commit 6fd9eaf36ee26a2625238c7e153bbe7714369889
author Juan Castillo <juan.castillo@arm.com> Fri Dec 19 09:28:30 2014 +0000
committer Juan Castillo <juan.castillo@arm.com> Wed Jan 21 09:44:40 2015 +0000
tree e655681dd6e3f54eb904e37133f3108dee4a9103
parent 1c73ffbd4cf8f62de529ad381d83fb79b76042de

FVP: map non-secure DRAM1 in the MMU

This patch maps the non-secure region of DRAM1 in the MMU. The
non-secure region comprises the whole DRAM1 (0x80000000 -
0xffffffff) excluding the top 16 MB (0xff000000 - 0xffffffff).
The TrustZone controller configures this 16 MB region as secure
memory, so it can not be accessed in non-secure mode.

The number of MMU tables in BL2 has been increased to 3 because
the new size of the non-secure region in DRAM requires an extra L2
table.

Change-Id: I5ad080c6e181f6b6060e15cebb1d18b7fa128cf5

plat/fvp/fvp_security.c

diff --git a/plat/fvp/fvp_security.c b/plat/fvp/fvp_security.c
index 06ab575..62bde08 100644
--- a/plat/fvp/fvp_security.c
+++ b/plat/fvp/fvp_security.c
@@ -89,16 +89,17 @@
 	 * Allow only non-secure access to all DRAM to supported devices.
 	 * Give access to the CPUs and Virtio. Some devices
 	 * would normally use the default ID so allow that too. We use
-	 * two regions to cover the blocks of physical memory in the FVPs.
+	 * two regions to cover the blocks of physical memory in the FVPs
+	 * plus one region to reserve some memory as secure.
 	 *
 	 * Software executing in the secure state, such as a secure
 	 * boot-loader, can access the DRAM by using the NS attributes in
 	 * the MMU translation tables and descriptors.
 	 */
 
-	/* Set to cover the first block of DRAM */
+	/* Region 1 set to cover the Non-Secure DRAM */
 	tzc_configure_region(FILTER_SHIFT(0), 1,
-			DRAM1_BASE, DRAM1_END - DRAM1_SEC_SIZE,
+			DRAM1_NS_BASE, DRAM1_NS_END,
 			TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |
@@ -106,14 +107,14 @@
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_VIRTIO_OLD));
 
-	/* Set to cover the secure reserved region */
-	tzc_configure_region(FILTER_SHIFT(0), 3,
-			(DRAM1_END - DRAM1_SEC_SIZE) + 1 , DRAM1_END,
+	/* Region 2 set to cover the Secure DRAM */
+	tzc_configure_region(FILTER_SHIFT(0), 2,
+			DRAM1_SEC_BASE, DRAM1_SEC_END,
 			TZC_REGION_S_RDWR,
 			0x0);
 
-	/* Set to cover the second block of DRAM */
-	tzc_configure_region(FILTER_SHIFT(0), 2,
+	/* Region 3 set to cover the second block of DRAM */
+	tzc_configure_region(FILTER_SHIFT(0), 3,
 			DRAM2_BASE, DRAM2_END, TZC_REGION_S_NONE,
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_DEFAULT) |
 			TZC_REGION_ACCESS_RDWR(FVP_NSAID_PCI) |