[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-arm] [PATCH 1/4] hw/arm/virt: Provide a secure-only RAM if booting
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-arm] [PATCH 1/4] hw/arm/virt: Provide a secure-only RAM if booting in Secure mode |
|
Date: |
Fri, 12 Feb 2016 14:45:58 +0000 |
If we're booting in Secure mode, provide a secure-only RAM
(just 16MB) so that secure firmware has somewhere to run
from that won't be accessible to the Non-secure guest.
Signed-off-by: Peter Maydell <address@hidden>
---
hw/arm/virt.c | 26 ++++++++++++++++++++++++++
include/hw/arm/virt.h | 1 +
2 files changed, 27 insertions(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 44bbbea..5bdfe0f 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -127,6 +127,7 @@ static const MemMapEntry a15memmap[] = {
[VIRT_MMIO] = { 0x0a000000, 0x00000200 },
/* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
[VIRT_PLATFORM_BUS] = { 0x0c000000, 0x02000000 },
+ [VIRT_SECURE_MEM] = { 0x0e000000, 0x01000000 },
[VIRT_PCIE_MMIO] = { 0x10000000, 0x2eff0000 },
[VIRT_PCIE_PIO] = { 0x3eff0000, 0x00010000 },
[VIRT_PCIE_ECAM] = { 0x3f000000, 0x01000000 },
@@ -960,6 +961,30 @@ static void create_platform_bus(VirtBoardInfo *vbi,
qemu_irq *pic)
sysbus_mmio_get_region(s, 0));
}
+static void create_secure_ram(VirtBoardInfo *vbi, MemoryRegion *secure_sysmem)
+{
+ MemoryRegion *secram = g_new(MemoryRegion, 1);
+ char *nodename;
+ hwaddr base = vbi->memmap[VIRT_SECURE_MEM].base;
+ hwaddr size = vbi->memmap[VIRT_SECURE_MEM].size;
+
+ memory_region_init_ram(secram, NULL, "virt.secure-ram",
+ size, &error_fatal);
+ vmstate_register_ram_global(secram);
+ memory_region_add_subregion(secure_sysmem, base, secram);
+
+ nodename = g_strdup_printf("/address@hidden" PRIx64, base);
+ qemu_fdt_add_subnode(vbi->fdt, nodename);
+ qemu_fdt_setprop_string(vbi->fdt, nodename, "device_type",
+ "memory");
+ qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
+ 2, base, 2, size);
+ qemu_fdt_setprop_string(vbi->fdt, nodename, "status", "disabled");
+ qemu_fdt_setprop_string(vbi->fdt, nodename, "secure-status", "okay");
+
+ g_free(nodename);
+}
+
static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
{
const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;
@@ -1152,6 +1177,7 @@ static void machvirt_init(MachineState *machine)
create_uart(vbi, pic, VIRT_UART, sysmem);
if (vms->secure) {
+ create_secure_ram(vbi, secure_sysmem);
create_uart(vbi, pic, VIRT_SECURE_UART, secure_sysmem);
}
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 1ce7847..ecd8589 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -61,6 +61,7 @@ enum {
VIRT_PCIE_MMIO_HIGH,
VIRT_GPIO,
VIRT_SECURE_UART,
+ VIRT_SECURE_MEM,
};
typedef struct MemMapEntry {
--
1.9.1
- [Qemu-arm] [PATCH 0/4] virt: provide secure-only RAM and first flash, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 2/4] loader: Add load_image_mr() to load ROM image to a MemoryRegion, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 1/4] hw/arm/virt: Provide a secure-only RAM if booting in Secure mode,
Peter Maydell <=
- [Qemu-arm] [PATCH 4/4] hw/arm/virt: Make first flash device Secure-only if booting secure, Peter Maydell, 2016/02/12
- [Qemu-arm] [PATCH 3/4] hw/arm/virt: Load bios image to MemoryRegion, not physaddr, Peter Maydell, 2016/02/12
- Re: [Qemu-arm] [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Mark Cave-Ayland, 2016/02/12
- Re: [Qemu-arm] [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Peter Maydell, 2016/02/25