On 10/17/2016 02:11 AM, Alexander Graf wrote: > > > On 15.10.16 18:58, york sun wrote: >> On 10/15/2016 03:03 AM, Alexander Graf wrote: >>> Some systems may implemente TrustZone (EL3) in U-Boot. Those systems >>> reserve some memory that U-Boot is aware of as secure. >>> >>> For those systems, mask out that secure memory in the EFI memory map, >>> as it's not usable from EL2 or EL1. >>> >>> Signed-off-by: Alexander Graf <ag...@suse.de> >>> >>> --- >>> >>> v4 -> v5: >>> >>> - Use gd->arch.secure_ram >>> --- >>> lib/efi_loader/efi_memory.c | 15 +++++++++++++++ >>> 1 file changed, 15 insertions(+) >>> >>> diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c >>> index 95aa590..4966e48 100644 >>> --- a/lib/efi_loader/efi_memory.c >>> +++ b/lib/efi_loader/efi_memory.c >>> @@ -474,5 +474,20 @@ int efi_memory_init(void) >>> efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr; >>> #endif >>> >>> +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE >>> + /* Declare secure ram as reserved */ >>> + if (gd->arch.secure_ram & MEM_RESERVE_SECURE_SECURED) { >>> + uint64_t secure_start = gd->arch.secure_ram; >>> + uint64_t secure_pages = CONFIG_SYS_MEM_RESERVE_SECURE; >>> + >>> + secure_start &= MEM_RESERVE_SECURE_ADDR_MASK; >>> + secure_start &= ~EFI_PAGE_MASK; >>> + secure_pages = (secure_pages + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT; >>> + >>> + efi_add_memory_map(secure_start, secure_pages, >>> + EFI_RESERVED_MEMORY_TYPE, false); >>> + } >>> +#endif >>> + >>> return 0; >>> } >>> >> >> Alex, >> >> Do you see any issue without this patch? The secure memory is not >> visible to OS. gd->ram_size is reduced to hide the secure memory. > > We're building the memory map out of gd->bd->bi_dram rather than > ram_size, because it's perfectly reasonable for systems to have memory > holes. > > So even if we're adjusting gd->ram_size, the OS will still see secure > memory. In fact, doesn't bootm do that as well? > > arch/arm/lib/bootm-fdt.c: ret = fdt_fixup_memory_banks(blob, > start, size, CONFIG_NR_DRAM_BANKS); > > On armv7, arch_fixup_fdt() removes the secure memory region from the > edge of a memory bank. But on armv8 I don't see anything like it? >
Alex, For ARMv8, our SoCs have several regions. Depends on the board implementation, the memory may end up in different banks. See board/freescale/ls2080ardb/ddr.c for example. The secure ram is already carved out. York _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot