diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2018-02-06 17:41:21 +0000 |
|---|---|---|
| committer | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2018-02-06 18:47:44 +0000 |
| commit | 489ef6fed06592ee12b06e73da37e2cbf2adc39b (patch) | |
| tree | 6329afe76d985e17a45e7ecb8eece698389319af | |
| parent | 42ad2cff0106358d1e29c3c96a4ebe92d08d4eba (diff) | |
synquacer: move BL31 back to secure SRAM where it belongs
The secure SRAM on the SynQuacer SoC lacks coherency, which means it
does not tolerate being mapped cacheable-inner shareable, and doing so
results in a hanging system whenever an access attempt is made.
For secure firmware that runs only at boot, this is not a big deal, but
for BL31, which is the secure firmware component that implements PSCI,
it means we either need to move it to DRAM, or run it with uncached
mappings, so that state that is shared between multiple CPUs does not
get out of sync.
Our implementation did the former, i.e., move BL31 to DRAM, but without
programming the interconnect and/or DDR controller in a way that makes
the region accessible to secure accesses only, and the memory can be
happily clobbered by UEFI or the kernel.
So let's fix this, by moving BL31 back to SRAM where it belongs. To deal
with the coherency issue, only text and rodata (as well as the page tables
that are created at boot) are mapped cacheable/non-shareable. Data and bss
are mapped non-cacheable so that shared state does not go out of sync.
It also means we can give back the 16 MB of DRAM we took from the
non-secure world.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
| -rw-r--r-- | bl31/bl31.ld.S | 2 | ||||
| -rw-r--r-- | lib/aarch64/xlat_tables.c | 4 | ||||
| -rw-r--r-- | plat/arm/common/arm_bl31_setup.c | 4 | ||||
| -rw-r--r-- | plat/arm/css/enterprise/css_enterprise.mk | 2 | ||||
| -rw-r--r-- | plat/arm/css/enterprise/css_enterprise_plat.c | 17 |
5 files changed, 17 insertions, 12 deletions
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S index dc6e7a46..420b94fe 100644 --- a/bl31/bl31.ld.S +++ b/bl31/bl31.ld.S @@ -132,7 +132,9 @@ SECTIONS "PLAT_PERCPU_BAKERY_LOCK_SIZE does not match bakery lock requirements"); #endif #endif + . = NEXT(4096); __BSS_END__ = .; + __RW_SIZE__ = . - __RW_START__; } >RAM /* diff --git a/lib/aarch64/xlat_tables.c b/lib/aarch64/xlat_tables.c index 2692f4bb..95bf7f4c 100644 --- a/lib/aarch64/xlat_tables.c +++ b/lib/aarch64/xlat_tables.c @@ -160,7 +160,7 @@ static unsigned long mmap_desc(unsigned attr, unsigned long addr_pa, mem_type = MT_TYPE(attr); if (mem_type == MT_MEMORY) { - desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | ISH); + desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | NSH); if (attr & MT_RW) desc |= UPPER_ATTRS(XN); } else if (mem_type == MT_NON_CACHEABLE) { @@ -355,7 +355,7 @@ void init_xlat_tables(void) /* T0SZ = 32 */ \ if (TCR_MT(flags) == TCR_MT_DEFAULT) { \ /* Inner & outer WBWA & shareable */ \ - tcr = TCR_SH_INNER_SHAREABLE | \ + tcr = TCR_SH_NON_SHAREABLE | \ TCR_RGN_OUTER_WBA | TCR_RGN_INNER_WBA | \ (64 - __builtin_ctzl(ADDR_SPACE_SIZE)); \ } else { \ diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c index 8eb3926e..1b101b7e 100644 --- a/plat/arm/common/arm_bl31_setup.c +++ b/plat/arm/common/arm_bl31_setup.c @@ -245,10 +245,6 @@ void bl31_plat_runtime_setup(void) arm_bl31_plat_runtime_setup(); scpi_get_draminfo(di); - - /* override to reflect what is in use by Trusted Firmware */ - di->base1 = ARM_NS_DRAM1_BASE; - di->size1 = ARM_NS_DRAM1_SIZE; } /******************************************************************************* diff --git a/plat/arm/css/enterprise/css_enterprise.mk b/plat/arm/css/enterprise/css_enterprise.mk index f3f2a14d..6508509a 100644 --- a/plat/arm/css/enterprise/css_enterprise.mk +++ b/plat/arm/css/enterprise/css_enterprise.mk @@ -73,7 +73,7 @@ $(eval $(call add_define,ENTERPRISE_PLAT)) override CSS_LOAD_SCP_IMAGES := 0 override NEED_BL2U := no override ERROR_DEPRECATED := 1 -override ARM_BL31_IN_DRAM := 1 +override ARM_BL31_IN_DRAM := 0 include plat/arm/common/arm_common.mk include plat/arm/soc/common/soc_css.mk diff --git a/plat/arm/css/enterprise/css_enterprise_plat.c b/plat/arm/css/enterprise/css_enterprise_plat.c index ce701dbf..d0760c3f 100644 --- a/plat/arm/css/enterprise/css_enterprise_plat.c +++ b/plat/arm/css/enterprise/css_enterprise_plat.c @@ -55,6 +55,16 @@ #define ENTERPRISE_MAP_FLASH0_RO MAP_REGION_FLAT(V2M_FLASH0_BASE,\ V2M_FLASH0_SIZE, \ MT_DEVICE | MT_RO | MT_SECURE) + +extern unsigned char __RW_START__[], __RW_SIZE__[]; + +#define PLAT_RW_BASE (unsigned long)(&__RW_START__) +#define PLAT_RW_SIZE (unsigned long)(&__RW_SIZE__) + +#define RW_DATA MAP_REGION_FLAT(PLAT_RW_BASE,\ + PLAT_RW_SIZE, \ + MT_NON_CACHEABLE | MT_RW | MT_SECURE) + /* * Table of regions for different BL stages to map using the MMU. * This doesn't include Trusted RAM as the 'mem_layout' argument passed to @@ -88,6 +98,7 @@ const mmap_region_t plat_arm_mmap[] = { V2M_MAP_IOFPGA, CSS_ENTERPRISE_MAP_DEVICE, SOC_CSS_MAP_DEVICE, + RW_DATA, {0} }; #endif @@ -137,14 +148,10 @@ void bl2_plat_arch_setup(void) void bl31_plat_arch_setup(void) { arm_configure_mmu_el3(PLAT_RO_BASE, - (PLAT_BL31_END - PLAT_RO_BASE), + PLAT_RO_LIMIT, PLAT_RO_BASE, PLAT_RO_LIMIT, -#if ARM_BL31_IN_DRAM MT_MEMORY -#else - MT_NON_CACHEABLE -#endif #if USE_COHERENT_MEM , PLAT_COHERENT_RAM_BASE, PLAT_COHERENT_RAM_LIMIT |