Merge pull request #383 from vikramkanigiri/vk/tf-issues-314-v1 Ensure BL2 security state is secure

commit: 0eb42b2d606c7ad9208f7faf24ec303206b549f7 [log] [tgz]
author: danh-arm <dan.handley@arm.com> Wed Sep 02 16:50:44 2015 +0100
committer: danh-arm <dan.handley@arm.com> Wed Sep 02 16:50:44 2015 +0100
tree: 65d86f90b0024e1b2ce583221a1cdae5c2612e9a
parent: e279bbc9e51e87a55125993b2ce1783cf40294b9 [diff]
parent: ceb0d0feeb8f09a85a65dff314ceeb164c41f5ec [diff]
diff --git a/docs/firmware-design.md b/docs/firmware-design.md
index 213c8ff..18f634f 100644
--- a/docs/firmware-design.md
+++ b/docs/firmware-design.md

@@ -347,9 +347,9 @@
     -   Disable the legacy interrupt bypass mechanism.
     -   Configure the priority mask register to allow interrupts of all
         priorities to be signaled to the CPU interface.
-    -   Mark SGIs 8-15, the secure physical timer interrupt (#29) and the
-        trusted watchdog interrupt (#56) as group0 (secure).
-    -   Target the trusted watchdog interrupt to CPU0.
+    -   Mark SGIs 8-15 and the other secure interrupts on the platform
+        as group0 (secure).
+    -   Target all secure SPIs to CPU0.
     -   Enable these group0 interrupts in the GIC distributor.
     -   Configure all other interrupts as group1 (non-secure).
     -   Enable signaling of group0 interrupts in the GIC distributor.

diff --git a/drivers/arm/gic/arm_gic.c b/drivers/arm/gic/arm_gic.c
index 90fc8b5..ecd5a93 100644
--- a/drivers/arm/gic/arm_gic.c
+++ b/drivers/arm/gic/arm_gic.c

@@ -62,7 +62,7 @@
  ******************************************************************************/
 static void gicv3_cpuif_setup(void)
 {
-	unsigned int scr_val, val;
+	unsigned int val;
 	uintptr_t base;
 
 	/*
@@ -93,35 +93,9 @@
 	while (val & WAKER_CA)
 		val = gicr_read_waker(base);
 
-	/*
-	 * We need to set SCR_EL3.NS in order to see GICv3 non-secure state.
-	 * Restore SCR_EL3.NS again before exit.
-	 */
-	scr_val = read_scr();
-	write_scr(scr_val | SCR_NS_BIT);
-	isb();	/* ensure NS=1 takes effect before accessing ICC_SRE_EL2 */
-
-	/*
-	 * By default EL2 and NS-EL1 software should be able to enable GICv3
-	 * System register access without any configuration at EL3. But it turns
-	 * out that GICC PMR as set in GICv2 mode does not affect GICv3 mode. So
-	 * we need to set it here again. In order to do that we need to enable
-	 * register access. We leave it enabled as it should be fine and might
-	 * prevent problems with later software trying to access GIC System
-	 * Registers.
-	 */
 	val = read_icc_sre_el3();
 	write_icc_sre_el3(val | ICC_SRE_EN | ICC_SRE_SRE);
-
-	val = read_icc_sre_el2();
-	write_icc_sre_el2(val | ICC_SRE_EN | ICC_SRE_SRE);
-
-	write_icc_pmr_el1(GIC_PRI_MASK);
-	isb();	/* commit ICC_* changes before setting NS=0 */
-
-	/* Restore SCR_EL3 */
-	write_scr(scr_val);
-	isb();	/* ensure NS=0 takes effect immediately */
+	isb();
 }
 
 /*******************************************************************************

diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index e3dd2b0..157a22f 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h

@@ -58,10 +58,9 @@
 /* Interrupt handling constants */
 #define CSS_IRQ_MHU			69
 #define CSS_IRQ_GPU_SMMU_0		71
-#define CSS_IRQ_GPU_SMMU_1		73
-#define CSS_IRQ_ETR_SMMU		75
 #define CSS_IRQ_TZC			80
 #define CSS_IRQ_TZ_WDOG			86
+#define CSS_IRQ_SEC_SYS_TIMER		91
 
 /*
  * SCP <=> AP boot configuration

diff --git a/plat/arm/board/fvp/aarch64/fvp_common.c b/plat/arm/board/fvp/aarch64/fvp_common.c
index c46bdb6..58b646a 100644
--- a/plat/arm/board/fvp/aarch64/fvp_common.c
+++ b/plat/arm/board/fvp/aarch64/fvp_common.c

@@ -113,7 +113,6 @@
 #if IMAGE_BL31 || IMAGE_BL32
 /* Array of secure interrupts to be configured by the gic driver */
 const unsigned int irq_sec_array[] = {
-	IRQ_TZ_WDOG,
 	ARM_IRQ_SEC_PHY_TIMER,
 	ARM_IRQ_SEC_SGI_0,
 	ARM_IRQ_SEC_SGI_1,
@@ -122,7 +121,9 @@
 	ARM_IRQ_SEC_SGI_4,
 	ARM_IRQ_SEC_SGI_5,
 	ARM_IRQ_SEC_SGI_6,
-	ARM_IRQ_SEC_SGI_7
+	ARM_IRQ_SEC_SGI_7,
+	FVP_IRQ_TZ_WDOG,
+	FVP_IRQ_SEC_SYS_TIMER
 };
 
 void plat_arm_gic_init(void)

diff --git a/plat/arm/board/fvp/fvp_def.h b/plat/arm/board/fvp/fvp_def.h
index 6929481..9a9eebf 100644
--- a/plat/arm/board/fvp/fvp_def.h
+++ b/plat/arm/board/fvp/fvp_def.h

