FVP: Do not map DEVICE2 memory range when TBB is disabled
The DEVICE2 memory range is needed to access the Root of Trust Public
Key registers. This is not needed when Trusted Board Boot is disabled
so it's safer to not map it in this case. This also saves one level-2
page table in each of BL1 and BL2 images.
Also add some comments.
Change-Id: I67456b44f3fd5e145f6510a8499b7fdf720a7273
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
diff --git a/plat/arm/board/common/board_css_common.c b/plat/arm/board/common/board_css_common.c
index 42f754e..f6a554f 100644
--- a/plat/arm/board/common/board_css_common.c
+++ b/plat/arm/board/common/board_css_common.c
@@ -19,6 +19,7 @@
CSS_MAP_DEVICE,
SOC_CSS_MAP_DEVICE,
#if TRUSTED_BOARD_BOOT
+ /* Map DRAM to authenticate NS_BL2U image. */
ARM_MAP_NS_DRAM1,
#endif
{0}
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index eb37f11..2f5d7fc 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -36,6 +36,10 @@
DEVICE1_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
+/*
+ * Need to be mapped with write permissions in order to set a new non-volatile
+ * counter value.
+ */
#define MAP_DEVICE2 MAP_REGION_FLAT(DEVICE2_BASE, \
DEVICE2_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
@@ -56,8 +60,10 @@
V2M_MAP_IOFPGA,
MAP_DEVICE0,
MAP_DEVICE1,
- MAP_DEVICE2,
#if TRUSTED_BOARD_BOOT
+ /* To access the Root of Trust Public Key registers. */
+ MAP_DEVICE2,
+ /* Map DRAM to authenticate NS_BL2U image. */
ARM_MAP_NS_DRAM1,
#endif
{0}
@@ -70,9 +76,12 @@
V2M_MAP_IOFPGA,
MAP_DEVICE0,
MAP_DEVICE1,
- MAP_DEVICE2,
ARM_MAP_NS_DRAM1,
ARM_MAP_TSP_SEC_MEM,
+#if TRUSTED_BOARD_BOOT
+ /* To access the Root of Trust Public Key registers. */
+ MAP_DEVICE2,
+#endif
#if ARM_BL31_IN_DRAM
ARM_MAP_BL31_SEC_DRAM,
#endif