diff options
| author | Grzegorz Jaszczyk <jaz@semihalf.com> | 2018-06-13 16:00:48 +0200 |
|---|---|---|
| committer | Konstantin Porotchkin <kostap@marvell.com> | 2018-09-02 14:10:47 +0300 |
| commit | de5cba28c43c2be7968c1ad15f15aae2fc823e51 (patch) | |
| tree | 96567d8d9ebcb7bd0010f111fdada315647d8fef /plat/marvell | |
| parent | 3a9f8eecd7eb4526ec4b6b5d7231038f9e32a3a5 (diff) | |
a8k: use the memory controller feature to protect the RT service region
Define the RT service space as secure with use of memory controller
trustzone feature. Thanks to this protection, any NS-Bootloader nor NS-OS,
won't be able to access RT services (e.g. accidentally overwrite it,
which will at best result in RT services unavailability).
Change-Id: Ie5b6cbe9a1b77879d6d8f8eac5d4e41e468496ce
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Diffstat (limited to 'plat/marvell')
| -rw-r--r-- | plat/marvell/a8k/common/a8k_common.mk | 3 | ||||
| -rw-r--r-- | plat/marvell/a8k/common/plat_bl31_setup.c | 21 |
2 files changed, 23 insertions, 1 deletions
diff --git a/plat/marvell/a8k/common/a8k_common.mk b/plat/marvell/a8k/common/a8k_common.mk index 3bcce96b..5956737d 100644 --- a/plat/marvell/a8k/common/a8k_common.mk +++ b/plat/marvell/a8k/common/a8k_common.mk @@ -76,7 +76,8 @@ MARVELL_DRV := $(MARVELL_DRV_BASE)/io_win.c \ $(MARVELL_DRV_BASE)/amb_adec.c \ $(MARVELL_DRV_BASE)/ccu.c \ $(MARVELL_DRV_BASE)/cache_llc.c \ - $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c + $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c \ + $(MARVELL_DRV_BASE)/mc_trustzone/mc_trustzone.c BL31_PORTING_SOURCES := $(PLAT_FAMILY_BASE)/$(PLAT)/board/marvell_plat_config.c diff --git a/plat/marvell/a8k/common/plat_bl31_setup.c b/plat/marvell/a8k/common/plat_bl31_setup.c index e6ffeeab..6dfbcbb2 100644 --- a/plat/marvell/a8k/common/plat_bl31_setup.c +++ b/plat/marvell/a8k/common/plat_bl31_setup.c @@ -11,6 +11,7 @@ #include <debug.h> #include <marvell_plat_priv.h> #include <marvell_pm.h> +#include <mc_trustzone/mc_trustzone.h> #include <mmio.h> #include <mci.h> #include <plat_marvell.h> @@ -75,6 +76,24 @@ _Bool is_pm_fw_running(void) return pm_fw_running; } +/* For TrusTzone we treat the "target" field of addr_map_win + * struct as attribute + */ +static const struct addr_map_win tz_map[] = { + {PLAT_MARVELL_ATF_BASE, 0x200000, TZ_PERM_ABORT} +}; + +/* Configure MC TrustZone regions */ +static void marvell_bl31_security_setup(void) +{ + int tz_nr, win_id; + + tz_nr = ARRAY_SIZE(tz_map); + + for (win_id = 0; win_id < tz_nr; win_id++) + tz_enable_win(MVEBU_AP0, tz_map, win_id); +} + /* This function overruns the same function in marvell_bl31_setup.c */ void bl31_plat_arch_setup(void) { @@ -116,4 +135,6 @@ void bl31_plat_arch_setup(void) /* Configure GPIO */ marvell_gpio_config(); + + marvell_bl31_security_setup(); } |