On 10/15/2016 03:03 AM, Alexander Graf wrote: > Some systems may implemente TrustZone (EL3) in U-Boot. Those systems > reserve some memory that U-Boot is aware of as secure. > > For those systems, mask out that secure memory in the EFI memory map, > as it's not usable from EL2 or EL1. > > Signed-off-by: Alexander Graf <ag...@suse.de> > > --- > > v4 -> v5: > > - Use gd->arch.secure_ram > --- > lib/efi_loader/efi_memory.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c > index 95aa590..4966e48 100644 > --- a/lib/efi_loader/efi_memory.c > +++ b/lib/efi_loader/efi_memory.c > @@ -474,5 +474,20 @@ int efi_memory_init(void) > efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr; > #endif > > +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE > + /* Declare secure ram as reserved */ > + if (gd->arch.secure_ram & MEM_RESERVE_SECURE_SECURED) { > + uint64_t secure_start = gd->arch.secure_ram; > + uint64_t secure_pages = CONFIG_SYS_MEM_RESERVE_SECURE; > + > + secure_start &= MEM_RESERVE_SECURE_ADDR_MASK; > + secure_start &= ~EFI_PAGE_MASK; > + secure_pages = (secure_pages + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT; > + > + efi_add_memory_map(secure_start, secure_pages, > + EFI_RESERVED_MEMORY_TYPE, false); > + } > +#endif > + > return 0; > } >
Alex, Do you see any issue without this patch? The secure memory is not visible to OS. gd->ram_size is reduced to hide the secure memory. York _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot