FVP secure memory support documentation
Fixes ARM-software/tf-issues#64
Change-Id: I4e56c25f9dc7f486fbf6fa2f7d8253874119b989
diff --git a/docs/firmware-design.md b/docs/firmware-design.md
index 8c635a9..a40ddac 100644
--- a/docs/firmware-design.md
+++ b/docs/firmware-design.md
@@ -207,15 +207,17 @@
#### Platform initialization
-BL2 does not perform any platform initialization that affects subsequent
-stages of the ARM Trusted Firmware or normal world software. It copies the
-information regarding the trusted SRAM populated by BL1 using a
+BL2 copies the information regarding the trusted SRAM populated by BL1 using a
platform-specific mechanism. It calculates the limits of DRAM (main memory)
to determine whether there is enough space to load the BL3-3 image. A platform
defined base address is used to specify the load address for the BL3-1 image.
It also defines the extents of memory available for use by the BL3-2 image.
BL2 also initializes UART0 (PL011 console), which enables access to the
-`printf` family of functions in BL2
+`printf` family of functions in BL2. Platform security is initialized to allow
+access to access controlled components. On the Base FVP a TrustZone controller
+(TZC-400) is configured to give full access to the platform DRAM. The storage
+abstraction layer is initialized which is used to load further bootloader
+images.
#### BL3-1 (EL3 Runtime Firmware) image load
diff --git a/docs/porting-guide.md b/docs/porting-guide.md
index 868eb33..8a024d8 100644
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -630,6 +630,10 @@
this function. This information is accessible in the `bl33_meminfo` field in
the `bl31_args` structure pointed to by `bl2_to_bl31_args`.
+Platform security components are configured if required. For the Base FVP the
+TZC-400 TrustZone controller is configured to grant secure and non-secure access
+to DRAM.
+
This function is also responsible for initializing the storage abstraction layer
which is used to load further bootloader images.
diff --git a/docs/user-guide.md b/docs/user-guide.md
index 39d09c1..1bb0fe9 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -532,9 +532,15 @@
Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware"
section above).
+NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on
+FVP versions 5.4 and newer. Setting this parameter to `0` is also supported.
+The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to
+provide some helpful information if a secure memory violation occurs.
+
<path-to>/FVP_Base_AEMv8A-AEMv8A \
-C pctl.startup=0.0.0.0 \
- -C bp.secure_memory=0 \
+ -C bp.secure_memory=1 \
+ -C bp.tzc_400.diagnostics=1 \
-C cluster0.NUM_CORES=4 \
-C cluster1.NUM_CORES=4 \
-C cache_state_modelled=1 \
@@ -560,9 +566,15 @@
Package at the start of NOR FLASH0 (see the "Building the Trusted Firmware"
section above).
+NOTE: Setting the `-C bp.secure_memory` parameter to `1` is only supported on
+FVP versions 5.4 and newer. Setting this parameter to `0` is also supported.
+The `-C bp.tzc_400.diagnostics=1` parameter is optional. It instructs the FVP to
+provide some helpful information if a secure memory violation occurs.
+
<path-to>/FVP_Base_Cortex-A57x4-A53x4 \
-C pctl.startup=0.0.0.0 \
- -C bp.secure_memory=0 \
+ -C bp.secure_memory=1 \
+ -C bp.tzc_400.diagnostics=1 \
-C cache_state_modelled=1 \
-C bp.pl011_uart0.untimed_fifos=1 \
-C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \