From: Jan Kiszka <jan.kiszka@siemens.com>
To: isar-users <isar-users@googlegroups.com>
Subject: [PATCH v4 10/11] meta-isar: u-boot-stm32mp15x: Add patches needed for OP-TEE usage
Date: Mon, 23 Nov 2020 08:53:58 +0100 [thread overview]
Message-ID: <b0ba65739396ce5653cd1fe4f83b9ebe03c3b858.1606118039.git.jan.kiszka@siemens.com> (raw)
In-Reply-To: <cover.1606118039.git.jan.kiszka@siemens.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
These two patches didn't make it into 2020.10 but are needed in order
to boot Linux when OP-TEE is present. See also
https://www.mail-archive.com/u-boot@lists.denx.de/msg386193.html
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
...y-add-property-no-map-to-created-res.patch | 151 ++++++++++++++++++
...rty-no-map-to-secure-reserved-memory.patch | 33 ++++
.../u-boot/u-boot-stm32mp15x_2020.10.bb | 4 +
3 files changed, 188 insertions(+)
create mode 100644 meta-isar/recipes-bsp/u-boot/files/0001-fdtdec-optionally-add-property-no-map-to-created-res.patch
create mode 100644 meta-isar/recipes-bsp/u-boot/files/0002-optee-add-property-no-map-to-secure-reserved-memory.patch
diff --git a/meta-isar/recipes-bsp/u-boot/files/0001-fdtdec-optionally-add-property-no-map-to-created-res.patch b/meta-isar/recipes-bsp/u-boot/files/0001-fdtdec-optionally-add-property-no-map-to-created-res.patch
new file mode 100644
index 00000000..8a32fc11
--- /dev/null
+++ b/meta-isar/recipes-bsp/u-boot/files/0001-fdtdec-optionally-add-property-no-map-to-created-res.patch
@@ -0,0 +1,151 @@
+From ccaa5747bdeae4261199dd7e80771e4de1c550ca Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@st.com>
+Date: Thu, 10 Sep 2020 10:49:59 +0200
+Subject: [PATCH] fdtdec: optionally add property no-map to created reserved
+ memory node
+
+Add boolean input argument @no_map to helper function
+fdtdec_add_reserved_memory() to add or not "no-map" property
+for an added reserved memory node.
+
+Property no-map is used by the Linux kernel to not not map memory
+in its static memory mapping. It is needed for example for the|
+consistency of system non-cached memory and to prevent speculative
+accesses to some firewalled memory.
+
+No functional change. A later change will update to OPTEE library to
+add no-map property to OP-TEE reserved memory nodes.
+
+Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
+Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+---
+ arch/riscv/lib/fdt_fixup.c | 2 +-
+ include/fdtdec.h | 5 +++--
+ lib/fdtdec.c | 10 ++++++++--
+ lib/optee/optee.c | 2 +-
+ test/dm/fdtdec.c | 6 +++---
+ 5 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/arch/riscv/lib/fdt_fixup.c b/arch/riscv/lib/fdt_fixup.c
+index 5b2420243f..d02062fd5b 100644
+--- a/arch/riscv/lib/fdt_fixup.c
++++ b/arch/riscv/lib/fdt_fixup.c
+@@ -75,7 +75,7 @@ int riscv_fdt_copy_resv_mem_node(const void *src, void *dst)
+ pmp_mem.start = addr;
+ pmp_mem.end = addr + size - 1;
+ err = fdtdec_add_reserved_memory(dst, basename, &pmp_mem,
+- &phandle);
++ &phandle, false);
+ if (err < 0 && err != -FDT_ERR_EXISTS) {
+ log_err("failed to add reserved memory: %d\n", err);
+ return err;
+diff --git a/include/fdtdec.h b/include/fdtdec.h
+index 152eb07b9e..62d1660973 100644
+--- a/include/fdtdec.h
++++ b/include/fdtdec.h
+@@ -1029,7 +1029,7 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
+ * };
+ * uint32_t phandle;
+ *
+- * fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle);
++ * fdtdec_add_reserved_memory(fdt, "framebuffer", &fb, &phandle, false);
+ *
+ * This results in the following subnode being added to the top-level
+ * /reserved-memory node:
+@@ -1056,11 +1056,12 @@ static inline int fdtdec_set_phandle(void *blob, int node, uint32_t phandle)
+ * @param carveout information about the carveout region
+ * @param phandlep return location for the phandle of the carveout region