@@ -115,7 +115,8 @@
 #define BASE_GICH_BASE			0x2c010000
 #define BASE_GICV_BASE			0x2c02f000
 
-#define IRQ_TZ_WDOG			56
+#define FVP_IRQ_TZ_WDOG			56
+#define FVP_IRQ_SEC_SYS_TIMER		57
 
 
 /*******************************************************************************

diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index d2122ad..ba93254 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h

@@ -96,12 +96,19 @@
 #define PLAT_CSS_GICH_BASE		0x2c04f000
 #define PLAT_CSS_GICV_BASE		0x2c06f000
 
-#define PLAT_CSS_IRQ_SEC_LIST		CSS_IRQ_MHU,		\
-					CSS_IRQ_GPU_SMMU_0,	\
-					CSS_IRQ_GPU_SMMU_1,	\
-					CSS_IRQ_ETR_SMMU,	\
-					CSS_IRQ_TZC,		\
-					CSS_IRQ_TZ_WDOG
+#define PLAT_CSS_IRQ_SEC_LIST		CSS_IRQ_MHU,			\
+					CSS_IRQ_GPU_SMMU_0,		\
+					CSS_IRQ_TZC,			\
+					CSS_IRQ_TZ_WDOG,		\
+					CSS_IRQ_SEC_SYS_TIMER,		\
+					JUNO_IRQ_DMA_SMMU,		\
+					JUNO_IRQ_HDLCD0_SMMU,		\
+					JUNO_IRQ_HDLCD1_SMMU,		\
+					JUNO_IRQ_USB_SMMU,		\
+					JUNO_IRQ_THIN_LINKS_SMMU,	\
+					JUNO_IRQ_SEC_I2C,		\
+					JUNO_IRQ_GPU_SMMU_1,		\
+					JUNO_IRQ_ETR_SMMU
 
 /*
  * Required ARM CSS SoC based platform porting definitions

diff --git a/plat/arm/board/juno/juno_def.h b/plat/arm/board/juno/juno_def.h
index 8fe3835..143cf00 100644
--- a/plat/arm/board/juno/juno_def.h
+++ b/plat/arm/board/juno/juno_def.h

@@ -71,5 +71,16 @@
 #define MMU401_SSD_OFFSET		0x4000
 #define MMU401_DMA330_BASE		0x7fb00000
 
+/*******************************************************************************
+ * Interrupt handling constants
+ ******************************************************************************/
+#define JUNO_IRQ_DMA_SMMU		126
+#define JUNO_IRQ_HDLCD0_SMMU		128
+#define JUNO_IRQ_HDLCD1_SMMU		130
+#define JUNO_IRQ_USB_SMMU		132
+#define JUNO_IRQ_THIN_LINKS_SMMU	134
+#define JUNO_IRQ_SEC_I2C		137
+#define JUNO_IRQ_GPU_SMMU_1		73
+#define JUNO_IRQ_ETR_SMMU		75
 
 #endif /* __JUNO_DEF_H__ */

diff --git a/plat/nvidia/tegra/common/drivers/memctrl/memctrl.c b/plat/nvidia/tegra/common/drivers/memctrl/memctrl.c
index fff8951..0d8e370 100644
--- a/plat/nvidia/tegra/common/drivers/memctrl/memctrl.c
+++ b/plat/nvidia/tegra/common/drivers/memctrl/memctrl.c

@@ -118,6 +118,7 @@
 	uintptr_t vmem_end_old = video_mem_base + (video_mem_size << 20);
 	uintptr_t vmem_end_new = phys_base + size_in_bytes;
 	uint32_t regval;
+	uint64_t size;
 
 	/*
 	 * The GPU is the user of the Video Memory region. In order to
@@ -153,12 +154,18 @@
 	INFO("Cleaning previous Video Memory Carveout\n");
 
 	disable_mmu_el3();
-	if (phys_base > vmem_end_old || video_mem_base > vmem_end_new)
+	if (phys_base > vmem_end_old || video_mem_base > vmem_end_new) {
 		zeromem16((void *)video_mem_base, video_mem_size << 20);
-	else if (video_mem_base < phys_base)
-		zeromem16((void *)video_mem_base, phys_base - video_mem_base);
-	else if (vmem_end_old > vmem_end_new)
-		zeromem16((void *)vmem_end_new, vmem_end_old - vmem_end_new);
+	} else {
+		if (video_mem_base < phys_base) {
+			size = phys_base - video_mem_base;
+			zeromem16((void *)video_mem_base, size);
+		}
+		if (vmem_end_old > vmem_end_new) {
+			size = vmem_end_old - vmem_end_new;
+			zeromem16((void *)vmem_end_new, size);
+		}
+	}
 	enable_mmu_el3(0);
 
 done:
commit	0eb42b2d606c7ad9208f7faf24ec303206b549f7	[log] [tgz]
author	danh-arm <dan.handley@arm.com>	Wed Sep 02 16:50:44 2015 +0100
committer	danh-arm <dan.handley@arm.com>	Wed Sep 02 16:50:44 2015 +0100
tree	65d86f90b0024e1b2ce583221a1cdae5c2612e9a
parent	e279bbc9e51e87a55125993b2ce1783cf40294b9 [diff]
parent	ceb0d0feeb8f09a85a65dff314ceeb164c41f5ec [diff]