TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-a / a1e0c01f97bfbaac927eee5c20b63629b203a756^! / . / plat / mediatek / mt8173 / bl31_plat_setup.c
commita1e0c01f97bfbaac927eee5c20b63629b203a756[log] [tgz]
authorJimmy Huang <jimmy.huang@mediatek.com>Tue Mar 29 17:42:41 2016 +0800
committerYidi Lin <yidi.lin@mediatek.com>Fri Apr 01 13:10:41 2016 +0800
treeb28eebf7dc9990af5febad6bef6de35a991dc876
parent6b1ca8f35802fddc530e1a5f2be7b82ddbab6917 [diff] [blame]
mt8173: Protect BL31 memory from non-secure access

BL31 usually handles confidential stuff, its memory must not be
read/write accessible from non-secure world. This patch protects
the BL31 memory range from non-secure read/write access.

Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>

diff --git a/plat/mediatek/mt8173/bl31_plat_setup.c b/plat/mediatek/mt8173/bl31_plat_setup.c
index 8783775..749009e 100644
--- a/plat/mediatek/mt8173/bl31_plat_setup.c
+++ b/plat/mediatek/mt8173/bl31_plat_setup.c

@@ -50,13 +50,15 @@
 unsigned long __COHERENT_RAM_END__;
 
 /*
- * The next 2 constants identify the extents of the code & RO data region.
- * These addresses are used by the MMU setup code and therefore they must be
- * page-aligned.  It is the responsibility of the linker script to ensure that
- * __RO_START__ and __RO_END__ linker symbols refer to page-aligned addresses.
+ * The next 3 constants identify the extents of the code, RO data region and the
+ * limit of the BL31 image.  These addresses are used by the MMU setup code and
+ * therefore they must be page-aligned.  It is the responsibility of the linker
+ * script to ensure that __RO_START__, __RO_END__ & __BL31_END__ linker symbols
+ * refer to page-aligned addresses.
  */
 #define BL31_RO_BASE (unsigned long)(&__RO_START__)
 #define BL31_RO_LIMIT (unsigned long)(&__RO_END__)
+#define BL31_END (unsigned long)(&__BL31_END__)
 
 /*
  * The next 2 constants identify the extents of the coherent memory region.
@@ -108,6 +110,13 @@
 		MCU_BUS_DCM_EN);
 }
 
+static void platform_setup_sram(void)
+{
+	/* protect BL31 memory from non-secure read/write access */
+	mmio_write_32(SRAMROM_SEC_ADDR, (uint32_t)(BL31_END + 0x3ff) & 0x3fc00);
+	mmio_write_32(SRAMROM_SEC_CTRL, 0x10000ff9);
+}
+
 /*******************************************************************************
  * Return a pointer to the 'entry_point_info' structure of the next image for
  * the security state specified. BL33 corresponds to the non-secure image type
@@ -156,6 +165,7 @@
 void bl31_platform_setup(void)
 {
 	platform_setup_cpu();
+	platform_setup_sram();
 
 	plat_delay_timer_init();