mt8173: Protect BL31 memory from non-secure access
BL31 usually handles confidential stuff, its memory must not be read/write accessible from non-secure world. This patch protects the BL31 memory range from non-secure read/write access. Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911 Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This commit is contained in:
parent
6b1ca8f358
commit
a1e0c01f97
|
@ -50,13 +50,15 @@ unsigned long __COHERENT_RAM_START__;
|
|||
unsigned long __COHERENT_RAM_END__;
|
||||
|
||||
/*
|
||||
* The next 2 constants identify the extents of the code & RO data region.
|
||||
* These addresses are used by the MMU setup code and therefore they must be
|
||||
* page-aligned. It is the responsibility of the linker script to ensure that
|
||||
* __RO_START__ and __RO_END__ linker symbols refer to page-aligned addresses.
|
||||
* The next 3 constants identify the extents of the code, RO data region and the
|
||||
* limit of the BL31 image. These addresses are used by the MMU setup code and
|
||||
* therefore they must be page-aligned. It is the responsibility of the linker
|
||||
* script to ensure that __RO_START__, __RO_END__ & __BL31_END__ linker symbols
|
||||
* refer to page-aligned addresses.
|
||||
*/
|
||||
#define BL31_RO_BASE (unsigned long)(&__RO_START__)
|
||||
#define BL31_RO_LIMIT (unsigned long)(&__RO_END__)
|
||||
#define BL31_END (unsigned long)(&__BL31_END__)
|
||||
|
||||
/*
|
||||
* The next 2 constants identify the extents of the coherent memory region.
|
||||
|
@ -108,6 +110,13 @@ static void platform_setup_cpu(void)
|
|||
MCU_BUS_DCM_EN);
|
||||
}
|
||||
|
||||
static void platform_setup_sram(void)
|
||||
{
|
||||
/* protect BL31 memory from non-secure read/write access */
|
||||
mmio_write_32(SRAMROM_SEC_ADDR, (uint32_t)(BL31_END + 0x3ff) & 0x3fc00);
|
||||
mmio_write_32(SRAMROM_SEC_CTRL, 0x10000ff9);
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
* Return a pointer to the 'entry_point_info' structure of the next image for
|
||||
* the security state specified. BL33 corresponds to the non-secure image type
|
||||
|
@ -156,6 +165,7 @@ void bl31_early_platform_setup(bl31_params_t *from_bl2,
|
|||
void bl31_platform_setup(void)
|
||||
{
|
||||
platform_setup_cpu();
|
||||
platform_setup_sram();
|
||||
|
||||
plat_delay_timer_init();
|
||||
|
||||
|
|
|
@ -384,6 +384,10 @@ enum wake_reason_t spm_output_wake_reason(struct wake_status *wakesta)
|
|||
|
||||
void spm_boot_init(void)
|
||||
{
|
||||
/* set spm transaction to secure mode */
|
||||
mmio_write_32(DEVAPC0_APC_CON, 0x0);
|
||||
mmio_write_32(DEVAPC0_MAS_SEC_0, 0x200);
|
||||
|
||||
/* Only CPU0 is online during boot, initialize cpu online reserve bit */
|
||||
mmio_write_32(SPM_PCM_RESERVE, 0xFE);
|
||||
mmio_clrbits_32(AP_PLL_CON3, 0xFFFFF);
|
||||
|
|
|
@ -40,11 +40,13 @@
|
|||
/* Register base address */
|
||||
#define IO_PHYS (0x10000000)
|
||||
#define INFRACFG_AO_BASE (IO_PHYS + 0x1000)
|
||||
#define SRAMROM_SEC_BASE (IO_PHYS + 0x1800)
|
||||
#define PERI_CON_BASE (IO_PHYS + 0x3000)
|
||||
#define GPIO_BASE (IO_PHYS + 0x5000)
|
||||
#define SPM_BASE (IO_PHYS + 0x6000)
|
||||
#define RGU_BASE (IO_PHYS + 0x7000)
|
||||
#define PMIC_WRAP_BASE (IO_PHYS + 0xD000)
|
||||
#define DEVAPC0_BASE (IO_PHYS + 0xE000)
|
||||
#define MCUCFG_BASE (IO_PHYS + 0x200000)
|
||||
#define APMIXED_BASE (IO_PHYS + 0x209000)
|
||||
#define TRNG_BASE (IO_PHYS + 0x20F000)
|
||||
|
@ -57,6 +59,14 @@
|
|||
#define MTK_DEV_RNG1_BASE (IO_PHYS + 0x1000000)
|
||||
#define MTK_DEV_RNG1_SIZE 0x4000000
|
||||
|
||||
/* SRAMROM related registers */
|
||||
#define SRAMROM_SEC_CTRL (SRAMROM_SEC_BASE + 0x4)
|
||||
#define SRAMROM_SEC_ADDR (SRAMROM_SEC_BASE + 0x8)
|
||||
|
||||
/* DEVAPC0 related registers */
|
||||
#define DEVAPC0_MAS_SEC_0 (DEVAPC0_BASE + 0x500)
|
||||
#define DEVAPC0_APC_CON (DEVAPC0_BASE + 0xF00)
|
||||
|
||||
/*******************************************************************************
|
||||
* UART related constants
|
||||
******************************************************************************/
|
||||
|
|
Loading…
Reference in New Issue