From c398caf509096ca72f77a3e8f21489a4acc9763d Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy Date: Thu, 28 May 2020 12:32:10 +0100 Subject: [PATCH 1/5] plat: tc0: Disable SPE Statistical Profiling Extension is not supported by Matterhorn core Change-Id: Iec652f1c6d6b6a9bf118ba682276a7c70a6abc0d Signed-off-by: Arunachalam Ganapathy --- plat/arm/board/tc0/platform.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk index 05d691ee2..4db081e70 100644 --- a/plat/arm/board/tc0/platform.mk +++ b/plat/arm/board/tc0/platform.mk @@ -98,6 +98,8 @@ override CTX_INCLUDE_AARCH32_REGS := 0 override CTX_INCLUDE_PAUTH_REGS := 1 +override ENABLE_SPE_FOR_LOWER_ELS := 0 + include plat/arm/common/arm_common.mk include plat/arm/css/common/css_common.mk include plat/arm/soc/common/soc_css.mk From d32113c7f3d291b35e0debdccac609c88a0343ae Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy Date: Mon, 27 Jul 2020 13:51:30 +0100 Subject: [PATCH 2/5] plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled To support platforms without Trusted DRAM this patch defines PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or DRAM region behind TZC. Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4 Signed-off-by: Arunachalam Ganapathy --- include/plat/arm/common/arm_def.h | 6 +++--- plat/arm/board/fvp/include/platform_def.h | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index c01864306..00746c6da 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -497,9 +497,9 @@ # elif defined(SPD_spmd) # define TSP_SEC_MEM_BASE (ARM_AP_TZC_DRAM1_BASE + ULL(0x200000)) # define TSP_SEC_MEM_SIZE (ARM_AP_TZC_DRAM1_SIZE - ULL(0x200000)) -# define BL32_BASE PLAT_ARM_TRUSTED_DRAM_BASE -# define BL32_LIMIT (PLAT_ARM_TRUSTED_DRAM_BASE \ - + (UL(1) << 21)) +# define BL32_BASE PLAT_ARM_SPMC_BASE +# define BL32_LIMIT (PLAT_ARM_SPMC_BASE + \ + PLAT_ARM_SPMC_SIZE) # elif ARM_BL31_IN_DRAM # define TSP_SEC_MEM_BASE (ARM_AP_TZC_DRAM1_BASE + \ PLAT_ARM_MAX_BL31_SIZE) diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h index 50f638924..8defcf837 100644 --- a/plat/arm/board/fvp/include/platform_def.h +++ b/plat/arm/board/fvp/include/platform_def.h @@ -43,6 +43,15 @@ #define PLAT_ARM_TRUSTED_DRAM_BASE UL(0x06000000) #define PLAT_ARM_TRUSTED_DRAM_SIZE UL(0x02000000) /* 32 MB */ +/* + * Max size of SPMC is 2MB for fvp. With SPMD enabled this value corresponds to + * max size of BL32 image. + */ +#if defined(SPD_spmd) +#define PLAT_ARM_SPMC_BASE PLAT_ARM_TRUSTED_DRAM_BASE +#define PLAT_ARM_SPMC_SIZE UL(0x200000) /* 2 MB */ +#endif + /* virtual address used by dynamic mem_protect for chunk_base */ #define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000) From a3ecbb3553564d8e560209fdde165c85129b3f70 Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy Date: Tue, 22 Sep 2020 12:47:33 +0100 Subject: [PATCH 3/5] plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS - Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for TC0_TZC_DRAM1 - Add TC0_NS_DRAM1 base and mapping - Reserve memory region in tc0.dts Change-Id: If2431f7f68e4255e28c86a0e89637dab7c424a13 Signed-off-by: Arunachalam Ganapathy --- fdts/tc0.dts | 2 +- plat/arm/board/tc0/include/platform_def.h | 35 +++++++++++++++++++++++ plat/arm/board/tc0/tc0_plat.c | 2 +- 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/fdts/tc0.dts b/fdts/tc0.dts index 