+ * can be NULL if no phandle should be added
++ * @param no_map add "no-map" property if true
+ * @return 0 on success or a negative error code on failure
+ */
+ int fdtdec_add_reserved_memory(void *blob, const char *basename,
+ const struct fdt_memory *carveout,
+- uint32_t *phandlep);
++ uint32_t *phandlep, bool no_map);
+
+ /**
+ * fdtdec_get_carveout() - reads a carveout from an FDT
+diff --git a/lib/fdtdec.c b/lib/fdtdec.c
+index 56bf9fcc79..b8fc5e2bff 100644
+--- a/lib/fdtdec.c
++++ b/lib/fdtdec.c
+@@ -1316,7 +1316,7 @@ static int fdtdec_init_reserved_memory(void *blob)
+
+ int fdtdec_add_reserved_memory(void *blob, const char *basename,
+ const struct fdt_memory *carveout,
+- uint32_t *phandlep)
++ uint32_t *phandlep, bool no_map)
+ {
+ fdt32_t cells[4] = {}, *ptr = cells;
+ uint32_t upper, lower, phandle;
+@@ -1416,6 +1416,12 @@ int fdtdec_add_reserved_memory(void *blob, const char *basename,
+ if (err < 0)
+ return err;
+
++ if (no_map) {
++ err = fdt_setprop(blob, node, "no-map", NULL, 0);
++ if (err < 0)
++ return err;
++ }
++
+ /* return the phandle for the new node for the caller to use */
+ if (phandlep)
+ *phandlep = phandle;
+@@ -1481,7 +1487,7 @@ int fdtdec_set_carveout(void *blob, const char *node, const char *prop_name,
+ fdt32_t value;
+ void *prop;
+
+- err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle);
++ err = fdtdec_add_reserved_memory(blob, name, carveout, &phandle, false);
+ if (err < 0) {
+ debug("failed to add reserved memory: %d\n", err);
+ return err;
+diff --git a/lib/optee/optee.c b/lib/optee/optee.c
+index 457d4cca8a..963c2ff430 100644
+--- a/lib/optee/optee.c
++++ b/lib/optee/optee.c
+@@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
+ ret = fdtdec_add_reserved_memory(new_blob,
+ nodename,
+ &carveout,
+- NULL);
++ NULL, false);
+ free(oldname);
+
+ if (ret < 0)
+diff --git a/test/dm/fdtdec.c b/test/dm/fdtdec.c
+index 716993f706..4119003041 100644
+--- a/test/dm/fdtdec.c
++++ b/test/dm/fdtdec.c
+@@ -80,7 +80,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
+ resv.start = 0x1000;
+ resv.end = 0x1fff;
+ ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region",
+- &resv, &phandle));
++ &resv, &phandle, false));
+
+ /* Test /reserve-memory and its subnode should exist */
+ parent = fdt_path_offset(blob, "/reserved-memory");
+@@ -101,7 +101,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
+ resv.start = 0x2000;
+ resv.end = 0x2fff;
+ ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region1",
+- &resv, &phandle1));
++ &resv, &phandle1, false));
+ subnode = fdt_path_offset(blob, "/reserved-memory/rsvd_region1");
+ ut_assert(subnode > 0);
+
+@@ -115,7 +115,7 @@ static int dm_test_fdtdec_add_reserved_memory(struct unit_test_state *uts)
+ resv.start = 0x1000;
+ resv.end = 0x1fff;
+ ut_assertok(fdtdec_add_reserved_memory(blob, "rsvd_region2",
+- &resv, &phandle1));
++ &resv, &phandle1, false));
+ subnode = fdt_path_offset(blob, "/reserved-memory/rsvd_region2");
+ ut_assert(subnode < 0);
+
+--
+2.26.2
+
diff --git a/meta-isar/recipes-bsp/u-boot/files/0002-optee-add-property-no-map-to-secure-reserved-memory.patch b/meta-isar/recipes-bsp/u-boot/files/0002-optee-add-property-no-map-to-secure-reserved-memory.patch
new file mode 100644
index 00000000..6a39968b
--- /dev/null
+++ b/meta-isar/recipes-bsp/u-boot/files/0002-optee-add-property-no-map-to-secure-reserved-memory.patch
@@ -0,0 +1,33 @@
+From 3e15c315f97401f394ae83ed17fbef72b765222a Mon Sep 17 00:00:00 2001
+From: Etienne Carriere <etienne.carriere@st.com>
+Date: Thu, 10 Sep 2020 10:50:01 +0200
+Subject: [PATCH] optee: add property no-map to secure reserved memory
+
+OP-TEE reserved memory node must set property "no-map" to prevent
+Linux kernel from mapping secure memory unless what non-secure world
+speculative accesses of the CPU can violate the memory firmware
+configuration.
+
+Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree")
+Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
+Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
+---
+ lib/optee/optee.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/optee/optee.c b/lib/optee/optee.c
+index 963c2ff430..9e6606568f 100644
+--- a/lib/optee/optee.c
++++ b/lib/optee/optee.c
+@@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
+ ret = fdtdec_add_reserved_memory(new_blob,
+ nodename,
+ &carveout,
+- NULL, false);
++ NULL, true);
+ free(oldname);
+
+ if (ret < 0)
+--
+2.26.2
+
diff --git a/meta-isar/recipes-bsp/u-boot/u-boot-stm32mp15x_2020.10.bb b/meta-isar/recipes-bsp/u-boot/u-boot-stm32mp15x_2020.10.bb
index 6d956434..39fceb2f 100644
--- a/meta-isar/recipes-bsp/u-boot/u-boot-stm32mp15x_2020.10.bb
+++ b/meta-isar/recipes-bsp/u-boot/u-boot-stm32mp15x_2020.10.bb
@@ -4,3 +4,7 @@
# SPDX-License-Identifier: MIT
require u-boot-${PV}.inc
+
+SRC_URI += " \
+ file://0001-fdtdec-optionally-add-property-no-map-to-created-res.patch \
+ file://0002-optee-add-property-no-map-to-secure-reserved-memory.patch"
--
2.26.2
next prev parent reply other threads:[~2020-11-23 7:54 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-23 7:53 [PATCH v4 00/11] Support for building TF-A and OP-TEE, add STM32MP15x board Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 01/11] meta-isar: Lift de0-nano-soc build to buster Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 02/11] meta-isar: linux-mainline: Update to latest 5.4.70 Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 03/11] meta-isar: u-boot: Update to 2020.10 Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 04/11] meta-isar: u-boot: Factor our de0-nano-soc recipe Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 05/11] meta-isar: example-raw: Purge securetty from target image Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 06/11] Add STM32MP15x eval board Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 07/11] Add recipe include for building custom Trusted Firmware A Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 08/11] stm32mp15x: Switch to TF-A based boot Jan Kiszka
2020-11-23 7:53 ` [PATCH v4 09/11] Add recipe include for building custom OP-TEE Jan Kiszka
2020-11-23 7:53 ` Jan Kiszka [this message]
2020-11-23 7:53 ` [PATCH v4 11/11] meta-isar: Add OP-TEE to STM32MP15x board Jan Kiszka
2020-11-24 16:52 ` [PATCH v4 00/11] Support for building TF-A and OP-TEE, add " Baurzhan Ismagulov
2020-11-25 5:47 ` Jan Kiszka
2020-11-25 18:58 ` Baurzhan Ismagulov
2020-11-25 20:30 ` Jan Kiszka
2020-11-26 15:54 ` Anton Mikanovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b0ba65739396ce5653cd1fe4f83b9ebe03c3b858.1606118039.git.jan.kiszka@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox