From a1e0c01f97bfbaac927eee5c20b63629b203a756 Mon Sep 17 00:00:00 2001 From: Jimmy Huang Date: Tue, 29 Mar 2016 17:42:41 +0800 Subject: [PATCH] mt8173: Protect BL31 memory from non-secure access BL31 usually handles confidential stuff, its memory must not be read/write accessible from non-secure world. This patch protects the BL31 memory range from non-secure read/write access. Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911 Signed-off-by: Jimmy Huang --- plat/mediatek/mt8173/bl31_plat_setup.c | 18 ++++++++++++++---- plat/mediatek/mt8173/drivers/spm/spm.c | 4 ++++ plat/mediatek/mt8173/include/mt8173_def.h | 10 ++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/plat/mediatek/mt8173/bl31_plat_setup.c b/plat/mediatek/mt8173/bl31_plat_setup.c index 87837759b..749009ea6 100644 --- a/plat/mediatek/mt8173/bl31_plat_setup.c +++ b/plat/mediatek/mt8173/bl31_plat_setup.c @@ -50,13 +50,15 @@ unsigned long __COHERENT_RAM_START__; unsigned long __COHERENT_RAM_END__; /* - * The next 2 constants identify the extents of the code & RO data region. - * These addresses are used by the MMU setup code and therefore they must be - * page-aligned. It is the responsibility of the linker script to ensure that - * __RO_START__ and __RO_END__ linker symbols refer to page-aligned addresses. + * The next 3 constants identify the extents of the code, RO data region and the + * limit of the BL31 image. These addresses are used by the MMU setup code and + * therefore they must be page-aligned. It is the responsibility of the linker + * script to ensure that __RO_START__, __RO_END__ & __BL31_END__ linker symbols + * refer to page-aligned addresses. */ #define BL31_RO_BASE (unsigned long)(&__RO_START__) #define BL31_RO_LIMIT (unsigned long)(&__RO_END__) +#define BL31_END (unsigned long)(&__BL31_END__) /* * The next 2 constants identify the extents of the coherent memory region. @@ -108,6 +110,13 @@ static void platform_setup_cpu(void) MCU_BUS_DCM_EN); } +static void platform_setup_sram(void) +{ + /* protect BL31 memory from non-secure read/write access */ + mmio_write_32(SRAMROM_SEC_ADDR, (uint32_t)(BL31_END + 0x3ff) & 0x3fc00); + mmio_write_32(SRAMROM_SEC_CTRL, 0x10000ff9); +} + /******************************************************************************* * Return a pointer to the 'entry_point_info' structure of the next image for * the security state specified. BL33 corresponds to the non-secure image type @@ -156,6 +165,7 @@ void bl31_early_platform_setup(bl31_params_t *from_bl2, void bl31_platform_setup(void) { platform_setup_cpu(); + platform_setup_sram(); plat_delay_timer_init(); diff --git a/plat/mediatek/mt8173/drivers/spm/spm.c b/plat/mediatek/mt8173/drivers/spm/spm.c index 45defd8aa..f28b2640f 100644 --- a/plat/mediatek/mt8173/drivers/spm/spm.c +++ b/plat/mediatek/mt8173/drivers/spm/spm.c @@ -384,6 +384,10 @@ enum wake_reason_t spm_output_wake_reason(struct wake_status *wakesta) void spm_boot_init(void) { + /* set spm transaction to secure mode */ + mmio_write_32(DEVAPC0_APC_CON, 0x0); + mmio_write_32(DEVAPC0_MAS_SEC_0, 0x200); + /* Only CPU0 is online during boot, initialize cpu online reserve bit */ mmio_write_32(SPM_PCM_RESERVE, 0xFE); mmio_clrbits_32(AP_PLL_CON3, 0xFFFFF); diff --git a/plat/mediatek/mt8173/include/mt8173_def.h b/plat/mediatek/mt8173/include/mt8173_def.h index 39bab1499..0113d6099 100644 --- a/plat/mediatek/mt8173/include/mt8173_def.h +++ b/plat/mediatek/mt8173/include/mt8173_def.h @@ -40,11 +40,13 @@ /* Register base address */ #define IO_PHYS (0x10000000) #define INFRACFG_AO_BASE (IO_PHYS + 0x1000) +#define SRAMROM_SEC_BASE (IO_PHYS + 0x1800) #define PERI_CON_BASE (IO_PHYS + 0x3000) #define GPIO_BASE (IO_PHYS + 0x5000) #define SPM_BASE (IO_PHYS + 0x6000) #define RGU_BASE (IO_PHYS + 0x7000) #define PMIC_WRAP_BASE (IO_PHYS + 0xD000) +#define DEVAPC0_BASE (IO_PHYS + 0xE000) #define MCUCFG_BASE (IO_PHYS + 0x200000) #define APMIXED_BASE (IO_PHYS + 0x209000) #define TRNG_BASE (IO_PHYS + 0x20F000) @@ -57,6 +59,14 @@ #define MTK_DEV_RNG1_BASE (IO_PHYS + 0x1000000) #define MTK_DEV_RNG1_SIZE 0x4000000 +/* SRAMROM related registers */ +#define SRAMROM_SEC_CTRL (SRAMROM_SEC_BASE + 0x4) +#define SRAMROM_SEC_ADDR (SRAMROM_SEC_BASE + 0x8) + +/* DEVAPC0 related registers */ +#define DEVAPC0_MAS_SEC_0 (DEVAPC0_BASE + 0x500) +#define DEVAPC0_APC_CON (DEVAPC0_BASE + 0xF00) + /******************************************************************************* * UART related constants ******************************************************************************/