FVP secure memory support documentation

Fixes ARM-software/tf-issues#64

Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989

docs/firmware-design.md

@@ -207,15 +207,17 @@ bits.
 
 #### Platform initialization
 
-BL2 does not perform any platform initialization that affects subsequent
-stages of the ARM Trusted Firmware or normal world software. It copies the
-information regarding the trusted SRAM populated by BL1 using a
+BL2 copies the information regarding the trusted SRAM populated by BL1 using a
 platform-specific mechanism. It calculates the limits of DRAM (main memory)
 to determine whether there is enough space to load the BL3-3 image. A platform
 defined base address is used to specify the load address for the BL3-1 image.
 It also defines the extents of memory available for use by the BL3-2 image.
 BL2 also initializes UART0 (PL011 console), which enables  access to the
-`printf` family of functions in BL2
+`printf` family of functions in BL2. Platform security is initialized to allow
+access to access controlled components. On the Base FVP a TrustZone controller
+(TZC-400) is configured to give full access to the platform DRAM. The storage
+abstraction layer is initialized which is used to load further bootloader
+images.
 
 #### BL3-1 (EL3 Runtime Firmware) image load
 

docs/porting-guide.md

@@ -630,6 +630,10 @@ The non-secure memory extents used for loading BL3-3 are also initialized in
 this function. This information is accessible in the `bl33_meminfo` field in
 the `bl31_args` structure pointed to by `bl2_to_bl31_args`.
 
+Platform security components are configured if required. For the Base FVP the
+TZC-400 TrustZone controller is configured to grant secure and non-secure access
+to DRAM.
+
 This function is also responsible for initializing the storage abstraction layer
 which is used to load further bootloader images.
 

docs/user-guide.md

@@ -532,9 +532,15 @@ NOTE: The `-C bp.flashloader0.fname` parameter is used to load a Firmware Image
 Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware"
 section above).
 
+NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on
+FVP versions 5.4 and newer. Setting this parameter to `0` is also supported.
+The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to
+provide some helpful information if a secure memory violation occurs.
+
     <path-to>/FVP_Base_AEMv8A-AEMv8A                       \
     -C pctl.startup=0.0.0.0                                \
-    -C bp.secure_memory=0                                  \
+    -C bp.secure_memory=1                                  \
+    -C bp.tzc_400.diagnostics=1                            \
     -C cluster0.NUM_CORES=4                                \
     -C cluster1.NUM_CORES=4                                \
     -C cache_state_modelled=1                              \
@@ -560,9 +566,15 @@ NOTE: The `-C bp.flashloader0.fname` parameter is used to load a Firmware Image
 Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware"
 section above).
 
+NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on
+FVP versions 5.4 and newer. Setting this parameter to `0` is also supported.
+The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to
+provide some helpful information if a secure memory violation occurs.
+
     <path-to>/FVP_Base_Cortex-A57x4-A53x4                  \
     -C pctl.startup=0.0.0.0                                \
-    -C bp.secure_memory=0                                  \
+    -C bp.secure_memory=1                                  \
+    -C bp.tzc_400.diagnostics=1                            \
     -C cache_state_modelled=1                              \
     -C bp.pl011_uart0.untimed_fifos=1                      \
     -C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \