From dc68129c7d47ba0478080e0b4fd09fea3032b155 Mon Sep 17 00:00:00 2001 From: Anson Huang Date: Wed, 17 May 2017 21:59:26 +0800 Subject: Add necessary resources to secure partition for i.MX8QXP Add necessary resources to secure partition for protection. Also add in functionality to allow for register access of some secure-owned peripherals. These peripherals will still be protected from power or clk changes. Signed-off-by: Anson Huang Signed-off-by: Teo Hall --- plat/freescale/imx8qxp/imx8qxp_bl31_setup.c | 52 ++++++++++++++++++++++++++++- plat/freescale/imx8qxp/include/sec_rsrc.h | 18 ++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 plat/freescale/imx8qxp/include/sec_rsrc.h diff --git a/plat/freescale/imx8qxp/imx8qxp_bl31_setup.c b/plat/freescale/imx8qxp/imx8qxp_bl31_setup.c index d14d40aa..bf894977 100644 --- a/plat/freescale/imx8qxp/imx8qxp_bl31_setup.c +++ b/plat/freescale/imx8qxp/imx8qxp_bl31_setup.c @@ -44,6 +44,7 @@ #include #include #include +#include /* linker defined symbols */ extern unsigned long __RO_START__; @@ -182,6 +183,49 @@ static int lpuart32_serial_init(unsigned int base) } #endif +void imx8_partition_resources(void) +{ + sc_err_t err; + sc_rm_pt_t secure_part, os_part; + int i; + + err = sc_rm_get_partition(ipc_handle, &secure_part); + + err = sc_rm_partition_alloc(ipc_handle, &os_part, false, false, + false, false, false); + + err = sc_rm_set_parent(ipc_handle, os_part, secure_part); + + /* set secure resources to NOT-movable */ + for(i = 0; i<(sizeof(secure_rsrcs)/sizeof(sc_rsrc_t)); i++){ + err = sc_rm_set_resource_movable(ipc_handle, + secure_rsrcs[i], secure_rsrcs[i], false); + } + + /* move all movable resources and pins to non-secure partition */ + err = sc_rm_move_all(ipc_handle, secure_part, os_part, true, true); + + /* iterate through peripherals to give NS OS part access */ + for(i = 0; i<(sizeof(ns_access_allowed)/sizeof(sc_rsrc_t)); i++){ + err = sc_rm_set_peripheral_permissions(ipc_handle, + ns_access_allowed[i], os_part, SC_RM_PERM_FULL); + } + + /* + * sc_rm_set_peripheral_permissions + * + * sc_rm_set_memreg_permissions + * + * sc_rm_set_pin_movable + * + */ + + if (err) + NOTICE("Partitioning Failed\n"); + else + NOTICE("Non-secure Partitioning Succeeded\n"); +} + void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { @@ -224,6 +268,12 @@ void bl31_early_platform_setup(bl31_params_t *from_bl2, IMX_CONSOLE_BAUDRATE); #endif + /* create new partition for non-secure OS/Hypervisor + * + * uses global structs defined in sec_rsrc.h + */ + imx8_partition_resources(); + /* * tell BL3-1 where the non-secure software image is located * and the entry state information. @@ -246,7 +296,7 @@ void bl31_plat_arch_setup(void) MT_MEMORY | MT_RO); mmap_add_region(IMX_BOOT_UART_BASE, IMX_BOOT_UART_BASE, 0x1000, MT_DEVICE | MT_RW); - mmap_add_region(0x5d1b0000, 0x5d1b0000, 0x10000, + mmap_add_region(SC_IPC_CH, SC_IPC_CH, 0x10000, MT_DEVICE | MT_RW); mmap_add_region(PLAT_GICD_BASE, PLAT_GICD_BASE, 0x10000, MT_DEVICE | MT_RW); diff --git a/plat/freescale/imx8qxp/include/sec_rsrc.h b/plat/freescale/imx8qxp/include/sec_rsrc.h new file mode 100644 index 00000000..46585881 --- /dev/null +++ b/plat/freescale/imx8qxp/include/sec_rsrc.h @@ -0,0 +1,18 @@ +/* Copyright 2017 NXP */ +/* Include file detailing the resource partitioning for ATF */ + +/* resources that are going to stay in secure partition */ +sc_rsrc_t secure_rsrcs[] = { + SC_R_MU_1A, + SC_R_A35, + SC_R_A35_0, + SC_R_A35_1, + SC_R_A35_2, + SC_R_A35_3, + SC_R_GIC, +}; + +/* resources that have register access for non-secure domain */ +sc_rsrc_t ns_access_allowed[] = { + SC_R_GIC, +}; -- cgit v1.2.3