common/sp_min/arm_sp_min_setup.c @@ -22,6 +22,11 @@ static entry_point_info_t bl33_image_ep_info; #pragma weak sp_min_plat_arch_setup #pragma weak plat_arm_sp_min_early_platform_setup +/* + * Check that BL32_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page + * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2. + */ +CASSERT(BL32_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl32_base_overflows); /******************************************************************************* * Return a pointer to the 'entry_point_info' structure of the next image for the diff --git a/plat/arm/css/drivers/scp/css_bom_bootloader.c b/plat/arm/css/drivers/scp/css_bom_bootloader.c index 42ed30d3d..5268510db 100644 --- a/plat/arm/css/drivers/scp/css_bom_bootloader.c +++ b/plat/arm/css/drivers/scp/css_bom_bootloader.c @@ -47,16 +47,16 @@ typedef struct { } cmd_data_payload_t; /* - * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above - * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is - * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor - * BL2/BL2U. + * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31 + * usually resides except when ARM_BL31_IN_DRAM is + * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into shared RAM and + * the tb_fw_config. */ -CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_overwrite_bl1); -CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_overwrite_bl1); +CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2); +CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2); -CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2); -CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u); +CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); +CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); static void scp_boot_message_start(void) { diff --git a/plat/arm/css/drivers/scp/css_scp.h b/plat/arm/css/drivers/scp/css_scp.h index 1f0cf8e24..671612a80 100644 --- a/plat/arm/css/drivers/scp/css_scp.h +++ b/plat/arm/css/drivers/scp/css_scp.h @@ -34,17 +34,17 @@ int css_scp_boot_image_xfer(void *image, unsigned int image_size); int css_scp_boot_ready(void); #if CSS_LOAD_SCP_IMAGES -/* - * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above - * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is - * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor - * BL2/BL2U. - */ -CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_limit_overwrite_bl1); -CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_limit_overwrite_bl1); -CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2); -CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u); +/* + * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31 + * usually resides except when ARM_BL31_IN_DRAM is + * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into tb_fw_config. + */ +CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2); +CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2); + +CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); +CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); #endif #endif /* __CSS_SCP_H__ */