Merge pull request #1405 from dp-arm/dp/cve_2017_5715
Fast path SMCCC_ARCH_WORKAROUND_1 calls from AArch32
diff --git a/common/runtime_svc.c b/common/runtime_svc.c
index f997c74..e0d5609 100644
--- a/common/runtime_svc.c
+++ b/common/runtime_svc.c
@@ -38,7 +38,6 @@
u_register_t x1, x2, x3, x4;
int index;
unsigned int idx;
- const rt_svc_desc_t *rt_svc_descs;
assert(handle);
idx = get_unique_oen_from_smc_fid(smc_fid);
diff --git a/docs/firmware-design.rst b/docs/firmware-design.rst
index 477eeaa..51f5b42 100644
--- a/docs/firmware-design.rst
+++ b/docs/firmware-design.rst
@@ -516,8 +516,8 @@
in memory and changing the address where the system jumps at reset.
For example:
- -C cluster0.cpu0.RVBAR=0x4014000
- --data cluster0.cpu0=bl2.bin@0x4014000
+ -C cluster0.cpu0.RVBAR=0x4020000
+ --data cluster0.cpu0=bl2.bin@0x4020000
With this configuration, FVP is like a platform of the first case,
where the Boot ROM jumps always to the same address. For simplification,
@@ -1743,17 +1743,20 @@
this is also used for the MHU payload when passing messages to and from the
SCP.
+- Another 4 KB page is reserved for passing memory layout between BL1 and BL2
+ and also the dynamic firmware configurations.
+
- On FVP, BL1 is originally sitting in the Trusted ROM at address ``0x0``. On
Juno, BL1 resides in flash memory at address ``0x0BEC0000``. BL1 read-write
data are relocated to the top of Trusted SRAM at runtime.
+- BL2 is loaded below BL1 RW
+
- EL3 Runtime Software, BL31 for AArch64 and BL32 for AArch32 (e.g. SP\_MIN),
is loaded at the top of the Trusted SRAM, such that its NOBITS sections will
- overwrite BL1 R/W data. This implies that BL1 global variables remain valid
- only until execution reaches the EL3 Runtime Software entry point during a
- cold boot.
-
-- BL2 is loaded below EL3 Runtime Software.
+ overwrite BL1 R/W data and BL2. This implies that BL1 global variables
+ remain valid only until execution reaches the EL3 Runtime Software entry
+ point during a cold boot.
- On Juno, SCP\_BL2 is loaded temporarily into the EL3 Runtime Software memory
region and transfered to the SCP before being overwritten by EL3 Runtime
@@ -1766,9 +1769,8 @@
- Secure region of DRAM (top 16MB of DRAM configured by the TrustZone
controller)
- When BL32 (for AArch64) is loaded into Trusted SRAM, its NOBITS sections
- are allowed to overlay BL2. This memory layout is designed to give the
- BL32 image as much memory as possible when it is loaded into Trusted SRAM.
+ When BL32 (for AArch64) is loaded into Trusted SRAM, it is loaded below
+ BL31.
When LOAD\_IMAGE\_V2 is disabled the memory regions for the overlap detection
mechanism at boot time are defined as follows (shown per API):
@@ -1814,21 +1816,32 @@
Note: Loading the BL32 image in TZC secured DRAM doesn't change the memory
layout of the other images in Trusted SRAM.
-**FVP with TSP in Trusted SRAM (default option):**
+**FVP with TSP in Trusted SRAM with firmware configs :**
(These diagrams only cover the AArch64 case)
::
+ DRAM
+ 0xffffffff +----------+
+ : :
+ |----------|
+ |HW_CONFIG |
+ 0x83000000 |----------| (non-secure)
+ | |
+ 0x80000000 +----------+
+
Trusted SRAM
- 0x04040000 +----------+ loaded by BL2 ------------------
- | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS |
+ 0x04040000 +----------+ loaded by BL2 +----------------+
+ | BL1 (rw) | <<<<<<<<<<<<< | |
+ |----------| <<<<<<<<<<<<< | BL31 NOBITS |
+ | BL2 | <<<<<<<<<<<<< | |
|----------| <<<<<<<<<<<<< |----------------|
| | <<<<<<<<<<<<< | BL31 PROGBITS |
- |----------| ------------------
- | BL2 | <<<<<<<<<<<<< | BL32 NOBITS |
- |----------| <<<<<<<<<<<<< |----------------|
- | | <<<<<<<<<<<<< | BL32 PROGBITS |
- 0x04001000 +----------+ ------------------
+ | | <<<<<<<<<<<<< |----------------|
+ | | <<<<<<<<<<<<< | BL32 |
+ 0x04002000 +----------+ +----------------+
+ |fw_configs|
+ 0x04001000 +----------+
| Shared |
0x04000000 +----------+
@@ -1837,7 +1850,7 @@
| BL1 (ro) |
0x00000000 +----------+
-**FVP with TSP in Trusted DRAM with TB_FW_CONFIG and HW_CONFIG :**
+**FVP with TSP in Trusted DRAM with firmware configs (default option):**
::
@@ -1856,17 +1869,15 @@
0x06000000 +--------------+
Trusted SRAM
- 0x04040000 +--------------+ loaded by BL2 ------------------
- | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS |
+ 0x04040000 +--------------+ loaded by BL2 +----------------+
+ | BL1 (rw) | <<<<<<<<<<<<< | |
+ |--------------| <<<<<<<<<<<<< | BL31 NOBITS |
+ | BL2 | <<<<<<<<<<<<< | |
|--------------| <<<<<<<<<<<<< |----------------|
| | <<<<<<<<<<<<< | BL31 PROGBITS |
- |--------------| ------------------
- | BL2 |
- |--------------|
- | |
- |--------------|
- | TB_FW_CONFIG |
- |--------------|
+ | | +----------------+
+ +--------------+
+ | fw_configs |
0x04001000 +--------------+
| Shared |
0x04000000 +--------------+
@@ -1876,7 +1887,7 @@
| BL1 (ro) |
0x00000000 +--------------+
-**FVP with TSP in TZC-Secured DRAM:**
+**FVP with TSP in TZC-Secured DRAM with firmware configs :**
::
@@ -1885,19 +1896,22 @@
| BL32 | (secure)
0xff000000 +----------+
| |
- : : (non-secure)
+ |----------|
+ |HW_CONFIG |
+ 0x83000000 |----------| (non-secure)
| |
0x80000000 +----------+
Trusted SRAM
- 0x04040000 +----------+ loaded by BL2 ------------------
- | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS |
+ 0x04040000 +----------+ loaded by BL2 +----------------+
+ | BL1 (rw) | <<<<<<<<<<<<< | |
+ |----------| <<<<<<<<<<<<< | BL31 NOBITS |
+ | BL2 | <<<<<<<<<<<<< | |
|----------| <<<<<<<<<<<<< |----------------|
| | <<<<<<<<<<<<< | BL31 PROGBITS |
- |----------| ------------------
- | BL2 |
- |----------|
- | |
+ | | +----------------+
+ 0x04002000 +----------+
+ |fw_configs|
0x04001000 +----------+
| Shared |
0x04000000 +----------+
@@ -1907,7 +1921,7 @@
| BL1 (ro) |
0x00000000 +----------+
-**Juno with BL32 in Trusted SRAM (default option):**
+**Juno with BL32 in Trusted SRAM :**
::
@@ -1921,19 +1935,21 @@
0x08000000 +----------+ BL31 is loaded
after SCP_BL2 has
Trusted SRAM been sent to SCP
- 0x04040000 +----------+ loaded by BL2 ------------------
- | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS |
+ 0x04040000 +----------+ loaded by BL2 +----------------+
+ | BL1 (rw) | <<<<<<<<<<<<< | |
+ |----------| <<<<<<<<<<<<< | BL31 NOBITS |
+ | BL2 | <<<<<<<<<<<<< | |
|----------| <<<<<<<<<<<<< |----------------|
| SCP_BL2 | <<<<<<<<<<<<< | BL31 PROGBITS |
- |----------| ------------------
- | BL2 | <<<<<<<<<<<<< | BL32 NOBITS |
|----------| <<<<<<<<<<<<< |----------------|
- | | <<<<<<<<<<<<< | BL32 PROGBITS |
- 0x04001000 +----------+ ------------------
+ | | <<<<<<<<<<<<< | BL32 |
+ | | +----------------+
+ | |
+ 0x04001000 +----------+
| MHU |
0x04000000 +----------+
-**Juno with BL32 in TZC-secured DRAM:**
+**Juno with BL32 in TZC-secured DRAM :**
::
@@ -1956,14 +1972,13 @@
0x08000000 +----------+ BL31 is loaded
after SCP_BL2 has
Trusted SRAM been sent to SCP
- 0x04040000 +----------+ loaded by BL2 ------------------
- | BL1 (rw) | <<<<<<<<<<<<< | BL31 NOBITS |
+ 0x04040000 +----------+ loaded by BL2 +----------------+
+ | BL1 (rw) | <<<<<<<<<<<<< | |
+ |----------| <<<<<<<<<<<<< | BL31 NOBITS |
+ | BL2 | <<<<<<<<<<<<< | |
|----------| <<<<<<<<<<<<< |----------------|
| SCP_BL2 | <<<<<<<<<<<<< | BL31 PROGBITS |
- |----------| ------------------
- | BL2 |
- |----------|
- | |
+ |----------| +----------------+
0x04001000 +----------+
| MHU |
0x04000000 +----------+
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 5f3823d..f6d0c76 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -1928,7 +1928,7 @@
-C cluster1.cpu1.RVBAR=0x04001000 \
-C cluster1.cpu2.RVBAR=0x04001000 \
-C cluster1.cpu3.RVBAR=0x04001000 \
- --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04001000 \
+ --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04002000 \
--data cluster0.cpu0="<path-to>/<bl33-binary>"@0x88000000 \
--data cluster0.cpu0="<path-to>/<fdt>"@0x82000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
@@ -1959,7 +1959,7 @@
-C cluster1.cpu2.RVBARADDR=0x04020000 \
-C cluster1.cpu3.RVBARADDR=0x04020000 \
--data cluster0.cpu0="<path-to>/<bl31-binary>"@0x04020000 \
- --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04001000 \
+ --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04002000 \
--data cluster0.cpu0="<path-to>/<bl33-binary>"@0x88000000 \
--data cluster0.cpu0="<path-to>/<fdt>"@0x82000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
@@ -1982,7 +1982,7 @@
-C cluster0.cpu1.RVBARADDR=0x04001000 \
-C cluster0.cpu2.RVBARADDR=0x04001000 \
-C cluster0.cpu3.RVBARADDR=0x04001000 \
- --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04001000 \
+ --data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04002000 \
--data cluster0.cpu0="<path-to>/<bl33-binary>"@0x88000000 \
--data cluster0.cpu0="<path-to>/<fdt>"@0x82000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
diff --git a/include/plat/arm/board/common/board_arm_def.h b/include/plat/arm/board/common/board_arm_def.h
index 21ceae3..2d8e4c1 100644
--- a/include/plat/arm/board/common/board_arm_def.h
+++ b/include/plat/arm/board/common/board_arm_def.h
@@ -93,21 +93,19 @@
#endif
/*
- * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a
- * little space for growth.
+ * Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is
+ * calculated using the current BL31 PROGBITS debug size plus the sizes of
+ * BL2 and BL1-RW
*/
-#if ENABLE_SPM
-# define PLAT_ARM_MAX_BL31_SIZE 0x40000
-#else
-# define PLAT_ARM_MAX_BL31_SIZE 0x20000
-#endif
+#define PLAT_ARM_MAX_BL31_SIZE 0x3B000
#ifdef AARCH32
/*
- * PLAT_ARM_MAX_BL32_SIZE is calculated for SP_MIN as the AArch32 Secure
- * Payload.
+ * Since BL32 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL32_SIZE is
+ * calculated using the current SP_MIN PROGBITS debug size plus the sizes of
+ * BL2 and BL1-RW
*/
-# define PLAT_ARM_MAX_BL32_SIZE 0x1D000
+# define PLAT_ARM_MAX_BL32_SIZE 0x3B000
#endif
#endif /* ARM_BOARD_OPTIMISE_MEM */
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 18390d6..1f62ebe 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -317,7 +317,7 @@
* and limit. Leave enough space of BL2 meminfo.
*/
#define ARM_TB_FW_CONFIG_BASE ARM_BL_RAM_BASE + sizeof(meminfo_t)
-#define ARM_TB_FW_CONFIG_LIMIT BL2_BASE
+#define ARM_TB_FW_CONFIG_LIMIT ARM_BL_RAM_BASE + PAGE_SIZE
/*******************************************************************************
* BL1 specific defines.
@@ -338,32 +338,18 @@
/*******************************************************************************
* BL2 specific defines.
******************************************************************************/
-#if ARM_BL31_IN_DRAM
-/*
- * For AArch64 BL31 is loaded in the DRAM.
- * Put BL2 just below BL1.
- */
-#define BL2_BASE (BL1_RW_BASE - PLAT_ARM_MAX_BL2_SIZE)
-#define BL2_LIMIT BL1_RW_BASE
-
-#elif BL2_AT_EL3
-
-#define BL2_BASE ARM_BL_RAM_BASE
+#if BL2_AT_EL3
+/* Put BL2 in the middle of the Trusted SRAM */
+#define BL2_BASE (ARM_TRUSTED_SRAM_BASE + \
+ (PLAT_ARM_TRUSTED_SRAM_SIZE >> 1))
#define BL2_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
-#elif defined(AARCH32) || JUNO_AARCH32_EL3_RUNTIME
-/*
- * Put BL2 just below BL32.
- */
-#define BL2_BASE (BL32_BASE - PLAT_ARM_MAX_BL2_SIZE)
-#define BL2_LIMIT BL32_BASE
-
#else
/*
- * Put BL2 just below BL31.
+ * Put BL2 just below BL1.
*/
-#define BL2_BASE (BL31_BASE - PLAT_ARM_MAX_BL2_SIZE)
-#define BL2_LIMIT BL31_BASE
+#define BL2_BASE (BL1_RW_BASE - PLAT_ARM_MAX_BL2_SIZE)
+#define BL2_LIMIT BL1_RW_BASE
#endif
/*******************************************************************************
@@ -384,13 +370,10 @@
(PLAT_ARM_TRUSTED_SRAM_SIZE >> 1))
#define BL31_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
#else
-/*
- * Put BL31 at the top of the Trusted SRAM.
- */
-#define BL31_BASE (ARM_BL_RAM_BASE + \
- ARM_BL_RAM_SIZE - \
- PLAT_ARM_MAX_BL31_SIZE)
-#define BL31_PROGBITS_LIMIT BL1_RW_BASE
+/* Put BL31 below BL2 in the Trusted SRAM.*/
+#define BL31_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\
+ - PLAT_ARM_MAX_BL31_SIZE)
+#define BL31_PROGBITS_LIMIT BL2_BASE
#define BL31_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
#endif
@@ -399,15 +382,17 @@
* BL32 specific defines for EL3 runtime in AArch32 mode
******************************************************************************/
# if RESET_TO_SP_MIN && !JUNO_AARCH32_EL3_RUNTIME
-/* SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM to BL32 */
-# define BL32_BASE ARM_BL_RAM_BASE
+/*
+ * SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM (excluding
+ * the page reserved for fw_configs) to BL32
+ */
+# define BL32_BASE ARM_TB_FW_CONFIG_LIMIT
# define BL32_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
# else
-/* Put BL32 at the top of the Trusted SRAM.*/
-# define BL32_BASE (ARM_BL_RAM_BASE + \
- ARM_BL_RAM_SIZE - \
- PLAT_ARM_MAX_BL32_SIZE)
-# define BL32_PROGBITS_LIMIT BL1_RW_BASE
+/* Put BL32 below BL2 in the Trusted SRAM.*/
+# define BL32_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\
+ - PLAT_ARM_MAX_BL32_SIZE)
+# define BL32_PROGBITS_LIMIT BL2_BASE
# define BL32_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
# endif /* RESET_TO_SP_MIN && !JUNO_AARCH32_EL3_RUNTIME */
@@ -438,8 +423,8 @@
# elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_SRAM_ID
# define TSP_SEC_MEM_BASE ARM_BL_RAM_BASE
# define TSP_SEC_MEM_SIZE ARM_BL_RAM_SIZE
-# define TSP_PROGBITS_LIMIT BL2_BASE
-# define BL32_BASE ARM_BL_RAM_BASE
+# define TSP_PROGBITS_LIMIT BL31_BASE
+# define BL32_BASE ARM_TB_FW_CONFIG_LIMIT
# define BL32_LIMIT BL31_BASE
# elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_DRAM_ID
# define TSP_SEC_MEM_BASE PLAT_ARM_TRUSTED_DRAM_BASE
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index 6d68b44..725c27c 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -158,14 +158,14 @@
/*
* Load address of SCP_BL2 in CSS platform ports
* SCP_BL2 is loaded to the same place as BL31 but it shouldn't overwrite BL1
- * rw data. Once SCP_BL2 is transferred to the SCP, it is discarded and BL31
- * is loaded over the top.
+ * rw data or BL2. Once SCP_BL2 is transferred to the SCP, it is discarded and
+ * BL31 is loaded over the top.
*/
-#define SCP_BL2_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2_SIZE)
-#define SCP_BL2_LIMIT BL1_RW_BASE
+#define SCP_BL2_BASE (BL2_BASE - PLAT_CSS_MAX_SCP_BL2_SIZE)
+#define SCP_BL2_LIMIT BL2_BASE
-#define SCP_BL2U_BASE (BL1_RW_BASE - PLAT_CSS_MAX_SCP_BL2U_SIZE)
-#define SCP_BL2U_LIMIT BL1_RW_BASE
+#define SCP_BL2U_BASE (BL2_BASE - PLAT_CSS_MAX_SCP_BL2U_SIZE)
+#define SCP_BL2U_LIMIT BL2_BASE
#endif /* CSS_LOAD_SCP_IMAGES */
/* Load address of Non-Secure Image for CSS platform ports */
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index c02831a..f807dc6 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -225,12 +225,6 @@
override BL1_SOURCES =
endif
-ifeq (${ENABLE_SPM},1)
-ifneq (${ARM_BL31_IN_DRAM},1)
- $(error "Error: SPM needs BL31 to be located in DRAM.")
-endif
-endif
-
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index e616e1f..80d4ba8 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -117,7 +117,7 @@
* plus a little space for growth.
*/
#if TRUSTED_BOARD_BOOT
-# define PLAT_ARM_MAX_BL1_RW_SIZE 0xA000
+# define PLAT_ARM_MAX_BL1_RW_SIZE 0xB000
#else
# define PLAT_ARM_MAX_BL1_RW_SIZE 0x6000
#endif
@@ -128,7 +128,7 @@
*/
#if TRUSTED_BOARD_BOOT
#if TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
-# define PLAT_ARM_MAX_BL2_SIZE 0x20000
+# define PLAT_ARM_MAX_BL2_SIZE 0x1F000
#elif TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA
# define PLAT_ARM_MAX_BL2_SIZE 0x1D000
#else
@@ -139,22 +139,21 @@
#endif
/*
- * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a
- * little space for growth.
- * SCP_BL2 image is loaded into the space BL31 -> BL1_RW_BASE.
- * For TBB use case, PLAT_ARM_MAX_BL1_RW_SIZE has been increased and therefore
- * PLAT_ARM_MAX_BL31_SIZE has been increased to ensure SCP_BL2 has the same
- * space available.
+ * Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is
+ * calculated using the current BL31 PROGBITS debug size plus the sizes of
+ * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL31 -> BL2_BASE.
+ * Hence the BL31 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE.
*/
-#define PLAT_ARM_MAX_BL31_SIZE 0x1E000
+#define PLAT_ARM_MAX_BL31_SIZE 0x3E000
#if JUNO_AARCH32_EL3_RUNTIME
/*
- * PLAT_ARM_MAX_BL32_SIZE is calculated for SP_MIN as the AArch32 Secure
- * Payload. We also need to take care of SCP_BL2 size as well, as the SCP_BL2
- * is loaded into the space BL32 -> BL1_RW_BASE
+ * Since BL32 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL32_SIZE is
+ * calculated using the current BL32 PROGBITS debug size plus the sizes of
+ * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL32 -> BL2_BASE.
+ * Hence the BL32 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE.
*/
-# define PLAT_ARM_MAX_BL32_SIZE 0x1E000
+#define PLAT_ARM_MAX_BL32_SIZE 0x3E000
#endif
/*
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index d490f83..fd7a9e9 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -25,18 +25,10 @@
static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
/*
- * Check that BL2_BASE is atleast a page over ARM_BL_RAM_BASE. The page is for
- * `meminfo_t` data structure and TB_FW_CONFIG passed from BL1. Not needed
- * when BL2 is compiled for BL_AT_EL3 as BL2 doesn't need any info from BL1 and
- * BL2 is loaded at base of usable SRAM.
+ * Check that BL2_BASE is above ARM_TB_FW_CONFIG_LIMIT. This reserved page is
+ * for `meminfo_t` data structure and fw_configs passed from BL1.
