[U-Boot] [PATCH v5 08/14] virt-dt: Allow reservation of secure region when in a RAM carveout

From: Jan Kiszka <jan.kiszka@siemens.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v5 08/14] virt-dt: Allow reservation of secure region when in a RAM carveout
Date: Mon,  9 Mar 2015 08:00:18 +0100	[thread overview]
Message-ID: <1a57b23ba809626854ceff612d3fed9e19ef5e10.1425884424.git.jan.kiszka@siemens.com> (raw)
In-Reply-To: <cover.1425884424.git.jan.kiszka@siemens.com>

In this case the secure code lives in RAM, and hence the memory node in
the device tree needs to be adjusted. This avoids that the OS will map
and possibly access the reservation.

Add support for setting CONFIG_ARMV7_SECURE_RESERVE_SIZE to carve out
such a region. We only support cutting off memory from the beginning or
the end of a RAM bank as we do not want to increase their number (which
would happen if punching a hole) for simplicity reasons

This will be used in a subsequent patch for Jetson-TK1.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 arch/arm/cpu/armv7/virt-dt.c | 29 +++++++++++++++++++++++++++++
 arch/arm/include/asm/armv7.h |  1 +
 arch/arm/lib/bootm-fdt.c     |  5 +++++
 3 files changed, 35 insertions(+)

diff --git a/arch/arm/cpu/armv7/virt-dt.c b/arch/arm/cpu/armv7/virt-dt.c
index ad19e4c..06edeec 100644
--- a/arch/arm/cpu/armv7/virt-dt.c
+++ b/arch/arm/cpu/armv7/virt-dt.c
@@ -16,6 +16,7 @@
  */
 
 #include <common.h>
+#include <errno.h>
 #include <stdio_dev.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -88,6 +89,34 @@ static int fdt_psci(void *fdt)
 	return 0;
 }
 
+int armv7_apply_memory_carveout(u64 *start, u64 *size)
+{
+#ifdef CONFIG_ARMV7_SECURE_RESERVE_SIZE
+	if (*start + *size < CONFIG_ARMV7_SECURE_BASE ||
+	    *start >= (u64)CONFIG_ARMV7_SECURE_BASE +
+		      CONFIG_ARMV7_SECURE_RESERVE_SIZE)
+		return 0;
+
+	/* carveout must be at the beginning or the end of the bank */
+	if (*start == CONFIG_ARMV7_SECURE_BASE ||
+	    *start + *size == (u64)CONFIG_ARMV7_SECURE_BASE +
+			      CONFIG_ARMV7_SECURE_RESERVE_SIZE) {
+		if (*size < CONFIG_ARMV7_SECURE_RESERVE_SIZE) {
+			debug("Secure monitor larger than RAM bank!?\n");
+			return -EINVAL;
+		}
+		*size -= CONFIG_ARMV7_SECURE_RESERVE_SIZE;
+		if (*start == CONFIG_ARMV7_SECURE_BASE)
+			*start += CONFIG_ARMV7_SECURE_RESERVE_SIZE;
+		return 0;
+	}
+	debug("Secure monitor not located@beginning or end of RAM bank\n");
+	return -EINVAL;
+#else /* !CONFIG_ARMV7_SECURE_RESERVE_SIZE */
+	return 0;
+#endif
+}
+
 int armv7_update_dt(void *fdt)
 {
 	if (!armv7_boot_nonsec())
diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h
index edb3b80..7843ba7 100644
--- a/arch/arm/include/asm/armv7.h
+++ b/arch/arm/include/asm/armv7.h
@@ -124,6 +124,7 @@ void v7_outer_cache_inval_range(u32 start, u32 end);
 #if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
 
 int armv7_init_nonsec(void);
+int armv7_apply_memory_carveout(u64 *start, u64 *size);
 int armv7_update_dt(void *fdt);
 bool armv7_boot_nonsec(void);
 
diff --git a/arch/arm/lib/bootm-fdt.c b/arch/arm/lib/bootm-fdt.c
index d4f1578..7b88739 100644
--- a/arch/arm/lib/bootm-fdt.c
+++ b/arch/arm/lib/bootm-fdt.c
@@ -31,6 +31,11 @@ int arch_fixup_fdt(void *blob)
 	for (bank = 0; bank < CONFIG_NR_DRAM_BANKS; bank++) {
 		start[bank] = bd->bi_dram[bank].start;
 		size[bank] = bd->bi_dram[bank].size;
+#if defined(CONFIG_ARMV7_NONSEC) || defined(CONFIG_ARMV7_VIRT)
+		ret = armv7_apply_memory_carveout(&start[bank], &size[bank]);
+		if (ret)
+			return ret;
+#endif
 	}
 
 	ret = fdt_fixup_memory_banks(blob, start, size, CONFIG_NR_DRAM_BANKS);
-- 
2.1.4
