These patches to add secure memory reservations and EMIF firewall config to
SDRAM
init code. The reservation and firewall config is done using PPA installed HAL
APIs,
so they are not common to all platforms (so they are put in omap5 path instead
of
omap-common).
With these patches applied, a secure memory reservation can be specified with
the
following configs:
CONFIG_TI_SECURE_EMIF_REGION_START - start location of region. If it is
not specified, then the region will be placed at the end of the SDRAM.
CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE - total size of complete region
CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE - size (less than total) made
secure using secure firewalls. The secured region begins at the start
location (it comes first), and anything left over will be non-secure
but still reserved from use by u-boot and the kernel
The secure_emif_reserve() API will make use of the above configs to make
a part of the SDRAM secure, with the lowest enforcing priority, giving access
to the ARM TrustZone world only. The secure_emif_firewall_setup() API is
also introduced. This API allows setting other EMIF firewall regions with
particular permissions (for other cores, etc). The current code does not
use this API, but it exists to help satisfy particular system requirements
that users might need.
After all the configuration is done, the secure_emif_firewall_lock() API
should be called to make the previous two APIs stop working. This is important
in order to prevent a later compromise of public supervisor code from being
able to modify the EMIF firewalls. This API is in the code, so any use of the
secure_emif_firewall_setup() API must be inserted before the lock API is called.
Daniel Allred (5):
ti: omap5: Add Kconfig options for secure EMIF reservations
arm: omap5: secure API for EMIF memory reservations
ARM: DRA7: Add secure emif setup calls
ti_omap5_common: mark region of DRAM protected on HS parts
ARM: omap5: add fdt secure dram reservation fixup
arch/arm/cpu/armv7/omap-common/emif-common.c | 15 ++++
arch/arm/cpu/armv7/omap5/Kconfig | 26 ++++++
arch/arm/cpu/armv7/omap5/Makefile | 1 +
arch/arm/cpu/armv7/omap5/fdt.c | 64 +++++++++++++-
arch/arm/cpu/armv7/omap5/sec-fxns.c | 126 +++++++++++++++++++++++++++
arch/arm/include/asm/omap_sec_common.h | 24 +++++
include/configs/ti_omap5_common.h | 8 ++
7 files changed, 262 insertions(+), 2 deletions(-)
create mode 100644 arch/arm/cpu/armv7/omap5/sec-fxns.c
--
2.7.4
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
