Reserve some DDR DRAM for secure use on FVP platforms

TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
the rest of DRAM as non-secure. Non-secure software must not attempt to
access the 16MB secure area.

Device tree files (sources and binaries) have been updated to match this
configuration, removing that memory from the Linux physical memory map.
UEFI earliest commit matching this change updated in documentation.

Replaced magic numbers with #define for memory region definition in the
platform security initialization function.

Fixes ARM-software/tf-issues#149

Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe

docs/user-guide.md

@@ -244,7 +244,7 @@ and Foundation FVPs:
 
     git clone -n https://github.com/tianocore/edk2.git
     cd edk2
-    git checkout c1cdcab9526506673b882017845a043cead8bc69
+    git checkout 10ddca8db92de5a535ca1ab71b780260aae8003d
 
 
 To build the software to be compatible with Foundation and Base FVPs, follow

fdts/fvp-base-gicv2-psci.dts

@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

fdts/fvp-base-gicv2legacy-psci.dts

@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

fdts/fvp-base-gicv3-psci.dts

@@ -115,7 +115,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

fdts/fvp-foundation-gicv2-psci.dts

@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

fdts/fvp-foundation-gicv2legacy-psci.dts

@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

fdts/fvp-foundation-gicv3-psci.dts

@@ -91,7 +91,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x00000000 0x80000000 0 0x80000000>,
+		reg = <0x00000000 0x80000000 0 0x7F000000>,
 		      <0x00000008 0x80000000 0 0x80000000>;
 	};
 

plat/fvp/aarch64/plat_common.c

@@ -121,7 +121,7 @@ const mmap_region_t fvp_mmap[] = {
 	{ DEVICE1_BASE,	DEVICE1_SIZE,	MT_DEVICE | MT_RW | MT_SECURE },
 	/* 2nd GB as device for now...*/
 	{ 0x40000000,	0x40000000,	MT_DEVICE | MT_RW | MT_SECURE },
-	{ DRAM_BASE,	DRAM_SIZE,	MT_MEMORY | MT_RW | MT_NS },
+	{ DRAM1_BASE,	DRAM1_SIZE,	MT_MEMORY | MT_RW | MT_NS },
 	{0}
 };
 

plat/fvp/bl2_plat_setup.c

@@ -142,10 +142,10 @@ void bl2_platform_setup()
 	bl2_to_bl31_args = (bl31_args_t *) TZDRAM_BASE;
 
 	/* Populate the extents of memory available for loading BL33 */
-	bl2_to_bl31_args->bl33_meminfo.total_base = DRAM_BASE;
-	bl2_to_bl31_args->bl33_meminfo.total_size = DRAM_SIZE;
-	bl2_to_bl31_args->bl33_meminfo.free_base = DRAM_BASE;
-	bl2_to_bl31_args->bl33_meminfo.free_size = DRAM_SIZE;
+	bl2_to_bl31_args->bl33_meminfo.total_base = DRAM1_BASE;
+	bl2_to_bl31_args->bl33_meminfo.total_size = DRAM1_SIZE - DRAM1_SEC_SIZE;
+	bl2_to_bl31_args->bl33_meminfo.free_base = DRAM1_BASE;
+	bl2_to_bl31_args->bl33_meminfo.free_size = DRAM1_SIZE - DRAM1_SEC_SIZE;
 	bl2_to_bl31_args->bl33_meminfo.attr = 0;
 	bl2_to_bl31_args->bl33_meminfo.next = 0;
 

plat/fvp/plat_security.c

@@ -100,16 +100,23 @@ void plat_security_setup(void)
 
 	/* Set to cover the first block of DRAM */
 	tzc_configure_region(&controller, FILTER_SHIFT(0), 1,
-			DRAM_BASE, 0xFFFFFFFF, TZC_REGION_S_NONE,
+			DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
+			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
 
+	/* Set to cover the secure reserved region */
+	tzc_configure_region(&controller, FILTER_SHIFT(0), 3,
+			(DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
+			TZC_REGION_S_RDWR,
+			0x0);
+
 	/* Set to cover the second block of DRAM */
 	tzc_configure_region(&controller, FILTER_SHIFT(0), 2,
-			0x880000000, 0xFFFFFFFFF, TZC_REGION_S_NONE,
+			DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_AP) |

plat/fvp/platform.h

@@ -67,7 +67,7 @@
 
 /* Non-Trusted Firmware BL33 and its load address */
 #define BL33_IMAGE_NAME			"bl33.bin" /* e.g. UEFI */
-#define NS_IMAGE_OFFSET			(DRAM_BASE + 0x8000000) /* DRAM + 128MB */
+#define NS_IMAGE_OFFSET			(DRAM1_BASE + 0x8000000) /* DRAM + 128MB */
 
 /* Firmware Image Package */
 #define FIP_IMAGE_NAME			"fip.bin"
@@ -134,8 +134,14 @@
 #define TZDRAM_SIZE		0x02000000
 #define MBOX_OFF		0x1000
 
-#define DRAM_BASE              0x80000000ull
-#define DRAM_SIZE              0x80000000ull
+#define DRAM1_BASE		0x80000000ull
+#define DRAM1_SIZE		0x80000000ull
+#define DRAM1_END		(DRAM1_BASE + DRAM1_SIZE - 1)
+#define DRAM1_SEC_SIZE		0x01000000ull
+
+#define DRAM2_BASE		0x880000000ull
+#define DRAM2_SIZE		0x780000000ull
+#define DRAM2_END		(DRAM2_BASE + DRAM2_SIZE - 1)
 
 #define PCIE_EXP_BASE		0x40000000
 #define TZRNG_BASE		0x7fe60000