15c14cabd..763c813cf 100644 --- a/fdts/tc0.dts +++ b/fdts/tc0.dts @@ -106,7 +106,7 @@ memory@80000000 { device_type = "memory"; - reg = <0x0 0x80000000 0x0 0x80000000>; + reg = <0x0 0x80000000 0x0 0x7d000000>; }; psci { diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h index 075c4037b..81b3944e5 100644 --- a/plat/arm/board/tc0/include/platform_def.h +++ b/plat/arm/board/tc0/include/platform_def.h @@ -21,6 +21,41 @@ #define PLAT_ARM_TRUSTED_SRAM_SIZE 0x00080000 /* 512 KB */ +/* + * The top 16MB of ARM_DRAM1 is configured as secure access only using the TZC, + * its base is ARM_AP_TZC_DRAM1_BASE. + * + * Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for: + * - BL32_BASE when SPD_spmd is enabled + * - Region to load Trusted OS + */ +#define TC0_TZC_DRAM1_BASE (ARM_AP_TZC_DRAM1_BASE - \ + TC0_TZC_DRAM1_SIZE) +#define TC0_TZC_DRAM1_SIZE UL(0x02000000) /* 32 MB */ +#define TC0_TZC_DRAM1_END (TC0_TZC_DRAM1_BASE + \ + TC0_TZC_DRAM1_SIZE - 1) + +#define TC0_NS_DRAM1_BASE ARM_DRAM1_BASE +#define TC0_NS_DRAM1_SIZE (ARM_DRAM1_SIZE - \ + ARM_TZC_DRAM1_SIZE - \ + TC0_TZC_DRAM1_SIZE) +#define TC0_NS_DRAM1_END (TC0_NS_DRAM1_BASE + \ + TC0_NS_DRAM1_SIZE - 1) + +/* + * Mappings for TC0 DRAM1 (non-secure) and TC0 TZC DRAM1 (secure) + */ +#define TC0_MAP_NS_DRAM1 MAP_REGION_FLAT( \ + TC0_NS_DRAM1_BASE, \ + TC0_NS_DRAM1_SIZE, \ + MT_MEMORY | MT_RW | MT_NS) + + +#define TC0_MAP_TZC_DRAM1 MAP_REGION_FLAT( \ + TC0_TZC_DRAM1_BASE, \ + TC0_TZC_DRAM1_SIZE, \ + MT_MEMORY | MT_RW | MT_SECURE) + /* * PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the * plat_arm_mmap array defined for each BL stage. diff --git a/plat/arm/board/tc0/tc0_plat.c b/plat/arm/board/tc0/tc0_plat.c index 05461928d..304666a01 100644 --- a/plat/arm/board/tc0/tc0_plat.c +++ b/plat/arm/board/tc0/tc0_plat.c @@ -38,7 +38,7 @@ const mmap_region_t plat_arm_mmap[] = { ARM_MAP_SHARED_RAM, TC0_FLASH0_RO, TC0_MAP_DEVICE, - ARM_MAP_NS_DRAM1, + TC0_MAP_NS_DRAM1, #if ARM_BL31_IN_DRAM ARM_MAP_BL31_SEC_DRAM, #endif From b0d127515a8f0694f884e4b1790cf57b0e1d91fe Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy Date: Tue, 22 Sep 2020 12:50:45 +0100 Subject: [PATCH 4/5] plat: tc0: Enable SPMC execution at S-EL2 This patch enables SPMC execution at S-EL2 by adding below changes - Map TC0_MAP_TZC_DRAM1 for loading SPMC - Add details of cactus test secure partitions - Adds tc0 spmc manifest file with details on secure partitions - Inlcude TOS_FW_CONFIG when SPM is spmd - Increases bl2 image size SPMC at S-EL2 is only enabled when build with SPD=spmd. Change-Id: I4c5f70911903c232ee8ecca57f1e288d6b1cd647 Signed-off-by: Arunachalam Ganapathy --- plat/arm/board/tc0/fdts/tc0_fw_config.dts | 8 +- plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts | 93 +++++++++++++++++++ plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts | 20 ++++ plat/arm/board/tc0/include/platform_def.h | 13 ++- plat/arm/board/tc0/platform.mk | 8 ++ plat/arm/board/tc0/tc0_plat.c | 3 + 6 files changed, 143 insertions(+), 2 deletions(-) create mode 100644 plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts diff --git a/plat/arm/board/tc0/fdts/tc0_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_fw_config.dts index 381ce1fcb..4b6abd4d1 100644 --- a/plat/arm/board/tc0/fdts/tc0_fw_config.dts +++ b/plat/arm/board/tc0/fdts/tc0_fw_config.dts @@ -14,10 +14,16 @@ tb_fw-config { load-address = <0x0 0x4001300>; - max-size = <0x200>; + max-size = <0x400>; id = ; }; + tos_fw-config { + load-address = <0x0 0x04001700>; + max-size = <0x1000>; + id = ; + }; + hw-config { load-address = <0x0 0x83000000>; max-size = <0x01000000>; diff --git a/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts b/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts new file mode 100644 index 000000000..b6c543ade --- /dev/null +++ b/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2020, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/dts-v1/; + +/ { + compatible = "arm,ffa-core-manifest-1.0"; + #address-cells = <2>; + #size-cells = <1>; + + attribute { + spmc_id = <0x8000>; + maj_ver = <0x1>; + min_ver = <0x0>; + exec_state = <0x0>; + load_address = <0x0 0xfd000000>; + entrypoint = <0x0 0xfd000000>; + binary_size = <0x80000>; + }; + + chosen { + linux,initrd-start = <0>; + linux,initrd-end = <0>; + }; + + hypervisor { + compatible = "hafnium,hafnium"; + vm1 { + is_ffa_partition; + debug_name = "cactus-primary"; + load_address = <0xfe000000>; + }; + vm2 { + is_ffa_partition; + debug_name = "cactus-secondary"; + load_address = <0xfe100000>; + vcpu_count = <4>; + mem_size = <1048576>; + }; + vm3 { + is_ffa_partition; + debug_name = "cactus-tertiary"; + load_address = <0xfe200000>; + vcpu_count = <4>; + mem_size = <1048576>; + }; + }; + + cpus { + #address-cells = <0x2>; + #size-cells = <0x0>; + + CPU0:cpu@0 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x0>; + enable-method = "psci"; + }; + + /* + * SPM(Hafnium) requires secondary cpu nodes are declared in + * descending order + */ + CPU3:cpu@300 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x300>; + enable-method = "psci"; + }; + + CPU2:cpu@200 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x200>; + enable-method = "psci"; + }; + + CPU1:cpu@100 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x100>; + enable-method = "psci"; + }; + }; + + /* 32MB of TC0_TZC_DRAM1_BASE */ + memory@fd000000 { + device_type = "memory"; + reg = <0x0 0xfd000000 0x2000000>; + }; +}; diff --git a/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts index 2fd25d9b4..3df94bf92 100644 --- a/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts +++ b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts @@ -24,4 +24,24 @@ mbedtls_heap_addr = <0x0 0x0>; mbedtls_heap_size = <0x0>; }; + + secure-partitions { + compatible = "arm,sp"; + cactus-primary { + uuid = <0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>; + load-address = <0xfe000000>; + owner = "SiP"; + }; + + cactus-secondary { + uuid = <0xd1582309 0xf02347b9 0x827c4464 0xf5578fc8>; + load-address = <0xfe100000>; + owner = "Plat"; + }; + + cactus-tertiary { + uuid = <0x79b55c73 0x1d8c44b9 0x859361e1 0x770ad8d2>; + load-address = <0xfe200000>; + }; + }; }; diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h index 81b3944e5..dbec706fa 100644 --- a/plat/arm/board/tc0/include/platform_def.h +++ b/plat/arm/board/tc0/include/platform_def.h @@ -55,6 +55,14 @@ TC0_TZC_DRAM1_BASE, \ TC0_TZC_DRAM1_SIZE, \ MT_MEMORY | MT_RW | MT_SECURE) +/* + * Max size of SPMC is 2MB for tc0. With SPMD enabled this value corresponds to + * max size of BL32 image. + */ +#if defined(SPD_spmd) +#define PLAT_ARM_SPMC_BASE TC0_TZC_DRAM1_BASE +#define