a8k: use the memory controller feature to protect the RT service region

Define the RT service space as secure with use of memory controller
trustzone feature. Thanks to this protection, any NS-Bootloader nor NS-OS,
won't be able to access RT services (e.g. accidentally overwrite it,
which will at best result in RT services unavailability).

Change-Id: Ie5b6cbe9a1b77879d6d8f8eac5d4e41e468496ce
Signed-off-by: Grzegorz Jaszczyk <[email protected]>
Reviewed-by: Kostya Porotchkin <[email protected]>

diff --git a/plat/marvell/a8k/common/a8k_common.mk b/plat/marvell/a8k/common/a8k_common.mk
index 3bcce96b28b9045d2a4baf890d3ecaf5426b3a88..5956737db1ba94b9f6604e0a52b28a2d8d50eb59 100644 (file)
--- a/plat/marvell/a8k/common/a8k_common.mk
+++ b/plat/marvell/a8k/common/a8k_common.mk
@@ -76,7 +76,8 @@ MARVELL_DRV           :=      $(MARVELL_DRV_BASE)/io_win.c    \
                                $(MARVELL_DRV_BASE)/amb_adec.c  \
                                $(MARVELL_DRV_BASE)/ccu.c       \
                                $(MARVELL_DRV_BASE)/cache_llc.c \
-                               $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c
+                               $(MARVELL_DRV_BASE)/comphy/phy-comphy-cp110.c \
+                               $(MARVELL_DRV_BASE)/mc_trustzone/mc_trustzone.c
 
 BL31_PORTING_SOURCES   :=      $(PLAT_FAMILY_BASE)/$(PLAT)/board/marvell_plat_config.c
 

diff --git a/plat/marvell/a8k/common/plat_bl31_setup.c b/plat/marvell/a8k/common/plat_bl31_setup.c
index e6ffeeab1708526e7ccd1cabc3dbbc39cb8ecba0..6dfbcbb20d59d143dbfd87e4cbb5ec992557bffb 100644 (file)
--- a/plat/marvell/a8k/common/plat_bl31_setup.c
+++ b/plat/marvell/a8k/common/plat_bl31_setup.c
@@ -11,6 +11,7 @@
 #include <debug.h>
 #include <marvell_plat_priv.h>
 #include <marvell_pm.h>
+#include <mc_trustzone/mc_trustzone.h>
 #include <mmio.h>
 #include <mci.h>
 #include <plat_marvell.h>
@@ -75,6 +76,24 @@ _Bool is_pm_fw_running(void)
        return pm_fw_running;
 }
 
+/* For TrusTzone we treat the "target" field of addr_map_win
+ * struct as attribute
+ */
+static const struct addr_map_win tz_map[] = {
+       {PLAT_MARVELL_ATF_BASE, 0x200000, TZ_PERM_ABORT}
+};
+
+/* Configure MC TrustZone regions */
+static void marvell_bl31_security_setup(void)
+{
+       int tz_nr, win_id;
+
+       tz_nr = ARRAY_SIZE(tz_map);
+
+       for (win_id = 0; win_id < tz_nr; win_id++)
+               tz_enable_win(MVEBU_AP0, tz_map, win_id);
+}
+
 /* This function overruns the same function in marvell_bl31_setup.c */
 void bl31_plat_arch_setup(void)
 {
@@ -116,4 +135,6 @@ void bl31_plat_arch_setup(void)
 
        /* Configure GPIO */
        marvell_gpio_config();
+
+       marvell_bl31_security_setup();
 }