Some systems may implemente TrustZone (EL3) in U-Boot. Those systems
reserve some memory that U-Boot is aware of as secure.
For those systems, mask out that secure memory in the EFI memory map,
as it's not usable from EL2 or EL1.
Signed-off-by: Alexander Graf <ag...@suse.de>
---
v4 -> v5:
- Use gd->arch.secure_ram
---
lib/efi_loader/efi_memory.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index 95aa590..4966e48 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -474,5 +474,20 @@ int efi_memory_init(void)
efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr;
#endif
+#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
+ /* Declare secure ram as reserved */
+ if (gd->arch.secure_ram & MEM_RESERVE_SECURE_SECURED) {
+ uint64_t secure_start = gd->arch.secure_ram;
+ uint64_t secure_pages = CONFIG_SYS_MEM_RESERVE_SECURE;
+
+ secure_start &= MEM_RESERVE_SECURE_ADDR_MASK;
+ secure_start &= ~EFI_PAGE_MASK;
+ secure_pages = (secure_pages + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT;
+
+ efi_add_memory_map(secure_start, secure_pages,
+ EFI_RESERVED_MEMORY_TYPE, false);
+ }
+#endif
+
return 0;
}
--
1.8.5.6
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
