diff options
| author | Grzegorz Jaszczyk <jaz@semihalf.com> | 2018-06-13 16:00:48 +0200 |
|---|---|---|
| committer | Kostya Porotchkin <kostap@marvell.com> | 2018-06-28 19:22:03 +0300 |
| commit | b011931f1145c4f486d1162afd5c4cd782a83139 (patch) | |
| tree | 64b24f1bc21de0bcdbc76a83a2bf45468313bc5d | |
| parent | a4198a8bcb531ede276c2b616d143862dee6318d (diff) | |
a8k: use the memory controller feature to protect the RT service region
Define the RT service space as secure with use of memory controller
trustzone feature. Thanks to this protection, any NS-Bootloader nor NS-OS,
won't be able to access RT services (e.g. accidentally overwrite it,
which will at best result in RT services unavailability).
Change-Id: Ie5b6cbe9a1b77879d6d8f8eac5d4e41e468496ce
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-on: http://vgitil04.il.marvell.com:8080/56762
Tested-by: iSoC Platform CI <ykjenk@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
| -rw-r--r-- | plat/marvell/a8k/common/a8k_common.mk | 3 | ||||
| -rw-r--r-- | plat/marvell/a8k/common/plat_bl31_setup.c | 21 |
2 files changed, 23 insertions, 1 deletions
diff --git a/plat/marvell/a8k/common/a8k_common.mk b/plat/marvell/a8k/common/a8k_common.mk index 20ae349a..3bc452fb 100644 --- a/plat/marvell/a8k/common/a8k_common.mk +++ b/plat/marvell/a8k/common/a8k_common.mk @@ -88,7 +88,8 @@ MARVELL_DRV := $(MARVELL_DRV_BASE)/io_win.c \ $(MARVELL_DRV_BASE)/ccu.c \ $(MARVELL_DRV_BASE)/icu.c \ $(MARVELL_DRV_BASE)/cache_llc.c \ - $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c + $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c \ + $(MARVELL_DRV_BASE)/mc_trustzone/mc_trustzone.c BL31_PORTING_SOURCES := $(PLAT_FAMILY_BASE)/$(PLAT)/board/marvell_plat_config.c diff --git a/plat/marvell/a8k/common/plat_bl31_setup.c b/plat/marvell/a8k/common/plat_bl31_setup.c index 8a75d0dd..7d510645 100644 --- a/plat/marvell/a8k/common/plat_bl31_setup.c +++ b/plat/marvell/a8k/common/plat_bl31_setup.c @@ -14,6 +14,7 @@ #include <plat_config.h> #include <plat_marvell.h> #include <plat_private.h> +#include <mc_trustzone/mc_trustzone.h> #include <mss_ipc_drv.h> #include <mss_mem.h> @@ -75,6 +76,24 @@ _Bool is_pm_fw_running(void) return pm_fw_running; } +/* For TrusTzone we treat the "target" filed of addr_map_win + * stuct as attribute + */ +static const struct addr_map_win tz_map[] = { + {PLAT_MARVELL_ATF_BASE, 0x200000, TZ_PERM_ABORT} +}; + +/* Configure MC TrustZone regions */ +static void plat_marvell_security_setup(void) +{ + int tz_nr, win_id; + + tz_nr = ARRAY_SIZE(tz_map); + + for (win_id = 0; win_id < tz_nr; win_id++) + tz_enable_win(MVEBU_AP0, tz_map, win_id); +} + /* This function overruns the same function in marvell_bl31_setup.c */ void bl31_plat_arch_setup(void) { @@ -116,4 +135,6 @@ void bl31_plat_arch_setup(void) /* Configure GPIO */ marvell_gpio_config(); + + plat_marvell_security_setup(); } |