PLAT_ARM_SPMC_SIZE UL(0x200000) /* 2 MB */ +#endif /* * PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the @@ -106,7 +114,7 @@ #if TRUSTED_BOARD_BOOT # define PLAT_ARM_MAX_BL2_SIZE 0x1E000 #else -# define PLAT_ARM_MAX_BL2_SIZE 0x11000 +# define PLAT_ARM_MAX_BL2_SIZE 0x14000 #endif /* @@ -241,4 +249,7 @@ #define PLAT_ARM_TZC_NS_DEV_ACCESS \ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT)) +/* virtual address used by dynamic mem_protect for chunk_base */ +#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000) + #endif /* PLATFORM_DEF_H */ diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk index 4db081e70..5d2cc38c4 100644 --- a/plat/arm/board/tc0/platform.mk +++ b/plat/arm/board/tc0/platform.mk @@ -85,6 +85,14 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG})) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG})) +ifeq (${SPD},spmd) +FDT_SOURCES += ${TC0_BASE}/fdts/${PLAT}_spmc_manifest.dts +TC0_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_spmc_manifest.dtb + +# Add the TOS_FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${TC0_TOS_FW_CONFIG},--tos-fw-config,${TC0_TOS_FW_CONFIG})) +endif + #Device tree TC0_HW_CONFIG_DTS := fdts/tc0.dts TC0_HW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}.dtb diff --git a/plat/arm/board/tc0/tc0_plat.c b/plat/arm/board/tc0/tc0_plat.c index 304666a01..e12ad56d8 100644 --- a/plat/arm/board/tc0/tc0_plat.c +++ b/plat/arm/board/tc0/tc0_plat.c @@ -39,6 +39,9 @@ const mmap_region_t plat_arm_mmap[] = { TC0_FLASH0_RO, TC0_MAP_DEVICE, TC0_MAP_NS_DRAM1, +#if defined(SPD_spmd) + TC0_MAP_TZC_DRAM1, +#endif #if ARM_BL31_IN_DRAM ARM_MAP_BL31_SEC_DRAM, #endif From 879b5b8bcaf8c03940e571628838c8476cb69dca Mon Sep 17 00:00:00 2001 From: Usama Arif Date: Wed, 26 Aug 2020 14:04:31 +0100 Subject: [PATCH 5/5] plat: tc0: Configure TZC with secure world regions This includes configuration for SPMC and trusted OS. Change-Id: Ie24df200f446b3f5b23f5f764b115c7191e6ada3 Signed-off-by: Usama Arif Signed-off-by: Arunachalam Ganapathy --- plat/arm/board/tc0/include/platform_def.h | 11 +++++++++++ plat/arm/board/tc0/tc0_security.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h index dbec706fa..72a035f0a 100644 --- a/plat/arm/board/tc0/include/platform_def.h +++ b/plat/arm/board/tc0/include/platform_def.h @@ -249,6 +249,17 @@ #define PLAT_ARM_TZC_NS_DEV_ACCESS \ (TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT)) +/* + * The first region below, TC0_TZC_DRAM1_BASE (0xfd000000) to + * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 48 MB of DRAM as + * secure. The second region gives non secure access to rest of DRAM. + */ +#define TC0_TZC_REGIONS_DEF \ + {TC0_TZC_DRAM1_BASE, ARM_SCP_TZC_DRAM1_END, \ + TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS}, \ + {TC0_NS_DRAM1_BASE, TC0_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \ + PLAT_ARM_TZC_NS_DEV_ACCESS} + /* virtual address used by dynamic mem_protect for chunk_base */ #define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000) diff --git a/plat/arm/board/tc0/tc0_security.c b/plat/arm/board/tc0/tc0_security.c index 5f1cb1159..f54376203 100644 --- a/plat/arm/board/tc0/tc0_security.c +++ b/plat/arm/board/tc0/tc0_security.c @@ -8,7 +8,7 @@ #include static const arm_tzc_regions_info_t tzc_regions[] = { - ARM_TZC_REGIONS_DEF, + TC0_TZC_REGIONS_DEF, {} };