From 2b19e2f361ac9be69f0f19ed7a25b1a038d91fc3 Mon Sep 17 00:00:00 2001 From: Andre Przywara Date: Mon, 22 Jul 2019 00:04:40 +0100 Subject: [PATCH] rpi4: Reserve resident BL31 region from non-secure world The GPU firmware loads the armstub8.bin (BL31) image at address 0, the beginning of DRAM. As this holds the resident PSCI code and the SMP pens, the non-secure world should better know about this, to avoid accessing memory owned by TF-A. This is particularly criticial as the Raspberry Pi 4 does not feature a secure memory controller, so overwriting code is a very real danger. Use the newly introduced function to add a node into reserved-memory node, where non-secure world can check for regions to be excluded from its mappings. Reserve the first 512KB of memory for now. We can refine this later if need be. Change-Id: I00e55e70c5c02615320d79ff35bc32b805d30770 Signed-off-by: Andre Przywara --- plat/rpi/rpi4/rpi4_bl31_setup.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plat/rpi/rpi4/rpi4_bl31_setup.c b/plat/rpi/rpi4/rpi4_bl31_setup.c index e1b6c897..8dfadf73 100644 --- a/plat/rpi/rpi4/rpi4_bl31_setup.c +++ b/plat/rpi/rpi4/rpi4_bl31_setup.c @@ -245,6 +245,10 @@ static void rpi4_prepare_dtb(void) return; } + /* Reserve memory used by Trusted Firmware. */ + if (fdt_add_reserved_memory(dtb, "atf@0", 0, 0x80000)) + WARN("Failed to add reserved memory nodes to DT.\n"); + ret = fdt_pack(dtb); if (ret < 0) ERROR("Failed to pack Device Tree at %p: error %d\n", dtb, ret); -- 2.30.2