summaryrefslogtreecommitdiff
path: root/arch/arm/cpu
diff options
context:
space:
mode:
authorIan Campbell <ijc@hellion.org.uk>2015-04-21 07:18:36 +0200
committerTom Warren <twarren@nvidia.com>2015-05-13 09:24:15 -0700
commit73169874a2867cb8ee5ec79eb9f2b176d3af34b2 (patch)
treec54e48fe526faa9ef81f58de7460013646706d5b /arch/arm/cpu
parentffdf9f9ae057131375534df5f1e798d1e64785e9 (diff)
downloadu-boot-imx-73169874a2867cb8ee5ec79eb9f2b176d3af34b2.zip
u-boot-imx-73169874a2867cb8ee5ec79eb9f2b176d3af34b2.tar.gz
u-boot-imx-73169874a2867cb8ee5ec79eb9f2b176d3af34b2.tar.bz2
tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0
These registers can be used to prevent non-secure world from accessing a megabyte aligned region of RAM, use them to protect the u-boot secure monitor code. At first I tried to do this from s_init(), however this inexplicably causes u-boot's networking (e.g. DHCP) to fail, while networking under Linux was fine. So instead I have added a new weak arch function protect_secure_section() called from relocate_secure_section() and reserved the region there. This is better overall since it defers the reservation until after the sec vs. non-sec decision (which can be influenced by an envvar) has been made when booting the os. Signed-off-by: Ian Campbell <ijc@hellion.org.uk> [Jan: tiny style adjustment] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Thierry Reding <treding@nvidia.com> Tested-by: Thierry Reding <treding@nvidia.com> Tested-by: Ian Campbell <ijc@hellion.org.uk> Signed-off-by: Tom Warren <twarren@nvidia.com>
Diffstat (limited to 'arch/arm/cpu')
-rw-r--r--arch/arm/cpu/armv7/virt-v7.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/arm/cpu/armv7/virt-v7.c b/arch/arm/cpu/armv7/virt-v7.c
index db4f6ad..9c53306 100644
--- a/arch/arm/cpu/armv7/virt-v7.c
+++ b/arch/arm/cpu/armv7/virt-v7.c
@@ -46,6 +46,10 @@ static unsigned long get_gicd_base_address(void)
#endif
}
+/* Define a specific version of this function to enable any available
+ * hardware protections for the reserved region */
+void __weak protect_secure_section(void) {}
+
static void relocate_secure_section(void)
{
#ifdef CONFIG_ARMV7_SECURE_BASE
@@ -54,6 +58,7 @@ static void relocate_secure_section(void)
memcpy((void *)CONFIG_ARMV7_SECURE_BASE, __secure_start, sz);
flush_dcache_range(CONFIG_ARMV7_SECURE_BASE,
CONFIG_ARMV7_SECURE_BASE + sz + 1);
+ protect_secure_section();
invalidate_icache_all();
#endif
}