From c1ad41fbf7d62b639b4aae387532b3a9f74851ed Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Fri, 4 Sep 2020 15:55:53 +0200 Subject: [PATCH] refactor(plat/st): map DDR secure at boot In BL2, the DDR can be mapped as secured in MMU, as no other SW has access to it during its execution. The TZC400 configuration is also updated to reflect this. When using OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE mapping. Else, SP_min will be in charge to reconfigure TZC400 to set DDR non-secure. Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103 Signed-off-by: Yann Gautier --- plat/st/common/stm32mp_common.c | 2 +- plat/st/stm32mp1/bl2_plat_setup.c | 21 ++++++--------------- plat/st/stm32mp1/stm32mp1_security.c | 19 +++++++------------ 3 files changed, 14 insertions(+), 28 deletions(-) diff --git a/plat/st/common/stm32mp_common.c b/plat/st/common/stm32mp_common.c index d3de1e14f..aa87c5d6b 100644 --- a/plat/st/common/stm32mp_common.c +++ b/plat/st/common/stm32mp_common.c @@ -105,7 +105,7 @@ int stm32mp_map_ddr_non_cacheable(void) { return mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE, STM32MP_DDR_MAX_SIZE, - MT_NON_CACHEABLE | MT_RW | MT_NS); + MT_NON_CACHEABLE | MT_RW | MT_SECURE); } int stm32mp_unmap_ddr(void) diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index 91073b89d..3e179fbbf 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -132,7 +132,6 @@ void bl2_el3_early_platform_setup(u_register_t arg0, void bl2_platform_setup(void) { int ret; - uint32_t ddr_ns_size; if (dt_pmic_status() > 0) { initialize_pmic(); @@ -144,24 +143,16 @@ void bl2_platform_setup(void) panic(); } - ddr_ns_size = stm32mp_get_ddr_ns_size(); - assert(ddr_ns_size > 0U); - - /* Map non secure DDR for BL33 load, now with cacheable attribute */ + /* Map DDR for binary load, now with cacheable attribute */ ret = mmap_add_dynamic_region(STM32MP_DDR_BASE, STM32MP_DDR_BASE, - ddr_ns_size, MT_MEMORY | MT_RW | MT_NS); - assert(ret == 0); + STM32MP_DDR_MAX_SIZE, MT_MEMORY | MT_RW | MT_SECURE); + if (ret < 0) { + ERROR("DDR mapping: error %d\n", ret); + panic(); + } #ifdef AARCH32_SP_OPTEE INFO("BL2 runs OP-TEE setup\n"); - - /* Map secure DDR for OP-TEE paged area */ - ret = mmap_add_dynamic_region(STM32MP_DDR_BASE + ddr_ns_size, - STM32MP_DDR_BASE + ddr_ns_size, - STM32MP_DDR_S_SIZE, - MT_MEMORY | MT_RW | MT_SECURE); - assert(ret == 0); - /* Initialize tzc400 after DDR initialization */ stm32mp1_security_setup(); #else diff --git a/plat/st/stm32mp1/stm32mp1_security.c b/plat/st/stm32mp1/stm32mp1_security.c index 6dbf6f8c4..2ee5f4a85 100644 --- a/plat/st/stm32mp1/stm32mp1_security.c +++ b/plat/st/stm32mp1/stm32mp1_security.c @@ -29,11 +29,14 @@ static unsigned int region_nb; -static void init_tzc400_begin(void) +static void init_tzc400_begin(unsigned int region0_attr) { tzc400_init(STM32MP1_TZC_BASE); tzc400_disable_filters(); + /* Region 0 set to cover all DRAM at 0xC000_0000 */ + tzc400_configure_region0(region0_attr, 0); + region_nb = 1U; } @@ -76,7 +79,7 @@ static void init_tzc400(void) unsigned long long ddr_ns_top = ddr_base + (ddr_ns_size - 1U); unsigned long long ddr_top __unused; - init_tzc400_begin(); + init_tzc400_begin(TZC_REGION_S_NONE); /* * Region 1 set to cover all non-secure DRAM at 0xC000_0000. Apply the @@ -118,16 +121,8 @@ static void early_init_tzc400(void) stm32mp_clk_enable(TZC1); stm32mp_clk_enable(TZC2); - init_tzc400_begin(); - - /* Region 1 set to cover Non-Secure DRAM at 0xC000_0000 */ - tzc400_configure_region(STM32MP1_FILTER_BIT_ALL, 1, - STM32MP_DDR_BASE, - STM32MP_DDR_BASE + - (STM32MP_DDR_MAX_SIZE - 1U), - TZC_REGION_S_NONE, - TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_A7_ID) | - TZC_REGION_ACCESS_RDWR(STM32MP1_TZC_SDMMC_ID)); + /* Region 0 set to cover all DRAM secure at 0xC000_0000 */ + init_tzc400_begin(TZC_REGION_S_RDWR); /* Raise an exception if a NS device tries to access secure memory */ init_tzc400_end(TZC_ACTION_ERR);