FVP: map non-secure DRAM1 in the MMU This patch maps the non-secure region of DRAM1 in the MMU. The non-secure region comprises the whole DRAM1 (0x80000000 - 0xffffffff) excluding the top 16 MB (0xff000000 - 0xffffffff). The TrustZone controller configures this 16 MB region as secure memory, so it can not be accessed in non-secure mode. The number of MMU tables in BL2 has been increased to 3 because the new size of the non-secure region in DRAM requires an extra L2 table. Change-Id: I5ad080c6e181f6b6060e15cebb1d18b7fa128cf5

commit: f3e02183340f5085705c1ed490a3a8f94f4e93e0 [log] [tgz]
author: Juan Castillo <juan.castillo@arm.com> Fri Dec 19 09:28:30 2014 +0000
committer: Juan Castillo <juan.castillo@arm.com> Wed Jan 21 09:44:40 2015 +0000
tree: e655681dd6e3f54eb904e37133f3108dee4a9103
parent: 797e5d738e6d55b4b1f3355ba288feb601470cfb [diff]
diff --git a/plat/fvp/aarch64/fvp_common.c b/plat/fvp/aarch64/fvp_common.c
index 987f48f..86b0596 100644
--- a/plat/fvp/aarch64/fvp_common.c
+++ b/plat/fvp/aarch64/fvp_common.c

@@ -66,8 +66,8 @@
 					DEVICE1_SIZE,			\
 					MT_DEVICE | MT_RW | MT_SECURE)
 
-#define MAP_DRAM1	MAP_REGION_FLAT(DRAM1_BASE,			\
-					DRAM1_SIZE,			\
+#define MAP_DRAM1_NS	MAP_REGION_FLAT(DRAM1_NS_BASE,			\
+					DRAM1_NS_SIZE,			\
 					MT_MEMORY | MT_RW | MT_NS)
 
 #define MAP_TSP_SEC_MEM	MAP_REGION_FLAT(TSP_SEC_MEM_BASE,		\
@@ -94,7 +94,7 @@
 	MAP_FLASH0,
 	MAP_DEVICE0,
 	MAP_DEVICE1,
-	MAP_DRAM1,
+	MAP_DRAM1_NS,
 	MAP_TSP_SEC_MEM,
 	{0}
 };

diff --git a/plat/fvp/bl2_fvp_setup.c b/plat/fvp/bl2_fvp_setup.c
index 67f89bc..5eecff1 100644
--- a/plat/fvp/bl2_fvp_setup.c
+++ b/plat/fvp/bl2_fvp_setup.c

@@ -278,8 +278,8 @@
  ******************************************************************************/
 void bl2_plat_get_bl33_meminfo(meminfo_t *bl33_meminfo)
 {
-	bl33_meminfo->total_base = DRAM_BASE;
-	bl33_meminfo->total_size = DRAM_SIZE - DRAM1_SEC_SIZE;
-	bl33_meminfo->free_base = DRAM_BASE;
-	bl33_meminfo->free_size = DRAM_SIZE - DRAM1_SEC_SIZE;
+	bl33_meminfo->total_base = DRAM1_NS_BASE;
+	bl33_meminfo->total_size = DRAM1_NS_SIZE;
+	bl33_meminfo->free_base = DRAM1_NS_BASE;
+	bl33_meminfo->free_size = DRAM1_NS_SIZE;
 }

diff --git a/plat/fvp/fvp_def.h b/plat/fvp/fvp_def.h
index 06f2a64..be1dca0 100644
--- a/plat/fvp/fvp_def.h
+++ b/plat/fvp/fvp_def.h

@@ -82,7 +82,15 @@
 #define DRAM1_BASE		0x80000000ull
 #define DRAM1_SIZE		0x80000000ull
 #define DRAM1_END		(DRAM1_BASE + DRAM1_SIZE - 1)
+
+/* Define the top 16 MB of DRAM1 as secure */
 #define DRAM1_SEC_SIZE		0x01000000ull
+#define DRAM1_SEC_BASE		(DRAM1_BASE + DRAM1_SIZE - DRAM1_SEC_SIZE)
+#define DRAM1_SEC_END		(DRAM1_SEC_BASE + DRAM1_SEC_SIZE - 1)
+
+#define DRAM1_NS_BASE		DRAM1_BASE
+#define DRAM1_NS_SIZE		(DRAM1_SIZE - DRAM1_SEC_SIZE)
+#define DRAM1_NS_END		(DRAM1_NS_BASE + DRAM1_NS_SIZE - 1)
 
 #define DRAM_BASE		DRAM1_BASE
 #define DRAM_SIZE		DRAM1_SIZE

diff --git a/plat/fvp/fvp_security.c b/plat/fvp/fvp_security.c
index 06ab575..62bde08 100644
--- a/plat/fvp/fvp_security.c
+++ b/plat/fvp/fvp_security.c

@@ -89,16 +89,17 @@
 	 * Allow only non-secure access to all DRAM to supported devices.
 	 * Give access to the CPUs and Virtio. Some devices
 	 * would normally use the default ID so allow that too. We use
-	 * two regions to cover the blocks of physical memory in the FVPs.
+	 * two regions to cover the blocks of physical memory in the FVPs
+	 * plus one region to reserve some memory as secure.
 	 *
 	 * Software executing in the secure state, such as a secure
 	 * boot-loader, can access the DRAM by using the NS attributes in
 	 * the MMU translation tables and descriptors.
 	 */
 
-	/* Set to cover the first block of DRAM */
+	/* Region 1 set to cover the Non-Secure DRAM */
 	tzc_configure_region(FILTER_SHIFT(0), 1,
-			DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
+			DRAM1_NS_BASE, DRAM1_NS_END,
 			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
@@ -106,14 +107,14 @@
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
 
-	/* Set to cover the secure reserved region */
-	tzc_configure_region(FILTER_SHIFT(0), 3,
-			(DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
+	/* Region 2 set to cover the Secure DRAM */
+	tzc_configure_region(FILTER_SHIFT(0), 2,
+			DRAM1_SEC_BASE, DRAM1_SEC_END,
 			TZC_REGION_S_RDWR,
 			0x0);
 
-	/* Set to cover the second block of DRAM */
-	tzc_configure_region(FILTER_SHIFT(0), 2,
+	/* Region 3 set to cover the second block of DRAM */
+	tzc_configure_region(FILTER_SHIFT(0), 3,
 			DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |

diff --git a/plat/fvp/include/platform_def.h b/plat/fvp/include/platform_def.h
index 5364a3d..1455584 100644
--- a/plat/fvp/include/platform_def.h
+++ b/plat/fvp/include/platform_def.h

@@ -154,7 +154,11 @@
  * Platform specific page table and MMU setup constants
  ******************************************************************************/
 #define ADDR_SPACE_SIZE			(1ull << 32)
-#define MAX_XLAT_TABLES			2
+#if IMAGE_BL2
+# define MAX_XLAT_TABLES		3
+#else
+# define MAX_XLAT_TABLES		2
+#endif
 #define MAX_MMAP_REGIONS		16
 
 /*******************************************************************************
commit	f3e02183340f5085705c1ed490a3a8f94f4e93e0	[log] [tgz]
author	Juan Castillo <juan.castillo@arm.com>	Fri Dec 19 09:28:30 2014 +0000
committer	Juan Castillo <juan.castillo@arm.com>	Wed Jan 21 09:44:40 2015 +0000
tree	e655681dd6e3f54eb904e37133f3108dee4a9103
parent	797e5d738e6d55b4b1f3355ba288feb601470cfb [diff]