From 2fdcce893a44772d5fccc8686e35a4865450a069 Mon Sep 17 00:00:00 2001 From: Anson Huang Date: Wed, 17 May 2017 21:59:26 +0800 Subject: Add necessary resources to secure partition for i.MX8QXP Add necessary resources to secure partition for protection. Also add in functionality to allow for register access of some secure-owned peripherals. These peripherals will still be protected from power or clk changes. Signed-off-by: Anson Huang Signed-off-by: Teo Hall --- plat/imx/imx8qxp/imx8qxp_bl31_setup.c | 52 ++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) (limited to 'plat/imx/imx8qxp/imx8qxp_bl31_setup.c') diff --git a/plat/imx/imx8qxp/imx8qxp_bl31_setup.c b/plat/imx/imx8qxp/imx8qxp_bl31_setup.c index e82e0124..6293d7c2 100644 --- a/plat/imx/imx8qxp/imx8qxp_bl31_setup.c +++ b/plat/imx/imx8qxp/imx8qxp_bl31_setup.c @@ -44,6 +44,7 @@ #include #include #include +#include /* linker defined symbols */ #if USE_COHERENT_MEM @@ -175,6 +176,49 @@ static int lpuart32_serial_init(unsigned int base) } #endif +void imx8_partition_resources(void) +{ + sc_err_t err; + sc_rm_pt_t secure_part, os_part; + int i; + + err = sc_rm_get_partition(ipc_handle, &secure_part); + + err = sc_rm_partition_alloc(ipc_handle, &os_part, false, false, + false, false, false); + + err = sc_rm_set_parent(ipc_handle, os_part, secure_part); + + /* set secure resources to NOT-movable */ + for(i = 0; i<(sizeof(secure_rsrcs)/sizeof(sc_rsrc_t)); i++){ + err = sc_rm_set_resource_movable(ipc_handle, + secure_rsrcs[i], secure_rsrcs[i], false); + } + + /* move all movable resources and pins to non-secure partition */ + err = sc_rm_move_all(ipc_handle, secure_part, os_part, true, true); + + /* iterate through peripherals to give NS OS part access */ + for(i = 0; i<(sizeof(ns_access_allowed)/sizeof(sc_rsrc_t)); i++){ + err = sc_rm_set_peripheral_permissions(ipc_handle, + ns_access_allowed[i], os_part, SC_RM_PERM_FULL); + } + + /* + * sc_rm_set_peripheral_permissions + * + * sc_rm_set_memreg_permissions + * + * sc_rm_set_pin_movable + * + */ + + if (err) + NOTICE("Partitioning Failed\n"); + else + NOTICE("Non-secure Partitioning Succeeded\n"); +} + void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { @@ -217,6 +261,12 @@ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, IMX_CONSOLE_BAUDRATE); #endif + /* create new partition for non-secure OS/Hypervisor + * + * uses global structs defined in sec_rsrc.h + */ + imx8_partition_resources(); + /* * tell BL3-1 where the non-secure software image is located * and the entry state information. @@ -239,7 +289,7 @@ void bl31_plat_arch_setup(void) MT_MEMORY | MT_RO); mmap_add_region(IMX_BOOT_UART_BASE, IMX_BOOT_UART_BASE, 0x1000, MT_DEVICE | MT_RW); - mmap_add_region(0x5d1b0000, 0x5d1b0000, 0x10000, + mmap_add_region(SC_IPC_CH, SC_IPC_CH, 0x10000, MT_DEVICE | MT_RW); mmap_add_region(PLAT_GICD_BASE, PLAT_GICD_BASE, 0x10000, MT_DEVICE | MT_RW); -- cgit v1.2.3