[coreboot-gerrit] New patch to review for coreboot: 4843814 t132: handle optional Trust Zone region correctly

Marc Jones (marc.jones@se-eng.com) gerrit at coreboot.org
Tue Mar 10 22:26:20 CET 2015 

Marc Jones (marc.jones at se-eng.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/8639

-gerrit

commit 4843814a9cb745e102c1123559e697236871417d
Author: Aaron Durbin <adurbin at chromium.org>
Date:   Tue Jul 15 10:53:29 2014 -0500

    t132: handle optional Trust Zone region correctly
    
    Provide a default Trust Zone region size of 1MiB, and
    correctly account for it in the AVP and the arm64 cores.
    The different paths between the arm64 cores and the AVP
    is because the AVP cannot access the Trust Zone region
    registers. Therefore the AVP needs to account for the
    Trust Zone region.
    
    BUG=chrome-os-partner:30572
    BRANCH=None
    TEST=Built and ran. Noted Trust Zone region being accounted for.
    
    Original-Change-Id: Ie0f117ec7a5ff8519c39778d3cdf88c3eee57ea5
    Original-Signed-off-by: Aaron Durbin <adurbin at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/208062
    Original-Reviewed-by: Tom Warren <twarren at nvidia.com>
    Original-Reviewed-by: Furquan Shaikh <furquan at chromium.org>
    Original-Commit-Queue: Furquan Shaikh <furquan at chromium.org>
    (cherry picked from commit 22f2fa05c009c58f53b99b9ebe1b6d01fdac5ba7)
    Signed-off-by: Marc Jones <marc.jones at se-eng.com>
    
    Change-Id: I28506b4401145d366b56126b2eddc4c3d3db7b44
---
 src/soc/nvidia/tegra132/Kconfig      |  6 +++++
 src/soc/nvidia/tegra132/Makefile.inc |  1 +
 src/soc/nvidia/tegra132/addressmap.c |  8 ++++++
 src/soc/nvidia/tegra132/ramstage.c   | 47 ++++++++++++++++++++++++++++++++++++
 4 files changed, 62 insertions(+)

diff --git a/src/soc/nvidia/tegra132/Kconfig b/src/soc/nvidia/tegra132/Kconfig
index 3396cc8..8a5d087 100644
--- a/src/soc/nvidia/tegra132/Kconfig
+++ b/src/soc/nvidia/tegra132/Kconfig
@@ -93,4 +93,10 @@ config MTS_DIRECTORY
 	help
 	  Path to directory where MTS microcode files are located.
 
+config TRUSTZONE_CARVEOUT_SIZE_MB
+	hex "Size of Trust Zone region"
+	default 0x1
+	help
+	  Size of Trust Zone area in MiB to reserve in memory map.
+
 endif
diff --git a/src/soc/nvidia/tegra132/Makefile.inc b/src/soc/nvidia/tegra132/Makefile.inc
index 88ba51c..0ab95d4 100644
--- a/src/soc/nvidia/tegra132/Makefile.inc
+++ b/src/soc/nvidia/tegra132/Makefile.inc
@@ -48,6 +48,7 @@ ramstage-y += monotonic_timer.c
 ramstage-y += ../tegra/gpio.c
 ramstage-y += ../tegra/i2c.c
 ramstage-y += ../tegra/pinmux.c
+ramstage-y += ramstage.c
 ramstage-$(CONFIG_DRIVERS_UART) += uart.c
 
 CPPFLAGS_common += -Isrc/soc/nvidia/tegra132/include/
diff --git a/src/soc/nvidia/tegra132/addressmap.c b/src/soc/nvidia/tegra132/addressmap.c
index bb35a87..7f6d7c3 100644
--- a/src/soc/nvidia/tegra132/addressmap.c
+++ b/src/soc/nvidia/tegra132/addressmap.c
@@ -147,6 +147,14 @@ uintptr_t framebuffer_attributes(size_t *size_mib)
 	/* Place the framebuffer just below the 32-bit addressable limit. */
 	memory_range_by_bits(ADDRESS_SPACE_32_BIT, &begin, &end);
 
+	/*
+	 * Need to take into account that the Trust Zone region is not able to
+	 * be read by the AVP. The Trust Zone region will live just below the
+	 * rest of the carveout regions.
+	 */
+	if (context_avp())
+		end -= CONFIG_TRUSTZONE_CARVEOUT_SIZE_MB;
+
 	*size_mib = FB_SIZE_MB;
 	end -= *size_mib;
 
diff --git a/src/soc/nvidia/tegra132/ramstage.c b/src/soc/nvidia/tegra132/ramstage.c
new file mode 100644
index 0000000..7b2f4e8
--- /dev/null
+++ b/src/soc/nvidia/tegra132/ramstage.c
@@ -0,0 +1,47 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <arch/io.h>
+#include <arch/stages.h>
+#include <soc/addressmap.h>
+#include "mc.h"
+
+void arm64_soc_init(void)
+{
+	struct tegra_mc_regs * const mc = (void *)(uintptr_t)TEGRA_MC_BASE;
+	const size_t tz_size_mib = CONFIG_TRUSTZONE_CARVEOUT_SIZE_MB;
+	uintptr_t base;
+	uintptr_t end;
+
+	if (!tz_size_mib)
+		return;
+
+	/*
+	 * Ramstage is when the arm64 first gets running. It also is the
+	 * only entity that the capabilities to program the Trust Zone region.
+	 * Therefore configure the region early. Also, the TZ region can only
+	 * live in 32-bit space.
+	 */
+	memory_range_by_bits(ADDRESS_SPACE_32_BIT, &base, &end);
+
+	/* Place the TZ area just below current carveout regions. */
+	end -= tz_size_mib;
+	write32(end << 20, &mc->security_cfg0);
+	write32(tz_size_mib, &mc->security_cfg1);
+}

More information about the coreboot-gerrit mailing list