*/
-#if BL2_AT_EL3
-#define BL1_MEMINFO_OFFSET 0x0
-#else
-#define BL1_MEMINFO_OFFSET PAGE_SIZE
-#endif
-
-CASSERT(BL2_BASE >= (ARM_BL_RAM_BASE + BL1_MEMINFO_OFFSET), assert_bl2_base_overflows);
+CASSERT(BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl2_base_overflows);
/* Weak definitions may be overridden in specific ARM standard platform */
#pragma weak bl2_early_platform_setup2
@@ -44,12 +36,7 @@
#pragma weak bl2_plat_arch_setup
#pragma weak bl2_plat_sec_mem_layout
-#if LOAD_IMAGE_V2
-
-#pragma weak bl2_plat_handle_post_image_load
-
-#else /* LOAD_IMAGE_V2 */
-
+#if !LOAD_IMAGE_V2
/*******************************************************************************
* This structure represents the superset of information that is passed to
* BL31, e.g. while passing control to it from BL2, bl31_params
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 551e700..46f7ae0 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -25,6 +25,11 @@
static entry_point_info_t bl32_image_ep_info;
static entry_point_info_t bl33_image_ep_info;
+/*
+ * Check that BL31_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page
+ * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
+ */
+CASSERT(BL31_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
/* Weak definitions may be overridden in specific ARM standard platform */
#pragma weak bl31_early_platform_setup2
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index 3f0a9b4..32a515b 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -143,8 +143,8 @@
if (check_uptr_overflow(image_base, image_size) != 0)
continue;
- /* Ensure the configs don't overlap with BL2 */
- if ((image_base > BL2_BASE) || ((image_base + image_size) > BL2_BASE))
+ /* Ensure the configs don't overlap with BL31 */
+ if ((image_base > BL31_BASE) || ((image_base + image_size) > BL31_BASE))
continue;
/* Ensure the configs are loaded in a valid address */
diff --git a/plat/arm/common/sp_min/arm_sp_min_setup.c b/plat/arm/common/sp_min/arm_sp_min_setup.c
index 9a6c074..b42e35f 100644
--- a/plat/arm/common/sp_min/arm_sp_min_setup.c
+++ b/plat/arm/common/sp_min/arm_sp_min_setup.c
@@ -22,6 +22,11 @@
#pragma weak sp_min_plat_arch_setup
#pragma weak plat_arm_sp_min_early_platform_setup
+/*
+ * Check that BL32_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page
+ * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
+ */
+CASSERT(BL32_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl32_base_overflows);
/*******************************************************************************
* Return a pointer to the 'entry_point_info' structure of the next image for the
diff --git a/plat/arm/css/drivers/scp/css_bom_bootloader.c b/plat/arm/css/drivers/scp/css_bom_bootloader.c
index 42ed30d..5268510 100644
--- a/plat/arm/css/drivers/scp/css_bom_bootloader.c
+++ b/plat/arm/css/drivers/scp/css_bom_bootloader.c
@@ -47,16 +47,16 @@
} cmd_data_payload_t;
/*
- * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above
- * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is
- * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor
- * BL2/BL2U.
+ * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31
+ * usually resides except when ARM_BL31_IN_DRAM is
+ * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into shared RAM and
+ * the tb_fw_config.
*/
-CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_overwrite_bl1);
-CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_overwrite_bl1);
+CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2);
+CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2);
-CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2);
-CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u);
+CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
+CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
static void scp_boot_message_start(void)
{
diff --git a/plat/arm/css/drivers/scp/css_scp.h b/plat/arm/css/drivers/scp/css_scp.h
index 1f0cf8e..671612a 100644
--- a/plat/arm/css/drivers/scp/css_scp.h
+++ b/plat/arm/css/drivers/scp/css_scp.h
@@ -34,17 +34,17 @@
int css_scp_boot_ready(void);
#if CSS_LOAD_SCP_IMAGES
+
/*
- * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above
- * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is
- * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor
- * BL2/BL2U.
+ * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31
+ * usually resides except when ARM_BL31_IN_DRAM is
+ * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into tb_fw_config.
*/
-CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_limit_overwrite_bl1);
-CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_limit_overwrite_bl1);
+CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2);
+CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2);
-CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2);
-CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u);
+CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
+CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
#endif
#endif /* __CSS_SCP_H__ */