| Message ID | 1466464039-51199-9-git-send-email-agraf@suse.de |
|---|---|
| State | Superseded |
| Delegated to: | Alexander Graf |
| Headers | show |
On 06/20/2016 04:07 PM, Alexander Graf wrote: > Some systems may implemente TrustZone (EL3) in U-Boot. Those systems > reserve some memory that U-Boot is aware of as secure. > > For those systems, mask out that secure memory in the EFI memory map, > as it's not usable from EL2 or EL1. > > Signed-off-by: Alexander Graf <agraf@suse.de> > --- > lib/efi_loader/efi_memory.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c > index df2381e..6e2eeeb 100644 > --- a/lib/efi_loader/efi_memory.c > +++ b/lib/efi_loader/efi_memory.c > @@ -398,5 +398,20 @@ int efi_memory_init(void) > efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr; > #endif > > +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE > + /* Declare secure ram as reserved */ > + if (gd->secure_ram & MEM_RESERVE_SECURE_SECURED) { This variable has been moved to gd->arch.secure_ram in recent commit. York
diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c index df2381e..6e2eeeb 100644 --- a/lib/efi_loader/efi_memory.c +++ b/lib/efi_loader/efi_memory.c @@ -398,5 +398,20 @@ int efi_memory_init(void) efi_bounce_buffer = (void*)(uintptr_t)efi_bounce_buffer_addr; #endif +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE + /* Declare secure ram as reserved */ + if (gd->secure_ram & MEM_RESERVE_SECURE_SECURED) { + uint64_t secure_start = gd->secure_ram; + uint64_t secure_pages = CONFIG_SYS_MEM_RESERVE_SECURE; + + secure_start &= MEM_RESERVE_SECURE_ADDR_MASK; + secure_start &= ~EFI_PAGE_MASK; + secure_pages = (secure_pages + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT; + + efi_add_memory_map(secure_start, secure_pages, + EFI_RESERVED_MEMORY_TYPE, false); + } +#endif + return 0; }
Some systems may implemente TrustZone (EL3) in U-Boot. Those systems reserve some memory that U-Boot is aware of as secure. For those systems, mask out that secure memory in the EFI memory map, as it's not usable from EL2 or EL1. Signed-off-by: Alexander Graf <agraf@suse.de> --- lib/efi_loader/efi_memory.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)