ArmPlatformPkg: Replaced 'ArmPlatformTrustzoneSupported' by the fixed Pcd gArmTokenSpaceGuid.PcdTrustzoneSupport

This change does not make possible to disable Trustzone from the firmware.
The firmware has to be built for Trustzone support enabled or disabled.

The memory page table are now defined as 'Normal Memory' in any case.
Except for RTSM Device Memory which as to be Secure Device Memory due
to a RTSM bug.



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12452 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
oliviermartin 2011-09-27 16:29:07 +00:00
parent 4103bc94fb
commit 12c5ae238e
12 changed files with 49 additions and 138 deletions

View File

@ -68,6 +68,8 @@
gArmTokenSpaceGuid.PcdEfiUncachedMemoryToStronglyOrdered|FALSE|BOOLEAN|0x00000025
[PcdsFixedAtBuild.common]
gArmTokenSpaceGuid.PcdTrustzoneSupport|FALSE|BOOLEAN|0x00000006
# This PCD should be a FeaturePcd. But we used this PCD as an '#if' in an ASM file.
# Using a FeaturePcd make a '(BOOLEAN) casting for its value which is not understood by the preprocessor.
gArmTokenSpaceGuid.PcdVFPEnabled|0|UINT32|0x00000024

View File

@ -47,26 +47,6 @@ ARM_CORE_INFO mRealViewEbMpCoreInfoTable[] = {
}
};
/**
Return if Trustzone is supported by your platform
A non-zero value must be returned if you want to support a Secure World on your platform.
ArmPlatformTrustzoneInit() will later set up the secure regions.
This function can return 0 even if Trustzone is supported by your processor. In this case,
the platform will continue to run in Secure World.
@return A non-zero value if Trustzone supported.
**/
UINTN
ArmPlatformTrustzoneSupported (
VOID
)
{
// There is no Trustzone controllers (TZPC & TZASC) and no Secure Memory on RTSM
return FALSE;
}
/**
Remap the memory at 0x0

View File

@ -25,8 +25,6 @@
// DDR attributes
#define DDR_ATTRIBUTES_CACHED ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK
#define DDR_ATTRIBUTES_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED
#define DDR_ATTRIBUTES_SECURE_CACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_WRITE_BACK
#define DDR_ATTRIBUTES_SECURE_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_UNCACHED_UNBUFFERED
/**
Return the Virtual Memory Map of your platform
@ -44,7 +42,6 @@ ArmPlatformGetVirtualMemoryMap (
)
{
UINT32 CacheAttributes;
BOOLEAN bTrustzoneSupport = FALSE;
UINTN Index = 0;
ARM_MEMORY_REGION_DESCRIPTOR *VirtualMemoryTable;
@ -56,9 +53,9 @@ ArmPlatformGetVirtualMemoryMap (
}
if (FeaturePcdGet(PcdCacheEnable) == TRUE) {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_CACHED : DDR_ATTRIBUTES_SECURE_CACHED);
CacheAttributes = DDR_ATTRIBUTES_CACHED;
} else {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_UNCACHED : DDR_ATTRIBUTES_SECURE_UNCACHED);
CacheAttributes = DDR_ATTRIBUTES_UNCACHED;
}
// ReMap (Either NOR Flash or DRAM)
@ -77,13 +74,13 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_EB_SMB_MB_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_EB_SMB_MB_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].Length = ARM_EB_SMB_MB_ON_CHIP_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
// SMB CS0-CS1 - NOR Flash 1 & 2
VirtualMemoryTable[++Index].PhysicalBase = ARM_EB_SMB_NOR_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_EB_SMB_NOR_BASE;
VirtualMemoryTable[Index].Length = ARM_EB_SMB_NOR_SZ + ARM_EB_SMB_DOC_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
// SMB CS2 - SRAM
VirtualMemoryTable[++Index].PhysicalBase = ARM_EB_SMB_SRAM_BASE;
@ -95,14 +92,14 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_EB_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_EB_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].Length = ARM_EB_SMB_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
// If a Logic Tile is connected to The ARM Versatile Express Motherboard
if (MmioRead32(ARM_EB_SYS_PROCID1_REG) != 0) {
VirtualMemoryTable[++Index].PhysicalBase = ARM_EB_LOGIC_TILE_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_EB_LOGIC_TILE_BASE;
VirtualMemoryTable[Index].Length = ARM_EB_LOGIC_TILE_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
ASSERT((Index + 1) == (MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS + 1));
} else {

View File

@ -49,4 +49,6 @@
gArmPlatformTokenSpaceGuid.PcdNorFlashRemapping
[FixedPcd]
gArmTokenSpaceGuid.PcdTrustzoneSupport
gArmTokenSpaceGuid.PcdL2x0ControllerBase

View File

@ -105,25 +105,6 @@ PL341_DMC_CONFIG DDRTimings = {
.ExtModeReg = DDR_EMR_RTT_50R | (DDR_EMR_ODS_VAL << DDR_EMR_ODS_MASK),
};
/**
Return if Trustzone is supported by your platform
A non-zero value must be returned if you want to support a Secure World on your platform.
ArmVExpressTrustzoneInit() will later set up the secure regions.
This function can return 0 even if Trustzone is supported by your processor. In this case,
the platform will continue to run in Secure World.
@return A non-zero value if Trustzone supported.
**/
UINTN
ArmPlatformTrustzoneSupported (
VOID
)
{
return (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK);
}
/**
Return the current Boot Mode
@ -137,7 +118,11 @@ ArmPlatformGetBootMode (
VOID
)
{
if (MmioRead32(ARM_VE_SYS_FLAGS_NV_REG) == 0) {
return BOOT_WITH_FULL_CONFIGURATION;
} else {
return BOOT_ON_S2_RESUME;
}
}
/**

View File

@ -26,8 +26,6 @@
// DDR attributes
#define DDR_ATTRIBUTES_CACHED ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK
#define DDR_ATTRIBUTES_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED
#define DDR_ATTRIBUTES_SECURE_CACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_WRITE_BACK
#define DDR_ATTRIBUTES_SECURE_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_UNCACHED_UNBUFFERED
/**
Return the Virtual Memory Map of your platform
@ -45,7 +43,6 @@ ArmPlatformGetVirtualMemoryMap (
)
{
ARM_MEMORY_REGION_ATTRIBUTES CacheAttributes;
BOOLEAN bTrustzoneSupport;
UINTN Index = 0;
ARM_MEMORY_REGION_DESCRIPTOR *VirtualMemoryTable;
@ -56,34 +53,17 @@ ArmPlatformGetVirtualMemoryMap (
return;
}
// Check if SMC TZASC is enabled. If Trustzone not enabled then all the entries remain in Secure World.
// As this value can be changed in the Board Configuration file, the UEFI firmware needs to work for both case
if (ArmPlatformTrustzoneSupported ()) {
bTrustzoneSupport = TRUE;
} else {
bTrustzoneSupport = FALSE;
}
if (FeaturePcdGet(PcdCacheEnable) == TRUE) {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_CACHED : DDR_ATTRIBUTES_SECURE_CACHED);
CacheAttributes = DDR_ATTRIBUTES_CACHED;
} else {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_UNCACHED : DDR_ATTRIBUTES_SECURE_UNCACHED);
CacheAttributes = DDR_ATTRIBUTES_UNCACHED;
}
if (FeaturePcdGet(PcdNorFlashRemapping) == FALSE) {
// ReMap (Either NOR Flash or DRAM)
VirtualMemoryTable[Index].PhysicalBase = ARM_VE_REMAP_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_REMAP_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_REMAP_SZ;
if (FeaturePcdGet(PcdNorFlashRemapping)) {
// Map the NOR Flash as Secure Memory
if (FeaturePcdGet(PcdCacheEnable) == TRUE) {
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_SECURE_CACHED;
} else {
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_SECURE_UNCACHED;
}
} else {
// DRAM mapping
VirtualMemoryTable[Index].Attributes = CacheAttributes;
}
@ -97,13 +77,13 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_SMB_MB_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_SMB_MB_ON_CHIP_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
// SMB CS0-CS1 - NOR Flash 1 & 2
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_NOR0_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_SMB_NOR0_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_SMB_NOR0_SZ + ARM_VE_SMB_NOR1_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
// SMB CS2 - SRAM
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_SRAM_BASE;
@ -115,14 +95,14 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_SMB_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
// If a Logic Tile is connected to The ARM Versatile Express Motherboard
if (MmioRead32(ARM_VE_SYS_PROCID1_REG) != 0) {
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_EXT_AXI_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_EXT_AXI_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_EXT_AXI_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
ASSERT((Index + 1) == (MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS + 1));
} else {

View File

@ -39,6 +39,12 @@ ArmPlatformTrustzoneInit (
// Setup TZ Protection Controller
//
if (MmioRead32(ARM_VE_SYS_CFGRW1_REG) & ARM_VE_CFGRW1_TZASC_EN_BIT_MASK) {
ASSERT (PcdGetBool (PcdTrustzoneSupport) == TRUE);
} else {
ASSERT (PcdGetBool (PcdTrustzoneSupport) == FALSE);
}
// Set Non Secure access for all devices
TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_0, 0xFFFFFFFF);
TZPCSetDecProtBits(ARM_VE_TZPC_BASE, TZPC_DECPROT_1, 0xFFFFFFFF);

View File

@ -23,6 +23,11 @@
#include <ArmPlatform.h>
UINTN
ArmGetCpuCountPerCluster (
VOID
);
ARM_CORE_INFO mVersatileExpressMpCoreInfoTable[] = {
{
// Cluster 0, Core 0
@ -66,26 +71,6 @@ ARM_CORE_INFO mVersatileExpressMpCoreInfoTable[] = {
}
};
/**
Return if Trustzone is supported by your platform
A non-zero value must be returned if you want to support a Secure World on your platform.
ArmVExpressTrustzoneInit() will later set up the secure regions.
This function can return 0 even if Trustzone is supported by your processor. In this case,
the platform will continue to run in Secure World.
@return A non-zero value if Trustzone supported.
**/
UINTN
ArmPlatformTrustzoneSupported (
VOID
)
{
// Not supported yet but model does have Secure SRAM (but no TZPC/TZASC) so we could support it
return FALSE;
}
/**
Return the current Boot Mode

View File

@ -25,8 +25,6 @@
// DDR attributes
#define DDR_ATTRIBUTES_CACHED ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK
#define DDR_ATTRIBUTES_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_UNCACHED_UNBUFFERED
#define DDR_ATTRIBUTES_SECURE_CACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_WRITE_BACK
#define DDR_ATTRIBUTES_SECURE_UNCACHED ARM_MEMORY_REGION_ATTRIBUTE_SECURE_UNCACHED_UNBUFFERED
/**
Return the Virtual Memory Map of your platform
@ -44,7 +42,6 @@ ArmPlatformGetVirtualMemoryMap (
)
{
ARM_MEMORY_REGION_ATTRIBUTES CacheAttributes;
BOOLEAN bTrustzoneSupport;
UINTN Index = 0;
ARM_MEMORY_REGION_DESCRIPTOR *VirtualMemoryTable;
@ -55,18 +52,10 @@ ArmPlatformGetVirtualMemoryMap (
return;
}
// Check if SMC TZASC is enabled. If Trustzone not enabled then all the entries remain in Secure World.
// As this value can be changed in the Board Configuration file, the UEFI firmware needs to work for both case
if (ArmPlatformTrustzoneSupported ()) {
bTrustzoneSupport = TRUE;
} else {
bTrustzoneSupport = FALSE;
}
if (FeaturePcdGet(PcdCacheEnable) == TRUE) {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_CACHED : DDR_ATTRIBUTES_SECURE_CACHED);
CacheAttributes = DDR_ATTRIBUTES_CACHED;
} else {
CacheAttributes = (bTrustzoneSupport ? DDR_ATTRIBUTES_UNCACHED : DDR_ATTRIBUTES_SECURE_UNCACHED);
CacheAttributes = DDR_ATTRIBUTES_UNCACHED;
}
// ReMap (Either NOR Flash or DRAM)
@ -74,12 +63,12 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[Index].VirtualBase = ARM_VE_REMAP_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_REMAP_SZ;
if (FeaturePcdGet(PcdNorFlashRemapping)) {
if (FeaturePcdGet(PcdNorFlashRemapping) == FALSE) {
// Map the NOR Flash as Secure Memory
if (FeaturePcdGet(PcdCacheEnable) == TRUE) {
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_SECURE_CACHED;
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_CACHED;
} else {
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_SECURE_UNCACHED;
VirtualMemoryTable[Index].Attributes = DDR_ATTRIBUTES_UNCACHED;
}
} else {
// DRAM mapping
@ -96,13 +85,13 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_ON_CHIP_PERIPH_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_ON_CHIP_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
// SMB CS0-CS1 - NOR Flash 1 & 2
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_NOR0_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_SMB_NOR0_BASE;
VirtualMemoryTable[Index].Length = ARM_VE_SMB_NOR0_SZ + ARM_VE_SMB_NOR1_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
// SMB CS2 - SRAM
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_SRAM_BASE;
@ -114,7 +103,7 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].VirtualBase = ARM_VE_SMB_PERIPH_BASE;
VirtualMemoryTable[Index].Length = 2 * ARM_VE_SMB_PERIPH_SZ;
VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
//TODO:This should be enabled for final release. Right now, ARM VE RTSM crashes.
// // If a Logic Tile is connected to The ARM Versatile Express Motherboard
@ -122,7 +111,7 @@ ArmPlatformGetVirtualMemoryMap (
// VirtualMemoryTable[++Index].PhysicalBase = ARM_VE_EXT_AXI_BASE;
// VirtualMemoryTable[Index].VirtualBase = ARM_VE_EXT_AXI_BASE;
// VirtualMemoryTable[Index].Length = ARM_VE_EXT_AXI_SZ;
// VirtualMemoryTable[Index].Attributes = (bTrustzoneSupport ? ARM_MEMORY_REGION_ATTRIBUTE_DEVICE : ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE);
// VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_SECURE_DEVICE;
//
// ASSERT((Index + 1) == (MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS + 1));
// } else {

View File

@ -143,22 +143,6 @@ ArmPlatformBootRemapping (
VOID
);
/**
Return if Trustzone is supported by your platform
A non-zero value must be returned if you want to support a Secure World on your platform.
ArmPlatformTrustzoneInit() will later set up the secure regions.
This function can return 0 even if Trustzone is supported by your processor. In this case,
the platform will continue to run in Secure World.
@return A non-zero value if Trustzone supported.
**/
UINTN
ArmPlatformTrustzoneSupported (
VOID
);
/**
Initialize the Secure peripherals and memory regions

View File

@ -103,7 +103,7 @@ CEntryPoint (
}
// Test if Trustzone is supported on this platform
if (ArmPlatformTrustzoneSupported ()) {
if (FixedPcdGetBool (PcdTrustzoneSupport)) {
// Ensure the Monitor Stack Base & Size have been set
ASSERT(PcdGet32(PcdCPUCoresSecMonStackBase) != 0);
ASSERT(PcdGet32(PcdCPUCoreSecMonStackSize) != 0);

View File

@ -51,6 +51,7 @@
gArmPlatformTokenSpaceGuid.PcdSystemMemoryInitializeInSec
[FixedPcd]
gArmTokenSpaceGuid.PcdTrustzoneSupport
gArmTokenSpaceGuid.PcdVFPEnabled
gArmTokenSpaceGuid.PcdArmPrimaryCoreMask