Secure Read and Write through TZC400

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Secure Read and Write through TZC400

862 次查看
Faizanbaig
Contributor IV

Hi,

I have enabled TZC400 registers and Region as shown below in the memory dump for LS1046ARDB.

Faizanbaig_2-1690977362897.png

 

I have configured the security attributes for DRAM Region 1, spanning from memory address 0x80000000 to 0xBFFFFFFF, with the intention of allowing secure read-only access. However, I have encountered an unexpected behavior: I am able to write data to the memory location 0x80000000, which should be restricted due to the read-only setting.

Could you please suggest me where and what should be done in this case so that I should be restricted access to secure write to this region?

Thanks,
Faizan

 

 

 

标签 (1)
标记 (4)
0 项奖励
回复
4 回复数

821 次查看
khushbur
NXP TechSupport
NXP TechSupport

Hi @Faizanbaig 

 

Can you please share a step/procedure you have followed to enable secure access?

 

Thanks

Khushbu

0 项奖励
回复

800 次查看
Faizanbaig
Contributor IV
Hello Khushbu,

I have Followed below steps:
i) Initialized base address of TZC400 as 0x01500000
ii) created a pointer to TZC_Regions structure(Above snapshot of memory dump has the details of this registers)
iii) Disabled Filters
iii) Region 0 is set to no access
iv) Configure other regions as per the TZC_Region structure(Above snapshot of memory dump has the details of this registers)
v) set action register
vi) Enabled Filters

Next I am calling this all functionality in main function
Later I am trying to write any random value and instead of restricting secure write access to region from 0x80000000 it is allowing me to write .
I dont know the issue , If you want me to send you the used Code , I can reply you in Service case you have created.

Thanks,
Faizan
0 项奖励
回复

793 次查看
khushbur
NXP TechSupport
NXP TechSupport

Hi @Faizanbaig 

 

Please refer atf/plat/nxp/soc-ls1046a/soc.c function soc_mem_access which sets up access permissions on memory regions. Also refer atf/drivers/nxp/tzc/plat_tzc400.c

 

Thanks

Khushbu

0 项奖励
回复

783 次查看
Faizanbaig
Contributor IV

Hello Khushbu,
Earlier I had used the same files , with soc_mem_access function I am getting improper region addresses getting set when get_dram_regions_info() function is called.
Doubt 1 ) What about populate_dram_regions_info function, should this be used when soc_mem_access is used? because I think this function populates the dram_regions_info structure which is later pointed by get_dram_regions_info() function

static void populate_dram_regions_info(void)
{
	long long dram_remain_size = dram_regions_info.total_dram_size;
	uint8_t reg_id = 0U;

	dram_regions_info.region[reg_id].addr = NXP_DRAM0_ADDR;
	dram_regions_info.region[reg_id].size =
			dram_remain_size > NXP_DRAM0_MAX_SIZE ?
				NXP_DRAM0_MAX_SIZE : dram_remain_size;

	if (dram_regions_info.region[reg_id].size != NXP_DRAM0_SIZE) {
		ERROR("Incorrect DRAM0 size is defined in platform_def.h\n");
	}

	dram_remain_size -= dram_regions_info.region[reg_id].size;
	dram_regions_info.region[reg_id].size -= (NXP_SECURE_DRAM_SIZE
						+ NXP_SP_SHRD_DRAM_SIZE);

	assert(dram_regions_info.region[reg_id].size > 0);

	/* Reducing total dram size by 66MB */
	dram_regions_info.total_dram_size -= (NXP_SECURE_DRAM_SIZE
						+ NXP_SP_SHRD_DRAM_SIZE);

	reg_id++;
	dram_regions_info.num_dram_regions = reg_id;
}



Doubt 2) Since in  Above populate_dram_regions_info  dram_remain_size was not getting properly calculated and at the end reg_id is getting equal to 1 , I dont know why this is happening.

So I am using file from /plat/arm/common/arm_tzc400.c

Below is the code
================CODE==================
void arm_tzc400_setup(uintptr_t tzc_base,
const arm_tzc_regions_info_t *tzc_regions)
{
#ifndef EL3_PAYLOAD_BASE
unsigned int region_index = 1U;
const arm_tzc_regions_info_t *p;
const arm_tzc_regions_info_t init_tzc_regions[] = {
ARM_TZC_REGIONS_DEF,
{0}
};
#endif

INFO("Configuring TrustZone Controller\n");

tzc400_init(tzc_base);

/* Disable filters. */
tzc400_disable_filters();

#ifndef EL3_PAYLOAD_BASE
if (tzc_regions == NULL)
p = init_tzc_regions;
else
p = tzc_regions;

/* Region 0 set to no access by default */
tzc400_configure_region0(TZC_REGION_S_NONE, 0);

/* Rest Regions set according to tzc_regions array */
for (; p->base != 0ULL; p++) {
tzc400_configure_region(PLAT_ARM_TZC_FILTERS, region_index,
p->base, p->end, p->sec_attr, p->nsaid_permissions);
region_index++;
}

INFO("Total %u regions set.\n", region_index);

#else /* if defined(EL3_PAYLOAD_BASE) */

/* Allow Secure and Non-secure access to DRAM for EL3 payloads */
tzc400_configure_region0(TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS);

#endif /* EL3_PAYLOAD_BASE */

/*
* Raise an exception if a NS device tries to access secure memory
* TODO: Add interrupt handling support.
*/
tzc400_set_action(TZC_ACTION_ERR);

/* Enable filters. */
tzc400_enable_filters();
}

void plat_arm_security_setup(void)
{
arm_tzc400_setup(PLAT_ARM_TZC_BASE, NULL);
}
Please clear my doubts on which files to be used.

Thanks

0 项奖励
回复