feat(intel): enable firewall for OCRAM in BL31
Set OCRAM as secure region and required privileged access in BL31 to prevent software running in normal world (non-secure) accessing memory region in OCRAM which may contain sensitive information (e.g. FSBL, handoff data) Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6 Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
This commit is contained in:
Abdul Halim, Muhammad Hadi Asyrafi
Sieu Mun Tang
parent
afa0b1a82a
commit
ae19fef337
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2019-2020, Intel Corporation. All rights reserved.
|
||||
* Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
|
@ -14,6 +14,7 @@
|
|||
#include <lib/mmio.h>
|
||||
#include <lib/xlat_tables/xlat_tables.h>
|
||||
|
||||
#include "ccu/ncore_ccu.h"
|
||||
#include "socfpga_mailbox.h"
|
||||
#include "socfpga_private.h"
|
||||
|
||||
|
|
@ -114,6 +115,8 @@ void bl31_platform_setup(void)
|
|||
(uint64_t)plat_secondary_cpus_bl31_entry);
|
||||
|
||||
mailbox_hps_stage_notify(HPS_EXECUTION_STATE_SSBL);
|
||||
|
||||
ncore_enable_ocram_firewall();
|
||||
}
|
||||
|
||||
const mmap_region_t plat_agilex_mmap[] = {
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ PLAT_BL_COMMON_SOURCES := \
|
|||
lib/xlat_tables/xlat_tables_common.c \
|
||||
plat/intel/soc/common/aarch64/platform_common.c \
|
||||
plat/intel/soc/common/aarch64/plat_helpers.S \
|
||||
plat/intel/soc/common/drivers/ccu/ncore_ccu.c \
|
||||
plat/intel/soc/common/socfpga_delay_timer.c
|
||||
|
||||
BL2_SOURCES += \
|
||||
|
|
@ -53,8 +54,7 @@ BL2_SOURCES += \
|
|||
plat/intel/soc/common/soc/socfpga_mailbox.c \
|
||||
plat/intel/soc/common/soc/socfpga_reset_manager.c \
|
||||
plat/intel/soc/common/drivers/qspi/cadence_qspi.c \
|
||||
plat/intel/soc/common/drivers/wdt/watchdog.c \
|
||||
plat/intel/soc/common/drivers/ccu/ncore_ccu.c
|
||||
plat/intel/soc/common/drivers/wdt/watchdog.c
|
||||
|
||||
BL31_SOURCES += \
|
||||
drivers/arm/cci/cci.c \
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ void ncore_enable_ocram_firewall(void)
|
|||
mmio_setbits_32(COH_CPU0_BYPASS_REG(NCORE_FW_OCRAM_BLK_CGF4),
|
||||
OCRAM_PRIVILEGED_MASK | OCRAM_SECURE_MASK);
|
||||
}
|
||||
|
||||
uint32_t init_ncore_ccu(void)
|
||||
{
|
||||
uint32_t status;
|
||||
|
|
|
|||
|
|
@ -90,5 +90,6 @@
|
|||
void enable_ns_peripheral_access(void);
|
||||
void enable_ns_bridge_access(void);
|
||||
void enable_ns_ocram_access(void);
|
||||
void enable_ocram_firewall(void);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -113,3 +113,11 @@ void enable_ns_bridge_access(void)
|
|||
mmio_write_32(SOCFPGA_SOC2FPGA_SCR_REG_BASE, DISABLE_BRIDGE_FIREWALL);
|
||||
mmio_write_32(SOCFPGA_LWSOC2FPGA_SCR_REG_BASE, DISABLE_BRIDGE_FIREWALL);
|
||||
}
|
||||
|
||||
void enable_ocram_firewall(void)
|
||||
{
|
||||
mmio_setbits_32(SOCFPGA_CCU_NOC(CPU0, RAM0),
|
||||
SOCFPGA_CCU_NOC_ADMASK_P_MASK | SOCFPGA_CCU_NOC_ADMASK_NS_MASK);
|
||||
mmio_setbits_32(SOCFPGA_CCU_NOC(IOM, RAM0),
|
||||
SOCFPGA_CCU_NOC_ADMASK_P_MASK | SOCFPGA_CCU_NOC_ADMASK_NS_MASK);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2019-2020, Intel Corporation. All rights reserved.
|
||||
* Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
|
@ -17,6 +17,7 @@
|
|||
#include <platform_def.h>
|
||||
|
||||
#include "socfpga_mailbox.h"
|
||||
#include "socfpga_noc.h"
|
||||
#include "socfpga_private.h"
|
||||
#include "socfpga_reset_manager.h"
|
||||
#include "socfpga_system_manager.h"
|
||||
|
|
@ -122,6 +123,8 @@ void bl31_platform_setup(void)
|
|||
(uint64_t)plat_secondary_cpus_bl31_entry);
|
||||
|
||||
mailbox_hps_stage_notify(HPS_EXECUTION_STATE_SSBL);
|
||||
|
||||
enable_ocram_firewall();
|
||||
}
|
||||
|
||||
const mmap_region_t plat_stratix10_mmap[] = {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,8 @@ PLAT_BL_COMMON_SOURCES := \
|
|||
lib/xlat_tables/xlat_tables_common.c \
|
||||
plat/intel/soc/common/aarch64/platform_common.c \
|
||||
plat/intel/soc/common/aarch64/plat_helpers.S \
|
||||
plat/intel/soc/common/socfpga_delay_timer.c
|
||||
plat/intel/soc/common/socfpga_delay_timer.c \
|
||||
plat/intel/soc/common/soc/socfpga_firewall.c
|
||||
|
||||
BL2_SOURCES += \
|
||||
common/desc_image_load.c \
|
||||
|
|
@ -47,7 +48,6 @@ BL2_SOURCES += \
|
|||
plat/intel/soc/common/socfpga_image_load.c \
|
||||
plat/intel/soc/common/socfpga_storage.c \
|
||||
plat/intel/soc/common/soc/socfpga_emac.c \
|
||||
plat/intel/soc/common/soc/socfpga_firewall.c \
|
||||
plat/intel/soc/common/soc/socfpga_handoff.c \
|
||||
plat/intel/soc/common/soc/socfpga_mailbox.c \
|
||||
plat/intel/soc/common/soc/socfpga_reset_manager.c \
|
||||
|
|
|
|||
Loading…
Reference in New Issue