TrustZone: reenable memory protection (fix #1060)

2025-02-20 17:52:52 +00:00 · 2014-02-12 15:56:52 +01:00 · 2014-02-12 15:56:52 +01:00 · 3b69dc2a58
commit 3b69dc2a58
parent 14a636f9a7
3 changed files with 40 additions and 5 deletions
--- a/base-hw/include/platform/imx53/drivers/trustzone.h
+++ b/base-hw/include/platform/imx53/drivers/trustzone.h
@ -20,10 +20,16 @@
 namespace Trustzone
 {
 	enum {
-		VM_STATE_SIZE      = 1 << 20,
+		/**
+		 * Currently, we limit secure RAM to 256 MB only,
+		 * because the memory protection feature of the M4IF
+		 * on this platform allows to protect a max. region of
+		 * 256MB per RAM bank only.
+		 */
 		SECURE_RAM_BASE    = Genode::Board_base::RAM0_BASE,
-		SECURE_RAM_SIZE    = Genode::Board_base::RAM0_SIZE - VM_STATE_SIZE,
+		SECURE_RAM_SIZE    = 256 * 1024 * 1024,
 		VM_STATE_BASE      = SECURE_RAM_BASE + SECURE_RAM_SIZE,
+		VM_STATE_SIZE      = 1 << 20,
 		NONSECURE_RAM_BASE = Genode::Board_base::RAM1_BASE,
 		NONSECURE_RAM_SIZE = Genode::Board_base::RAM1_SIZE,
 	};
--- a/os/src/server/tz_vmm/imx53/m4if.h
+++ b/os/src/server/tz_vmm/imx53/m4if.h
@ -21,17 +21,32 @@ class M4if : Genode::Mmio
 {
 	private:

+		enum { SZ_256MB = 1024 * 1024 * 256 };
+
+		struct Protection_boundary_crossed {};
+
 		struct Wm_reg0_ddr0_start : public Register<0xec, 32>
 		{
 			struct Addr   : Bitfield<0,20> {};
 			struct Enable : Bitfield<31,1> {};
 		};

+		struct Wm_reg0_ddr1_start : public Register<0xf0, 32>
+		{
+			struct Addr   : Bitfield<0,20> {};
+			struct Enable : Bitfield<31,1> {};
+		};
+
 		struct Wm_reg0_ddr0_end : public Register<0x10c, 32>
 		{
 			struct Addr   : Bitfield<0,20> {};
 		};

+		struct Wm_reg0_ddr1_end : public Register<0x110, 32>
+		{
+			struct Addr   : Bitfield<0,20> {};
+		};
+
 		struct Wm_reg0_irq : public Register<0x114, 32>
 		{
 			struct Status_ddr0 : Bitfield<6,1>  {};
@ -40,12 +55,15 @@ class M4if : Genode::Mmio

 		struct Wm_reg0_addr : public Register<0x118, 32> {};

+
 	public:

 		M4if(Genode::addr_t const base) : Genode::Mmio(base) {}

-		void set_region(Genode::addr_t addr, Genode::size_t size)
+		void set_region0(Genode::addr_t addr, Genode::size_t size)
 		{
+			if (size > SZ_256MB) throw Protection_boundary_crossed();
+
 			write<Wm_reg0_ddr0_end::Addr>((addr+size-1) >> 12);
 			write<Wm_reg0_ddr0_start>(
 			    Wm_reg0_ddr0_start::Addr::bits(addr >> 12) |
@ -53,6 +71,17 @@ class M4if : Genode::Mmio
 			write<Wm_reg0_irq::Enable>(1);
 		}

+		void set_region1(Genode::addr_t addr, Genode::size_t size)
+		{
+			if (size > SZ_256MB) throw Protection_boundary_crossed();
+
+			write<Wm_reg0_ddr1_end::Addr>((addr+size-1) >> 12);
+			write<Wm_reg0_ddr1_start>(
+			    Wm_reg0_ddr1_start::Addr::bits(addr >> 12) |
+			    Wm_reg0_ddr1_start::Enable::bits(1));
+			write<Wm_reg0_irq::Enable>(1);
+		}
+
 		void ack_irq() { write<Wm_reg0_irq::Status_ddr0>(1); }

 		Genode::addr_t violation_addr() { return read<Wm_reg0_addr>(); }
--- a/os/src/server/tz_vmm/imx53/main.cc
+++ b/os/src/server/tz_vmm/imx53/main.cc
@ -124,8 +124,8 @@ class Vmm::Vmm : public Thread<8192>
 		  _m4if_io_mem(Board_base::M4IF_BASE, Board_base::M4IF_SIZE),
 		  _m4if((addr_t)env()->rm_session()->attach(_m4if_io_mem.dataspace()))
 		{
-			_m4if.set_region(Trustzone::SECURE_RAM_BASE,
-			                 Trustzone::SECURE_RAM_SIZE);
+			_m4if.set_region0(Trustzone::SECURE_RAM_BASE,
+			                  Trustzone::SECURE_RAM_SIZE);
 		}
 };