diff options
| author | Ye Li <ye.li@nxp.com> | 2018-12-26 04:59:56 -0800 |
|---|---|---|
| committer | Anson Huang <Anson.Huang@nxp.com> | 2019-12-13 10:45:50 +0800 |
| commit | fdd8c22694528c072b0b06c0bb53d2d7c94d55f2 (patch) | |
| tree | 12a04ff7c28c59ba16f8120d44d270a6cfb6143d /plat/imx/imx8qx/imx8qx_bl31_setup.c | |
| parent | b4b5674df40e281483702c1795cd2912fd437670 (diff) | |
imx8qm/qxp: Protect the lower 96K ocram used for SPL
Because the partition reboot won't reload the first level bootloader (SPL),
the SPL won't be authenticated. Users can corrupt the SPL image to break
the boot trust chain in secure boot if we don't protect that OCRAM area.
This patch configures the memory area from 0x0 to 0x118000 only accessed by
secure partition (ATF and OPTEE). Non-secure partitions (u-boot and kernel)
can't access it.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 1eff7d3ef6f121782e56bb1807744ede48b8580b)
(cherry picked from commit 96d33120bb57895db73e669ef0aeccde0d4875d5)
Diffstat (limited to 'plat/imx/imx8qx/imx8qx_bl31_setup.c')
| -rw-r--r-- | plat/imx/imx8qx/imx8qx_bl31_setup.c | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/plat/imx/imx8qx/imx8qx_bl31_setup.c b/plat/imx/imx8qx/imx8qx_bl31_setup.c index 73920b75..83d11fc9 100644 --- a/plat/imx/imx8qx/imx8qx_bl31_setup.c +++ b/plat/imx/imx8qx/imx8qx_bl31_setup.c @@ -155,8 +155,8 @@ static int lpuart32_serial_init(unsigned int base) void imx8_partition_resources(void) { sc_rm_pt_t secure_part, os_part; - sc_rm_mr_t mr, mr_record = 64; - sc_faddr_t start, end; + sc_rm_mr_t mr, mr_record = 64, mr_ocram = 64; + sc_faddr_t start, end, reg_end; sc_err_t err; bool owned; int i; @@ -198,7 +198,11 @@ void imx8_partition_resources(void) NOTICE("Memreg %u 0x%llx -- 0x%llx\n", mr, start, end); if (BL31_BASE >= start && (BL31_LIMIT - 1) <= end) { mr_record = mr; /* Record the mr for ATF running */ - } else { + } + else if (0 >= start && (OCRAM_BASE + OCRAM_ALIAS_SIZE - 1) <= end) { + mr_ocram = mr; + } + else { err = sc_rm_assign_memreg(ipc_handle, os_part, mr); if (err) ERROR("Memreg assign failed, 0x%llx -- 0x%llx, \ @@ -234,6 +238,25 @@ void imx8_partition_resources(void) } } + if (mr_ocram != 64) { + err = sc_rm_get_memreg_info(ipc_handle, mr_ocram, &start, &end); + reg_end = end; + if (err) { + ERROR("Memreg get info failed, %u\n", mr_ocram); + } else { + if ((OCRAM_BASE + OCRAM_ALIAS_SIZE - 1) < end) { + err = sc_rm_memreg_alloc(ipc_handle, &mr, OCRAM_BASE + OCRAM_ALIAS_SIZE, reg_end); + if (err) { + ERROR("sc_rm_memreg_alloc failed, 0x%llx -- 0x%llx\n", (sc_faddr_t)OCRAM_BASE + OCRAM_ALIAS_SIZE, reg_end); + } else { + err = sc_rm_assign_memreg(ipc_handle, os_part, mr); + if (err) + ERROR("Memreg assign failed, 0x%llx -- 0x%llx\n", (sc_faddr_t)OCRAM_BASE + OCRAM_ALIAS_SIZE, reg_end); + } + } + } + } + owned = sc_rm_is_resource_owned(ipc_handle, SC_R_M4_0_PID0); if (owned) { err = sc_rm_set_resource_movable(ipc_handle, SC_R_M4_0_PID0, |